serveroffice.flexicollege.com
Open in
urlscan Pro
204.12.201.162
Malicious Activity!
Public Scan
Effective URL: http://serveroffice.flexicollege.com/rds/jtx/fedm/fe/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=36&id=4860418588
Submission: On October 05 via manual from GB
Summary
This is the only time serveroffice.flexicollege.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Office 365 (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 3 | 204.12.201.162 204.12.201.162 | 32097 (WII-KC) (WII-KC - WholeSale Internet) | |
1 | 2a02:26f0:122... 2a02:26f0:122:394::34ef | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
2 | 2a02:26f0:122... 2a02:26f0:122:399::34ef | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
2 | 2a02:26f0:122... 2a02:26f0:122:38f::35c1 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
7 | 4 |
ASN32097 (WII-KC - WholeSale Internet, Inc., US)
PTR: keter.theserverupdates.com
serveroffice.flexicollege.com |
ASN20940 (AKAMAI-ASN1, US)
secure.aadcdn.microsoftonline-p.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
gfx.ms
auth.gfx.ms |
55 KB |
3 |
flexicollege.com
1 redirects
serveroffice.flexicollege.com |
16 KB |
2 |
microsoftonline-p.com
secure.aadcdn.microsoftonline-p.com |
5 KB |
7 | 3 |
Domain | Requested by | |
---|---|---|
3 | auth.gfx.ms |
serveroffice.flexicollege.com
|
3 | serveroffice.flexicollege.com |
1 redirects
serveroffice.flexicollege.com
|
2 | secure.aadcdn.microsoftonline-p.com |
serveroffice.flexicollege.com
|
7 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
msagfx.live.com Microsoft IT TLS CA 4 |
2017-07-27 - 2019-07-17 |
2 years | crt.sh |
secure.aadcdn.microsoftonline-p.com Microsoft IT TLS CA 1 |
2017-08-15 - 2019-08-15 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
http://serveroffice.flexicollege.com/rds/jtx/fedm/fe/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=36&id=4860418588
Frame ID: 25898.1
Requests: 7 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://serveroffice.flexicollege.com/rds/jtx/fedm/fe/index.php
HTTP 302
http://serveroffice.flexicollege.com/rds/jtx/fedm/fe/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://serveroffice.flexicollege.com/rds/jtx/fedm/fe/index.php
HTTP 302
http://serveroffice.flexicollege.com/rds/jtx/fedm/fe/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=36&id=4860418588 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Login.php
serveroffice.flexicollege.com/rds/jtx/fedm/fe/ Redirect Chain
|
15 KB 16 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Default1033.css
auth.gfx.ms/16.000.26210.00/ |
73 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
DefaultLoginStrings1033.js
serveroffice.flexicollege.com/rds/jtx/fedm/fe/hotmail_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
DefaultLogin_Core.js
auth.gfx.ms/16.000.26210.00/ |
117 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bannerlogo
secure.aadcdn.microsoftonline-p.com/dbd5a2dd-6ybrougjmflxqw910ieyohr7wb4x4-yvoixrlaidmz4/appbranding/askzfdsqe20i-bcjwporaywega7vbt4acqnn1hiliiw/0/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
microsoft_logo.png
secure.aadcdn.microsoftonline-p.com/ests/2.1.4856.17/content/images/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
DefaultLoginStrings1033.js
auth.gfx.ms/16.000.26210.00/ |
10 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Office 365 (Online)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
auth.gfx.ms
secure.aadcdn.microsoftonline-p.com
serveroffice.flexicollege.com
204.12.201.162
2a02:26f0:122:38f::35c1
2a02:26f0:122:394::34ef
2a02:26f0:122:399::34ef
1b8975df0003c5335d6fb2c0e0d8cd0ec1a0c5d93d0756f6258c428d4772695a
6b60bc2bc502e123352302021351eedffe091be3ed6227ce3c3375a8ecdaadc1
988e349f2bf4e87154738c7b2c1fa86618713a8cfa0cef60a046f5add89bd9de
9b095928a69573d2dd52b3739e9fbe00a3e860ada852b0fad41b398a678d68af
b891a2332f1c64f4203473a929917ce150426bcbd1efe28af98d0ddfc90e1343
fc5c3d7d2b298a42ec44dad2d8cd227b734db966b4afa68c0254a497e805f603