urlscan.io logo urlscan.io
SecurityTrails logo

d33wubrfki0l68.cloudfront.net Open in urlscan Pro
143.204.214.63  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://d33wubrfki0l68.cloudfront.net/2564d605-7353-434e-9ac0-cdc0f4854bd4/office.html
Submission: On March 31 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 1 countries across 5 domains to perform 7 HTTP transactions. The main IP is 143.204.214.63, located in United States and belongs to AMAZON-02, US. The main domain is d33wubrfki0l68.cloudfront.net.
TLS certificate: Issued by Amazon on February 1st 2022. Valid for: a year.
This is the only time d33wubrfki0l68.cloudfront.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 143.204.214.63 16509 (AMAZON-02)
1 2606:4700:310... 13335 (CLOUDFLAR...)
3 45.63.85.138 20473 (AS-CHOOPA)
1 2 2606:4700:20:... 13335 (CLOUDFLAR...)
7 5
1    143.204.214.63 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-214-63.fra53.r.cloudfront.net
d33wubrfki0l68.cloudfront.net
1    2606:4700:310c::ac42:2cf2 (United States)

ASN13335 (CLOUDFLARENET, US)
offfice-olosomaoutl-docu.pages.dev
3    45.63.85.138 (San Jose, United States)

ASN20473 (AS-CHOOPA, US)
PTR: 45.63.85.138.vultrusercontent.com
files.killbot.org
killbot.org
2    2606:4700:20::681a:41e (United States)

ASN13335 (CLOUDFLARENET, US)
picsum.photos
i.picsum.photos
Apex Domain
Subdomains		 Transfer
3 killbot.org
files.killbot.org
killbot.org
5 KB
2 picsum.photos
picsum.photos — Cisco Umbrella Rank: 63604
i.picsum.photos — Cisco Umbrella Rank: 77742
9 KB
1 pages.dev
offfice-olosomaoutl-docu.pages.dev
7 KB
1 cloudfront.net
d33wubrfki0l68.cloudfront.net
1 KB
0 126.net Failed
cstaticdun.126.net Failed
7 5
Domain Requested by
2 killbot.org files.killbot.org
1 i.picsum.photos offfice-olosomaoutl-docu.pages.dev
1 picsum.photos 1 redirects
1 files.killbot.org offfice-olosomaoutl-docu.pages.dev
1 offfice-olosomaoutl-docu.pages.dev d33wubrfki0l68.cloudfront.net
1 d33wubrfki0l68.cloudfront.net
0 cstaticdun.126.net Failed offfice-olosomaoutl-docu.pages.dev
7 7

This site contains no links.

Subject Issuer Validity Valid
*.cloudfront.net
Amazon		 2022-02-01 -
2023-01-31		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-03-30 -
2023-03-29		 a year crt.sh
files.killbot.org
R3		 2022-02-03 -
2022-05-04		 3 months crt.sh
killbot.org
R3		 2022-02-22 -
2022-05-23		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://d33wubrfki0l68.cloudfront.net/2564d605-7353-434e-9ac0-cdc0f4854bd4/office.html
Frame ID: F11C45B16553418E10A86840B3EA2C74
Requests: 1 HTTP requests in this frame

Frame: https://offfice-olosomaoutl-docu.pages.dev/
Frame ID: 70CFFF3AA83108C6F58EAAF716CF7831
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Office

Page Statistics

7
Requests

71 %
HTTPS

50 %
IPv6

5
Domains

7
Subdomains

5
IPs

1
Countries

22 kB
Transfer

48 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3
  • https://picsum.photos/300/150/?image=362 HTTP 302
  • https://i.picsum.photos/id/362/300/150.jpg?hmac=hLFjvW_d2V0AyWSSt59ICTMyFSyihQ0vB-BqDxYeLoo

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request office.html
d33wubrfki0l68.cloudfront.net/2564d605-7353-434e-9ac0-cdc0f4854bd4/ 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://d33wubrfki0l68.cloudfront.net/2564d605-7353-434e-9ac0-cdc0f4854bd4/office.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.214.63 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-214-63.fra53.r.cloudfront.net
Software
Netlify /
Resource Hash
b7e1a74deb0b15f4776c9c13b755f92d65c6106182e894f06892d304c9dc695c

