urlscan.io logo urlscan.io
SecurityTrails logo

34567870896988675667-secondary.z1.web.core.windows.net Open in urlscan Pro
52.239.232.176  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://u10073981.ct.sendgrid.net/ls/click?upn=vzcuZh9Ec2vBJxkjvShz2kt9bgXuol3TxKj-2FE9C0p68OHCSnIOooMeSNR34rgFfj3NQgiE6gTOiSBiVev...
Effective URL: https://34567870896988675667-secondary.z1.web.core.windows.net/87673262787632682788238723787236732/
Submission: On October 25 via api from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 6 domains to perform 8 HTTP transactions. The main IP is 52.239.232.176, located in Cape Town, South Africa and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is 34567870896988675667-secondary.z1.web.core.windows.net.
TLS certificate: Issued by Microsoft IT TLS CA 5 on August 6th 2020. Valid for: 2 years.
This is the only time 34567870896988675667-secondary.z1.web.core.windows.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Outlook Web Access (Online)

Domain & IP information

IP Address AS Autonomous System
1 1 167.89.115.54 11377 (SENDGRID)
1 151.101.65.195 54113 (FASTLY)
3 52.239.232.176 8075 (MICROSOFT...)
2 2001:4de0:ac1... 20446 (HIGHWINDS3)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2001:4de0:ac1... 20446 (HIGHWINDS3)
8 6
1    167.89.115.54 (United States)

ASN11377 (SENDGRID, US)
PTR: o16789115x54.outbound-mail.sendgrid.net
u10073981.ct.sendgrid.net
1    151.101.65.195 (United States)

ASN54113 (FASTLY, US)
a8488392.web.app
3    52.239.232.176 (Cape Town, South Africa)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
34567870896988675667-secondary.z1.web.core.windows.net
2    2001:4de0:ac19::1:b:2b (Netherlands)

ASN20446 (HIGHWINDS3, US)
code.jquery.com
1    2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2001:4de0:ac19::1:b:2a (Netherlands)

ASN20446 (HIGHWINDS3, US)
stackpath.bootstrapcdn.com
Domain Requested by
3 34567870896988675667-secondary.z1.web.core.windows.net a8488392.web.app
34567870896988675667-secondary.z1.web.core.windows.net
2 code.jquery.com 34567870896988675667-secondary.z1.web.core.windows.net
1 stackpath.bootstrapcdn.com 34567870896988675667-secondary.z1.web.core.windows.net
1 cdnjs.cloudflare.com 34567870896988675667-secondary.z1.web.core.windows.net
1 a8488392.web.app
1 u10073981.ct.sendgrid.net 1 redirects
8 6

This site contains no links.

Subject Issuer Validity Valid
web.app
GTS CA 1O1		 2020-04-15 -
2021-04-14		 a year crt.sh
*.web.core.windows.net
Microsoft IT TLS CA 5		 2020-08-06 -
2022-08-06		 2 years crt.sh
jquery.org
Sectigo RSA Domain Validation Secure Server CA		 2020-10-06 -
2021-10-16		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-10-21 -
2021-10-20		 a year crt.sh
*.bootstrapcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2020-09-22 -
2021-10-12		 a year crt.sh

This page contains 1 frames:

Primary Page: https://34567870896988675667-secondary.z1.web.core.windows.net/87673262787632682788238723787236732/
Frame ID: E0B5E1F58707C0E089BA1052D51AD426
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://u10073981.ct.sendgrid.net/ls/click?upn=vzcuZh9Ec2vBJxkjvShz2kt9bgXuol3TxKj-2FE9C0p68OHCSnIOooMeSNR34rg... HTTP 302
    https://a8488392.web.app/GWEyxDlpQHcrFwHmEdATlAJpWSUlvhUCBMmpXaLbsVReIsAsPy Page URL
  2. https://34567870896988675667-secondary.z1.web.core.windows.net/87673262787632682788238723787236732/ Page URL

