office365.software2.co Open in urlscan Pro
151.101.1.195  Malicious Activity! Public Scan

URL: https://office365.software2.co/tnn
Submission: On June 17 via automatic, source openphish

Summary

This website contacted 6 IPs in 4 countries across 6 domains to perform 21 HTTP transactions. The main IP is 151.101.1.195, located in United States and belongs to FASTLY - Fastly, US. The main domain is office365.software2.co.
TLS certificate: Issued by Let's Encrypt Authority X3 on June 15th 2019. Valid for: 3 months.
This is the only time office365.software2.co was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
14 151.101.1.195 54113 (FASTLY)
1 2a04:4e42::621 54113 (FASTLY)
1 23.37.61.177 16625 (AKAMAI-AS)
3 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 205.185.208.52 20446 (HIGHWINDS3)
1 3.121.224.43 16509 (AMAZON-02)
21 6
Domain Requested by
14 office365.software2.co office365.software2.co
3 auth.gfx.ms office365.software2.co
1 extreme-ip-lookup.com code.jquery.com
1 code.jquery.com office365.software2.co
1 cdn.odc.officeapps.live.com office365.software2.co
1 cdn.jsdelivr.net office365.software2.co
21 6

This site contains links to these domains. Also see Links.

Domain
support.microsoft.com
signup.live.com
account.live.com
login.live.com
Subject Issuer Validity Valid
app.enrollme.co
Let's Encrypt Authority X3
2019-06-15 -
2019-09-13
3 months crt.sh
f3.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3
2019-05-29 -
2020-04-23
a year crt.sh
cdn.odc.officeapps.live.com
Microsoft IT TLS CA 5
2018-03-16 -
2020-03-16
2 years crt.sh
msagfx.live.com
Microsoft IT TLS CA 4
2017-07-27 -
2019-07-17
2 years crt.sh
jquery.org
COMODO RSA Domain Validation Secure Server CA
2018-10-17 -
2020-10-16
2 years crt.sh
t1.extreme-dm.com
Let's Encrypt Authority X3
2019-05-31 -
2019-08-29
3 months crt.sh

This page contains 1 frames:

Primary Page: https://office365.software2.co/tnn
Frame ID: A5A7E29102B2659E13CE6B018B73C73E
Requests: 21 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • headers via /varnish(?: \(Varnish\/([\d.]+)\))?/i

Page Statistics

21
Requests

100 %
HTTPS

33 %
IPv6

6
Domains

6
Subdomains

6
IPs

4
Countries

671 kB
Transfer

1448 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request tnn
office365.software2.co/
39 KB
9 KB
Document
General
Full URL
https://office365.software2.co/tnn
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.1.195 , United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
97ea623e62a3ae38e8bb895002d726bcb737866b46997a5ebc72eb520b762ba7
Security Headers
Name Value
Strict-Transport-Security max-age=31556926

