officedoc344.hotel-una.co.uk Open in urlscan Pro
85.17.28.85 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.remittance210309.scotrnas.com/
Effective URL:
https://officedoc344.hotel-una.co.uk/c6823e7d803380e712d22adc7ebb3d55/
Submission: On June 11 via manual (June 11th 2018, 3:52:30 pm UTC) from GB

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 10 IPs in 5 countries across 11 domains to perform 15 HTTP transactions. The main IP is 85.17.28.85, located in Netherlands and belongs to LEASEWEB-NL-AMS-01 Netherlands, NL. The main domain is officedoc344.hotel-una.co.uk.
TLS certificate: Issued by cPanel, Inc. Certification Authority on June 6th 2018. Valid for: 3 months.

This is the only time officedoc344.hotel-una.co.uk was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 1	200.58.110.218 200.58.110.218	27823 (Dattatec.com) (Dattatec.com)
2 4	85.17.28.85 85.17.28.85	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
2	172.217.18.170 172.217.18.170	15169 (GOOGLE) (GOOGLE - Google LLC)
3	104.19.199.151 104.19.199.151	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1 2	104.16.124.175 104.16.124.175	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	94.31.29.138 94.31.29.138	54104 (AS-STACKPATH) (AS-STACKPATH - netDNA)
1	52.86.40.124 52.86.40.124	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	2.19.41.58 2.19.41.58	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	216.58.208.54 216.58.208.54	15169 (GOOGLE) (GOOGLE - Google LLC)
2	172.217.21.195 172.217.21.195	15169 (GOOGLE) (GOOGLE - Google LLC)
1	104.25.149.25 104.25.149.25	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
15	10

1 200.58.110.218 (Rosario, Argentina) 1 redirects

ASN27823 (Dattatec.com, AR)
PTR: c123.dattaweb.com

www.remittance210309.scotrnas.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 85.17.28.85 (Netherlands) 2 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: budo110.adriahost.com

officedoc344.hotel-una.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.18.170 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s29-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.19.199.151 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.16.124.175 (San Francisco, United States) 1 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.31.29.138 (United Kingdom)

ASN54104 (AS-STACKPATH - netDNA, US)
PTR: 94.31.29.138.IPYX-077437-ZYO.above.net

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.86.40.124 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-86-40-124.compute-1.amazonaws.com

server02.herokuapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.19.41.58 (European Union)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-19-41-58.deploy.static.akamaitechnologies.com

auth.gfx.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.208.54 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s12-in-f22.1e100.net

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.21.195 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s12-in-f195.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.25.149.25 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

freegeoip.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	hotel-una.co.uk 2 redirects officedoc344.hotel-una.co.uk	8 KB
3	cloudflare.com cdnjs.cloudflare.com	238 KB
2	gstatic.com fonts.gstatic.com	58 KB
2	unpkg.com 1 redirects unpkg.com	213 KB
2	googleapis.com fonts.googleapis.com	669 B
1	freegeoip.net freegeoip.net	483 B
1	ytimg.com i.ytimg.com	894 KB
1	gfx.ms auth.gfx.ms	2 KB
1	herokuapp.com server02.herokuapp.com	2 KB
1	jsdelivr.net cdn.jsdelivr.net	31 KB
1	scotrnas.com 1 redirects www.remittance210309.scotrnas.com	258 B
15	11

	Domain	Requested by
4	officedoc344.hotel-una.co.uk	2 redirects unpkg.com
3	cdnjs.cloudflare.com	officedoc344.hotel-una.co.uk
2	fonts.gstatic.com	officedoc344.hotel-una.co.uk
2	unpkg.com	1 redirects officedoc344.hotel-una.co.uk
2	fonts.googleapis.com	officedoc344.hotel-una.co.uk
1	freegeoip.net	cdnjs.cloudflare.com
1	i.ytimg.com	officedoc344.hotel-una.co.uk
1	auth.gfx.ms	officedoc344.hotel-una.co.uk
1	server02.herokuapp.com	officedoc344.hotel-una.co.uk
1	cdn.jsdelivr.net	officedoc344.hotel-una.co.uk
1	www.remittance210309.scotrnas.com	1 redirects
15	11

This site contains no links.

