outlook-com.mcrsoft.workers.dev Open in urlscan Pro
2a06:98c1:3121::7 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://12n97.trk.elasticemail.com/tracking/click?d=QOnU6qJEV4Pd5Vv8h4YwNO3iDk_6_VqMJS5P8F-wFJ9AAiPyuPL2HXeiUUHKS4s9D1IzO_2mliK-xRt...
Effective URL:
https://outlook-com.mcrsoft.workers.dev/?path=75f329fe8fb9c8d7f1b970e7418dcbd4d55960cc
Submission: On February 09 via manual (February 9th 2022, 1:59:24 pm UTC) from US — Scanned from FR

Summary HTTP 7 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 7 HTTP transactions. The main IP is 2a06:98c1:3121::7, located in United States and belongs to CLOUDFLARENET, US. The main domain is outlook-com.mcrsoft.workers.dev.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on September 4th 2021. Valid for: a year.

This is the only time outlook-com.mcrsoft.workers.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Outlook Web Access (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	87.98.174.124 87.98.174.124	16276 (OVH) (OVH)
1	2606:4700:303... 2606:4700:3036::6815:2c60	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a06:98c1:312... 2a06:98c1:3121::7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:3b	20446 (HIGHWINDS3) (HIGHWINDS3)
2	2a06:98c1:312... 2a06:98c1:3120::7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	5

1 87.98.174.124 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: api.elasticemail.com

12n97.trk.elasticemail.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3036::6815:2c60 (United States)

ASN13335 (CLOUDFLARENET, US)

login.mcrsoft.workers.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a06:98c1:3121::7 (United States)

ASN13335 (CLOUDFLARENET, US)

outlook-com.mcrsoft.workers.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:3b (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a06:98c1:3120::7 (United States)

ASN13335 (CLOUDFLARENET, US)

breaking-security.ga	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	workers.dev login.mcrsoft.workers.dev outlook-com.mcrsoft.workers.dev	71 KB
2	breaking-security.ga breaking-security.ga	4 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 584	30 KB
1	elasticemail.com 1 redirects 12n97.trk.elasticemail.com	373 B
7	4

	Domain	Requested by
3	outlook-com.mcrsoft.workers.dev	login.mcrsoft.workers.dev outlook-com.mcrsoft.workers.dev
2	breaking-security.ga	outlook-com.mcrsoft.workers.dev
1	code.jquery.com	outlook-com.mcrsoft.workers.dev
1	login.mcrsoft.workers.dev
1	12n97.trk.elasticemail.com	1 redirects
7	5

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-09-04` - `2022-09-03`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://outlook-com.mcrsoft.workers.dev/?path=75f329fe8fb9c8d7f1b970e7418dcbd4d55960cc
Frame ID: CA2B4C5F4505CDD17A6837705794C5B6
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Outlook Web App

Page URL History Show full URLs

https://12n97.trk.elasticemail.com/tracking/click?d=QOnU6qJEV4Pd5Vv8h4YwNO3iDk_6_VqMJS5P8F-wFJ9AAiPyuPL2HXeiUUH... HTTP 302
http://login.mcrsoft.workers.dev/ HTTP 307
https://login.mcrsoft.workers.dev/ Page URL
https://outlook-com.mcrsoft.workers.dev/?path=75f329fe8fb9c8d7f1b970e7418dcbd4d55960cc Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

7
Requests

100 %
HTTPS

80 %
IPv6

4
Domains

5
Subdomains

5
IPs

3
Countries

105 kB
Transfer

224 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://12n97.trk.elasticemail.com/tracking/click?d=QOnU6qJEV4Pd5Vv8h4YwNO3iDk_6_VqMJS5P8F-wFJ9AAiPyuPL2HXeiUUHKS4s9D1IzO_2mliK-xRtt1F4KWFM5CtsgliFEQSZberVFjbj5n6sRPwMobHMLZ9if5zXxkQGUJnYu5zGLlHZBScJE56E1 HTTP 302
http://login.mcrsoft.workers.dev/ HTTP 307
https://login.mcrsoft.workers.dev/ Page URL
https://outlook-com.mcrsoft.workers.dev/?path=75f329fe8fb9c8d7f1b970e7418dcbd4d55960cc Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://12n97.trk.elasticemail.com/tracking/click?d=QOnU6qJEV4Pd5Vv8h4YwNO3iDk_6_VqMJS5P8F-wFJ9AAiPyuPL2HXeiUUHKS4s9D1IzO_2mliK-xRtt1F4KWFM5CtsgliFEQSZberVFjbj5n6sRPwMobHMLZ9if5zXxkQGUJnYu5zGLlHZBScJE56E1 HTTP 302
http://login.mcrsoft.workers.dev/ HTTP 307
https://login.mcrsoft.workers.dev/