Request headers

:method
GET
:authority
office365.software2.co
:scheme
https
:path
/tnn
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
server
nginx
content-type
text/html; charset=utf-8
x-guploader-uploadid
AEnB2UqScf8XH_Zykd3u03gMBSCYPtwRaxShNuOmWLKBDY1zOsBCSjoSMmgMV1EyTDS-_gDrc2K-QLU8LXOV7cRkVOGVCJfAyV1aSs5tXXmijJsXD5Gsqn4
expires
Mon, 17 Jun 2019 11:31:22 GMT
cache-control
max-age=3600
last-modified
Fri, 31 Aug 2018 17:10:22 GMT
etag
"026286754c3e3aefcb1d49d637fc5168"
x-goog-generation
1535735422436088
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
x-goog-stored-content-length
8271
content-encoding
gzip
x-goog-hash
crc32c=Phzq+A==, md5=AmKGdUw+Ou/LHUnWN/xRaA==
x-goog-storage-class
MULTI_REGIONAL
strict-transport-security
max-age=31556926
accept-ranges
bytes
date
Mon, 17 Jun 2019 12:02:30 GMT
via
1.1 varnish
x-served-by
cache-hhn1528-HHN
x-cache
HIT
x-cache-hits
1
x-timer
S1560772950.185792,VS0,VE1
vary
Accept-Encoding, x-fh-requested-host
content-length
8271
firebase-app.js
office365.software2.co/__/firebase/5.4.0/
34 KB
12 KB
Script
General
Full URL
https://office365.software2.co/__/firebase/5.4.0/firebase-app.js
Requested by
Host: office365.software2.co
URL: https://office365.software2.co/tnn
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.1.195 , United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
e2320f2452434b494e292e5a413126980c134215940ab091e9e496a0052d62f8
Security Headers
Name Value
Strict-Transport-Security max-age=31556926
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://office365.software2.co/tnn
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31556926
content-encoding
gzip
x-content-type-options
nosniff
x-cache
MISS
status
200
content-length
12419
x-xss-protection
0
x-served-by
cache-hhn1528-HHN
last-modified
Thu, 16 Aug 2018 18:59:55 GMT
server
nginx
x-timer
S1560772950.199262,VS0,VE174
date
Mon, 17 Jun 2019 12:02:30 GMT
vary
Accept-Encoding, x-fh-requested-host
content-type
text/javascript; charset=utf-8
via
1.1 varnish
expires
Wed, 03 Jun 2020 00:36:04 GMT
cache-control
max-age=1800
accept-ranges
bytes
x-cache-hits
0
firebase-auth.js
office365.software2.co/__/firebase/5.4.0/
150 KB
47 KB
Script
General
Full URL
https://office365.software2.co/__/firebase/5.4.0/firebase-auth.js
Requested by
Host: office365.software2.co
URL: https://office365.software2.co/tnn
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.1.195 , United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
3a4686d26fad9eadc41abdc85e9f0f472e9a86ac5f97ab6773105884848e17f4
Security Headers
Name Value
Strict-Transport-Security max-age=31556926
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://office365.software2.co/tnn
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31556926
content-encoding
gzip
x-content-type-options
nosniff
x-cache
MISS
status
200
content-length
48271
x-xss-protection
0
x-served-by
cache-hhn1528-HHN
last-modified
Thu, 16 Aug 2018 18:59:54 GMT
server
nginx
x-timer
S1560772950.199288,VS0,VE153
date
Mon, 17 Jun 2019 12:02:30 GMT
vary
Accept-Encoding, x-fh-requested-host
content-type
text/javascript; charset=utf-8
via
1.1 varnish
expires
Tue, 02 Jun 2020 05:59:38 GMT
cache-control
max-age=1800
accept-ranges
bytes
x-cache-hits
0
firebase-database.js
office365.software2.co/__/firebase/5.4.0/
178 KB
47 KB
Script
General
Full URL
https://office365.software2.co/__/firebase/5.4.0/firebase-database.js
Requested by
Host: office365.software2.co
URL: https://office365.software2.co/tnn
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.1.195 , United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
1f0c2e6f0c981d863e272cd4825a9362318ce34298ad7ef61a3d30429d3dc64a
Security Headers
Name Value
Strict-Transport-Security max-age=31556926
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://office365.software2.co/tnn
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31556926
content-encoding
gzip
x-content-type-options
nosniff
x-cache
MISS
status
200
content-length
47625
x-xss-protection
0
x-served-by
cache-hhn1528-HHN
last-modified
Thu, 16 Aug 2018 18:59:55 GMT
server
nginx
x-timer
S1560772950.215699,VS0,VE150
