outlook.office365.com
Open in
urlscan Pro
2603:1036:302:4080::2
Public Scan
Submitted URL: https://protect-us.mimecast.com/s/vB_lCgJGW6hnm7w7SNURPs?domain=outlook.office365.com
Effective URL: https://outlook.office365.com/Encryption/authenticationpage.aspx?st=Microsoft&ru=https%3a%2f%2foutlook.office365.com%2fEncrypt...
Submission: On September 16 via manual from US — Scanned from US
Effective URL: https://outlook.office365.com/Encryption/authenticationpage.aspx?st=Microsoft&ru=https%3a%2f%2foutlook.office365.com%2fEncrypt...
Submission: On September 16 via manual from US — Scanned from US
Summary
This website contacted 3 IPs
in 1 countries
across 3 domains to perform 5 HTTP transactions.
The main IP is 2603:1036:302:4080::2, located in
Tappahannock, United States and
belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US.
The main domain is outlook.office365.com.
The Cisco Umbrella rank of the primary domain is 48.
TLS certificate: Issued by DigiCert Cloud Services CA-1 on July 26th 2022. Valid for: a year.
This is the only time outlook.office365.com was scanned on urlscan.io!
TLS certificate: Issued by DigiCert Cloud Services CA-1 on July 26th 2022. Valid for: a year.
This is the only time outlook.office365.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 2 2 | 205.139.111.117 205.139.111.117 | 3561 (CENTURYLI...) (CENTURYLINK-LEGACY-SAVVIS) | |
| 2 6 | 2603:1036:302... 2603:1036:302:4080::2 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
| 1 | 152.199.4.33 152.199.4.33 | 15133 (EDGECAST) (EDGECAST) | |
| 5 | 3 |
2
205.139.111.117
(United States)
ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US)
PTR: us-api.mimecast.com
ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US)
PTR: us-api.mimecast.com
| protect-us.mimecast.com |
6
2603:1036:302:4080::2
(Tappahannock, United States)
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
| outlook.office365.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 6 |
office365.com
2 redirects
outlook.office365.com — Cisco Umbrella Rank: 48 |
28 KB |
| 2 |
mimecast.com
2 redirects
protect-us.mimecast.com — Cisco Umbrella Rank: 8080 |
4 KB |
| 1 |
aspnetcdn.com
ajax.aspnetcdn.com — Cisco Umbrella Rank: 790 |
33 KB |
| 5 | 3 |
| Domain | Requested by | |
|---|---|---|
| 6 | outlook.office365.com |
2 redirects
outlook.office365.com
|
| 2 | protect-us.mimecast.com | 2 redirects |
| 1 | ajax.aspnetcdn.com |
outlook.office365.com
|
| 5 | 3 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| go.microsoft.com |
