urlscan.io logo urlscan.io
SecurityTrails logo

outlookloffice365user64k.z19.web.core.windows.net Open in urlscan Pro
20.38.96.97  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://ur89-20.azurewebsites.net/isolo?dyu=martinb@herbalife.com&&67.29.94.79&&cc0_34k3=herbalife.com&sr=martinb@herbalife.com&UN...
Effective URL: https://outlookloffice365user64k.z19.web.core.windows.net/8f7f2375ba3e2ee3adf67d0e32c683d5/8f7f2375ba3e2ee3adf67d0e32c683d5
Submission: On February 11 via manual from MX
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 3 countries across 8 domains to perform 9 HTTP transactions. The main IP is 20.38.96.97, located in Falls Church, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US. The main domain is outlookloffice365user64k.z19.web.core.windows.net.
TLS certificate: Issued by Microsoft IT TLS CA 5 on April 19th 2018. Valid for: 2 years.
This is the only time outlookloffice365user64k.z19.web.core.windows.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 2 23.100.82.11 8075 (MICROSOFT...)
1 20.38.96.97 8075 (MICROSOFT...)
1 2a04:4e42::393 54113 (FASTLY)
2 23.111.9.35 33438 (HIGHWINDS2)
1 23.45.236.121 20940 (AKAMAI-ASN1)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 104.16.13.231 13335 (CLOUDFLAR...)
1 151.101.120.193 54113 (FASTLY)
9 8
2    23.100.82.11 (Des Moines, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
ur89-20.azurewebsites.net
1    20.38.96.97 (Falls Church, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
outlookloffice365user64k.z19.web.core.windows.net
1    2a04:4e42::393 (European Union)

ASN54113 (FASTLY - Fastly, US)
res.cloudinary.com
2    23.111.9.35 (Phoenix, United States)

ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US)
use.fontawesome.com
1    23.45.236.121 (Amsterdam, Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-45-236-121.deploy.static.akamaitechnologies.com
plugin.intuitcdn.net
1    2a02:26f0:6c00:283::35c1 (European Union)

ASN20940 (AKAMAI-ASN1, US)
secure.aadcdn.microsoftonline-p.com
1    104.16.13.231 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdn.discordapp.com
1    151.101.120.193 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)
i.imgur.com
Domain Requested by
2 use.fontawesome.com outlookloffice365user64k.z19.web.core.windows.net
2 ur89-20.azurewebsites.net 1 redirects
1 i.imgur.com outlookloffice365user64k.z19.web.core.windows.net
1 cdn.discordapp.com outlookloffice365user64k.z19.web.core.windows.net
1 secure.aadcdn.microsoftonline-p.com outlookloffice365user64k.z19.web.core.windows.net
1 plugin.intuitcdn.net outlookloffice365user64k.z19.web.core.windows.net
1 res.cloudinary.com outlookloffice365user64k.z19.web.core.windows.net
1 outlookloffice365user64k.z19.web.core.windows.net
9 8

This site contains no links.

Subject Issuer Validity Valid
*.azurewebsites.net
Microsoft IT TLS CA 4		 2017-12-17 -
2019-12-17		 2 years crt.sh
*.web.core.windows.net
Microsoft IT TLS CA 5		 2018-04-19 -
2020-04-19		 2 years crt.sh
*.cloudinary.com
Go Daddy Secure Certificate Authority - G2		 2018-07-01 -
2020-06-22		 2 years crt.sh
*.fontawesome.com
DigiCert SHA2 Secure Server CA		 2018-09-17 -
2019-11-21		 a year crt.sh
*.intuitcdn.net
DigiCert SHA2 Secure Server CA		 2018-03-12 -
2019-03-12		 a year crt.sh
secure.aadcdn.microsoftonline-p.com
Microsoft IT TLS CA 1		 2017-08-15 -
2019-08-15		 2 years crt.sh
ssl711320.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2018-10-18 -
2019-04-26		 6 months crt.sh
*.imgur.com
DigiCert SHA2 Secure Server CA		 2018-12-14 -
2020-02-12		 a year crt.sh

This page contains 1 frames:

