Submitted URL: http://www.barecovecarpet.com/wp-includes/office365/
Effective URL: http://www.barecovecarpet.com/wp-includes/office365/f871294f53067d9d4745bf106dc0c3ea/
Submission: On February 15 via manual from GB

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 10 HTTP transactions. The main IP is 104.28.14.45, located in San Francisco, United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is www.barecovecarpet.com.
This is the only time www.barecovecarpet.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Office 365 (Online) Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
2 3 104.28.14.45 13335 (CLOUDFLAR...)
8 2.20.23.219 20940 (AKAMAI-ASN1)
1 104.28.15.45 13335 (CLOUDFLAR...)
10 3
Apex Domain
Subdomains
Transfer
8 microsoftonline-p.com
secure.aadcdn.microsoftonline-p.com
292 KB
4 barecovecarpet.com
www.barecovecarpet.com
15 KB
10 2
Domain Requested by
8 secure.aadcdn.microsoftonline-p.com www.barecovecarpet.com
4 www.barecovecarpet.com 2 redirects www.barecovecarpet.com
10 2
Subject Issuer Validity Valid

This page contains 1 frames:

Primary Page: http://www.barecovecarpet.com/wp-includes/office365/f871294f53067d9d4745bf106dc0c3ea/
Frame ID: (DD8B5477AF01A9925FEB4168AD2A19A3)
Requests: 10 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://www.barecovecarpet.com/wp-includes/office365/ HTTP 302
    http://www.barecovecarpet.com/wp-includes/office365/f871294f53067d9d4745bf106dc0c3ea HTTP 301
    http://www.barecovecarpet.com/wp-includes/office365/f871294f53067d9d4745bf106dc0c3ea/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /cloudflare/i

Overall confidence: 50%
Detected patterns
  • env /^head$/i

Overall confidence: 100%
Detected patterns
  • env /^jQuery$/i

Page Statistics

10
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

306 kB
Transfer

555 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.barecovecarpet.com/wp-includes/office365/ HTTP 302
    http://www.barecovecarpet.com/wp-includes/office365/f871294f53067d9d4745bf106dc0c3ea HTTP 301
    http://www.barecovecarpet.com/wp-includes/office365/f871294f53067d9d4745bf106dc0c3ea/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.barecovecarpet.com/wp-includes/office365/f871294f53067d9d4745bf106dc0c3ea/
Redirect Chain
  • http://www.barecovecarpet.com/wp-includes/office365/
  • http://www.barecovecarpet.com/wp-includes/office365/f871294f53067d9d4745bf106dc0c3ea
  • http://www.barecovecarpet.com/wp-includes/office365/f871294f53067d9d4745bf106dc0c3ea/
45 KB
13 KB
Document
General
Full URL
http://www.barecovecarpet.com/wp-includes/office365/f871294f53067d9d4745bf106dc0c3ea/
Protocol
HTTP/1.1
Server
104.28.14.45 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
03fbdd6b5a426541d3569d83889367397cbe2db3b2f99c2c926b8f1683cf0e3b

Request headers

Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Connection
keep-alive
Accept-Encoding
gzip, deflate
Cookie
__cfduid=df5854d81ad986527c17e8b8a71b08b061518685115
Host
www.barecovecarpet.com
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Thu, 15 Feb 2018 08:58:36 GMT
Content-Encoding
gzip
Server
cloudflare
Connection
keep-alive
CF-RAY
3ed710f8c0ca2660-FRA
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8

