o365supports.com Open in urlscan Pro
35.165.73.140  Malicious Activity! Public Scan

1 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request 5536580-k__84bFaxppiCA Show response o365supports.com/	21 KB 22 KB	305ms 100ms	Document text/html	35.165.73.140 AMAZON-02
General Check archive.org Show headers Download Go to Full URL http://o365supports.com/5536580-k__84bFaxppiCA Protocol HTTP/1.1 Server 35.165.73.140 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-35-165-73-140.us-west-2.compute.amazonaws.com Software gunicorn/19.7.1 / Resource Hash c066d8e9c8394184ed21efc801ffaceeb5684404ba2d48ecefc279c2671d1000 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 accept-language en-US,en;q=0.9 Response headers Connection keep-alive Content-Length 21716 Content-Type text/html; charset=utf-8 Date Fri, 18 Aug 2023 22:49:27 GMT Server gunicorn/19.7.1 Strict-Transport-Security max-age=31536000; includeSubDomains Vary Cookie X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-UA-Compatible IE=edge,chrome=1 X-XSS-Protection 1; mode=block
GET H/1.1	200 OK	login.min.css staticmediafiles.s3.amazonaws.com/media/pagecloner/cfa43-20160629-084936-login.microsoftonline.com/ests/2.1.4310.7/content/cdnbundles/	21 KB 21 KB	125ms 56ms	Stylesheet text/css	3.5.25.252 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://staticmediafiles.s3.amazonaws.com/media/pagecloner/cfa43-20160629-084936-login.microsoftonline.com/ests/2.1.4310.7/content/cdnbundles/login.min.css Requested by Host: o365supports.com URL: http://o365supports.com/5536580-k__84bFaxppiCA Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 3.5.25.252 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS s3-1-w.amazonaws.com Software AmazonS3 / Resource Hash 0c04b857857f77414ef0dd3ec715e3292324565809722e9a68bf9efd18b50102 Request headers accept-language en-US,en;q=0.9 Referer http://o365supports.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers Date Fri, 18 Aug 2023 22:49:28 GMT x-amz-version-id null Last-Modified Wed, 29 Jun 2016 08:49:41 GMT Server AmazonS3 x-amz-request-id NQYZ9S2D1RQCT1YQ ETag "a742633822a231c892cd8ebdb1557633" Content-Type text/css Accept-Ranges bytes Content-Length 21594 x-amz-id-2 +he4aeIp+bQxmo4pSCOKO5QR300vFaC8wjdpvL84YboeZJR3dqji9qXoB/Vbju10GU+aEF0szhLaaHBLM3AbaP6hT2Uovkh3Qs0XrVvZIKM=
GET H/1.1	200 OK	heroillustration staticmediafiles.s3.amazonaws.com/media/pagecloner/cfa43-20160629-084936-login.microsoftonline.com/dbd5a2dd-6ybrougjmflxqw910ieyohr7wb4x4-yvoixrlaidmz4/appbranding/askzfdsqe20i-bcjwporaywega7vbt4ac...	199 KB 199 KB	148ms 81ms	Image application/octet-stream	3.5.25.252 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://staticmediafiles.s3.amazonaws.com/media/pagecloner/cfa43-20160629-084936-login.microsoftonline.com/dbd5a2dd-6ybrougjmflxqw910ieyohr7wb4x4-yvoixrlaidmz4/appbranding/askzfdsqe20i-bcjwporaywega7vbt4acqnn1hiliiw/0/heroillustration Requested by Host: o365supports.com URL: http://o365supports.com/5536580-k__84bFaxppiCA Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 3.5.25.252 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS s3-1-w.amazonaws.com Software AmazonS3 / Resource Hash 7e50e406688bd898803f653058d14ca384734cb9b39ba900bc5e2734b59c073b Request headers accept-language en-US,en;q=0.9 Referer http://o365supports.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers Date Fri, 18 Aug 2023 22:49:28 GMT x-amz-version-id null Last-Modified Wed, 29 Jun 2016 08:49:41 GMT Server AmazonS3 x-amz-request-id NQYGX0R5ZSKCDC0R ETag "65283b123eb235e6176ae98c02ac5b1c" Content-Type application/octet-stream Accept-Ranges bytes Content-Length 203294 x-amz-id-2 32BeqMW54kmV8aNGOZ5YnhzF8WkWmFNTqh3ERCUbuz+DV/G9lMuu2VMLfkc3JDs6Dxc4UFsiAaQf+tepgcLuGCO9zZvicI4/t+lsRE5/o4g=