date
Mon, 17 Jun 2019 12:02:30 GMT
vary
Accept-Encoding, x-fh-requested-host
content-type
text/javascript; charset=utf-8
via
1.1 varnish
expires
Mon, 01 Jun 2020 02:34:27 GMT
cache-control
max-age=1800
accept-ranges
bytes
x-cache-hits
0
firebase-messaging.js
office365.software2.co/__/firebase/5.4.0/
35 KB
10 KB
Script
General
Full URL
https://office365.software2.co/__/firebase/5.4.0/firebase-messaging.js
Requested by
Host: office365.software2.co
URL: https://office365.software2.co/tnn
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.1.195 , United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
246fef45b3c78c283fb603de040c9263bbb48532dcb057d4045a790b1b149318
Security Headers
Name Value
Strict-Transport-Security max-age=31556926
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://office365.software2.co/tnn
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31556926
content-encoding
gzip
x-content-type-options
nosniff
x-cache
MISS
status
200
content-length
10046
x-xss-protection
0
x-served-by
cache-hhn1528-HHN
last-modified
Thu, 16 Aug 2018 18:59:55 GMT
server
nginx
x-timer
S1560772950.215729,VS0,VE164
date
Mon, 17 Jun 2019 12:02:30 GMT
vary
Accept-Encoding, x-fh-requested-host
content-type
text/javascript; charset=utf-8
via
1.1 varnish
expires
Mon, 01 Jun 2020 02:34:27 GMT
cache-control
max-age=1800
accept-ranges
bytes
x-cache-hits
0
firebase-storage.js
office365.software2.co/__/firebase/5.4.0/
35 KB
11 KB
Script
General
Full URL
https://office365.software2.co/__/firebase/5.4.0/firebase-storage.js
Requested by
Host: office365.software2.co
URL: https://office365.software2.co/tnn
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.1.195 , United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
ab0f67fac73121208fb5e3478245d504806335e9101936081c5d5e475ae5f69d
Security Headers
Name Value
Strict-Transport-Security max-age=31556926
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://office365.software2.co/tnn
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31556926
content-encoding
gzip
x-content-type-options
nosniff
x-cache
MISS
status
200
content-length
10691
x-xss-protection
0
x-served-by
cache-hhn1528-HHN
last-modified
Thu, 16 Aug 2018 18:59:54 GMT
server
nginx
x-timer
S1560772950.215778,VS0,VE154
date
Mon, 17 Jun 2019 12:02:30 GMT
vary
Accept-Encoding, x-fh-requested-host
content-type
text/javascript; charset=utf-8
via
1.1 varnish
expires
Mon, 01 Jun 2020 22:15:14 GMT
cache-control
max-age=1800
accept-ranges
bytes
x-cache-hits
0
firebase-firestore.js
office365.software2.co/__/firebase/5.4.0/
360 KB
89 KB
Script
General
Full URL
https://office365.software2.co/__/firebase/5.4.0/firebase-firestore.js
Requested by
Host: office365.software2.co
URL: https://office365.software2.co/tnn
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.1.195 , United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
8ab0a408aaf74937b23ea5ca870e02a0f5b272f549fcc2cfd34d30f690135d4b
Security Headers
Name Value
Strict-Transport-Security max-age=31556926
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://office365.software2.co/tnn
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31556926
content-encoding
gzip
x-content-type-options
nosniff
x-cache
MISS
status
200
content-length
91268
x-xss-protection
0
x-served-by
cache-hhn1528-HHN
last-modified
Thu, 16 Aug 2018 18:59:54 GMT
server
nginx
x-timer
S1560772950.215811,VS0,VE261
date
Mon, 17 Jun 2019 12:02:30 GMT
vary
Accept-Encoding, x-fh-requested-host
content-type
text/javascript; charset=utf-8
via
1.1 varnish
expires
Mon, 01 Jun 2020 02:35:26 GMT
cache-control
max-age=1800
accept-ranges
bytes
x-cache-hits
0
init.js
office365.software2.co/__/firebase/
473 B
624 B
Script
General
Full URL
https://office365.software2.co/__/firebase/init.js
Requested by
Host: office365.software2.co
URL: https://office365.software2.co/tnn
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.1.195 , United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
3295281bcbd84e2d83b48590d3ef9302e488bf0d0f3990d01b05c56a3b5a3040
Security Headers
Name Value
Strict-Transport-Security max-age=31556926

