![](/screenshots/724b3617-b133-4e44-9ea2-c1e8a4939d81.png)
ows-spring-tooth-abc0.cigahumble.workers.dev
Open in
urlscan Pro
104.21.73.8
Malicious Activity!
Public Scan
Effective URL: https://ows-spring-tooth-abc0.cigahumble.workers.dev/
Submission: On January 28 via manual from AU — Scanned from AU
Summary
TLS certificate: Issued by GTS CA 1P5 on January 25th 2024. Valid for: 3 months.
This is the only time ows-spring-tooth-abc0.cigahumble.workers.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Outlook Web Access (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 104.21.73.8 104.21.73.8 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
9 | 185.76.64.223 185.76.64.223 | 200719 (MISSDOMAIN) (MISSDOMAIN) | |
1 | 152.199.39.108 152.199.39.108 | 15133 (EDGECAST) (EDGECAST) | |
1 | 142.250.71.74 142.250.71.74 | 15169 (GOOGLE) (GOOGLE) | |
1 | 142.250.71.67 142.250.71.67 | 15169 (GOOGLE) (GOOGLE) | |
13 | 6 |
ASN200719 (MISSDOMAIN, SE)
files.builder.misssite.com | |
55b558c7-resources.builder.misssite.com |
ASN15169 (GOOGLE, US)
PTR: syd15s17-in-f10.1e100.net
fonts.googleapis.com |
ASN15169 (GOOGLE, US)
PTR: syd15s17-in-f3.1e100.net
fonts.gstatic.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
misssite.com
files.builder.misssite.com 55b558c7-resources.builder.misssite.com |
1 MB |
1 |
gstatic.com
fonts.gstatic.com |
16 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 28 |
1 KB |
1 |
msauthimages.net
aadcdn.msauthimages.net — Cisco Umbrella Rank: 3661 |
7 KB |
1 |
workers.dev
ows-spring-tooth-abc0.cigahumble.workers.dev |
38 KB |
13 | 5 |
Domain | Requested by | |
---|---|---|
8 | 55b558c7-resources.builder.misssite.com |
ows-spring-tooth-abc0.cigahumble.workers.dev
|
1 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | fonts.googleapis.com |
files.builder.misssite.com
|
1 | aadcdn.msauthimages.net |
ows-spring-tooth-abc0.cigahumble.workers.dev
|
1 | files.builder.misssite.com |
ows-spring-tooth-abc0.cigahumble.workers.dev
|
1 | ows-spring-tooth-abc0.cigahumble.workers.dev | |
13 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
cigahumble.workers.dev GTS CA 1P5 |
2024-01-25 - 2024-04-24 |
3 months | crt.sh |
files.builder.misssite.com Sectigo RSA Domain Validation Secure Server CA |
2024-01-09 - 2024-04-08 |
3 months | crt.sh |
55b558c7-resources.builder.misssite.com Sectigo RSA Domain Validation Secure Server CA |
2024-01-10 - 2024-04-09 |
3 months | crt.sh |
aadcdn.msauthimages.net Microsoft Azure RSA TLS Issuing CA 08 |
2024-01-11 - 2025-01-05 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2024-01-02 - 2024-03-26 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2024-01-02 - 2024-03-26 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://ows-spring-tooth-abc0.cigahumble.workers.dev/
Frame ID: B26A33E30566A81B08D8951AAA164F1E
Requests: 16 HTTP requests in this frame
Screenshot
![](/screenshots/724b3617-b133-4e44-9ea2-c1e8a4939d81.png)
Page Title
OutlookOutlook Web AppPage URL History Show full URLs
-
http://ows-spring-tooth-abc0.cigahumble.workers.dev/
HTTP 307
https://ows-spring-tooth-abc0.cigahumble.workers.dev/ Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://ows-spring-tooth-abc0.cigahumble.workers.dev/
HTTP 307
https://ows-spring-tooth-abc0.cigahumble.workers.dev/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
ows-spring-tooth-abc0.cigahumble.workers.dev/ Redirect Chain
|
259 KB 38 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dfb4e990-5db9-4012-8be5-45118aa33f2b.css
files.builder.misssite.com/df/b4/ |