Request headers

Accept-Language
de-DE,de;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
333724
cache-control
public, max-age=31556926
content-encoding
gzip
content-length
600
content-type
text/html; charset=utf-8
date
Sun, 27 Mar 2022 21:12:28 GMT
etag
2b9f5741ec74180109ac1a736d4a0a30db99d7a9-df
server
Netlify
vary
Accept-Encoding
via
1.1 c5c25772c7f14e267596e0f8ce51d9bc.cloudfront.net (CloudFront)
x-amz-cf-id
xqXrHiq3Egihu-VrMkObHcth7DVPHgDmFGA-Ds6t6JKd35CSYPPGQw==
x-amz-cf-pop
FRA53-C1
x-cache
Hit from cloudfront
x-nf-request-id
01FZ6KJ8PED7DKQT4DM60N4XHG
/
offfice-olosomaoutl-docu.pages.dev/ Frame 70CF 		33 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://offfice-olosomaoutl-docu.pages.dev/
Requested by
Host: d33wubrfki0l68.cloudfront.net
URL: https://d33wubrfki0l68.cloudfront.net/2564d605-7353-434e-9ac0-cdc0f4854bd4/office.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:310c::ac42:2cf2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3f1352052a445ec811377212061f518dcb4e3193afd92f0efa9dbd0e9089dcc3
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://d33wubrfki0l68.cloudfront.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
public, max-age=0, must-revalidate
cf-ray
6f4af3693c2d0200-ZRH
content-encoding
br
content-type
text/html; charset=utf-8
date
Thu, 31 Mar 2022 17:54:32 GMT
etag
W/"28c5af68fe289e2604a97a35862ef91c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iuTlY8Uz1MaBl8aCujaFZmoAHIU8YJfyW9gREa%2B2bHmgLSmIl5arXAoFhoKoypCmqBSjJduinW64McvKZsKbtZAX%2Fp0DBfjIfBixNXmXfI6U58vbnnB9dc8hDmVFyqXQ47DyxwVDIeBYaAt7isphq%2F06y4q12H%2FNGuRWJUvpjLuy"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-content-type-options
nosniff
killbot-security.js
files.killbot.org/.cdn-cgi/ Frame 70CF 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://files.killbot.org/.cdn-cgi/killbot-security.js
Requested by
Host: offfice-olosomaoutl-docu.pages.dev
URL: https://offfice-olosomaoutl-docu.pages.dev/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
45.63.85.138 San Jose, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
45.63.85.138.vultrusercontent.com
Software
nginx / Killbot, Inc.
Resource Hash
13f7de72970d9a3b94fcc44a294dc8159489be5195d477a95fa85a026b38242c
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://offfice-olosomaoutl-docu.pages.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date
Thu, 31 Mar 2022 17:54:33 GMT
X-Content-Type-Options
nosniff
X-Powered-By
Killbot, Inc.
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
2400
X-XSS-Protection
1; mode=block
Last-Modified
Sat, 07 Aug 2021 14:01:31 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
ETag
"610e923b-960"
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Content-Security-Policy
default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'
Accept-Ranges
bytes
Expires
Thu, 31 Dec 2037 23:55:55 GMT
whois
killbot.org/api/v2/ Frame 70CF 		263 B
1019 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://killbot.org/api/v2/whois?apikey=0vwkNnsjimCzB1x4bZQVoTDbhDgNZYzTl2y-OoaX3QRuG
Requested by
Host: files.killbot.org
URL: https://files.killbot.org/.cdn-cgi/killbot-security.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
45.63.85.138 San Jose, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
45.63.85.138.vultrusercontent.com
Software
nginx /
Resource Hash
852403c5bb36fbb923dee6431bacf9fc966bc22147f59351b6baa8d91f29cd99

