officse365.com - urlscan.io

Summary

This website contacted 1 IPs in 1 countries across 2 domains to perform 4 HTTP transactions. The main IP is 198.23.213.114, located in Decatur, United States and belongs to AS-COLOCROSSING, US. The main domain is officse365.com.
TLS certificate: Issued by R3 on April 20th 2023. Valid for: 3 months.

This is the only time officse365.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 1	34.195.107.47 34.195.107.47	14618 (AMAZON-AES) (AMAZON-AES)
2 6	198.23.213.114 198.23.213.114	36352 (AS-COLOCR...) (AS-COLOCROSSING)
4	1

1 34.195.107.47 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-195-107-47.compute-1.amazonaws.com

t.e2ma.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 198.23.213.114 (Decatur, United States) 2 redirects

ASN36352 (AS-COLOCROSSING, US)
PTR: 198-23-213-114-host.colocrossing.com

officse365.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	officse365.com 2 redirects officse365.com	33 KB
1	e2ma.net 1 redirects t.e2ma.net — Cisco Umbrella Rank: 35369	429 B
4	2

	Domain	Requested by
6	officse365.com	2 redirects officse365.com
1	t.e2ma.net	1 redirects
4	2

This site contains no links.

Subject Issuer	Validity	Valid
*.officse365.com R3	`2023-04-20` - `2023-07-19`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://officse365.com/login/?wa=wsignin1.0&rpsnv=13&ct=e029b3f2c87668821aa295ebcedb9ba1e029b3f2c87668821aa295ebcedb9ba1&session=e029b3f2c87668821aa295ebcedb9ba1e029b3f2c87668821aa295ebcedb9ba1
Frame ID: 99A406AE25A945C722140E19D7739A69
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

OneDrive for Business

Page URL History Show full URLs

https://t.e2ma.net/click/8c9pbi/88lxuone/otc8hp HTTP 302
https://officse365.com/ HTTP 302
https://officse365.com/login?wa=wsignin1.0&rpsnv=13&ct=e029b3f2c87668821aa295ebcedb9ba1e029b3f2c876... HTTP 301
https://officse365.com/login/?wa=wsignin1.0&rpsnv=13&ct=e029b3f2c87668821aa295ebcedb9ba1e029b3f2c87... Page URL