Request headers

Referer
https://office365.software2.co/tnn
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31556926
content-encoding
gzip
x-cache-hits
1
status
200
x-guploader-uploadid
AEnB2Uo_EKD47k2HllRok1g_dow3MjhbkFTvSNuW8TLcm1XR3iIh3L5WzSYdJTPFhfAGw9wvxYK0kIV9QDgeTViOJWDZiYyqDtPORLMNjp6vPGdf8UDk5wY
x-cache
HIT
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
date
Mon, 17 Jun 2019 12:02:30 GMT
x-goog-stored-content-encoding
gzip
content-length
326
x-served-by
cache-hhn1528-HHN
last-modified
Fri, 17 Aug 2018 13:31:05 GMT
server
nginx
x-timer
S1560772950.215814,VS0,VE1
etag
"08b792f658b12324344ebfd292946bac"
vary
Accept-Encoding, x-fh-requested-host
x-goog-hash
crc32c=3iX8OA==, md5=CLeS9lixIyQ0Tr/SkpRrrA==
x-goog-generation
1534512665178649
via
1.1 varnish
cache-control
max-age=3600
x-goog-stored-content-length
326
accept-ranges
bytes
content-type
text/javascript; charset=utf-8
expires
Mon, 17 Jun 2019 11:31:25 GMT
ua-parser.min.js
cdn.jsdelivr.net/npm/ua-parser-js@0/dist/
18 KB
6 KB
Script
General
Full URL
https://cdn.jsdelivr.net/npm/ua-parser-js@0/dist/ua-parser.min.js
Requested by
Host: office365.software2.co
URL: https://office365.software2.co/tnn
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42::621 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
552405b3ccd676a8d2825896f40031cdf4e0a6298ef4b26e0456b6ccede4cbdb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://office365.software2.co/tnn
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-cache
HIT, HIT
status
200
date
Mon, 17 Jun 2019 12:02:30 GMT
content-length
6476
x-served-by
cache-ams21042-AMS, cache-fra19165-FRA
etag
W/"4737-SpAD9eKrXRsrBSXkhOd7eMH5/DU"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
main.css
office365.software2.co/css/
120 KB
23 KB
Stylesheet
General
Full URL
https://office365.software2.co/css/main.css
Requested by
Host: office365.software2.co
URL: https://office365.software2.co/tnn
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.1.195 , United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
33dd70b1228a26ddcf12a2334e5146fbeb44709c7449955317e296d8579efe82
Security Headers
Name Value
Strict-Transport-Security max-age=31556926

Request headers

Referer
https://office365.software2.co/tnn
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31556926
content-encoding
gzip
x-cache-hits
1
status
200
x-guploader-uploadid
AEnB2UodXlph1U2B9hzOND_exfJH9U6SZh6BoI-MoFZ9sPi5Qs_Y5yAzZnIAI04g4tzv9LHeNdpdYGeaaGvct0jvvjYIvs7Vrw
x-cache
HIT
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
date
Mon, 17 Jun 2019 12:02:30 GMT
x-goog-stored-content-encoding
gzip
content-length
23396
x-served-by
cache-hhn1528-HHN
last-modified
Fri, 31 Aug 2018 17:10:22 GMT
server
nginx
x-timer
S1560772950.199255,VS0,VE1
etag
"70ddedecea7ff0547a2e01d619dc5270"
vary
Accept-Encoding, x-fh-requested-host
x-goog-hash
crc32c=P6W6lg==, md5=cN3t7Op/8FR6LgHWGdxScA==
x-goog-generation
1535735422639477
via
1.1 varnish
cache-control
max-age=3600
x-goog-stored-content-length
23396
accept-ranges
bytes
content-type
text/css; charset=utf-8
expires
Sat, 15 Jun 2019 00:12:42 GMT
microsoft_logo.svg
cdn.odc.officeapps.live.com/odc/stat/images/hrd/
4 KB
2 KB
Image
General
Full URL
https://cdn.odc.officeapps.live.com/odc/stat/images/hrd/microsoft_logo.svg?b=10815.36600
Requested by
Host: office365.software2.co
URL: https://office365.software2.co/tnn
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.37.61.177 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-37-61-177.deploy.static.akamaitechnologies.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://office365.software2.co/tnn
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

