urlscan.io logo urlscan.io
SecurityTrails logo

serveroffice.flexicollege.com Open in urlscan Pro
204.12.201.162  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://serveroffice.flexicollege.com/rds/jtx/fedm/fe/index.php
Effective URL: http://serveroffice.flexicollege.com/rds/jtx/fedm/fe/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=36&id=4860418588
Submission: On October 05 via manual from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 7 HTTP transactions. The main IP is 204.12.201.162, located in Kansas City, United States and belongs to WII-KC - WholeSale Internet, Inc., US. The main domain is serveroffice.flexicollege.com.
This is the only time serveroffice.flexicollege.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Office 365 (Online)

Domain & IP information

IP Address AS Autonomous System
1 3 204.12.201.162 32097 (WII-KC)
1 2a02:26f0:122... 20940 (AKAMAI-ASN1)
2 2a02:26f0:122... 20940 (AKAMAI-ASN1)
2 2a02:26f0:122... 20940 (AKAMAI-ASN1)
7 4
Domain Requested by
3 auth.gfx.ms serveroffice.flexicollege.com
3 serveroffice.flexicollege.com 1 redirects serveroffice.flexicollege.com
2 secure.aadcdn.microsoftonline-p.com serveroffice.flexicollege.com
7 3

This site contains no links.

Subject Issuer Validity Valid
msagfx.live.com
Microsoft IT TLS CA 4		 2017-07-27 -
2019-07-17		 2 years crt.sh
secure.aadcdn.microsoftonline-p.com
Microsoft IT TLS CA 1		 2017-08-15 -
2019-08-15		 2 years crt.sh

This page contains 1 frames:

Primary Page: http://serveroffice.flexicollege.com/rds/jtx/fedm/fe/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=36&id=4860418588
Frame ID: 25898.1
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://serveroffice.flexicollege.com/rds/jtx/fedm/fe/index.php HTTP 302
    http://serveroffice.flexicollege.com/rds/jtx/fedm/fe/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

7
Requests

71 %
HTTPS

75 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

76 kB
Transfer

221 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://serveroffice.flexicollege.com/rds/jtx/fedm/fe/index.php HTTP 302
    http://serveroffice.flexicollege.com/rds/jtx/fedm/fe/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=36&id=4860418588 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Login.php
serveroffice.flexicollege.com/rds/jtx/fedm/fe/
Redirect Chain
  • http://serveroffice.flexicollege.com/rds/jtx/fedm/fe/index.php?
  • http://serveroffice.flexicollege.com/rds/jtx/fedm/fe/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=36&id=4860418588
15 KB
16 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://serveroffice.flexicollege.com/rds/jtx/fedm/fe/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=36&id=4860418588
Protocol
HTTP/1.1
Server
204.12.201.162 Kansas City, United States, ASN32097 (WII-KC - WholeSale Internet, Inc., US),
Reverse DNS
keter.theserverupdates.com
Software
Apache /
Resource Hash
6b60bc2bc502e123352302021351eedffe091be3ed6227ce3c3375a8ecdaadc1
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
serveroffice.flexicollege.com
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/61.0.3163.100 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Cache-Control
no-cache
Connection
keep-alive
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/61.0.3163.100 Safari/537.36

Response headers

Date
Thu, 05 Oct 2017 07:23:39 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
X-XSS-Protection
1; mode=block

Redirect headers

Date
Thu, 05 Oct 2017 07:23:39 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=UTF-8
Location
Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=36&id=4860418588
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
0
X-XSS-Protection
1; mode=block
Default1033.css
auth.gfx.ms/16.000.26210.00/ 		73 KB
14 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://auth.gfx.ms/16.000.26210.00/Default1033.css
Requested by
Host: serveroffice.flexicollege.com
URL: http://serveroffice.flexicollege.com/rds/jtx/fedm/fe/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=36&id=4860418588
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:122:394::34ef , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
b891a2332f1c64f4203473a929917ce150426bcbd1efe28af98d0ddfc90e1343

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
auth.gfx.ms
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/61.0.3163.100 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://serveroffice.flexicollege.com/rds/jtx/fedm/fe/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=36&id=4860418588
Connection
keep-alive
Cache-Control
no-cache
Referer
http://serveroffice.flexicollege.com/rds/jtx/fedm/fe/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=36&id=4860418588
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/61.0.3163.100 Safari/537.36

Response headers

Date
Thu, 05 Oct 2017 07:23:41 GMT
Content-Encoding
gzip
Last-Modified
Fri, 18 Mar 2016 02:03:07 GMT
PPServer
PPV: 30 H: BL2IDSPRTS1C002 V: 0
ETag
"80bf4d50ba80d11:0"
Vary
Accept-Encoding
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
max-age=464601
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
14543
Server
Microsoft-IIS/8.5
DefaultLoginStrings1033.js
serveroffice.flexicollege.com/rds/jtx/fedm/fe/hotmail_files/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://serveroffice.flexicollege.com/rds/jtx/fedm/fe/hotmail_files/DefaultLoginStrings1033.js
Requested by
Host: serveroffice.flexicollege.com
URL: http://serveroffice.flexicollege.com/rds/jtx/fedm/fe/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=36&id=4860418588
Protocol
HTTP/1.1
Server
204.12.201.162 Kansas City, United States, ASN32097 (WII-KC - WholeSale Internet, Inc., US),
Reverse DNS
keter.theserverupdates.com
Software
Apache /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
serveroffice.flexicollege.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/61.0.3163.100 Safari/537.36
Accept
*/*
Referer
http://serveroffice.flexicollege.com/rds/jtx/fedm/fe/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=36&id=4860418588
Connection
keep-alive
Cache-Control
no-cache
Referer
http://serveroffice.flexicollege.com/rds/jtx/fedm/fe/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=36&id=4860418588
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/61.0.3163.100 Safari/537.36

