nam02.safelinks.protection.outlook.com
Open in
urlscan Pro
104.47.36.28
Public Scan
Effective URL: https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.hilton.com%2Fen%2Fcorporate%2Fcoronavirus%2F&%3Bdata=02%7C01%7CBrigid....
Submission: On May 14 via api from US
Summary
TLS certificate: Issued by DigiCert Cloud Services CA-1 on January 4th 2019. Valid for: 2 years.
This is the only time nam02.safelinks.protection.outlook.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 63.148.46.72 63.148.46.72 | 53316 (ASN-CHEET...) (ASN-CHEETA-MAIL) | |
1 | 63.148.46.76 63.148.46.76 | 53316 (ASN-CHEET...) (ASN-CHEETA-MAIL) | |
2 2 | 52.87.58.91 52.87.58.91 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 1 | 54.230.183.37 54.230.183.37 | 16509 (AMAZON-02) (AMAZON-02) | |
4 | 104.47.36.28 104.47.36.28 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
6 | 3 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-52-87-58-91.compute-1.amazonaws.com
www.movable-ink-6437.com |
ASN16509 (AMAZON-02, US)
PTR: server-54-230-183-37.ham50.r.cloudfront.net
prvsz4pe.micpn.com |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
nam02.safelinks.protection.outlook.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
outlook.com
nam02.safelinks.protection.outlook.com |
28 KB |
2 |
movable-ink-6437.com
2 redirects
www.movable-ink-6437.com |
2 KB |
1 |
micpn.com
1 redirects
prvsz4pe.micpn.com |
865 B |
1 |
eccmp.com
sts.eccmp.com |
1 KB |
1 |
hilton.com
l.h1.hilton.com |
2 KB |
6 | 5 |
Domain | Requested by | |
---|---|---|
4 | nam02.safelinks.protection.outlook.com |
l.h1.hilton.com
nam02.safelinks.protection.outlook.com |
2 | www.movable-ink-6437.com | 2 redirects |
1 | prvsz4pe.micpn.com | 1 redirects |
1 | sts.eccmp.com |
l.h1.hilton.com
|
1 | l.h1.hilton.com | |
6 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
go.microsoft.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.safelinks.protection.outlook.com DigiCert Cloud Services CA-1 |
2019-01-04 - 2021-01-04 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.hilton.com%2Fen%2Fcorporate%2Fcoronavirus%2F&%3Bdata=02%7C01%7CBrigid.Koch%40hilton.com%7Cbe44cb5fb1ff4bc95bcf08d7da58ccb0%7C660292d2cfd54a3db7a7e8f7ee458a0a%7C0%7C0%7C637217947226238048&%3Bsdata=uZb6lmSuro4%2Bk%2FasSmuy1c8Cue35bPHjhy13U0wBsRw%3D&%3Breserved=0&mi_u=289439976&mi_guid=A8D723E2A57E46AD92D46B202A8962B9CA07BBB00A5A039779721A0C38C27773&mi_customer_id=289439976&commhistid=127223049289439976&customerid=289439976&hhonorsid=248743485&mi_language=EN&mi_pointsexp=10-Jan-2021&mi_send_date=2020-04-30&mi_statusexp=31-Mar-2022&mi_requalflag=MS&mi_country=US&mi_mktflag=1&om_rid=4817261442&om_mid=82559
Frame ID: E147E0230572B0DAA27A478686D185A7
Requests: 6 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://l.h1.hilton.com/rts/go2.aspx?h=1647595&tp=i-1NGB-Ak-LTb-5G0jlC-2J-utFYz-1c-5FjRU8-l4bvFfAcGY... Page URL
-
http://www.movable-ink-6437.com/p/cp/292a4a2bd974e79d/c?mi_u=289439976&mi_guid=A8D723E2A57E46AD92D46B202A896...
