urlscan.io logo urlscan.io
SecurityTrails logo

officedocssecured.pages.dev Open in urlscan Pro
2606:4700:310c::ac42:2c48  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://officedocssecured.pages.dev/
Effective URL: https://officedocssecured.pages.dev/
Submission: On August 16 via api from JP — Scanned from JP
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 8 HTTP transactions. The main IP is 2606:4700:310c::ac42:2c48, located in United States and belongs to CLOUDFLARENET, US. The main domain is officedocssecured.pages.dev.
TLS certificate: Issued by E1 on August 12th 2022. Valid for: 3 months.
This is the only time officedocssecured.pages.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 2606:4700:310... 13335 (CLOUDFLAR...)
1 2404:6800:400... 15169 (GOOGLE)
5 2600:140b:2:9... 20940 (AKAMAI-ASN1)
1 52.20.78.240 14618 (AMAZON-AES)
8 5
Apex Domain
Subdomains		 Transfer
5 office365.com
r4.res.office365.com — Cisco Umbrella Rank: 121
662 KB
1 ipify.org
api.ipify.org — Cisco Umbrella Rank: 2743
268 B
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 267
30 KB
1 pages.dev
officedocssecured.pages.dev
381 KB
8 4
Domain Requested by
5 r4.res.office365.com srcdoc
1 api.ipify.org ajax.googleapis.com
1 ajax.googleapis.com officedocssecured.pages.dev
1 officedocssecured.pages.dev
8 4

This site contains links to these domains. Also see Links.

Domain
www.microsoft.com
privacy.microsoft.com
Subject Issuer Validity Valid
*.officedocssecured.pages.dev
E1		 2022-08-12 -
2022-11-10		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2022-07-18 -
2022-10-10		 3 months crt.sh
*.res.outlook.com
Microsoft RSA TLS CA 01		 2022-06-02 -
2023-06-02		 a year crt.sh
*.ipify.org
Sectigo RSA Domain Validation Secure Server CA		 2022-02-07 -
2023-03-10		 a year crt.sh

This page contains 2 frames:

Primary Page: https://officedocssecured.pages.dev/
Frame ID: 54FF6E23651D9F4C9472E7FA110BBED2
Requests: 9 HTTP requests in this frame

Frame: https://r4.res.office365.com/owa/prem/16.3499.0.2717365/scripts/boot.worldwide.0.mouse.js
Frame ID: 6EBB970B240F9F7E6FD5F713BA3F59A3
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign in to Outlook

Page URL History Show full URLs

  1. http://officedocssecured.pages.dev/ HTTP 307
    https://officedocssecured.pages.dev/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

8
Requests

100 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

5
IPs

3
Countries

1074 kB
Transfer

3801 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://officedocssecured.pages.dev/ HTTP 307
    https://officedocssecured.pages.dev/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
officedocssecured.pages.dev/
Redirect Chain
  • http://officedocssecured.pages.dev/
  • https://officedocssecured.pages.dev/
829 KB
381 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://officedocssecured.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:310c::ac42:2c48 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1247e871270bd77d5ee92530a2068150116cc5cc71e3c462037a4e3c3bce3661
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
public, max-age=0, must-revalidate
cf-ray
73bcdaa57f48afed-NRT
content-encoding
br
content-type
text/html; charset=utf-8
date
Tue, 16 Aug 2022 20:17:33 GMT
etag
W/"bfe7405f1562e55d15a13a8fbd67ac9b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ppjvrz8HSZzNyFEyUKC5x90PVS0CDJ0BgFtg4DeSM2kXpe5yHA1%2FQDIgXa9BxHaXCItgZTDfuiOtVhxFuzAJJDTBYYxtAqg2TqVC2QFXKLxsRw09xIJ1%2BBnEZsBwHE8oo%2F07XX4O7w3%2FGLUCyBFQGy1YFqeGsP9Ju98%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-content-type-options
nosniff

Redirect headers

Cross-Origin-Resource-Policy
Cross-Origin
Location
https://officedocssecured.pages.dev/
Non-Authoritative-Reason
HSTS
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.2.1/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
Requested by
Host: officedocssecured.pages.dev
URL: https://officedocssecured.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:824::200a , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://officedocssecured.pages.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Sun, 14 Aug 2022 08:01:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
216977
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30306
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 14 Aug 2023 08:01:16 GMT
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b5d587f6c48a9b22bbe97150249e0c0655ac1780bd273431480a22f8a5bfef6c

