office365.voestalpine.cloud Open in urlscan Pro
164.3.70.132 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://office365.voestalpine.cloud/9s8ee3v5s4yugqlp
Submission: On December 06 via manual (December 6th 2023, 2:20:02 pm UTC) from AT — Scanned from AT

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 17 HTTP transactions. The main IP is 164.3.70.132, located in Austria and belongs to T-SYSTEMS-AT Rennweg 97-99, AT. The main domain is office365.voestalpine.cloud.

This is the only time office365.voestalpine.cloud was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Office 365 (Online)

Domain & IP information

	IP Address	AS Autonomous System
5 19	164.3.70.132 164.3.70.132	8387 (T-SYSTEMS...) (T-SYSTEMS-AT Rennweg 97-99)
1	173.194.76.84 173.194.76.84	15169 (GOOGLE) (GOOGLE)
1 1	216.58.212.142 216.58.212.142	15169 (GOOGLE) (GOOGLE)
1	142.250.181.225 142.250.181.225	15169 (GOOGLE) (GOOGLE)
1	104.244.42.1 104.244.42.1	13414 (TWITTER) (TWITTER)
17	4

19 164.3.70.132 (Austria) 5 redirects

ASN8387 (T-SYSTEMS-AT Rennweg 97-99, AT)

office365.voestalpine.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.194.76.84 (United States)

ASN15169 (GOOGLE, US)
PTR: ws-in-f84.1e100.net

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.212.142 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f142.1e100.net

plus.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.181.225 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f1.1e100.net

workspaceupdates.googleblog.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.1 (United States)

ASN13414 (TWITTER, US)

twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	voestalpine.cloud 5 redirects office365.voestalpine.cloud	293 KB
2	google.com 1 redirects accounts.google.com — Cisco Umbrella Rank: 23 plus.google.com — Cisco Umbrella Rank: 12572	317 B
1	twitter.com twitter.com — Cisco Umbrella Rank: 316
1	googleblog.com workspaceupdates.googleblog.com — Cisco Umbrella Rank: 96930
17	4

	Domain	Requested by
19	office365.voestalpine.cloud	5 redirects office365.voestalpine.cloud
1	twitter.com	office365.voestalpine.cloud
1	workspaceupdates.googleblog.com	office365.voestalpine.cloud
1	plus.google.com	1 redirects
1	accounts.google.com	office365.voestalpine.cloud
17	5

This site contains no links.

Subject Issuer	Validity	Valid
accounts.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-31` - `2024-10-29`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://office365.voestalpine.cloud/9s8ee3v5s4yugqlp
Frame ID: 5AA0D4DBCE34D8CDE54BDE035F5FBF4D
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login

Detected technologies

TrackJs (Analytics) Expand

Overall confidence: 100%
Detected patterns

tracker\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

17
Requests

12 %
HTTPS

0 %
IPv6

4
Domains

5
Subdomains

4
IPs

2
Countries

292 kB
Transfer

351 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://office365.voestalpine.cloud/js/events.js HTTP 302
https://office365.voestalpine.cloud/obfuscate?path=js/events.js

Request Chain 1

http://office365.voestalpine.cloud/js/detect.js HTTP 302
https://office365.voestalpine.cloud/obfuscate?path=js/detect.js

Request Chain 5

http://office365.voestalpine.cloud/js/timeme.min.js HTTP 302
https://office365.voestalpine.cloud/obfuscate?path=js/timeme.min.js

Request Chain 6

http://office365.voestalpine.cloud/js/time-tracker.js HTTP 302
https://office365.voestalpine.cloud/obfuscate?path=js/time-tracker.js

Request Chain 7

http://office365.voestalpine.cloud/js/analyse.js HTTP 302
https://office365.voestalpine.cloud/obfuscate?path=js/analyse.js

Request Chain 9

https://plus.google.com/up/?continue=https://www.google.com/intl/en/images/logos/accounts_logo.png&type=st&gpsrc=ogpy0 HTTP 301
https://workspaceupdates.googleblog.com/2023/04/new-community-features-for-google-chat-and-an-update-currents%20.html