Page Statistics

8
Requests

100 %
HTTPS

50 %
IPv6

6
Domains

6
Subdomains

6
IPs

3
Countries

119 kB
Transfer

284 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://u10073981.ct.sendgrid.net/ls/click?upn=vzcuZh9Ec2vBJxkjvShz2kt9bgXuol3TxKj-2FE9C0p68OHCSnIOooMeSNR34rgFfj3NQgiE6gTOiSBiVev2p4U2B3yqIWGXlr7-2Bp8-2BLRilQjCmDyUCtDcrT0-2BhNE-2FPXqPVyLDMV5FcOmKa13BiuR1lw-3D-3D9-Cx_IUBjuV0dq0w-2BYseWCQnClyYTHYPgnex12Zb-2Fk3davXgr69AqcL70zKpIZMtYIByepF5-2FK9W3O7-2BUmiGmZgS-2B6YhHIzR0eB92VJTjL0GzsaXe41tjMa4R8S4WJPV47JiNaN-2FQPuzQxPakav-2F5GCkSjqVisGT1oKK6LoDRYEilsiDbLbSOdpSQQW0m4Rvv9IEB62AKTMUip-2FCUmHPTQ3yz4irO7afZflvCvXZPxPz62og-3D HTTP 302
    https://a8488392.web.app/GWEyxDlpQHcrFwHmEdATlAJpWSUlvhUCBMmpXaLbsVReIsAsPy Page URL
  2. https://34567870896988675667-secondary.z1.web.core.windows.net/87673262787632682788238723787236732/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://u10073981.ct.sendgrid.net/ls/click?upn=vzcuZh9Ec2vBJxkjvShz2kt9bgXuol3TxKj-2FE9C0p68OHCSnIOooMeSNR34rgFfj3NQgiE6gTOiSBiVev2p4U2B3yqIWGXlr7-2Bp8-2BLRilQjCmDyUCtDcrT0-2BhNE-2FPXqPVyLDMV5FcOmKa13BiuR1lw-3D-3D9-Cx_IUBjuV0dq0w-2BYseWCQnClyYTHYPgnex12Zb-2Fk3davXgr69AqcL70zKpIZMtYIByepF5-2FK9W3O7-2BUmiGmZgS-2B6YhHIzR0eB92VJTjL0GzsaXe41tjMa4R8S4WJPV47JiNaN-2FQPuzQxPakav-2F5GCkSjqVisGT1oKK6LoDRYEilsiDbLbSOdpSQQW0m4Rvv9IEB62AKTMUip-2FCUmHPTQ3yz4irO7afZflvCvXZPxPz62og-3D HTTP 302
  • https://a8488392.web.app/GWEyxDlpQHcrFwHmEdATlAJpWSUlvhUCBMmpXaLbsVReIsAsPy

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
GWEyxDlpQHcrFwHmEdATlAJpWSUlvhUCBMmpXaLbsVReIsAsPy
a8488392.web.app/
Redirect Chain
  • https://u10073981.ct.sendgrid.net/ls/click?upn=vzcuZh9Ec2vBJxkjvShz2kt9bgXuol3TxKj-2FE9C0p68OHCSnIOooMeSNR34rgFfj3NQgiE6gTOiSBiVev2p4U2B3yqIWGXlr7-2Bp8-2BLRilQjCmDyUCtDcrT0-2BhNE-2FPXqPVyLDMV5FcOmK...
  • https://a8488392.web.app/GWEyxDlpQHcrFwHmEdATlAJpWSUlvhUCBMmpXaLbsVReIsAsPy
478 B
614 B 		Document
General
Check archive.org
Download Go to
Full URL
https://a8488392.web.app/GWEyxDlpQHcrFwHmEdATlAJpWSUlvhUCBMmpXaLbsVReIsAsPy
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.195 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e2fb009c9bf8fdf794d1f18f35d263d322bb242d14c13b99ccea638c48eecfd1
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

:method
GET
:authority
a8488392.web.app
:scheme
https
:path
/GWEyxDlpQHcrFwHmEdATlAJpWSUlvhUCBMmpXaLbsVReIsAsPy
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
404
cache-control
max-age=3600
content-encoding
gzip
content-type
text/html; charset=utf-8
etag
"68b73f5a9229da6e81586b059cf3ed8a5ad7949136bb7c377eda968c87d61a0e"
last-modified
Fri, 23 Oct 2020 20:04:37 GMT
strict-transport-security
max-age=31556926; includeSubDomains; preload
accept-ranges
bytes
date
Sun, 25 Oct 2020 11:52:39 GMT
x-served-by
cache-hhn4039-HHN
x-cache
MISS
x-cache-hits
0
x-timer
S1603626759.764245,VS0,VE366
vary
x-fh-requested-host, accept-encoding
content-length
307