X-CorrelationId
70a0ec99-03b8-4ace-9366-79909460872e
Date
Mon, 17 Jun 2019 12:02:30 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Powered-By
ASP.NET
X-OfficeFE
OdcFrontEnd_IN_116
P3P
CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
Connection
keep-alive
Content-Length
1464
Server
Microsoft-IIS/10.0
Last-Modified
Fri, 01 Feb 2002 18:02:02 GMT
X-OfficeCluster
ukw-odc.officeapps.live.com
X-UserSessionId
70a0ec99-03b8-4ace-9366-79909460872e
ETag
"0c9b98c4aabc11:0"
Vary
Accept-Encoding
Content-Type
image/svg+xml
Cache-Control
private, max-age=1668016
Accept-Ranges
bytes
X-OfficeVersion
16.0.11731.36600
ryan.png
office365.software2.co/img/
98 KB
98 KB
Image
General
Full URL
https://office365.software2.co/img/ryan.png
Requested by
Host: office365.software2.co
URL: https://office365.software2.co/tnn
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.1.195 , United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
3dccbb42df2274180bc70b2f6a5b7e88a6aca95cf82586f2409de66a92362402
Security Headers
Name Value
Strict-Transport-Security max-age=31556926

Request headers

Referer
https://office365.software2.co/tnn
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31556926
content-encoding
gzip
x-cache-hits
1
status
200
x-guploader-uploadid
AEnB2Up7wH9AYtFDfHhEoi8HKU-kJdP6esEm0hP2hc9jHNyrpq3AZ6fu3uhLtG_3uwoxwWBK2mxm0mWULhj14brm-FkSX2kyYczkig8hjyDLlmVe06Llzi4
x-cache
HIT
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
date
Mon, 17 Jun 2019 12:02:30 GMT
x-goog-stored-content-encoding
gzip
content-length
100248
x-served-by
cache-hhn1528-HHN
last-modified
Fri, 31 Aug 2018 16:52:11 GMT
server
nginx
x-timer
S1560772950.215843,VS0,VE1
etag
"a6273256cccd66e3e56a94da947b6ea8"
vary
Accept-Encoding, x-fh-requested-host
x-goog-hash
crc32c=csKjaQ==, md5=picyVszNZuPlapTalHtuqA==
x-goog-generation
1535734331615994
via
1.1 varnish
cache-control
max-age=3600
x-goog-stored-content-length
100248
accept-ranges
bytes
content-type
image/png
expires
Mon, 17 Jun 2019 00:52:48 GMT
url.png
office365.software2.co/img/
6 KB
6 KB
Image
General
Full URL
https://office365.software2.co/img/url.png
Requested by
Host: office365.software2.co
URL: https://office365.software2.co/tnn
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.1.195 , United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
1313303d9caaf47b86023a04c0c7437a3e5bd361d7966d227b5cb3f88b4d40b3
Security Headers
Name Value
Strict-Transport-Security max-age=31556926

