us-login-officelive.pages.dev
Open in
urlscan Pro
172.66.47.36
Malicious Activity!
Public Scan
Effective URL: https://us-login-officelive.pages.dev/0.9308724259076795
Submission: On April 04 via api from US — Scanned from US
Summary
TLS certificate: Issued by E1 on February 15th 2024. Valid for: 3 months.
This is the only time us-login-officelive.pages.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
19 | 172.66.47.36 172.66.47.36 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2607:f8b0:400... 2607:f8b0:4006:80d::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 151.101.65.195 151.101.65.195 | 54113 (FASTLY) (FASTLY) | |
1 | 104.26.13.205 104.26.13.205 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
22 | 4 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
19 |
pages.dev
us-login-officelive.pages.dev |
20 KB |
1 |
ipify.org
api.ipify.org — Cisco Umbrella Rank: 2891 |
153 B |
1 |
emailjs.com
cdn.emailjs.com — Cisco Umbrella Rank: 580854 |
3 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 372 |
31 KB |
22 | 4 |
Domain | Requested by | |
---|---|---|
19 | us-login-officelive.pages.dev |
us-login-officelive.pages.dev
|
1 | api.ipify.org |
us-login-officelive.pages.dev
|
1 | cdn.emailjs.com |
us-login-officelive.pages.dev
|
1 | ajax.googleapis.com |
us-login-officelive.pages.dev
|
22 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
us-login-officelive.pages.dev E1 |
2024-02-15 - 2024-05-15 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2024-03-04 - 2024-05-27 |
3 months | crt.sh |
cdn.emailjs.com GTS CA 1D4 |
2024-03-27 - 2024-06-25 |
3 months | crt.sh |
ipify.org GTS CA 1P5 |
2024-03-21 - 2024-06-19 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://us-login-officelive.pages.dev/0.9308724259076795
Frame ID: 32033B9B3A33F8C7853FAF3DD221D040
Requests: 22 HTTP requests in this frame
Screenshot
Page Title
Sign in to your accountPage URL History Show full URLs
-
http://us-login-officelive.pages.dev/0.9308724259076795
HTTP 307
https://us-login-officelive.pages.dev/0.9308724259076795 Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://us-login-officelive.pages.dev/0.9308724259076795
HTTP 307
https://us-login-officelive.pages.dev/0.9308724259076795 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
22 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
Primary Request
0.9308724259076795
us-login-officelive.pages.dev/ Redirect Chain
|
8 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
app.css
us-login-officelive.pages.dev/assets/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
addLogDetails.js
us-login-officelive.pages.dev/ |
169 B 677 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ |
87 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
email.min.js
cdn.emailjs.com/dist/ |
10 KB 3 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
pageBossSender.js
us-login-officelive.pages.dev/assets/ |
12 KB 3 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo.svg
us-login-officelive.pages.dev/assets/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
key.png
us-login-officelive.pages.dev/assets/ |
727 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
back.png
us-login-officelive.pages.dev/assets/ |
231 B 725 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
amazonBotIPs.json
us-login-officelive.pages.dev/antibot/ips/ |
240 B 623 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
appleBotIPs.json
us-login-officelive.pages.dev/antibot/ips/ |
224 B 611 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bingBotIPs.json
us-login-officelive.pages.dev/antibot/ips/ |
693 B 743 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
cloudFlareBotIPs.json
us-login-officelive.pages.dev/antibot/ips/ |
384 B 671 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
cookieBotIPs.json
us-login-officelive.pages.dev/antibot/ips/ |
204 B 617 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
googleBotIPs.json
us-login-officelive.pages.dev/antibot/ips/ |
652 B 707 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
namecheapBotIPs.json
us-login-officelive.pages.dev/antibot/ips/ |
684 B 720 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
qualysBotIPs.json
us-login-officelive.pages.dev/antibot/ips/ |
47 B 534 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
syntheticBotIPs.json
us-login-officelive.pages.dev/antibot/ips/ |
52 B 552 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
yandexBotIPs.json
us-login-officelive.pages.dev/antibot/ips/ |
205 B 597 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
generalBotIPs.json
us-login-officelive.pages.dev/antibot/ips/ |
2 KB 962 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
us-login-officelive.pages.dev/assets/ |
17 KB 983 B |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
api.ipify.org/ |
20 B 153 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
string| telegramBotId number| chatId function| $ function| jQuery object| emailjs function| fetchTargetIPAddresses function| isTargetIPAddress function| isIPInRange function| redirectToBlockedPage boolean| confirmVal boolean| pwdVal0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
api.ipify.org
cdn.emailjs.com
us-login-officelive.pages.dev
104.26.13.205
151.101.65.195
172.66.47.36
2607:f8b0:4006:80d::200a
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
15ca57b6eed6f0072717f2137c99f6aff32eb9c954873f9b5e1a1f16b6e7d6a6
1d7d73a165aa20f50ef0dc5f041e96495539b7d581826960811a05b8a0765255
2b1e6f26016b44a3e46485295fa82564d1e26e219062671f5fa5fb9a5e5ed943
333957d55b9db9f7b0bc21ab8b4c3b952cffe2e59aa55d1725775ce14d2c484a
3bc5f4de65856d1edac7dd480cec83980cc46a4b3dd62e53f4c84485e1b742e2
3ca0b548ae6810e936e345bd49af8748405d29c7d1c9852212ec545f6ca387f9
40ecb8832f6a9a8aaa0cc6e1287e867a4fca38433d091d86c6cab1f28fbab652
55c49de878149a3ccc645e08fb405c17114189eebf5c316ffb855aa0fb2f35cd
694ab0020370540c58bf79da7afdcd47fcf1d6a1adbdbf870adf9b03f07105fb
6f596a40b1e6db91545cbfe65282aea349eb2b462ce1c35c9436f567c60087b3
70e32b2db3f079bb0295a85a0db15ed9e5926294dd947938d6cfa595f5ab18b4
7186867cc79a5cab55079260efb7a46d9489d8131dc880d201529c326232110f
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
9e184ecaede7cbd5aeef13c00e632dd904e6e66863076cfc621078006b28494b
a227440b25ab6ee13c892a8ca61863b06eeae2b8a85bd3a3d31e155b9560107c
b0ff3722250561b3a9efc873ecfc92008b72eaff948e292f8f9d67b8def4b7b5
d01e9c45465857851fb2dedf57bdae350ac7b31d7aaea611831934366a689aea
d98385d92ef54d5450801f04d9e4d213f5a429bfdd436c1fb9c60c4e5c2d40ca
ddc7cc29c5f09f59672497ad23a92a9a305e436a67c14dbc41c03dee2bd45037
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f89a45327735f2607d23e29d8fc299ece3f69e07701ccf757015eb973ca47bd8