| privacy.microsoft.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| outlook.com DigiCert Cloud Services CA-1 |
2022-07-26 - 2023-07-25 |
a year | crt.sh |
| *.vo.msecnd.net DigiCert SHA2 Secure Server CA |
2022-07-11 - 2023-07-11 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://outlook.office365.com/Encryption/authenticationpage.aspx?st=Microsoft&ru=https%3a%2f%2foutlook.office365.com%2fEncryption%2fdefault.aspx%3fitemID%3dE4E_M_a2ed82c4-ac10-4749-88cf-ea8232c7dd24&e4e_sdata=JWT%2bCTH1YMP8jFa0pYQQp3nnWRB4ky4sFAl4ML7auqDTxKJHqqzfDKWn2bTNGZy19cx%2fLb3fANrclu5bjE2kL9Fge9XB7XpCi8Zo03Ygp0JZOIvXp8UuZ%2fTQ30wyPkkWxaxdb4QrSr7m4lpH9XuM5aytnkkdMxdKefhmKfybhVFPf7bA1m%2blV7T567tRRV3Qw%2bcN%2fawXpLHCu4%2bdge1IKmUpLrRwVHIpR8HtAdn3S%2f7dQyz1AqrBKBj%2fPW%2bKHaUTeLqy5jFff9B%2bbn3Di7KtmUvqgwR%2fBzNeXczFLsWSmvLFQq2Fc1aXrrrrNRh%2bswkqHWCfiPuDFQYc99JZmZt1PQ%3d%3d
Frame ID: 2310AB8EC01B2225606A5A4015FD42CA
Requests: 6 HTTP requests in this frame
Screenshot
Page Title
Encrypted Message AuthenticationPage URL History Show full URLs
-
https://protect-us.mimecast.com/s/vB_lCgJGW6hnm7w7SNURPs?domain=outlook.office365.com
HTTP 307
https://protect-us.mimecast.com/redirect/eNqtVmtTIksS_SsGN_STMPXoqq4y1t0BYUYcEYVGgXXDqFdDa7-mu1H0hv99s0FndGZ... HTTP 307
https://outlook.office365.com/Encryption/retrieve.ashx?recipientemailaddress=IMontes%40archinsurance.com&s... HTTP 302
https://outlook.office365.com/Encryption/default.aspx?itemID=E4E_M_a2ed82c4-ac10-4749-88cf-ea8232c7dd24 HTTP 302
https://outlook.office365.com/Encryption/authenticationpage.aspx?st=Microsoft&ru=https%3a%2f%2foutlook.off... Page URL
Detected technologies
Microsoft ASP.NET
(Web Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- \.aspx?(?:$|\?)
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
URL: https://go.microsoft.com/fwlink/?linkid=849297
Title: Need Help?
Title: Need Help?
Search URL Search Domain Scan URL
URL: https://privacy.microsoft.com/en-us/privacystatement
Title: Privacy Statement
Title: Privacy Statement
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://protect-us.mimecast.com/s/vB_lCgJGW6hnm7w7SNURPs?domain=outlook.office365.com
HTTP 307
