microsoftshared.officeplusfiles.com Open in urlscan Pro
2606:4700:30::681b:9db0 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://microsoftshared.officeplusfiles.com/common/oauth2
Submission Tags: @ipnigh
Submission: On September 06 via api (September 6th 2019, 12:22:06 pm UTC) from GB

Summary HTTP 14 Redirects Links 4 Behaviour Indicators

Similar DOM Content API

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 14 HTTP transactions. The main IP is 2606:4700:30::681b:9db0, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is microsoftshared.officeplusfiles.com.

This is the only time microsoftshared.officeplusfiles.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address		AS Autonomous System
11	2606:4700:30:... 2606:4700:30::681b:9db0		13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	2606:4700::68... 2606:4700::6813:c697		13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2a00:1450:400... 2a00:1450:4001:81a::200a		15169 (GOOGLE) (GOOGLE - Google LLC)
14	3

11 2606:4700:30::681b:9db0 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

microsoftshared.officeplusfiles.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6813:c697 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	officeplusfiles.com microsoftshared.officeplusfiles.com	728 KB
2	cloudflare.com cdnjs.cloudflare.com	13 KB
1	googleapis.com fonts.googleapis.com	1008 B
14	3

	Domain	Requested by
11	microsoftshared.officeplusfiles.com	microsoftshared.officeplusfiles.com
2	cdnjs.cloudflare.com	microsoftshared.officeplusfiles.com
1	fonts.googleapis.com	microsoftshared.officeplusfiles.com
14	3

This site contains links to these domains. Also see Links.

Domain
signup.live.com
login.microsoftonline.com
www.microsoft.com
privacy.microsoft.com

Subject Issuer	Validity	Valid
	`1970-01-01` - `1970-01-01`	a few seconds	crt.sh
ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-08-10` - `2020-02-16`	6 months	crt.sh
*.googleapis.com GTS CA 1O1	`2019-08-23` - `2019-11-21`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://microsoftshared.officeplusfiles.com/common/oauth2
Frame ID: 622C58B5D1FC27D6654A9173C770B491
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

Ionicons (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+ionicons(?:\.min)?\.css/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

14
Requests

21 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

743 kB
Transfer

1084 kB
Size

1
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26response_type%3dcode%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26scope%3dopenid%2bprofile%2bemail%2boffline_access%26response_mode%3dform_post%26redirect_uri%3dhttps%253a%252f%252flogin.microsoftonline.com%252fcommon%252ffederation%252foauth2%26state%3drQIIAXWSPWzTUBSF85I2_RGCCiGBxNKBCcnJe362E0fqUOI4JI2dprGb2ghFjuMkL41_ar_WqcXEAIwdaSeEhBAdmRA7DJ06d2RCTIiJBQmXneVKR_eTztU952EOFVDlAYc53ioNREa0BMxwIoKMxbECg3ksYBaiIQ9xeHt17eu3radfNqh8qgPlz4uld2dgpT8jR07B9t1zcHdCaRBVisU4jgv-aETsf4viJwAuAfgOwFl20fEYvXuejQQsiLyAWIhZEWKUWhbaUoNX6k2iSptUTWq8WYXQ6KnTljY-NtwGVSUFq9IjYiQGVFh1lnKpbk6UZEwNV4-VbspPbb6l7SNVsqmibbLKtDM3Etk1tf3jq-yt9uYhnbDXww9J4vzKroz80O0HfkTPcu9BO3C8xrDqe55j08I15niU2BYlvrcd-oETUuJEG7UgaAn9RJ5GLRJ3Oq14XLM7CeITTo-UquuG1T2rP-8OepyEuof6pH3AhOXGgOtpHR72jLo5kFk52PG0MdJ2OGG-P3WanF3afVxTWDYxsdDuiTEvmcyOrlfDQYysSI5xvTvn4t3YnpGPuXz6Vtf3LnI306M8MlwPQn9EZs7lAvixcAPmKsvLq2uZe5n1zO8F8HYxTe7-kw-dS_1l-zlz_ubZ6evMxWIx2hv0ZtJRGXV1Z7hN_Ng5EN1GtFU1WWtWP1bY0DsKmmMcyXCjVEEneXCSz__Mg1dLmc8r_8v6avVO2heRgQIDy-uoVMFcBWLzLw2%26estsfed%3d1%26lw%3d1%26fl%3deasi2%26fci%3d4345a7b9-9a63-4910-a426-35363201d503%26mkt%3den-US%26uaid%3d5d4be2c63dc546749955014dfd8607a5&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=5d4be2c63dc546749955014dfd8607a5&lic=1
Title: Create one!

