urlscan.io logo urlscan.io
SecurityTrails logo

605030.selcdn.ru Open in urlscan Pro
92.53.68.203  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://605030.selcdn.ru/943376-loffised/officeozo.htm/
Submission: On October 25 via automatic, source openphish — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 4 domains to perform 6 HTTP transactions. The main IP is 92.53.68.203, located in Russian Federation and belongs to SELECTEL, RU. The main domain is 605030.selcdn.ru.
This is the only time 605030.selcdn.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 92.53.68.203 49505 (SELECTEL)
4 8 162.125.66.15 19679 (DROPBOX)
1 69.16.175.10 33438 (HIGHWINDS2)
6 3
Domain Requested by
4 dl.dropboxusercontent.com 605030.selcdn.ru
dl.dropboxusercontent.com
4 dl.dropbox.com 4 redirects
1 code.jquery.com 605030.selcdn.ru
1 605030.selcdn.ru
6 4

This site contains no links.

Subject Issuer Validity Valid
*.dl.dropboxusercontent.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-01-19 -
2022-02-14		 a year crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2021-07-14 -
2022-08-14		 a year crt.sh

This page contains 1 frames:

Primary Page: http://605030.selcdn.ru/943376-loffised/officeozo.htm/
Frame ID: D51507C197109FE07EC11469111836D9
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

6
Requests

83 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

3
IPs

3
Countries

132 kB
Transfer

317 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://dl.dropbox.com/s/ul130pc7ogaain7/style.css?dl=0 HTTP 302
  • https://dl.dropboxusercontent.com/s/ul130pc7ogaain7/style.css?dl=0
Request Chain 1
  • https://dl.dropbox.com/s/qjpq5tigs0niekw/microsoft_logo.png?dl=0 HTTP 302
  • https://dl.dropboxusercontent.com/s/qjpq5tigs0niekw/microsoft_logo.png?dl=0
Request Chain 2
  • https://dl.dropbox.com/s/5own3543rbdlh4e/arrow_left.svg?dl=0 HTTP 302
  • https://dl.dropboxusercontent.com/s/5own3543rbdlh4e/arrow_left.svg?dl=0
Request Chain 4
  • https://dl.dropbox.com/s/dvpb0de2lrx83z4/pool.PNG?dl=0 HTTP 302
  • https://dl.dropboxusercontent.com/s/dvpb0de2lrx83z4/pool.PNG?dl=0

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
605030.selcdn.ru/943376-loffised/officeozo.htm/ 		3 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://605030.selcdn.ru/943376-loffised/officeozo.htm/
Protocol
HTTP/1.1
Server
92.53.68.203 , Russian Federation, ASN49505 (SELECTEL, RU),
Reverse DNS
Software
/
Resource Hash
44f1258578eb0c0e4b6bb257fc281f5112887539990347b002ce5ea0df2cd4df

Request headers

Host
605030.selcdn.ru
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma, Etag, X-Timestamp, X-Trans-Id, X-Openstack-Request-Id, Content-Length, Accept-Ranges
Content-Length
3166
Content-Type
text/html
Etag
"e9677baae4ab926344689747517c846b"
Last-Modified
Sun, 03 Oct 2021 15:22:08 GMT
X-Timestamp
1633274527.06088
X-Trans-Id
16aa8e8765f381e3
Date
Mon, 25 Oct 2021 08:49:21 GMT
Age
15486
style.css
dl.dropboxusercontent.com/s/ul130pc7ogaain7/
Redirect Chain
  • https://dl.dropbox.com/s/ul130pc7ogaain7/style.css?dl=0
  • https://dl.dropboxusercontent.com/s/ul130pc7ogaain7/style.css?dl=0
3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://dl.dropboxusercontent.com/s/ul130pc7ogaain7/style.css?dl=0
Requested by
Host: 605030.selcdn.ru
URL: http://605030.selcdn.ru/943376-loffised/officeozo.htm/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
162.125.66.15 Frankfurt am Main, Germany, ASN19679 (DROPBOX, US),
Reverse DNS
Software
envoy /
Resource Hash
74a1c3fde328c3ab13a7053c250470ea34a00cd5ae6fe30dc0d8a4cc64479565
Security Headers
Name Value
Content-Security-Policy report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://605030.selcdn.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
public
date
Mon, 25 Oct 2021 13:07:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
envoy
x-server-response-time
209
vary
Accept-Encoding
content-type
text/css; charset=utf-8
x-dropbox-request-id
d9597873f05d4c8f9bbf9a176173dab3
content-disposition
inline; filename="style.css"; filename*=UTF-8''style.css
cache-control
max-age=60
x-dropbox-response-origin
far_remote
content-security-policy
report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
x-robots-tag
noindex, nofollow, noimageindex, noindex, nofollow, noimageindex

