microsoft.trusted-mail.live Open in urlscan Pro
2a01:4f8:c17:ea63::1 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://microsoft.trusted-mail.live/3kjllsjqr2ydec4z/
Submission: On September 15 via automatic, source openphish (September 15th 2024, 1:09:44 am UTC) — Scanned from US

Summary HTTP 20 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 4 domains to perform 20 HTTP transactions. The main IP is 2a01:4f8:c17:ea63::1, located in Bad Soden-Salmuenster, Germany and belongs to HETZNER-AS, DE. The main domain is microsoft.trusted-mail.live.
TLS certificate: Issued by ZeroSSL ECC Domain Secure Site CA on September 13th 2024. Valid for: 3 months.

This is the only time microsoft.trusted-mail.live was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address		AS Autonomous System
4 21	2a01:4f8:c17:... 2a01:4f8:c17:ea63::1		24940 (HETZNER-AS) (HETZNER-AS)
20	2

21 2a01:4f8:c17:ea63::1 (Bad Soden-Salmuenster, Germany) 4 redirects

ASN24940 (HETZNER-AS, DE)

microsoft.trusted-mail.live	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
21	trusted-mail.live 4 redirects microsoft.trusted-mail.live	108 KB
0	x.com Failed x.com Failed
0	googleblog.com Failed workspaceupdates.googleblog.com Failed
0	google.com Failed accounts.google.com Failed
20	4

	Domain	Requested by
21	microsoft.trusted-mail.live	4 redirects microsoft.trusted-mail.live
0	x.com Failed	microsoft.trusted-mail.live
0	workspaceupdates.googleblog.com Failed	microsoft.trusted-mail.live
0	accounts.google.com Failed	microsoft.trusted-mail.live
20	4

This site contains no links.

Subject Issuer	Validity	Valid
trusted-mail.live ZeroSSL ECC Domain Secure Site CA	`2024-09-13` - `2024-12-12`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://microsoft.trusted-mail.live/3kjllsjqr2ydec4z/
Frame ID: 9D617D008B0CBA961F64FB9EE231425A
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in to Office 365

Detected technologies

TrackJs (Analytics) Expand

Overall confidence: 100%
Detected patterns

tracker\.js

Page Statistics

20
Requests

65 %
HTTPS

100 %
IPv6

4
Domains

4
Subdomains

2
IPs

2
Countries

106 kB
Transfer

116 kB
Size

10
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://microsoft.trusted-mail.live/js/events.js HTTP 302
https://microsoft.trusted-mail.live/obfuscate?path=js/events.js

Request Chain 7

https://microsoft.trusted-mail.live/js/timeme.min.js HTTP 302
https://microsoft.trusted-mail.live/obfuscate?path=js/timeme.min.js

Request Chain 8

https://microsoft.trusted-mail.live/js/time-tracker.js HTTP 302
https://microsoft.trusted-mail.live/obfuscate?path=js/time-tracker.js

Request Chain 9

https://microsoft.trusted-mail.live/js/views/campaign/analyse.js HTTP 302
https://microsoft.trusted-mail.live/obfuscate?path=js/views/campaign/analyse.js

Request Chain 11

https://plus.google.com/up/?continue=https://www.google.com/intl/en/images/logos/accounts_logo.png&type=st&gpsrc=ogpy0 HTTP 301
https://workspaceupdates.googleblog.com/2023/04/new-community-features-for-google-chat-and-an-update-currents%20.html

Request Chain 12

https://twitter.com/login?redirect_after_login=/favicon.ico HTTP 302
https://x.com/login?redirect_after_login=/favicon.ico