Search URL Search Domain Scan URL

URL: https://login.microsoftonline.com/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3dEppL6_zFjsLiwQQLwgEcQz15z4UsMCmmrCXa_xSbW4D1SuUhOq-r8Ib4WTQ50WYGZbF2FpRnTg1TR46xkjeJ4c7VHEM22zZ36OW9w5DZ-RUUCrbw1asFw3GSx4wVwcli&nonce=636956120329031491.ODI5MGJiNDAtNzE5ZC00YWNjLTgyYmItNDM3NDBiYzY0M2NlNDA3NDJhMzgtYmUwMS00Yjc5LTk1NDctMTA2MjQxYzFmZTky&redirect_uri=https%3a%2f%2fwww.office.com%2f&ui_locales=en-US&mkt=en-US&client-request-id=5d4be2c6-3dc5-4674-9955-014dfd8607a5
Title: Can't access your account?

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/en-US/servicesagreement/
Title: Terms of us

Search URL Search Domain Scan URL

URL: https://privacy.microsoft.com/en-US/privacystatement
Title: Privacy & cookies ...

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set oauth2 Show response
microsoftshared.officeplusfiles.com/common/ 10 KB
4 KB 346ms
187ms Document
text/html 2606:4700:30::681b:9db0
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://microsoftshared.officeplusfiles.com/common/oauth2
Protocol: HTTP/1.1
Server: 2606:4700:30::681b:9db0 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 45b4b5ff2cd308de73e09a23c0a91fac1f0ac800587c7c1a5e300a50b42b418f

Request headers

Host: microsoftshared.officeplusfiles.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 06 Sep 2019 12:21:50 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=dbb0a8d4bb949ea646d365b20bfdf61721567772509; expires=Sat, 05-Sep-20 12:21:49 GMT; path=/; domain=.officeplusfiles.com; HttpOnly
Cache-Control: private
Vary: Accept-Encoding
X-AspNetMvc-Version: 4.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: cloudflare
CF-RAY: 512067ab5e978ca4-VIE
Content-Encoding: gzip

GET
H/1.1 200
OK bootstrap.min.css
microsoftshared.officeplusfiles.com/bootstrap/css/ 118 KB
20 KB 22ms
22ms Stylesheet
text/css 2606:4700:30::681b:9db0
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://microsoftshared.officeplusfiles.com/bootstrap/css/bootstrap.min.css
Requested by: Host: microsoftshared.officeplusfiles.com
URL: http://microsoftshared.officeplusfiles.com/common/oauth2
Protocol: HTTP/1.1
Security: , ,
Server: 2606:4700:30::681b:9db0 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: b43c110ac7c8b604491e619a14f5b847930d944e2f251cb1aaf961e73bce1cca

Request headers

Referer: http://microsoftshared.officeplusfiles.com/common/oauth2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 06 Sep 2019 12:21:50 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 20
X-Powered-By: ASP.NET
Connection: keep-alive
Content-Length: 19574
Last-Modified: Thu, 05 Sep 2019 23:52:26 GMT
Server: cloudflare
ETag: "05915f84464d51:0"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 512067ac8f588ca4-VIE
Expires: Sat, 05 Sep 2020 12:21:50 GMT

GET
H2 200 font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.5.0/css/ 27 KB
6 KB 20ms
18ms Stylesheet
text/css 2606:4700::6813:c697
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.5.0/css/font-awesome.min.css

Requested by

Host: microsoftshared.officeplusfiles.com
URL: http://microsoftshared.officeplusfiles.com/common/oauth2

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:c697 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Sec-Fetch-Mode: no-cors
Referer: http://microsoftshared.officeplusfiles.com/common/oauth2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Sep 2019 12:21:50 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 12406428
status: 200
served-in-seconds: 0.002
timing-allow-origin: *
last-modified: Thu, 17 May 2018 09:19:53 GMT
server: cloudflare
etag: W/"5afd4939-6b4a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=30672000
cf-ray: 512067ac8ed4cbd0-VIE
expires: Wed, 26 Aug 2020 12:21:50 GMT

GET
H2 200 ionicons.min.css
cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ 50 KB
7 KB 20ms
19ms Stylesheet
text/css 2606:4700::6813:c697
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css

Requested by

Host: microsoftshared.officeplusfiles.com
URL: http://microsoftshared.officeplusfiles.com/common/oauth2

