ows-spring-tooth-abc0.cigahumble.workers.dev Open in urlscan Pro
104.21.73.8 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://ows-spring-tooth-abc0.cigahumble.workers.dev/
Effective URL:
https://ows-spring-tooth-abc0.cigahumble.workers.dev/
Submission: On January 28 via manual (January 28th 2024, 11:27:35 pm UTC) from AU — Scanned from AU

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 3 countries across 5 domains to perform 13 HTTP transactions. The main IP is 104.21.73.8, located in and belongs to CLOUDFLARENET, US. The main domain is ows-spring-tooth-abc0.cigahumble.workers.dev.
TLS certificate: Issued by GTS CA 1P5 on January 25th 2024. Valid for: 3 months.

This is the only time ows-spring-tooth-abc0.cigahumble.workers.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Outlook Web Access (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	104.21.73.8 104.21.73.8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	185.76.64.223 185.76.64.223	200719 (MISSDOMAIN) (MISSDOMAIN)
1	152.199.39.108 152.199.39.108	15133 (EDGECAST) (EDGECAST)
1	142.250.71.74 142.250.71.74	15169 (GOOGLE) (GOOGLE)
1	142.250.71.67 142.250.71.67	15169 (GOOGLE) (GOOGLE)
13	6

1 104.21.73.8 (None, )

ASN13335 (CLOUDFLARENET, US)

ows-spring-tooth-abc0.cigahumble.workers.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 185.76.64.223 (Sweden)

ASN200719 (MISSDOMAIN, SE)

files.builder.misssite.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
55b558c7-resources.builder.misssite.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 152.199.39.108 (United States)

ASN15133 (EDGECAST, US)

aadcdn.msauthimages.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.71.74 (United States)

ASN15169 (GOOGLE, US)
PTR: syd15s17-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.71.67 (United States)

ASN15169 (GOOGLE, US)
PTR: syd15s17-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	misssite.com files.builder.misssite.com 55b558c7-resources.builder.misssite.com	1 MB
1	gstatic.com fonts.gstatic.com	16 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 28	1 KB
1	msauthimages.net aadcdn.msauthimages.net — Cisco Umbrella Rank: 3661	7 KB
1	workers.dev ows-spring-tooth-abc0.cigahumble.workers.dev	38 KB
13	5

	Domain	Requested by
8	55b558c7-resources.builder.misssite.com	ows-spring-tooth-abc0.cigahumble.workers.dev
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	files.builder.misssite.com
1	aadcdn.msauthimages.net	ows-spring-tooth-abc0.cigahumble.workers.dev
1	files.builder.misssite.com	ows-spring-tooth-abc0.cigahumble.workers.dev
1	ows-spring-tooth-abc0.cigahumble.workers.dev
13	6

This site contains no links.

Subject Issuer	Validity	Valid
cigahumble.workers.dev GTS CA 1P5	`2024-01-25` - `2024-04-24`	3 months	crt.sh
files.builder.misssite.com Sectigo RSA Domain Validation Secure Server CA	`2024-01-09` - `2024-04-08`	3 months	crt.sh
55b558c7-resources.builder.misssite.com Sectigo RSA Domain Validation Secure Server CA	`2024-01-10` - `2024-04-09`	3 months	crt.sh
aadcdn.msauthimages.net Microsoft Azure RSA TLS Issuing CA 08	`2024-01-11` - `2025-01-05`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://ows-spring-tooth-abc0.cigahumble.workers.dev/
Frame ID: B26A33E30566A81B08D8951AAA164F1E
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

OutlookOutlook Web App

Page URL History Show full URLs

http://ows-spring-tooth-abc0.cigahumble.workers.dev/ HTTP 307
https://ows-spring-tooth-abc0.cigahumble.workers.dev/ Page URL

Page Statistics

13
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

6
Subdomains

6
IPs

3
Countries

1087 kB
Transfer

3547 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://ows-spring-tooth-abc0.cigahumble.workers.dev/ HTTP 307
https://ows-spring-tooth-abc0.cigahumble.workers.dev/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
ows-spring-tooth-abc0.cigahumble.workers.dev/
Redirect Chain

http://ows-spring-tooth-abc0.cigahumble.workers.dev/
https://ows-spring-tooth-abc0.cigahumble.workers.dev/

