owa.sarbacame.com Open in urlscan Pro
51.68.112.244  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response owa.sarbacame.com/owa/auth/	6 KB 3 KB	87ms 19ms	Document text/html	51.68.112.244 OVH
General Check archive.org Show headers Download Go to Full URL https://owa.sarbacame.com/owa/auth/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 51.68.112.244 , United Kingdom, ASN16276 (OVH, FR), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash 09f87da17291cb69487227a868a0310a9bc5d6f1187a63ddeb4f5ecb3873ef18 Security Headers Name Value Strict-Transport-Security max-age=15552000 Request headers Accept-Language fr-FR,fr;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers Accept-Ranges bytes Connection Upgrade, Keep-Alive Content-Encoding gzip Content-Length 2251 Content-Type text/html Date Wed, 15 May 2024 14:57:25 GMT ETag "18f7-5e4d86f41f84f-gzip" Keep-Alive timeout=5, max=100 Last-Modified Thu, 28 Jul 2022 07:25:14 GMT Server Apache/2.4.41 (Ubuntu) Strict-Transport-Security max-age=15552000 Upgrade h2,h2c Vary Accept-Encoding
GET H/1.1	200 OK	logon.css owa.sarbacame.com/owa/auth/owa_fichiers/	9 KB 3 KB	27ms 26ms	Stylesheet text/css	51.68.112.244 OVH
General Check archive.org Show headers Download Go to Full URL https://owa.sarbacame.com/owa/auth/owa_fichiers/logon.css Requested by Host: owa.sarbacame.com URL: https://owa.sarbacame.com/owa/auth/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 51.68.112.244 , United Kingdom, ASN16276 (OVH, FR), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash 7f2ac7f8f7dc0bde9ea7301ad6be18b11511b7864019ba64e1fb035b34ab56b7 Security Headers Name Value Strict-Transport-Security max-age=15552000 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://owa.sarbacame.com/owa/auth/ Accept-Language fr-FR,fr;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Wed, 15 May 2024 14:57:25 GMT Content-Encoding gzip Strict-Transport-Security max-age=15552000 Last-Modified Thu, 28 Jul 2022 07:25:14 GMT Server Apache/2.4.41 (Ubuntu) ETag "2538-5e4d86f40cf70-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 2357
GET H/1.1	200 OK	flogon.js Show response owa.sarbacame.com/owa/auth/owa_fichiers/	15 KB 5 KB	55ms 26ms	Script application/javascript	51.68.112.244 OVH
General Check archive.org Show headers Download Go to Full URL https://owa.sarbacame.com/owa/auth/owa_fichiers/flogon.js Requested by Host: owa.sarbacame.com URL: https://owa.sarbacame.com/owa/auth/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 51.68.112.244 , United Kingdom, ASN16276 (OVH, FR), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash 11308a24ed867a8d43b4cf57ead840d350fab01c2fd797e3e818e2cc61d2e9d2 Security Headers Name Value Strict-Transport-Security max-age=15552000 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://owa.sarbacame.com/owa/auth/ Accept-Language fr-FR,fr;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Wed, 15 May 2024 14:57:25 GMT Content-Encoding gzip Strict-Transport-Security max-age=15552000 Last-Modified Thu, 28 Jul 2022 09:03:03 GMT Server Apache/2.4.41 (Ubuntu) ETag "3b70-5e4d9cd1b5097-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 4808
GET H/1.1	200 OK	olk_logo_white.png owa.sarbacame.com/owa/auth/owa_fichiers/	2 KB 3 KB	63ms 18ms	Image image/png	51.68.112.244 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://owa.sarbacame.com/owa/auth/owa_fichiers/olk_logo_white.png Requested by Host: owa.sarbacame.com URL: https://owa.sarbacame.com/owa/auth/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 51.68.112.244 , United Kingdom, ASN16276 (OVH, FR), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash d9ed6586942003696afe4e52b09f343f8342244b51a9e175b75162d7e615207b Security Headers Name Value Strict-Transport-Security max-age=15552000 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://owa.sarbacame.com/owa/auth/ Accept-Language fr-FR,fr;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Wed, 15 May 2024 14:57:25 GMT Strict-Transport-Security max-age=15552000 Last-Modified Thu, 28 Jul 2022 07:25:14 GMT Server Apache/2.4.41 (Ubuntu) ETag "9c7-5e4d86f406210" Upgrade h2,h2c Content-Type image/png Connection Upgrade, Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 2503
GET H/1.1	200 OK	olk_logo_white_small.png owa.sarbacame.com/owa/auth/owa_fichiers/	4 KB 4 KB	63ms 18ms	Image image/png	51.68.112.244 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://owa.sarbacame.com/owa/auth/owa_fichiers/olk_logo_white_small.png Requested by Host: owa.sarbacame.com URL: https://owa.sarbacame.com/owa/auth/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 51.68.112.244 , United Kingdom, ASN16276 (OVH, FR), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash 4de8fc175826d9f78fce9f9f2b71a63fe832fc7507e0394125c823b0909fa54a Security Headers Name Value Strict-Transport-Security max-age=15552000 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://owa.sarbacame.com/owa/auth/ Accept-Language fr-FR,fr;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Wed, 15 May 2024 14:57:25 GMT Strict-Transport-Security max-age=15552000 Last-Modified Thu, 28 Jul 2022 07:25:14 GMT Server Apache/2.4.41 (Ubuntu) ETag "e0b-5e4d86f3edb71" Upgrade h2,h2c Content-Type image/png Connection Upgrade, Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 3595