Redirect headers

pragma
no-cache
date
Mon, 25 Oct 2021 13:07:27 GMT
content-encoding
gzip
server
envoy
vary
Accept-Encoding
content-type
text/html; charset=utf-8
location
https://dl.dropboxusercontent.com/s/ul130pc7ogaain7/style.css?dl=0
cache-control
no-cache
x-dropbox-response-origin
far_remote
content-security-policy
sandbox
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
x-robots-tag
noindex, nofollow, noimageindex, noindex, nofollow, noimageindex
x-dropbox-request-id
d2add736425544be9c35c61a9585e211
microsoft_logo.png
dl.dropboxusercontent.com/s/qjpq5tigs0niekw/
Redirect Chain
  • https://dl.dropbox.com/s/qjpq5tigs0niekw/microsoft_logo.png?dl=0
  • https://dl.dropboxusercontent.com/s/qjpq5tigs0niekw/microsoft_logo.png?dl=0
1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dl.dropboxusercontent.com/s/qjpq5tigs0niekw/microsoft_logo.png?dl=0
Requested by
Host: 605030.selcdn.ru
URL: http://605030.selcdn.ru/943376-loffised/officeozo.htm/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
162.125.66.15 Frankfurt am Main, Germany, ASN19679 (DROPBOX, US),
Reverse DNS
Software
envoy /
Resource Hash
f664b8138c2da6ec7565500a7cc839da6372614a31dc04c5a2169a26b8d9767c
Security Headers
Name Value
Content-Security-Policy report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://605030.selcdn.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 25 Oct 2021 13:07:27 GMT
x-content-type-options
nosniff
x-dropbox-request-id
fec112f1ee5f4acc9572b7e65f85cf59
x-dropbox-response-origin
far_remote
content-disposition
inline; filename="microsoft_logo.png"; filename*=UTF-8''microsoft_logo.png
content-length
1057
pragma
public
server
envoy
etag
1623731483454224n
x-server-response-time
238
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
content-type
image/png
cache-control
max-age=60
content-security-policy
report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
accept-ranges
bytes
x-robots-tag
noindex, nofollow, noimageindex, noindex, nofollow, noimageindex

Redirect headers

pragma
no-cache
date
Mon, 25 Oct 2021 13:07:27 GMT
content-encoding
gzip
server
envoy
vary
Accept-Encoding
content-type
text/html; charset=utf-8
location
https://dl.dropboxusercontent.com/s/qjpq5tigs0niekw/microsoft_logo.png?dl=0
cache-control
no-cache
x-dropbox-response-origin
far_remote
content-security-policy
sandbox
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
x-robots-tag
noindex, nofollow, noimageindex, noindex, nofollow, noimageindex
x-dropbox-request-id
d9dad8a442634d7aa7aa473faea352cb
arrow_left.svg
dl.dropboxusercontent.com/s/5own3543rbdlh4e/
Redirect Chain
  • https://dl.dropbox.com/s/5own3543rbdlh4e/arrow_left.svg?dl=0
  • https://dl.dropboxusercontent.com/s/5own3543rbdlh4e/arrow_left.svg?dl=0
513 B
550 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dl.dropboxusercontent.com/s/5own3543rbdlh4e/arrow_left.svg?dl=0
Requested by
Host: 605030.selcdn.ru
URL: http://605030.selcdn.ru/943376-loffised/officeozo.htm/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
162.125.66.15 Frankfurt am Main, Germany, ASN19679 (DROPBOX, US),
Reverse DNS
Software
envoy /
Resource Hash
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
Security Headers
Name Value
Content-Security-Policy sandbox, report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy sandbox
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://605030.selcdn.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 25 Oct 2021 13:07:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-dropbox-request-id
d3a8287d955445f5b49d806761a841a4
x-dropbox-response-origin
far_remote
content-disposition
attachment; filename=arrow_left.svg
vary
Accept-Encoding
pragma
public
server
envoy
x-server-response-time
176
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
content-type
image/svg+xml
cache-control
max-age=60
content-security-policy
sandbox, report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
x-robots-tag
noindex, nofollow, noimageindex, noindex, nofollow, noimageindex
x-webkit-csp
sandbox
x-content-security-policy
sandbox