259 KB
38 KB

443ms
22ms

Document
text/html

104.21.73.8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ows-spring-tooth-abc0.cigahumble.workers.dev/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.73.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b4468259ec845ca73ed869ce87ebdba7314b24df63f7d1eeee94fbc447a470a7

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-ray: 84cd01936843556f-SYD
content-encoding: br
content-type: text/html
date: Sun, 28 Jan 2024 23:27:27 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=66XWO4wN51MQ8eLiB10wAi24w70yzBQZKmivNlYIJcQzSjFq8UWkK9EUtYDq7GpIpy3LTsH1Kua7f1PRNZ3hhgt%2Bzg3%2BwGklBZB6%2BpcxYXFdOPwdFFKpQ5aRCr8lSJsJ27Sz4MTU0QtuO7pvBOWl6vmwCpJ5h09ARXCNorocoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

Cross-Origin-Resource-Policy: Cross-Origin
Location: https://ows-spring-tooth-abc0.cigahumble.workers.dev/
Non-Authoritative-Reason: HSTS

GET
H2 200 dfb4e990-5db9-4012-8be5-45118aa33f2b.css
files.builder.misssite.com/df/b4/ 678 KB
81 KB 836ms
281ms Stylesheet
text/css 185.76.64.223
MISSDOMAIN

General

Check archive.org

Show headers Download Go to

Full URL: https://files.builder.misssite.com/df/b4/dfb4e990-5db9-4012-8be5-45118aa33f2b.css
Requested by: Host: ows-spring-tooth-abc0.cigahumble.workers.dev
URL: https://ows-spring-tooth-abc0.cigahumble.workers.dev/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.76.64.223 , Sweden, ASN200719 (MISSDOMAIN, SE),
Reverse DNS
Software: openresty /
Resource Hash: e22e7416b90f6e9a163a327bfd450d40451ab6a4bfafd00fb3fbbf22ddbaa044

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ows-spring-tooth-abc0.cigahumble.workers.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 23:27:27 GMT
x-bksrc: 0.2
content-encoding: gzip
last-modified: Thu, 14 Dec 2023 10:44:16 GMT
server: openresty
age: 4419
etag: W/"657adc80-a9784"
x-cache: HIT
content-type: text/css
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: max-age=31536000
expires: Mon, 27 Jan 2025 22:13:48 GMT

GET
H2 200 photo-swipe.css
55b558c7-resources.builder.misssite.com/0d25aff271/compiled/ 14 KB
4 KB 831ms
276ms Stylesheet
text/css 185.76.64.223
MISSDOMAIN

General

Check archive.org

Show headers Download Go to

Full URL: https://55b558c7-resources.builder.misssite.com/0d25aff271/compiled/photo-swipe.css
Requested by: Host: ows-spring-tooth-abc0.cigahumble.workers.dev
URL: https://ows-spring-tooth-abc0.cigahumble.workers.dev/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.76.64.223 , Sweden, ASN200719 (MISSDOMAIN, SE),
Reverse DNS
Software: openresty /
Resource Hash: 0f99afca623dcb8b1d842752cc0d351a56ed3cd2c1445830d9e1b4c6844d00d7

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ows-spring-tooth-abc0.cigahumble.workers.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 23:27:27 GMT
x-bksrc: 0.2
content-encoding: gzip
last-modified: Mon, 15 Jan 2024 13:37:50 GMT
server: openresty
age: 0
x-cache: MISS
content-type: text/css
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: max-age=31536000
expires: Mon, 27 Jan 2025 23:27:27 GMT

GET
H2 200 translations.js Show response
55b558c7-resources.builder.misssite.com/80b3bd6/sv/ 144 KB
41 KB 1102ms
547ms Script
application/javascript 185.76.64.223
MISSDOMAIN

General

Check archive.org

Show headers Download Go to

Full URL: https://55b558c7-resources.builder.misssite.com/80b3bd6/sv/translations.js?sections=widgets,mobile,shared_views,shared_components
Requested by: Host: ows-spring-tooth-abc0.cigahumble.workers.dev
URL: https://ows-spring-tooth-abc0.cigahumble.workers.dev/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.76.64.223 , Sweden, ASN200719 (MISSDOMAIN, SE),
Reverse DNS
Software: openresty /
Resource Hash: 1b0b718dbc324f09a92f621558970828fa83ffebe09aa3cc67f7d9ee0ab6033a

