urlscan.io logo urlscan.io
SecurityTrails logo

login.sharepoint-drive.com Open in urlscan Pro
13.38.160.174  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://login.sharepoint-drive.com/?rid=kSiveYn
Submission: On May 13 via automatic, source phishtank — Scanned from FR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 6 HTTP transactions. The main IP is 13.38.160.174, located in Paris, France and belongs to AMAZON-02, US. The main domain is login.sharepoint-drive.com.
TLS certificate: Issued by Amazon RSA 2048 M01 on February 13th 2023. Valid for: 8 months.
This is the only time login.sharepoint-drive.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 13.38.160.174 16509 (AMAZON-02)
5 2a02:26f0:300... 20940 (AKAMAI-ASN1)
6 3
Apex Domain
Subdomains		 Transfer
5 office365.com
r4.res.office365.com — Cisco Umbrella Rank: 206
645 KB
1 sharepoint-drive.com
login.sharepoint-drive.com
264 KB
6 2
Domain Requested by
5 r4.res.office365.com srcdoc
1 login.sharepoint-drive.com
6 2

This site contains links to these domains. Also see Links.

Domain
passwordreset.microsoftonline.com
www.microsoft.com
privacy.microsoft.com
Subject Issuer Validity Valid
login.sharepoint-drive.com
Amazon RSA 2048 M01		 2023-02-13 -
2023-10-21		 8 months crt.sh
*.res.outlook.com
DigiCert SHA2 Secure Server CA		 2023-04-17 -
2024-04-17		 a year crt.sh

This page contains 2 frames:

Primary Page: https://login.sharepoint-drive.com/?rid=kSiveYn
Frame ID: BF9D81FBE85F29E508B4DDB837AE9780
Requests: 6 HTTP requests in this frame

Frame: https://r4.res.office365.com/owa/prem/15.20.6363.21/scripts/boot.worldwide.0.mouse.js
Frame ID: B7A2F5ECB6D28BC0EF1925819030C2D8
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign in to Outlook

Page Statistics

6
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

915 kB
Transfer

3314 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
login.sharepoint-drive.com/ 		702 KB
264 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.sharepoint-drive.com/?rid=kSiveYn
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.38.160.174 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-38-160-174.eu-west-3.compute.amazonaws.com
Software
/
Resource Hash
b34c5c8ebea9b6befe12527dc922531b7458229700c732e1956e01d166d0f55e

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=utf-8
date
Sat, 13 May 2023 12:52:09 GMT
vary
Accept-Encoding
x-server
gophish
truncated
/ 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e4e1e65871749d18aea150643c07e0aab2057da057c6c57ec1c3c43580e1c898

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7c8ea32255e8286fd41866897ed8e841c58c75b2fee9477c93bb8cc83489c6b6

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type
image/*
truncated
/ 		513 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		987 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8b34a475187302935336bf43a2bf2a4e0adb9a1e87953ea51f6fcf0ef52a4a1d

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		17 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d8f5ab3e00202fd3b45be1acd95d677b137064001e171bc79b06826d98f1e1d3

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type
image/jpeg
boot.worldwide.0.mouse.js
r4.res.office365.com/owa/prem/15.20.6363.21/scripts/ Frame B7A2 		648 KB
176 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r4.res.office365.com/owa/prem/15.20.6363.21/scripts/boot.worldwide.0.mouse.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3000::215:162b Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
d5238dcd5576de5c01381727798f579c4722e1c0b07f544135fbe537d7ccf94f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Sat, 13 May 2023 12:52:09 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Tue, 02 May 2023 00:14:56 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public,max-age=630720000, s-maxage=630720000
accept-ranges
bytes
timing-allow-origin
*
content-length
179692
boot.worldwide.1.mouse.js
r4.res.office365.com/owa/prem/15.20.6363.21/scripts/ Frame B7A2 		644 KB
160 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r4.res.office365.com/owa/prem/15.20.6363.21/scripts/boot.worldwide.1.mouse.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3000::215:162b Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
5f5adbc771d02801fb69961683d3ee1f50b7e9c8a66dc3f3cc86263a3f995c0d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Sat, 13 May 2023 12:52:09 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Tue, 02 May 2023 00:14:47 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public,max-age=630720000, s-maxage=630720000
accept-ranges
bytes
timing-allow-origin
*
content-length
163064
boot.worldwide.2.mouse.js
r4.res.office365.com/owa/prem/15.20.6363.21/scripts/ Frame B7A2 		647 KB
166 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r4.res.office365.com/owa/prem/15.20.6363.21/scripts/boot.worldwide.2.mouse.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3000::215:162b Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
58fa5e4a247076c76b9683f01fdf108f54ff88fda4221b2de376eb96d1f2ba2a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Sat, 13 May 2023 12:52:09 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Tue, 02 May 2023 00:14:57 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public,max-age=630720000, s-maxage=630720000
accept-ranges
bytes
timing-allow-origin
*
content-length
169666
boot.worldwide.3.mouse.js
r4.res.office365.com/owa/prem/15.20.6363.21/scripts/ Frame B7A2 		645 KB
143 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r4.res.office365.com/owa/prem/15.20.6363.21/scripts/boot.worldwide.3.mouse.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3000::215:162b Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
1f90c3543f5b76b8295a8d298dbce301d9c379027c128b47fda21e002638107f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Sat, 13 May 2023 12:52:09 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Tue, 02 May 2023 00:14:48 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public,max-age=630720000, s-maxage=630720000
accept-ranges
bytes
timing-allow-origin
*
content-length
145599
sprite1.mouse.png
r4.res.office365.com/owa/prem/15.20.6363.21/resources/images/0/ Frame B7A2 		132 B
336 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r4.res.office365.com/owa/prem/15.20.6363.21/resources/images/0/sprite1.mouse.png
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3000::215:162b Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
3ab09a213eedd51a0eb0e4bc5e6e96c472032dd937420e7e233ea54775c7e024
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Sat, 13 May 2023 12:52:09 GMT
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Tue, 02 May 2023 00:24:31 GMT
server
AkamaiNetStorage
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=630720000, s-maxage=630720000
accept-ranges
bytes
timing-allow-origin
*
content-length
132

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless function| savepage_ShadowLoader

0 Cookies