17 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request 9s8ee3v5s4yugqlp Show response office365.voestalpine.cloud/	7 KB 3 KB	238ms 192ms	Document text/html	164.3.70.132 T-SYSTEMS-AT Renn...
General Check archive.org Show headers Download Go to Full URL http://office365.voestalpine.cloud/9s8ee3v5s4yugqlp Protocol HTTP/1.1 Server 164.3.70.132 , Austria, ASN8387 (T-SYSTEMS-AT Rennweg 97-99, AT), Reverse DNS Software Lucy / Resource Hash `6508d5f5268e3ceb26624d947fab5e24f1c648b188fdb75ec7c66b582aee59dc` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 accept-language de-AT,de;q=0.9 Response headers Access-Control-Allow-Headers * Access-Control-Allow-Methods * Access-Control-Allow-Origin * Cache-Control no-store, no-cache, must-revalidate Connection Upgrade, Keep-Alive Content-Encoding gzip Content-Length 2229 Content-Type text/html; charset=UTF-8 Date Wed, 06 Dec 2023 14:19:56 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Keep-Alive timeout=5, max=100 Pragma no-cache Server Lucy Upgrade h2,h2c Vary Accept-Encoding
GET H/1.1	200 OK	obfuscate Show response office365.voestalpine.cloud/ Redirect Chain http://office365.voestalpine.cloud/js/events.js https://office365.voestalpine.cloud/obfuscate?path=js/events.js	558 B 1 KB	167ms 86ms	Script text/javascript	164.3.70.132 T-SYSTEMS-AT Renn...
General Check archive.org Show headers Download Go to Full URL https://office365.voestalpine.cloud/obfuscate?path=js/events.js Requested by Host: office365.voestalpine.cloud URL: http://office365.voestalpine.cloud/9s8ee3v5s4yugqlp Protocol HTTP/1.1 Server 164.3.70.132 , Austria, ASN8387 (T-SYSTEMS-AT Rennweg 97-99, AT), Reverse DNS Software Lucy / Resource Hash `1ebe19e41a80646d99691bf907f012f60c4a6f29d362ed8209a5e0964709808d` Request headers accept-language de-AT,de;q=0.9 Referer http://office365.voestalpine.cloud/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Pragma no-cache Date Wed, 06 Dec 2023 14:19:56 GMT Server Lucy Transfer-Encoding chunked Access-Control-Allow-Methods * Upgrade h2,h2c Access-Control-Allow-Origin * Content-Type text/javascript;charset=UTF-8 Cache-Control no-store, no-cache, must-revalidate Connection Upgrade, Keep-Alive Access-Control-Allow-Headers * Keep-Alive timeout=5, max=100 Expires Thu, 19 Nov 1981 08:52:00 GMT Redirect headers Date Wed, 06 Dec 2023 14:19:56 GMT Server Lucy Content-Type text/html; charset=iso-8859-1 Location https://office365.voestalpine.cloud/obfuscate?path=js/events.js Cache-Control max-age=1 Connection Keep-Alive Keep-Alive timeout=5, max=99 Content-Length 322 Expires Wed, 06 Dec 2023 14:19:57 GMT
GET H/1.1	200 OK	obfuscate Show response office365.voestalpine.cloud/ Redirect Chain http://office365.voestalpine.cloud/js/detect.js https://office365.voestalpine.cloud/obfuscate?path=js/detect.js	1 KB 2 KB	230ms 150ms	Script text/javascript	164.3.70.132 T-SYSTEMS-AT Renn...
General Check archive.org Show headers Download Go to Full URL https://office365.voestalpine.cloud/obfuscate?path=js/detect.js Requested by Host: office365.voestalpine.cloud URL: http://office365.voestalpine.cloud/9s8ee3v5s4yugqlp Protocol HTTP/1.1 Server 164.3.70.132 , Austria, ASN8387 (T-SYSTEMS-AT Rennweg 97-99, AT), Reverse DNS Software Lucy / Resource Hash `cf62ffea9831db96b94e267b4164733066335e851e552c7d5dbfc752a3385c96` Request headers accept-language de-AT,de;q=0.9 Referer http://office365.voestalpine.cloud/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Pragma no-cache Date Wed, 06 Dec 2023 14:19:56 GMT Server Lucy Transfer-Encoding chunked Access-Control-Allow-Methods * Upgrade h2,h2c Access-Control-Allow-Origin * Content-Type text/javascript;charset=UTF-8 Cache-Control no-store, no-cache, must-revalidate Connection Upgrade, Keep-Alive Access-Control-Allow-Headers * Keep-Alive timeout=5, max=100 Expires Thu, 19 Nov 1981 08:52:00 GMT Redirect headers Date Wed, 06 Dec 2023 14:19:56 GMT Server Lucy Content-Type text/html; charset=iso-8859-1 Location https://office365.voestalpine.cloud/obfuscate?path=js/detect.js Cache-Control max-age=1 Connection Keep-Alive Keep-Alive timeout=5, max=100 Content-Length 322 Expires Wed, 06 Dec 2023 14:19:57 GMT