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ows-spring-tooth-abc0.cigahumble.workers.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: public
date: Sun, 28 Jan 2024 23:27:27 GMT
x-bksrc: 0.2
content-encoding: gzip
server: openresty
age: 906
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: max-age=31536000, public
expires: Mon, 27 Jan 2025 23:12:21 GMT

GET
H2 200 published-v10-site-libs.js Show response
55b558c7-resources.builder.misssite.com/0d25aff271/compiled/ 547 KB
184 KB 1101ms
546ms Script
application/javascript 185.76.64.223
MISSDOMAIN

General

Check archive.org

Show headers Download Go to

Full URL: https://55b558c7-resources.builder.misssite.com/0d25aff271/compiled/published-v10-site-libs.js
Requested by: Host: ows-spring-tooth-abc0.cigahumble.workers.dev
URL: https://ows-spring-tooth-abc0.cigahumble.workers.dev/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.76.64.223 , Sweden, ASN200719 (MISSDOMAIN, SE),
Reverse DNS
Software: openresty /
Resource Hash: 950ff13e004d1b9994f1d222ea3102e176af64fb80c7759610e580e77023f3d5

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ows-spring-tooth-abc0.cigahumble.workers.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 23:27:27 GMT
x-bksrc: 0.2
content-encoding: gzip
last-modified: Mon, 15 Jan 2024 13:39:53 GMT
server: openresty
age: 906
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: max-age=31536000
expires: Mon, 27 Jan 2025 23:12:21 GMT

GET
H2 200 published-v8-site.js Show response
55b558c7-resources.builder.misssite.com/0d25aff271/compiled/ 1 MB
352 KB 1102ms
547ms Script
application/javascript 185.76.64.223
MISSDOMAIN

General

Check archive.org

Show headers Download Go to

Full URL: https://55b558c7-resources.builder.misssite.com/0d25aff271/compiled/published-v8-site.js
Requested by: Host: ows-spring-tooth-abc0.cigahumble.workers.dev
URL: https://ows-spring-tooth-abc0.cigahumble.workers.dev/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.76.64.223 , Sweden, ASN200719 (MISSDOMAIN, SE),
Reverse DNS
Software: openresty /
Resource Hash: 56e42f5ca23932be84439b6b1eb4c11c3b6ddbac4e1782ede6a79bca143001c5

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ows-spring-tooth-abc0.cigahumble.workers.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 23:27:27 GMT
x-bksrc: 0.2
content-encoding: gzip
last-modified: Mon, 15 Jan 2024 13:40:26 GMT
server: openresty
age: 906
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: max-age=31536000
expires: Mon, 27 Jan 2025 23:12:21 GMT

GET
H2 200 twig-widget-views-v2.js Show response
55b558c7-resources.builder.misssite.com/0d25aff271/compiled/ 148 KB
25 KB 1101ms
547ms Script
application/javascript 185.76.64.223
MISSDOMAIN

General

Check archive.org

Show headers Download Go to

Full URL: https://55b558c7-resources.builder.misssite.com/0d25aff271/compiled/twig-widget-views-v2.js
Requested by: Host: ows-spring-tooth-abc0.cigahumble.workers.dev
URL: https://ows-spring-tooth-abc0.cigahumble.workers.dev/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.76.64.223 , Sweden, ASN200719 (MISSDOMAIN, SE),
Reverse DNS
Software: openresty /
Resource Hash: c02d1a9cf0713b755e9a917a830d595dfd485d7973b52303f37e05af045b0c37

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ows-spring-tooth-abc0.cigahumble.workers.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 23:27:27 GMT
x-bksrc: 0.2
content-encoding: gzip
last-modified: Mon, 15 Jan 2024 13:38:11 GMT
server: openresty
age: 906
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: max-age=31536000
expires: Mon, 27 Jan 2025 23:12:21 GMT

GET
H2 200 scroll-out.js Show response
55b558c7-resources.builder.misssite.com/0d25aff271/compiled/ 4 KB
2 KB 829ms
275ms Script
application/javascript 185.76.64.223
MISSDOMAIN