Primary Page: https://outlookloffice365user64k.z19.web.core.windows.net/8f7f2375ba3e2ee3adf67d0e32c683d5/8f7f2375ba3e2ee3adf67d0e32c683d5
Frame ID: 22908891D6512F29A4F06FC6BB964708
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://ur89-20.azurewebsites.net/isolo?dyu=martinb@herbalife.com&&67.29.94.79&&cc0_34k3=herbalife.com&sr=mart... HTTP 301
    https://ur89-20.azurewebsites.net/isolo/?dyu=martinb@herbalife.com&&67.29.94.79&&cc0_34k3=herbalife.com&sr=mar... Page URL
  2. https://outlookloffice365user64k.z19.web.core.windows.net/8f7f2375ba3e2ee3adf67d0e32c683d5/8f7f2375ba3e2ee3adf67d0e32c683d5 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /IIS(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • headers server /IIS(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js/i
  • env /^jQuery$/i

Page Statistics

9
Requests

100 %
HTTPS

25 %
IPv6

8
Domains

8
Subdomains

8
IPs

3
Countries

356 kB
Transfer

453 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://ur89-20.azurewebsites.net/isolo?dyu=martinb@herbalife.com&&67.29.94.79&&cc0_34k3=herbalife.com&sr=martinb@herbalife.com&UNPY9BPT=herbalife.com&sc-3d=martinb@herbalife.com&&27027868884&&cc0_34k3=martinb&sr=027868884 HTTP 301
    https://ur89-20.azurewebsites.net/isolo/?dyu=martinb@herbalife.com&&67.29.94.79&&cc0_34k3=herbalife.com&sr=martinb@herbalife.com&UNPY9BPT=herbalife.com&sc-3d=martinb@herbalife.com&&27027868884&&cc0_34k3=martinb&sr=027868884 Page URL
  2. https://outlookloffice365user64k.z19.web.core.windows.net/8f7f2375ba3e2ee3adf67d0e32c683d5/8f7f2375ba3e2ee3adf67d0e32c683d5 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://ur89-20.azurewebsites.net/isolo?dyu=martinb@herbalife.com&&67.29.94.79&&cc0_34k3=herbalife.com&sr=martinb@herbalife.com&UNPY9BPT=herbalife.com&sc-3d=martinb@herbalife.com&&27027868884&&cc0_34k3=martinb&sr=027868884 HTTP 301
  • https://ur89-20.azurewebsites.net/isolo/?dyu=martinb@herbalife.com&&67.29.94.79&&cc0_34k3=herbalife.com&sr=martinb@herbalife.com&UNPY9BPT=herbalife.com&sc-3d=martinb@herbalife.com&&27027868884&&cc0_34k3=martinb&sr=027868884

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
ur89-20.azurewebsites.net/isolo/
Redirect Chain
  • https://ur89-20.azurewebsites.net/isolo?dyu=martinb@herbalife.com&&67.29.94.79&&cc0_34k3=herbalife.com&sr=martinb@herbalife.com&UNPY9BPT=herbalife.com&sc-3d=martinb@herbalife.com&&27027868884&&cc0_...
  • https://ur89-20.azurewebsites.net/isolo/?dyu=martinb@herbalife.com&&67.29.94.79&&cc0_34k3=herbalife.com&sr=martinb@herbalife.com&UNPY9BPT=herbalife.com&sc-3d=martinb@herbalife.com&&27027868884&&cc0...
442 B
613 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ur89-20.azurewebsites.net/isolo/?dyu=martinb@herbalife.com&&67.29.94.79&&cc0_34k3=herbalife.com&sr=martinb@herbalife.com&UNPY9BPT=herbalife.com&sc-3d=martinb@herbalife.com&&27027868884&&cc0_34k3=martinb&sr=027868884
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.100.82.11 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / PHP/5.6.39 ASP.NET
Resource Hash

Request headers

Host
ur89-20.azurewebsites.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate, br
Cookie
ARRAffinity=4a031afc71079277fe167be27c2d76c7341959314deaee1b5fa50244e2a7e16f
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Length
372
Content-Type
text/html; charset=UTF-8
Content-Encoding
gzip
Vary
Accept-Encoding
Server
Microsoft-IIS/10.0
X-Powered-By
PHP/5.6.39 ASP.NET
Date
Mon, 11 Feb 2019 18:02:58 GMT