https://protect-us.mimecast.com/redirect/eNqtVmtTIksS_SsGN_STMPXoqq4y1t0BYUYcEYVGgXXDqFdDa7-mu1H0hv99s0FndGZuxN2NgQioysrKzjp56mT_2ShMXjUOGlGSpZUrP6rCLKO0XBUqNa5lsqSx34gz0zjA-43CGRflVRUlDuacU8I8n_kIIViDIGS_oapK1QHCDGL-ef0yT1xaldeNg3-DJYxid6YSB9Prhs7sY66KqpWni-vG_nWjXCq8WbFOSeu4NVh6XAgRCo19Y0KuCA-JL5TyQyeV_7qLML7ZJy34GGakZYz5KvSFsEJyozkPmc-1EoxjaZBvKNUCcSpDojhTwpPCsRBv4iWWbYJhST3sYap9JLgWmmmJnCaC-RgpTryNc5Fl1fh3JwAQB4_5FqQoUQt3_eEbRNFTbfeowM_7vwK0tayS92AqEwpOseM-pkYy5gwPPXioJ50LnaXMWupDhj-Caes0ieMopNQ4z2EJY18jwRRzWFtJjYcMdhRjJqlmIeOC-BTOLLFADL0Dk3kUewKKhzwJlYT6UUswl4ojSYjEvwLz9yTwFszKravrD4BQ_BZMYLL8GcwKLkGZRGUZZWnLve54BdVRH1GtOaFOYGSRRnA8jyrraS59ZLlDnvZ-BhXpEGmquTIcKcaltMQ6px3hWBDnkCHw1SrUyigiPGG4wEwpbZWUvtTeO1A9oBdTHieM4RDKyhwUNUTKYkhGYvsrUH9PAm9BTVxZbjhahEYQ0iyrldbOvkUYIyjx83-eQU5sBEJSa04_hVkeWcDfkzBSIDONo8m4LXDbIwIW1cbvaOnM3WR0ujVAMcDWNgamZaLKJcxCI-H6aMmp8rW0kK4E2hDKsSVaAixUU7iGrt6S2gJ2FKWKo1SVH2N158rIOq3Suxe9K1f6Flz-KJ1ZFe6PnVHvYOfSFVEYGVU_ficLd1ySx9ljLWw3O4OitfMlKh5UfZ4qqQbZKoVDNVZl5YoEI7DWKvtdFeH8UR69EcX0lXKDjQrv7_RTG6kNfi5RUfyiA38h0Rs_m4Fjur3uPztska8PCsqBPOQLQiXdovE9r29pjLfg7O-MMhNlP-Txl9D9mMcv16N8S1zUwshvSdoSdGNfZmW1JRM8p2kTDslglKUECdrKVpWuQW3lRVa5DQdqW5xlL4Gft8ifZRZaUwNhAvMoh-Hb54AtKRc1BI1_dAf8fITFoEMRI50e7zLPI6CPnzrQbrqi2-kQT8qP79xakFJeWCzqNOzbBP5Zh95egqqE8AQRgiRmGGPiUcJrCqyKGFaWVZWXB9cfrj-8bs9C4JWjnG1O8qGXmuIxr08I18lVReTuXQtYvv7XN9ZsSqGsLeCJh_0tZXY99FPZ90qXWle8c38tHvj_WJ4X96xYqDR62jD9sP3wud-uP9lF_dtt13-d44ddojtkGVXrXnYset1xuIpo5_wywOXsqooNie_mVydLnZRk0J09DI_YvU5wPqMn94bIxB6xW01QGeCJDK7iW5PIJ03mqN-79GZkCfts3O8t7w0dxfOjzrlJLNhiPpuOck3Y02lv1D2fsE5w2RkPgmVn0G3jjQ3mAbooR72BDPDlJOjJ8_HjunfxhLsBIoOBnZGL9SQYz9TnT_0g4jI4uoB2dEHkap7EqZ2eLO3n-F5H625w-7-d5Zdx4suVmo7-z3xRZ--FU5E93KXm71EWCvs3SbtL3Z4Jk9ErrQ7HjyBYyQDYorP1rq81ldITgjShvflNjxu_KQD-pjCWUhZKR6nd9e0PVOKII9HK0iQyRVZmYbXhlsmAmYkrvtP7MFRx6b6TDg7pK19oQUyTEYWaHtGuKbgjTWqtLyjyoE2pPQOymiUvBA1qHVaVO3wdkD24Z9YZEAJ7iPfgneGmtKpSh_MA3Z0Oq3jiY6KPnYivgMOTi9QYMp6WA322S8KEpG6YXsx7_tkynOJh92uwfEyt6etLCsufeoH5uhxNIi3XkzMc6uloeowGj_PhrQqnsycZ6_nU4U9ddHcnpwVGsGd9df7FI4szBePOFargb_6w_tL-BAMvny3Pz88GJ12bk1QHTE0Z4utldxjju6vq6tHe4di4qyHTp0mVzgbHCh1_efK0wv3bZftrBEG0cml_rXqmPIXJw_i0Sy6_xoOTeYLvi_aIarCGR2R2aYcnmZoadoTK8ewqIDOT6ra-X89KckanmQW_qvMAbXf0FOmRXbfHNL9fRGaRTtMnYk7OvMfjyXTii0VQ9D578-N82Ousqouq1x_O5tO76ARNqykdXowmi13gBbV1w6nb9-LGNN3NqkT4huCbe3jpa2J8873P32zVEpaxd_PaM5ug4U2PMioZ9YUPsRarjXKfT_IROzaX5-XndBxmp4w82ZsHWN_ywhVm2wPevUcUbrF9bXjpH81V2arfYIwqN_RsPP8XSA4Rhg HTTP 307
