www.officested.com Open in urlscan Pro
2620:1ec:bdf::44 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.officested.com/nam/25b79aa0-07c6-4d65-9c80-df92aacdc157/24fed531-3352-45fa-bfaf-f3cfccf94af4/0f226de7-0b1d-478d...
Submission: On September 11 via manual (September 11th 2023, 6:07:09 pm UTC) from US — Scanned from DE

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 11 HTTP transactions. The main IP is 2620:1ec:bdf::44, located in United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is www.officested.com.
TLS certificate: Issued by Microsoft Azure TLS Issuing CA 02 on August 6th 2023. Valid for: 6 months.

This is the only time www.officested.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Phishing Simulation (Internet)

Domain & IP information

	IP Address	AS Autonomous System
4	2620:1ec:bdf::44 2620:1ec:bdf::44	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	52.217.102.92 52.217.102.92	16509 (AMAZON-02) (AMAZON-02)
6	52.217.203.25 52.217.203.25	16509 (AMAZON-02) (AMAZON-02)
11	3

4 2620:1ec:bdf::44 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.officested.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.217.102.92 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com

ts-uploads.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 52.217.203.25 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com

tslp.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	amazonaws.com ts-uploads.s3.amazonaws.com — Cisco Umbrella Rank: 328486 tslp.s3.amazonaws.com — Cisco Umbrella Rank: 193665	227 KB
4	officested.com www.officested.com	162 KB
11	2

	Domain	Requested by
6	tslp.s3.amazonaws.com	www.officested.com
4	www.officested.com	www.officested.com
1	ts-uploads.s3.amazonaws.com	www.officested.com
11	3

This site contains no links.

Subject Issuer	Validity	Valid
www.attemplate.com Microsoft Azure TLS Issuing CA 02	`2023-08-06` - `2024-02-02`	6 months	crt.sh
*.s3.amazonaws.com Amazon RSA 2048 M01	`2023-03-21` - `2023-12-19`	9 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.officested.com/nam/25b79aa0-07c6-4d65-9c80-df92aacdc157/24fed531-3352-45fa-bfaf-f3cfccf94af4/0f226de7-0b1d-478d-ac66-89f6ed7da637/landing?id=WWc2ZEhRZHRIZUhQVm1RRmR5bDdYNElXblpkZW9Zczgzck1ESkF1QmJOT01vM0cxVVNSa0JxVmVSSGNTaDhjNXpqNG1PR0YyNjBvUk5PYmFnbWs5dENJRTFhQ2tFUUs4Q0E2eXRVQnNiOU43a0s2WUxoMXlYT21aNWxYekpTR3hMUlp4OUkwWEViazdTR1JEUVJaejcxZ3B1OGh6dklYMWZKT09OZmN3bVhRUG1pSld4SStwUGltcUVJRytJRTNHY2c4RElZTDk2OVlWNm5hWjcxNDN1cytIc0Jlb01sWjJab3M2bGVLVndmSWhqRjEwQTZzNEVBNEV4SjE4SDNsSUtraVFVZ2xqQWJGT2YrcTVyaVFBdk9BenduVWRlcWZHOEZ2UWt3OHZhMTgrSDdvKzIvc3NaZ2U4RUJpWmtZYWRydkV2dlNhTmh4bFNsM2xpMTFzTmN2ZURyV2cvR3NkdndmeXJnY05zOTlzL1psdWJYc2kwSUdWMzI3VDQvS01Y
Frame ID: 259364C9BFE85256E0EC06ED69F55031
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Microsoft 365 Security & ComplianceDon't Worry!