GET H/1.1	200 OK	O365_Logo.jpg office365.voestalpine.cloud/public/campaign/58/static/	36 KB 36 KB	32ms 31ms	Image image/jpeg	164.3.70.132 T-SYSTEMS-AT Renn...
General Check archive.org Show headers Download Go to Show image Full URL http://office365.voestalpine.cloud/public/campaign/58/static/O365_Logo.jpg Requested by Host: office365.voestalpine.cloud URL: http://office365.voestalpine.cloud/9s8ee3v5s4yugqlp Protocol HTTP/1.1 Server 164.3.70.132 , Austria, ASN8387 (T-SYSTEMS-AT Rennweg 97-99, AT), Reverse DNS Software Lucy / Resource Hash `994b144cf2a2cdf3cd66ccbb797b0d2d736cb4fdccc6060eadc4b8440964659b` Request headers accept-language de-AT,de;q=0.9 Referer http://office365.voestalpine.cloud/9s8ee3v5s4yugqlp User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Wed, 06 Dec 2023 14:19:56 GMT Last-Modified Wed, 06 Dec 2023 10:38:54 GMT Server Lucy ETag "8f27-60bd4f5265e3c" Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 36647
GET H/1.1	200 OK	M365Logo.png office365.voestalpine.cloud/public/campaign/58/static/	6 KB 6 KB	31ms 31ms	Image image/png	164.3.70.132 T-SYSTEMS-AT Renn...
General Check archive.org Show headers Download Go to Show image Full URL http://office365.voestalpine.cloud/public/campaign/58/static/M365Logo.png Requested by Host: office365.voestalpine.cloud URL: http://office365.voestalpine.cloud/9s8ee3v5s4yugqlp Protocol HTTP/1.1 Server 164.3.70.132 , Austria, ASN8387 (T-SYSTEMS-AT Rennweg 97-99, AT), Reverse DNS Software Lucy / Resource Hash `be85cf80156b7d0720f03033a88f40eba1f8a04c16ca28d102c1fddb7fbd038d` Request headers accept-language de-AT,de;q=0.9 Referer http://office365.voestalpine.cloud/9s8ee3v5s4yugqlp User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Wed, 06 Dec 2023 14:19:56 GMT Last-Modified Wed, 06 Dec 2023 10:38:54 GMT Server Lucy ETag "1662-60bd4f5249911" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 5730
GET H/1.1	200 OK	jquery-1.11.3.min.js Show response office365.voestalpine.cloud/public/campaign/58/71/11/	94 KB 33 KB	61ms 41ms	Script application/javascript	164.3.70.132 T-SYSTEMS-AT Renn...
General Check archive.org Show headers Download Go to Full URL http://office365.voestalpine.cloud/public/campaign/58/71/11/jquery-1.11.3.min.js Requested by Host: office365.voestalpine.cloud URL: http://office365.voestalpine.cloud/9s8ee3v5s4yugqlp Protocol HTTP/1.1 Server 164.3.70.132 , Austria, ASN8387 (T-SYSTEMS-AT Rennweg 97-99, AT), Reverse DNS Software Lucy / Resource Hash `d052d0c3c047d723c2fcb341ed69e4f53ab1aa8650d33c75b039aef0b014555c` Request headers accept-language de-AT,de;q=0.9 Referer http://office365.voestalpine.cloud/9s8ee3v5s4yugqlp User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Wed, 06 Dec 2023 14:19:56 GMT Content-Encoding gzip Last-Modified Tue, 05 Dec 2023 07:55:33 GMT Server Lucy ETag "176fe-60bbe8f25822c-gzip" Vary Accept-Encoding Upgrade h2,h2c Content-Type application/javascript Connection Upgrade, Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 33314
GET H/1.1	200 OK	obfuscate Show response office365.voestalpine.cloud/ Redirect Chain http://office365.voestalpine.cloud/js/timeme.min.js https://office365.voestalpine.cloud/obfuscate?path=js/timeme.min.js	4 KB 5 KB	174ms 94ms	Script text/javascript	164.3.70.132 T-SYSTEMS-AT Renn...
General Check archive.org Show headers Download Go to Full URL https://office365.voestalpine.cloud/obfuscate?path=js/timeme.min.js Requested by Host: office365.voestalpine.cloud URL: http://office365.voestalpine.cloud/9s8ee3v5s4yugqlp Protocol HTTP/1.1 Server 164.3.70.132 , Austria, ASN8387 (T-SYSTEMS-AT Rennweg 97-99, AT), Reverse DNS Software Lucy / Resource Hash `1c1aff1501eb2b60d97d99b9f4cddfde783d6503a1a2f3fd7889d0ca9be45f26` Request headers accept-language de-AT,de;q=0.9 Referer http://office365.voestalpine.cloud/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Pragma no-cache Date Wed, 06 Dec 2023 14:19:56 GMT Server Lucy