https://outlook.office365.com/Encryption/retrieve.ashx?recipientemailaddress=IMontes%40archinsurance.com&senderemailaddress=rsalinas%40lakesidebank.com&senderorganization=AwGIAAAAAoQAAAADAQAAABHw%2bB2hitxEoH8EDSfui3BPVT1sYWtlc2lkZWJhbms2MDYwOC5vbm1pY3Jvc29mdC5jb20sT1U9TWljcm9zb2Z0IEV4Y2hhbmdlIEhvc3RlZCBPcmdhbml6YXRpb25zLERDPU5BTVBSMThBMDA1LERDPVBST0QsREM9T1VUTE9PSyxEQz1DT02MMdY2QxUTSYaGFITi69TCQ049Q29uZmlndXJhdGlvbixDTj1sYWtlc2lkZWJhbms2MDYwOC5vbm1pY3Jvc29mdC5jb20sQ049Q29uZmlndXJhdGlvblVuaXRzLERDPU5BTVBSMThBMDA1LERDPVBST0QsREM9T1VUTE9PSyxEQz1DT00B&messageid=%3cDM6PR18MB3052BE6D5442671FB468D8DBB2499%40DM6PR18MB3052.namprd18.prod.outlook.com%3e&cfmRecipient=SystemMailbox%7bb3994882-10d7-46c7-8b25-8cd335f9e33d%7d%40lakesidebank60608.onmicrosoft.com&consumerEncryption=false&senderorgid=7a78b82c-52a0-42be-86e2-3dd78304deea&customizationTemplate=Template2&urldecoded=1&e4e_sdata=ZT0kLOtlU712bHe8lW%2bUQncc2SXsMbN%2fm2neOnQZE7NhfX1ODqThyndcIbV3%2fFETcqhRUib9xUN1fbXRXH0MyZOjafXYz9lbZXe1FD0kk9Xr10%2fxWPK42gNa%2fBW0t%2fZwxKAF%2f4pYhPPNMJDdp2nbT5aX506xhDOl1kWtWydk1lceWO5bLmtnYMHa0HKz4ba1IjhAqiF%2baenIxaEcsL%2bwSLD2VqlMJZm1vrAR3b%2bfC2YVdOJoaXc5C0sSYWT2YcnbAbvxYs2N3Xod%2btBw428RzibRdxAS3pvgicgnXnz2cJN4yHUXU78gTrEG4ZHpOEButQtEIOYZXkiJ0XtX3OQRUg%3d%3d HTTP 302
https://outlook.office365.com/Encryption/default.aspx?itemID=E4E_M_a2ed82c4-ac10-4749-88cf-ea8232c7dd24 HTTP 302
https://outlook.office365.com/Encryption/authenticationpage.aspx?st=Microsoft&ru=https%3a%2f%2foutlook.office365.com%2fEncryption%2fdefault.aspx%3fitemID%3dE4E_M_a2ed82c4-ac10-4749-88cf-ea8232c7dd24&e4e_sdata=JWT%2bCTH1YMP8jFa0pYQQp3nnWRB4ky4sFAl4ML7auqDTxKJHqqzfDKWn2bTNGZy19cx%2fLb3fANrclu5bjE2kL9Fge9XB7XpCi8Zo03Ygp0JZOIvXp8UuZ%2fTQ30wyPkkWxaxdb4QrSr7m4lpH9XuM5aytnkkdMxdKefhmKfybhVFPf7bA1m%2blV7T567tRRV3Qw%2bcN%2fawXpLHCu4%2bdge1IKmUpLrRwVHIpR8HtAdn3S%2f7dQyz1AqrBKBj%2fPW%2bKHaUTeLqy5jFff9B%2bbn3Di7KtmUvqgwR%2fBzNeXczFLsWSmvLFQq2Fc1aXrrrrNRh%2bswkqHWCfiPuDFQYc99JZmZt1PQ%3d%3d Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
5 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
authenticationpage.aspx
outlook.office365.com/Encryption/ Redirect Chain
|
14 KB 15 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-1.12.4.min.js
ajax.aspnetcdn.com/ajax/jQuery/ |
95 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
authentication.css
outlook.office365.com/Encryption/ |
3 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
lock.png
outlook.office365.com/Encryption/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
liveid.png
outlook.office365.com/Encryption/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
16 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery number| timerInterval function| OtpClicked function| LogOAuthSignIn function| gup function| timedText16 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| outlook.office365.com/ | Name: X-E4E-CorrelationId Value: 933c5605-bc1c-456e-a4c0-3f5f675bef72 |
