![](/screenshots/f221556c-4c6e-4577-afe9-f7c25130d3f9.png)
outlook.office365.com
Open in
urlscan Pro
2603:1026:c0d:82d::2
Public Scan
Effective URL: https://outlook.office365.com/Encryption/authenticationpage.aspx?st=Microsoft&ru=https%3a%2f%2foutlook.office365.com%2fEncrypt...
Submission: On May 23 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by DigiCert Cloud Services CA-1 on January 22nd 2024. Valid for: a year.
This is the only time outlook.office365.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 165.212.65.140 165.212.65.140 | 14454 (SILVERSKY...) (SILVERSKY-INC) | |
2 6 | 2603:1026:c0d... 2603:1026:c0d:82d::2 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 152.199.19.160 152.199.19.160 | 15133 (EDGECAST) (EDGECAST) | |
1 | 2a02:26f0:710... 2a02:26f0:7100::687e:241b | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
6 | 4 |
ASN14454 (SILVERSKY-INC, US)
clicktime.cloud.postoffice.net |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
outlook.office365.com |
ASN20940 (AKAMAI-ASN1, NL)
r1.res.office365.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
office365.com
2 redirects
outlook.office365.com — Cisco Umbrella Rank: 43 r1.res.office365.com — Cisco Umbrella Rank: 37440 |
22 KB |
1 |
aspnetcdn.com
ajax.aspnetcdn.com — Cisco Umbrella Rank: 2465 |
33 KB |
1 |
postoffice.net
1 redirects
clicktime.cloud.postoffice.net — Cisco Umbrella Rank: 378122 |
1 KB |
6 | 3 |
Domain | Requested by | |
---|---|---|
6 | outlook.office365.com |
2 redirects
outlook.office365.com
|
1 | r1.res.office365.com | |
1 | ajax.aspnetcdn.com |
outlook.office365.com
|
1 | clicktime.cloud.postoffice.net | 1 redirects |
6 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
go.microsoft.com |
privacy.microsoft.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
outlook.com DigiCert Cloud Services CA-1 |
2024-01-22 - 2025-01-21 |
a year | crt.sh |
*.vo.msecnd.net DigiCert SHA2 Secure Server CA |
2024-01-30 - 2025-01-30 |
a year | crt.sh |
*.res.outlook.com DigiCert SHA2 Secure Server CA |
2024-02-20 - 2025-02-20 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://outlook.office365.com/Encryption/authenticationpage.aspx?st=Microsoft&ru=https%3a%2f%2foutlook.office365.com%2fEncryption%2fdefault.aspx%3fitemID%3dE4E_M_365744e2-92d2-4500-809d-07c743457f76&e4e_sdata=OVl241KfhuaeCv0%2fHZYQ90x9IYeZc%2fteM%2fx5FExZ4QhiNXn%2bXc2uE9mbyQOlrMySMAwAQKMXCpFlh7R3IQHwyVLIFnxx1j4avWX7DZyAw6yqhC4TlxfzDZ6m60kEHlnYWGGChPiLqgQoQOMemD5%2b2l%2fYyJOmUbZ6KnLILIzXieQ0Ij%2frqXQfT550CqUNg3jV5zp4SdisIGWqprZHm5czewzKPJDGZBf8j4YsXdRtZ18MWVe8cuZs0Cp4KaeGRsmyoBQbwMY4XUBAtxKhX9eSofOShrLYMSrkGOUoaj8AOY1%2fx%2fw%2b%2f7e1uNj59Auxh%2fv8UnGEHXH3DfoVwqGR%2fo%2fTqQ%3d%3d
Frame ID: EEA5B2A6D207C4655E30F6D0554325E2
Requests: 7 HTTP requests in this frame
Screenshot
![](/screenshots/f221556c-4c6e-4577-afe9-f7c25130d3f9.png)
Page Title
Authentifizierung von verschlüsselten NachrichtenPage URL History Show full URLs
-
https://clicktime.cloud.postoffice.net/clicktime.php?U=https%3A%2F%2Foutlook.office365.com%2FEncryption%2Fretrieve....