Transfer-Encoding chunked Access-Control-Allow-Methods * Upgrade h2,h2c Access-Control-Allow-Origin * Content-Type text/javascript;charset=UTF-8 Cache-Control no-store, no-cache, must-revalidate Connection Upgrade, Keep-Alive Access-Control-Allow-Headers * Keep-Alive timeout=5, max=100 Expires Thu, 19 Nov 1981 08:52:00 GMT Redirect headers Date Wed, 06 Dec 2023 14:19:56 GMT Server Lucy Content-Type text/html; charset=iso-8859-1 Location https://office365.voestalpine.cloud/obfuscate?path=js/timeme.min.js Cache-Control max-age=1 Connection Keep-Alive Keep-Alive timeout=5, max=100 Content-Length 326 Expires Wed, 06 Dec 2023 14:19:57 GMT
GET H/1.1	200 OK	obfuscate Show response office365.voestalpine.cloud/ Redirect Chain http://office365.voestalpine.cloud/js/time-tracker.js https://office365.voestalpine.cloud/obfuscate?path=js/time-tracker.js	2 KB 2 KB	144ms 91ms	Script text/javascript	164.3.70.132 T-SYSTEMS-AT Renn...
General Check archive.org Show headers Download Go to Full URL https://office365.voestalpine.cloud/obfuscate?path=js/time-tracker.js Requested by Host: office365.voestalpine.cloud URL: http://office365.voestalpine.cloud/9s8ee3v5s4yugqlp Protocol HTTP/1.1 Server 164.3.70.132 , Austria, ASN8387 (T-SYSTEMS-AT Rennweg 97-99, AT), Reverse DNS Software Lucy / Resource Hash `f53941103f6922446d2f5490b628638bffa13b74888ca07f40b2811ac743d98c` Request headers accept-language de-AT,de;q=0.9 Referer http://office365.voestalpine.cloud/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Pragma no-cache Date Wed, 06 Dec 2023 14:19:56 GMT Server Lucy Transfer-Encoding chunked Access-Control-Allow-Methods * Upgrade h2,h2c Access-Control-Allow-Origin * Content-Type text/javascript;charset=UTF-8 Cache-Control no-store, no-cache, must-revalidate Connection Upgrade, Keep-Alive Access-Control-Allow-Headers * Keep-Alive timeout=5, max=100 Expires Thu, 19 Nov 1981 08:52:00 GMT Redirect headers Date Wed, 06 Dec 2023 14:19:56 GMT Server Lucy Content-Type text/html; charset=iso-8859-1 Location https://office365.voestalpine.cloud/obfuscate?path=js/time-tracker.js Cache-Control max-age=1 Connection Keep-Alive Keep-Alive timeout=5, max=99 Content-Length 328 Expires Wed, 06 Dec 2023 14:19:57 GMT
GET H/1.1	200 OK	obfuscate Show response office365.voestalpine.cloud/ Redirect Chain http://office365.voestalpine.cloud/js/analyse.js https://office365.voestalpine.cloud/obfuscate?path=js/analyse.js	3 KB 3 KB	88ms 88ms	Script text/javascript	164.3.70.132 T-SYSTEMS-AT Renn...
General Check archive.org Show headers Download Go to Full URL https://office365.voestalpine.cloud/obfuscate?path=js/analyse.js Requested by Host: office365.voestalpine.cloud URL: http://office365.voestalpine.cloud/9s8ee3v5s4yugqlp Protocol HTTP/1.1 Server 164.3.70.132 , Austria, ASN8387 (T-SYSTEMS-AT Rennweg 97-99, AT), Reverse DNS Software Lucy / Resource Hash `91c41d9e81d8e6842726b8e34e0b25a018585a05c07ccb07b3e362a79da968b8` Request headers accept-language de-AT,de;q=0.9 Referer http://office365.voestalpine.cloud/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Pragma no-cache Date Wed, 06 Dec 2023 14:19:56 GMT Server Lucy Transfer-Encoding chunked Access-Control-Allow-Methods * Content-Type text/javascript;charset=UTF-8 Access-Control-Allow-Origin * Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Access-Control-Allow-Headers * Keep-Alive timeout=5, max=99 Expires Thu, 19 Nov 1981 08:52:00 GMT Redirect headers Date Wed, 06 Dec 2023 14:19:56 GMT Server Lucy Content-Type text/html; charset=iso-8859-1 Location https://office365.voestalpine.cloud/obfuscate?path=js/analyse.js Cache-Control max-age=1 Connection Keep-Alive Keep-Alive timeout=5, max=98 Content-Length 323 Expires Wed, 06 Dec 2023 14:19:57 GMT