20 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response microsoft.trusted-mail.live/3kjllsjqr2ydec4z/	6 KB 3 KB	645ms 369ms	Document text/html	2a01:4f8:c17:ea63::1 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://microsoft.trusted-mail.live/3kjllsjqr2ydec4z/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2a01:4f8:c17:ea63::1 Bad Soden-Salmuenster, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS Software nginx/1.22.1 / Resource Hash `40b5d8a58652a31bdd2f384fa6261f5ac94fb5556bf9cd753b90141eee227b80` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Access-Control-Allow-Headers * Access-Control-Allow-Methods * Access-Control-Allow-Origin * Cache-Control no-store, no-cache, must-revalidate no-cache Connection keep-alive Content-Encoding gzip Content-Length 2190 Content-Type text/html; charset=UTF-8 Date Sun, 15 Sep 2024 01:09:38 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Pragma no-cache Server nginx/1.22.1 Upgrade h2,h2c Vary Accept-Encoding
GET H/1.1	200 OK	obfuscate Show response microsoft.trusted-mail.live/ Redirect Chain https://microsoft.trusted-mail.live/js/events.js https://microsoft.trusted-mail.live/obfuscate?path=js/events.js	558 B 995 B	281ms 164ms	Script text/javascript	2a01:4f8:c17:ea63::1 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://microsoft.trusted-mail.live/obfuscate?path=js/events.js Requested by Host: microsoft.trusted-mail.live URL: https://microsoft.trusted-mail.live/3kjllsjqr2ydec4z/ Protocol HTTP/1.1 Server 2a01:4f8:c17:ea63::1 Bad Soden-Salmuenster, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS Software nginx/1.22.1 / Resource Hash `1ebe19e41a80646d99691bf907f012f60c4a6f29d362ed8209a5e0964709808d` Request headers Referer https://microsoft.trusted-mail.live/3kjllsjqr2ydec4z/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Pragma no-cache Date Sun, 15 Sep 2024 01:09:39 GMT Server nginx/1.22.1 Transfer-Encoding chunked Access-Control-Allow-Methods * Content-Type text/javascript;charset=UTF-8 Upgrade h2,h2c Access-Control-Allow-Origin * Cache-Control no-store, no-cache, must-revalidate, no-cache Connection keep-alive Access-Control-Allow-Headers * Expires Thu, 19 Nov 1981 08:52:00 GMT Redirect headers Date Sun, 15 Sep 2024 01:09:38 GMT Server nginx/1.22.1 Content-Type text/html; charset=iso-8859-1 Location https://microsoft.trusted-mail.live/obfuscate?path=js/events.js Cache-Control max-age=1, no-cache Connection keep-alive Content-Length 322 Expires Sun, 15 Sep 2024 01:09:39 GMT
GET H/1.1	200 OK	style.css microsoft.trusted-mail.live/public/campaign/38/613/15/	16 KB 4 KB	234ms 116ms	Stylesheet text/css	2a01:4f8:c17:ea63::1 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://microsoft.trusted-mail.live/public/campaign/38/613/15/style.css Requested by Host: microsoft.trusted-mail.live URL: https://microsoft.trusted-mail.live/3kjllsjqr2ydec4z/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2a01:4f8:c17:ea63::1 Bad Soden-Salmuenster, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS Software nginx/1.22.1 / Resource Hash `f1c337652efabe9f5e414ea59f57c6400ed13bf75dd722d661de6b575c33551c` Request headers Referer https://microsoft.trusted-mail.live/3kjllsjqr2ydec4z/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Sun, 15 Sep 2024 01:09:39 GMT Content-Encoding gzip Last-Modified Mon, 29 Jul 2024 14:30:11 GMT Server nginx/1.22.1 ETag "3e94-61e63b2d2cd75-gzip" Vary Accept-Encoding Upgrade h2,h2c Content-Type text/css Cache-Control no-cache Connection keep-alive Accept-Ranges bytes Content-Length 3299
GET H/1.1	200 OK	office.png microsoft.trusted-mail.live/public/campaign/38/613/15/	18 KB 18 KB	575ms 317ms	Image image/png	2a01:4f8:c17:ea63::1 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://microsoft.trusted-mail.live/public/campaign/38/613/15/office.png Requested by Host: microsoft.trusted-mail.live URL: https://microsoft.trusted-mail.live/3kjllsjqr2ydec4z/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2a01:4f8:c17:ea63::1 Bad Soden-Salmuenster, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS Software nginx/1.22.1 / Resource Hash `24d8d9de980110ae019b26b88ee6e0f31f38db01403361bc01b52d18732a8f08` Request headers Referer https://microsoft.trusted-mail.live/3kjllsjqr2ydec4z/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Sun, 15 Sep 2024 01:09:39 GMT Last-Modified Mon, 29 Jul 2024 14:30:11 GMT Server nginx/1.22.1 ETag "479a-61e63b2d2cd75" Upgrade h2,h2c Content-Type image/png Cache-Control no-cache Connection keep-alive Accept-Ranges bytes Content-Length 18330