Redirect headers

Server
nginx
Date
Sun, 25 Oct 2020 11:52:38 GMT
Content-Type
text/html; charset=utf-8
Content-Length
125
Connection
keep-alive
Location
https://a8488392.web.app/GWEyxDlpQHcrFwHmEdATlAJpWSUlvhUCBMmpXaLbsVReIsAsPy#eric.tanzberger@sci-us.com
X-Robots-Tag
noindex, nofollow
Primary Request /
34567870896988675667-secondary.z1.web.core.windows.net/87673262787632682788238723787236732/ 		41 KB
41 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://34567870896988675667-secondary.z1.web.core.windows.net/87673262787632682788238723787236732/
Requested by
Host: a8488392.web.app
URL: https://a8488392.web.app/GWEyxDlpQHcrFwHmEdATlAJpWSUlvhUCBMmpXaLbsVReIsAsPy
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.239.232.176 Cape Town, South Africa, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
06fe44e99f424960599d4726ace322b6d54bc6d24d34019430700fb7775f1fc0

Request headers

Host
34567870896988675667-secondary.z1.web.core.windows.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
https://a8488392.web.app/GWEyxDlpQHcrFwHmEdATlAJpWSUlvhUCBMmpXaLbsVReIsAsPy
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://a8488392.web.app/GWEyxDlpQHcrFwHmEdATlAJpWSUlvhUCBMmpXaLbsVReIsAsPy

Response headers

Content-Length
42031
Content-Type
text/html
Server
Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-error-code
WebContentNotFound
x-ms-request-id
b5d17f65-b01e-000b-61c5-aaa4b6000000
x-ms-version
2018-03-28
Date
Sun, 25 Oct 2020 11:52:38 GMT
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d9ed6586942003696afe4e52b09f343f8342244b51a9e175b75162d7e615207b

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4de8fc175826d9f78fce9f9f2b71a63fe832fc7507e0394125c823b0909fa54a

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6710ee6e22d5e3e82f70554804806c37aac5789b110d944383ea393d93eb627a

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
jquery-3.3.1.slim.min.js
code.jquery.com/ 		68 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.3.1.slim.min.js
Requested by
Host: 34567870896988675667-secondary.z1.web.core.windows.net
URL: https://34567870896988675667-secondary.z1.web.core.windows.net/87673262787632682788238723787236732/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:2b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
dde76b9b2b90d30eb97fc81f06caa8c338c97b688cea7d2729c88f529f32fbb1

Request headers

Origin
https://34567870896988675667-secondary.z1.web.core.windows.net
Referer
https://34567870896988675667-secondary.z1.web.core.windows.net/87673262787632682788238723787236732/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 25 Oct 2020 11:52:40 GMT
content-encoding
gzip
last-modified
Sat, 20 Jan 2018 17:26:44 GMT
server
nginx
status
200
etag
W/"5a637bd4-1111d"
vary
Accept-Encoding
x-hw
1603626760.dop241.fr8.t,1603626760.cds232.fr8.hn,1603626760.cds274.fr8.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
24038
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/popper.min.js
Requested by
Host: 34567870896988675667-secondary.z1.web.core.windows.net
URL: https://34567870896988675667-secondary.z1.web.core.windows.net/87673262787632682788238723787236732/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
02835066969199e9924f1332f7172a5d7e552f023a20c3d8ba03bb6c51ce5be5

