urlscan.io logo urlscan.io
SecurityTrails logo

officee.s3-web.jp-tok.cloud-object-storage.appdomain.cloud Open in urlscan Pro
162.133.118.51  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://checkered-wooden-stretch.glitch.me/
Effective URL: https://officee.s3-web.jp-tok.cloud-object-storage.appdomain.cloud/n.htm?login=undefined
Submission: On April 12 via api from AU
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 1 countries across 5 domains to perform 16 HTTP transactions. The main IP is 162.133.118.51, located in United States and belongs to SOFTLAYER, US. The main domain is officee.s3-web.jp-tok.cloud-object-storage.appdomain.cloud.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on October 11th 2020. Valid for: a year.
This is the only time officee.s3-web.jp-tok.cloud-object-storage.appdomain.cloud was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
3 52.204.92.126 14618 (AMAZON-AES)
2 162.133.118.51 36351 (SOFTLAYER)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 5 192.229.233.123 15133 (EDGECAST)
1 13.226.155.91 16509 (AMAZON-02)
5 169.47.124.25 36351 (SOFTLAYER)
16 6
3    52.204.92.126 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-204-92-126.compute-1.amazonaws.com
checkered-wooden-stretch.glitch.me
2    162.133.118.51 (United States)

ASN36351 (SOFTLAYER, US)
PTR: 33.76.85a2.ip4.static.sl-reverse.com
officee.s3-web.jp-tok.cloud-object-storage.appdomain.cloud
1    2606:4700:3037::6815:bdb (United States)

ASN13335 (CLOUDFLARENET, US)
cloud.webtype.com
5    192.229.233.123 (Torrance, United States)

ASN15133 (EDGECAST, US)
cloud.typenetwork.com
1    13.226.155.91 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-155-91.dus51.r.cloudfront.net
cdn.glitch.com
5    169.47.124.25 (Ashburn, United States)

ASN36351 (SOFTLAYER, US)
PTR: 19.7c.2fa9.ip4.static.sl-reverse.com
owadocument.us-south.cf.appdomain.cloud
Domain Requested by
5 owadocument.us-south.cf.appdomain.cloud checkered-wooden-stretch.glitch.me
owadocument.us-south.cf.appdomain.cloud
5 cloud.typenetwork.com 1 redirects checkered-wooden-stretch.glitch.me
cloud.typenetwork.com
3 checkered-wooden-stretch.glitch.me checkered-wooden-stretch.glitch.me
2 officee.s3-web.jp-tok.cloud-object-storage.appdomain.cloud checkered-wooden-stretch.glitch.me
officee.s3-web.jp-tok.cloud-object-storage.appdomain.cloud
1 cdn.glitch.com checkered-wooden-stretch.glitch.me
1 cloud.webtype.com 1 redirects
16 6

This site contains no links.

Subject Issuer Validity Valid
*.s3-web.jp-tok.cloud-object-storage.appdomain.cloud
DigiCert SHA2 Secure Server CA		 2020-10-11 -
2021-10-20		 a year crt.sh
*.typenetwork.com
DigiCert SHA2 Secure Server CA		 2019-06-20 -
2021-06-24		 2 years crt.sh
glitch.com
Amazon		 2021-01-18 -
2022-02-15		 a year crt.sh
*.us-south.cf.appdomain.cloud
DigiCert SHA2 Secure Server CA		 2020-08-27 -
2021-09-01		 a year crt.sh

This page contains 3 frames:

Primary Page: https://officee.s3-web.jp-tok.cloud-object-storage.appdomain.cloud/n.htm?login=undefined
Frame ID: 611E704B21DB1F837D1A6DF58BD8A32C
Requests: 4 HTTP requests in this frame

Frame: http://checkered-wooden-stretch.glitch.me/default.asp
Frame ID: FAACDB484227B738243186C57891414C
Requests: 6 HTTP requests in this frame

Frame: https://owadocument.us-south.cf.appdomain.cloud/main.php?username=undefined
Frame ID: D0CFB78034E134653DB0CA3EB2C887D9
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://checkered-wooden-stretch.glitch.me/ Page URL
  2. https://officee.s3-web.jp-tok.cloud-object-storage.appdomain.cloud/n.htm?login=undefined Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^AmazonS3$/i
Overall confidence: 100%
Detected patterns
  • headers server /^AmazonS3$/i