7 HTTP transactions
5 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response login.mcrsoft.workers.dev/ Redirect Chain https://12n97.trk.elasticemail.com/tracking/click?d=QOnU6qJEV4Pd5Vv8h4YwNO3iDk_6_VqMJS5P8F-wFJ9AAiPyuPL2HXeiUUHKS4s9D1IzO_2mliK-xRtt1F4KWFM5CtsgliFEQSZberVFjbj5n6sRPwMobHMLZ9if5zXxkQGUJnYu5zGLlHZBS... http://login.mcrsoft.workers.dev/ https://login.mcrsoft.workers.dev/	665 B 858 B	130ms 48ms	Document text/html	2606:4700:3036::6815:2c60 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://login.mcrsoft.workers.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::6815:2c60 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d4bbcd78eb52d487ad81aaf87e799cf38cf38a5b8b83abce38af3e80d59bf527` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language fr-FR,fr;q=0.9 Response headers date Wed, 09 Feb 2022 13:59:19 GMT content-type text/html;charset=UTF-8 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8KIxJgBbkGddX99UFk1wHeavHlFBu%2BFy79nNYhfeSLrBTZvFOM6ixYu9YmYqUSOaYCTbDLbTRp1NVvZiGhYJanPL%2BjoyEneOkF1YjG6WUCybaviKXKKU8blFd2EMrg%2FhOJea89rAnMGiLMcSeqxjZob%2FFOnWSy%2FW"}],"group":"cf-nel","max_age":604800} nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary Accept-Encoding server cloudflare cf-ray 6dad9e191dd83a4d-CDG content-encoding br alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 Redirect headers Location https://login.mcrsoft.workers.dev/#path=75f329fe8fb9c8d7f1b970e7418dcbd4d55960cc#ZGF2 Non-Authoritative-Reason HSTS
GET H2	200	Primary Request / Show response outlook-com.mcrsoft.workers.dev/	34 KB 24 KB	113ms 34ms	Document text/html	2a06:98c1:3121::7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://outlook-com.mcrsoft.workers.dev/?path=75f329fe8fb9c8d7f1b970e7418dcbd4d55960cc Requested by Host: login.mcrsoft.workers.dev URL: https://login.mcrsoft.workers.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f9daa8b4a10b33fcc11ead7df6970141e6f61cccd69279b56fdc5a2f30a6457b` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language fr-FR,fr;q=0.9 Referer https://login.mcrsoft.workers.dev/ Response headers date Wed, 09 Feb 2022 13:59:19 GMT content-type text/html;charset=UTF-8 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tdfdpr92VplFTARsf8Df95OXXCOZClrlY0pZpEju0slcaZa%2F8%2B3EyIJCL3u1Fdc0Fg%2B%2BPg7ikNRs9yOjl%2FeuvHGx56E1P2mBDGcjzqO2jTvSMujFsUToJFcpNz4lwy1nCLozxW7H8euhjlsGu6rgkp6DH7hxiDalpRpJ7uim"}],"group":"cf-nel","max_age":604800} nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary Accept-Encoding server cloudflare cf-ray 6dad9e1a0fe5ee48-CDG content-encoding br alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	jquery-3.6.0.min.js Show response code.jquery.com/	87 KB 30 KB	64ms 22ms	Script application/javascript	2001:4de0:ac18::1:a:3b HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.6.0.min.js Requested by Host: outlook-com.mcrsoft.workers.dev URL: https://outlook-com.mcrsoft.workers.dev/?path=75f329fe8fb9c8d7f1b970e7418dcbd4d55960cc Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4de0:ac18::1:a:3b , Netherlands, ASN20446 (HIGHWINDS3, US), Reverse DNS Software nginx / Resource Hash `ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e` Request headers Referer https://outlook-com.mcrsoft.workers.dev/ Origin https://outlook-com.mcrsoft.workers.dev Accept-Language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Wed, 09 Feb 2022 13:59:19 GMT content-encoding gzip last-modified Fri, 20 Aug 2021 17:47:53 GMT server nginx etag W/"611feac9-15d9d" vary Accept-Encoding x-hw 1644415159.dop040.pa1.t,1644415159.cds218.pa1.hn,1644415159.cds047.pa1.c content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 30875
GET DATA	200 OK	truncated /	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `d9ed6586942003696afe4e52b09f343f8342244b51a9e175b75162d7e615207b` Request headers Accept-Language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	4 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `4de8fc175826d9f78fce9f9f2b71a63fe832fc7507e0394125c823b0909fa54a` Request headers Accept-Language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	8 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `a7c14ee84d81a536a4cd54e3a144f388f2174a4a5c409ae118ea49f0da6b4aa6` Request headers Accept-Language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Content-Type image/png