General

Check archive.org

Show headers Download Go to

Full URL: https://55b558c7-resources.builder.misssite.com/0d25aff271/compiled/scroll-out.js
Requested by: Host: ows-spring-tooth-abc0.cigahumble.workers.dev
URL: https://ows-spring-tooth-abc0.cigahumble.workers.dev/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.76.64.223 , Sweden, ASN200719 (MISSDOMAIN, SE),
Reverse DNS
Software: openresty /
Resource Hash: 94737accc3751bceee403deb144f3e6528acd9411efdb7def8305706e507e9a6

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ows-spring-tooth-abc0.cigahumble.workers.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 23:27:27 GMT
x-bksrc: 0.2
content-encoding: gzip
last-modified: Mon, 15 Jan 2024 13:40:31 GMT
server: openresty
age: 906
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: max-age=31536000
expires: Mon, 27 Jan 2025 23:12:21 GMT

GET
H2 200 bannerlogo
aadcdn.msauthimages.net/81d6b03a-daqmsln7jobtrobqralhbqi4ggfg1buznevrehfjr2i/logintenantbranding/0/ 7 KB
7 KB 521ms
3ms Image
image/* 152.199.39.108
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aadcdn.msauthimages.net/81d6b03a-daqmsln7jobtrobqralhbqi4ggfg1buznevrehfjr2i/logintenantbranding/0/bannerlogo?ts=637486919814320943
Requested by: Host: ows-spring-tooth-abc0.cigahumble.workers.dev
URL: https://ows-spring-tooth-abc0.cigahumble.workers.dev/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.39.108 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (nwa/E797) /
Resource Hash: df5df846af8a0b33623914913da58f61b45b0d69c4c1827c8b81f029f7ad79e4

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ows-spring-tooth-abc0.cigahumble.workers.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Sun, 28 Jan 2024 23:27:27 GMT
content-md5: o9G+7B3nxsoS9orND2aCtQ==
age: 47735
x-cache: HIT
content-length: 7004
x-ms-lease-status: unlocked
last-modified: Fri, 12 Feb 2021 01:59:41 GMT
server: ECAcc (nwa/E797)
etag: 0x8D8CEF9DC82BD4C
content-type: image/*
access-control-allow-origin: *
x-ms-request-id: cbdec7ea-b01e-006e-2ed2-51bf0b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes

GET
H2 200 css
fonts.googleapis.com/ 4 KB
1 KB 199ms
99ms Stylesheet
text/css 142.250.71.74
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,700

Requested by

Host: files.builder.misssite.com
URL: https://files.builder.misssite.com/df/b4/dfb4e990-5db9-4012-8be5-45118aa33f2b.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.71.74 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s17-in-f10.1e100.net

Software

ESF /

Resource Hash

3d2b34675fd418a1b23c652fa791f4875ccc12860d9b4b6ec8ae4aa09d51ec1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://files.builder.misssite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 28 Jan 2024 23:27:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 28 Jan 2024 21:42:34 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 28 Jan 2024 23:27:28 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 354ms
3ms Font
font/woff2 142.250.71.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.71.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s17-in-f3.1e100.net

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ows-spring-tooth-abc0.cigahumble.workers.dev
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 24 Jan 2024 21:47:50 GMT
x-content-type-options: nosniff
age: 351579
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jan 2025 21:47:50 GMT

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d9ed6586942003696afe4e52b09f343f8342244b51a9e175b75162d7e615207b

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4de8fc175826d9f78fce9f9f2b71a63fe832fc7507e0394125c823b0909fa54a

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 07f38b8b8c1f96ed85ecd96988f0454a95d1f665427086a507c72e55ff3ce0e7

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 rubik.woff.json Show response
55b558c7-resources.builder.misssite.com/0d25aff271/seven/fonts/ 327 KB
252 KB 827ms
280ms XHR
application/json 185.76.64.223
MISSDOMAIN

General

Check archive.org

Show headers Download Go to

Full URL: https://55b558c7-resources.builder.misssite.com/0d25aff271/seven/fonts/rubik.woff.json
Requested by: Host: ows-spring-tooth-abc0.cigahumble.workers.dev
URL: https://ows-spring-tooth-abc0.cigahumble.workers.dev/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.76.64.223 , Sweden, ASN200719 (MISSDOMAIN, SE),
Reverse DNS
Software: openresty /
Resource Hash: c695cdc11196deeec8ded9e5ff011de023ce43fdd63eec5eb4d8ecd91945c588