Redirect headers

Location
http://www.barecovecarpet.com/wp-includes/office365/f871294f53067d9d4745bf106dc0c3ea/
Date
Thu, 15 Feb 2018 08:58:36 GMT
Server
cloudflare
Connection
keep-alive
CF-RAY
3ed710f800872660-FRA
Transfer-Encoding
chunked
Content-Type
text/html; charset=iso-8859-1
login.min.css
secure.aadcdn.microsoftonline-p.com/ests/2.1.6310.8/content/cdnbundles/
22 KB
5 KB
Stylesheet
General
Full URL
https://secure.aadcdn.microsoftonline-p.com/ests/2.1.6310.8/content/cdnbundles/login.min.css
Requested by
Host: www.barecovecarpet.com
URL: http://www.barecovecarpet.com/wp-includes/office365/f871294f53067d9d4745bf106dc0c3ea/
Protocol
HTTP/1.1
Server
2.20.23.219 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
1cb99b8f6ef91cab65770c9233f5a9db4e461d1c39c2e561c8606e3994eb1a30
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
http://www.barecovecarpet.com/wp-includes/office365/f871294f53067d9d4745bf106dc0c3ea/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Thu, 15 Feb 2018 08:58:36 GMT
Content-Encoding
gzip
Last-Modified
Tue, 18 Jul 2017 02:00:32 GMT
Content-MD5
kWZAWCshmJ7GwpEv5MDUtg==
Vary
Accept-Encoding
Connection
keep-alive
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=239893
Strict-Transport-Security
max-age=31536000
Content-Length
4943
login_hover.min.css
secure.aadcdn.microsoftonline-p.com/ests/2.1.6310.8/content/cdnbundles/
89 B
454 B
Stylesheet
General
Full URL
https://secure.aadcdn.microsoftonline-p.com/ests/2.1.6310.8/content/cdnbundles/login_hover.min.css
Requested by
Host: www.barecovecarpet.com
URL: http://www.barecovecarpet.com/wp-includes/office365/f871294f53067d9d4745bf106dc0c3ea/
Protocol
HTTP/1.1
Server
2.20.23.219 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
91c2b74542e11d0278e02715a980b39582eae2e3b519ddd2d4f9ca939e58109c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
http://www.barecovecarpet.com/wp-includes/office365/f871294f53067d9d4745bf106dc0c3ea/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Thu, 15 Feb 2018 08:58:36 GMT
Content-Encoding
gzip
Last-Modified
Tue, 18 Jul 2017 02:00:33 GMT
Content-MD5
k+LdzPr5J17LuCAOBMVTBQ==
Vary
Accept-Encoding
Connection
keep-alive
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=240120
Strict-Transport-Security
max-age=31536000
Content-Length
82
jquery.1.11.min.js
secure.aadcdn.microsoftonline-p.com/ests/2.1.6310.8/content/cdnbundles/
108 KB
38 KB
Script
General
Full URL
https://secure.aadcdn.microsoftonline-p.com/ests/2.1.6310.8/content/cdnbundles/jquery.1.11.min.js
Requested by
Host: www.barecovecarpet.com
URL: http://www.barecovecarpet.com/wp-includes/office365/f871294f53067d9d4745bf106dc0c3ea/
Protocol
HTTP/1.1
Server
2.20.23.219 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
080ff245615e719959bc5537e164ac4495c4b8036462dfee2076dd92f22c8491
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Referer
http://www.barecovecarpet.com/wp-includes/office365/f871294f53067d9d4745bf106dc0c3ea/
Origin
http://www.barecovecarpet.com

Response headers

Date
Thu, 15 Feb 2018 08:58:36 GMT
Content-Encoding
gzip
Last-Modified
Tue, 18 Jul 2017 02:00:32 GMT
Content-MD5
uh+HH+n7/grQTOu2+tsxCg==
Vary
Accept-Encoding
Connection
keep-alive
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=447959
Strict-Transport-Security
max-age=31536000
Content-Length
38473
aad.login.min.js
secure.aadcdn.microsoftonline-p.com/ests/2.1.6310.8/content/cdnbundles/
176 KB
43 KB
Script
General
Full URL
https://secure.aadcdn.microsoftonline-p.com/ests/2.1.6310.8/content/cdnbundles/aad.login.min.js
Requested by
Host: www.barecovecarpet.com
URL: http://www.barecovecarpet.com/wp-includes/office365/f871294f53067d9d4745bf106dc0c3ea/
Protocol
HTTP/1.1
Server
2.20.23.219 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
f3e8e97da9b75cbd9928c1c3a4a41120f19a1b03674280cb078707b7922d6f96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Referer
http://www.barecovecarpet.com/wp-includes/office365/f871294f53067d9d4745bf106dc0c3ea/
Origin
http://www.barecovecarpet.com