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f89e908280791803bbf1f33b596ff4a2179b355a8e15ad02ebaa2b1da11127ea

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		277 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		915 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		915 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type
image/svg+xml
boot.worldwide.0.mouse.js
r4.res.office365.com/owa/prem/16.3499.0.2717365/scripts/ Frame 6EBB 		648 KB
176 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r4.res.office365.com/owa/prem/16.3499.0.2717365/scripts/boot.worldwide.0.mouse.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:140b:2:9b6::1e0f Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
3d05d46146f38af96edee763df57892ccbf155494ab977c44b618fedb6d60f18
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Tue, 16 Aug 2022 20:17:33 GMT
content-encoding
gzip
last-modified
Sat, 21 Dec 2019 09:08:43 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public,max-age=630720000, s-maxage=630720000
strict-transport-security
max-age=31536000; includeSubDomains
accept-ranges
bytes
timing-allow-origin
*
content-length
179730
boot.worldwide.1.mouse.js
r4.res.office365.com/owa/prem/16.3499.0.2717365/scripts/ Frame 6EBB 		644 KB
160 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r4.res.office365.com/owa/prem/16.3499.0.2717365/scripts/boot.worldwide.1.mouse.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:140b:2:9b6::1e0f Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
0a67653a09d3f3c540a0c0691af6b0bf5b7c76062ba27f79247707a958091e10
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Tue, 16 Aug 2022 20:17:33 GMT
content-encoding
gzip
last-modified
Sat, 21 Dec 2019 09:08:41 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public,max-age=630720000, s-maxage=630720000
strict-transport-security
max-age=31536000; includeSubDomains
accept-ranges
bytes
timing-allow-origin
*
content-length
163057
boot.worldwide.2.mouse.js
r4.res.office365.com/owa/prem/16.3499.0.2717365/scripts/ Frame 6EBB 		647 KB
167 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r4.res.office365.com/owa/prem/16.3499.0.2717365/scripts/boot.worldwide.2.mouse.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:140b:2:9b6::1e0f Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
c93fb192d93946ff9f853be4d5c0c4f4a2cc0b9fb328e89dba7b14210136f844
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Tue, 16 Aug 2022 20:17:33 GMT
content-encoding
gzip
last-modified
Sat, 21 Dec 2019 09:08:44 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public,max-age=630720000, s-maxage=630720000
strict-transport-security
max-age=31536000; includeSubDomains
accept-ranges
bytes
timing-allow-origin
*
content-length
169998
boot.worldwide.3.mouse.js
r4.res.office365.com/owa/prem/16.3499.0.2717365/scripts/ Frame 6EBB 		645 KB
143 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r4.res.office365.com/owa/prem/16.3499.0.2717365/scripts/boot.worldwide.3.mouse.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:140b:2:9b6::1e0f Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
314e50eeee61a62fa0c754173772948b40cab0463092bc834011f17fa05de594
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Tue, 16 Aug 2022 20:17:33 GMT
content-encoding
gzip
last-modified
Sat, 21 Dec 2019 09:08:41 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public,max-age=630720000, s-maxage=630720000
strict-transport-security
max-age=31536000; includeSubDomains
accept-ranges
bytes
timing-allow-origin
*
content-length
145699
sprite1.mouse.png
r4.res.office365.com/owa/prem/16.3499.0.2717365/resources/images/0/ Frame 6EBB 		16 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r4.res.office365.com/owa/prem/16.3499.0.2717365/resources/images/0/sprite1.mouse.png
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:140b:2:9b6::1e0f Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
99190cfe65f919edb8071d84eee7096ec27561bc9b9fa396e55e0eb5e2cd0194
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Tue, 16 Aug 2022 20:17:33 GMT
last-modified
Sat, 21 Dec 2019 09:04:43 GMT
server
AkamaiNetStorage
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=630720000, s-maxage=630720000
accept-ranges
bytes
timing-allow-origin
*
content-length
16664
/
api.ipify.org/ 		24 B
268 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.ipify.org/?format=json
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.20.78.240 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-20-78-240.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
3bf78e8465a6a6508b1ab96ba7af708bdcd668fc6938cb5531f3384ae9e6d6ca

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://officedocssecured.pages.dev/
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Tue, 16 Aug 2022 20:17:33 GMT
Via
1.1 vegur
Server
Cowboy
Vary
Origin
Content-Type
application/json
Access-Control-Allow-Origin
https://officedocssecured.pages.dev
Connection
keep-alive
Content-Length
24

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| savepage_ShadowLoader function| $ function| jQuery

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff