0ffice.prodofficetemp.com Open in urlscan Pro
194.49.94.107 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://0ffice.prodofficetemp.com/?oz=ENrLH5
Effective URL:
https://0ffice.prodofficetemp.com/?oz=ENrLH5&sso_reload=true
Submission: On November 29 via manual (November 29th 2023, 3:44:47 pm UTC) from ES — Scanned from ES

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 194.49.94.107, located in Amsterdam, Netherlands and belongs to AS-MATRIXTELECOM, GB. The main domain is 0ffice.prodofficetemp.com.
TLS certificate: Issued by R3 on November 28th 2023. Valid for: 3 months.

This is the only time 0ffice.prodofficetemp.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
1 8	194.49.94.107 194.49.94.107		216419 (AS-MATRIX...) (AS-MATRIXTELECOM)
10	2

8 194.49.94.107 (Amsterdam, Netherlands) 1 redirects

ASN216419 (AS-MATRIXTELECOM, GB)

0ffice.prodofficetemp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
20d27143-fd239109.prodofficetemp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	prodofficetemp.com 1 redirects 0ffice.prodofficetemp.com 20d27143-fd239109.prodofficetemp.com l1ve.prodofficetemp.com Failed 94ce7e41-fd239109.prodofficetemp.com Failed	424 KB
10	1

	Domain	Requested by
4	20d27143-fd239109.prodofficetemp.com	0ffice.prodofficetemp.com 20d27143-fd239109.prodofficetemp.com
4	0ffice.prodofficetemp.com	1 redirects 20d27143-fd239109.prodofficetemp.com
0	94ce7e41-fd239109.prodofficetemp.com Failed	20d27143-fd239109.prodofficetemp.com
0	l1ve.prodofficetemp.com Failed	0ffice.prodofficetemp.com
10	4

This site contains no links.

Subject Issuer	Validity	Valid
prodofficetemp.com R3	`2023-11-28` - `2024-02-26`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://0ffice.prodofficetemp.com/?oz=ENrLH5&sso_reload=true
Frame ID: 1440304D2FFEA2C40F3AE72C876856F9
Requests: 9 HTTP requests in this frame

Frame: https://94ce7e41-fd239109.prodofficetemp.com/Prefetch/Prefetch.aspx
Frame ID: 71F14EBC3B65A7BEB6CFB8686B3D3C82
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Iniciar sesión en la cuenta

Page URL History Show full URLs

https://0ffice.prodofficetemp.com/?oz=ENrLH5 Page URL
https://0ffice.prodofficetemp.com/?oz=ENrLH5 HTTP 302
https://0ffice.prodofficetemp.com/?oz=ENrLH5 Page URL
https://0ffice.prodofficetemp.com/?oz=ENrLH5&sso_reload=true Page URL

Page Statistics

10
Requests

70 %
HTTPS

0 %
IPv6

1
Domains

4
Subdomains

2
IPs

1
Countries

424 kB
Transfer

1396 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://0ffice.prodofficetemp.com/?oz=ENrLH5 Page URL
https://0ffice.prodofficetemp.com/?oz=ENrLH5 HTTP 302
https://0ffice.prodofficetemp.com/?oz=ENrLH5 Page URL
https://0ffice.prodofficetemp.com/?oz=ENrLH5&sso_reload=true Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://0ffice.prodofficetemp.com/?oz=ENrLH5 HTTP 302
https://0ffice.prodofficetemp.com/?oz=ENrLH5