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://offfice-olosomaoutl-docu.pages.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 31 Mar 2022 17:54:34 GMT
Server
nginx
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
POST, GET
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Transfer-Encoding
chunked
Bug-Bounty
Report to live chat :)
Expires
Thu, 19 Nov 1981 08:52:00 GMT
150.jpg
i.picsum.photos/id/362/300/ Frame 70CF
Redirect Chain
  • https://picsum.photos/300/150/?image=362
  • https://i.picsum.photos/id/362/300/150.jpg?hmac=hLFjvW_d2V0AyWSSt59ICTMyFSyihQ0vB-BqDxYeLoo
8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.picsum.photos/id/362/300/150.jpg?hmac=hLFjvW_d2V0AyWSSt59ICTMyFSyihQ0vB-BqDxYeLoo
Requested by
Host: offfice-olosomaoutl-docu.pages.dev
URL: https://offfice-olosomaoutl-docu.pages.dev/
Protocol
H2
Server
2606:4700:20::681a:41e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b3ed8173d8d25019e1d1279b8f67c72ea0209af400291f754282c3453927d078
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://offfice-olosomaoutl-docu.pages.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Thu, 31 Mar 2022 17:54:33 GMT
via
1.1 varnish (Varnish/6.2)
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6f4af370790b3758-MXP
content-disposition
inline; filename="362-300x150.jpg"
strict-transport-security
max-age=15552000
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
8572
last-modified
Fri, 11 Mar 2022 09:05:35 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7nHPDzvin8CMxivQfkSJAFyZfVtOIDJcRWN%2BBjuy4XHYAITlZNEzqiuCim%2Bj8ee5q6rqXYWR7v92LL8gXNBYdW69o8mM6PF03tX2llJ5PsBPPWJGfD5e6Sy7n3IY6qEPv8ki0pUAa%2FdWKgN%2Bsg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-varnish
146801796 87916585
access-control-allow-origin
*
cf-bgj
h2pri
access-control-expose-headers
Picsum-ID
cache-control
public, max-age=2592000
accept-ranges
bytes
content-type
image/jpeg
picsum-id
362

Redirect headers

date
Thu, 31 Mar 2022 17:54:33 GMT
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
location
https://i.picsum.photos/id/362/300/150.jpg?hmac=hLFjvW_d2V0AyWSSt59ICTMyFSyihQ0vB-BqDxYeLoo
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MIyIgFuzyNTE24n2yjsPZY6uTfyqhFpxRhVUGF216EKZywvN5O%2FBsuREgpfep76drFt1UCDcuRJgYrqH2dExwYFHvGsnoVsq9qVJUfyT1KjzmprbIQMg5UCvybpCeo4%2Fro13gChNqWcT92I%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cf-ray
6f4af370082a3758-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
truncated
/ Frame 70CF 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type
image/svg+xml
icon_light.f13cff3.png
cstaticdun.126.net//2.6.3/images/ Frame 70CF 		0
0
blocker
killbot.org/api/v2/ Frame 70CF 		146 B
911 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://killbot.org/api/v2/blocker?apikey=0vwkNnsjimCzB1x4bZQVoTDbhDgNZYzTl2y-OoaX3QRuG&ip=193.27.14.10&ua=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/100.0.4896.60%20Safari/537.36&url=
Requested by
Host: files.killbot.org
URL: https://files.killbot.org/.cdn-cgi/killbot-security.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
45.63.85.138 San Jose, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
45.63.85.138.vultrusercontent.com
Software
nginx /
Resource Hash
9999f5dbf899307d8d9a37abda49b26efcfc6a7dd56cb09d2c172aa4093955f1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://offfice-olosomaoutl-docu.pages.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 31 Mar 2022 17:54:34 GMT
Server
nginx
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
POST, GET
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Transfer-Encoding
chunked
Bug-Bounty
Report to live chat :)
Expires
Thu, 19 Nov 1981 08:52:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cstaticdun.126.net
URL
https://cstaticdun.126.net//2.6.3/images/icon_light.f13cff3.png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails

0 Cookies

1 Console Messages

Source Level URL
Text
network error URL: https://killbot.org/api/v2/blocker?apikey=0vwkNnsjimCzB1x4bZQVoTDbhDgNZYzTl2y-OoaX3QRuG&ip=193.27.14.10&ua=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/100.0.4896.60%20Safari/537.36&url=
Message:
Failed to load resource: the server responded with a status of 401 (Unauthorized)