HTTP 307
https://outlook.office365.com/Encryption/retrieve.ashx?recipientemailaddress=Rachel.daSilva%40jdcu.com&sen... HTTP 302
https://outlook.office365.com/Encryption/default.aspx?itemID=E4E_M_365744e2-92d2-4500-809d-07c743457f76 HTTP 302
https://outlook.office365.com/Encryption/authenticationpage.aspx?st=Microsoft&ru=https%3a%2f%2foutlook.off... Page URL
Detected technologies
![](/vendor/wappa/icons/Microsoft ASP.NET.png)
Detected patterns
- \.aspx?(?:$|\?)
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: Benötigen Sie Hilfe?
Search URL Search Domain Scan URL
Title: Datenschutzbestimmungen
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://clicktime.cloud.postoffice.net/clicktime.php?U=https%3A%2F%2Foutlook.office365.com%2FEncryption%2Fretrieve.ashx%3Frecipientemailaddress%3DRachel.daSilva%2540jdcu.com%26senderemailaddress%3DNicolas.Koehn%2540meridianlink.com%26senderorganization%3DAwGGAAAAAoIAAAADAQAAAI5dmjbZxypHlXjNtv%252fRq5NPVT1NZXJpZGlhbmxpbmszNjUub25taWNyb3NvZnQuY29tLE9VPU1pY3Jvc29mdCBFeGNoYW5nZSBIb3N0ZWQgT3JnYW5pemF0aW9ucyxEQz1OQU1QUjE0QTAwOCxEQz1QUk9ELERDPU9VVExPT0ssREM9Q09NpBXJRcUSaES6TYXcicnE8UNOPUNvbmZpZ3VyYXRpb24sQ049TWVyaWRpYW5saW5rMzY1Lm9ubWljcm9zb2Z0LmNvbSxDTj1Db25maWd1cmF0aW9uVW5pdHMsREM9TkFNUFIxNEEwMDgsREM9UFJPRCxEQz1PVVRMT09LLERDPUNPTQE%253d%26messageid%3D%253cDM6PR14MB4218D6B59942BF8FC490315798F42%2540DM6PR14MB4218.namprd14.prod.outlook.com%253e%26cfmRecipient%3DSystemMailbox%257bD0E409A0-AF9B-4720-92FE-AAC869B0D201%257d%2540Meridianlink365.onmicrosoft.com%26consumerEncryption%3Dfalse%26senderorgid%3D5f3bf9ea-8893-44b4-92c5-436f984ff597%26urldecoded%3D1%26e4e_sdata%3DrWUjLOgCdFnDewvCIhBrxSf3vDENIvfp3oJU14lp7cmwkT%252foTk0lj9ub2q%252fY2ofvvSH9aEmbJzkDDZUpIRbedO%252fzJHlY0byd5TFosMeGHY9Q2aZytDiecTBTt8qtJVIF95%252blO58C9B8Hn62dIxM6v9x0BUQC7%252bCrUYctmXxjY%252bxNEmG1vqk2NEYGDJxcg91PKx5xUpaCHRfr%252fjQWCGyObf16%252fShddQtgfIIQPdNyl%252bqctdysg80%252bY0tAlC7e4mf1hJ67AIJvFbibV8Fw7SBePFyMDk3KpLserBTkFOfQbYgvfPDPh8mJjX%252bNQ0ktqjdv8DahgCOwvYxI8ubDKgZxJw%253d%253d&E=rachel.dasilva%40jdcu.com&X=XID930CewqGs1488Xd1&T=JDCU&HV=U,E,X,T&H=703874c8f1c2680db54929f0959254374eb5de99
HTTP 307
https://outlook.office365.com/Encryption/retrieve.ashx?recipientemailaddress=Rachel.daSilva%40jdcu.com&senderemailaddress=Nicolas.Koehn%40meridianlink.com&senderorganization=AwGGAAAAAoIAAAADAQAAAI5dmjbZxypHlXjNtv%2fRq5NPVT1NZXJpZGlhbmxpbmszNjUub25taWNyb3NvZnQuY29tLE9VPU1pY3Jvc29mdCBFeGNoYW5nZSBIb3N0ZWQgT3JnYW5pemF0aW9ucyxEQz1OQU1QUjE0QTAwOCxEQz1QUk9ELERDPU9VVExPT0ssREM9Q09NpBXJRcUSaES6TYXcicnE8UNOPUNvbmZpZ3VyYXRpb24sQ049TWVyaWRpYW5saW5rMzY1