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response 0ffice.prodofficetemp.com/	267 KB 89 KB	1087ms 268ms	Document text/html	194.49.94.107 AS-MATRIXTELECOM
General Check archive.org Show headers Download Go to Full URL https://0ffice.prodofficetemp.com/?oz=ENrLH5 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 194.49.94.107 Amsterdam, Netherlands, ASN216419 (AS-MATRIXTELECOM, GB), Reverse DNS Software nginx / Resource Hash `618978e928ff76f7ef21be5ddf34255639ccfb9d1b5cdb07bb14943f320fda55` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 accept-language es-ES,es;q=0.9 Response headers content-encoding gzip content-type text/html; charset=utf-8 date Wed, 29 Nov 2023 15:44:43 GMT server nginx vary Accept-Encoding
GET H2	200	/ Show response 0ffice.prodofficetemp.com/ Redirect Chain https://0ffice.prodofficetemp.com/?oz=ENrLH5 https://0ffice.prodofficetemp.com/?oz=ENrLH5	195 KB 64 KB	699ms 699ms	Document text/html	194.49.94.107 AS-MATRIXTELECOM
General Check archive.org Show headers Download Go to Full URL https://0ffice.prodofficetemp.com/?oz=ENrLH5 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 194.49.94.107 Amsterdam, Netherlands, ASN216419 (AS-MATRIXTELECOM, GB), Reverse DNS Software nginx / Resource Hash `d60130785f7589b20c1149733775ebf7e456700dbc63ea48c82ed4a194ccc326` Request headers Content-Type application/x-www-form-urlencoded Origin https://0ffice.prodofficetemp.com Referer https://0ffice.prodofficetemp.com/?oz=ENrLH5 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 accept-language es-ES,es;q=0.9 Response headers access-control-allow-headers * access-control-allow-origin * cache-control no-store, no-cache content-encoding gzip content-type text/html; charset=utf-8 date Wed, 29 Nov 2023 15:44:44 GMT nel {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} p3p CP="DSP CUR OTPi IND OTRi ONL FIN" pragma no-cache referrer-policy strict-origin-when-cross-origin report-to {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://886e54b1-fd239109.prodofficetemp.com/api/report?catId=GW+estsfd+dub2"}]} server nginx vary Accept-Encoding Accept-Encoding x-ms-ests-server 2.1.16729.8 - SEC ProdSlices x-ms-request-id 01d77cc8-8abd-4da0-a2dc-401c5dbcb801 Redirect headers content-type text/html; charset=utf-8 date Wed, 29 Nov 2023 15:44:43 GMT location https://0ffice.prodofficetemp.com/?oz=ENrLH5 server nginx
GET H2	200	BssoInterrupt_Core_SuZwfHH8gwlE7gQ2a715Zg2.js Show response 20d27143-fd239109.prodofficetemp.com/shared/1.0/content/js/	136 KB 48 KB	1535ms 448ms	Script application/x-javascript	194.49.94.107 AS-MATRIXTELECOM
General Check archive.org Show headers Download Go to Full URL https://20d27143-fd239109.prodofficetemp.com/shared/1.0/content/js/BssoInterrupt_Core_SuZwfHH8gwlE7gQ2a715Zg2.js Requested by Host: 0ffice.prodofficetemp.com URL: https://0ffice.prodofficetemp.com/?oz=ENrLH5 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 194.49.94.107 Amsterdam, Netherlands, ASN216419 (AS-MATRIXTELECOM, GB), Reverse DNS Software nginx / Resource Hash `ef8f84cd5b62aee6784e916e2b1310352109bcfe2a950c022795fbf37c970937` Request headers Referer https://0ffice.prodofficetemp.com/ Origin https://0ffice.prodofficetemp.com accept-language es-ES,es;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob date Wed, 29 Nov 2023 15:44:45 GMT content-encoding gzip last-modified Tue, 17 Oct 2023 10:42:23 GMT server nginx age 3507481 vary Accept-Encoding, Accept-Encoding x-cache HIT content-type application/x-javascript access-control-allow-origin * x-ms-request-id 56a8cb7c-f01e-005c-47f4-02cd0c000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19
GET H2	200	Primary Request / Show response 0ffice.prodofficetemp.com/	213 KB 70 KB	539ms 539ms	Document text/html	194.49.94.107 AS-MATRIXTELECOM
General Check archive.org Show headers Download Go to Full URL https://0ffice.prodofficetemp.com/?oz=ENrLH5&sso_reload=true Requested by Host: 20d27143-fd239109.prodofficetemp.com URL: https://20d27143-fd239109.prodofficetemp.com/shared/1.0/content/js/BssoInterrupt_Core_SuZwfHH8gwlE7gQ2a715Zg2.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 194.49.94.107 Amsterdam, Netherlands, ASN216419 (AS-MATRIXTELECOM, GB), Reverse DNS Software nginx / Resource Hash `57006d7d36b2906373a3568c8cc84f625c5263635c378aa9e9eaaf53e9fef752` Request headers Referer https://0ffice.prodofficetemp.com/?oz=ENrLH5 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 accept-language es-ES,es;q=0.9 Response headers access-control-allow-headers * access-control-allow-origin * cache-control no-store, no-cache content-encoding gzip content-type text/html; charset=utf-8 date Wed, 29 Nov 2023 15:44:46 GMT nel {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} p3p CP="DSP CUR OTPi IND OTRi ONL FIN" pragma no-cache referrer-policy strict-origin-when-cross-origin report-to {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://886e54b1-fd239109.prodofficetemp.com/api/report?catId=GW+estsfd+dub2"}]} server nginx vary Accept-Encoding Accept-Encoding x-ms-ests-server 2.1.16729.8 - NEULR1 ProdSlices x-ms-request-id 0af576c0-7929-4195-9e82-563f9edb2606