Redirect headers

pragma
no-cache
date
Mon, 25 Oct 2021 13:07:27 GMT
content-encoding
gzip
server
envoy
vary
Accept-Encoding
content-type
text/html; charset=utf-8
location
https://dl.dropboxusercontent.com/s/5own3543rbdlh4e/arrow_left.svg?dl=0
cache-control
no-cache
x-dropbox-response-origin
far_remote
content-security-policy
sandbox
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
x-robots-tag
noindex, nofollow, noimageindex, noindex, nofollow, noimageindex
x-dropbox-request-id
48aba4084112422b8d81943c9b9a9970
jquery-1.9.1.js
code.jquery.com/ 		262 KB
78 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-1.9.1.js
Requested by
Host: 605030.selcdn.ru
URL: http://605030.selcdn.ru/943376-loffised/officeozo.htm/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.16.175.10 Phoenix, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
hwcdn.net
Software
nginx /
Resource Hash
7bd80d06c01c0340c1b9159b9b4a197db882ca18cbac8e9b9aa025e68f998d40

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://605030.selcdn.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 25 Oct 2021 13:07:27 GMT
content-encoding
gzip
last-modified
Fri, 24 Oct 2014 00:16:07 GMT
server
nginx
etag
W/"54499a47-4185d"
vary
Accept-Encoding
x-hw
1635167247.dop132.fr8.t,1635167247.cds263.fr8.hn,1635167247.cds250.fr8.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
79506
pool.PNG
dl.dropboxusercontent.com/s/dvpb0de2lrx83z4/
Redirect Chain
  • https://dl.dropbox.com/s/dvpb0de2lrx83z4/pool.PNG?dl=0
  • https://dl.dropboxusercontent.com/s/dvpb0de2lrx83z4/pool.PNG?dl=0
47 KB
48 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dl.dropboxusercontent.com/s/dvpb0de2lrx83z4/pool.PNG?dl=0
Requested by
Host: dl.dropboxusercontent.com
URL: https://dl.dropboxusercontent.com/s/ul130pc7ogaain7/style.css?dl=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
162.125.66.15 Frankfurt am Main, Germany, ASN19679 (DROPBOX, US),
Reverse DNS
Software
envoy /
Resource Hash
9ad5de4d4f58a6ded48ca76851d8beaf0cf66a7c2e17106877489b4951a28276
Security Headers
Name Value
Content-Security-Policy report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://dl.dropboxusercontent.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 25 Oct 2021 13:07:28 GMT
x-content-type-options
nosniff
x-dropbox-request-id
2db25bd933514d22a663be1e4b151486
x-dropbox-response-origin
far_remote
content-disposition
inline; filename="pool.PNG"; filename*=UTF-8''pool.PNG
content-length
48473
pragma
public
server
envoy
etag
1623732385948109n
x-server-response-time
254
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
content-type
image/png
cache-control
max-age=60
content-security-policy
report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
accept-ranges
bytes
x-robots-tag
noindex, nofollow, noimageindex, noindex, nofollow, noimageindex

Redirect headers

pragma
no-cache
date
Mon, 25 Oct 2021 13:07:27 GMT
content-encoding
gzip
server
envoy
vary
Accept-Encoding
content-type
text/html; charset=utf-8
location
https://dl.dropboxusercontent.com/s/dvpb0de2lrx83z4/pool.PNG?dl=0
cache-control
no-cache
x-dropbox-response-origin
far_remote
content-security-policy
sandbox
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
x-robots-tag
noindex, nofollow, noimageindex, noindex, nofollow, noimageindex
x-dropbox-request-id
02c546113bd14d91ad910a66524b5928

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect boolean| originAgentCluster string| feedUpdateResponse object| feedUpdateSplit number| x undefined| che function| $ function| jQuery number| count

1 Cookies

Domain/Path Name / Value
.dropboxusercontent.com/ Name: uc_session
Value: 3gFLaKDF8IReVnYj8t6zXZfXj2uJNM5zRI5LGCRZsNrDrEqvWpabW7q1tKBCKEmp