GET H/1.1	200 OK	owa_text_blue.png owa.sarbacame.com/owa/auth/owa_fichiers/	6 KB 6 KB	20ms 19ms	Image image/png	51.68.112.244 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://owa.sarbacame.com/owa/auth/owa_fichiers/owa_text_blue.png Requested by Host: owa.sarbacame.com URL: https://owa.sarbacame.com/owa/auth/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 51.68.112.244 , United Kingdom, ASN16276 (OVH, FR), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash 6bd745cac7dd2e979f9e89dcd3c1ed3058812be0c88a06fc066360f74120b717 Security Headers Name Value Strict-Transport-Security max-age=15552000 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://owa.sarbacame.com/owa/auth/ Accept-Language fr-FR,fr;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Wed, 15 May 2024 14:57:25 GMT Strict-Transport-Security max-age=15552000 Last-Modified Thu, 28 Jul 2022 07:25:14 GMT Server Apache/2.4.41 (Ubuntu) ETag "16e0-5e4d86f411d90" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 5856
GET H/1.1	200 OK	Sign_in_arrow.png owa.sarbacame.com/owa/auth/owa_fichiers/	1 KB 2 KB	19ms 18ms	Image image/png	51.68.112.244 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://owa.sarbacame.com/owa/auth/owa_fichiers/Sign_in_arrow.png Requested by Host: owa.sarbacame.com URL: https://owa.sarbacame.com/owa/auth/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 51.68.112.244 , United Kingdom, ASN16276 (OVH, FR), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash 07f38b8b8c1f96ed85ecd96988f0454a95d1f665427086a507c72e55ff3ce0e7 Security Headers Name Value Strict-Transport-Security max-age=15552000 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://owa.sarbacame.com/owa/auth/ Accept-Language fr-FR,fr;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Wed, 15 May 2024 14:57:25 GMT Strict-Transport-Security max-age=15552000 Last-Modified Thu, 28 Jul 2022 07:25:14 GMT Server Apache/2.4.41 (Ubuntu) ETag "5a1-5e4d86f3ff4b0" Upgrade h2,h2c Content-Type image/png Connection Upgrade, Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 1441
GET H2	200	jquery-3.4.1.min.js Show response code.jquery.com/	86 KB 30 KB	88ms 25ms	Script application/javascript	2a04:4e42:200::649 FASTLY
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.4.1.min.js Requested by Host: owa.sarbacame.com URL: https://owa.sarbacame.com/owa/auth/owa_fichiers/flogon.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://owa.sarbacame.com/ Accept-Language fr-FR,fr;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 15 May 2024 14:57:25 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish age 7703541 x-cache HIT, HIT content-length 30638 x-served-by cache-lga21965-LGA, cache-ams21025-AMS last-modified Fri, 18 Oct 1991 12:00:00 GMT server nginx x-timer S1715785045.327961,VS0,VE0 etag W/"28feccc0-15851" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=604800 accept-ranges bytes x-cache-hits 19, 101214
GET H/1.1	404 Not Found	bg_gradient_login.png owa.sarbacame.com/owa/auth/15.0.847/themes/resources/	280 B 280 B	21ms 17ms	Image text/html	51.68.112.244 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://owa.sarbacame.com/owa/auth/15.0.847/themes/resources/bg_gradient_login.png Requested by Host: owa.sarbacame.com URL: https://owa.sarbacame.com/owa/auth/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 51.68.112.244 , United Kingdom, ASN16276 (OVH, FR), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash 39875e0ebd36fc9a8369de687d7c81d378dd62157d196cfdffe5fe9afed13bfe Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://owa.sarbacame.com/owa/auth/ Accept-Language fr-FR,fr;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Wed, 15 May 2024 14:57:25 GMT Server Apache/2.4.41 (Ubuntu) Connection Keep-Alive Keep-Alive timeout=5, max=99 Content-Length 280 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	segoeui-regular.ttf owa.sarbacame.com/owa/auth/owa_fichiers/	0 0	18ms 17ms	Font text/html	51.68.112.244 OVH
General Check archive.org Show headers Download Go to Full URL https://owa.sarbacame.com/owa/auth/owa_fichiers/segoeui-regular.ttf Requested by Host: owa.sarbacame.com URL: https://owa.sarbacame.com/owa/auth/owa_fichiers/logon.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 51.68.112.244 , United Kingdom, ASN16276 (OVH, FR), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://owa.sarbacame.com/owa/auth/owa_fichiers/logon.css Origin https://owa.sarbacame.com Accept-Language fr-FR,fr;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Wed, 15 May 2024 14:57:25 GMT Server Apache/2.4.41 (Ubuntu) Connection Keep-Alive Keep-Alive timeout=5, max=99 Content-Length 280 Content-Type text/html; charset=iso-8859-1
GET		favicon.ico owa.sarbacane.com/owa/auth/15.0.847/themes/resources/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