Page Statistics

16
Requests

75 %
HTTPS

17 %
IPv6

5
Domains

6
Subdomains

6
IPs

1
Countries

326 kB
Transfer

325 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://checkered-wooden-stretch.glitch.me/ Page URL
  2. https://officee.s3-web.jp-tok.cloud-object-storage.appdomain.cloud/n.htm?login=undefined Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3
  • https://cloud.webtype.com/css/3a8e55c6-b1f3-4659-99eb-125ae72bd084.css HTTP 301
  • https://cloud.typenetwork.com/css/3a8e55c6-b1f3-4659-99eb-125ae72bd084.css HTTP 301
  • https://cloud.typenetwork.com/projects/5027/fontface.css/

16 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
checkered-wooden-stretch.glitch.me/ 		861 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://checkered-wooden-stretch.glitch.me/
Protocol
HTTP/1.1
Server
52.204.92.126 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-204-92-126.compute-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
a7d12b440676b9f8dfc2afcef8e7ed62209c5250c76a348fada190f7d5ffe4b2

Request headers

Host
checkered-wooden-stretch.glitch.me
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 12 Apr 2021 09:07:16 GMT
Content-Type
text/html; charset=utf-8
Content-Length
861
Connection
keep-alive
x-amz-id-2
kcbpdQdxGS8kLiteFJqVcjpGb5acVBPJrfUQ3j+0E1bUN9AkKG1ZvZ1zIa1m0UyWy+SuS6PVr7o=
x-amz-request-id
5MEWQCV37YFH34J9
last-modified
Wed, 07 Apr 2021 07:27:56 GMT
etag
"6130e57184cbe8dfee6deff2884c8d90"
cache-control
no-cache
x-amz-version-id
d35IKVJES1_87oyvCGGVeDKPzmyOLz_H
accept-ranges
bytes
server
AmazonS3
style.css
checkered-wooden-stretch.glitch.me/ 		168 B
639 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://checkered-wooden-stretch.glitch.me/style.css
Requested by
Host: checkered-wooden-stretch.glitch.me
URL: http://checkered-wooden-stretch.glitch.me/
Protocol
HTTP/1.1
Server
52.204.92.126 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-204-92-126.compute-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
b824f05ba943476537e9083c0f62cdb9cd48a957fc147ab36731c1606f2e95fa

Request headers

Referer
http://checkered-wooden-stretch.glitch.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 12 Apr 2021 09:07:16 GMT
last-modified
Wed, 07 Apr 2021 07:27:56 GMT
server
AmazonS3
x-amz-request-id
5MEP6ETC6ZHJ0F87
etag
"fa0fc5542364cef7135ffd9dad7f1a6f"
Content-Type
text/css; charset=utf-8
cache-control
no-cache
Content-Length
168
Connection
keep-alive
accept-ranges
bytes
x-amz-version-id
ESfMUfP3xPW8mgis0obS.bsi8AFxxAc_
x-amz-id-2
nZxir7YWCl3yUxZFXDmXkA0gWeYAKm0Qw6mMdcBVorA/fD7VixiekU9L4kYBH5+dVlYhHbFLgs0=
default.asp
checkered-wooden-stretch.glitch.me/ Frame FAAC 		3 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://checkered-wooden-stretch.glitch.me/default.asp
Requested by
Host: checkered-wooden-stretch.glitch.me
URL: http://checkered-wooden-stretch.glitch.me/
Protocol
HTTP/1.1
Server
52.204.92.126 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-204-92-126.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Host
checkered-wooden-stretch.glitch.me
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://checkered-wooden-stretch.glitch.me/
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
http://checkered-wooden-stretch.glitch.me/

