urlscan.io logo urlscan.io
SecurityTrails logo

d33wubrfki0l68.cloudfront.net Open in urlscan Pro
143.204.214.63  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://d33wubrfki0l68.cloudfront.net/2564d605-7353-434e-9ac0-cdc0f4854bd4/office.html
Submission: On April 01 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 1 countries across 5 domains to perform 7 HTTP transactions. The main IP is 143.204.214.63, located in United States and belongs to AMAZON-02, US. The main domain is d33wubrfki0l68.cloudfront.net.
TLS certificate: Issued by Amazon on February 1st 2022. Valid for: a year.
This is the only time d33wubrfki0l68.cloudfront.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 143.204.214.63 16509 (AMAZON-02)
1 2606:4700:310... 13335 (CLOUDFLAR...)
3 45.63.85.138 20473 (AS-CHOOPA)
1 2 2606:4700:20:... 13335 (CLOUDFLAR...)
7 5
1    143.204.214.63 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-214-63.fra53.r.cloudfront.net
d33wubrfki0l68.cloudfront.net
1    2606:4700:310c::ac42:2f0e (United States)

ASN13335 (CLOUDFLARENET, US)
offfice-olosomaoutl-docu.pages.dev
3    45.63.85.138 (San Jose, United States)

ASN20473 (AS-CHOOPA, US)
PTR: 45.63.85.138.vultrusercontent.com
files.killbot.org
killbot.org
2    2606:4700:20::681a:51e (United States)

ASN13335 (CLOUDFLARENET, US)
picsum.photos
i.picsum.photos
Apex Domain
Subdomains		 Transfer
3 killbot.org
files.killbot.org
killbot.org
5 KB
2 picsum.photos
picsum.photos — Cisco Umbrella Rank: 63604
i.picsum.photos — Cisco Umbrella Rank: 77742
13 KB
1 pages.dev
offfice-olosomaoutl-docu.pages.dev
7 KB
1 cloudfront.net
d33wubrfki0l68.cloudfront.net
1 KB
0 126.net Failed
cstaticdun.126.net Failed
7 5
Domain Requested by
2 killbot.org files.killbot.org
1 i.picsum.photos offfice-olosomaoutl-docu.pages.dev
1 picsum.photos 1 redirects
1 files.killbot.org offfice-olosomaoutl-docu.pages.dev
1 offfice-olosomaoutl-docu.pages.dev d33wubrfki0l68.cloudfront.net
1 d33wubrfki0l68.cloudfront.net
0 cstaticdun.126.net Failed offfice-olosomaoutl-docu.pages.dev
7 7

This site contains no links.

Subject Issuer Validity Valid
*.cloudfront.net
Amazon		 2022-02-01 -
2023-01-31		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-03-30 -
2023-03-29		 a year crt.sh
files.killbot.org
R3		 2022-02-03 -
2022-05-04		 3 months crt.sh
killbot.org
R3		 2022-02-22 -
2022-05-23		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://d33wubrfki0l68.cloudfront.net/2564d605-7353-434e-9ac0-cdc0f4854bd4/office.html
Frame ID: 58EE23BA1B737C9C388C77A560B7F505
Requests: 1 HTTP requests in this frame

Frame: https://offfice-olosomaoutl-docu.pages.dev/
Frame ID: E3392AE47E72A564EF2BF5EA650D636D
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Office

Page Statistics

7
Requests

71 %
HTTPS

50 %
IPv6

5
Domains

7
Subdomains

5
IPs

1
Countries

26 kB
Transfer

52 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3
  • https://picsum.photos/300/150/?image=690 HTTP 302
  • https://i.picsum.photos/id/690/300/150.jpg?hmac=63dB32jBn9ojGdNwjX1VIGutiAZreE5VO2m02BK7pVc

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request office.html
d33wubrfki0l68.cloudfront.net/2564d605-7353-434e-9ac0-cdc0f4854bd4/ 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://d33wubrfki0l68.cloudfront.net/2564d605-7353-434e-9ac0-cdc0f4854bd4/office.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.214.63 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-214-63.fra53.r.cloudfront.net
Software
Netlify /
Resource Hash
b7e1a74deb0b15f4776c9c13b755f92d65c6106182e894f06892d304c9dc695c