GET H/1.1	200 OK	bannerlogo staticmediafiles.s3.amazonaws.com/media/pagecloner/cfa43-20160629-084936-login.microsoftonline.com/dbd5a2dd-6ybrougjmflxqw910ieyohr7wb4x4-yvoixrlaidmz4/appbranding/askzfdsqe20i-bcjwporaywega7vbt4ac...	4 KB 5 KB	142ms 75ms	Image application/octet-stream	3.5.25.252 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://staticmediafiles.s3.amazonaws.com/media/pagecloner/cfa43-20160629-084936-login.microsoftonline.com/dbd5a2dd-6ybrougjmflxqw910ieyohr7wb4x4-yvoixrlaidmz4/appbranding/askzfdsqe20i-bcjwporaywega7vbt4acqnn1hiliiw/0/bannerlogo Requested by Host: o365supports.com URL: http://o365supports.com/5536580-k__84bFaxppiCA Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 3.5.25.252 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS s3-1-w.amazonaws.com Software AmazonS3 / Resource Hash fc5c3d7d2b298a42ec44dad2d8cd227b734db966b4afa68c0254a497e805f603 Request headers accept-language en-US,en;q=0.9 Referer http://o365supports.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers Date Fri, 18 Aug 2023 22:49:28 GMT x-amz-version-id null Last-Modified Wed, 29 Jun 2016 08:49:42 GMT Server AmazonS3 x-amz-request-id NQYRY9HESD5GTMYK ETag "9f09a27d4f69b3557c7433574a29d726" Content-Type application/octet-stream Accept-Ranges bytes Content-Length 4585 x-amz-id-2 +AXVdwL2fJu/ycshA/bqqjwLr3/ztNZVDCeK+nrZRzAR+gJrKj6Vgu9BmAVlsdEodwLALDsEPyW6U2irkbjF7iU+B7JJm1DUpQL+aEtsYpQ=
GET H/1.1	200 OK	microsoft_logo.png staticmediafiles.s3.amazonaws.com/media/pagecloner/cfa43-20160629-084936-login.microsoftonline.com/ests/2.1.4310.7/content/images/	1 KB 1 KB	127ms 57ms	Image image/png	3.5.25.252 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://staticmediafiles.s3.amazonaws.com/media/pagecloner/cfa43-20160629-084936-login.microsoftonline.com/ests/2.1.4310.7/content/images/microsoft_logo.png Requested by Host: o365supports.com URL: http://o365supports.com/5536580-k__84bFaxppiCA Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 3.5.25.252 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS s3-1-w.amazonaws.com Software AmazonS3 / Resource Hash 988e349f2bf4e87154738c7b2c1fa86618713a8cfa0cef60a046f5add89bd9de Request headers accept-language en-US,en;q=0.9 Referer http://o365supports.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers Date Fri, 18 Aug 2023 22:49:28 GMT x-amz-version-id null Last-Modified Wed, 29 Jun 2016 08:49:43 GMT Server AmazonS3 x-amz-request-id NQYGN6GGF98EEVHX ETag "e4b675007dc6492ee590131d1f7dfbb3" Content-Type image/png Accept-Ranges bytes Content-Length 1040 x-amz-id-2 /9r8MeRmUbPjintJFoLQJe2W1h5D4f6GLGYjpY8wtePw5v/o6wRi/P7MVPZK65Qqi1tItLwUtKvWb18/cTmvXjcBe4abjzyyp2Gul6t8ZJQ=
GET H/1.1	200 OK	jquery-1.11.0.min.js Show response staticmediafiles.s3.amazonaws.com/static/webapp/js/	94 KB 95 KB	108ms 43ms	Script application/javascript	3.5.25.252 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://staticmediafiles.s3.amazonaws.com/static/webapp/js/jquery-1.11.0.min.js Requested by Host: o365supports.com URL: http://o365supports.com/5536580-k__84bFaxppiCA Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 3.5.25.252 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS s3-1-w.amazonaws.com Software AmazonS3 / Resource Hash b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682 Request headers accept-language en-US,en;q=0.9 Referer http://o365supports.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers Date Fri, 18 Aug 2023 22:49:28 GMT x-amz-version-id null Last-Modified Mon, 04 Jul 2016 08:58:20 GMT Server AmazonS3 x-amz-request-id NQYN53PCYBDM0PZD ETag "8fc25e27d42774aeae6edbc0a18b72aa" Content-Type application/javascript Accept-Ranges bytes Content-Length 96381 x-amz-id-2 /wXx3rv/n0UHRnFBGirRuH46marDc0D/jnJTYHJXYfst5242519yeJ1mtA6LAiTfzmuGAlo4lSejnQZsoHFlE7C45DDiPXTWOihyMs3kFc4=