Response headers

Date
Thu, 05 Oct 2017 07:23:41 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
373
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=iso-8859-1
DefaultLogin_Core.js
auth.gfx.ms/16.000.26210.00/ 		117 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://auth.gfx.ms/16.000.26210.00/DefaultLogin_Core.js
Requested by
Host: serveroffice.flexicollege.com
URL: http://serveroffice.flexicollege.com/rds/jtx/fedm/fe/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=36&id=4860418588
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:122:399::34ef , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
1b8975df0003c5335d6fb2c0e0d8cd0ec1a0c5d93d0756f6258c428d4772695a

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
auth.gfx.ms
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/61.0.3163.100 Safari/537.36
Accept
*/*
Referer
http://serveroffice.flexicollege.com/rds/jtx/fedm/fe/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=36&id=4860418588
Connection
keep-alive
Cache-Control
no-cache
Referer
http://serveroffice.flexicollege.com/rds/jtx/fedm/fe/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=36&id=4860418588
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/61.0.3163.100 Safari/537.36

Response headers

Date
Thu, 05 Oct 2017 07:23:41 GMT
Content-Encoding
gzip
Last-Modified
Fri, 18 Mar 2016 02:07:45 GMT
PPServer
PPV: 30 H: BL2IDSPRTS1A002 V: 0
ETag
"802e1f6ba80d11:0"
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=464601
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
38944
Server
Microsoft-IIS/8.5
bannerlogo
secure.aadcdn.microsoftonline-p.com/dbd5a2dd-6ybrougjmflxqw910ieyohr7wb4x4-yvoixrlaidmz4/appbranding/askzfdsqe20i-bcjwporaywega7vbt4acqnn1hiliiw/0/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.aadcdn.microsoftonline-p.com/dbd5a2dd-6ybrougjmflxqw910ieyohr7wb4x4-yvoixrlaidmz4/appbranding/askzfdsqe20i-bcjwporaywega7vbt4acqnn1hiliiw/0/bannerlogo?ts=635974776182591704
Requested by
Host: serveroffice.flexicollege.com
URL: http://serveroffice.flexicollege.com/rds/jtx/fedm/fe/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=36&id=4860418588
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:122:38f::35c1 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
fc5c3d7d2b298a42ec44dad2d8cd227b734db966b4afa68c0254a497e805f603
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
secure.aadcdn.microsoftonline-p.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/61.0.3163.100 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://serveroffice.flexicollege.com/rds/jtx/fedm/fe/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=36&id=4860418588
Connection
keep-alive
Cache-Control
no-cache
Referer
http://serveroffice.flexicollege.com/rds/jtx/fedm/fe/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=36&id=4860418588
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/61.0.3163.100 Safari/537.36

Response headers

Date
Thu, 05 Oct 2017 07:23:41 GMT
Last-Modified
Tue, 03 Oct 2017 19:30:38 GMT
Content-MD5
nwmifU9ps1V8dDNXSinXJg==
Strict-Transport-Security
max-age=31536000
Content-Type
image\jpeg
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=5686
Connection
keep-alive
Content-Length
4585
microsoft_logo.png
secure.aadcdn.microsoftonline-p.com/ests/2.1.4856.17/content/images/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.aadcdn.microsoftonline-p.com/ests/2.1.4856.17/content/images/microsoft_logo.png
Requested by
Host: serveroffice.flexicollege.com
URL: http://serveroffice.flexicollege.com/rds/jtx/fedm/fe/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=36&id=4860418588
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:122:38f::35c1 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
988e349f2bf4e87154738c7b2c1fa86618713a8cfa0cef60a046f5add89bd9de
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
secure.aadcdn.microsoftonline-p.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/61.0.3163.100 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://serveroffice.flexicollege.com/rds/jtx/fedm/fe/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=36&id=4860418588
Connection
keep-alive
Cache-Control
no-cache
Referer
http://serveroffice.flexicollege.com/rds/jtx/fedm/fe/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=36&id=4860418588
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/61.0.3163.100 Safari/537.36

Response headers

Date
Thu, 05 Oct 2017 07:23:41 GMT
Last-Modified
Wed, 05 Oct 2016 20:41:13 GMT
Content-MD5
5LZ1AH3GSS7lkBMdH337sw==
Strict-Transport-Security
max-age=31536000
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=367428
Connection
keep-alive
Content-Length
1040
DefaultLoginStrings1033.js
auth.gfx.ms/16.000.26210.00/ 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://auth.gfx.ms/16.000.26210.00/DefaultLoginStrings1033.js
Requested by
Host: serveroffice.flexicollege.com
URL: http://serveroffice.flexicollege.com/rds/jtx/fedm/fe/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=36&id=4860418588
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:122:399::34ef , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
9b095928a69573d2dd52b3739e9fbe00a3e860ada852b0fad41b398a678d68af

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
auth.gfx.ms
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/61.0.3163.100 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"
Accept
*/*
Referer
http://serveroffice.flexicollege.com/rds/jtx/fedm/fe/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=36&id=4860418588
Connection
keep-alive
Cache-Control
no-cache
Referer
http://serveroffice.flexicollege.com/rds/jtx/fedm/fe/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=36&id=4860418588
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/61.0.3163.100 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Thu, 05 Oct 2017 07:23:41 GMT
Content-Encoding
gzip
Last-Modified
Fri, 18 Mar 2016 02:07:04 GMT
PPServer
PPV: 30 H: BL2IDSPRTS1A002 V: 0
ETag
"01491ddba80d11:0"
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=464602
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3130
Server
Microsoft-IIS/8.5

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Office 365 (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block