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ows-spring-tooth-abc0.cigahumble.workers.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 23:27:30 GMT
x-bksrc: 0.2
content-encoding: gzip
last-modified: Mon, 15 Jan 2024 13:37:08 GMT
server: openresty
age: 906
x-cache: HIT
content-type: application/json
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: max-age=31536000
expires: Mon, 27 Jan 2025 23:12:23 GMT

GET
H2 200 playfair_display.woff.json Show response
55b558c7-resources.builder.misssite.com/0d25aff271/seven/fonts/ 111 KB
83 KB 827ms
281ms XHR
application/json 185.76.64.223
MISSDOMAIN

General

Check archive.org

Show headers Download Go to

Full URL: https://55b558c7-resources.builder.misssite.com/0d25aff271/seven/fonts/playfair_display.woff.json
Requested by: Host: ows-spring-tooth-abc0.cigahumble.workers.dev
URL: https://ows-spring-tooth-abc0.cigahumble.workers.dev/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.76.64.223 , Sweden, ASN200719 (MISSDOMAIN, SE),
Reverse DNS
Software: openresty /
Resource Hash: 74d2a9232e18073496f8403efc45995aee54ac90eaeb9cefde7143bc7f6597ca

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ows-spring-tooth-abc0.cigahumble.workers.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 23:27:30 GMT
x-bksrc: 0.2
content-encoding: gzip
last-modified: Mon, 15 Jan 2024 13:37:08 GMT
server: openresty
age: 906
x-cache: HIT
content-type: application/json
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: max-age=31536000
expires: Mon, 27 Jan 2025 23:12:23 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Outlook Web Access (Online)

34 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

55b558c7-resources.builder.misssite.com
aadcdn.msauthimages.net
files.builder.misssite.com
fonts.googleapis.com
fonts.gstatic.com
ows-spring-tooth-abc0.cigahumble.workers.dev
104.21.73.8
142.250.71.67
142.250.71.74
152.199.39.108
185.76.64.223
07f38b8b8c1f96ed85ecd96988f0454a95d1f665427086a507c72e55ff3ce0e7
0f99afca623dcb8b1d842752cc0d351a56ed3cd2c1445830d9e1b4c6844d00d7
1b0b718dbc324f09a92f621558970828fa83ffebe09aa3cc67f7d9ee0ab6033a
3d2b34675fd418a1b23c652fa791f4875ccc12860d9b4b6ec8ae4aa09d51ec1e
4de8fc175826d9f78fce9f9f2b71a63fe832fc7507e0394125c823b0909fa54a
56e42f5ca23932be84439b6b1eb4c11c3b6ddbac4e1782ede6a79bca143001c5
74d2a9232e18073496f8403efc45995aee54ac90eaeb9cefde7143bc7f6597ca
94737accc3751bceee403deb144f3e6528acd9411efdb7def8305706e507e9a6
950ff13e004d1b9994f1d222ea3102e176af64fb80c7759610e580e77023f3d5
b4468259ec845ca73ed869ce87ebdba7314b24df63f7d1eeee94fbc447a470a7
c02d1a9cf0713b755e9a917a830d595dfd485d7973b52303f37e05af045b0c37
c695cdc11196deeec8ded9e5ff011de023ce43fdd63eec5eb4d8ecd91945c588
d9ed6586942003696afe4e52b09f343f8342244b51a9e175b75162d7e615207b
df5df846af8a0b33623914913da58f61b45b0d69c4c1827c8b81f029f7ad79e4
e22e7416b90f6e9a163a327bfd450d40451ab6a4bfafd00fb3fbbf22ddbaa044
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

ows-spring-tooth-abc0.cigahumble.workers.dev Open in urlscan Pro 104.21.73.8 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

13 Requests

100 %HTTPS

0 %IPv6

5 Domains

6 Subdomains

6 IPs

3 Countries

1087 kBTransfer

3547 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

34 JavaScript Global Variables

0 Cookies

Indicators

ows-spring-tooth-abc0.cigahumble.workers.dev Open in urlscan Pro
104.21.73.8 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

6
Subdomains

6
IPs

3
Countries

1087 kB
Transfer

3547 kB
Size

0
Cookies

13 HTTP transactions
3 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!