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

11
Requests

100 %
HTTPS

33 %
IPv6

2
Domains

3
Subdomains

3
IPs

1
Countries

388 kB
Transfer

384 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request landing Show response
www.officested.com/nam/25b79aa0-07c6-4d65-9c80-df92aacdc157/24fed531-3352-45fa-bfaf-f3cfccf94af4/0f226de7-0b1d-478d-ac66-89f6ed7da637/ 19 KB
19 KB 2100ms
2037ms Document
text/html 2620:1ec:bdf::44
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.officested.com/nam/25b79aa0-07c6-4d65-9c80-df92aacdc157/24fed531-3352-45fa-bfaf-f3cfccf94af4/0f226de7-0b1d-478d-ac66-89f6ed7da637/landing?id=WWc2ZEhRZHRIZUhQVm1RRmR5bDdYNElXblpkZW9Zczgzck1ESkF1QmJOT01vM0cxVVNSa0JxVmVSSGNTaDhjNXpqNG1PR0YyNjBvUk5PYmFnbWs5dENJRTFhQ2tFUUs4Q0E2eXRVQnNiOU43a0s2WUxoMXlYT21aNWxYekpTR3hMUlp4OUkwWEViazdTR1JEUVJaejcxZ3B1OGh6dklYMWZKT09OZmN3bVhRUG1pSld4SStwUGltcUVJRytJRTNHY2c4RElZTDk2OVlWNm5hWjcxNDN1cytIc0Jlb01sWjJab3M2bGVLVndmSWhqRjEwQTZzNEVBNEV4SjE4SDNsSUtraVFVZ2xqQWJGT2YrcTVyaVFBdk9BenduVWRlcWZHOEZ2UWt3OHZhMTgrSDdvKzIvc3NaZ2U4RUJpWmtZYWRydkV2dlNhTmh4bFNsM2xpMTFzTmN2ZURyV2cvR3NkdndmeXJnY05zOTlzL1psdWJYc2kwSUdWMzI3VDQvS01Y

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:bdf::44 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

5566f6659072abbbd0bb2557f35481f185a48637fb9a694a1d724106e5f5cdfb

Security Headers

Name	Value
Content-Security-Policy	img-src https: data: ; style-src 'self' 'unsafe-inline'; script-src 'self'
Strict-Transport-Security	max-age=2592000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-security-policy: img-src https: data: ; style-src 'self' 'unsafe-inline'; script-src 'self'
content-type: text/html; charset=utf-8
date: Mon, 11 Sep 2023 18:07:03 GMT
request-context: appId=
strict-transport-security: max-age=2592000
x-azure-ref: 20230911T180701Z-995r3phmvt0dtb172a7wvxkysc00000000hg00000000ndfg
x-cache: CONFIG_NOCACHE

GET
H/1.1 200
OK ppl-logo-color---new-b048e0.png
ts-uploads.s3.amazonaws.com/training/production/1418/ 75 KB
75 KB 419ms
197ms Image
image/png 52.217.102.92
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ts-uploads.s3.amazonaws.com/training/production/1418/ppl-logo-color---new-b048e0.png
Requested by: Host: www.officested.com
URL: https://www.officested.com/nam/25b79aa0-07c6-4d65-9c80-df92aacdc157/24fed531-3352-45fa-bfaf-f3cfccf94af4/0f226de7-0b1d-478d-ac66-89f6ed7da637/landing?id=WWc2ZEhRZHRIZUhQVm1RRmR5bDdYNElXblpkZW9Zczgzck1ESkF1QmJOT01vM0cxVVNSa0JxVmVSSGNTaDhjNXpqNG1PR0YyNjBvUk5PYmFnbWs5dENJRTFhQ2tFUUs4Q0E2eXRVQnNiOU43a0s2WUxoMXlYT21aNWxYekpTR3hMUlp4OUkwWEViazdTR1JEUVJaejcxZ3B1OGh6dklYMWZKT09OZmN3bVhRUG1pSld4SStwUGltcUVJRytJRTNHY2c4RElZTDk2OVlWNm5hWjcxNDN1cytIc0Jlb01sWjJab3M2bGVLVndmSWhqRjEwQTZzNEVBNEV4SjE4SDNsSUtraVFVZ2xqQWJGT2YrcTVyaVFBdk9BenduVWRlcWZHOEZ2UWt3OHZhMTgrSDdvKzIvc3NaZ2U4RUJpWmtZYWRydkV2dlNhTmh4bFNsM2xpMTFzTmN2ZURyV2cvR3NkdndmeXJnY05zOTlzL1psdWJYc2kwSUdWMzI3VDQvS01Y
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.102.92 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 961cfba8dea31c2239f62eced0e6e1b06d4fa182e69ac8f54fd043b8c6a25b17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.officested.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date: Mon, 11 Sep 2023 18:07:04 GMT
x-amz-version-id: kPTINdCUSmNdDV2kcewIGHfJYW5u98FS
Last-Modified: Mon, 06 Jun 2016 16:07:20 GMT
Server: AmazonS3
x-amz-request-id: J4QD5TX1QV8AHG85
ETag: "8a55910c9f553c8f803f4362d0f9a76f"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 76655
x-amz-id-2: e0L3zxOoDPI07lyMLME7k0gWRsrwdCP6qOpbdNs7jlmUFm5tDFQfB+NnEyjVLhnVMRozXUj8gS4=