Redirect headers

Content-Length
394
Content-Type
text/html; charset=UTF-8
Location
https://ur89-20.azurewebsites.net/isolo/?dyu=martinb@herbalife.com&&67.29.94.79&&cc0_34k3=herbalife.com&sr=martinb@herbalife.com&UNPY9BPT=herbalife.com&sc-3d=martinb@herbalife.com&&27027868884&&cc0_34k3=martinb&sr=027868884
Server
Microsoft-IIS/10.0
X-Powered-By
ASP.NET
Set-Cookie
ARRAffinity=4a031afc71079277fe167be27c2d76c7341959314deaee1b5fa50244e2a7e16f;Path=/;HttpOnly;Domain=ur89-20.azurewebsites.net
Date
Mon, 11 Feb 2019 18:02:58 GMT
Primary Request 8f7f2375ba3e2ee3adf67d0e32c683d5
outlookloffice365user64k.z19.web.core.windows.net/8f7f2375ba3e2ee3adf67d0e32c683d5/ 		9 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://outlookloffice365user64k.z19.web.core.windows.net/8f7f2375ba3e2ee3adf67d0e32c683d5/8f7f2375ba3e2ee3adf67d0e32c683d5
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.38.96.97 Falls Church, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
1513c0c74a617b9863b05d320c1983a09cec28b075307b98edba4a92576f438f

Request headers

Host
outlookloffice365user64k.z19.web.core.windows.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
https://ur89-20.azurewebsites.net/isolo/?dyu=martinb@herbalife.com&&67.29.94.79&&cc0_34k3=herbalife.com&sr=martinb@herbalife.com&UNPY9BPT=herbalife.com&sc-3d=martinb@herbalife.com&&27027868884&&cc0_34k3=martinb&sr=027868884
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://ur89-20.azurewebsites.net/isolo/?dyu=martinb@herbalife.com&&67.29.94.79&&cc0_34k3=herbalife.com&sr=martinb@herbalife.com&UNPY9BPT=herbalife.com&sc-3d=martinb@herbalife.com&&27027868884&&cc0_34k3=martinb&sr=027868884

Response headers

Content-Length
9193
Content-Type
text/html
Server
Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-error-code
WebContentNotFound
x-ms-request-id
6dd924fb-601e-007b-3034-c2a422000000
x-ms-version
2018-03-28
Date
Mon, 11 Feb 2019 18:02:59 GMT
style.css
res.cloudinary.com/dfvzxzbhe/raw/upload/v1539177451/sg/ 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://res.cloudinary.com/dfvzxzbhe/raw/upload/v1539177451/sg/style.css
Requested by
Host: outlookloffice365user64k.z19.web.core.windows.net
URL: https://outlookloffice365user64k.z19.web.core.windows.net/8f7f2375ba3e2ee3adf67d0e32c683d5/8f7f2375ba3e2ee3adf67d0e32c683d5
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42::393 , European Union, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
cloudinary /
Resource Hash
e73bc447281a2b6d39fe47d8eea58cd085da17cbcdd0ac1f70fa553f994edb15

Request headers

Referer
https://outlookloffice365user64k.z19.web.core.windows.net/8f7f2375ba3e2ee3adf67d0e32c683d5/8f7f2375ba3e2ee3adf67d0e32c683d5
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 11 Feb 2019 18:02:59 GMT
content-encoding
gzip
age
393156
edge-cache-tag
359400317664302332168141980925623770064,d9f8174e5f073f9633f6a85707ff90c3
status
200
x-cache
HIT
content-length
1509
via
1.1 varnish
x-served-by
cache-fra19120-FRA
last-modified
Wed, 10 Oct 2018 13:17:32 GMT
server
cloudinary
x-timer
S1549908180.786458,VS0,VE1
etag
W/"738903f7d14ef1c21394992cc2d5c0c3"
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
1
all.css
use.fontawesome.com/releases/v5.7.1/css/ 		53 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/releases/v5.7.1/css/all.css
Requested by
Host: outlookloffice365user64k.z19.web.core.windows.net
URL: https://outlookloffice365user64k.z19.web.core.windows.net/8f7f2375ba3e2ee3adf67d0e32c683d5/8f7f2375ba3e2ee3adf67d0e32c683d5
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.111.9.35 Phoenix, United States, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
9c099acc093abd2df85eaa34052ad36fe69b6ed16582c14aecd2928baa3b63bf