Response headers

Date
Mon, 12 Apr 2021 09:07:16 GMT
Content-Length
3538
Connection
keep-alive
Cache-Control
max-age=0
Primary Request n.htm
officee.s3-web.jp-tok.cloud-object-storage.appdomain.cloud/ 		606 B
973 B 		Document
General
Check archive.org
Download Go to
Full URL
https://officee.s3-web.jp-tok.cloud-object-storage.appdomain.cloud/n.htm?login=undefined
Requested by
Host: checkered-wooden-stretch.glitch.me
URL: http://checkered-wooden-stretch.glitch.me/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.133.118.51 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
33.76.85a2.ip4.static.sl-reverse.com
Software
Cleversafe /
Resource Hash
8449374a07a96e758d9e3d5be2905092278239e12d54f4ceb2f70a39df65dcc7

Request headers

Host
officee.s3-web.jp-tok.cloud-object-storage.appdomain.cloud
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
http://checkered-wooden-stretch.glitch.me/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
http://checkered-wooden-stretch.glitch.me/

Response headers

Date
Mon, 12 Apr 2021 09:07:17 GMT
X-Clv-Request-Id
d1c8b431-9c68-4496-9166-6a4e18b41b44
Server
Cleversafe
X-Clv-S3-Version
2.5
Accept-Ranges
bytes
x-amz-request-id
d1c8b431-9c68-4496-9166-6a4e18b41b44
ETag
"c627bcb5da7bd61b43310ab2dfb76378"
Content-Type
text/html
Last-Modified
Mon, 05 Apr 2021 13:46:01 GMT
Content-Length
606
/
cloud.typenetwork.com/projects/5027/fontface.css/ Frame FAAC
Redirect Chain
  • https://cloud.webtype.com/css/3a8e55c6-b1f3-4659-99eb-125ae72bd084.css
  • https://cloud.typenetwork.com/css/3a8e55c6-b1f3-4659-99eb-125ae72bd084.css
  • https://cloud.typenetwork.com/projects/5027/fontface.css/
2 KB
927 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cloud.typenetwork.com/projects/5027/fontface.css/
Requested by
Host: checkered-wooden-stretch.glitch.me
URL: http://checkered-wooden-stretch.glitch.me/default.asp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.123 Torrance, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6760) /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
http://checkered-wooden-stretch.glitch.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-request-id
095572c0c000001f51b22e8000000001
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"report_to":"cf-nel","max_age":604800}
age
293348
x-cache
HIT
content-length
513
allow
GET, HEAD, OPTIONS
last-modified
Thu, 08 Apr 2021 23:02:07 GMT
server
ECS (frb/6760)
x-frame-options
SAMEORIGIN
date
Mon, 12 Apr 2021 09:07:17 GMT
vary
Accept-Encoding
report-to
{"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=qvmaY6y%2BMajr64qqnQb2j4AbSYoTYSSJwyTK4F66Sbuc0BsWkOMoDkSeFriEkUdP5D5JYr0r0v0Oda%2BiNolTRZAiDpHyaufibyE1nZwDStGK90e%2B"}],"max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=10800
accept-ranges
bytes
cf-ray
63cf53e13bf51f51-FRA
expires
Mon, 12 Apr 2021 12:07:17 GMT

Redirect headers

cf-request-id
0966eee146000016f22a18d000000001
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
access-control-allow-origin
*
x-frame-options
SAMEORIGIN
date
Mon, 12 Apr 2021 09:07:17 GMT
vary
Authorization
report-to
{"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=lTi2PsbzKEDSknXzc761y6UFUm848LpNJ5e8A46alOfVw916wXSqsOuy4ayeHgwzvO1luNo7euSQJ6sXsFW437fxfTqeSrCUlYlR8fQNuEHMrazg"}]}
content-type
text/html; charset=utf-8
location
../projects/5027/fontface.css/
cf-ray
63eb4daedcfa16f2-FRA
d7f4f279-e13b-4330-8422-00b2d9211424%2FGlitch-Error-Rainbow-Mug-hires.png
cdn.glitch.com/ Frame FAAC 		166 KB
167 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.glitch.com/d7f4f279-e13b-4330-8422-00b2d9211424%2FGlitch-Error-Rainbow-Mug-hires.png?v=1595481653593
Requested by
Host: checkered-wooden-stretch.glitch.me
URL: http://checkered-wooden-stretch.glitch.me/default.asp
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.226.155.91 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-155-91.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash

Request headers

Referer
http://checkered-wooden-stretch.glitch.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 08 Feb 2021 01:33:09 GMT
Via
1.1 26b0de44343edcaf19972d71d8e0256d.cloudfront.net (CloudFront)
Age
5470448
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
170377
Last-Modified
Thu, 23 Jul 2020 05:20:52 GMT
Server
AmazonS3
ETag
"a002b1fa4cf220520bebb230b1b68a80"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET, HEAD, POST
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=31536000
X-Amz-Cf-Pop
DUS51-C1
X-Amz-Cf-Id
PIPQ3wym65pbafrX1_D8jNc57H7YSdfix7ZeNp7o1lEERSvWP_gKGg==
/
cloud.typenetwork.com/projectLicenseWeb/26553/fontfile/woff2/ Frame FAAC 		45 KB
46 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cloud.typenetwork.com/projectLicenseWeb/26553/fontfile/woff2/?8a8dd2cd7c863292708c10238f06ebccfce103b3
Requested by
Host: cloud.typenetwork.com
URL: https://cloud.typenetwork.com/projects/5027/fontface.css/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.123 Torrance, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6739) /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Origin
http://checkered-wooden-stretch.glitch.me
Referer
https://cloud.typenetwork.com/projects/5027/fontface.css/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-request-id
0964e6b63f00004eaff4223000000001
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"report_to":"cf-nel","max_age":604800}
age
34090
x-cache
HIT
content-disposition
attachment; filename="_Benton_Sans-Bold_WebTT.woff2"
content-length
46452
etag
"b70a91fa55b9f3842e877eaf7af2fb6a"
allow
GET, HEAD, OPTIONS
last-modified
Sun, 11 Apr 2021 22:54:29 GMT
server
ECS (frb/6739)
date
Mon, 12 Apr 2021 09:07:17 GMT
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=0mN8gR3JJC5qAhnWtSSlUCsG3%2BXxXDoBYRu%2Bmx%2BBm7F3ZuIrCvR0%2FurEK7ZTPIBJRdk4zyJ0iJyHa5D5jwxM%2BgfQ7Yr41ykEsJr0ZByyivp8zxX4"}],"group":"cf-nel","max_age":604800}
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=259200
accept-ranges
bytes
cf-ray
63e80d69fbcf4eaf-FRA
/
cloud.typenetwork.com/projectLicenseWeb/26551/fontfile/woff2/ Frame FAAC 		46 KB
47 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cloud.typenetwork.com/projectLicenseWeb/26551/fontfile/woff2/?8a8dd2cd7c863292708c10238f06ebccfce103b3
Requested by
Host: cloud.typenetwork.com
URL: https://cloud.typenetwork.com/projects/5027/fontface.css/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.123 Torrance, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67A7) /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Origin
http://checkered-wooden-stretch.glitch.me
Referer
https://cloud.typenetwork.com/projects/5027/fontface.css/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-request-id
0964e6df6900004d8a06891000000001
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"max_age":604800,"report_to":"cf-nel"}
age
34080
x-cache
HIT
content-disposition
attachment; filename="_Benton_Sans-Book_WebTT.woff2"
content-length
47288
etag
"b70a91fa55b9f3842e877eaf7af2fb6a"
allow
GET, HEAD, OPTIONS
last-modified
Sun, 11 Apr 2021 22:54:29 GMT
server
ECS (frb/67A7)
date
Mon, 12 Apr 2021 09:07:17 GMT
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=F6iHjbrnQleIVFfZI2nkhdY8WySHahflIinlr8zPLprP40t%2B0yrBfg52VKbbzmxWgtsXn%2BSWmgiMRdVqE4KbSp90A36F0P5guQHqf%2BYS6Vq4gA%2B9"}],"group":"cf-nel","max_age":604800}
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=259200
accept-ranges
bytes
cf-ray
63e80dabddb34d8a-FRA
/
cloud.typenetwork.com/projectLicenseWeb/26552/fontfile/woff2/ Frame FAAC 		45 KB
46 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cloud.typenetwork.com/projectLicenseWeb/26552/fontfile/woff2/?8a8dd2cd7c863292708c10238f06ebccfce103b3
Requested by
Host: cloud.typenetwork.com
URL: https://cloud.typenetwork.com/projects/5027/fontface.css/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.123 Torrance, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6711) /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Origin
http://checkered-wooden-stretch.glitch.me
Referer
https://cloud.typenetwork.com/projects/5027/fontface.css/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-request-id
0964e6e658000005fd7ebb0000000001
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"max_age":604800,"report_to":"cf-nel"}
age
34078
x-cache
HIT
content-disposition
attachment; filename="_Benton_Sans-Medium_WebTT.woff2"
content-length
46336
etag
"b70a91fa55b9f3842e877eaf7af2fb6a"
allow
GET, HEAD, OPTIONS
last-modified
Sun, 11 Apr 2021 22:54:29 GMT
server
ECS (frb/6711)
date
Mon, 12 Apr 2021 09:07:17 GMT
x-frame-options
SAMEORIGIN
report-to
{"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=wPyiRy4UXxVBJ3VH5RbqdlNMvIQywkJ1L%2F6ngHe%2BkzoxMRohgRs19feRDfDcZAwQtUt4yHlw5y4fHiyrptBEeX%2Bbjr3rYHvfA6n6kjBX5ipf3KYv"}],"max_age":604800}
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=259200
accept-ranges
bytes
cf-ray
63e80db6f9fe05fd-FRA
myscr157567.js
officee.s3-web.jp-tok.cloud-object-storage.appdomain.cloud/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://officee.s3-web.jp-tok.cloud-object-storage.appdomain.cloud/myscr157567.js
Requested by
Host: officee.s3-web.jp-tok.cloud-object-storage.appdomain.cloud
URL: https://officee.s3-web.jp-tok.cloud-object-storage.appdomain.cloud/n.htm?login=undefined
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.133.118.51 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
33.76.85a2.ip4.static.sl-reverse.com
Software
Cleversafe /
Resource Hash
7178432105c3a0a79d0c403b0632fd5e0a256e7fac74ac0b734b2c3f0dc9e688

Request headers

Referer
https://officee.s3-web.jp-tok.cloud-object-storage.appdomain.cloud/n.htm?login=undefined
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 12 Apr 2021 09:07:17 GMT
Last-Modified
Mon, 05 Apr 2021 13:46:00 GMT
Server
Cleversafe
x-amz-request-id
03ce60db-0fc6-48b5-a463-fe8d9b418ed8
ETag
"0c4427a21858710238a735edb83d2390"
Content-Type
text/javascript
X-Clv-Request-Id
03ce60db-0fc6-48b5-a463-fe8d9b418ed8
X-Clv-S3-Version
2.5
Accept-Ranges
bytes
Content-Length
2954
default.asp
officee.s3-web.jp-tok.cloud-object-storage.appdomain.cloud/ Frame D0CF 		0
0
main.php
owadocument.us-south.cf.appdomain.cloud/ Frame D0CF 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://owadocument.us-south.cf.appdomain.cloud/main.php?username=undefined
Requested by
Host: checkered-wooden-stretch.glitch.me
URL: http://checkered-wooden-stretch.glitch.me/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
169.47.124.25 Ashburn, United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
19.7c.2fa9.ip4.static.sl-reverse.com
Software
Apache /
Resource Hash
a7c9cbbea99dfecb8a215273c4134f383ea365717f689631a36c975fb86a51b9

Request headers

Host
owadocument.us-south.cf.appdomain.cloud
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
same-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://officee.s3-web.jp-tok.cloud-object-storage.appdomain.cloud/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://officee.s3-web.jp-tok.cloud-object-storage.appdomain.cloud/

Response headers

X-Backside-Transport
OK OK
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Mon, 12 Apr 2021 09:07:18 GMT
Server
Apache
Vary
Accept-Encoding
X-Global-Transaction-ID
63cd456d60740dc6e7dd5add
style.css
owadocument.us-south.cf.appdomain.cloud/files/ Frame D0CF 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://owadocument.us-south.cf.appdomain.cloud/files/style.css
Requested by
Host: owadocument.us-south.cf.appdomain.cloud
URL: https://owadocument.us-south.cf.appdomain.cloud/main.php?username=undefined
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
169.47.124.25 Ashburn, United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
19.7c.2fa9.ip4.static.sl-reverse.com
Software
Apache /
Resource Hash
28e68f5b82e050eccf5a0ecd5c1c24a3f5bc6003b2e7f8080366c70ee7537236

