officecom.s3.us-east-005.backblazeb2.com Open in urlscan Pro
2605:72c0:6ff:b3::b005:1  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
3 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200	Primary Request index5.htm Show response officecom.s3.us-east-005.backblazeb2.com/	3 MB 3 MB	321ms 162ms	Document text/html	2605:72c0:6ff:b3::b005:1 BACKBLAZE
General Check archive.org Show headers Download Go to Full URL https://officecom.s3.us-east-005.backblazeb2.com/index5.htm Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2605:72c0:6ff:b3::b005:1 , United States, ASN40401 (BACKBLAZE, US), Reverse DNS Software nginx / Resource Hash d862acc48afe8573f2fc011bd3a8675f731b250ac6903ae4e948d909cac0c987 Security Headers Name Value Strict-Transport-Security max-age=63072000 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers Accept-Ranges bytes Connection keep-alive Content-Length 3340473 Content-Type text/html Date Wed, 27 Nov 2024 23:58:57 GMT ETag "f528dfcd6d15bc44a17f708521a8c099" Last-Modified Tue, 22 Oct 2024 13:40:34 GMT Server nginx Strict-Transport-Security max-age=63072000 x-amz-id-2 aNR9j2zfBZTEzvjCBZtRhFDEUZStjLTLx x-amz-meta-src_last_modified_millis 1729604261207 x-amz-request-id 3441997ef4deffbf x-amz-version-id 4_zd53ce74ed3d0af0a912e0c12_f1185d95fbe9c755d_d20241022_m134034_c005_v0501025_t0018_u01729604434086
GET H2	200	w3.css www.w3schools.com/w3css/4/	23 KB 5 KB	186ms 30ms	Stylesheet text/css	192.229.173.207 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://www.w3schools.com/w3css/4/w3.css Requested by Host: officecom.s3.us-east-005.backblazeb2.com URL: https://officecom.s3.us-east-005.backblazeb2.com/index5.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.229.173.207 New York, United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (mid/878F) / ASP.NET Resource Hash c4f2aba13970ecf8303fb9329f97c8824861569273b0aa27acce48abc61d04f5 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' https://mycourses.w3schools.com https://pathfinder.w3schools.com; X-Content-Security-Policy frame-ancestors 'self' https://mycourses.w3schools.com https://pathfinder.w3schools.com; Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://officecom.s3.us-east-005.backblazeb2.com/ Response headers x-powered-by ASP.NET content-security-policy frame-ancestors 'self' https://mycourses.w3schools.com https://pathfinder.w3schools.com; cache-control public,max-age=31536000,public content-encoding gzip etag "06a8fd11d3fdb1:0" age 218992 x-content-security-policy frame-ancestors 'self' https://mycourses.w3schools.com https://pathfinder.w3schools.com; accept-ranges bytes x-cache HIT content-length 5250 date Wed, 27 Nov 2024 23:58:58 GMT content-type text/css last-modified Mon, 25 Nov 2024 09:38:44 GMT server ECS (mid/878F) vary Accept-Encoding
GET DATA	200 OK	truncated /	144 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 34fd4b603f7537efe5455b4f5456ec684f677e37d7a8f139cd8accbcfabf6d4c Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers Content-Type image/png
GET DATA	200 OK	truncated /	8 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash b49dd2b6a031c9cf4dc1041c8a0a02cf894552868a13c145384e8a1360cbb1b5 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers Content-Type image/png
GET H2	200	documentation_bcb4d1dc4eae64f0b2b2538209d8435a.svg logincdn.msauth.net/shared/1.0/content/images/	2 KB 1 KB	355ms 57ms	Image image/svg+xml	2620:1ec:29:1::40 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://logincdn.msauth.net/shared/1.0/content/images/documentation_bcb4d1dc4eae64f0b2b2538209d8435a.svg Requested by Host: officecom.s3.us-east-005.backblazeb2.com URL: https://officecom.s3.us-east-005.backblazeb2.com/index5.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:29:1::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash a76c08e9cdc3bb87bfb57627ad8f6b46f0e5ef826cc7f046dfbaf25d7b7958ea Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://officecom.s3.us-east-005.backblazeb2.com/ Response headers x-cache-info L1_T2 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding content-encoding gzip x-ms-version 2009-09-19 etag 0x8D79ED3581609DD x-ms-lease-status unlocked x-fd-int-roxy-purgeid 79218156 x-cache TCP_HIT date Wed, 27 Nov 2024 23:58:58 GMT content-type image/svg+xml last-modified Wed, 22 Jan 2020 00:38:04 GMT cache-control public, max-age=31536000 x-ms-request-id 8301cd06-201e-007c-5342-34eda9000000 accept-ranges bytes access-control-allow-origin * content-length 606 x-azure-ref 20241127T235858Z-16b744457675g7vchC1BN14zrs0000000tbg00000000aqmd x-ms-blob-type BlockBlob
GET H2	200	arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg logincdn.msauth.net/shared/1.0/content/images/	513 B 840 B	356ms 59ms	Image image/svg+xml	2620:1ec:29:1::40 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://logincdn.msauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg Requested by Host: officecom.s3.us-east-005.backblazeb2.com URL: https://officecom.s3.us-east-005.backblazeb2.com/index5.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:29:1::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://officecom.s3.us-east-005.backblazeb2.com/ Response headers x-cache-info L1_T2 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding content-encoding gzip x-ms-version 2009-09-19 etag 0x8D79ED35591CF44 x-ms-lease-status unlocked x-fd-int-roxy-purgeid 79218156 x-cache TCP_HIT date Wed, 27 Nov 2024 23:58:58 GMT content-type image/svg+xml last-modified Wed, 22 Jan 2020 00:38:00 GMT cache-control public, max-age=31536000 x-ms-request-id 592d4353-d01e-0025-45a3-356a2a000000 accept-ranges bytes access-control-allow-origin * content-length 276 x-azure-ref 20241127T235858Z-16b744457675g7vchC1BN14zrs0000000tbg00000000aqme x-ms-blob-type BlockBlob
GET H/1.1	404	favicon.ico officecom.s3.us-east-005.backblazeb2.com/	137 B 456 B	58ms 58ms	Other application/xml	2605:72c0:6ff:b3::b005:1 BACKBLAZE
General Check archive.org Show headers Download Go to Full URL https://officecom.s3.us-east-005.backblazeb2.com/favicon.ico Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2605:72c0:6ff:b3::b005:1 , United States, ASN40401 (BACKBLAZE, US), Reverse DNS Software nginx / Resource Hash ea2c3fae4cff55a6bf253d466b93e75b1208eb023c39eef8f79f8e3b7e66e2e8 Security Headers Name Value Strict-Transport-Security max-age=63072000 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://officecom.s3.us-east-005.backblazeb2.com/index5.htm Response headers Strict-Transport-Security max-age=63072000 Cache-Control max-age=0, no-cache, no-store Connection keep-alive x-amz-request-id 014629e4821079a6 Content-Length 137 Date Wed, 27 Nov 2024 23:58:58 GMT Content-Type application/xml Server nginx x-amz-id-2 aNQVjOTfjZQ8zxDARZnZhKzEVZUVjeTIm
GET DATA	200 OK	truncated /	591 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash a9a6376c53c5ff9c8a787f549923a2f4fbd2467874d44e76fcb42bb9043e66b3 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers Content-Type image/png