GET H2	200	converged.v2.login.min_ltjvsvk5aekta_kgibi0gg2.css 20d27143-fd239109.prodofficetemp.com/ests/2.1/content/cdnbundles/	109 KB 20 KB	275ms 275ms	Stylesheet text/css	194.49.94.107 AS-MATRIXTELECOM
General Check archive.org Show headers Download Go to Full URL https://20d27143-fd239109.prodofficetemp.com/ests/2.1/content/cdnbundles/converged.v2.login.min_ltjvsvk5aekta_kgibi0gg2.css Requested by Host: 0ffice.prodofficetemp.com URL: https://0ffice.prodofficetemp.com/?oz=ENrLH5&sso_reload=true Protocol H2 Security TLS 1.3, , AES_256_GCM Server 194.49.94.107 Amsterdam, Netherlands, ASN216419 (AS-MATRIXTELECOM, GB), Reverse DNS Software nginx / Resource Hash `1a0ea89ae667420caeae29d594d53258e6ed157dab7e8dfe6f154f0054b0cf99` Request headers Referer https://0ffice.prodofficetemp.com/ Origin https://0ffice.prodofficetemp.com accept-language es-ES,es;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob date Wed, 29 Nov 2023 15:44:46 GMT content-encoding gzip last-modified Wed, 06 Sep 2023 21:24:15 GMT server nginx age 7166928 vary Accept-Encoding, Accept-Encoding x-cache HIT content-type text/css access-control-allow-origin * x-ms-request-id 591b4da5-101e-006e-5fac-e1ba19000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19
GET H2	200	ConvergedLogin_PCore_o-ZZReABRa0UshwWo2BEBw2.js Show response 20d27143-fd239109.prodofficetemp.com/shared/1.0/content/js/	420 KB 116 KB	715ms 715ms	Script application/x-javascript	194.49.94.107 AS-MATRIXTELECOM
General Check archive.org Show headers Download Go to Full URL https://20d27143-fd239109.prodofficetemp.com/shared/1.0/content/js/ConvergedLogin_PCore_o-ZZReABRa0UshwWo2BEBw2.js Requested by Host: 0ffice.prodofficetemp.com URL: https://0ffice.prodofficetemp.com/?oz=ENrLH5&sso_reload=true Protocol H2 Security TLS 1.3, , AES_256_GCM Server 194.49.94.107 Amsterdam, Netherlands, ASN216419 (AS-MATRIXTELECOM, GB), Reverse DNS Software nginx / Resource Hash `4b7f72bba00cc61f75ed577c5638a37e18f84aeff5f6df150e0310571eede6a5` Request headers Referer https://0ffice.prodofficetemp.com/ Origin https://0ffice.prodofficetemp.com accept-language es-ES,es;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob date Wed, 29 Nov 2023 15:44:47 GMT content-encoding gzip last-modified Thu, 02 Nov 2023 07:21:59 GMT server nginx age 2311314 vary Accept-Encoding, Accept-Encoding x-cache HIT content-type application/x-javascript access-control-allow-origin * x-ms-request-id 7eb12d9d-901e-00de-32d5-0dcc5d000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19
GET H2	200	ux.converged.login.strings-es.min_eihuyvrqjtvv64hvpcek4a2.js Show response 20d27143-fd239109.prodofficetemp.com/ests/2.1/content/cdnbundles/	56 KB 16 KB	330ms 330ms	Script application/x-javascript	194.49.94.107 AS-MATRIXTELECOM
General Check archive.org Show headers Download Go to Full URL https://20d27143-fd239109.prodofficetemp.com/ests/2.1/content/cdnbundles/ux.converged.login.strings-es.min_eihuyvrqjtvv64hvpcek4a2.js Requested by Host: 0ffice.prodofficetemp.com URL: https://0ffice.prodofficetemp.com/?oz=ENrLH5&sso_reload=true Protocol H2 Security TLS 1.3, , AES_256_GCM Server 194.49.94.107 Amsterdam, Netherlands, ASN216419 (AS-MATRIXTELECOM, GB), Reverse DNS Software nginx / Resource Hash `da5583e3aed502dad6f6816cb52b67a5eddbe6c8c7d45c905a290e8e5f856596` Request headers Referer https://0ffice.prodofficetemp.com/ Origin https://0ffice.prodofficetemp.com accept-language es-ES,es;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob date Wed, 29 Nov 2023 15:44:46 GMT content-encoding gzip last-modified Wed, 18 Oct 2023 19:03:15 GMT server nginx age 2584754 vary Accept-Encoding, Accept-Encoding x-cache HIT content-type application/x-javascript access-control-allow-origin * x-ms-request-id a967bbba-901e-004a-0258-0b8722000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19
GET		Me.htm l1ve.prodofficetemp.com/	0 0