Subject Issuer	Validity	Valid
officedoc344.hotel-una.co.uk cPanel, Inc. Certification Authority	`2018-06-06` - `2018-09-04`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://officedoc344.hotel-una.co.uk/c6823e7d803380e712d22adc7ebb3d55/
Frame ID: D8D3BCECCBB09E63CDD386BB0D4C81CB
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://www.remittance210309.scotrnas.com/ HTTP 301
https://officedoc344.hotel-una.co.uk/ HTTP 302
https://officedoc344.hotel-una.co.uk/c6823e7d803380e712d22adc7ebb3d55 HTTP 301
https://officedoc344.hotel-una.co.uk/c6823e7d803380e712d22adc7ebb3d55/ Page URL

Detected technologies

Semantic-ui (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /(?:<div class="ui\s[^>]+">)/i
html /(?:<link[^>]+semantic(?:\.css|\.min\.css)">)/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

env /^Vue$/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
script /jquery.*\.js/i
env /^jQuery$/i

Page Statistics

15
Requests

13 %
HTTPS

0 %
IPv6

11
Domains

11
Subdomains

10
IPs

5
Countries

1447 kB
Transfer

2981 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.remittance210309.scotrnas.com/ HTTP 301
https://officedoc344.hotel-una.co.uk/ HTTP 302
https://officedoc344.hotel-una.co.uk/c6823e7d803380e712d22adc7ebb3d55 HTTP 301
https://officedoc344.hotel-una.co.uk/c6823e7d803380e712d22adc7ebb3d55/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3

https://unpkg.com/babel-standalone@6/babel.min.js HTTP 302
https://unpkg.com/babel-standalone@6.26.0/babel.min.js

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request

Cookie set / Show response
officedoc344.hotel-una.co.uk/c6823e7d803380e712d22adc7ebb3d55/
Redirect Chain

http://www.remittance210309.scotrnas.com/
https://officedoc344.hotel-una.co.uk/
https://officedoc344.hotel-una.co.uk/c6823e7d803380e712d22adc7ebb3d55
https://officedoc344.hotel-una.co.uk/c6823e7d803380e712d22adc7ebb3d55/

5 KB
6 KB

55ms
54ms

Document
text/html

85.17.28.85
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://officedoc344.hotel-una.co.uk/c6823e7d803380e712d22adc7ebb3d55/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.17.28.85 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: budo110.adriahost.com
Software: Apache / PHP/5.4.45
Resource Hash: b6d5b6b87db774390402d187c679d112a5653ed634047738d09c65cd9ab8d4d0

Request headers

Host: officedoc344.hotel-una.co.uk
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: D8D3BCECCBB09E63CDD386BB0D4C81CB

Response headers

Date: Mon, 11 Jun 2018 15:52:19 GMT
Server: Apache
X-Powered-By: PHP/5.4.45
Access-Control-Allow-Origin: *
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=7f022bb7909b14f5c65b83400df54d12; path=/
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html

Redirect headers

Date: Mon, 11 Jun 2018 15:52:19 GMT
Server: Apache
Location: https://officedoc344.hotel-una.co.uk/c6823e7d803380e712d22adc7ebb3d55/
Content-Length: 278
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

GET
S 200 css
fonts.googleapis.com/ 458 B
318 B 16ms
14ms Stylesheet
text/css 172.217.18.170
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,500

Requested by

Host: officedoc344.hotel-una.co.uk
URL: https://officedoc344.hotel-una.co.uk/c6823e7d803380e712d22adc7ebb3d55/

Protocol

SPDY

Server

172.217.18.170 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s29-in-f10.1e100.net

Software

ESF /

Resource Hash

6bf8bf886b997776491cedb62484dfd23515bccb375efc001f967c7554d79118

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://officedoc344.hotel-una.co.uk/c6823e7d803380e712d22adc7ebb3d55/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Mon, 11 Jun 2018 15:52:19 GMT
content-encoding: gzip
server: ESF
status: 200
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="43,42,41,39,35"
x-xss-protection: 1; mode=block
expires: Mon, 11 Jun 2018 15:52:19 GMT

GET
S 200 jquery.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/ 265 KB
80 KB 12ms
10ms Script
application/javascript 104.19.199.151
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.js

Requested by

Host: officedoc344.hotel-una.co.uk
URL: https://officedoc344.hotel-una.co.uk/c6823e7d803380e712d22adc7ebb3d55/

Protocol

SPDY

Server

104.19.199.151 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://officedoc344.hotel-una.co.uk/c6823e7d803380e712d22adc7ebb3d55/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Mon, 11 Jun 2018 15:52:19 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Sat, 20 Jan 2018 18:03:53 GMT
server: cloudflare
status: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
strict-transport-security: max-age=15780000; includeSubDomains
cf-ray: 42953e7fcd0b64ab-FRA
expires: Sat, 01 Jun 2019 15:52:19 GMT