GET H/1.1	200 OK	microsoft_logo.png microsoft.trusted-mail.live/public/campaign/38/613/15/	1 KB 1 KB	482ms 216ms	Image image/png	2a01:4f8:c17:ea63::1 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://microsoft.trusted-mail.live/public/campaign/38/613/15/microsoft_logo.png Requested by Host: microsoft.trusted-mail.live URL: https://microsoft.trusted-mail.live/3kjllsjqr2ydec4z/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2a01:4f8:c17:ea63::1 Bad Soden-Salmuenster, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS Software nginx/1.22.1 / Resource Hash `f664b8138c2da6ec7565500a7cc839da6372614a31dc04c5a2169a26b8d9767c` Request headers Referer https://microsoft.trusted-mail.live/3kjllsjqr2ydec4z/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Sun, 15 Sep 2024 01:09:39 GMT Last-Modified Mon, 29 Jul 2024 14:30:11 GMT Server nginx/1.22.1 ETag "421-61e63b2d2cd75" Upgrade h2,h2c Content-Type image/png Cache-Control no-cache Connection keep-alive Accept-Ranges bytes Content-Length 1057
GET H/1.1	200 OK	arrow_left.png microsoft.trusted-mail.live/public/campaign/38/613/15/	240 B 524 B	122ms 119ms	Image image/png	2a01:4f8:c17:ea63::1 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://microsoft.trusted-mail.live/public/campaign/38/613/15/arrow_left.png Requested by Host: microsoft.trusted-mail.live URL: https://microsoft.trusted-mail.live/3kjllsjqr2ydec4z/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2a01:4f8:c17:ea63::1 Bad Soden-Salmuenster, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS Software nginx/1.22.1 / Resource Hash `ab50358475adae73a435466c72d1a48ab124e8ae06614663716a46dce5ac8b83` Request headers Referer https://microsoft.trusted-mail.live/3kjllsjqr2ydec4z/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Sun, 15 Sep 2024 01:09:39 GMT Last-Modified Mon, 29 Jul 2024 14:30:11 GMT Server nginx/1.22.1 ETag "f0-61e63b2d2cd75" Upgrade h2,h2c Content-Type image/png Cache-Control no-cache Connection keep-alive Accept-Ranges bytes Content-Length 240
GET H/1.1	200 OK	ellipsis_white.png microsoft.trusted-mail.live/public/campaign/38/613/15/	207 B 491 B	171ms 168ms	Image image/png	2a01:4f8:c17:ea63::1 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://microsoft.trusted-mail.live/public/campaign/38/613/15/ellipsis_white.png Requested by Host: microsoft.trusted-mail.live URL: https://microsoft.trusted-mail.live/3kjllsjqr2ydec4z/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2a01:4f8:c17:ea63::1 Bad Soden-Salmuenster, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS Software nginx/1.22.1 / Resource Hash `2c03ee38a4eba6a047c3a5bacb3eb461efe14be8acd46ae772350a4dea2f0175` Request headers Referer https://microsoft.trusted-mail.live/3kjllsjqr2ydec4z/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Sun, 15 Sep 2024 01:09:39 GMT Last-Modified Mon, 29 Jul 2024 14:30:11 GMT Server nginx/1.22.1 ETag "cf-61e63b2d2cd75" Upgrade h2,h2c Content-Type image/png Cache-Control no-cache Connection keep-alive Accept-Ranges bytes Content-Length 207
GET H/1.1	200 OK	ellipsis_grey.png microsoft.trusted-mail.live/public/campaign/38/613/15/	262 B 547 B	186ms 183ms	Image image/png	2a01:4f8:c17:ea63::1 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://microsoft.trusted-mail.live/public/campaign/38/613/15/ellipsis_grey.png Requested by Host: microsoft.trusted-mail.live URL: https://microsoft.trusted-mail.live/3kjllsjqr2ydec4z/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2a01:4f8:c17:ea63::1 Bad Soden-Salmuenster, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS Software nginx/1.22.1 / Resource Hash `280eeeba7da255e0fbe039cadb63aede300d0c68a5c322035b89d39b12af8916` Request headers Referer https://microsoft.trusted-mail.live/3kjllsjqr2ydec4z/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Sun, 15 Sep 2024 01:09:39 GMT Last-Modified Mon, 29 Jul 2024 14:30:11 GMT Server nginx/1.22.1 ETag "106-61e63b2d2cd75" Upgrade h2,h2c Content-Type image/png Cache-Control no-cache Connection keep-alive Accept-Ranges bytes Content-Length 262
GET H/1.1	200 OK	obfuscate Show response microsoft.trusted-mail.live/ Redirect Chain https://microsoft.trusted-mail.live/js/timeme.min.js https://microsoft.trusted-mail.live/obfuscate?path=js/timeme.min.js	4 KB 5 KB	189ms 189ms	Script text/javascript	2a01:4f8:c17:ea63::1 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://microsoft.trusted-mail.live/obfuscate?path=js/timeme.min.js Requested by Host: microsoft.trusted-mail.live URL: https://microsoft.trusted-mail.live/3kjllsjqr2ydec4z/ Protocol HTTP/1.1 Server 2a01:4f8:c17:ea63::1 Bad Soden-Salmuenster, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS Software nginx/1.22.1 / Resource Hash `1c1aff1501eb2b60d97d99b9f4cddfde783d6503a1a2f3fd7889d0ca9be45f26` Request headers Referer https://microsoft.trusted-mail.live/3kjllsjqr2ydec4z/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Pragma no-cache Date Sun, 15 Sep 2024 01:09:39 GMT Server nginx/1.22.1 Transfer-Encoding chunked Access-Control-Allow-Methods * Content-Type text/javascript;charset=UTF-8 Upgrade h2,h2c Access-Control-Allow-Origin * Cache-Control no-store, no-cache, must-revalidate, no-cache Connection keep-alive Access-Control-Allow-Headers * Expires Thu, 19 Nov 1981 08:52:00 GMT Redirect headers Date Sun, 15 Sep 2024 01:09:39 GMT Server nginx/1.22.1 Content-Type text/html; charset=iso-8859-1 Location https://microsoft.trusted-mail.live/obfuscate?path=js/timeme.min.js Cache-Control max-age=1, no-cache Connection keep-alive Content-Length 326 Expires Sun, 15 Sep 2024 01:09:40 GMT
GET H/1.1	200 OK	obfuscate Show response microsoft.trusted-mail.live/ Redirect Chain https://microsoft.trusted-mail.live/js/time-tracker.js https://microsoft.trusted-mail.live/obfuscate?path=js/time-tracker.js	2 KB 2 KB	173ms 172ms	Script text/javascript	2a01:4f8:c17:ea63::1 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://microsoft.trusted-mail.live/obfuscate?path=js/time-tracker.js Requested by Host: microsoft.trusted-mail.live URL: https://microsoft.trusted-mail.live/3kjllsjqr2ydec4z/ Protocol HTTP/1.1 Server 2a01:4f8:c17:ea63::1 Bad Soden-Salmuenster, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS Software nginx/1.22.1 / Resource Hash `f53941103f6922446d2f5490b628638bffa13b74888ca07f40b2811ac743d98c` Request headers Referer https://microsoft.trusted-mail.live/3kjllsjqr2ydec4z/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Pragma no-cache Date Sun, 15 Sep 2024 01:09:39 GMT Server nginx/1.22.1 Transfer-Encoding chunked Access-Control-Allow-Methods * Content-Type text/javascript;charset=UTF-8 Upgrade h2,h2c Access-Control-Allow-Origin * Cache-Control no-store, no-cache, must-revalidate, no-cache Connection keep-alive Access-Control-Allow-Headers * Expires Thu, 19 Nov 1981 08:52:00 GMT Redirect headers Date Sun, 15 Sep 2024 01:09:39 GMT Server nginx/1.22.1 Content-Type text/html; charset=iso-8859-1 Location https://microsoft.trusted-mail.live/obfuscate?path=js/time-tracker.js Cache-Control max-age=1, no-cache Connection keep-alive Content-Length 328 Expires Sun, 15 Sep 2024 01:09:40 GMT
GET H/1.1	200 OK	obfuscate Show response microsoft.trusted-mail.live/ Redirect Chain https://microsoft.trusted-mail.live/js/views/campaign/analyse.js https://microsoft.trusted-mail.live/obfuscate?path=js/views/campaign/analyse.js	3 KB 3 KB	180ms 180ms	Script text/javascript	2a01:4f8:c17:ea63::1 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://microsoft.trusted-mail.live/obfuscate?path=js/views/campaign/analyse.js Requested by Host: microsoft.trusted-mail.live URL: https://microsoft.trusted-mail.live/3kjllsjqr2ydec4z/ Protocol HTTP/1.1 Server 2a01:4f8:c17:ea63::1 Bad Soden-Salmuenster, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS Software nginx/1.22.1 / Resource Hash `16dd9f6ea949f57ecb70a3341e6a7e6853279d7efb99db6b711b4c3a518b4cc1` Request headers Referer https://microsoft.trusted-mail.live/3kjllsjqr2ydec4z/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Pragma no-cache Date Sun, 15 Sep 2024 01:09:39 GMT Server nginx/1.22.1 Transfer-Encoding chunked Access-Control-Allow-Methods * Content-Type text/javascript;charset=UTF-8 Upgrade h2,h2c Access-Control-Allow-Origin * Cache-Control no-store, no-cache, must-revalidate, no-cache Connection keep-alive Access-Control-Allow-Headers * Expires Thu, 19 Nov 1981 08:52:00 GMT Redirect headers Date Sun, 15 Sep 2024 01:09:39 GMT Server nginx/1.22.1 Content-Type text/html; charset=iso-8859-1 Location https://microsoft.trusted-mail.live/obfuscate?path=js/views/campaign/analyse.js Cache-Control max-age=1, no-cache Connection keep-alive Content-Length 338 Expires Sun, 15 Sep 2024 01:09:40 GMT
GET		CheckCookie accounts.google.com/	0 0