HTTP 302
https://prvsz4pe.micpn.com/p/cp/292a4a2bd974e79d/r?mi_u=289439976&mi_guid=A8D723E2A57E46AD92D46B202A896... HTTP 302
http://www.movable-ink-6437.com/p/rp/f82e35df9c3234ee/url?mi_u=289439976&mi_guid=A8D723E2A57E46AD92D46B202A8... HTTP 302
https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.hilton.com%2Fen%2Fcorporate%2Fcoronavirus%2F&%3Bda... Page URL
Detected technologies
Windows Server (Operating Systems) ExpandDetected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
- url /\.aspx?(?:$|\?)/i
Microsoft ASP.NET (Web Frameworks) Expand
Detected patterns
- url /\.aspx?(?:$|\?)/i
IIS (Web Servers) Expand
Detected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
- url /\.aspx?(?:$|\?)/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Office 365 Advanced Threat Protection
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://l.h1.hilton.com/rts/go2.aspx?h=1647595&tp=i-1NGB-Ak-LTb-5G0jlC-2J-utFYz-1c-5FjRU8-l4bvFfAcGY-K3OWy&x=289439976%7cA8D723E2A57E46AD92D46B202A8962B9CA07BBB00A5A039779721A0C38C27773%7c289439976%7c127223049289439976%7c289439976%7c248743485%7cEN%7c10-Jan-2021%7c2020-04-30%7c31-Mar-2022%7cMS%7cUS%7c1%7c4817261442%7c82559 Page URL
-
http://www.movable-ink-6437.com/p/cp/292a4a2bd974e79d/c?mi_u=289439976&mi_guid=A8D723E2A57E46AD92D46B202A8962B9CA07BBB00A5A039779721A0C38C27773&mi_customer_id=289439976&commhistid=127223049289439976&customerid=289439976&hhonorsid=248743485&mi_language=EN&mi_pointsexp=10-Jan-2021&mi_send_date=2020-04-30&mi_statusexp=31-Mar-2022&mi_requalflag=MS&mi_country=US&mi_mktflag=1&url=http%3A%2F%2Fwww.movable-ink-6437.com%2Fp%2Frp%2Ff82e35df9c3234ee%2Furl&om_rid=4817261442&om_mid=82559
HTTP 302
https://prvsz4pe.micpn.com/p/cp/292a4a2bd974e79d/r?mi_u=289439976&mi_guid=A8D723E2A57E46AD92D46B202A8962B9CA07BBB00A5A039779721A0C38C27773&mi_customer_id=289439976&commhistid=127223049289439976&customerid=289439976&hhonorsid=248743485&mi_language=EN&mi_pointsexp=10-Jan-2021&mi_send_date=2020-04-30&mi_statusexp=31-Mar-2022&mi_requalflag=MS&mi_country=US&mi_mktflag=1&url=http%3A%2F%2Fwww.movable-ink-6437.com%2Fp%2Frp%2Ff82e35df9c3234ee%2Furl&om_rid=4817261442&om_mid=82559 HTTP 302
http://www.movable-ink-6437.com/p/rp/f82e35df9c3234ee/url?mi_u=289439976&mi_guid=A8D723E2A57E46AD92D46B202A8962B9CA07BBB00A5A039779721A0C38C27773&mi_customer_id=289439976&commhistid=127223049289439976&customerid=289439976&hhonorsid=248743485&mi_language=EN&mi_pointsexp=10-Jan-2021&mi_send_date=2020-04-30&mi_statusexp=31-Mar-2022&mi_requalflag=MS&mi_country=US&mi_mktflag=1&om_rid=4817261442&om_mid=82559 HTTP 302
https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.hilton.com%2Fen%2Fcorporate%2Fcoronavirus%2F&%3Bdata=02%7C01%7CBrigid.Koch%40hilton.com%7Cbe44cb5fb1ff4bc95bcf08d7da58ccb0%7C660292d2cfd54a3db7a7e8f7ee458a0a%7C0%7C0%7C637217947226238048&%3Bsdata=uZb6lmSuro4%2Bk%2FasSmuy1c8Cue35bPHjhy13U0wBsRw%3D&%3Breserved=0&mi_u=289439976&mi_guid=A8D723E2A57E46AD92D46B202A8962B9CA07BBB00A5A039779721A0C38C27773&mi_customer_id=289439976&commhistid=127223049289439976&customerid=289439976&hhonorsid=248743485&mi_language=EN&mi_pointsexp=10-Jan-2021&mi_send_date=2020-04-30&mi_statusexp=31-Mar-2022&mi_requalflag=MS&mi_country=US&mi_mktflag=1&om_rid=4817261442&om_mid=82559 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Cookie set
go2.aspx
l.h1.hilton.com/rts/ |
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
SetCookie.gif
sts.eccmp.com/wts/WebEvent/ |
807 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
nam02.safelinks.protection.outlook.com/ Redirect Chain
|
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
safelinksv2.css
nam02.safelinks.protection.outlook.com/Content/Scripts/ |
4 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
site.js
nam02.safelinks.protection.outlook.com/Content/Scripts/ |
398 B 785 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
scanned.png
nam02.safelinks.protection.outlook.com/Content/images/ |
24 KB 24 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| CloseHover function| GoBack0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
l.h1.hilton.com
nam02.safelinks.protection.outlook.com
prvsz4pe.micpn.com
sts.eccmp.com
www.movable-ink-6437.com
104.47.36.28
52.87.58.91
54.230.183.37
63.148.46.72
63.148.46.76
23861370472248e068061677b30a993c0da84ba011d585c7f8d9b00077a90ee6
86a39d53df9856a1589f5b42878463eef48395dc2064b3e1a8a3c44094d746b6
9c6d485ae01a594ef22b3c44e1eca5314259061faacdcdfc51569aba58a4fc2b
b09bbea46c4515e48f673a2ed86709c4329e5debca2572758af32bd5e9e401db
bf5bd5c4216a18e5cea417d8ef471796eca754cff391d087409a940008d71a25
f189494a5e558c2d4f52b32a77e52418e048f9976f5f1fb31d090672acbbfe03