URL: https://office-365.icu/
Submission Tags: @phishunt_io
Submission: On April 05 via api from ES

Summary

This website contacted 7 IPs in 2 countries across 5 domains to perform 20 HTTP transactions. The main IP is 5.61.53.84, located in United Kingdom and belongs to SCALAXY-AS, NL. The main domain is office-365.icu.
TLS certificate: Issued by R3 on April 2nd 2021. Valid for: 3 months.
This is the only time office-365.icu was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 11 5.61.53.84 58061 (SCALAXY-AS)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:d0c0:200... 205766 (UBERSPACE)
1 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
3 5.61.52.56 58061 (SCALAXY-AS)
20 7
Domain Requested by
11 office-365.icu 2 redirects office-365.icu
5 fonts.gstatic.com fonts.googleapis.com
3 online1.shopsn.su office-365.icu
1 ajax.googleapis.com office-365.icu
1 api.uber.space office-365.icu
1 fonts.googleapis.com office-365.icu
20 6

This site contains links to these domains. Also see Links.

Domain
shopsu.ru
Subject Issuer Validity Valid
office-365.icu
R3
2021-04-02 -
2021-07-01
3 months crt.sh
upload.video.google.com
GTS CA 1O1
2021-03-16 -
2021-06-08
3 months crt.sh
api.uber.space
R3
2021-03-10 -
2021-06-08
3 months crt.sh
*.gstatic.com
GTS CA 1O1
2021-03-16 -
2021-06-08
3 months crt.sh
*.shopsn.su
R3
2021-02-04 -
2021-05-05
3 months crt.sh

This page contains 1 frames:

Primary Page: https://office-365.icu/
Frame ID: 225D6C1095EA768B4C70164FE74F7A71
Requests: 21 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Overall confidence: 100%
Detected patterns
  • script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

20
Requests

100 %
HTTPS

67 %
IPv6

5
Domains

6
Subdomains

7
IPs

2
Countries

603 kB
Transfer

671 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 9
  • https://office-365.icu/source/custom/img/buygame2/bg-header.png HTTP 302
  • https://office-365.icu/
Request Chain 12
  • https://office-365.icu/images/page-loader.gif HTTP 302
  • https://office-365.icu/