Request headers

Origin
https://34567870896988675667-secondary.z1.web.core.windows.net
Referer
https://34567870896988675667-secondary.z1.web.core.windows.net/87673262787632682788238723787236732/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 25 Oct 2020 11:52:40 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
315467
x-via
cfworker/kv
status
200
content-length
6458
cf-request-id
0601338ff7000064dfe28a1000000001
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:15:37 GMT
server
cloudflare
etag
"5eb03fa9-500f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=wVNY6avyqCndenDFcLC0HFDxT168mHbfExqiVXarwFuWQzpTPew%2ButBtQX6i6SDLTpc2EoittOUsSxq5asSOJzPjlIGHhE1dYsxE736WmhJmsxh98D%2FUWXyiYmlyte2GOw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
5e7bbb932a1b64df-FRA
expires
Fri, 15 Oct 2021 11:52:40 GMT
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/ 		49 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/bootstrap.min.js
Requested by
Host: 34567870896988675667-secondary.z1.web.core.windows.net
URL: https://34567870896988675667-secondary.z1.web.core.windows.net/87673262787632682788238723787236732/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:2a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
/
Resource Hash
0bca10549df770ab6790046799e5a9e920c286453ebbb2afb0d3055339245339
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://34567870896988675667-secondary.z1.web.core.windows.net
Referer
https://34567870896988675667-secondary.z1.web.core.windows.net/87673262787632682788238723787236732/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 25 Oct 2020 11:52:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 12 Dec 2018 18:33:53 GMT
status
200
etag
"1544639633"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
14038
jquery-1.9.1.min.js
code.jquery.com/ 		90 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-1.9.1.min.js
Requested by
Host: 34567870896988675667-secondary.z1.web.core.windows.net
URL: https://34567870896988675667-secondary.z1.web.core.windows.net/87673262787632682788238723787236732/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:2b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Request headers

Referer
https://34567870896988675667-secondary.z1.web.core.windows.net/87673262787632682788238723787236732/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 25 Oct 2020 11:52:40 GMT
content-encoding
gzip
last-modified
Fri, 24 Oct 2014 00:16:07 GMT
server
nginx
status
200
etag
W/"54499a47-169d5"
vary
Accept-Encoding
x-hw
1603626760.dop139.fr8.t,1603626760.cds286.fr8.hn,1603626760.cds018.fr8.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
32772
truncated
/ 		6 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6bd745cac7dd2e979f9e89dcd3c1ed3058812be0c88a06fc066360f74120b717

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
07f38b8b8c1f96ed85ecd96988f0454a95d1f665427086a507c72e55ff3ce0e7

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
segoeui-regular.ttf
34567870896988675667-secondary.z1.web.core.windows.net/owa/auth/15.0.1210/themes/resources/ 		0
0 		Font
General
Check archive.org
Download Go to
Full URL
https://34567870896988675667-secondary.z1.web.core.windows.net/owa/auth/15.0.1210/themes/resources/segoeui-regular.ttf
Requested by
Host: 34567870896988675667-secondary.z1.web.core.windows.net
URL: https://34567870896988675667-secondary.z1.web.core.windows.net/87673262787632682788238723787236732/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.239.232.176 Cape Town, South Africa, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash

Request headers

Origin
https://34567870896988675667-secondary.z1.web.core.windows.net
Referer
https://34567870896988675667-secondary.z1.web.core.windows.net/87673262787632682788238723787236732/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 25 Oct 2020 11:52:40 GMT
Server
Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-error-code
WebContentNotFound
Vary
Origin
Content-Type
text/html
x-ms-request-id
b5d17f6c-b01e-000b-66c5-aaa4b6000000
x-ms-version
2018-03-28
Content-Length
42031
segoeui-semilight.ttf
34567870896988675667-secondary.z1.web.core.windows.net/owa/auth/15.0.1210/themes/resources/ 		0
0 		Font
General
Check archive.org
Download Go to
Full URL
https://34567870896988675667-secondary.z1.web.core.windows.net/owa/auth/15.0.1210/themes/resources/segoeui-semilight.ttf
Requested by
Host: 34567870896988675667-secondary.z1.web.core.windows.net
URL: https://34567870896988675667-secondary.z1.web.core.windows.net/87673262787632682788238723787236732/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.239.232.176 Cape Town, South Africa, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash

Request headers

Origin
https://34567870896988675667-secondary.z1.web.core.windows.net
Referer
https://34567870896988675667-secondary.z1.web.core.windows.net/87673262787632682788238723787236732/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 25 Oct 2020 11:52:40 GMT
Server
Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-error-code
WebContentNotFound
Vary
Origin
Content-Type
text/html
x-ms-request-id
965c37d1-b01e-0024-42c5-aaa97d000000
x-ms-version
2018-03-28
Content-Length
42031

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Outlook Web Access (Online)

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes number| a_fRC number| g_fFcs number| a_fLOff number| a_fCAC number| a_fEnbSMm function| IsMimeCtlInst function| RndMimeCtl function| RndMimeCtlHlpr object| mainLogonDiv boolean| showPlaceholderText string| mainLogonDivClassName function| setPlaceholderText function| showPasswordClick function| $ function| jQuery function| Popper object| bootstrap string| hash

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload