officee.s3-web.jp-tok.cloud-object-storage.appdomain.cloud
Open in
urlscan Pro
162.133.118.51
Malicious Activity!
Public Scan
Effective URL: https://officee.s3-web.jp-tok.cloud-object-storage.appdomain.cloud/n.htm?login=undefined
Submission: On April 12 via api from AU
Summary
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on October 11th 2020. Valid for: a year.
This is the only time officee.s3-web.jp-tok.cloud-object-storage.appdomain.cloud was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 52.204.92.126 52.204.92.126 | 14618 (AMAZON-AES) (AMAZON-AES) | |
2 | 162.133.118.51 162.133.118.51 | 36351 (SOFTLAYER) (SOFTLAYER) | |
1 1 | 2606:4700:303... 2606:4700:3037::6815:bdb | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 5 | 192.229.233.123 192.229.233.123 | 15133 (EDGECAST) (EDGECAST) | |
1 | 13.226.155.91 13.226.155.91 | 16509 (AMAZON-02) (AMAZON-02) | |
5 | 169.47.124.25 169.47.124.25 | 36351 (SOFTLAYER) (SOFTLAYER) | |
16 | 6 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-52-204-92-126.compute-1.amazonaws.com
checkered-wooden-stretch.glitch.me |
ASN36351 (SOFTLAYER, US)
PTR: 33.76.85a2.ip4.static.sl-reverse.com
officee.s3-web.jp-tok.cloud-object-storage.appdomain.cloud |
ASN16509 (AMAZON-02, US)
PTR: server-13-226-155-91.dus51.r.cloudfront.net
cdn.glitch.com |
ASN36351 (SOFTLAYER, US)
PTR: 19.7c.2fa9.ip4.static.sl-reverse.com
owadocument.us-south.cf.appdomain.cloud |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
appdomain.cloud
officee.s3-web.jp-tok.cloud-object-storage.appdomain.cloud owadocument.us-south.cf.appdomain.cloud |
15 KB |
5 |
typenetwork.com
1 redirects
cloud.typenetwork.com |
140 KB |
3 |
glitch.me
checkered-wooden-stretch.glitch.me |
6 KB |
1 |
glitch.com
cdn.glitch.com |
167 KB |
1 |
webtype.com
1 redirects
cloud.webtype.com |
598 B |
16 | 5 |
Domain | Requested by | |
---|---|---|
5 | owadocument.us-south.cf.appdomain.cloud |
checkered-wooden-stretch.glitch.me
owadocument.us-south.cf.appdomain.cloud |
5 | cloud.typenetwork.com |
1 redirects
checkered-wooden-stretch.glitch.me
cloud.typenetwork.com |
3 | checkered-wooden-stretch.glitch.me |
checkered-wooden-stretch.glitch.me
|
2 | officee.s3-web.jp-tok.cloud-object-storage.appdomain.cloud |
checkered-wooden-stretch.glitch.me
officee.s3-web.jp-tok.cloud-object-storage.appdomain.cloud |
1 | cdn.glitch.com |
checkered-wooden-stretch.glitch.me
|
1 | cloud.webtype.com | 1 redirects |
16 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.s3-web.jp-tok.cloud-object-storage.appdomain.cloud DigiCert SHA2 Secure Server CA |
2020-10-11 - 2021-10-20 |
a year | crt.sh |
*.typenetwork.com DigiCert SHA2 Secure Server CA |
2019-06-20 - 2021-06-24 |
2 years | crt.sh |
glitch.com Amazon |
2021-01-18 - 2022-02-15 |
a year | crt.sh |
*.us-south.cf.appdomain.cloud DigiCert SHA2 Secure Server CA |
2020-08-27 - 2021-09-01 |
a year | crt.sh |
This page contains 3 frames:
Primary Page:
https://officee.s3-web.jp-tok.cloud-object-storage.appdomain.cloud/n.htm?login=undefined
Frame ID: 611E704B21DB1F837D1A6DF58BD8A32C
Requests: 4 HTTP requests in this frame
Frame:
http://checkered-wooden-stretch.glitch.me/default.asp
Frame ID: FAACDB484227B738243186C57891414C
Requests: 6 HTTP requests in this frame
Frame:
https://owadocument.us-south.cf.appdomain.cloud/main.php?username=undefined
Frame ID: D0CFB78034E134653DB0CA3EB2C887D9
Requests: 6 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://checkered-wooden-stretch.glitch.me/ Page URL
- https://officee.s3-web.jp-tok.cloud-object-storage.appdomain.cloud/n.htm?login=undefined Page URL
Detected technologies
Amazon Web Services (PaaS) ExpandDetected patterns
- headers server /^AmazonS3$/i
Amazon S3 (Miscellaneous) Expand
Detected patterns