20 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request Cookie set /
office-365.icu/
7 KB
8 KB
Document
General
Full URL
https://office-365.icu/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.61.53.84 , United Kingdom, ASN58061 (SCALAXY-AS, NL),
Reverse DNS
shopsn.su
Software
nginx / PHP/7.1.33
Resource Hash
e1cedbaf3f50f0897b4ed0c3b8cbc28b6d2d90e919fa53b0f9f3a14e9f3dca4e
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubdomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Host
office-365.icu
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server
nginx
Date
Mon, 05 Apr 2021 21:47:06 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
X-Powered-By
PHP/7.1.33
Set-Cookie
PHPSESSID=ishbee2rnuumg1b93up3sao1th; path=/
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Strict-Transport-Security
max-age=15768000; includeSubdomains; preload;
Referrer-Policy
no-referrer, strict-origin-when-cross-origin
X-Frame-Options
SAMEORIGIN
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
css
fonts.googleapis.com/
16 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:400,300italic,300,400italic,600,600italic,700,700italic&subset=latin,cyrillic
Requested by
Host: office-365.icu
URL: https://office-365.icu/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
947dfab733138dfc7addde332760c72c8ac8dacad8d02340dbbd8a1ea3d1565a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://office-365.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 05 Apr 2021 21:47:06 GMT
server
ESF
date
Mon, 05 Apr 2021 21:47:06 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 05 Apr 2021 21:47:06 GMT
style.css
office-365.icu/assets/Lilac/css/
25 KB
26 KB
Stylesheet
General
Full URL
https://office-365.icu/assets/Lilac/css/style.css
Requested by
Host: office-365.icu
URL: https://office-365.icu/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.61.53.84 , United Kingdom, ASN58061 (SCALAXY-AS, NL),
Reverse DNS
shopsn.su
Software
nginx /
Resource Hash
cafa96ae3c319e51cd94096840c0e06c7c71fb6edb4af1b73f63f60e715c4d54
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubdomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://office-365.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 05 Apr 2021 21:47:06 GMT
Referrer-Policy
no-referrer, strict-origin-when-cross-origin
Last-Modified
Fri, 02 Sep 2016 16:49:32 GMT
Server
nginx
ETag
"57c9ad9c-657f"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Connection
keep-alive
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=15768000; includeSubdomains; preload;
Accept-Ranges
bytes
Content-Length
25983
X-XSS-Protection
1; mode=block
jquery.js
office-365.icu/assets/Lilac/js/
94 KB
94 KB
Script
General
Full URL
https://office-365.icu/assets/Lilac/js/jquery.js
Requested by
Host: office-365.icu
URL: https://office-365.icu/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.61.53.84 , United Kingdom, ASN58061 (SCALAXY-AS, NL),
Reverse DNS
shopsn.su
Software
nginx /
Resource Hash
87981e8062814ca279922ee55276ad14bbdc29649f98e34b2d83c3afb5052a51
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubdomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://office-365.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 05 Apr 2021 21:47:06 GMT
Referrer-Policy
no-referrer, strict-origin-when-cross-origin
Last-Modified
Sun, 24 Apr 2016 10:16:28 GMT
Server
nginx
ETag
"571c9cfc-1762c"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript; charset=utf8
Connection
keep-alive
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=15768000; includeSubdomains; preload;
Accept-Ranges
bytes
Content-Length
95788
X-XSS-Protection
1; mode=block
script_site.js
office-365.icu/assets/Lilac/js/
46 KB
46 KB
Script
General
Full URL
https://office-365.icu/assets/Lilac/js/script_site.js
Requested by
Host: office-365.icu
URL: https://office-365.icu/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.61.53.84 , United Kingdom, ASN58061 (SCALAXY-AS, NL),
Reverse DNS
shopsn.su
Software
nginx /
Resource Hash
2afeab5329ce54c5858ecd9679f07f9647b2393cd335597a366e0e481fde4855
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubdomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://office-365.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 05 Apr 2021 21:47:06 GMT
Referrer-Policy
no-referrer, strict-origin-when-cross-origin
Last-Modified
Sun, 24 Apr 2016 10:19:25 GMT
Server
nginx
ETag
"571c9dad-b6a2"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript; charset=utf8
Connection
keep-alive
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=15768000; includeSubdomains; preload;
Accept-Ranges
bytes
Content-Length
46754
X-XSS-Protection
1; mode=block
lt.css
office-365.icu/assets/lt_stat/css/
5 KB
6 KB
Stylesheet
General
Full URL
https://office-365.icu/assets/lt_stat/css/lt.css?1
Requested by
Host: office-365.icu
URL: https://office-365.icu/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.61.53.84 , United Kingdom, ASN58061 (SCALAXY-AS, NL),
Reverse DNS
shopsn.su
Software
nginx /
Resource Hash
6fac491349d8b2b77e376a768428a1580ef5e5409171c432d4d3a50c77d10e6e
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubdomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://office-365.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 05 Apr 2021 21:47:06 GMT
Referrer-Policy
no-referrer, strict-origin-when-cross-origin
Last-Modified
Wed, 25 Nov 2020 01:43:45 GMT
Server
nginx
ETag
"5fbdb6d1-1434"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Connection
keep-alive
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=15768000; includeSubdomains; preload;
Accept-Ranges
bytes
Content-Length
5172
X-XSS-Protection
1; mode=block