GET
H/1.1 200
OK secure-fbafd0.png
tslp.s3.amazonaws.com/training/production/314/ 36 KB
37 KB 384ms
153ms Image
image/png 52.217.203.25
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tslp.s3.amazonaws.com/training/production/314/secure-fbafd0.png
Requested by: Host: www.officested.com
URL: https://www.officested.com/nam/25b79aa0-07c6-4d65-9c80-df92aacdc157/24fed531-3352-45fa-bfaf-f3cfccf94af4/0f226de7-0b1d-478d-ac66-89f6ed7da637/landing?id=WWc2ZEhRZHRIZUhQVm1RRmR5bDdYNElXblpkZW9Zczgzck1ESkF1QmJOT01vM0cxVVNSa0JxVmVSSGNTaDhjNXpqNG1PR0YyNjBvUk5PYmFnbWs5dENJRTFhQ2tFUUs4Q0E2eXRVQnNiOU43a0s2WUxoMXlYT21aNWxYekpTR3hMUlp4OUkwWEViazdTR1JEUVJaejcxZ3B1OGh6dklYMWZKT09OZmN3bVhRUG1pSld4SStwUGltcUVJRytJRTNHY2c4RElZTDk2OVlWNm5hWjcxNDN1cytIc0Jlb01sWjJab3M2bGVLVndmSWhqRjEwQTZzNEVBNEV4SjE4SDNsSUtraVFVZ2xqQWJGT2YrcTVyaVFBdk9BenduVWRlcWZHOEZ2UWt3OHZhMTgrSDdvKzIvc3NaZ2U4RUJpWmtZYWRydkV2dlNhTmh4bFNsM2xpMTFzTmN2ZURyV2cvR3NkdndmeXJnY05zOTlzL1psdWJYc2kwSUdWMzI3VDQvS01Y
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.203.25 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: cd006184573ecefad778d77cf0878d00700f09ad6e634665913cfc2403a4f2a4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.officested.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date: Mon, 11 Sep 2023 18:07:04 GMT
x-amz-version-id: bLDSCBNM2J5V0fBwwBSbLfHYPHY4LzVF
Last-Modified: Mon, 15 Jun 2020 12:27:19 GMT
Server: AmazonS3
x-amz-request-id: J4QE6QX9KXR4MMK9
ETag: "08dea7720b52bca3243e15f02054ce56"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 36997
x-amz-id-2: VN9kX+mNMNKkoEyAEbcqU7Li6UzEH/h70xi7ePvX3WHibUIljgM07AerhgSeDSdP2PLvMVEY3eM=

GET
H/1.1 200
OK edit-128x128-8c5058.png
tslp.s3.amazonaws.com/training/production/314/ 1 KB
2 KB 350ms
120ms Image
image/png 52.217.203.25
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tslp.s3.amazonaws.com/training/production/314/edit-128x128-8c5058.png
Requested by: Host: www.officested.com
URL: https://www.officested.com/nam/25b79aa0-07c6-4d65-9c80-df92aacdc157/24fed531-3352-45fa-bfaf-f3cfccf94af4/0f226de7-0b1d-478d-ac66-89f6ed7da637/landing?id=WWc2ZEhRZHRIZUhQVm1RRmR5bDdYNElXblpkZW9Zczgzck1ESkF1QmJOT01vM0cxVVNSa0JxVmVSSGNTaDhjNXpqNG1PR0YyNjBvUk5PYmFnbWs5dENJRTFhQ2tFUUs4Q0E2eXRVQnNiOU43a0s2WUxoMXlYT21aNWxYekpTR3hMUlp4OUkwWEViazdTR1JEUVJaejcxZ3B1OGh6dklYMWZKT09OZmN3bVhRUG1pSld4SStwUGltcUVJRytJRTNHY2c4RElZTDk2OVlWNm5hWjcxNDN1cytIc0Jlb01sWjJab3M2bGVLVndmSWhqRjEwQTZzNEVBNEV4SjE4SDNsSUtraVFVZ2xqQWJGT2YrcTVyaVFBdk9BenduVWRlcWZHOEZ2UWt3OHZhMTgrSDdvKzIvc3NaZ2U4RUJpWmtZYWRydkV2dlNhTmh4bFNsM2xpMTFzTmN2ZURyV2cvR3NkdndmeXJnY05zOTlzL1psdWJYc2kwSUdWMzI3VDQvS01Y
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.203.25 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: e562d25a944e9ed52bc07ecce1a12bef8d0a3ca1d47d5a5f95c57a4ba9e24be9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.officested.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date: Mon, 11 Sep 2023 18:07:04 GMT
x-amz-version-id: 1ploLVi6TGkgffxF2MF1XhkRMxFakpuf
Last-Modified: Mon, 15 Jun 2020 12:26:25 GMT
Server: AmazonS3
x-amz-request-id: J4QC3QNCEMH6AY1W
ETag: "d934809b8f492448c8646726a9c50b5c"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 1485
x-amz-id-2: rSc2Kqh21i3juOvs/FKKvnOqE43Py7BjgBPD46Q7d7jQiToSWnAii/M74RFdSKVxubEi94ruR/Y=