GET H2	200	style.css breaking-security.ga/wmidentity/dist/css/	11 KB 3 KB	360ms 283ms	Stylesheet text/css	2a06:98c1:3120::7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://breaking-security.ga/wmidentity/dist/css/style.css Requested by Host: outlook-com.mcrsoft.workers.dev URL: https://outlook-com.mcrsoft.workers.dev/?path=75f329fe8fb9c8d7f1b970e7418dcbd4d55960cc Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `1084b54ac1b62eff9f25b6f07eeb074746a8e6cb69f868dbb10660378f3bac58` Request headers Accept-Language fr-FR,fr;q=0.9 Referer https://outlook-com.mcrsoft.workers.dev/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Wed, 09 Feb 2022 13:59:19 GMT content-encoding br cf-cache-status HIT last-modified Mon, 20 Sep 2021 09:14:50 GMT server cloudflare etag W/"2b8d-5cc69b68ed680-gzip" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h%2FY8v84pmu1EWvXqkCTFrf6DFgpkd9TEmayXBOiB%2Fgr1XvM5hLUqKZFqLBP7cuCDee7MtSXd4w4hv7%2F%2FC7rEHEhL8t3lpWkHy0Ikhj9UCAJ4TAi7MlAQ3UsGLeSZnGXaYPXU90g45RwWSRaA0%2FwfTsh2Eg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css access-control-allow-origin * cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 6dad9e1b7c0932a6-CDG alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	ajax.js Show response breaking-security.ga/wmidentity/dist/js/	2 KB 1015 B	1028ms 951ms	Script application/javascript	2a06:98c1:3120::7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://breaking-security.ga/wmidentity/dist/js/ajax.js Requested by Host: outlook-com.mcrsoft.workers.dev URL: https://outlook-com.mcrsoft.workers.dev/?path=75f329fe8fb9c8d7f1b970e7418dcbd4d55960cc Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `9ef2175114ff436d5b3c754be35b9d07175b669704d36e3ec2c8441a1911ad9f` Request headers Accept-Language fr-FR,fr;q=0.9 Referer https://outlook-com.mcrsoft.workers.dev/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Wed, 09 Feb 2022 13:59:20 GMT content-encoding br cf-cache-status HIT last-modified Wed, 02 Feb 2022 02:43:58 GMT server cloudflare etag W/"624-5d6fffd495780-gzip" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PDAFvitY0w1p2C9M4SrrkjRIaQyg%2BFG5O4PKkCXEK2P0TUN4%2BTjUnpZ00azAOHzix3j75J7lCZIPyvbtab57UGjzN8KRHaSFbnneX7rxu7QQOrdJ0Y0WISE0eJHGggazAmrLhMkASDKIrJ6hDH8vJ4Xl8A%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript access-control-allow-origin * cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 6dad9e1b7c0d32a6-CDG alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET DATA	200 OK	truncated /	1 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `6710ee6e22d5e3e82f70554804806c37aac5789b110d944383ea393d93eb627a` Request headers Accept-Language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	7 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `257526b3e18469edef0487caa12d08b4ba2a9daffebc3ece45de636762471dbe` Request headers Accept-Language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Content-Type image/png
GET H2	200	segoeui-regular.ttf outlook-com.mcrsoft.workers.dev/images/	34 KB 23 KB	32ms 32ms	Font text/html	2a06:98c1:3121::7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://outlook-com.mcrsoft.workers.dev/images/segoeui-regular.ttf Requested by Host: outlook-com.mcrsoft.workers.dev URL: https://outlook-com.mcrsoft.workers.dev/?path=75f329fe8fb9c8d7f1b970e7418dcbd4d55960cc Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f9daa8b4a10b33fcc11ead7df6970141e6f61cccd69279b56fdc5a2f30a6457b` Request headers Referer https://outlook-com.mcrsoft.workers.dev/?path=75f329fe8fb9c8d7f1b970e7418dcbd4d55960cc Origin https://outlook-com.mcrsoft.workers.dev Accept-Language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Wed, 09 Feb 2022 13:59:19 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hE3Ng3aawdKbkJM8WAGyQD3JpHxpr9NNt1kBD7cwbqzkf8QH1KFBJPIBwFkCnGPLlbTCj5IeIIKZoxfKpjfShCf0shichzJ%2Fn2zH%2FyIeHw%2BhWFHKksulbD25w1BUqF0ZNt1hNfTK6Pdl0JX%2FN6Pt9aYSdDRUTZycb6adB4rI"}],"group":"cf-nel","max_age":604800} content-type text/html;charset=UTF-8 cf-ray 6dad9e1d4df2ee48-CDG alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	segoeui-semilight.ttf outlook-com.mcrsoft.workers.dev/images/	34 KB 23 KB	36ms 36ms	Font text/html	2a06:98c1:3121::7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://outlook-com.mcrsoft.workers.dev/images/segoeui-semilight.ttf Requested by Host: outlook-com.mcrsoft.workers.dev URL: https://outlook-com.mcrsoft.workers.dev/?path=75f329fe8fb9c8d7f1b970e7418dcbd4d55960cc Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f9daa8b4a10b33fcc11ead7df6970141e6f61cccd69279b56fdc5a2f30a6457b` Request headers Referer https://outlook-com.mcrsoft.workers.dev/?path=75f329fe8fb9c8d7f1b970e7418dcbd4d55960cc Origin https://outlook-com.mcrsoft.workers.dev Accept-Language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Wed, 09 Feb 2022 13:59:19 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xvkLMSuiL80T21y6gEpBECZh5hekVYk%2FsLIJi96SXskiQozzI%2FflHXT902%2Bj1hPWc7es0YxHrMtxaqsMyi6BqJf1RSG0sjEqdDfcH%2BVd550u4zWSqv2l8I%2FMaL0J4K9I0biWeDN0K%2FnGgAkXiQb8wxOD3MRLWp4f3BltvaJ0"}],"group":"cf-nel","max_age":604800} content-type text/html;charset=UTF-8 cf-ray 6dad9e1d4df8ee48-CDG alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Outlook Web Access (Online)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery object| f object| s

