est1.ga Open in urlscan Pro
2606:4700:3035::681b:8bb7 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://t.co/DvMwZ7bMQK
Effective URL:
https://est1.ga/wp-admin/maint/BoxOffice/authorize.php?client_id=00000001-0000-0ff1-cf00-000000000000&_pageLabel...
Submission: On August 17 via manual (August 17th 2020, 3:09:48 pm UTC) from US

Summary HTTP 10 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 10 HTTP transactions. The main IP is 2606:4700:3035::681b:8bb7, located in United States and belongs to CLOUDFLARENET, US. The main domain is est1.ga.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 3rd 2020. Valid for: a year.

This is the only time est1.ga was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1	104.244.42.197 104.244.42.197	13414 (TWITTER) (TWITTER)
1 3	2606:4700:303... 2606:4700:3035::681b:8bb7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2620:1ec:bdf::10 2620:1ec:bdf::10	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
5	2a02:26f0:10c... 2a02:26f0:10c:395::753	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
10	5

1 104.244.42.197 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3035::681b:8bb7 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

est1.ga	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:bdf::10 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

aadcdn.msauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:26f0:10c:395::753 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

r4.res.office365.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	office365.com r4.res.office365.com	662 KB
3	est1.ga 1 redirects est1.ga	375 KB
2	msauth.net aadcdn.msauth.net	30 KB
1	t.co t.co	499 B
10	4

	Domain	Requested by
5	r4.res.office365.com	srcdoc
3	est1.ga	1 redirects t.co
2	aadcdn.msauth.net	est1.ga
1	t.co
10	4

This site contains links to these domains. Also see Links.

Domain
www.microsoft.com
privacy.microsoft.com

Subject Issuer	Validity	Valid
t.co DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-03` - `2021-08-03`	a year	crt.sh
aadcdn.msauth.net DigiCert SHA2 Secure Server CA	`2020-07-08` - `2021-07-08`	a year	crt.sh
*.res.outlook.com Microsoft IT TLS CA 2	`2019-10-21` - `2021-10-21`	2 years	crt.sh

This page contains 2 frames:

Primary Page: https://est1.ga/wp-admin/maint/BoxOffice/authorize.php?client_id=00000001-0000-0ff1-cf00-000000000000&_pageLabel=page_logonform&_pageSession=23a0b12202e37ad3e734fd2217b115ee
Frame ID: 367EB17C6256B9769795FFE656047681
Requests: 11 HTTP requests in this frame

Frame: https://r4.res.office365.com/owa/prem/16.3499.0.2717365/scripts/boot.worldwide.0.mouse.js
Frame ID: B87D515ACEF5F3D8C5B13DF2FFD1D31F
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://t.co/DvMwZ7bMQK Page URL
https://est1.ga/wp-admin/maint/BoxOffice HTTP 301
https://est1.ga/wp-admin/maint/BoxOffice/ Page URL
https://est1.ga/wp-admin/maint/BoxOffice/authorize.php?client_id=00000001-0000-0ff1-cf00-000... Page URL

Page Statistics

10
Requests

100 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

1067 kB
Transfer

3714 kB
Size

1
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.microsoft.com/en-US/servicesagreement/
Title: Terms of use

Search URL Search Domain Scan URL

URL: https://privacy.microsoft.com/en-US/privacystatement
Title: Privacy & cookies

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://t.co/DvMwZ7bMQK Page URL
https://est1.ga/wp-admin/maint/BoxOffice HTTP 301
https://est1.ga/wp-admin/maint/BoxOffice/ Page URL
https://est1.ga/wp-admin/maint/BoxOffice/authorize.php?client_id=00000001-0000-0ff1-cf00-000000000000&_pageLabel=page_logonform&_pageSession=23a0b12202e37ad3e734fd2217b115ee Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://est1.ga/wp-admin/maint/BoxOffice HTTP 301
https://est1.ga/wp-admin/maint/BoxOffice/

10 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 DvMwZ7bMQK Show response
t.co/ 277 B
499 B 294ms
181ms Document
text/html 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://t.co/DvMwZ7bMQK

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

2e95a0acd4cb492d0ba2fed324fa928fb32815f8a982d7f406bf7428953f843e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Request headers