GET		new-community-features-for-google-chat-and-an-update-currents%20.html workspaceupdates.googleblog.com/2023/04/ Redirect Chain https://plus.google.com/up/?continue=https://www.google.com/intl/en/images/logos/accounts_logo.png&type=st&gpsrc=ogpy0 https://workspaceupdates.googleblog.com/2023/04/new-community-features-for-google-chat-and-an-update-currents%20.html	0 0

GET		login x.com/ Redirect Chain https://twitter.com/login?redirect_after_login=/favicon.ico https://x.com/login?redirect_after_login=/favicon.ico	0 0

GET H/1.1	200 OK	21-small.jpg microsoft.trusted-mail.live/public/campaign/38/613/15/	8 KB 8 KB	193ms 125ms	Image image/jpeg	2a01:4f8:c17:ea63::1 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://microsoft.trusted-mail.live/public/campaign/38/613/15/21-small.jpg Requested by Host: microsoft.trusted-mail.live URL: https://microsoft.trusted-mail.live/3kjllsjqr2ydec4z/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2a01:4f8:c17:ea63::1 Bad Soden-Salmuenster, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS Software nginx/1.22.1 / Resource Hash `1a88f6dc77903dacec6edfdb031b79ae11a7d7bde8d89cac1aa7e912e3ff66c3` Request headers Referer https://microsoft.trusted-mail.live/3kjllsjqr2ydec4z/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Sun, 15 Sep 2024 01:09:39 GMT Last-Modified Mon, 29 Jul 2024 14:30:11 GMT Server nginx/1.22.1 ETag "1ee9-61e63b2d2cd75" Upgrade h2,h2c Content-Type image/jpeg Cache-Control no-cache Connection keep-alive Accept-Ranges bytes Content-Length 7913
GET H/1.1	200 OK	21.jpg microsoft.trusted-mail.live/public/campaign/38/613/15/	41 KB 41 KB	322ms 217ms	Image image/jpeg	2a01:4f8:c17:ea63::1 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://microsoft.trusted-mail.live/public/campaign/38/613/15/21.jpg Requested by Host: microsoft.trusted-mail.live URL: https://microsoft.trusted-mail.live/3kjllsjqr2ydec4z/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2a01:4f8:c17:ea63::1 Bad Soden-Salmuenster, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS Software nginx/1.22.1 / Resource Hash `ffee99c9d90da90ee076b8bed6ce67002058beff304f5cfaf1de80997ffc8d4a` Request headers Referer https://microsoft.trusted-mail.live/3kjllsjqr2ydec4z/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Sun, 15 Sep 2024 01:09:39 GMT Last-Modified Mon, 29 Jul 2024 14:30:11 GMT Server nginx/1.22.1 ETag "a4c9-61e63b2d2cd75" Upgrade h2,h2c Content-Type image/jpeg Cache-Control no-cache Connection keep-alive Accept-Ranges bytes Content-Length 42185
POST H/1.1	200 OK	run-analyse Show response microsoft.trusted-mail.live/3kjllsjqr2ydec4z/	0 411 B	196ms 194ms	XHR text/html	2a01:4f8:c17:ea63::1 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://microsoft.trusted-mail.live/3kjllsjqr2ydec4z/run-analyse Requested by Host: microsoft.trusted-mail.live URL: https://microsoft.trusted-mail.live/3kjllsjqr2ydec4z/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2a01:4f8:c17:ea63::1 Bad Soden-Salmuenster, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS Software nginx/1.22.1 / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer https://microsoft.trusted-mail.live/3kjllsjqr2ydec4z/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-Type multipart/form-data; boundary=----WebKitFormBoundarylEySRQShqBxQRjtK Response headers Pragma no-cache Date Sun, 15 Sep 2024 01:09:39 GMT Server nginx/1.22.1 Access-Control-Allow-Methods * Content-Type text/html; charset=UTF-8 Upgrade h2,h2c Access-Control-Allow-Origin * Cache-Control no-store, no-cache, must-revalidate, no-cache Connection keep-alive Access-Control-Allow-Headers * Content-Length 0 Expires Thu, 19 Nov 1981 08:52:00 GMT