Page Statistics

4
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

1
Countries

32 kB
Transfer

31 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://t.e2ma.net/click/8c9pbi/88lxuone/otc8hp HTTP 302
https://officse365.com/ HTTP 302
https://officse365.com/login?wa=wsignin1.0&rpsnv=13&ct=e029b3f2c87668821aa295ebcedb9ba1e029b3f2c87668821aa295ebcedb9ba1&session=e029b3f2c87668821aa295ebcedb9ba1e029b3f2c87668821aa295ebcedb9ba1 HTTP 301
https://officse365.com/login/?wa=wsignin1.0&rpsnv=13&ct=e029b3f2c87668821aa295ebcedb9ba1e029b3f2c87668821aa295ebcedb9ba1&session=e029b3f2c87668821aa295ebcedb9ba1e029b3f2c87668821aa295ebcedb9ba1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response officse365.com/login/ Redirect Chain https://t.e2ma.net/click/8c9pbi/88lxuone/otc8hp https://officse365.com/ https://officse365.com/login?wa=wsignin1.0&rpsnv=13&ct=e029b3f2c87668821aa295ebcedb9ba1e029b3f2c87668821aa295ebcedb9ba1&session=e029b3f2c87668821aa295ebcedb9ba1e029b3f2c87668821aa295ebcedb9ba1 https://officse365.com/login/?wa=wsignin1.0&rpsnv=13&ct=e029b3f2c87668821aa295ebcedb9ba1e029b3f2c87668821aa295ebcedb9ba1&session=e029b3f2c87668821aa295ebcedb9ba1e029b3f2c87668821aa295ebcedb9ba1	4 KB 4 KB	112ms 112ms	Document text/html	198.23.213.114 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://officse365.com/login/?wa=wsignin1.0&rpsnv=13&ct=e029b3f2c87668821aa295ebcedb9ba1e029b3f2c87668821aa295ebcedb9ba1&session=e029b3f2c87668821aa295ebcedb9ba1e029b3f2c87668821aa295ebcedb9ba1 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 198.23.213.114 Decatur, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 198-23-213-114-host.colocrossing.com Software Apache / PHP/7.2.34 Resource Hash `391dbee4ef84652136280ad17b292221d0315ebf1dcf7530470d0e298b1a9eb1` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Fri, 21 Apr 2023 04:47:55 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Keep-Alive timeout=5, max=98 Pragma no-cache Server Apache Transfer-Encoding chunked X-Powered-By PHP/7.2.34 Redirect headers Connection Keep-Alive Content-Length 413 Content-Type text/html; charset=iso-8859-1 Date Fri, 21 Apr 2023 04:47:55 GMT Keep-Alive timeout=5, max=99 Location https://officse365.com/login/?wa=wsignin1.0&rpsnv=13&ct=e029b3f2c87668821aa295ebcedb9ba1e029b3f2c87668821aa295ebcedb9ba1&session=e029b3f2c87668821aa295ebcedb9ba1e029b3f2c87668821aa295ebcedb9ba1 Server Apache
GET H/1.1	200 OK	hrd.css officse365.com/login/	21 KB 21 KB	102ms 101ms	Stylesheet text/css	198.23.213.114 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://officse365.com/login/hrd.css Requested by Host: officse365.com URL: https://officse365.com/login/?wa=wsignin1.0&rpsnv=13&ct=e029b3f2c87668821aa295ebcedb9ba1e029b3f2c87668821aa295ebcedb9ba1&session=e029b3f2c87668821aa295ebcedb9ba1e029b3f2c87668821aa295ebcedb9ba1 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 198.23.213.114 Decatur, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 198-23-213-114-host.colocrossing.com Software Apache / Resource Hash `f997c5af3608aac1d86fe9cb81ecf06f51c43873f5c1764d27b74724996243a7` Request headers accept-language de-DE,de;q=0.9 Referer https://officse365.com/login/?wa=wsignin1.0&rpsnv=13&ct=e029b3f2c87668821aa295ebcedb9ba1e029b3f2c87668821aa295ebcedb9ba1&session=e029b3f2c87668821aa295ebcedb9ba1e029b3f2c87668821aa295ebcedb9ba1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers Date Fri, 21 Apr 2023 04:47:55 GMT Last-Modified Sat, 06 Feb 2021 04:19:50 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 21747
GET H/1.1	200 OK	microsoft_logo.svg officse365.com/login/	4 KB 4 KB	303ms 101ms	Image image/svg+xml	198.23.213.114 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://officse365.com/login/microsoft_logo.svg Requested by Host: officse365.com URL: https://officse365.com/login/?wa=wsignin1.0&rpsnv=13&ct=e029b3f2c87668821aa295ebcedb9ba1e029b3f2c87668821aa295ebcedb9ba1&session=e029b3f2c87668821aa295ebcedb9ba1e029b3f2c87668821aa295ebcedb9ba1 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 198.23.213.114 Decatur, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 198-23-213-114-host.colocrossing.com Software Apache / Resource Hash `04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a` Request headers accept-language de-DE,de;q=0.9 Referer https://officse365.com/login/?wa=wsignin1.0&rpsnv=13&ct=e029b3f2c87668821aa295ebcedb9ba1e029b3f2c87668821aa295ebcedb9ba1&session=e029b3f2c87668821aa295ebcedb9ba1e029b3f2c87668821aa295ebcedb9ba1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers Date Fri, 21 Apr 2023 04:47:55 GMT Last-Modified Sat, 06 Feb 2021 04:19:56 GMT Server Apache Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 3651
GET H/1.1	200 OK	Background-blurryGradient.svg officse365.com/login/	2 KB 2 KB	125ms 111ms	Image image/svg+xml	198.23.213.114 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://officse365.com/login/Background-blurryGradient.svg Requested by Host: officse365.com URL: https://officse365.com/login/hrd.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 198.23.213.114 Decatur, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 198-23-213-114-host.colocrossing.com Software Apache / Resource Hash `16c60cd6aff6a6febabbc48e9b7692a9c3b369d12d31749f8117d6d0851d5296` Request headers accept-language de-DE,de;q=0.9 Referer https://officse365.com/login/hrd.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers Date Fri, 21 Apr 2023 04:47:55 GMT Last-Modified Sat, 06 Feb 2021 04:19:56 GMT Server Apache Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 2267

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
t.e2ma.net/	1970-01-20 11:24:17	Name: AWSALB Value: RhC3QatwENcDtZ/nSEZG3JU+fYfa90ObgOx2pZUCGS+C5IlmAnnsgUwun6nXpgKVLYhb912v9xzq3s67m8sd0yuVpIpmNBmasJLJVm/MKABmnBA8g/0Ba/uCwdAb
t.e2ma.net/	1970-01-20 11:24:17	Name: AWSALBCORS Value: RhC3QatwENcDtZ/nSEZG3JU+fYfa90ObgOx2pZUCGS+C5IlmAnnsgUwun6nXpgKVLYhb912v9xzq3s67m8sd0yuVpIpmNBmasJLJVm/MKABmnBA8g/0Ba/uCwdAb
officse365.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 366d6b7e9610a3351fca6429bd55feec

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

officse365.com
t.e2ma.net
198.23.213.114
34.195.107.47
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
16c60cd6aff6a6febabbc48e9b7692a9c3b369d12d31749f8117d6d0851d5296
391dbee4ef84652136280ad17b292221d0315ebf1dcf7530470d0e298b1a9eb1
f997c5af3608aac1d86fe9cb81ecf06f51c43873f5c1764d27b74724996243a7

officse365.com Open in urlscan Pro 198.23.213.114 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

4 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

1 IPs

1 Countries

32 kBTransfer

31 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

3 Cookies

Indicators

officse365.com Open in urlscan Pro
198.23.213.114 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

1
Countries

32 kB
Transfer

31 kB
Size

3
Cookies

4 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!