:method: GET
:authority: t.co
:scheme: https
:path: /DvMwZ7bMQK
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
cache-control: private,max-age=300
content-encoding: gzip
content-length: 191
content-type: text/html; charset=utf-8
date: Mon, 17 Aug 2020 15:09:28 GMT
expires: Mon, 17 Aug 2020 15:14:28 GMT
server: tsa_o
set-cookie: muc=25edd758-bac5-44ae-8c18-129c0adf8749; Max-Age=63072000; Expires=Wed, 17 Aug 2022 15:09:28 GMT; Domain=t.co; Secure; SameSite=None
strict-transport-security: max-age=0
vary: Origin
x-connection-hash: 5c3fc25e01c32a48cd074a173ba77186
x-response-time: 125
x-xss-protection: 0

GET
H2

200

/ Show response
est1.ga/wp-admin/maint/BoxOffice/
Redirect Chain

https://est1.ga/wp-admin/maint/BoxOffice
https://est1.ga/wp-admin/maint/BoxOffice/

204 B
238 B

184ms
184ms

Document
text/html

2606:4700:3035::681b:8bb7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://est1.ga/wp-admin/maint/BoxOffice/
Requested by: Host: t.co
URL: https://t.co/DvMwZ7bMQK
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::681b:8bb7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 097263a7184d235c0202665c5b2d0d093cd83fb27483fbfbca212c0b6b1c5b11

Request headers

:method: GET
:authority: est1.ga
:scheme: https
:path: /wp-admin/maint/BoxOffice/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://t.co/DvMwZ7bMQK
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cfduid=d9f8c4f43c40061f92710b4943c8af6011597676968
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://t.co/DvMwZ7bMQK

Response headers

status: 200
date: Mon, 17 Aug 2020 15:09:29 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
cf-request-id: 049e90f65200001f51c91d5200000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 5c445103bea91f51-FRA
content-encoding: br

Redirect headers

status: 301
date: Mon, 17 Aug 2020 15:09:29 GMT
content-type: text/html; charset=iso-8859-1
set-cookie: __cfduid=d9f8c4f43c40061f92710b4943c8af6011597676968; expires=Wed, 16-Sep-20 15:09:28 GMT; path=/; domain=.est1.ga; HttpOnly; SameSite=Lax
location: https://est1.ga/wp-admin/maint/BoxOffice/
cf-cache-status: DYNAMIC
cf-request-id: 049e90f3f600001f51c918c200000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 5c4450fffc3f1f51-FRA

GET
H2 200 Primary Request authorize.php Show response
est1.ga/wp-admin/maint/BoxOffice/ 826 KB
374 KB 557ms
557ms Document
text/html 2606:4700:3035::681b:8bb7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://est1.ga/wp-admin/maint/BoxOffice/authorize.php?client_id=00000001-0000-0ff1-cf00-000000000000&_pageLabel=page_logonform&_pageSession=23a0b12202e37ad3e734fd2217b115ee
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::681b:8bb7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a7f0617136be79abf13b65f6c1f6b30280d2963a312a6e1d9205ac7d72ed1255

Request headers

:method: GET
:authority: est1.ga
:scheme: https
:path: /wp-admin/maint/BoxOffice/authorize.php?client_id=00000001-0000-0ff1-cf00-000000000000&_pageLabel=page_logonform&_pageSession=23a0b12202e37ad3e734fd2217b115ee
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://est1.ga/wp-admin/maint/BoxOffice/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cfduid=d9f8c4f43c40061f92710b4943c8af6011597676968
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://est1.ga/wp-admin/maint/BoxOffice/

Response headers

status: 200
date: Mon, 17 Aug 2020 15:09:30 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
cf-request-id: 049e90f71800001f51c91df200000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 5c445104f9ce1f51-FRA
content-encoding: br