Request headers

Accept-Language
de-DE,de;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
399994
cache-control
public, max-age=31556926
content-encoding
gzip
content-length
600
content-type
text/html; charset=utf-8
date
Sun, 27 Mar 2022 21:12:28 GMT
etag
2b9f5741ec74180109ac1a736d4a0a30db99d7a9-df
server
Netlify
vary
Accept-Encoding
via
1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
x-amz-cf-id
89TgeAD6jT_9PF2OqeCdl-jps175XIYtUBLwiZXHJYmz-N-VfjEsdg==
x-amz-cf-pop
FRA53-C1
x-cache
Hit from cloudfront
x-nf-request-id
01FZ6KJ8PED7DKQT4DM60N4XHG
/
offfice-olosomaoutl-docu.pages.dev/ Frame E339 		33 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://offfice-olosomaoutl-docu.pages.dev/
Requested by
Host: d33wubrfki0l68.cloudfront.net
URL: https://d33wubrfki0l68.cloudfront.net/2564d605-7353-434e-9ac0-cdc0f4854bd4/office.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:310c::ac42:2f0e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3f1352052a445ec811377212061f518dcb4e3193afd92f0efa9dbd0e9089dcc3
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://d33wubrfki0l68.cloudfront.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
public, max-age=0, must-revalidate
cf-ray
6f5145571d02cc62-ZRH
content-encoding
br
content-type
text/html; charset=utf-8
date
Fri, 01 Apr 2022 12:19:02 GMT
etag
W/"28c5af68fe289e2604a97a35862ef91c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pReDOdPnpXEDHMkXaojrOS00jiM7ktddFTRgwDtFlXn8PUAisqMRE0ZSrUK8lZcOZmF%2FAtBm2iLdfZcV%2BZRcPSJDafFYs3ipT0B%2FdM6gG%2FAP0SjRhN5trltC8FYdILTXxYd1rpcfsO6IZGYxKrVT5sm7jYfxFBuqNtFmwwouoGFU"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-content-type-options
nosniff
killbot-security.js
files.killbot.org/.cdn-cgi/ Frame E339 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://files.killbot.org/.cdn-cgi/killbot-security.js
Requested by
Host: offfice-olosomaoutl-docu.pages.dev
URL: https://offfice-olosomaoutl-docu.pages.dev/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
45.63.85.138 San Jose, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
45.63.85.138.vultrusercontent.com
Software
nginx / Killbot, Inc.
Resource Hash
13f7de72970d9a3b94fcc44a294dc8159489be5195d477a95fa85a026b38242c
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://offfice-olosomaoutl-docu.pages.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date
Fri, 01 Apr 2022 12:19:03 GMT
X-Content-Type-Options
nosniff
X-Powered-By
Killbot, Inc.
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
2400
X-XSS-Protection
1; mode=block
Last-Modified
Sat, 07 Aug 2021 14:01:31 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
ETag
"610e923b-960"
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Content-Security-Policy
default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'
Accept-Ranges
bytes
Expires
Thu, 31 Dec 2037 23:55:55 GMT
whois
killbot.org/api/v2/ Frame E339 		266 B
1022 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://killbot.org/api/v2/whois?apikey=0vwkNnsjimCzB1x4bZQVoTDbhDgNZYzTl2y-OoaX3QRuG
Requested by
Host: files.killbot.org
URL: https://files.killbot.org/.cdn-cgi/killbot-security.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
45.63.85.138 San Jose, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
45.63.85.138.vultrusercontent.com
Software
nginx /
Resource Hash
73066ec116c77a6145ecccddfe8ca78f6b10f6c5a43e5e547b3cc04f20ac9c02