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:c697 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

de2bbd8e0b32f53a53c1729bedb350cea59e9115fba4f2bed8e2e3dd1f76d9fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Sec-Fetch-Mode: no-cors
Referer: http://microsoftshared.officeplusfiles.com/common/oauth2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Sep 2019 12:21:50 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 12406428
status: 200
served-in-seconds: 0.041
timing-allow-origin: *
last-modified: Thu, 17 May 2018 09:20:05 GMT
server: cloudflare
etag: W/"5afd4945-c854"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=30672000
cf-ray: 512067ac8ed8cbd0-VIE
expires: Wed, 26 Aug 2020 12:21:50 GMT

GET
H/1.1 200
OK AdminLTE.min.css
microsoftshared.officeplusfiles.com/dist/css/ 91 KB
16 KB 30ms
18ms Stylesheet
text/css 2606:4700:30::681b:9db0
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://microsoftshared.officeplusfiles.com/dist/css/AdminLTE.min.css
Requested by: Host: microsoftshared.officeplusfiles.com
URL: http://microsoftshared.officeplusfiles.com/common/oauth2
Protocol: HTTP/1.1
Security: , ,
Server: 2606:4700:30::681b:9db0 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: b68db69fdfae329e27061da8771ad67d4f11c8330573d68768b58ceff4a2b67f

Request headers

Referer: http://microsoftshared.officeplusfiles.com/common/oauth2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 06 Sep 2019 12:21:50 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 21
X-Powered-By: ASP.NET
Connection: keep-alive
Content-Length: 15869
Last-Modified: Thu, 05 Sep 2019 23:53:58 GMT
Server: cloudflare
ETag: "06feb2e4564d51:0"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 512067ac98aecba8-VIE
Expires: Sat, 05 Sep 2020 12:21:50 GMT

GET
H/1.1 200
OK blue.css
microsoftshared.officeplusfiles.com/plugins/iCheck/square/ 2 KB
926 B 31ms
20ms Stylesheet
text/css 2606:4700:30::681b:9db0
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://microsoftshared.officeplusfiles.com/plugins/iCheck/square/blue.css
Requested by: Host: microsoftshared.officeplusfiles.com
URL: http://microsoftshared.officeplusfiles.com/common/oauth2
Protocol: HTTP/1.1
Security: , ,
Server: 2606:4700:30::681b:9db0 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 467fefb5320f85af9c3dd29605d3a6f33cf29048143ae24dc2bdb1f345b16228

Request headers

Referer: http://microsoftshared.officeplusfiles.com/common/oauth2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 06 Sep 2019 12:21:50 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 13296
X-Powered-By: ASP.NET
Connection: keep-alive
Content-Length: 471
Last-Modified: Thu, 05 Sep 2019 23:58:25 GMT
Server: cloudflare
ETag: "6558a6ce4564d51:0"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 512067ac98b0cba8-VIE
Expires: Sat, 05 Sep 2020 12:21:50 GMT

GET
H/1.1 200
OK logo2.png
microsoftshared.officeplusfiles.com/Images/ 4 KB
4 KB 37ms
25ms Image
image/png 2606:4700:30::681b:9db0
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://microsoftshared.officeplusfiles.com/Images/logo2.png
Requested by: Host: microsoftshared.officeplusfiles.com
URL: http://microsoftshared.officeplusfiles.com/common/oauth2
Protocol: HTTP/1.1
Security: , ,
Server: 2606:4700:30::681b:9db0 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: fd211b1c7cd3f2128b99cead09ded768f2f255bd82bf66ca83ce142a0e3d5d5f

Request headers

Referer: http://microsoftshared.officeplusfiles.com/common/oauth2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 06 Sep 2019 12:21:50 GMT
CF-Cache-Status: HIT
Last-Modified: Thu, 05 Sep 2019 23:56:03 GMT
Server: cloudflare
Age: 21
X-Powered-By: ASP.NET
ETag: "665b0794564d51:0"
Vary: Accept-Encoding
Content-Type: image/png
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 512067ac9d70595e-VIE
Content-Length: 3831
Expires: Sat, 05 Sep 2020 12:21:50 GMT

GET
H/1.1 200
OK sign.png
microsoftshared.officeplusfiles.com/Images/ 3 KB
4 KB 36ms
24ms Image
image/png 2606:4700:30::681b:9db0
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://microsoftshared.officeplusfiles.com/Images/sign.png
Requested by: Host: microsoftshared.officeplusfiles.com
URL: http://microsoftshared.officeplusfiles.com/common/oauth2
Protocol: HTTP/1.1
Security: , ,
Server: 2606:4700:30::681b:9db0 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: fb77800c49f1f17be2c4a8512d462137e1fa64cc97a2c692a3ce5d5755278131