GET H2	200	create_click_event.js Show response members.ironscales.com/static/training/js/	376 B 553 B	429ms 88ms	Script application/javascript	44.236.1.90 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://members.ironscales.com/static/training/js/create_click_event.js Requested by Host: o365supports.com URL: http://o365supports.com/5536580-k__84bFaxppiCA Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 44.236.1.90 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-44-236-1-90.us-west-2.compute.amazonaws.com Software nginx / Resource Hash 8aa0dc07e67658e85b668f449655068ffeadaa406a21115acae58dc176c4487b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language en-US,en;q=0.9 Referer http://o365supports.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Fri, 18 Aug 2023 22:49:27 GMT strict-transport-security max-age=31536000; includeSubDomains x-content-type-options nosniff last-modified Tue, 15 Aug 2023 07:55:14 GMT server nginx content-encoding gzip etag W/"64db2f62-178" vary Accept-Encoding x-frame-options SAMEORIGIN content-type application/javascript x-xss-protection 1; mode=block x-ua-compatible IE=edge,chrome=1
GET H2	200	confirm_data_entry_on_typing.js Show response members.ironscales.com/static/training/js/	848 B 773 B	428ms 87ms	Script application/javascript	44.236.1.90 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://members.ironscales.com/static/training/js/confirm_data_entry_on_typing.js Requested by Host: o365supports.com URL: http://o365supports.com/5536580-k__84bFaxppiCA Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 44.236.1.90 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-44-236-1-90.us-west-2.compute.amazonaws.com Software nginx / Resource Hash 657348bf276aef9bf7efc01f6dcf6779395c2de5e5e582981c0b450f5a529d14 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language en-US,en;q=0.9 Referer http://o365supports.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Fri, 18 Aug 2023 22:49:27 GMT strict-transport-security max-age=31536000; includeSubDomains x-content-type-options nosniff last-modified Tue, 15 Aug 2023 07:55:14 GMT server nginx content-encoding gzip etag W/"64db2f62-350" vary Accept-Encoding x-frame-options SAMEORIGIN content-type application/javascript x-xss-protection 1; mode=block x-ua-compatible IE=edge,chrome=1
POST H/1.1	200 OK	5536580-k__84bFaxppiCA Show response o365supports.com/tracking/create_click_event/	21 B 386 B	104ms 104ms	XHR application/json	35.165.73.140 AMAZON-02
General Check archive.org Show headers Download Go to Full URL http://o365supports.com/tracking/create_click_event/5536580-k__84bFaxppiCA Requested by Host: staticmediafiles.s3.amazonaws.com URL: https://staticmediafiles.s3.amazonaws.com/static/webapp/js/jquery-1.11.0.min.js Protocol HTTP/1.1 Server 35.165.73.140 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-35-165-73-140.us-west-2.compute.amazonaws.com Software gunicorn/19.7.1 / Resource Hash 8e348a2876686697c17bc2784470cbebe761146f0bbfc180a67a52793117882d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept application/json, text/javascript, */*; q=0.01 Referer http://o365supports.com/5536580-k__84bFaxppiCA X-Requested-With XMLHttpRequest accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Content-Type application/json; charset=UTF-8 Response headers Date Fri, 18 Aug 2023 22:49:28 GMT Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Server gunicorn/19.7.1 Vary Cookie X-Frame-Options SAMEORIGIN Content-Type application/json Connection keep-alive Content-Length 21 X-XSS-Protection 1; mode=block X-UA-Compatible IE=edge,chrome=1

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Office 365 (Online)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| createClickEvent object| excludedKeyCodes function| confirmDataEntryOnTyping

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

members.ironscales.com
o365supports.com
staticmediafiles.s3.amazonaws.com
3.5.25.252
35.165.73.140
44.236.1.90
0c04b857857f77414ef0dd3ec715e3292324565809722e9a68bf9efd18b50102
657348bf276aef9bf7efc01f6dcf6779395c2de5e5e582981c0b450f5a529d14
7e50e406688bd898803f653058d14ca384734cb9b39ba900bc5e2734b59c073b
8aa0dc07e67658e85b668f449655068ffeadaa406a21115acae58dc176c4487b
8e348a2876686697c17bc2784470cbebe761146f0bbfc180a67a52793117882d
988e349f2bf4e87154738c7b2c1fa86618713a8cfa0cef60a046f5add89bd9de
b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682
c066d8e9c8394184ed21efc801ffaceeb5684404ba2d48ecefc279c2671d1000
fc5c3d7d2b298a42ec44dad2d8cd227b734db966b4afa68c0254a497e805f603