GET H/1.1	200 OK	favicon.ico microsoft.trusted-mail.live/public/campaign/38/613/15/	17 KB 17 KB	216ms 216ms	Other image/vnd.microsoft.icon	2a01:4f8:c17:ea63::1 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://microsoft.trusted-mail.live/public/campaign/38/613/15/favicon.ico Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2a01:4f8:c17:ea63::1 Bad Soden-Salmuenster, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS Software nginx/1.22.1 / Resource Hash `90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21` Request headers Referer https://microsoft.trusted-mail.live/3kjllsjqr2ydec4z/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Sun, 15 Sep 2024 01:09:39 GMT Last-Modified Mon, 29 Jul 2024 14:30:11 GMT Server nginx/1.22.1 ETag "4316-61e63b2d2cd75" Upgrade h2,h2c Content-Type image/vnd.microsoft.icon Cache-Control no-cache Connection keep-alive Accept-Ranges bytes Content-Length 17174
POST H/1.1	200 OK	run-analyse Show response microsoft.trusted-mail.live/3kjllsjqr2ydec4z/	0 411 B	183ms 181ms	XHR text/html	2a01:4f8:c17:ea63::1 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://microsoft.trusted-mail.live/3kjllsjqr2ydec4z/run-analyse Requested by Host: microsoft.trusted-mail.live URL: https://microsoft.trusted-mail.live/3kjllsjqr2ydec4z/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2a01:4f8:c17:ea63::1 Bad Soden-Salmuenster, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS Software nginx/1.22.1 / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer https://microsoft.trusted-mail.live/3kjllsjqr2ydec4z/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-Type multipart/form-data; boundary=----WebKitFormBoundaryc7Hj3adEmTA8PDMA Response headers Pragma no-cache Date Sun, 15 Sep 2024 01:09:39 GMT Server nginx/1.22.1 Access-Control-Allow-Methods * Content-Type text/html; charset=UTF-8 Upgrade h2,h2c Access-Control-Allow-Origin * Cache-Control no-store, no-cache, must-revalidate, no-cache Connection keep-alive Access-Control-Allow-Headers * Content-Length 0 Expires Thu, 19 Nov 1981 08:52:00 GMT
POST H/1.1	200 OK	track-time microsoft.trusted-mail.live/scenario/	0 725 B	337ms 335ms	Ping text/html	2a01:4f8:c17:ea63::1 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://microsoft.trusted-mail.live/scenario/track-time Requested by Host: microsoft.trusted-mail.live URL: https://microsoft.trusted-mail.live/3kjllsjqr2ydec4z/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2a01:4f8:c17:ea63::1 Bad Soden-Salmuenster, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS Software nginx/1.22.1 / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer https://microsoft.trusted-mail.live/3kjllsjqr2ydec4z/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers Pragma no-cache Date Sun, 15 Sep 2024 01:09:41 GMT Server nginx/1.22.1 Access-Control-Max-Age 86400 Access-Control-Allow-Methods GET, POST, OPTIONS, PUT, PATCH, HEAD, * Content-Type text/html; charset=UTF-8 Access-Control-Allow-Origin , Upgrade h2,h2c Cache-Control no-store, no-cache, must-revalidate, no-cache Access-Control-Allow-Credentials true Connection keep-alive Access-Control-Allow-Headers Content-Type, * Content-Length 0 Expires Thu, 19 Nov 1981 08:52:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: accounts.google.com
URL: https://accounts.google.com/CheckCookie?continue=https%3A%2F%2Fwww.google.com%2Fintl%2Fen%2Fimages%2Flogos%2Faccounts_logo.png&followup=https%3A%2F%2Fwww.google.com%2Fintl%2Fen%2Fimages%2Flogos%2Faccounts_logo.png&chtml=LoginDoneHtml&checkedDomains=youtube&checkConnection=youtube%3A291%3A1