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| ValidateEmail function| _0x24fc function| _0x4676 function| redirrectPage function| hasNull number| counter function| onChangeFunction

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://officecom.s3.us-east-005.backblazeb2.com/index5.htm Message: [DOM] Password field is not contained in a form: (More info: https://goo.gl/9p2vKq) %o
network	error	URL: https://officecom.s3.us-east-005.backblazeb2.com/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

logincdn.msauth.net
officecom.s3.us-east-005.backblazeb2.com
www.w3schools.com
192.229.173.207
2605:72c0:6ff:b3::b005:1
2620:1ec:29:1::40
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
34fd4b603f7537efe5455b4f5456ec684f677e37d7a8f139cd8accbcfabf6d4c
a76c08e9cdc3bb87bfb57627ad8f6b46f0e5ef826cc7f046dfbaf25d7b7958ea
a9a6376c53c5ff9c8a787f549923a2f4fbd2467874d44e76fcb42bb9043e66b3
b49dd2b6a031c9cf4dc1041c8a0a02cf894552868a13c145384e8a1360cbb1b5
c4f2aba13970ecf8303fb9329f97c8824861569273b0aa27acce48abc61d04f5
d862acc48afe8573f2fc011bd3a8675f731b250ac6903ae4e948d909cac0c987
ea2c3fae4cff55a6bf253d466b93e75b1208eb023c39eef8f79f8e3b7e66e2e8