office365.voestalpine.cloud
Open in
urlscan Pro
164.3.70.132
Malicious Activity!
Public Scan
Submission: On December 06 via manual from AT — Scanned from AT
Summary
This is the only time office365.voestalpine.cloud was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Office 365 (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 19 | 164.3.70.132 164.3.70.132 | 8387 (T-SYSTEMS...) (T-SYSTEMS-AT Rennweg 97-99) | |
1 | 173.194.76.84 173.194.76.84 | 15169 (GOOGLE) (GOOGLE) | |
1 1 | 216.58.212.142 216.58.212.142 | 15169 (GOOGLE) (GOOGLE) | |
1 | 142.250.181.225 142.250.181.225 | 15169 (GOOGLE) (GOOGLE) | |
1 | 104.244.42.1 104.244.42.1 | 13414 (TWITTER) (TWITTER) | |
17 | 4 |
ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f142.1e100.net
plus.google.com |
ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f1.1e100.net
workspaceupdates.googleblog.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
19 |
voestalpine.cloud
5 redirects
office365.voestalpine.cloud |
293 KB |
2 |
google.com
1 redirects
accounts.google.com — Cisco Umbrella Rank: 23 plus.google.com — Cisco Umbrella Rank: 12572 |
317 B |
1 |
twitter.com
twitter.com — Cisco Umbrella Rank: 316 |
|
1 |
googleblog.com
workspaceupdates.googleblog.com — Cisco Umbrella Rank: 96930 |
|
17 | 4 |
Domain | Requested by | |
---|---|---|
19 | office365.voestalpine.cloud |
5 redirects
office365.voestalpine.cloud
|
1 | twitter.com |
office365.voestalpine.cloud
|
1 | workspaceupdates.googleblog.com |
office365.voestalpine.cloud
|
1 | plus.google.com | 1 redirects |
1 | accounts.google.com |
office365.voestalpine.cloud
|
17 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
accounts.google.com GTS CA 1C3 |
2023-10-23 - 2024-01-15 |
3 months | crt.sh |
twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2023-10-31 - 2024-10-29 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://office365.voestalpine.cloud/9s8ee3v5s4yugqlp
Frame ID: 5AA0D4DBCE34D8CDE54BDE035F5FBF4D
Requests: 17 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://office365.voestalpine.cloud/js/events.js HTTP 302
- https://office365.voestalpine.cloud/obfuscate?path=js/events.js
- http://office365.voestalpine.cloud/js/detect.js HTTP 302
- https://office365.voestalpine.cloud/obfuscate?path=js/detect.js
- http://office365.voestalpine.cloud/js/timeme.min.js HTTP 302
- https://office365.voestalpine.cloud/obfuscate?path=js/timeme.min.js
- http://office365.voestalpine.cloud/js/time-tracker.js HTTP 302
- https://office365.voestalpine.cloud/obfuscate?path=js/time-tracker.js
- http://office365.voestalpine.cloud/js/analyse.js HTTP 302
- https://office365.voestalpine.cloud/obfuscate?path=js/analyse.js
- https://plus.google.com/up/?continue=https://www.google.com/intl/en/images/logos/accounts_logo.png&type=st&gpsrc=ogpy0 HTTP 301
- https://workspaceupdates.googleblog.com/2023/04/new-community-features-for-google-chat-and-an-update-currents%20.html
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
9s8ee3v5s4yugqlp
office365.voestalpine.cloud/ |
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
obfuscate
office365.voestalpine.cloud/ Redirect Chain
|
558 B 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
obfuscate
office365.voestalpine.cloud/ Redirect Chain
|
1 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
O365_Logo.jpg
office365.voestalpine.cloud/public/campaign/58/static/ |
36 KB 36 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
M365Logo.png
office365.voestalpine.cloud/public/campaign/58/static/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.11.3.min.js
office365.voestalpine.cloud/public/campaign/58/71/11/ |
94 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
obfuscate
office365.voestalpine.cloud/ Redirect Chain
|
4 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
obfuscate
office365.voestalpine.cloud/ Redirect Chain
|
2 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
obfuscate
office365.voestalpine.cloud/ Redirect Chain
|
3 KB 3 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
CheckCookie
accounts.google.com/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
new-community-features-for-google-chat-and-an-update-currents%20.html
workspaceupdates.googleblog.com/2023/04/ Redirect Chain
|
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login
twitter.com/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
plugin-list
office365.voestalpine.cloud/ |
65 B 698 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
heroillustration.jpg
office365.voestalpine.cloud/public/campaign/58/71/11/ |
199 KB 199 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
run-analyse
office365.voestalpine.cloud/9s8ee3v5s4yugqlp/ |
0 468 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
run-analyse
office365.voestalpine.cloud/9s8ee3v5s4yugqlp/ |
0 468 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
track-time
office365.voestalpine.cloud/scenario/ |
0 782 B |
Ping
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Office 365 (Online)22 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| lucyDispatchEvent function| getPluginName function| getPluginVersion function| getPlugins function| sendPlugins function| $ function| jQuery function| resize function| validateForm object| jQuery1113004364786737204307 object| TimeMe boolean| injected function| trackTime function| sendUserActivityTimeData function| runTimeTracker function| isChrome object| dataAnalyse string| analysisUrl function| sendAnalyseData function| updateSocialStatus function| runAnalyse function| doAnalysis2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
office365.voestalpine.cloud/ | Name: link Value: 9s8ee3v5s4yugqlp |
|
.twitter.com/ | Name: guest_id Value: v1%3A170187239702620072 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
accounts.google.com
office365.voestalpine.cloud
plus.google.com
twitter.com
workspaceupdates.googleblog.com
104.244.42.1
142.250.181.225
164.3.70.132
173.194.76.84
216.58.212.142
07be3ff476a8b063c81d7db7750cca027280cd0fced01ce9a5d073d4b70841bb
1c1aff1501eb2b60d97d99b9f4cddfde783d6503a1a2f3fd7889d0ca9be45f26
1ebe19e41a80646d99691bf907f012f60c4a6f29d362ed8209a5e0964709808d
6508d5f5268e3ceb26624d947fab5e24f1c648b188fdb75ec7c66b582aee59dc
7e50e406688bd898803f653058d14ca384734cb9b39ba900bc5e2734b59c073b
91c41d9e81d8e6842726b8e34e0b25a018585a05c07ccb07b3e362a79da968b8
994b144cf2a2cdf3cd66ccbb797b0d2d736cb4fdccc6060eadc4b8440964659b
be85cf80156b7d0720f03033a88f40eba1f8a04c16ca28d102c1fddb7fbd038d
cf62ffea9831db96b94e267b4164733066335e851e552c7d5dbfc752a3385c96
d052d0c3c047d723c2fcb341ed69e4f53ab1aa8650d33c75b039aef0b014555c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f53941103f6922446d2f5490b628638bffa13b74888ca07f40b2811ac743d98c