Domain: workspaceupdates.googleblog.com
URL: https://workspaceupdates.googleblog.com/2023/04/new-community-features-for-google-chat-and-an-update-currents%20.html

Domain: x.com
URL: https://x.com/login?redirect_after_login=/favicon.ico

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
microsoft.trusted-mail.live/	1969-12-31 23:59:59	Name: PHPSESSID Value: j4r1e4mcqpip5asq891ep772fp
microsoft.trusted-mail.live/	1970-01-21 00:15:54	Name: link Value: 3kjllsjqr2ydec4z
.twitter.com/	1970-01-21 09:08:42	Name: guest_id_marketing Value: v1%3A172636257950105679
.twitter.com/	1970-01-21 09:08:42	Name: guest_id_ads Value: v1%3A172636257950105679
.twitter.com/	1970-01-21 09:08:42	Name: personalization_id Value: "v1_vS9XL3l0UiJwND/ZedBN5A=="
.twitter.com/	1970-01-21 09:08:42	Name: guest_id Value: v1%3A172636257950105679
.x.com/	1970-01-21 09:08:42	Name: guest_id_marketing Value: v1%3A172636257960841485
.x.com/	1970-01-21 09:08:42	Name: guest_id_ads Value: v1%3A172636257960841485
.x.com/	1970-01-21 09:08:42	Name: personalization_id Value: "v1_RosI69Ewv8IYQa0hYwOhKw=="
.x.com/	1970-01-21 09:08:42	Name: guest_id Value: v1%3A172636257960841485

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
microsoft.trusted-mail.live
workspaceupdates.googleblog.com
x.com
accounts.google.com
workspaceupdates.googleblog.com
x.com
2a01:4f8:c17:ea63::1
16dd9f6ea949f57ecb70a3341e6a7e6853279d7efb99db6b711b4c3a518b4cc1
1a88f6dc77903dacec6edfdb031b79ae11a7d7bde8d89cac1aa7e912e3ff66c3
1c1aff1501eb2b60d97d99b9f4cddfde783d6503a1a2f3fd7889d0ca9be45f26
1ebe19e41a80646d99691bf907f012f60c4a6f29d362ed8209a5e0964709808d
24d8d9de980110ae019b26b88ee6e0f31f38db01403361bc01b52d18732a8f08
280eeeba7da255e0fbe039cadb63aede300d0c68a5c322035b89d39b12af8916
2c03ee38a4eba6a047c3a5bacb3eb461efe14be8acd46ae772350a4dea2f0175
40b5d8a58652a31bdd2f384fa6261f5ac94fb5556bf9cd753b90141eee227b80
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
ab50358475adae73a435466c72d1a48ab124e8ae06614663716a46dce5ac8b83
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f1c337652efabe9f5e414ea59f57c6400ed13bf75dd722d661de6b575c33551c
f53941103f6922446d2f5490b628638bffa13b74888ca07f40b2811ac743d98c
f664b8138c2da6ec7565500a7cc839da6372614a31dc04c5a2169a26b8d9767c
ffee99c9d90da90ee076b8bed6ce67002058beff304f5cfaf1de80997ffc8d4a

microsoft.trusted-mail.live Open in urlscan Pro 2a01:4f8:c17:ea63::1 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

20 Requests

65 %HTTPS

100 %IPv6

4 Domains

4 Subdomains

2 IPs

2 Countries

106 kBTransfer

116 kBSize

10 Cookies

0 Outgoing links

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

13 JavaScript Global Variables

10 Cookies

Indicators

microsoft.trusted-mail.live Open in urlscan Pro
2a01:4f8:c17:ea63::1 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

65 %
HTTPS

100 %
IPv6

4
Domains

4
Subdomains

2
IPs

2
Countries

106 kB
Transfer

116 kB
Size

10
Cookies

20 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!