Request headers

Referer: http://microsoftshared.officeplusfiles.com/common/oauth2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 06 Sep 2019 12:21:50 GMT
CF-Cache-Status: HIT
Last-Modified: Thu, 05 Sep 2019 23:56:14 GMT
Server: cloudflare
Age: 21
X-Powered-By: ASP.NET
ETag: "5f045804564d51:0"
Vary: Accept-Encoding
Content-Type: image/png
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 512067ac9d4a5952-VIE
Content-Length: 3568
Expires: Sat, 05 Sep 2020 12:21:50 GMT

GET
H/1.1 200
OK hr.png
microsoftshared.officeplusfiles.com/Images/ 3 KB
3 KB 15ms
15ms Image
image/png 2606:4700:30::681b:9db0
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://microsoftshared.officeplusfiles.com/Images/hr.png
Requested by: Host: microsoftshared.officeplusfiles.com
URL: http://microsoftshared.officeplusfiles.com/common/oauth2
Protocol: HTTP/1.1
Security: , ,
Server: 2606:4700:30::681b:9db0 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: bb4b05cc4e593c94be0c3b56901a733b59bea53615285a3b79f84d2985a836db

Request headers

Referer: http://microsoftshared.officeplusfiles.com/common/oauth2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 06 Sep 2019 12:21:50 GMT
CF-Cache-Status: HIT
Last-Modified: Thu, 05 Sep 2019 23:56:01 GMT
Server: cloudflare
Age: 21
X-Powered-By: ASP.NET
ETag: "46399e784564d51:0"
Vary: Accept-Encoding
Content-Type: image/png
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 512067acb902cba8-VIE
Content-Length: 2868
Expires: Sat, 05 Sep 2020 12:21:50 GMT

GET
H/1.1 200
OK jquery-2.2.3.min.js Show response
microsoftshared.officeplusfiles.com/plugins/jQuery/ 84 KB
30 KB 28ms
17ms Script
application/javascript 2606:4700:30::681b:9db0
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://microsoftshared.officeplusfiles.com/plugins/jQuery/jquery-2.2.3.min.js
Requested by: Host: microsoftshared.officeplusfiles.com
URL: http://microsoftshared.officeplusfiles.com/common/oauth2
Protocol: HTTP/1.1
Security: , ,
Server: 2606:4700:30::681b:9db0 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 6b6de0d4db7876d1183a3edb47ebd3bbbf93f153f5de1ba6645049348628109a

Request headers

Referer: http://microsoftshared.officeplusfiles.com/common/oauth2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 06 Sep 2019 12:21:50 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 20
X-Powered-By: ASP.NET
Connection: keep-alive
Content-Length: 29978
Last-Modified: Thu, 05 Sep 2019 23:56:54 GMT
Server: cloudflare
ETag: "0e7d2974564d51:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 512067ac9cb08c74-VIE
Expires: Sat, 05 Sep 2020 12:21:50 GMT

GET
H/1.1 200
OK bootstrap.min.js Show response
microsoftshared.officeplusfiles.com/bootstrap/js/ 36 KB
10 KB 15ms
15ms Script
application/javascript 2606:4700:30::681b:9db0
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://microsoftshared.officeplusfiles.com/bootstrap/js/bootstrap.min.js
Requested by: Host: microsoftshared.officeplusfiles.com
URL: http://microsoftshared.officeplusfiles.com/common/oauth2
Protocol: HTTP/1.1
Security: , ,
Server: 2606:4700:30::681b:9db0 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

Request headers

Referer: http://microsoftshared.officeplusfiles.com/common/oauth2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 06 Sep 2019 12:21:50 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 21
X-Powered-By: ASP.NET
Connection: keep-alive
Content-Length: 9846
Last-Modified: Thu, 05 Sep 2019 23:52:39 GMT
Server: cloudflare
ETag: "80fdd4ff4464d51:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 512067acaf718ca4-VIE
Expires: Sat, 05 Sep 2020 12:21:50 GMT

GET
H/1.1 200
OK icheck.min.js Show response
microsoftshared.officeplusfiles.com/plugins/iCheck/ 4 KB
3 KB 16ms
15ms Script
application/javascript 2606:4700:30::681b:9db0
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://microsoftshared.officeplusfiles.com/plugins/iCheck/icheck.min.js
Requested by: Host: microsoftshared.officeplusfiles.com
URL: http://microsoftshared.officeplusfiles.com/common/oauth2
Protocol: HTTP/1.1
Security: , ,
Server: 2606:4700:30::681b:9db0 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 6102d725c22f9bf27ef542ceae070843153f3e0926b89820a75f29b107e33cb2