GET
H/1.1 200
OK link-128x128-4d265e.png
tslp.s3.amazonaws.com/training/production/314/ 3 KB
3 KB 382ms
152ms Image
image/png 52.217.203.25
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tslp.s3.amazonaws.com/training/production/314/link-128x128-4d265e.png
Requested by: Host: www.officested.com
URL: https://www.officested.com/nam/25b79aa0-07c6-4d65-9c80-df92aacdc157/24fed531-3352-45fa-bfaf-f3cfccf94af4/0f226de7-0b1d-478d-ac66-89f6ed7da637/landing?id=WWc2ZEhRZHRIZUhQVm1RRmR5bDdYNElXblpkZW9Zczgzck1ESkF1QmJOT01vM0cxVVNSa0JxVmVSSGNTaDhjNXpqNG1PR0YyNjBvUk5PYmFnbWs5dENJRTFhQ2tFUUs4Q0E2eXRVQnNiOU43a0s2WUxoMXlYT21aNWxYekpTR3hMUlp4OUkwWEViazdTR1JEUVJaejcxZ3B1OGh6dklYMWZKT09OZmN3bVhRUG1pSld4SStwUGltcUVJRytJRTNHY2c4RElZTDk2OVlWNm5hWjcxNDN1cytIc0Jlb01sWjJab3M2bGVLVndmSWhqRjEwQTZzNEVBNEV4SjE4SDNsSUtraVFVZ2xqQWJGT2YrcTVyaVFBdk9BenduVWRlcWZHOEZ2UWt3OHZhMTgrSDdvKzIvc3NaZ2U4RUJpWmtZYWRydkV2dlNhTmh4bFNsM2xpMTFzTmN2ZURyV2cvR3NkdndmeXJnY05zOTlzL1psdWJYc2kwSUdWMzI3VDQvS01Y
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.203.25 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 067547b9a34c4019e2a14fbc774c4873558cd7f43b402c0223a5bc3f49845695

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.officested.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date: Mon, 11 Sep 2023 18:07:04 GMT
x-amz-version-id: wz.q2n6g.u3WcN2FEc2Wmopg3JovE3XL
Last-Modified: Mon, 15 Jun 2020 12:26:53 GMT
Server: AmazonS3
x-amz-request-id: J4Q0M6RPM4JAA5NT
ETag: "7db41591d8d2a7fed7ea979972622d5a"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 2590
x-amz-id-2: KHXCkwYVCdrS4xhyWkqRsWQ7ldKEVAuhCTLjB6yPs6zty+j+wT2d/l/pxBykPpD1oEehXXj9fbo=