GET		convergedlogin_pcustomizationloader_44b450e8d543eb53930d.js 20d27143-fd239109.prodofficetemp.com/shared/1.0/content/js/asyncchunk/	0 0

GET		Prefetch.aspx 94ce7e41-fd239109.prodofficetemp.com/Prefetch/ Frame 71F1	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: l1ve.prodofficetemp.com
URL: https://l1ve.prodofficetemp.com/Me.htm?v=3

Domain: 20d27143-fd239109.prodofficetemp.com
URL: https://20d27143-fd239109.prodofficetemp.com/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_44b450e8d543eb53930d.js

Domain: 94ce7e41-fd239109.prodofficetemp.com
URL: https://94ce7e41-fd239109.prodofficetemp.com/Prefetch/Prefetch.aspx

Verdicts & Comments Add Verdict or Comment

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.prodofficetemp.com/	1969-12-31 23:59:59	Name: wIneJB Value: "ZmQyMzkxMDktMTNkOS00MjQ5LThjMzYtOGFkNTk4NWYzZGYxOjk3OTQxYjllLTI4NDQtNDM3OC04NGU2LTVmYzJmMDlkYzc3Yw=="
.0ffice.prodofficetemp.com/	1969-12-31 23:59:59	Name: AADSSO Value: NA\|NoExtension
0ffice.prodofficetemp.com/	1970-01-20 16:34:32	Name: SSOCOOKIEPULLED Value: 1

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://0ffice.prodofficetemp.com/?oz=ENrLH5&sso_reload=true(Line 78) Message: WebSocket connection to 'wss://0ffice.prodofficetemp.com/websocket/hook/?wIneJB=ZmQyMzkxMDkxM2Q5NDI0OThjMzY4YWQ1OTg1ZjNkZjE=' failed: Error during WebSocket handshake: Unexpected response code: 503

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0ffice.prodofficetemp.com
20d27143-fd239109.prodofficetemp.com
94ce7e41-fd239109.prodofficetemp.com
l1ve.prodofficetemp.com
20d27143-fd239109.prodofficetemp.com
94ce7e41-fd239109.prodofficetemp.com
l1ve.prodofficetemp.com
194.49.94.107
1a0ea89ae667420caeae29d594d53258e6ed157dab7e8dfe6f154f0054b0cf99
4b7f72bba00cc61f75ed577c5638a37e18f84aeff5f6df150e0310571eede6a5
57006d7d36b2906373a3568c8cc84f625c5263635c378aa9e9eaaf53e9fef752
618978e928ff76f7ef21be5ddf34255639ccfb9d1b5cdb07bb14943f320fda55
d60130785f7589b20c1149733775ebf7e456700dbc63ea48c82ed4a194ccc326
da5583e3aed502dad6f6816cb52b67a5eddbe6c8c7d45c905a290e8e5f856596
ef8f84cd5b62aee6784e916e2b1310352109bcfe2a950c022795fbf37c970937

0ffice.prodofficetemp.com Open in urlscan Pro 194.49.94.107 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

10 Requests

70 %HTTPS

0 %IPv6

1 Domains

4 Subdomains

2 IPs

1 Countries

424 kBTransfer

1396 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

22 JavaScript Global Variables

3 Cookies

1 Console Messages

Indicators

0ffice.prodofficetemp.com Open in urlscan Pro
194.49.94.107 Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

70 %
HTTPS

0 %
IPv6

1
Domains

4
Subdomains

2
IPs

1
Countries

424 kB
Transfer

1396 kB
Size

3
Cookies

10 HTTP transactions
0 data transactions