|
| outlook.office365.com/ | Name: X-OmeVersion Value: V2 |
|
| outlook.office365.com/ | Name: X-ConsumerEncryption Value: false |
|
| outlook.office365.com/ | Name: X-CfmRecipientAddress Value: SystemMailbox%7bb3994882-10d7-46c7-8b25-8cd335f9e33d%7d%40lakesidebank60608.onmicrosoft.com |
|
| outlook.office365.com/ | Name: E4EAnchorMailbox Value: SystemMailbox{b3994882-10d7-46c7-8b25-8cd335f9e33d}@lakesidebank60608.onmicrosoft.com |
|
| outlook.office365.com/ | Name: X-CustomizationTemplate Value: Template2 |
|
| outlook.office365.com/ | Name: X-RecipientEmailAddress Value: IMontes@archinsurance.com |
|
| outlook.office365.com/ | Name: X-SenderEmailAddress Value: rsalinas@lakesidebank.com |
|
| outlook.office365.com/ | Name: X-SenderOrganization Value: AwGIAAAAAoQAAAADAQAAABHw+B2hitxEoH8EDSfui3BPVT1sYWtlc2lkZWJhbms2MDYwOC5vbm1pY3Jvc29mdC5jb20sT1U9TWljcm9zb2Z0IEV4Y2hhbmdlIEhvc3RlZCBPcmdhbml6YXRpb25zLERDPU5BTVBSMThBMDA1LERDPVBST0QsREM9T1VUTE9PSyxEQz1DT02MMdY2QxUTSYaGFITi69TCQ049Q29uZmlndXJhdGlvbixDTj1sYWtlc2lkZWJhbms2MDYwOC5vbm1pY3Jvc29mdC5jb20sQ049Q29uZmlndXJhdGlvblVuaXRzLERDPU5BTVBSMThBMDA1LERDPVBST0QsREM9T1VUTE9PSyxEQz1DT00B |
|
| outlook.office365.com/ | Name: X-MessageId Value: %3cDM6PR18MB3052BE6D5442671FB468D8DBB2499%40DM6PR18MB3052.namprd18.prod.outlook.com%3e |
|
| outlook.office365.com/ | Name: X-StoreObjectId Value: |
|
| outlook.office365.com/ | Name: X-RecipientPrimarySmtp Value: |
|
| outlook.office365.com/ | Name: E4E_M_a2ed82c4-ac10-4749-88cf-ea8232c7dd24 Value: BL0PR18MB2243 |
|
| outlook.office365.com/ | Name: X-OTPItemId Value: E4E_M_a2ed82c4-ac10-4749-88cf-ea8232c7dd24 |
|
| outlook.office365.com/ | Name: X-SenderExternalOrganizationId Value: 7a78b82c-52a0-42be-86e2-3dd78304deea |
|
| outlook.office365.com/ | Name: X-AnonResource Value: true |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.aspnetcdn.com
outlook.office365.com
protect-us.mimecast.com
152.199.4.33
205.139.111.117
2603:1036:302:4080::2
08a857eeec64d9c6b3ece76762eed837929e0e6f8a29d1315a04d38c3053b4b6
53f5d8debbf8bb914d40dd6cde2a4e0e52e5176dfea89763ce090a5a8960e2e4
55400220f8792e5146328487b0dbbb259a3f558e8fd51f2b445a5ddb6bc1608e
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
9dcf6c5c9d5557af788d896cb66f576ba85619c07c33b80639f2a65a8498e5f1
da7b1e7c0e95a9caba46be191f562268cee236556f67e4b10f2b3a05785b9cad