Request headers

Referer
https://owadocument.us-south.cf.appdomain.cloud/main.php?username=undefined
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 12 Apr 2021 09:07:18 GMT
Content-Encoding
gzip
Last-Modified
Mon, 05 Apr 2021 02:59:14 GMT
Server
Apache
Etag
"ba5-5bf30e1f7c480-gzip"
Vary
Accept-Encoding
Content-Type
text/css
X-Backside-Transport
OK OK
Transfer-Encoding
chunked
Connection
Keep-Alive
X-Global-Transaction-ID
63cd456d60740dc6bc701391
microsoft_logo.png
owadocument.us-south.cf.appdomain.cloud/files/ Frame D0CF 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://owadocument.us-south.cf.appdomain.cloud/files/microsoft_logo.png
Requested by
Host: owadocument.us-south.cf.appdomain.cloud
URL: https://owadocument.us-south.cf.appdomain.cloud/main.php?username=undefined
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
169.47.124.25 Ashburn, United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
19.7c.2fa9.ip4.static.sl-reverse.com
Software
Apache /
Resource Hash
f664b8138c2da6ec7565500a7cc839da6372614a31dc04c5a2169a26b8d9767c

Request headers

Referer
https://owadocument.us-south.cf.appdomain.cloud/main.php?username=undefined
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 12 Apr 2021 09:07:18 GMT
Last-Modified
Mon, 05 Apr 2021 02:59:14 GMT
Server
Apache
Etag
"421-5bf30e1f7c480"
Transfer-Encoding
chunked
Content-Type
image/png
X-Backside-Transport
OK OK
X-Global-Transaction-ID
63cd456d60740dc632d2b6ff
Connection
Keep-Alive
arrow_left.svg
owadocument.us-south.cf.appdomain.cloud/files/ Frame D0CF 		513 B
831 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://owadocument.us-south.cf.appdomain.cloud/files/arrow_left.svg
Requested by
Host: owadocument.us-south.cf.appdomain.cloud
URL: https://owadocument.us-south.cf.appdomain.cloud/main.php?username=undefined
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
169.47.124.25 Ashburn, United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
19.7c.2fa9.ip4.static.sl-reverse.com
Software
Apache /
Resource Hash
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58

Request headers

Referer
https://owadocument.us-south.cf.appdomain.cloud/main.php?username=undefined
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 12 Apr 2021 09:07:19 GMT
Last-Modified
Mon, 05 Apr 2021 02:59:14 GMT
Server
Apache
Etag
"201-5bf30e1f7c480"
Transfer-Encoding
chunked
Content-Type
image/svg+xml
X-Backside-Transport
OK OK
X-Global-Transaction-ID
63cd456d60740dc7e7dd5dfd
Connection
Keep-Alive
mmm.PNG
owadocument.us-south.cf.appdomain.cloud/files/ Frame D0CF 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://owadocument.us-south.cf.appdomain.cloud/files/mmm.PNG
Requested by
Host: owadocument.us-south.cf.appdomain.cloud
URL: https://owadocument.us-south.cf.appdomain.cloud/files/style.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
169.47.124.25 Ashburn, United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
19.7c.2fa9.ip4.static.sl-reverse.com
Software
Apache /
Resource Hash
c3e51d6b6bb24b1dfe86e3e80905a1b0fb957c19f61fa0a9d6ffb68d0d542aff

Request headers

Referer
https://owadocument.us-south.cf.appdomain.cloud/files/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 12 Apr 2021 09:07:19 GMT
Last-Modified
Mon, 05 Apr 2021 02:59:14 GMT
Server
Apache
Etag
"176f-5bf30e1f7c480"
Transfer-Encoding
chunked
Content-Type
image/png
X-Backside-Transport
OK OK
X-Global-Transaction-ID
63cd456d60740dc7ee184ed7
Connection
Keep-Alive

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
officee.s3-web.jp-tok.cloud-object-storage.appdomain.cloud
URL
https://officee.s3-web.jp-tok.cloud-object-storage.appdomain.cloud/default.asp

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| erp string| em number| tmp function| getInputValue

0 Cookies