socket.js
office-365.icu/assets/js/
60 KB
60 KB
Script
General
Full URL
https://office-365.icu/assets/js/socket.js
Requested by
Host: office-365.icu
URL: https://office-365.icu/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.61.53.84 , United Kingdom, ASN58061 (SCALAXY-AS, NL),
Reverse DNS
shopsn.su
Software
nginx /
Resource Hash
b1d98b0fd8c3d4f233ab728e40f3521996318efefaaddb3bf4c9f293924da753
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubdomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://office-365.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 05 Apr 2021 21:47:06 GMT
Referrer-Policy
no-referrer, strict-origin-when-cross-origin
Last-Modified
Mon, 30 Mar 2020 11:47:55 GMT
Server
nginx
ETag
"5e81dc6b-ef1b"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript; charset=utf8
Connection
keep-alive
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=15768000; includeSubdomains; preload;
Accept-Ranges
bytes
Content-Length
61211
X-XSS-Protection
1; mode=block
logo.jpeg
api.uber.space/projects/office365/
248 KB
248 KB
Image
General
Full URL
https://api.uber.space/projects/office365/logo.jpeg
Requested by
Host: office-365.icu
URL: https://office-365.icu/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:d0c0:200:0:384b:aaff:fecf:e3e8 , Germany, ASN205766 (UBERSPACE, DE),
Reverse DNS
Software
nginx /
Resource Hash
74712a4eb27eade0ffa4a5a341ebeaa4fd1fb27e1d64b9bb3e6193a8eee016f6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://office-365.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 05 Apr 2021 21:47:06 GMT
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 02 Apr 2021 16:41:18 GMT
server
nginx
etag
"3de92-5bf0004622780"
x-frame-options
SAMEORIGIN
content-type
image/jpeg
x-xss-protection
1; mode=block
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-length
253586
x-content-type-options
nosniff
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.9.1/
90 KB
33 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
Requested by
Host: office-365.icu
URL: https://office-365.icu/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://office-365.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 05 Apr 2021 21:45:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
120
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33018
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 05 Apr 2022 21:45:06 GMT
/
office-365.icu/
7 KB
7 KB
Image
General
Full URL
https://office-365.icu/
Requested by
Host: office-365.icu
URL: https://office-365.icu/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.61.53.84 , United Kingdom, ASN58061 (SCALAXY-AS, NL),
Reverse DNS
shopsn.su
Software
nginx / PHP/7.1.33
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubdomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://office-365.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 05 Apr 2021 21:47:06 GMT
Referrer-Policy
no-referrer, strict-origin-when-cross-origin
Server
nginx
X-Frame-Options
SAMEORIGIN
X-Powered-By
PHP/7.1.33
Strict-Transport-Security
max-age=15768000; includeSubdomains; preload;
Content-Type
text/html; charset=UTF-8
Cache-Control
no-store, no-cache, must-revalidate
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff
Connection
keep-alive
X-XSS-Protection
1; mode=block
Expires
Thu, 19 Nov 1981 08:52:00 GMT
/
office-365.icu/
Redirect Chain
  • https://office-365.icu/source/custom/img/buygame2/bg-header.png
  • https://office-365.icu/
7 KB
7 KB
Image
General
Full URL
https://office-365.icu/
Requested by
Host: office-365.icu
URL: https://office-365.icu/assets/Lilac/css/style.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.61.53.84 , United Kingdom, ASN58061 (SCALAXY-AS, NL),
Reverse DNS
shopsn.su
Software
nginx / PHP/7.1.33
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubdomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://office-365.icu/assets/Lilac/css/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 05 Apr 2021 21:47:06 GMT
Referrer-Policy
no-referrer, strict-origin-when-cross-origin
Server
nginx
X-Frame-Options
SAMEORIGIN
X-Powered-By
PHP/7.1.33
Strict-Transport-Security
max-age=15768000; includeSubdomains; preload;
Content-Type
text/html; charset=UTF-8
Cache-Control
no-store, no-cache, must-revalidate
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff
Connection
keep-alive
X-XSS-Protection
1; mode=block
Expires
Thu, 19 Nov 1981 08:52:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 05 Apr 2021 21:47:06 GMT
Referrer-Policy
no-referrer, strict-origin-when-cross-origin
Server
nginx
X-Frame-Options
SAMEORIGIN
X-Powered-By
PHP/7.1.33
Strict-Transport-Security
max-age=15768000; includeSubdomains; preload;
Content-Type
text/html; charset=UTF-8
Location
/
Cache-Control
no-store, no-cache, must-revalidate
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff
Connection
keep-alive
X-XSS-Protection
1; mode=block
Expires
Thu, 19 Nov 1981 08:52:00 GMT
mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v18/
14 KB
14 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0b.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,300italic,300,400italic,600,600italic,700,700italic&subset=latin,cyrillic
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://office-365.icu
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 02 Apr 2021 10:03:37 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Sep 2020 18:09:22 GMT
server
sffe
age
301409
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14380
x-xss-protection
0
expires
Sat, 02 Apr 2022 10:03:37 GMT
truncated
/
456 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c9f0c67f16ad9b26d834206be4b6487095611f47ecb2e8790caaff9748271332