owa.sarbacane.com

URL

https://owa.sarbacane.com/owa/auth/15.0.847/themes/resources/favicon.ico

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Outlook Web Access (Online)

29 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| script function| initLogon function| redir function| shw function| hd function| clkExp function| clkSecExp function| kdSecExp function| clkSec function| clkBsc function| checkSubmit function| clkLgn function| clkRtry function| clkReLgn function| gbid function| IsOwaPremiumBrowser function| hres function| LogoffMime function| addPerfMarker number| a_fRC number| g_fFcs number| a_fLOff number| a_fCAC number| a_fEnbSMm function| setPlaceholderText function| showPasswordClick object| mainLogonDiv function| $ function| jQuery

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			owa.sarbacame.com/owa/auth	1969-12-31 23:59:59	Name: cookieTest Value: 1

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://owa.sarbacame.com/owa/auth/ Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
network	error	URL: https://owa.sarbacame.com/owa/auth/15.0.847/themes/resources/bg_gradient_login.png Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://owa.sarbacame.com/owa/auth/owa_fichiers/segoeui-regular.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15552000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
owa.sarbacame.com
owa.sarbacane.com
owa.sarbacane.com
2a04:4e42:200::649
51.68.112.244
07f38b8b8c1f96ed85ecd96988f0454a95d1f665427086a507c72e55ff3ce0e7
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
09f87da17291cb69487227a868a0310a9bc5d6f1187a63ddeb4f5ecb3873ef18
11308a24ed867a8d43b4cf57ead840d350fab01c2fd797e3e818e2cc61d2e9d2
39875e0ebd36fc9a8369de687d7c81d378dd62157d196cfdffe5fe9afed13bfe
4de8fc175826d9f78fce9f9f2b71a63fe832fc7507e0394125c823b0909fa54a
6bd745cac7dd2e979f9e89dcd3c1ed3058812be0c88a06fc066360f74120b717
7f2ac7f8f7dc0bde9ea7301ad6be18b11511b7864019ba64e1fb035b34ab56b7
d9ed6586942003696afe4e52b09f343f8342244b51a9e175b75162d7e615207b