Request headers

Referer
https://office365.software2.co/tnn
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31556926
content-encoding
gzip
x-cache-hits
1
status
200
x-guploader-uploadid
AEnB2UqH73e35jC_lAE0_PU5nNvPhyGhEvMgiZyTXJdRwVcuSDJR_PzLMm3Mxu0UIxUj6_tdtlDWYAXIrkW4S0Ag-FHUaxXFow
x-cache
HIT
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
date
Mon, 17 Jun 2019 12:02:30 GMT
x-goog-stored-content-encoding
gzip
content-length
6066
x-served-by
cache-hhn1528-HHN
last-modified
Fri, 17 Aug 2018 17:09:09 GMT
server
nginx
x-timer
S1560772950.215873,VS0,VE1
etag
"5780c9a5fd76586b0d6b906e63c0defd"
vary
Accept-Encoding, x-fh-requested-host
x-goog-hash
crc32c=qV5A+w==, md5=V4DJpf12WGsNa5BuY8De/Q==
x-goog-generation
1534525749452086
via
1.1 varnish
cache-control
max-age=3600
x-goog-stored-content-length
6066
accept-ranges
bytes
content-type
image/png
expires
Thu, 13 Jun 2019 15:11:07 GMT
microsoft_logo.svg
auth.gfx.ms/16.000.27868.00/images/
4 KB
2 KB
Image
General
Full URL
https://auth.gfx.ms/16.000.27868.00/images/microsoft_logo.svg?x=ee5c8d9fb6248c938fd0dc19370e90bd
Requested by
Host: office365.software2.co
URL: https://office365.software2.co/tnn
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:283::34ef , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

Referer
https://office365.software2.co/tnn
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 17 Jun 2019 12:02:30 GMT
Content-Encoding
gzip
Last-Modified
Thu, 19 Jul 2018 02:13:44 GMT
PPServer
PPV: 30 H: BL2IDSPRTS1A003 V: 0
ETag
"0fc581e61fd41:0"
Vary
Accept-Encoding
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Cache-Control
max-age=67064
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1435
Server
Microsoft-IIS/8.5
ellipsis_white.svg
auth.gfx.ms/16.000.27868.00/images/
915 B
665 B
Image
General
Full URL
https://auth.gfx.ms/16.000.27868.00/images/ellipsis_white.svg?x=5ac590ee72bfe06a7cecfd75b588ad73
Requested by
Host: office365.software2.co
URL: https://office365.software2.co/tnn
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:283::34ef , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea

Request headers

Referer
https://office365.software2.co/tnn
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 17 Jun 2019 12:02:30 GMT
Content-Encoding
gzip
Last-Modified
Thu, 19 Jul 2018 02:13:44 GMT
PPServer
PPV: 30 H: BL2IDSPRTS1A004 V: 0
ETag
"0fc581e61fd41:0"
Vary
Accept-Encoding
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Cache-Control
max-age=67064
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
263
Server
Microsoft-IIS/8.5
ellipsis_grey.svg
auth.gfx.ms/16.000.27868.00/images/
915 B
665 B
Image
General
Full URL
https://auth.gfx.ms/16.000.27868.00/images/ellipsis_grey.svg?x=2b5d393db04a5e6e1f739cb266e65b4c
Requested by
Host: office365.software2.co
URL: https://office365.software2.co/tnn
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:283::34ef , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6

Request headers

Referer
https://office365.software2.co/tnn
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 17 Jun 2019 12:02:30 GMT
Content-Encoding
gzip
Last-Modified
Thu, 19 Jul 2018 02:13:44 GMT
PPServer
PPV: 30 H: BL2IDSPRTS1A004 V: 0
ETag
"0fc581e61fd41:0"
Vary
Accept-Encoding
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Cache-Control
max-age=67064
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
263
Server
Microsoft-IIS/8.5
jquery-3.3.1.min.js
code.jquery.com/
85 KB
30 KB
Script
General
Full URL
https://code.jquery.com/jquery-3.3.1.min.js
Requested by
Host: office365.software2.co
URL: https://office365.software2.co/tnn
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.208.52 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
vip052.ssl.hwcdn.net
Software
nginx /
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://office365.software2.co/tnn
Origin
https://office365.software2.co