- headers server /^AmazonS3$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://checkered-wooden-stretch.glitch.me/ Page URL
- https://officee.s3-web.jp-tok.cloud-object-storage.appdomain.cloud/n.htm?login=undefined Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 3- https://cloud.webtype.com/css/3a8e55c6-b1f3-4659-99eb-125ae72bd084.css HTTP 301
- https://cloud.typenetwork.com/css/3a8e55c6-b1f3-4659-99eb-125ae72bd084.css HTTP 301
- https://cloud.typenetwork.com/projects/5027/fontface.css/
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
checkered-wooden-stretch.glitch.me/ |
861 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
checkered-wooden-stretch.glitch.me/ |
168 B 639 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
default.asp
checkered-wooden-stretch.glitch.me/ Frame FAAC |
3 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
n.htm
officee.s3-web.jp-tok.cloud-object-storage.appdomain.cloud/ |
606 B 973 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
cloud.typenetwork.com/projects/5027/fontface.css/ Frame FAAC Redirect Chain
|
2 KB 927 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
d7f4f279-e13b-4330-8422-00b2d9211424%2FGlitch-Error-Rainbow-Mug-hires.png
cdn.glitch.com/ Frame FAAC |
166 KB 167 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
cloud.typenetwork.com/projectLicenseWeb/26553/fontfile/woff2/ Frame FAAC |
45 KB 46 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
cloud.typenetwork.com/projectLicenseWeb/26551/fontfile/woff2/ Frame FAAC |
46 KB 47 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
cloud.typenetwork.com/projectLicenseWeb/26552/fontfile/woff2/ Frame FAAC |
45 KB 46 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
myscr157567.js
officee.s3-web.jp-tok.cloud-object-storage.appdomain.cloud/ |
3 KB 3 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
default.asp
officee.s3-web.jp-tok.cloud-object-storage.appdomain.cloud/ Frame D0CF |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.php
owadocument.us-south.cf.appdomain.cloud/ Frame D0CF |
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
owadocument.us-south.cf.appdomain.cloud/files/ Frame D0CF |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
microsoft_logo.png
owadocument.us-south.cf.appdomain.cloud/files/ Frame D0CF |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
arrow_left.svg
owadocument.us-south.cf.appdomain.cloud/files/ Frame D0CF |
513 B 831 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mmm.PNG
owadocument.us-south.cf.appdomain.cloud/files/ Frame D0CF |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- officee.s3-web.jp-tok.cloud-object-storage.appdomain.cloud
- URL
- https://officee.s3-web.jp-tok.cloud-object-storage.appdomain.cloud/default.asp
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| erp string| em number| tmp function| getInputValue0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.glitch.com
checkered-wooden-stretch.glitch.me
cloud.typenetwork.com
cloud.webtype.com
officee.s3-web.jp-tok.cloud-object-storage.appdomain.cloud
owadocument.us-south.cf.appdomain.cloud
officee.s3-web.jp-tok.cloud-object-storage.appdomain.cloud
13.226.155.91
162.133.118.51
169.47.124.25
192.229.233.123
2606:4700:3037::6815:bdb
52.204.92.126
28e68f5b82e050eccf5a0ecd5c1c24a3f5bc6003b2e7f8080366c70ee7537236
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
7178432105c3a0a79d0c403b0632fd5e0a256e7fac74ac0b734b2c3f0dc9e688
8449374a07a96e758d9e3d5be2905092278239e12d54f4ceb2f70a39df65dcc7
a7c9cbbea99dfecb8a215273c4134f383ea365717f689631a36c975fb86a51b9
a7d12b440676b9f8dfc2afcef8e7ed62209c5250c76a348fada190f7d5ffe4b2
b824f05ba943476537e9083c0f62cdb9cd48a957fc147ab36731c1606f2e95fa
c3e51d6b6bb24b1dfe86e3e80905a1b0fb957c19f61fa0a9d6ffb68d0d542aff
f664b8138c2da6ec7565500a7cc839da6372614a31dc04c5a2169a26b8d9767c