GET
H2 200 converged.v2.login.min_50vzauwvxyzipxbkbzkzpg2.css
aadcdn.msauth.net/ests/2.1/content/cdnbundles/ 0
19 KB 60ms
30ms Other
text/css 2620:1ec:bdf::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_50vzauwvxyzipxbkbzkzpg2.css
Requested by: Host: est1.ga
URL: https://est1.ga/wp-admin/maint/BoxOffice/authorize.php?client_id=00000001-0000-0ff1-cf00-000000000000&_pageLabel=page_logonform&_pageSession=23a0b12202e37ad3e734fd2217b115ee
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:bdf::10 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://est1.ga/wp-admin/maint/BoxOffice/authorize.php?client_id=00000001-0000-0ff1-cf00-000000000000&_pageLabel=page_logonform&_pageSession=23a0b12202e37ad3e734fd2217b115ee
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 17 Aug 2020 15:09:30 GMT
content-encoding: gzip
content-md5: xlNGh4B09W+8khn0UZpq9w==
x-cache: TCP_HIT
status: 200
content-length: 18714
x-ms-lease-status: unlocked
last-modified: Wed, 18 Dec 2019 23:55:10 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag: 0x8D78415B7CDD900
x-azure-ref: 0qp06XwAAAABY13/KIw0CTL7Q0kNpz3xgQU1TRURHRTA2MTQAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: bb844916-e01e-0065-0937-74f25b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19

GET
H2 200 ux.converged.login.strings-en.min_3afga6pstjh7f2bka__ixa2.js
aadcdn.msauth.net/ests/2.1/content/cdnbundles/ 0
11 KB 48ms
18ms Other
application/x-javascript 2620:1ec:bdf::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_3afga6pstjh7f2bka__ixa2.js
Requested by: Host: est1.ga
URL: https://est1.ga/wp-admin/maint/BoxOffice/authorize.php?client_id=00000001-0000-0ff1-cf00-000000000000&_pageLabel=page_logonform&_pageSession=23a0b12202e37ad3e734fd2217b115ee
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:bdf::10 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://est1.ga/wp-admin/maint/BoxOffice/authorize.php?client_id=00000001-0000-0ff1-cf00-000000000000&_pageLabel=page_logonform&_pageSession=23a0b12202e37ad3e734fd2217b115ee
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 17 Aug 2020 15:09:30 GMT
content-encoding: gzip
content-md5: UBOZypXc18MQ1TxoSOXDOQ==
x-cache: TCP_HIT
status: 200
content-length: 11112
x-ms-lease-status: unlocked
last-modified: Wed, 18 Dec 2019 23:58:58 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag: 0x8D784163F3FCE2D
x-azure-ref: 0qp06XwAAAAAJOE6UEMj9SK6ftR2oekx9QU1TRURHRTA2MTQAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 39ddedae-601e-0005-5037-74b079000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b5d587f6c48a9b22bbe97150249e0c0655ac1780bd273431480a22f8a5bfef6c

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 915 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 915 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f89e908280791803bbf1f33b596ff4a2179b355a8e15ad02ebaa2b1da11127ea

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 277 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H2 200 boot.worldwide.0.mouse.js
r4.res.office365.com/owa/prem/16.3499.0.2717365/scripts/ Frame B87D 648 KB
176 KB 46ms
17ms Stylesheet
application/x-javascript 2a02:26f0:10c:395::753
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://r4.res.office365.com/owa/prem/16.3499.0.2717365/scripts/boot.worldwide.0.mouse.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:10c:395::753 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Apache /

Resource Hash

3d05d46146f38af96edee763df57892ccbf155494ab977c44b618fedb6d60f18

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 17 Aug 2020 15:09:31 GMT
content-encoding: gzip
last-modified: Sat, 21 Dec 2019 09:08:43 GMT
server: Apache
status: 200
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public,max-age=630720000, s-maxage=630720000
strict-transport-security: max-age=31536000; includeSubDomains
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 boot.worldwide.1.mouse.js
r4.res.office365.com/owa/prem/16.3499.0.2717365/scripts/ Frame B87D 644 KB
160 KB 64ms
36ms Stylesheet
application/x-javascript 2a02:26f0:10c:395::753
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://r4.res.office365.com/owa/prem/16.3499.0.2717365/scripts/boot.worldwide.1.mouse.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:10c:395::753 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Apache /

Resource Hash

0a67653a09d3f3c540a0c0691af6b0bf5b7c76062ba27f79247707a958091e10

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 17 Aug 2020 15:09:31 GMT
content-encoding: gzip
last-modified: Sat, 21 Dec 2019 09:08:41 GMT
server: Apache
status: 200
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public,max-age=630720000, s-maxage=630720000
strict-transport-security: max-age=31536000; includeSubDomains
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 boot.worldwide.2.mouse.js
r4.res.office365.com/owa/prem/16.3499.0.2717365/scripts/ Frame B87D 647 KB
167 KB 65ms
36ms Stylesheet
application/x-javascript 2a02:26f0:10c:395::753
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://r4.res.office365.com/owa/prem/16.3499.0.2717365/scripts/boot.worldwide.2.mouse.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:10c:395::753 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Apache /