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
/
office-365.icu/
Redirect Chain
  • https://office-365.icu/images/page-loader.gif
  • https://office-365.icu/
7 KB
7 KB
Image
General
Full URL
https://office-365.icu/
Requested by
Host: office-365.icu
URL: https://office-365.icu/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.61.53.84 , United Kingdom, ASN58061 (SCALAXY-AS, NL),
Reverse DNS
shopsn.su
Software
nginx / PHP/7.1.33
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubdomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://office-365.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 05 Apr 2021 21:47:06 GMT
Referrer-Policy
no-referrer, strict-origin-when-cross-origin
Server
nginx
X-Frame-Options
SAMEORIGIN
X-Powered-By
PHP/7.1.33
Strict-Transport-Security
max-age=15768000; includeSubdomains; preload;
Content-Type
text/html; charset=UTF-8
Cache-Control
no-store, no-cache, must-revalidate
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff
Connection
keep-alive
X-XSS-Protection
1; mode=block
Expires
Thu, 19 Nov 1981 08:52:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 05 Apr 2021 21:47:06 GMT
Referrer-Policy
no-referrer, strict-origin-when-cross-origin
Server
nginx
X-Frame-Options
SAMEORIGIN
X-Powered-By
PHP/7.1.33
Strict-Transport-Security
max-age=15768000; includeSubdomains; preload;
Content-Type
text/html; charset=UTF-8
Location
/
Cache-Control
no-store, no-cache, must-revalidate
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff
Connection
keep-alive
X-XSS-Protection
1; mode=block
Expires
Thu, 19 Nov 1981 08:52:00 GMT
mem5YaGs126MiZpBA-UN_r8OVuhpOqc.woff2
fonts.gstatic.com/s/opensans/v18/
9 KB
9 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN_r8OVuhpOqc.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,300italic,300,400italic,600,600italic,700,700italic&subset=latin,cyrillic
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
baa1087a72ec2a36cd6fcaeae786064d4041792df022b8e73cd628cb1c7804ee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://office-365.icu
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 02 Apr 2021 10:03:37 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Sep 2020 18:09:28 GMT
server
sffe
age
301409
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9588
x-xss-protection
0
expires
Sat, 02 Apr 2022 10:03:37 GMT
mem5YaGs126MiZpBA-UN_r8OUuhp.woff2
fonts.gstatic.com/s/opensans/v18/
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN_r8OUuhp.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,300italic,300,400italic,600,600italic,700,700italic&subset=latin,cyrillic
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f677ee2d82dfb11f08175f673cf3f065b0d5e491b4485e01259a492715c746e2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://office-365.icu
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 30 Mar 2021 14:16:18 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Sep 2020 18:09:21 GMT
server
sffe
age
545448
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14932
x-xss-protection
0
expires
Wed, 30 Mar 2022 14:16:18 GMT
mem8YaGs126MiZpBA-UFW50bbck.woff2
fonts.gstatic.com/s/opensans/v18/
11 KB
11 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFW50bbck.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,300italic,300,400italic,600,600italic,700,700italic&subset=latin,cyrillic
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
28e9420a6d03a70b837b51c9fbe1bb1f819a3d4aa71bffa07f7c3e79d7dcf878
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://office-365.icu
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 02 Apr 2021 10:03:37 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Sep 2020 18:09:21 GMT
server
sffe
age
301409
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11316
x-xss-protection
0
expires
Sat, 02 Apr 2022 10:03:37 GMT
mem8YaGs126MiZpBA-UFUZ0bbck.woff2
fonts.gstatic.com/s/opensans/v18/
9 KB
9 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFUZ0bbck.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,300italic,300,400italic,600,600italic,700,700italic&subset=latin,cyrillic
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
547ded99e5139a10d4145e6e5c62ce35fa03495f625ee8d1e457011408428154
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://office-365.icu
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 02 Apr 2021 10:03:37 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Sep 2020 18:09:24 GMT
server
sffe
age
301409
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9400
x-xss-protection
0
expires
Sat, 02 Apr 2022 10:03:37 GMT
/
online1.shopsn.su/socket.io/
98 B
427 B
XHR
General
Full URL
https://online1.shopsn.su:10/socket.io/?ip=185.212.171.75&hash=23320d197f45ac58f03f6600f18145e0&ssid=111049&EIO=3&transport=polling&t=NYa0EdP
Requested by
Host: office-365.icu
URL: https://office-365.icu/assets/js/socket.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
5.61.52.56 , United Kingdom, ASN58061 (SCALAXY-AS, NL),
Reverse DNS
shopsn.su
Software
/
Resource Hash
5a36004944e43d430371723e695383e646041520b6a3668488015e1fd2fb34b1