GET
S 200 semantic.css
cdnjs.cloudflare.com/ajax/libs/semantic-ui/2.3.1/ 797 KB
119 KB 42ms
41ms Stylesheet
text/css 104.19.199.151
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/semantic-ui/2.3.1/semantic.css

Requested by

Host: officedoc344.hotel-una.co.uk
URL: https://officedoc344.hotel-una.co.uk/c6823e7d803380e712d22adc7ebb3d55/

Protocol

SPDY

Server

104.19.199.151 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b07af0d900be76cefca4a68e0f81e189ba38adcb537675d64d40da75e1ca7317

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://officedoc344.hotel-una.co.uk/c6823e7d803380e712d22adc7ebb3d55/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Mon, 11 Jun 2018 15:52:19 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 19 Mar 2018 07:17:03 GMT
server: cloudflare
status: 200
etag: W/"5aaf63ef-c74a3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=30672000
strict-transport-security: max-age=15780000; includeSubDomains
cf-ray: 42953e7fcd0a64ab-FRA
expires: Sat, 01 Jun 2019 15:52:19 GMT

GET
S

200

babel.min.js Show response
unpkg.com/babel-standalone@6.26.0/
Redirect Chain

https://unpkg.com/babel-standalone@6/babel.min.js
https://unpkg.com/babel-standalone@6.26.0/babel.min.js

773 KB
213 KB

20ms
19ms

Script
application/javascript

104.16.124.175
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/babel-standalone@6.26.0/babel.min.js

Requested by

Host: officedoc344.hotel-una.co.uk
URL: https://officedoc344.hotel-una.co.uk/c6823e7d803380e712d22adc7ebb3d55/

Protocol

SPDY

Server

104.16.124.175 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

16264c935ce04deba3cdfffebe899664667daf4d3ec671af3a05e88f4268d630

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://officedoc344.hotel-una.co.uk/c6823e7d803380e712d22adc7ebb3d55/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Mon, 11 Jun 2018 15:52:19 GMT
via: 1.1 vegur
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
content-encoding: gzip
vary: Accept-Encoding
last-modified: Wed, 16 Aug 2017 16:20:24 GMT
server: cloudflare
etag: W/"c12c4-15debd88d40"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 42953e7fdd17272c-FRA

Redirect headers

date: Mon, 11 Jun 2018 15:52:19 GMT
via: 1.1 vegur
x-content-type-options: nosniff
cf-cache-status: HIT
server: cloudflare
status: 302
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
location: /babel-standalone@6.26.0/babel.min.js
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=60
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 42953e7fcd04272c-FRA
vary: Accept, Accept-Encoding
content-length: 59

GET
S 200 vue Show response
cdn.jsdelivr.net/npm/ 84 KB
31 KB 33ms
16ms Script
application/javascript 94.31.29.138
netDNA

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.jsdelivr.net/npm/vue
Requested by: Host: officedoc344.hotel-una.co.uk
URL: https://officedoc344.hotel-una.co.uk/c6823e7d803380e712d22adc7ebb3d55/
Protocol: SPDY
Server: 94.31.29.138 , United Kingdom, ASN54104 (AS-STACKPATH - netDNA, US),
Reverse DNS: 94.31.29.138.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 4da2dc78cc23591a9ee3285ba8f3891fa57b506b7902fbdd35fa5a2172566c55

Request headers

Referer: https://officedoc344.hotel-una.co.uk/c6823e7d803380e712d22adc7ebb3d55/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Mon, 11 Jun 2018 15:52:19 GMT
content-encoding: gzip
server: NetDNA-cache/2.2
status: 200
etag: W/"151b4-KLsckeN7U/TrtIzkgtzLJAAD4Hg"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
x-served-by: cache-ams4144-AMS, cache-dca17746-DCA

GET
H/1.1 200
OK init.js Show response
server02.herokuapp.com/SMTP-v.0.1/ 2 KB
2 KB 440ms
109ms Script
application/javascript 52.86.40.124
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://server02.herokuapp.com/SMTP-v.0.1/init.js
Requested by: Host: officedoc344.hotel-una.co.uk
URL: https://officedoc344.hotel-una.co.uk/c6823e7d803380e712d22adc7ebb3d55/
Protocol: HTTP/1.1
Server: 52.86.40.124 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-86-40-124.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 046cbbaa011f462c2fa60421f1d830c92b6aa9a1fa8911dedd634e5680b82384