Resource Hash

c93fb192d93946ff9f853be4d5c0c4f4a2cc0b9fb328e89dba7b14210136f844

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 17 Aug 2020 15:09:31 GMT
content-encoding: gzip
last-modified: Sat, 21 Dec 2019 09:08:44 GMT
server: Apache
status: 200
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public,max-age=630720000, s-maxage=630720000
strict-transport-security: max-age=31536000; includeSubDomains
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 boot.worldwide.3.mouse.js
r4.res.office365.com/owa/prem/16.3499.0.2717365/scripts/ Frame B87D 645 KB
143 KB 72ms
43ms Stylesheet
application/x-javascript 2a02:26f0:10c:395::753
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://r4.res.office365.com/owa/prem/16.3499.0.2717365/scripts/boot.worldwide.3.mouse.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:10c:395::753 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Apache /

Resource Hash

314e50eeee61a62fa0c754173772948b40cab0463092bc834011f17fa05de594

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 17 Aug 2020 15:09:31 GMT
content-encoding: gzip
last-modified: Sat, 21 Dec 2019 09:08:41 GMT
server: Apache
status: 200
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public,max-age=630720000, s-maxage=630720000
strict-transport-security: max-age=31536000; includeSubDomains
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 sprite1.mouse.png
r4.res.office365.com/owa/prem/16.3499.0.2717365/resources/images/0/ Frame B87D 16 KB
17 KB 39ms
10ms Stylesheet
image/png 2a02:26f0:10c:395::753
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://r4.res.office365.com/owa/prem/16.3499.0.2717365/resources/images/0/sprite1.mouse.png

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:10c:395::753 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Apache /

Resource Hash

99190cfe65f919edb8071d84eee7096ec27561bc9b9fa396e55e0eb5e2cd0194

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 17 Aug 2020 15:09:31 GMT
last-modified: Sat, 21 Dec 2019 09:04:43 GMT
server: Apache
status: 200
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=630720000, s-maxage=630720000
accept-ranges: bytes
timing-allow-origin: *
content-length: 16664

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes function| savepage_ShadowLoader

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.est1.ga/	1970-01-19 12:31:08	Name: __cfduid Value: d9f8c4f43c40061f92710b4943c8af6011597676968

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aadcdn.msauth.net
est1.ga
r4.res.office365.com
t.co
104.244.42.197
2606:4700:3035::681b:8bb7
2620:1ec:bdf::10
2a02:26f0:10c:395::753
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
097263a7184d235c0202665c5b2d0d093cd83fb27483fbfbca212c0b6b1c5b11
0a67653a09d3f3c540a0c0691af6b0bf5b7c76062ba27f79247707a958091e10
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6
211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb
2e95a0acd4cb492d0ba2fed324fa928fb32815f8a982d7f406bf7428953f843e
314e50eeee61a62fa0c754173772948b40cab0463092bc834011f17fa05de594
3d05d46146f38af96edee763df57892ccbf155494ab977c44b618fedb6d60f18
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea
99190cfe65f919edb8071d84eee7096ec27561bc9b9fa396e55e0eb5e2cd0194
a7f0617136be79abf13b65f6c1f6b30280d2963a312a6e1d9205ac7d72ed1255
b5d587f6c48a9b22bbe97150249e0c0655ac1780bd273431480a22f8a5bfef6c
c93fb192d93946ff9f853be4d5c0c4f4a2cc0b9fb328e89dba7b14210136f844
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f89e908280791803bbf1f33b596ff4a2179b355a8e15ad02ebaa2b1da11127ea

est1.ga Open in urlscan Pro 2606:4700:3035::681b:8bb7 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

10 Requests

100 %HTTPS

75 %IPv6

4 Domains

4 Subdomains

5 IPs

2 Countries

1067 kBTransfer

3714 kBSize

1 Cookies

2 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

1 Cookies

Security Headers

Indicators

est1.ga Open in urlscan Pro
2606:4700:3035::681b:8bb7 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

1067 kB
Transfer

3714 kB
Size

1
Cookies

10 HTTP transactions
6 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!