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://outlookloffice365user64k.z19.web.core.windows.net/8f7f2375ba3e2ee3adf67d0e32c683d5/8f7f2375ba3e2ee3adf67d0e32c683d5
Origin
https://outlookloffice365user64k.z19.web.core.windows.net

Response headers

date
Mon, 11 Feb 2019 18:02:59 GMT
content-encoding
gzip
last-modified
Fri, 01 Feb 2019 18:49:40 GMT
server
NetDNA-cache/2.2
access-control-allow-origin
*
etag
W/"7b1d7f457d056ace7b230b587b9f3753"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
status
200
access-control-max-age
3000
cache-control
max-age=31556926
x-cache
HIT
jquery.min.js
plugin.intuitcdn.net/jquery/2.2.0/dist/ 		84 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://plugin.intuitcdn.net/jquery/2.2.0/dist/jquery.min.js
Requested by
Host: outlookloffice365user64k.z19.web.core.windows.net
URL: https://outlookloffice365user64k.z19.web.core.windows.net/8f7f2375ba3e2ee3adf67d0e32c683d5/8f7f2375ba3e2ee3adf67d0e32c683d5
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.45.236.121 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-45-236-121.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
8a102873a33f24f7eb22221e6b23c4f718e29f85168ecc769a35bfaed9b12cce

Request headers

Referer
https://outlookloffice365user64k.z19.web.core.windows.net/8f7f2375ba3e2ee3adf67d0e32c683d5/8f7f2375ba3e2ee3adf67d0e32c683d5
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 11 Feb 2019 18:02:59 GMT
content-encoding
gzip
x-amz-request-id
6A523DE666C6FD04
status
200
access-control-max-age
86400
content-length
29918
x-amz-id-2
XrGB4WNwUIiv928vqvRiJ/c8bGyafF6IlcD8RH2m++i+boqkWdA/p66MunnnXgrxrULbqfFebzY=
last-modified
Thu, 02 Nov 2017 22:23:06 GMT
server
AmazonS3
etag
"6fc159d00dc3cea4153c038739683f93"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31556926, immutable
access-control-allow-credentials
false
accept-ranges
bytes
timing-allow-origin
*
microsoft_logo.svg
secure.aadcdn.microsoftonline-p.com/ests/2.1.8014.13/content/images/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8014.13/content/images/microsoft_logo.svg?x=ee5c8d9fb6248c938fd0dc19370e90bd
Requested by
Host: outlookloffice365user64k.z19.web.core.windows.net
URL: https://outlookloffice365user64k.z19.web.core.windows.net/8f7f2375ba3e2ee3adf67d0e32c683d5/8f7f2375ba3e2ee3adf67d0e32c683d5
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:283::35c1 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://outlookloffice365user64k.z19.web.core.windows.net/8f7f2375ba3e2ee3adf67d0e32c683d5/8f7f2375ba3e2ee3adf67d0e32c683d5
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 11 Feb 2019 18:02:59 GMT
Content-Encoding
gzip
Last-Modified
Wed, 15 Aug 2018 04:57:55 GMT
Content-MD5
nzaLxFgP7ZB3dfMcaybWzw==
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
Cache-Control
public, max-age=545644
Connection
keep-alive
Content-Length
1435
30.gif
cdn.discordapp.com/attachments/466747916187336706/502092033779957760/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.discordapp.com/attachments/466747916187336706/502092033779957760/30.gif
Requested by
Host: outlookloffice365user64k.z19.web.core.windows.net
URL: https://outlookloffice365user64k.z19.web.core.windows.net/8f7f2375ba3e2ee3adf67d0e32c683d5/8f7f2375ba3e2ee3adf67d0e32c683d5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.13.231 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
52600dd842dfe2b1de28fb0e8a9dd948be6b19ac2d9e4905dafaa4aa059802ac