Request headers

Referer: https://officedoc344.hotel-una.co.uk/c6823e7d803380e712d22adc7ebb3d55/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date: Mon, 11 Jun 2018 15:52:19 GMT
Via: 1.1 vegur
Last-Modified: Sat, 02 Jun 2018 13:22:41 GMT
Server: Apache
Etag: "710-56da898520a40"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1808

GET
H/1.1 200
OK microsoft_logo.svg
auth.gfx.ms/16.000.27773.2/images/ 4 KB
2 KB 6ms
6ms Image
image/svg+xml 2.19.41.58
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://auth.gfx.ms/16.000.27773.2/images/microsoft_logo.svg?x=ee5c8d9fb6248c938fd0dc19370e90bd
Requested by: Host: officedoc344.hotel-una.co.uk
URL: https://officedoc344.hotel-una.co.uk/c6823e7d803380e712d22adc7ebb3d55/
Protocol: HTTP/1.1
Server: 2.19.41.58 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-19-41-58.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/8.5 /
Resource Hash: 04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

Referer: https://officedoc344.hotel-una.co.uk/c6823e7d803380e712d22adc7ebb3d55/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date: Mon, 11 Jun 2018 15:52:19 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 May 2018 19:41:48 GMT
PPServer: PPV: 30 H: BL2IDSPRTS1A003 V: 0
ETag: "066e99b4de2d31:0"
Vary: Accept-Encoding
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Cache-Control: max-age=589083
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1435
Server: Microsoft-IIS/8.5

GET
S 200 css
fonts.googleapis.com/ 883 B
351 B 17ms
17ms Stylesheet
text/css 172.217.18.170
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:400,700,400italic,700italic&subset=latin

Requested by

Host: officedoc344.hotel-una.co.uk
URL: https://officedoc344.hotel-una.co.uk/c6823e7d803380e712d22adc7ebb3d55/

Protocol

SPDY

Server

172.217.18.170 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s29-in-f10.1e100.net

Software

ESF /

Resource Hash

8aba07f7375655d01848106ca04a8131e8b1dce7706fdf8cb769d6357977e3b8

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://officedoc344.hotel-una.co.uk/c6823e7d803380e712d22adc7ebb3d55/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Mon, 11 Jun 2018 15:52:19 GMT
content-encoding: gzip
server: ESF
status: 200
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="43,42,41,39,35"
x-xss-protection: 1; mode=block
expires: Mon, 11 Jun 2018 15:52:19 GMT

GET
S 200 maxresdefault.jpg
i.ytimg.com/vi/WOxC_bhuOAM/ 893 KB
894 KB 9ms
9ms Image
image/jpeg 216.58.208.54
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/WOxC_bhuOAM/maxresdefault.jpg

Requested by

Host: officedoc344.hotel-una.co.uk
URL: https://officedoc344.hotel-una.co.uk/c6823e7d803380e712d22adc7ebb3d55/

Protocol

SPDY

Server

216.58.208.54 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s12-in-f22.1e100.net

Software

sffe /

Resource Hash

0cc866437c8659d52c0ee3694516974238863746ecddb7508e935c6c818c8377

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://officedoc344.hotel-una.co.uk/c6823e7d803380e712d22adc7ebb3d55/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Mon, 11 Jun 2018 15:07:46 GMT
x-content-type-options: nosniff
server: sffe
age: 2673
etag: "1452087605"
content-type: image/jpeg
status: 200
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: https://imasdk.googleapis.com
alt-svc: quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 914602
x-xss-protection: 1; mode=block
expires: Mon, 11 Jun 2018 17:07:46 GMT

GET
S 200 icons.woff2
cdnjs.cloudflare.com/ajax/libs/semantic-ui/2.3.1/themes/default/assets/fonts/ 39 KB
39 KB 11ms
11ms Font
application/octet-stream 104.19.199.151
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/semantic-ui/2.3.1/themes/default/assets/fonts/icons.woff2

Requested by

Host: officedoc344.hotel-una.co.uk
URL: https://officedoc344.hotel-una.co.uk/c6823e7d803380e712d22adc7ebb3d55/

