urlscan.io logo urlscan.io
SecurityTrails logo

covid.sectech.com.au Open in urlscan Pro
54.79.143.232  Public Scan

Go To Rescan Add Verdict Report
URL: https://covid.sectech.com.au/
Submission: On October 26 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 2 HTTP transactions. The main IP is 54.79.143.232, located in Sydney, Australia and belongs to AMAZON-02, US. The main domain is covid.sectech.com.au.
TLS certificate: Issued by Let's Encrypt Authority X3 on October 26th 2020. Valid for: 3 months.
This is the only time covid.sectech.com.au was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 54.79.143.232 16509 (AMAZON-02)
1 13.107.6.194 8068 (MICROSOFT...)
2 2
Apex Domain
Subdomains		 Transfer
1 office.com
forms.office.com
1 sectech.com.au
covid.sectech.com.au
467 B
2 2
Domain Requested by
1 forms.office.com covid.sectech.com.au
1 covid.sectech.com.au
2 2

This site contains no links.

Subject Issuer Validity Valid
covid.sectech.com.au
Let's Encrypt Authority X3		 2020-10-26 -
2021-01-24		 3 months crt.sh
forms.office.com
GlobalSign Organization Validation CA - SHA256 - G3		 2020-02-19 -
2022-02-19		 2 years crt.sh

This page contains 2 frames:

Primary Page: https://covid.sectech.com.au/
Frame ID: F6C46AC425F07B843B933570458309E7
Requests: 1 HTTP requests in this frame

Frame: https://forms.office.com/Pages/ResponsePage.aspx?id=0gVaiyTJRkWX4iIoJFPW--_SRyfuBhBBhbNnHUrwnOJUOTlaRlhINE44RUdDNDBFRkgwTk45SjU3Ny4u
Frame ID: E12099212026C408F8045959B34B2DAA
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

2
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

0 kB
Transfer

0 kB
Size

4
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
covid.sectech.com.au/ 		305 B
467 B 		Document
General
Check archive.org
Download Go to
Full URL
https://covid.sectech.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
54.79.143.232 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-79-143-232.ap-southeast-2.compute.amazonaws.com
Software
nginx / PleskLin
Resource Hash
cf5829622a989772b7c2e056b4a750df132d0c4117c9148a5cbc8d7a67bf5e18

Request headers

:method
GET
:authority
covid.sectech.com.au
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
server
nginx
date
Mon, 26 Oct 2020 05:32:26 GMT
content-type
text/html
content-length
259
x-accel-version
0.01
last-modified
Mon, 26 Oct 2020 05:32:24 GMT
etag
"131-5b28c414ac7e9-gzip"
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
x-powered-by
PleskLin
ResponsePage.aspx
forms.office.com/Pages/ Frame E120 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://forms.office.com/Pages/ResponsePage.aspx?id=0gVaiyTJRkWX4iIoJFPW--_SRyfuBhBBhbNnHUrwnOJUOTlaRlhINE44RUdDNDBFRkgwTk45SjU3Ny4u
Requested by
Host: covid.sectech.com.au
URL: https://covid.sectech.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.107.6.194 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

:method
GET
:authority
forms.office.com
:scheme
https
:path
/Pages/ResponsePage.aspx?id=0gVaiyTJRkWX4iIoJFPW--_SRyfuBhBBhbNnHUrwnOJUOTlaRlhINE44RUdDNDBFRkgwTk45SjU3Ny4u
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
frame
referer
https://covid.sectech.com.au/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://covid.sectech.com.au/

Response headers

status
200
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
content-type
text/html; charset=utf-8
content-encoding
gzip
expires
0
vary
Accept-Encoding
p3p
CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
set-cookie
DcLcid=ui=1033&data=1033; expires=Tue, 26-Jan-2021 05:32:26 GMT; path=/; samesite=none; secure; HttpOnly __RequestVerificationToken=mVVkDCKPjzQwnzVCd5k_b6B5MCS3P7vBvNYW1HcyVrIIMrHhgMED_PRPTJGGOG7DMlGnq1mYeKdHHPU3TJb03w6yhAJiRNDejrdtUeVURHc1; path=/; samesite=none; secure; HttpOnly AADNonce.forms=22d539c6-0596-41b4-b51d-9f988bba4f57.637392871469439313; domain=forms.office.com; path=/; samesite=none; secure; HttpOnly
x-routingofficecluster
neu-001.forms.office.com
x-routingofficefe
FormsSingleBox_IN_7
x-routingofficeversion
16.0.13420.36680
x-routingsessionid
3ef9799a-d3a1-4bbd-b58a-7367d2187127
x-routingcorrelationid
397a8878-e991-43a9-8bfc-1843236fe2ad
x-correlationid
397a8878-e991-43a9-8bfc-1843236fe2ad
x-usersessionid
3ef9799a-d3a1-4bbd-b58a-7367d2187127
x-officefe
FormsSingleBox_IN_13
x-officeversion
16.0.13420.36680
x-officecluster
neu-001.forms.office.com
x-failurereason
MissingCookieOrToken
x-robots-tag
noindex, nofollow
link
<https://cdn.forms.office.net/forms>; rel=preconnect; crossorigin=anonymous
x-aspnet-version
x-powered-by
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-msedge-ref
Ref A: C270460A5A704783B0861E1D807C72FE Ref B: VIEEDGE3219 Ref C: 2020-10-26T05:32:26Z
date
Mon, 26 Oct 2020 05:32:26 GMT

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes

4 Cookies

Domain/Path Name / Value
.forms.office.com/ Name: AADNonce.forms
Value: 22d539c6-0596-41b4-b51d-9f988bba4f57.637392871469439313
forms.office.com/ Name: MSFPC
Value: GUID=839059324a8e4efbb5132247cd920f61&HASH=8390&LV=202010&V=4&LU=1603690347487
forms.office.com/ Name: __RequestVerificationToken
Value: mVVkDCKPjzQwnzVCd5k_b6B5MCS3P7vBvNYW1HcyVrIIMrHhgMED_PRPTJGGOG7DMlGnq1mYeKdHHPU3TJb03w6yhAJiRNDejrdtUeVURHc1
forms.office.com/ Name: DcLcid
Value: ui=1033&data=1033

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

covid.sectech.com.au
forms.office.com
13.107.6.194
54.79.143.232
cf5829622a989772b7c2e056b4a750df132d0c4117c9148a5cbc8d7a67bf5e18