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://outlook-com.mcrsoft.workers.dev/?path=75f329fe8fb9c8d7f1b970e7418dcbd4d55960cc#ZGF2 Message: Failed to decode downloaded font: https://outlook-com.mcrsoft.workers.dev/images/segoeui-regular.ttf
other	warning	URL: https://outlook-com.mcrsoft.workers.dev/?path=75f329fe8fb9c8d7f1b970e7418dcbd4d55960cc#ZGF2 Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://outlook-com.mcrsoft.workers.dev/?path=75f329fe8fb9c8d7f1b970e7418dcbd4d55960cc#ZGF2 Message: Failed to decode downloaded font: https://outlook-com.mcrsoft.workers.dev/images/segoeui-semilight.ttf
other	warning	URL: https://outlook-com.mcrsoft.workers.dev/?path=75f329fe8fb9c8d7f1b970e7418dcbd4d55960cc#ZGF2 Message: OTS parsing error: invalid sfntVersion: 1008813135

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

12n97.trk.elasticemail.com
breaking-security.ga
code.jquery.com
login.mcrsoft.workers.dev
outlook-com.mcrsoft.workers.dev
2001:4de0:ac18::1:a:3b
2606:4700:3036::6815:2c60
2a06:98c1:3120::7
2a06:98c1:3121::7
87.98.174.124
1084b54ac1b62eff9f25b6f07eeb074746a8e6cb69f868dbb10660378f3bac58
257526b3e18469edef0487caa12d08b4ba2a9daffebc3ece45de636762471dbe
4de8fc175826d9f78fce9f9f2b71a63fe832fc7507e0394125c823b0909fa54a
6710ee6e22d5e3e82f70554804806c37aac5789b110d944383ea393d93eb627a
9ef2175114ff436d5b3c754be35b9d07175b669704d36e3ec2c8441a1911ad9f
a7c14ee84d81a536a4cd54e3a144f388f2174a4a5c409ae118ea49f0da6b4aa6
d4bbcd78eb52d487ad81aaf87e799cf38cf38a5b8b83abce38af3e80d59bf527
d9ed6586942003696afe4e52b09f343f8342244b51a9e175b75162d7e615207b
f9daa8b4a10b33fcc11ead7df6970141e6f61cccd69279b56fdc5a2f30a6457b
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

outlook-com.mcrsoft.workers.dev Open in urlscan Pro 2a06:98c1:3121::7 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

7 Requests

100 %HTTPS

80 %IPv6

4 Domains

5 Subdomains

5 IPs

3 Countries

105 kBTransfer

224 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

4 Console Messages

Indicators

outlook-com.mcrsoft.workers.dev Open in urlscan Pro
2a06:98c1:3121::7 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

100 %
HTTPS

80 %
IPv6

4
Domains

5
Subdomains

5
IPs

3
Countries

105 kB
Transfer

224 kB
Size

0
Cookies

7 HTTP transactions
5 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!