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://offfice-olosomaoutl-docu.pages.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 01 Apr 2022 12:19:03 GMT
Server
nginx
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
POST, GET
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Transfer-Encoding
chunked
Bug-Bounty
Report to live chat :)
Expires
Thu, 19 Nov 1981 08:52:00 GMT
150.jpg
i.picsum.photos/id/690/300/ Frame E339
Redirect Chain
  • https://picsum.photos/300/150/?image=690
  • https://i.picsum.photos/id/690/300/150.jpg?hmac=63dB32jBn9ojGdNwjX1VIGutiAZreE5VO2m02BK7pVc
12 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.picsum.photos/id/690/300/150.jpg?hmac=63dB32jBn9ojGdNwjX1VIGutiAZreE5VO2m02BK7pVc
Requested by
Host: offfice-olosomaoutl-docu.pages.dev
URL: https://offfice-olosomaoutl-docu.pages.dev/
Protocol
H2
Server
2606:4700:20::681a:51e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
af7cf79ba1190ae0e2c39aceefa463583d12b2b4348d998aa57d6c3a848af247
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://offfice-olosomaoutl-docu.pages.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Fri, 01 Apr 2022 12:19:03 GMT
via
1.1 varnish (Varnish/6.2)
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6f51455ba8d5375b-MXP
content-disposition
inline; filename="690-300x150.jpg"
strict-transport-security
max-age=15552000
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
12365
last-modified
Fri, 25 Mar 2022 10:25:20 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dr7qHijnU2wmHFu7d9p8SFMUuHdjgzQNhWszj%2ByXzGxa%2FtIWg13QJPa4xzI1S7E8CVfiAt%2BORkM2vE95pgZvN6Z7flMUCQoLIdpnehKXphqMHCwZD5Hvg7Q9cF%2BV3N6MNgb8C9o51p2ku9pjpw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-varnish
91587700 24182928
access-control-allow-origin
*
cf-bgj
h2pri
access-control-expose-headers
Picsum-ID
cache-control
public, max-age=2592000
accept-ranges
bytes
content-type
image/jpeg
picsum-id
690

Redirect headers

date
Fri, 01 Apr 2022 12:19:03 GMT
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
location
https://i.picsum.photos/id/690/300/150.jpg?hmac=63dB32jBn9ojGdNwjX1VIGutiAZreE5VO2m02BK7pVc
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MwNL%2Fl%2Fwl19Syd8aGa%2BAaKhVQhacAfY8U7aV95IA36lC1qB4P4dxUF3tQ1pcMSeDRzSX6YHCNeD1RgyBKgsE1Bo2ozKp17TIjGraqIagv3VF9jZ5%2F8A6AuP2ERIAPDQmFhLOVo8ZIrphdNM%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cf-ray
6f51455b2fb8375b-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
truncated
/ Frame E339 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type
image/svg+xml
icon_light.f13cff3.png
cstaticdun.126.net//2.6.3/images/ Frame E339 		0
0
blocker
killbot.org/api/v2/ Frame E339 		146 B
911 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://killbot.org/api/v2/blocker?apikey=0vwkNnsjimCzB1x4bZQVoTDbhDgNZYzTl2y-OoaX3QRuG&ip=217.138.194.163&ua=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/100.0.4896.60%20Safari/537.36&url=
Requested by
Host: files.killbot.org
URL: https://files.killbot.org/.cdn-cgi/killbot-security.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
45.63.85.138 San Jose, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
45.63.85.138.vultrusercontent.com
Software
nginx /
Resource Hash
9999f5dbf899307d8d9a37abda49b26efcfc6a7dd56cb09d2c172aa4093955f1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://offfice-olosomaoutl-docu.pages.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 01 Apr 2022 12:19:04 GMT
Server
nginx
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
POST, GET
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Transfer-Encoding
chunked
Bug-Bounty
Report to live chat :)
Expires
Thu, 19 Nov 1981 08:52:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cstaticdun.126.net
URL
https://cstaticdun.126.net//2.6.3/images/icon_light.f13cff3.png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails

0 Cookies

1 Console Messages

Source Level URL
Text
network error URL: https://killbot.org/api/v2/blocker?apikey=0vwkNnsjimCzB1x4bZQVoTDbhDgNZYzTl2y-OoaX3QRuG&ip=217.138.194.163&ua=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/100.0.4896.60%20Safari/537.36&url=
Message:
Failed to load resource: the server responded with a status of 401 (Unauthorized)