Response headers

Date
Mon, 17 Jun 2019 12:02:30 GMT
Content-Encoding
gzip
Last-Modified
Sat, 20 Jan 2018 17:26:44 GMT
Server
nginx
ETag
"5a637bd4-1538f"
Vary
Accept-Encoding
X-HW
1560772950.dop085.lo4.shc,1560772950.dop085.lo4.t,1560772950.cds038.lo4.c
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000, public
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
30288
main.js
office365.software2.co/js/
4 KB
2 KB
Script
General
Full URL
https://office365.software2.co/js/main.js
Requested by
Host: office365.software2.co
URL: https://office365.software2.co/tnn
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.1.195 , United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
8d0cf1c90f2f99f03dbdb78e9f352eb8c6c159e447f1b2b3354acafec18e5b63
Security Headers
Name Value
Strict-Transport-Security max-age=31556926

Request headers

Referer
https://office365.software2.co/tnn
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31556926
content-encoding
gzip
x-cache-hits
1
status
200
x-guploader-uploadid
AEnB2UoICK6iXOejL4d1ZhaBtckwKCTFBo-BX7alBZyvRVo0ko4OrgVUO6uTsFt2Z2ylxf7i9_U6MXOHIlu7dDgzIND1AH_RJw
x-cache
HIT
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
date
Mon, 17 Jun 2019 12:02:30 GMT
x-goog-stored-content-encoding
gzip
content-length
1237
x-served-by
cache-hhn1528-HHN
last-modified
Fri, 31 Aug 2018 17:07:58 GMT
server
nginx
x-timer
S1560772950.215665,VS0,VE1
etag
"9190df92b435269fb8fa4b53cc15bca3"
vary
Accept-Encoding, x-fh-requested-host
x-goog-hash
crc32c=5VGw3w==, md5=kZDfkrQ1Jp+4+ktTzBW8ow==
x-goog-generation
1535735278039259
via
1.1 varnish
cache-control
max-age=3600
x-goog-stored-content-length
1237
accept-ranges
bytes
content-type
text/javascript; charset=utf-8
expires
Sat, 15 Jun 2019 00:12:43 GMT
background-small.jpg
office365.software2.co/img/
1 KB
1 KB
Image
General
Full URL
https://office365.software2.co/img/background-small.jpg
Requested by
Host: office365.software2.co
URL: https://office365.software2.co/tnn
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.1.195 , United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
c13db279143e1845ee4aaee5afedc5bd75e9f7d50024b63883b45332c4960b3b
Security Headers
Name Value
Strict-Transport-Security max-age=31556926

Request headers

Referer
https://office365.software2.co/css/main.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31556926
content-encoding
gzip
x-cache-hits
1
status
200
x-guploader-uploadid
AEnB2UpMG6sS7WXS59VQbLkqyaVY3c9EEYOECOv_PLcqDEtzUolalZzlj28-OOUWF-52GHcArscRTA59GPhRtHuQYrXn3IkVMoFXVvdcJ74ZIgk4f93p1BU
x-cache
HIT
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
date
Mon, 17 Jun 2019 12:02:30 GMT
x-goog-stored-content-encoding
gzip
content-length
823
x-served-by
cache-hhn1528-HHN
last-modified
Tue, 11 Jun 2019 01:09:24 GMT
server
nginx
x-timer
S1560772950.220410,VS0,VE0
etag
"608a0794b3fcb424e5a56b364c84488b"
vary
Accept-Encoding, x-fh-requested-host
x-goog-hash
crc32c=zd239Q==, md5=YIoHlLP8tCTlpWs2TIRIiw==
x-goog-generation
1560215364769656
via
1.1 varnish
cache-control
max-age=3600
x-goog-stored-content-length
823
accept-ranges
bytes
content-type
image/jpeg
expires
Wed, 12 Jun 2019 21:09:53 GMT
background.jpg
office365.software2.co/img/
277 KB
273 KB
Image
General
Full URL
https://office365.software2.co/img/background.jpg
Requested by
Host: office365.software2.co
URL: https://office365.software2.co/tnn
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.1.195 , United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb
Security Headers
Name Value
Strict-Transport-Security max-age=31556926