Lm9ubWljcm9zb2Z0LmNvbSxDTj1Db25maWd1cmF0aW9uVW5pdHMsREM9TkFNUFIxNEEwMDgsREM9UFJPRCxEQz1PVVRMT09LLERDPUNPTQE%3d&messageid=%3cDM6PR14MB4218D6B59942BF8FC490315798F42%40DM6PR14MB4218.namprd14.prod.outlook.com%3e&cfmRecipient=SystemMailbox%7bD0E409A0-AF9B-4720-92FE-AAC869B0D201%7d%40Meridianlink365.onmicrosoft.com&consumerEncryption=false&senderorgid=5f3bf9ea-8893-44b4-92c5-436f984ff597&urldecoded=1&e4e_sdata=rWUjLOgCdFnDewvCIhBrxSf3vDENIvfp3oJU14lp7cmwkT%2foTk0lj9ub2q%2fY2ofvvSH9aEmbJzkDDZUpIRbedO%2fzJHlY0byd5TFosMeGHY9Q2aZytDiecTBTt8qtJVIF95%2blO58C9B8Hn62dIxM6v9x0BUQC7%2bCrUYctmXxjY%2bxNEmG1vqk2NEYGDJxcg91PKx5xUpaCHRfr%2fjQWCGyObf16%2fShddQtgfIIQPdNyl%2bqctdysg80%2bY0tAlC7e4mf1hJ67AIJvFbibV8Fw7SBePFyMDk3KpLserBTkFOfQbYgvfPDPh8mJjX%2bNQ0ktqjdv8DahgCOwvYxI8ubDKgZxJw%3d%3d HTTP 302
https://outlook.office365.com/Encryption/default.aspx?itemID=E4E_M_365744e2-92d2-4500-809d-07c743457f76 HTTP 302
https://outlook.office365.com/Encryption/authenticationpage.aspx?st=Microsoft&ru=https%3a%2f%2foutlook.office365.com%2fEncryption%2fdefault.aspx%3fitemID%3dE4E_M_365744e2-92d2-4500-809d-07c743457f76&e4e_sdata=OVl241KfhuaeCv0%2fHZYQ90x9IYeZc%2fteM%2fx5FExZ4QhiNXn%2bXc2uE9mbyQOlrMySMAwAQKMXCpFlh7R3IQHwyVLIFnxx1j4avWX7DZyAw6yqhC4TlxfzDZ6m60kEHlnYWGGChPiLqgQoQOMemD5%2b2l%2fYyJOmUbZ6KnLILIzXieQ0Ij%2frqXQfT550CqUNg3jV5zp4SdisIGWqprZHm5czewzKPJDGZBf8j4YsXdRtZ18MWVe8cuZs0Cp4KaeGRsmyoBQbwMY4XUBAtxKhX9eSofOShrLYMSrkGOUoaj8AOY1%2fx%2fw%2b%2f7e1uNj59Auxh%2fv8UnGEHXH3DfoVwqGR%2fo%2fTqQ%3d%3d Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
authenticationpage.aspx
outlook.office365.com/Encryption/ Redirect Chain
|
13 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.12.4.min.js
ajax.aspnetcdn.com/ajax/jQuery/ |
95 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
authentication.css
outlook.office365.com/Encryption/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lock.png
outlook.office365.com/Encryption/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
liveid.png
outlook.office365.com/Encryption/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
r1.res.office365.com/owa/prem/15.20.7611.22/resources/images/0/ |
5 KB 6 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery number| timerInterval function| OtpClicked function| LogOAuthSignIn function| gup function| timedText15 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
outlook.office365.com/ | Name: X-E4E-CorrelationId Value: 22f50d2f-8b40-48bc-a5c2-26c3471b4d4f |
|
outlook.office365.com/ | Name: X-OmeVersion Value: V2 |
|
outlook.office365.com/ | Name: X-ConsumerEncryption Value: false |
|