Response headers

Date
Thu, 15 Feb 2018 08:58:36 GMT
Content-Encoding
gzip
Last-Modified
Tue, 18 Jul 2017 02:00:24 GMT
Content-MD5
RNn72qzaBw+e7Hk8Vkt78A==
Vary
Accept-Encoding
Connection
keep-alive
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=439564
Strict-Transport-Security
max-age=31536000
Content-Length
43912
heroillustration?ts=635974776187911809
secure.aadcdn.microsoftonline-p.com/dbd5a2dd-6ybrougjmflxqw910ieyohr7wb4x4-yvoixrlaidmz4/appbranding/askzfdsqe20i-bcjwporaywega7vbt4acqnn1hiliiw/0/
199 KB
199 KB
Image
General
Full URL
https://secure.aadcdn.microsoftonline-p.com/dbd5a2dd-6ybrougjmflxqw910ieyohr7wb4x4-yvoixrlaidmz4/appbranding/askzfdsqe20i-bcjwporaywega7vbt4acqnn1hiliiw/0/heroillustration?ts=635974776187911809
Requested by
Host: www.barecovecarpet.com
URL: http://www.barecovecarpet.com/wp-includes/office365/f871294f53067d9d4745bf106dc0c3ea/
Protocol
HTTP/1.1
Server
2.20.23.219 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
7e50e406688bd898803f653058d14ca384734cb9b39ba900bc5e2734b59c073b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
http://www.barecovecarpet.com/wp-includes/office365/f871294f53067d9d4745bf106dc0c3ea/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Thu, 15 Feb 2018 08:58:36 GMT
Last-Modified
Thu, 15 Feb 2018 00:02:53 GMT
Content-MD5
ZSg7Ej6yNeYXaumMAqxbHA==
Strict-Transport-Security
max-age=31536000
Content-Type
image\jpeg
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=61675
Connection
keep-alive
Content-Length
203294
bannerlogo?ts=635974776182591704
secure.aadcdn.microsoftonline-p.com/dbd5a2dd-6ybrougjmflxqw910ieyohr7wb4x4-yvoixrlaidmz4/appbranding/askzfdsqe20i-bcjwporaywega7vbt4acqnn1hiliiw/0/
4 KB
5 KB
Image
General
Full URL
https://secure.aadcdn.microsoftonline-p.com/dbd5a2dd-6ybrougjmflxqw910ieyohr7wb4x4-yvoixrlaidmz4/appbranding/askzfdsqe20i-bcjwporaywega7vbt4acqnn1hiliiw/0/bannerlogo?ts=635974776182591704
Requested by
Host: www.barecovecarpet.com
URL: http://www.barecovecarpet.com/wp-includes/office365/f871294f53067d9d4745bf106dc0c3ea/
Protocol
HTTP/1.1
Server
2.20.23.219 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
fc5c3d7d2b298a42ec44dad2d8cd227b734db966b4afa68c0254a497e805f603
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
http://www.barecovecarpet.com/wp-includes/office365/f871294f53067d9d4745bf106dc0c3ea/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Thu, 15 Feb 2018 08:58:36 GMT
Last-Modified
Wed, 14 Feb 2018 21:46:17 GMT
Content-MD5
nwmifU9ps1V8dDNXSinXJg==
Strict-Transport-Security
max-age=31536000
Content-Type
image\jpeg
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=51538
Connection
keep-alive
Content-Length
4585
close.png
secure.aadcdn.microsoftonline-p.com/ests/2.1.6310.8/content/images/
190 B
517 B
Image
General
Full URL
https://secure.aadcdn.microsoftonline-p.com/ests/2.1.6310.8/content/images/close.png
Requested by
Host: www.barecovecarpet.com
URL: http://www.barecovecarpet.com/wp-includes/office365/f871294f53067d9d4745bf106dc0c3ea/
Protocol
HTTP/1.1
Server
2.20.23.219 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
9e444d6e8e9247aa4f8fb0025995c7867fc1d63c182774f4524a3cf8588c10c5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
http://www.barecovecarpet.com/wp-includes/office365/f871294f53067d9d4745bf106dc0c3ea/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Thu, 15 Feb 2018 08:58:36 GMT
Last-Modified
Tue, 18 Jul 2017 02:00:40 GMT
Content-MD5
YnjsCsEWoilRLuXESGWLFg==
Strict-Transport-Security
max-age=31536000
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=443970
Connection
keep-alive
Content-Length
190
microsoft_logo.png
secure.aadcdn.microsoftonline-p.com/ests/2.1.6310.8/content/images/
1 KB
1 KB
Image
General
Full URL
https://secure.aadcdn.microsoftonline-p.com/ests/2.1.6310.8/content/images/microsoft_logo.png
Requested by
Host: www.barecovecarpet.com
URL: http://www.barecovecarpet.com/wp-includes/office365/f871294f53067d9d4745bf106dc0c3ea/
Protocol
HTTP/1.1
Server
2.20.23.219 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
f664b8138c2da6ec7565500a7cc839da6372614a31dc04c5a2169a26b8d9767c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
http://www.barecovecarpet.com/wp-includes/office365/f871294f53067d9d4745bf106dc0c3ea/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Thu, 15 Feb 2018 08:58:36 GMT
Last-Modified
Tue, 18 Jul 2017 02:00:40 GMT
Content-MD5
7ZyesNzhfXUr7eprWs2m2Q==
Strict-Transport-Security
max-age=31536000
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=446176
Connection
keep-alive
Content-Length
1057
email-decode.min.js
www.barecovecarpet.com/cdn-cgi/scripts/d07b1474/cloudflare-static/
973 B
1008 B
Script
General
Full URL
http://www.barecovecarpet.com/cdn-cgi/scripts/d07b1474/cloudflare-static/email-decode.min.js
Requested by
Host: www.barecovecarpet.com
URL: http://www.barecovecarpet.com/wp-includes/office365/f871294f53067d9d4745bf106dc0c3ea/
Protocol
HTTP/1.1
Server
104.28.15.45 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare-nginx /
Resource Hash
b8a876c091593e2dd069f5c2405da574e022481419f705a866aaab2959f6e3ad
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.barecovecarpet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept
*/*
Referer
http://www.barecovecarpet.com/wp-includes/office365/f871294f53067d9d4745bf106dc0c3ea/
Cookie
__cfduid=df5854d81ad986527c17e8b8a71b08b061518685115
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.barecovecarpet.com/wp-includes/office365/f871294f53067d9d4745bf106dc0c3ea/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Thu, 15 Feb 2018 08:58:36 GMT
Content-Encoding
gzip
Last-Modified
Wed, 07 Feb 2018 11:03:38 GMT
Server
cloudflare-nginx
ETag
W/"5a7add0a-3cd"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
max-age=172800 public
Transfer-Encoding
chunked
Connection
keep-alive
CF-RAY
3ed710fab2992780-FRA
Expires
Sat, 17 Feb 2018 08:58:36 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Office 365 (Online) Microsoft (Consumer)