678 KB 81 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
photo-swipe.css
55b558c7-resources.builder.misssite.com/0d25aff271/compiled/ |
14 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
translations.js
55b558c7-resources.builder.misssite.com/80b3bd6/sv/ |
144 KB 41 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
published-v10-site-libs.js
55b558c7-resources.builder.misssite.com/0d25aff271/compiled/ |
547 KB 184 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
published-v8-site.js
55b558c7-resources.builder.misssite.com/0d25aff271/compiled/ |
1 MB 352 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
twig-widget-views-v2.js
55b558c7-resources.builder.misssite.com/0d25aff271/compiled/ |
148 KB 25 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
scroll-out.js
55b558c7-resources.builder.misssite.com/0d25aff271/compiled/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bannerlogo
aadcdn.msauthimages.net/81d6b03a-daqmsln7jobtrobqralhbqi4ggfg1buznevrehfjr2i/logintenantbranding/0/ |
7 KB 7 KB |
Image
image/* |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ |
15 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rubik.woff.json
55b558c7-resources.builder.misssite.com/0d25aff271/seven/fonts/ |
327 KB 252 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
playfair_display.woff.json
55b558c7-resources.builder.misssite.com/0d25aff271/seven/fonts/ |
111 KB 83 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Outlook Web Access (Online)34 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| Brand object| App function| $ function| jQuery function| bk$ object| BaseKit object| Twig object| goog object| twig object| __document_write_ajax_callbacks__ undefined| writeCapture function| _ object| Backbone object| Mn object| Marionette object| Cocktail function| PhotoSwipe function| PhotoSwipeUI_Default object| regeneratorRuntime function| flatpickr object| __core-js_shared__ object| core function| setImmediate function| clearImmediate boolean| _babelPolyfill function| Bottle object| Eight object| Editor object| Site number| fallback function| ScrollOut object| navigationToggle string| key object| fontCollection0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
55b558c7-resources.builder.misssite.com
aadcdn.msauthimages.net
files.builder.misssite.com
fonts.googleapis.com
fonts.gstatic.com
ows-spring-tooth-abc0.cigahumble.workers.dev
104.21.73.8
142.250.71.67
142.250.71.74
152.199.39.108
185.76.64.223
07f38b8b8c1f96ed85ecd96988f0454a95d1f665427086a507c72e55ff3ce0e7
0f99afca623dcb8b1d842752cc0d351a56ed3cd2c1445830d9e1b4c6844d00d7
1b0b718dbc324f09a92f621558970828fa83ffebe09aa3cc67f7d9ee0ab6033a
3d2b34675fd418a1b23c652fa791f4875ccc12860d9b4b6ec8ae4aa09d51ec1e
4de8fc175826d9f78fce9f9f2b71a63fe832fc7507e0394125c823b0909fa54a
56e42f5ca23932be84439b6b1eb4c11c3b6ddbac4e1782ede6a79bca143001c5
74d2a9232e18073496f8403efc45995aee54ac90eaeb9cefde7143bc7f6597ca
94737accc3751bceee403deb144f3e6528acd9411efdb7def8305706e507e9a6
950ff13e004d1b9994f1d222ea3102e176af64fb80c7759610e580e77023f3d5
b4468259ec845ca73ed869ce87ebdba7314b24df63f7d1eeee94fbc447a470a7
c02d1a9cf0713b755e9a917a830d595dfd485d7973b52303f37e05af045b0c37
c695cdc11196deeec8ded9e5ff011de023ce43fdd63eec5eb4d8ecd91945c588
d9ed6586942003696afe4e52b09f343f8342244b51a9e175b75162d7e615207b
df5df846af8a0b33623914913da58f61b45b0d69c4c1827c8b81f029f7ad79e4
e22e7416b90f6e9a163a327bfd450d40451ab6a4bfafd00fb3fbbf22ddbaa044
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615