GET H2	400	CheckCookie accounts.google.com/	0 0	138ms 51ms	Image text/html	173.194.76.84 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://accounts.google.com/CheckCookie?continue=https%3A%2F%2Fwww.google.com%2Fintl%2Fen%2Fimages%2Flogos%2Faccounts_logo.png&followup=https%3A%2F%2Fwww.google.com%2Fintl%2Fen%2Fimages%2Flogos%2Faccounts_logo.png&chtml=LoginDoneHtml&checkedDomains=youtube&checkConnection=youtube%3A291%3A1 Requested by Host: office365.voestalpine.cloud URL: http://office365.voestalpine.cloud/9s8ee3v5s4yugqlp Protocol H2 Security TLS 1.3, , AES_128_GCM Server 173.194.76.84 , United States, ASN15169 (GOOGLE, US), Reverse DNS ws-in-f84.1e100.net Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language de-AT,de;q=0.9 Referer http://office365.voestalpine.cloud/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers
GET H2	200	new-community-features-for-google-chat-and-an-update-currents%20.html workspaceupdates.googleblog.com/2023/04/ Redirect Chain https://plus.google.com/up/?continue=https://www.google.com/intl/en/images/logos/accounts_logo.png&type=st&gpsrc=ogpy0 https://workspaceupdates.googleblog.com/2023/04/new-community-features-for-google-chat-and-an-update-currents%20.html	0 0	273ms 148ms	Image text/html	142.250.181.225 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://workspaceupdates.googleblog.com/2023/04/new-community-features-for-google-chat-and-an-update-currents%20.html Requested by Host: office365.voestalpine.cloud URL: http://office365.voestalpine.cloud/9s8ee3v5s4yugqlp Protocol H2 Server 142.250.181.225 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s56-in-f1.1e100.net Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language de-AT,de;q=0.9 Referer http://office365.voestalpine.cloud/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Redirect headers date Wed, 06 Dec 2023 14:09:13 GMT x-content-type-options nosniff server sffe age 644 content-type text/html; charset=UTF-8 location https://workspaceupdates.googleblog.com/2023/04/new-community-features-for-google-chat-and-an-update-currents%20.html cache-control public, max-age=1800 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 314 x-xss-protection 0 expires Wed, 06 Dec 2023 14:39:13 GMT
GET H2	200	login twitter.com/	0 0	218ms 148ms	Image text/html	104.244.42.1 TWITTER
General Check archive.org Show headers Download Go to Show image Full URL https://twitter.com/login?redirect_after_login=/favicon.ico Requested by Host: office365.voestalpine.cloud URL: http://office365.voestalpine.cloud/9s8ee3v5s4yugqlp Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.1 , United States, ASN13414 (TWITTER, US), Reverse DNS Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language de-AT,de;q=0.9 Referer http://office365.voestalpine.cloud/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers
POST H/1.1	200 OK	plugin-list Show response office365.voestalpine.cloud/	65 B 698 B	106ms 106ms	XHR text/html	164.3.70.132 T-SYSTEMS-AT Renn...
General Check archive.org Show headers Download Go to Full URL http://office365.voestalpine.cloud/plugin-list Requested by Host: office365.voestalpine.cloud URL: http://office365.voestalpine.cloud/9s8ee3v5s4yugqlp Protocol HTTP/1.1 Server 164.3.70.132 , Austria, ASN8387 (T-SYSTEMS-AT Rennweg 97-99, AT), Reverse DNS Software Lucy / Resource Hash `07be3ff476a8b063c81d7db7750cca027280cd0fced01ce9a5d073d4b70841bb` Request headers Referer http://office365.voestalpine.cloud/9s8ee3v5s4yugqlp X-Requested-With XMLHttpRequest accept-language de-AT,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers Pragma no-cache Date Wed, 06 Dec 2023 14:19:56 GMT Content-Encoding gzip Server Lucy Vary Accept-Encoding Access-Control-Allow-Methods * Content-Type text/html; charset=UTF-8 Access-Control-Allow-Origin * Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Access-Control-Allow-Headers * Content-Length 83 Keep-Alive timeout=5, max=97 Expires Thu, 19 Nov 1981 08:52:00 GMT
GET H/1.1	200 OK	heroillustration.jpg office365.voestalpine.cloud/public/campaign/58/71/11/	199 KB 199 KB	31ms 31ms	Image image/jpeg	164.3.70.132 T-SYSTEMS-AT Renn...