Request headers

Accept
*/*
Referer
https://office-365.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://office-365.icu
Date
Mon, 05 Apr 2021 21:47:06 GMT
Access-Control-Allow-Credentials
true
Connection
keep-alive
Keep-Alive
timeout=5
Content-Length
98
Content-Type
text/plain; charset=UTF-8
/
online1.shopsn.su/socket.io/
32 B
361 B
XHR
General
Full URL
https://online1.shopsn.su:10/socket.io/?ip=185.212.171.75&hash=23320d197f45ac58f03f6600f18145e0&ssid=111049&EIO=3&transport=polling&t=NYa0Ego&sid=3MrF1hMPfIsv3uQxBJwR
Requested by
Host: office-365.icu
URL: https://office-365.icu/assets/js/socket.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
5.61.52.56 , United Kingdom, ASN58061 (SCALAXY-AS, NL),
Reverse DNS
shopsn.su
Software
/
Resource Hash
2a18c2e72dd73ad8af6c5926d8ca564482866cc3ade081f1487d3c7816bb0399

Request headers

Accept
*/*
Referer
https://office-365.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://office-365.icu
Date
Mon, 05 Apr 2021 21:47:06 GMT
Access-Control-Allow-Credentials
true
Connection
keep-alive
Keep-Alive
timeout=5
Content-Length
32
Content-Type
text/plain; charset=UTF-8
/
online1.shopsn.su/socket.io/
3 B
331 B
XHR
General
Full URL
https://online1.shopsn.su:10/socket.io/?ip=185.212.171.75&hash=23320d197f45ac58f03f6600f18145e0&ssid=111049&EIO=3&transport=polling&t=NYa0Eh6&sid=3MrF1hMPfIsv3uQxBJwR
Requested by
Host: office-365.icu
URL: https://office-365.icu/assets/js/socket.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
5.61.52.56 , United Kingdom, ASN58061 (SCALAXY-AS, NL),
Reverse DNS
shopsn.su
Software
/
Resource Hash
62325dfc1fc675255519674da6e2c4aad5f51cc6c3217ed3c6fbf6cabe0d86b0

Request headers

Accept
*/*
Referer
https://office-365.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://office-365.icu
Date
Mon, 05 Apr 2021 21:47:06 GMT
Access-Control-Allow-Credentials
true
Connection
keep-alive
Keep-Alive
timeout=5
Content-Length
3
Content-Type
text/plain; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery function| test object| newDiv function| addElement function| io function| num2str object| socket object| jQuery191005662145710104416 function| hide number| intervalId number| online_offset

1 Cookies

Domain/Path Name / Value
office-365.icu/ Name: PHPSESSID
Value: ishbee2rnuumg1b93up3sao1th

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15768000; includeSubdomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
api.uber.space
fonts.googleapis.com
fonts.gstatic.com
office-365.icu
online1.shopsn.su
2a00:1450:4001:80e::200a
2a00:1450:4001:827::2003
2a00:1450:4001:827::200a
2a00:d0c0:200:0:384b:aaff:fecf:e3e8
5.61.52.56
5.61.53.84
28e9420a6d03a70b837b51c9fbe1bb1f819a3d4aa71bffa07f7c3e79d7dcf878
2a18c2e72dd73ad8af6c5926d8ca564482866cc3ade081f1487d3c7816bb0399
2afeab5329ce54c5858ecd9679f07f9647b2393cd335597a366e0e481fde4855
547ded99e5139a10d4145e6e5c62ce35fa03495f625ee8d1e457011408428154
5a36004944e43d430371723e695383e646041520b6a3668488015e1fd2fb34b1
62325dfc1fc675255519674da6e2c4aad5f51cc6c3217ed3c6fbf6cabe0d86b0
6fac491349d8b2b77e376a768428a1580ef5e5409171c432d4d3a50c77d10e6e
74712a4eb27eade0ffa4a5a341ebeaa4fd1fb27e1d64b9bb3e6193a8eee016f6
87981e8062814ca279922ee55276ad14bbdc29649f98e34b2d83c3afb5052a51
947dfab733138dfc7addde332760c72c8ac8dacad8d02340dbbd8a1ea3d1565a
9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52
b1d98b0fd8c3d4f233ab728e40f3521996318efefaaddb3bf4c9f293924da753
baa1087a72ec2a36cd6fcaeae786064d4041792df022b8e73cd628cb1c7804ee
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c9f0c67f16ad9b26d834206be4b6487095611f47ecb2e8790caaff9748271332
cafa96ae3c319e51cd94096840c0e06c7c71fb6edb4af1b73f63f60e715c4d54
e1cedbaf3f50f0897b4ed0c3b8cbc28b6d2d90e919fa53b0f9f3a14e9f3dca4e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f677ee2d82dfb11f08175f673cf3f065b0d5e491b4485e01259a492715c746e2