outlook.office365.com/ | Name: X-CfmRecipientAddress Value: SystemMailbox%7bD0E409A0-AF9B-4720-92FE-AAC869B0D201%7d%40Meridianlink365.onmicrosoft.com |
|
outlook.office365.com/ | Name: E4EAnchorMailbox Value: SystemMailbox{D0E409A0-AF9B-4720-92FE-AAC869B0D201}@Meridianlink365.onmicrosoft.com |
|
outlook.office365.com/ | Name: X-RecipientEmailAddress Value: Rachel.daSilva@jdcu.com|bSQL1iWuguGZWHkJungmciOT%2foLdRUJI%2b2qrtLVWy%2fl9333Bb%2bboeXOV03rLQpH8i0%2fMrEKsQhRIH5PKbtsOhoW8n2Gs04NSj9aptjplWMl4Kelp1WM2n0yfBNtPDu5HZJEHUPau%2bjfkWDD2CgYI%2fdqTIzn24JmoxjMExUN%2fzxOcr1n70qh3SxHIxzj3Y5nUn0h0QMPTQEwTtCJGLuZu5QsPKh8AMc6OsDiC2EmybsrNLPdiUjM%2fWuSr%2fb0MO8pgJ5HfvSwYQngINyXPjbGiUqhkMp04eJmreROL0Prc1%2b4P%2bXNxS9CzQeVv2trldv%2fXY3d2O1w8ZZKl3tVTxJxLYA%3d%3d |
|
outlook.office365.com/ | Name: X-SenderEmailAddress Value: Nicolas.Koehn@meridianlink.com |
|
outlook.office365.com/ | Name: X-SenderOrganization Value: AwGGAAAAAoIAAAADAQAAAI5dmjbZxypHlXjNtv/Rq5NPVT1NZXJpZGlhbmxpbmszNjUub25taWNyb3NvZnQuY29tLE9VPU1pY3Jvc29mdCBFeGNoYW5nZSBIb3N0ZWQgT3JnYW5pemF0aW9ucyxEQz1OQU1QUjE0QTAwOCxEQz1QUk9ELERDPU9VVExPT0ssREM9Q09NpBXJRcUSaES6TYXcicnE8UNOPUNvbmZpZ3VyYXRpb24sQ049TWVyaWRpYW5saW5rMzY1Lm9ubWljcm9zb2Z0LmNvbSxDTj1Db25maWd1cmF0aW9uVW5pdHMsREM9TkFNUFIxNEEwMDgsREM9UFJPRCxEQz1PVVRMT09LLERDPUNPTQE= |
|
outlook.office365.com/ | Name: X-MessageId Value: %3cDM6PR14MB4218D6B59942BF8FC490315798F42%40DM6PR14MB4218.namprd14.prod.outlook.com%3e |
|
outlook.office365.com/ | Name: X-StoreObjectId Value: |
|
outlook.office365.com/ | Name: X-RecipientPrimarySmtp Value: |
|
outlook.office365.com/ | Name: E4E_M_365744e2-92d2-4500-809d-07c743457f76 Value: BYAPR14MB2854 |
|
outlook.office365.com/ | Name: X-OTPItemId Value: E4E_M_365744e2-92d2-4500-809d-07c743457f76 |
|
outlook.office365.com/ | Name: X-SenderExternalOrganizationId Value: 5f3bf9ea-8893-44b4-92c5-436f984ff597 |
|
outlook.office365.com/ | Name: X-AnonResource Value: true |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.aspnetcdn.com
clicktime.cloud.postoffice.net
outlook.office365.com
r1.res.office365.com
152.199.19.160
165.212.65.140
2603:1026:c0d:82d::2
2a02:26f0:7100::687e:241b
029076ac3b2fff37e6eb3617e5caa51b1b90dee9e7dec7a0a75c918ab26a082c
08a857eeec64d9c6b3ece76762eed837929e0e6f8a29d1315a04d38c3053b4b6
55400220f8792e5146328487b0dbbb259a3f558e8fd51f2b445a5ddb6bc1608e
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
da7b1e7c0e95a9caba46be191f562268cee236556f67e4b10f2b3a05785b9cad
dec51a1a5c6f5daddebe7c7d1048319969446f03de89a953c3c3514f8db08e8a
ee3a2bdf6d169c7d35d4c153bc702cbb8120d7b9b65c215776dc2459863d583a