Protocol

SPDY

Server

104.19.199.151 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

434466b59545a8a1cac6ddb38197cdc6b35995a98c3f3812fb88d61b1c300dd3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Referer: https://cdnjs.cloudflare.com/ajax/libs/semantic-ui/2.3.1/semantic.css
Origin: https://officedoc344.hotel-una.co.uk

Response headers

date: Mon, 11 Jun 2018 15:52:19 GMT
vary: Accept-Encoding
cf-cache-status: HIT
status: 200
content-length: 40148
served-in-seconds: 0.000
last-modified: Thu, 17 May 2018 09:25:35 GMT
server: cloudflare
etag: "5afd4a8f-9cd4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 42953e829c1497c8-FRA
expires: Sat, 01 Jun 2019 15:52:19 GMT

GET
S 200 S6uyw4BMUTPHjx4wWw.ttf
fonts.gstatic.com/s/lato/v14/ 59 KB
29 KB 6ms
5ms Font
font/ttf 172.217.21.195
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v14/S6uyw4BMUTPHjx4wWw.ttf

Requested by

Host: officedoc344.hotel-una.co.uk
URL: https://officedoc344.hotel-una.co.uk/c6823e7d803380e712d22adc7ebb3d55/

Protocol

SPDY

Server

172.217.21.195 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s12-in-f195.1e100.net

Software

sffe /

Resource Hash

9c4590446dbf83edae05be4ca28ef789ee50a01ef2cb8f1b51c5937d029cac76

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Lato:400,700,400italic,700italic&subset=latin
Origin: https://officedoc344.hotel-una.co.uk

Response headers

date: Wed, 09 May 2018 03:52:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2894390
status: 200
alt-svc: quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 30035
x-xss-protection: 1; mode=block
last-modified: Wed, 11 Oct 2017 18:23:16 GMT
server: sffe
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 09 May 2019 03:52:29 GMT

GET
S 200 S6u9w4BMUTPHh6UVSwiPHA.ttf
fonts.gstatic.com/s/lato/v14/ 57 KB
29 KB 6ms
6ms Font
font/ttf 172.217.21.195
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v14/S6u9w4BMUTPHh6UVSwiPHA.ttf

Requested by

Host: officedoc344.hotel-una.co.uk
URL: https://officedoc344.hotel-una.co.uk/c6823e7d803380e712d22adc7ebb3d55/

Protocol

SPDY

Server

172.217.21.195 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s12-in-f195.1e100.net

Software

sffe /

Resource Hash

9cc39c759cd72b2f53c5c177a239eec038cf2a6614a686f150fdd59435df222f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Lato:400,700,400italic,700italic&subset=latin
Origin: https://officedoc344.hotel-una.co.uk

Response headers

date: Wed, 09 May 2018 04:04:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2893688
status: 200
alt-svc: quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 29554
x-xss-protection: 1; mode=block
last-modified: Wed, 11 Oct 2017 18:24:09 GMT
server: sffe
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 09 May 2019 04:04:11 GMT

GET
H/1.1 200
OK microsoft.js Show response
officedoc344.hotel-una.co.uk/c6823e7d803380e712d22adc7ebb3d55/js/ 1 KB
1 KB 16ms
15ms XHR
application/javascript 85.17.28.85
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://officedoc344.hotel-una.co.uk/c6823e7d803380e712d22adc7ebb3d55/js/microsoft.js
Requested by: Host: unpkg.com
URL: https://unpkg.com/babel-standalone@6.26.0/babel.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.17.28.85 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: budo110.adriahost.com
Software: Apache /
Resource Hash: e700bd6734bedb77318b3fbe6702f20abb6d3ff206e5be888b6ba9c4ce3eb5c6

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: officedoc344.hotel-una.co.uk
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept: */*
Referer: https://officedoc344.hotel-una.co.uk/c6823e7d803380e712d22adc7ebb3d55/
Cookie: PHPSESSID=7f022bb7909b14f5c65b83400df54d12
Connection: keep-alive
Cache-Control: no-cache
Referer: https://officedoc344.hotel-una.co.uk/c6823e7d803380e712d22adc7ebb3d55/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date: Mon, 11 Jun 2018 15:52:19 GMT
Last-Modified: Mon, 11 Jun 2018 15:52:19 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 1170

GET
S 200 / Show response
freegeoip.net/json/ 417 B
483 B 108ms
107ms Script
application/javascript 104.25.149.25
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://freegeoip.net/json/?callback=jQuery33106336815878987321_1528732339201&_=1528732339202
Requested by: Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.js
Protocol: SPDY
Server: 104.25.149.25 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2190b632238435e8ed2bfe6397cb573ceab54edfc09c13fe5c9becdfb9d6c7cd