GET
H/1.1 200
OK chat-active-128x128-b16dc6.png
tslp.s3.amazonaws.com/training/production/314/ 2 KB
3 KB 365ms
133ms Image
image/png 52.217.203.25
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tslp.s3.amazonaws.com/training/production/314/chat-active-128x128-b16dc6.png
Requested by: Host: www.officested.com
URL: https://www.officested.com/nam/25b79aa0-07c6-4d65-9c80-df92aacdc157/24fed531-3352-45fa-bfaf-f3cfccf94af4/0f226de7-0b1d-478d-ac66-89f6ed7da637/landing?id=WWc2ZEhRZHRIZUhQVm1RRmR5bDdYNElXblpkZW9Zczgzck1ESkF1QmJOT01vM0cxVVNSa0JxVmVSSGNTaDhjNXpqNG1PR0YyNjBvUk5PYmFnbWs5dENJRTFhQ2tFUUs4Q0E2eXRVQnNiOU43a0s2WUxoMXlYT21aNWxYekpTR3hMUlp4OUkwWEViazdTR1JEUVJaejcxZ3B1OGh6dklYMWZKT09OZmN3bVhRUG1pSld4SStwUGltcUVJRytJRTNHY2c4RElZTDk2OVlWNm5hWjcxNDN1cytIc0Jlb01sWjJab3M2bGVLVndmSWhqRjEwQTZzNEVBNEV4SjE4SDNsSUtraVFVZ2xqQWJGT2YrcTVyaVFBdk9BenduVWRlcWZHOEZ2UWt3OHZhMTgrSDdvKzIvc3NaZ2U4RUJpWmtZYWRydkV2dlNhTmh4bFNsM2xpMTFzTmN2ZURyV2cvR3NkdndmeXJnY05zOTlzL1psdWJYc2kwSUdWMzI3VDQvS01Y
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.203.25 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 6a56bc11df77d54446fb06d48251289f246a01f81bf9f1b40843e9aceaaf0299

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.officested.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date: Mon, 11 Sep 2023 18:07:04 GMT
x-amz-version-id: rZfMWRQ9mI4fQQkCGIcWMVQSB2EdX5Y_
Last-Modified: Mon, 15 Jun 2020 12:24:58 GMT
Server: AmazonS3
x-amz-request-id: J4Q89VCD2NFMCW8R
ETag: "24d654e2730177545a30b6b5ddfbf40b"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 2450
x-amz-id-2: 8Yi51XIeRGYpcWTawHITWtLFeSbQi+qOrCDMFSl+hgDWUc0lPYPy5RheZk58CkDBziJdkr/m+7g=

GET
H/1.1 200
OK check-128x128-a619c3.png
tslp.s3.amazonaws.com/training/production/314/ 2 KB
2 KB 405ms
172ms Image
image/png 52.217.203.25
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tslp.s3.amazonaws.com/training/production/314/check-128x128-a619c3.png
Requested by: Host: www.officested.com
URL: https://www.officested.com/nam/25b79aa0-07c6-4d65-9c80-df92aacdc157/24fed531-3352-45fa-bfaf-f3cfccf94af4/0f226de7-0b1d-478d-ac66-89f6ed7da637/landing?id=WWc2ZEhRZHRIZUhQVm1RRmR5bDdYNElXblpkZW9Zczgzck1ESkF1QmJOT01vM0cxVVNSa0JxVmVSSGNTaDhjNXpqNG1PR0YyNjBvUk5PYmFnbWs5dENJRTFhQ2tFUUs4Q0E2eXRVQnNiOU43a0s2WUxoMXlYT21aNWxYekpTR3hMUlp4OUkwWEViazdTR1JEUVJaejcxZ3B1OGh6dklYMWZKT09OZmN3bVhRUG1pSld4SStwUGltcUVJRytJRTNHY2c4RElZTDk2OVlWNm5hWjcxNDN1cytIc0Jlb01sWjJab3M2bGVLVndmSWhqRjEwQTZzNEVBNEV4SjE4SDNsSUtraVFVZ2xqQWJGT2YrcTVyaVFBdk9BenduVWRlcWZHOEZ2UWt3OHZhMTgrSDdvKzIvc3NaZ2U4RUJpWmtZYWRydkV2dlNhTmh4bFNsM2xpMTFzTmN2ZURyV2cvR3NkdndmeXJnY05zOTlzL1psdWJYc2kwSUdWMzI3VDQvS01Y
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.203.25 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: c9b390633217c3225664651d51f429d69379b30c721640eeeda225776c0fcf3a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.officested.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date: Mon, 11 Sep 2023 18:07:04 GMT
x-amz-version-id: 8Wsv9mLaw8axft_JhkZRQvo4zIrT.sU.
Last-Modified: Mon, 15 Jun 2020 12:25:48 GMT
Server: AmazonS3
x-amz-request-id: J4Q80K8HXCJE81MS
ETag: "f2c8a191ff6550d5046d10d083fc8d3e"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 1918
x-amz-id-2: 7rM49n4IwDhmDw0jCn7VW6iJlP71TX32L+4R75ewRmLxYfHFGZ31XLb8Rxw8swIuONUDvJzgsM8=