Request headers

Referer: http://microsoftshared.officeplusfiles.com/common/oauth2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 06 Sep 2019 12:21:50 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 13295
X-Powered-By: ASP.NET
Connection: keep-alive
Content-Length: 2163
Last-Modified: Thu, 05 Sep 2019 23:56:50 GMT
Server: cloudflare
ETag: "08d70954564d51:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 512067acb8facba8-VIE
Expires: Sat, 05 Sep 2020 12:21:50 GMT

GET
H2 200 css
fonts.googleapis.com/ 18 KB
1008 B 16ms
16ms Stylesheet
text/css 2a00:1450:4001:81a::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,300italic,400italic,600italic

Requested by

Host: microsoftshared.officeplusfiles.com
URL: http://microsoftshared.officeplusfiles.com/common/oauth2

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

15ed7c415b6b4b7b7b7acf5f349b1bfe20166d322bdc6b664add365b55a5d785

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: http://microsoftshared.officeplusfiles.com/common/oauth2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 06 Sep 2019 12:21:50 GMT
server: ESF
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
status: 200
date: Fri, 06 Sep 2019 12:21:50 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
x-xss-protection: 0
expires: Fri, 06 Sep 2019 12:21:50 GMT

GET
H/1.1 200
OK z.png
microsoftshared.officeplusfiles.com/Images/ 634 KB
634 KB 20ms
19ms Image
image/png 2606:4700:30::681b:9db0
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://microsoftshared.officeplusfiles.com/Images/z.png
Requested by: Host: microsoftshared.officeplusfiles.com
URL: http://microsoftshared.officeplusfiles.com/common/oauth2
Protocol: HTTP/1.1
Security: , ,
Server: 2606:4700:30::681b:9db0 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 848c55bbb8243068f3b6598f01828bd22c7b0c1ad9f7e76d7e0a309841b3381f

Request headers

Referer: http://microsoftshared.officeplusfiles.com/common/oauth2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 06 Sep 2019 12:21:50 GMT
CF-Cache-Status: HIT
Last-Modified: Thu, 05 Sep 2019 23:56:17 GMT
Server: cloudflare
Age: 18
X-Powered-By: ASP.NET
ETag: "d13719824564d51:0"
Vary: Accept-Encoding
Content-Type: image/png
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 512067acf9b6cba8-VIE
Content-Length: 648971
Expires: Sat, 05 Sep 2020 12:21:50 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery number| currentTab function| showTab function| nextPrev function| validateForm function| fixStepIndicator

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.officeplusfiles.com/	1970-01-19 12:15:08	Name: __cfduid Value: dbb0a8d4bb949ea646d365b20bfdf61721567772509

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
fonts.googleapis.com
microsoftshared.officeplusfiles.com
2606:4700:30::681b:9db0
2606:4700::6813:c697
2a00:1450:4001:81a::200a
15ed7c415b6b4b7b7b7acf5f349b1bfe20166d322bdc6b664add365b55a5d785
45b4b5ff2cd308de73e09a23c0a91fac1f0ac800587c7c1a5e300a50b42b418f
467fefb5320f85af9c3dd29605d3a6f33cf29048143ae24dc2bdb1f345b16228
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
6102d725c22f9bf27ef542ceae070843153f3e0926b89820a75f29b107e33cb2
6b6de0d4db7876d1183a3edb47ebd3bbbf93f153f5de1ba6645049348628109a
848c55bbb8243068f3b6598f01828bd22c7b0c1ad9f7e76d7e0a309841b3381f
b43c110ac7c8b604491e619a14f5b847930d944e2f251cb1aaf961e73bce1cca
b68db69fdfae329e27061da8771ad67d4f11c8330573d68768b58ceff4a2b67f
bb4b05cc4e593c94be0c3b56901a733b59bea53615285a3b79f84d2985a836db
ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5
de2bbd8e0b32f53a53c1729bedb350cea59e9115fba4f2bed8e2e3dd1f76d9fa
fb77800c49f1f17be2c4a8512d462137e1fa64cc97a2c692a3ce5d5755278131
fd211b1c7cd3f2128b99cead09ded768f2f255bd82bf66ca83ce142a0e3d5d5f