Request headers

Referer: https://officedoc344.hotel-una.co.uk/c6823e7d803380e712d22adc7ebb3d55/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Mon, 11 Jun 2018 15:52:19 GMT
content-encoding: gzip
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: application/javascript
status: 200
x-database-date: Fri, 08 Jun 2018 08:07:43 GMT
cf-ray: 42953e8348a5974a-FRA

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			officedoc344.hotel-una.co.uk/	1969-12-31 23:59:59	Name: PHPSESSID Value: 7f022bb7909b14f5c65b83400df54d12

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://server02.herokuapp.com/SMTP-v.0.1/init.js(Line 25) Message: NotifyCore JS is running ....
console-api	warning	URL: https://unpkg.com/babel-standalone@6.26.0/babel.min.js(Line 24) Message: You are using the in-browser Babel transformer. Be sure to precompile your scripts for production - https://babeljs.io/docs/setup/
console-api	log	URL: https://server02.herokuapp.com/SMTP-v.0.1/init.js(Line 41) Message: { "__deprecation_message__": "This API endpoint is deprecated and will stop working on July 1st, 2018. For more information please visit: https://github.com/apilayer/freegeoip#readme", "ip": "148.251.45.254", "country_code": "DE", "country_name": "Germany", "region_code": "", "region_name": "", "city": "", "zip_code": "", "time_zone": "", "latitude": 51.2993, "longitude": 9.491, "metro_code": 0 }
console-api	log	URL: https://server02.herokuapp.com/SMTP-v.0.1/init.js(Line 44) Message: 148.251.45.254
console-api	log	URL: https://server02.herokuapp.com/SMTP-v.0.1/init.js(Line 45) Message: <br>---: <br>{ <br>Germany<br>DE<br>} <br/>----: }

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

auth.gfx.ms
cdn.jsdelivr.net
cdnjs.cloudflare.com
fonts.googleapis.com
fonts.gstatic.com
freegeoip.net
i.ytimg.com
officedoc344.hotel-una.co.uk
server02.herokuapp.com
unpkg.com
www.remittance210309.scotrnas.com
104.16.124.175
104.19.199.151
104.25.149.25
172.217.18.170
172.217.21.195
2.19.41.58
200.58.110.218
216.58.208.54
52.86.40.124
85.17.28.85
94.31.29.138
046cbbaa011f462c2fa60421f1d830c92b6aa9a1fa8911dedd634e5680b82384
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
0cc866437c8659d52c0ee3694516974238863746ecddb7508e935c6c818c8377
16264c935ce04deba3cdfffebe899664667daf4d3ec671af3a05e88f4268d630
2190b632238435e8ed2bfe6397cb573ceab54edfc09c13fe5c9becdfb9d6c7cd
434466b59545a8a1cac6ddb38197cdc6b35995a98c3f3812fb88d61b1c300dd3
4da2dc78cc23591a9ee3285ba8f3891fa57b506b7902fbdd35fa5a2172566c55
6bf8bf886b997776491cedb62484dfd23515bccb375efc001f967c7554d79118
8aba07f7375655d01848106ca04a8131e8b1dce7706fdf8cb769d6357977e3b8
9c4590446dbf83edae05be4ca28ef789ee50a01ef2cb8f1b51c5937d029cac76
9cc39c759cd72b2f53c5c177a239eec038cf2a6614a686f150fdd59435df222f
b07af0d900be76cefca4a68e0f81e189ba38adcb537675d64d40da75e1ca7317
b6d5b6b87db774390402d187c679d112a5653ed634047738d09c65cd9ab8d4d0
d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad
e700bd6734bedb77318b3fbe6702f20abb6d3ff206e5be888b6ba9c4ce3eb5c6

officedoc344.hotel-una.co.uk Open in urlscan Pro 85.17.28.85 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

13 %HTTPS

0 %IPv6

11 Domains

11 Subdomains

10 IPs

5 Countries

1447 kBTransfer

2981 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

16 JavaScript Global Variables

1 Cookies

5 Console Messages

Indicators

officedoc344.hotel-una.co.uk Open in urlscan Pro
85.17.28.85 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

13 %
HTTPS

0 %
IPv6

11
Domains

11
Subdomains

10
IPs

5
Countries

1447 kB
Transfer

2981 kB
Size

1
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!