GET
H2 200 jquery-3.5.1.min.js Show response
www.officested.com/Content/ 87 KB
88 KB 707ms
706ms Script
application/javascript 2620:1ec:bdf::44
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.officested.com/Content/jquery-3.5.1.min.js

Requested by

Host: www.officested.com
URL: https://www.officested.com/nam/25b79aa0-07c6-4d65-9c80-df92aacdc157/24fed531-3352-45fa-bfaf-f3cfccf94af4/0f226de7-0b1d-478d-ac66-89f6ed7da637/landing?id=WWc2ZEhRZHRIZUhQVm1RRmR5bDdYNElXblpkZW9Zczgzck1ESkF1QmJOT01vM0cxVVNSa0JxVmVSSGNTaDhjNXpqNG1PR0YyNjBvUk5PYmFnbWs5dENJRTFhQ2tFUUs4Q0E2eXRVQnNiOU43a0s2WUxoMXlYT21aNWxYekpTR3hMUlp4OUkwWEViazdTR1JEUVJaejcxZ3B1OGh6dklYMWZKT09OZmN3bVhRUG1pSld4SStwUGltcUVJRytJRTNHY2c4RElZTDk2OVlWNm5hWjcxNDN1cytIc0Jlb01sWjJab3M2bGVLVndmSWhqRjEwQTZzNEVBNEV4SjE4SDNsSUtraVFVZ2xqQWJGT2YrcTVyaVFBdk9BenduVWRlcWZHOEZ2UWt3OHZhMTgrSDdvKzIvc3NaZ2U4RUJpWmtZYWRydkV2dlNhTmh4bFNsM2xpMTFzTmN2ZURyV2cvR3NkdndmeXJnY05zOTlzL1psdWJYc2kwSUdWMzI3VDQvS01Y

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:bdf::44 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.officested.com/nam/25b79aa0-07c6-4d65-9c80-df92aacdc157/24fed531-3352-45fa-bfaf-f3cfccf94af4/0f226de7-0b1d-478d-ac66-89f6ed7da637/landing?id=WWc2ZEhRZHRIZUhQVm1RRmR5bDdYNElXblpkZW9Zczgzck1ESkF1QmJOT01vM0cxVVNSa0JxVmVSSGNTaDhjNXpqNG1PR0YyNjBvUk5PYmFnbWs5dENJRTFhQ2tFUUs4Q0E2eXRVQnNiOU43a0s2WUxoMXlYT21aNWxYekpTR3hMUlp4OUkwWEViazdTR1JEUVJaejcxZ3B1OGh6dklYMWZKT09OZmN3bVhRUG1pSld4SStwUGltcUVJRytJRTNHY2c4RElZTDk2OVlWNm5hWjcxNDN1cytIc0Jlb01sWjJab3M2bGVLVndmSWhqRjEwQTZzNEVBNEV4SjE4SDNsSUtraVFVZ2xqQWJGT2YrcTVyaVFBdk9BenduVWRlcWZHOEZ2UWt3OHZhMTgrSDdvKzIvc3NaZ2U4RUJpWmtZYWRydkV2dlNhTmh4bFNsM2xpMTFzTmN2ZURyV2cvR3NkdndmeXJnY05zOTlzL1psdWJYc2kwSUdWMzI3VDQvS01Y
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Mon, 11 Sep 2023 18:07:03 GMT
strict-transport-security: max-age=2592000
last-modified: Fri, 08 Sep 2023 05:49:51 GMT
etag: "1d9e21848a5b406"
x-azure-ref: 20230911T180703Z-995r3phmvt0dtb172a7wvxkysc00000000hg00000000ndxd
x-cache: CONFIG_NOCACHE
content-type: application/javascript
accept-ranges: bytes
content-length: 89478
request-context: appId=