Request headers

Referer
https://outlookloffice365user64k.z19.web.core.windows.net/8f7f2375ba3e2ee3adf67d0e32c683d5/8f7f2375ba3e2ee3adf67d0e32c683d5
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 11 Feb 2019 18:03:00 GMT
cf-cache-status
HIT
status
200
x-guploader-uploadid
AEnB2UqOHubqbvHO9FWWe1JKhOsZw7IKwixjNNoTe1p1Ksz5OIbcMLnz-TEUrJpNslwXgNamFUySi7wmWNhwFdzz1pHptTnhT38lcQh0O0KfL6Dyuy1aO7c
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
content-length
4684
cf-ray
4a78bacd7bb2bd8e-AMS
x-robots-tag
noindex, nofollow, noarchive, nocache, noimageindex, noodp
last-modified
Wed, 17 Oct 2018 12:14:29 GMT
server
cloudflare
etag
"e454c93bcb857648c648ea1a8178734e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=7imm8Q==, md5=5FTJO8uFdkjGSOoagXhzTg==
x-goog-generation
1539778469324166
cache-control
public, max-age=31536000
x-goog-stored-content-length
4684
accept-ranges
bytes
content-type
image/gif
expires
Tue, 11 Feb 2020 18:03:00 GMT
wfKy3rD.jpg
i.imgur.com/ 		221 KB
221 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.imgur.com/wfKy3rD.jpg
Requested by
Host: outlookloffice365user64k.z19.web.core.windows.net
URL: https://outlookloffice365user64k.z19.web.core.windows.net/8f7f2375ba3e2ee3adf67d0e32c683d5/8f7f2375ba3e2ee3adf67d0e32c683d5
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.120.193 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
dae1dd4c9f81f6ae7a92974a903d67ba081b9bd5cd28f91788854ca25fb81f9e

Request headers

Referer
https://res.cloudinary.com/dfvzxzbhe/raw/upload/v1539177451/sg/style.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 11 Feb 2019 18:03:00 GMT
age
1277277
x-cache
HIT, HIT
status
200
content-length
226300
x-served-by
cache-bwi5144-BWI, cache-cdg20743-CDG
last-modified
Wed, 15 Aug 2018 18:53:14 GMT
server
cat factory 1.0
x-timer
S1549908180.262636,VS0,VE2
etag
"57659bc26a88c37cbbe4f3d1b112bf59"
access-control-allow-methods
GET, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-storage-class
STANDARD_IA
x-cache-hits
1, 1
fa-solid-900.woff2
use.fontawesome.com/releases/v5.7.1/webfonts/ 		73 KB
73 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/releases/v5.7.1/webfonts/fa-solid-900.woff2
Requested by
Host: outlookloffice365user64k.z19.web.core.windows.net
URL: https://outlookloffice365user64k.z19.web.core.windows.net/8f7f2375ba3e2ee3adf67d0e32c683d5/8f7f2375ba3e2ee3adf67d0e32c683d5
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.111.9.35 Phoenix, United States, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
9e6bd5b2d75bba485d2337d020750744983a3521ec697adfe21b29ee4f14f6a9

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://use.fontawesome.com/releases/v5.7.1/css/all.css
Origin
https://outlookloffice365user64k.z19.web.core.windows.net

Response headers

date
Mon, 11 Feb 2019 18:03:00 GMT
last-modified
Fri, 01 Feb 2019 18:50:17 GMT
server
NetDNA-cache/2.2
access-control-allow-origin
*
etag
"3638e62ea50e6f5859b6a15276c25c87"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET
content-type
font/woff2
status
200
access-control-max-age
3000
cache-control
max-age=31556926
x-cache
HIT
accept-ranges
bytes
content-length
74320

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask function| $ function| jQuery function| getUrlVars undefined| number string| $pgurl

0 Cookies

1 Console Messages

Source Level URL
Text
console-api log URL: https://outlookloffice365user64k.z19.web.core.windows.net/8f7f2375ba3e2ee3adf67d0e32c683d5/8f7f2375ba3e2ee3adf67d0e32c683d5(Line 168)
Message:
martinb@herbalife.com