27 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| $Config boolean| isTouch string| cssId object| head object| link undefined| msViewportStyle function| $ function| jQuery object| jQuery111209120326982958404 undefined| MSLogin undefined| proxy undefined| ErrorCodes object| Constants undefined| Context undefined| Background undefined| Logo undefined| Instrument undefined| User undefined| tenant_info undefined| MSLogout undefined| ThirdPartyCookieStates undefined| PostType undefined| LoginOption undefined| TenantBranding undefined| users undefined| Tiles object| $Debug

7 Cookies

Domain/Path Name / Value
outlook.office365.com/ Name: OIDC
Value: 1
outlook.office365.com/ Name: ClientId
Value: A8E5A01BAEE04AC3A583EEF663BB3F31
www.office.com/ Name: OH.SID
Value: c7809c26-72bb-492c-a8dd-1e905184bfe0
.office.com/ Name: MUID
Value: 2C335A141F3F6CF52D4951831E336D42
portal.office.com/ Name: p.PersID
Value: 71268c89-5eee-4ad4-bfa1-5ed0104bf72b
portal.office.com/ Name: s.SessID
Value: a1af9c7b-bbc7-4f16-94d3-86d01b98df37
.barecovecarpet.com/ Name: __cfduid
Value: df5854d81ad986527c17e8b8a71b08b061518685115