Request headers

Referer
https://office365.software2.co/css/main.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31556926
content-encoding
gzip
x-cache-hits
1
status
200
x-guploader-uploadid
AEnB2UqLB1BBOBgmafrc73hwxGPU2QHWGa20M4LWog8n3tpWXyIY4EhHA0zY6nUHi91QG2vQi2R6xOuRyqRWJ9Y0bhyT7z48Pg
x-cache
HIT
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
date
Mon, 17 Jun 2019 12:02:30 GMT
x-goog-stored-content-encoding
gzip
content-length
278815
x-served-by
cache-hhn1528-HHN
last-modified
Wed, 17 Apr 2019 20:51:19 GMT
server
nginx
x-timer
S1560772950.220372,VS0,VE1
etag
"40b4cc6a8e9fe2ce3882917e6ce14fd1"
vary
Accept-Encoding, x-fh-requested-host
x-goog-hash
crc32c=NIMZGQ==, md5=QLTMao6f4s44gpF+bOFP0Q==
x-goog-generation
1555534279931665
via
1.1 varnish
cache-control
max-age=3600
x-goog-stored-content-length
278815
accept-ranges
bytes
content-type
image/jpeg
expires
Fri, 14 Jun 2019 05:27:04 GMT
/
extreme-ip-lookup.com/json/
370 B
568 B
XHR
General
Full URL
https://extreme-ip-lookup.com/json/
Requested by
Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.3.1.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_CBC
Server
3.121.224.43 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-3-121-224-43.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
f99de9b950173eb6ca25778cbf54fd2296e7c507b6824fcf2aa01f47a3bbd6bc

Request headers

Accept
*/*
Referer
https://office365.software2.co/tnn
Origin
https://office365.software2.co
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Mon, 17 Jun 2019 12:02:30 GMT
Server
nginx
Connection
keep-alive
Content-Length
370
Content-Type
application/json; charset=utf-8;

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask function| UAParser function| $ function| jQuery undefined| username undefined| password string| city string| browser string| browserVersion string| os string| osVersion function| submitUsername function| ipLookUp function| submitPassword function| calculatePasswordScore function| writeUserData object| core object| __core-js_shared__ object| firebase

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31556926

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

auth.gfx.ms
cdn.jsdelivr.net
cdn.odc.officeapps.live.com
code.jquery.com
extreme-ip-lookup.com
office365.software2.co
151.101.1.195
205.185.208.52
23.37.61.177
2a02:26f0:6c00:283::34ef
2a04:4e42::621
3.121.224.43
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
1313303d9caaf47b86023a04c0c7437a3e5bd361d7966d227b5cb3f88b4d40b3
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6
1f0c2e6f0c981d863e272cd4825a9362318ce34298ad7ef61a3d30429d3dc64a
211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb
246fef45b3c78c283fb603de040c9263bbb48532dcb057d4045a790b1b149318
3295281bcbd84e2d83b48590d3ef9302e488bf0d0f3990d01b05c56a3b5a3040
33dd70b1228a26ddcf12a2334e5146fbeb44709c7449955317e296d8579efe82
3a4686d26fad9eadc41abdc85e9f0f472e9a86ac5f97ab6773105884848e17f4
3dccbb42df2274180bc70b2f6a5b7e88a6aca95cf82586f2409de66a92362402
552405b3ccd676a8d2825896f40031cdf4e0a6298ef4b26e0456b6ccede4cbdb
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea
8ab0a408aaf74937b23ea5ca870e02a0f5b272f549fcc2cfd34d30f690135d4b
8d0cf1c90f2f99f03dbdb78e9f352eb8c6c159e447f1b2b3354acafec18e5b63
97ea623e62a3ae38e8bb895002d726bcb737866b46997a5ebc72eb520b762ba7
ab0f67fac73121208fb5e3478245d504806335e9101936081c5d5e475ae5f69d
c13db279143e1845ee4aaee5afedc5bd75e9f7d50024b63883b45332c4960b3b
e2320f2452434b494e292e5a413126980c134215940ab091e9e496a0052d62f8
f99de9b950173eb6ca25778cbf54fd2296e7c507b6824fcf2aa01f47a3bbd6bc