GET
H2 200 translate.js Show response
www.officested.com/Content/ 5 KB
5 KB 1032ms
1031ms Script
application/javascript 2620:1ec:bdf::44
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.officested.com/Content/translate.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:bdf::44 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

d0a889e91a17a5a9b4742481a03ac67980c3fd213d32b9e4179228f86e6b38ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.officested.com/nam/25b79aa0-07c6-4d65-9c80-df92aacdc157/24fed531-3352-45fa-bfaf-f3cfccf94af4/0f226de7-0b1d-478d-ac66-89f6ed7da637/landing?id=WWc2ZEhRZHRIZUhQVm1RRmR5bDdYNElXblpkZW9Zczgzck1ESkF1QmJOT01vM0cxVVNSa0JxVmVSSGNTaDhjNXpqNG1PR0YyNjBvUk5PYmFnbWs5dENJRTFhQ2tFUUs4Q0E2eXRVQnNiOU43a0s2WUxoMXlYT21aNWxYekpTR3hMUlp4OUkwWEViazdTR1JEUVJaejcxZ3B1OGh6dklYMWZKT09OZmN3bVhRUG1pSld4SStwUGltcUVJRytJRTNHY2c4RElZTDk2OVlWNm5hWjcxNDN1cytIc0Jlb01sWjJab3M2bGVLVndmSWhqRjEwQTZzNEVBNEV4SjE4SDNsSUtraVFVZ2xqQWJGT2YrcTVyaVFBdk9BenduVWRlcWZHOEZ2UWt3OHZhMTgrSDdvKzIvc3NaZ2U4RUJpWmtZYWRydkV2dlNhTmh4bFNsM2xpMTFzTmN2ZURyV2cvR3NkdndmeXJnY05zOTlzL1psdWJYc2kwSUdWMzI3VDQvS01Y
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Mon, 11 Sep 2023 18:07:04 GMT
strict-transport-security: max-age=2592000
last-modified: Sun, 10 Sep 2023 03:20:49 GMT
etag: "1d9e395cb9f6da3"
x-azure-ref: 20230911T180703Z-995r3phmvt0dtb172a7wvxkysc00000000hg00000000ndxe
x-cache: CONFIG_NOCACHE
content-type: application/javascript
accept-ranges: bytes
content-length: 4899
request-context: appId=

GET
H2 200 bootstrap.min.js Show response
www.officested.com/Content/ 50 KB
50 KB 510ms
509ms Script
application/javascript 2620:1ec:bdf::44
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.officested.com/Content/bootstrap.min.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:bdf::44 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

4f3faeec469294b610f6ca82aa1cc2b3368fd56611b31c551c2ee224feadb411

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.officested.com/nam/25b79aa0-07c6-4d65-9c80-df92aacdc157/24fed531-3352-45fa-bfaf-f3cfccf94af4/0f226de7-0b1d-478d-ac66-89f6ed7da637/landing?id=WWc2ZEhRZHRIZUhQVm1RRmR5bDdYNElXblpkZW9Zczgzck1ESkF1QmJOT01vM0cxVVNSa0JxVmVSSGNTaDhjNXpqNG1PR0YyNjBvUk5PYmFnbWs5dENJRTFhQ2tFUUs4Q0E2eXRVQnNiOU43a0s2WUxoMXlYT21aNWxYekpTR3hMUlp4OUkwWEViazdTR1JEUVJaejcxZ3B1OGh6dklYMWZKT09OZmN3bVhRUG1pSld4SStwUGltcUVJRytJRTNHY2c4RElZTDk2OVlWNm5hWjcxNDN1cytIc0Jlb01sWjJab3M2bGVLVndmSWhqRjEwQTZzNEVBNEV4SjE4SDNsSUtraVFVZ2xqQWJGT2YrcTVyaVFBdk9BenduVWRlcWZHOEZ2UWt3OHZhMTgrSDdvKzIvc3NaZ2U4RUJpWmtZYWRydkV2dlNhTmh4bFNsM2xpMTFzTmN2ZURyV2cvR3NkdndmeXJnY05zOTlzL1psdWJYc2kwSUdWMzI3VDQvS01Y
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Mon, 11 Sep 2023 18:07:03 GMT
strict-transport-security: max-age=2592000
last-modified: Sat, 09 Sep 2023 09:15:26 GMT
etag: "1d9e2fe2b4a8c65"
x-azure-ref: 20230911T180703Z-995r3phmvt0dtb172a7wvxkysc00000000hg00000000ndxf
x-cache: CONFIG_NOCACHE
content-type: application/javascript
accept-ranges: bytes
content-length: 51045
request-context: appId=