General Check archive.org Show headers Download Go to Show image Full URL http://office365.voestalpine.cloud/public/campaign/58/71/11/heroillustration.jpg Requested by Host: office365.voestalpine.cloud URL: http://office365.voestalpine.cloud/9s8ee3v5s4yugqlp Protocol HTTP/1.1 Server 164.3.70.132 , Austria, ASN8387 (T-SYSTEMS-AT Rennweg 97-99, AT), Reverse DNS Software Lucy / Resource Hash `7e50e406688bd898803f653058d14ca384734cb9b39ba900bc5e2734b59c073b` Request headers accept-language de-AT,de;q=0.9 Referer http://office365.voestalpine.cloud/9s8ee3v5s4yugqlp User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Wed, 06 Dec 2023 14:19:56 GMT Last-Modified Tue, 05 Dec 2023 07:55:33 GMT Server Lucy ETag "31a1e-60bbe8f25822c" Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 203294
POST H/1.1	200 OK	run-analyse Show response office365.voestalpine.cloud/9s8ee3v5s4yugqlp/	0 468 B	110ms 109ms	XHR text/html	164.3.70.132 T-SYSTEMS-AT Renn...
General Check archive.org Show headers Download Go to Full URL http://office365.voestalpine.cloud/9s8ee3v5s4yugqlp/run-analyse Requested by Host: office365.voestalpine.cloud URL: http://office365.voestalpine.cloud/9s8ee3v5s4yugqlp Protocol HTTP/1.1 Server 164.3.70.132 , Austria, ASN8387 (T-SYSTEMS-AT Rennweg 97-99, AT), Reverse DNS Software Lucy / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer http://office365.voestalpine.cloud/9s8ee3v5s4yugqlp accept-language de-AT,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Content-Type multipart/form-data; boundary=----WebKitFormBoundaryqtU7abuzzdGRH3uB Response headers Pragma no-cache Date Wed, 06 Dec 2023 14:19:57 GMT Server Lucy Access-Control-Allow-Methods * Content-Type text/html; charset=UTF-8 Access-Control-Allow-Origin * Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Access-Control-Allow-Headers * Content-Length 0 Keep-Alive timeout=5, max=97 Expires Thu, 19 Nov 1981 08:52:00 GMT
POST H/1.1	200 OK	run-analyse Show response office365.voestalpine.cloud/9s8ee3v5s4yugqlp/	0 468 B	110ms 110ms	XHR text/html	164.3.70.132 T-SYSTEMS-AT Renn...
General Check archive.org Show headers Download Go to Full URL http://office365.voestalpine.cloud/9s8ee3v5s4yugqlp/run-analyse Requested by Host: office365.voestalpine.cloud URL: http://office365.voestalpine.cloud/9s8ee3v5s4yugqlp Protocol HTTP/1.1 Server 164.3.70.132 , Austria, ASN8387 (T-SYSTEMS-AT Rennweg 97-99, AT), Reverse DNS Software Lucy / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer http://office365.voestalpine.cloud/9s8ee3v5s4yugqlp accept-language de-AT,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Content-Type multipart/form-data; boundary=----WebKitFormBoundaryUtvgBV2114BA9A2j Response headers Pragma no-cache Date Wed, 06 Dec 2023 14:19:57 GMT Server Lucy Access-Control-Allow-Methods * Content-Type text/html; charset=UTF-8 Access-Control-Allow-Origin * Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Access-Control-Allow-Headers * Content-Length 0 Keep-Alive timeout=5, max=96 Expires Thu, 19 Nov 1981 08:52:00 GMT
POST H/1.1	200 OK	track-time office365.voestalpine.cloud/scenario/	0 782 B	103ms 103ms	Ping text/html	164.3.70.132 T-SYSTEMS-AT Renn...
General Check archive.org Show headers Download Go to Full URL http://office365.voestalpine.cloud/scenario/track-time Requested by Host: office365.voestalpine.cloud URL: http://office365.voestalpine.cloud/9s8ee3v5s4yugqlp Protocol HTTP/1.1 Server 164.3.70.132 , Austria, ASN8387 (T-SYSTEMS-AT Rennweg 97-99, AT), Reverse DNS Software Lucy / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer http://office365.voestalpine.cloud/9s8ee3v5s4yugqlp accept-language de-AT,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers Pragma no-cache Date Wed, 06 Dec 2023 14:19:57 GMT Server Lucy Access-Control-Max-Age 86400 Access-Control-Allow-Methods GET, POST, OPTIONS, PUT, PATCH, HEAD, * Content-Type text/html; charset=UTF-8 Access-Control-Allow-Origin , Cache-Control no-store, no-cache, must-revalidate Access-Control-Allow-Credentials true Connection Keep-Alive Access-Control-Allow-Headers Content-Type, * Content-Length 0 Keep-Alive timeout=5, max=95 Expires Thu, 19 Nov 1981 08:52:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Office 365 (Online)