GET
H/1.1 200
OK bluebg-489109.png
tslp.s3.amazonaws.com/training/production/314/ 104 KB
105 KB 368ms
145ms Image
image/png 52.217.203.25
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tslp.s3.amazonaws.com/training/production/314/bluebg-489109.png
Requested by: Host: www.officested.com
URL: https://www.officested.com/nam/25b79aa0-07c6-4d65-9c80-df92aacdc157/24fed531-3352-45fa-bfaf-f3cfccf94af4/0f226de7-0b1d-478d-ac66-89f6ed7da637/landing?id=WWc2ZEhRZHRIZUhQVm1RRmR5bDdYNElXblpkZW9Zczgzck1ESkF1QmJOT01vM0cxVVNSa0JxVmVSSGNTaDhjNXpqNG1PR0YyNjBvUk5PYmFnbWs5dENJRTFhQ2tFUUs4Q0E2eXRVQnNiOU43a0s2WUxoMXlYT21aNWxYekpTR3hMUlp4OUkwWEViazdTR1JEUVJaejcxZ3B1OGh6dklYMWZKT09OZmN3bVhRUG1pSld4SStwUGltcUVJRytJRTNHY2c4RElZTDk2OVlWNm5hWjcxNDN1cytIc0Jlb01sWjJab3M2bGVLVndmSWhqRjEwQTZzNEVBNEV4SjE4SDNsSUtraVFVZ2xqQWJGT2YrcTVyaVFBdk9BenduVWRlcWZHOEZ2UWt3OHZhMTgrSDdvKzIvc3NaZ2U4RUJpWmtZYWRydkV2dlNhTmh4bFNsM2xpMTFzTmN2ZURyV2cvR3NkdndmeXJnY05zOTlzL1psdWJYc2kwSUdWMzI3VDQvS01Y
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.203.25 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: b33c32be4faa5d7ab13d0b976633c2879b79599edaba7c267c1a83ca5fa43336

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.officested.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date: Mon, 11 Sep 2023 18:07:04 GMT
x-amz-version-id: HJZCNvftJQsJhfBeXS1R8wxhGAH5Uarl
Last-Modified: Mon, 15 Jun 2020 12:24:02 GMT
Server: AmazonS3
x-amz-request-id: J4QFWGM4Z7G1BZTM
ETag: "f35fed8041ac271ce4b9df9cd279d558"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 106976
x-amz-id-2: 7J1hLoO+Vqcwp0lYtXnHsatEcSjkBYROChKBHibbDwXwcQZT8NRt/XqbW+IuI4LyQ97elV30yQY=

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Phishing Simulation (Internet)

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	img-src https: data: ; style-src 'self' 'unsafe-inline'; script-src 'self'
Strict-Transport-Security	max-age=2592000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ts-uploads.s3.amazonaws.com
tslp.s3.amazonaws.com
www.officested.com
2620:1ec:bdf::44
52.217.102.92
52.217.203.25
067547b9a34c4019e2a14fbc774c4873558cd7f43b402c0223a5bc3f49845695
4f3faeec469294b610f6ca82aa1cc2b3368fd56611b31c551c2ee224feadb411
5566f6659072abbbd0bb2557f35481f185a48637fb9a694a1d724106e5f5cdfb
6a56bc11df77d54446fb06d48251289f246a01f81bf9f1b40843e9aceaaf0299
961cfba8dea31c2239f62eced0e6e1b06d4fa182e69ac8f54fd043b8c6a25b17
b33c32be4faa5d7ab13d0b976633c2879b79599edaba7c267c1a83ca5fa43336
c9b390633217c3225664651d51f429d69379b30c721640eeeda225776c0fcf3a
cd006184573ecefad778d77cf0878d00700f09ad6e634665913cfc2403a4f2a4
d0a889e91a17a5a9b4742481a03ac67980c3fd213d32b9e4179228f86e6b38ae
e562d25a944e9ed52bc07ecce1a12bef8d0a3ca1d47d5a5f95c57a4ba9e24be9
f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b

www.officested.com Open in urlscan Pro 2620:1ec:bdf::44 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

11 Requests

100 %HTTPS

33 %IPv6

2 Domains

3 Subdomains

3 IPs

1 Countries

388 kBTransfer

384 kBSize

0 Cookies

0 Outgoing links

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

17 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

www.officested.com Open in urlscan Pro
2620:1ec:bdf::44 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

100 %
HTTPS

33 %
IPv6

2
Domains

3
Subdomains

3
IPs

1
Countries

388 kB
Transfer

384 kB
Size

0
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!