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			office365.voestalpine.cloud/	1970-01-20 17:27:44	Name: link Value: 9s8ee3v5s4yugqlp
			.twitter.com/	1970-01-21 02:14:46	Name: guest_id Value: v1%3A170187239702620072

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://accounts.google.com/CheckCookie?continue=https%3A%2F%2Fwww.google.com%2Fintl%2Fen%2Fimages%2Flogos%2Faccounts_logo.png&followup=https%3A%2F%2Fwww.google.com%2Fintl%2Fen%2Fimages%2Flogos%2Faccounts_logo.png&chtml=LoginDoneHtml&checkedDomains=youtube&checkConnection=youtube%3A291%3A1 Message: Failed to load resource: the server responded with a status of 400 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
office365.voestalpine.cloud
plus.google.com
twitter.com
workspaceupdates.googleblog.com
104.244.42.1
142.250.181.225
164.3.70.132
173.194.76.84
216.58.212.142
07be3ff476a8b063c81d7db7750cca027280cd0fced01ce9a5d073d4b70841bb
1c1aff1501eb2b60d97d99b9f4cddfde783d6503a1a2f3fd7889d0ca9be45f26
1ebe19e41a80646d99691bf907f012f60c4a6f29d362ed8209a5e0964709808d
6508d5f5268e3ceb26624d947fab5e24f1c648b188fdb75ec7c66b582aee59dc
7e50e406688bd898803f653058d14ca384734cb9b39ba900bc5e2734b59c073b
91c41d9e81d8e6842726b8e34e0b25a018585a05c07ccb07b3e362a79da968b8
994b144cf2a2cdf3cd66ccbb797b0d2d736cb4fdccc6060eadc4b8440964659b
be85cf80156b7d0720f03033a88f40eba1f8a04c16ca28d102c1fddb7fbd038d
cf62ffea9831db96b94e267b4164733066335e851e552c7d5dbfc752a3385c96
d052d0c3c047d723c2fcb341ed69e4f53ab1aa8650d33c75b039aef0b014555c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f53941103f6922446d2f5490b628638bffa13b74888ca07f40b2811ac743d98c

office365.voestalpine.cloud Open in urlscan Pro 164.3.70.132 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

17 Requests

12 %HTTPS

0 %IPv6

4 Domains

5 Subdomains

4 IPs

2 Countries

292 kBTransfer

351 kBSize

2 Cookies

0 Outgoing links

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

22 JavaScript Global Variables

2 Cookies

1 Console Messages

Indicators

office365.voestalpine.cloud Open in urlscan Pro
164.3.70.132 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

12 %
HTTPS

0 %
IPv6

4
Domains

5
Subdomains

4
IPs

2
Countries

292 kB
Transfer

351 kB
Size

2
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!