urlscan.io logo urlscan.io
SecurityTrails logo

login.outlook.gptgroup.com.au Open in urlscan Pro
3.25.162.208  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://account.outlook.gptgroup.com.au/
Effective URL: https://login.outlook.gptgroup.com.au/login.srf?wa=wsignin1.0&rpsnv=13&ct=1602033264&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2fo...
Submission: On October 07 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 12 HTTP transactions. The main IP is 3.25.162.208, located in Sydney, Australia and belongs to AMAZON-02, US. The main domain is login.outlook.gptgroup.com.au.
TLS certificate: Issued by Let's Encrypt Authority X3 on October 6th 2020. Valid for: 3 months.
This is the only time login.outlook.gptgroup.com.au was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
2 3 3.25.162.208 16509 (AMAZON-02)
10 192.229.221.185 15133 (EDGECAST)
1 2603:1026:207... 8075 (MICROSOFT...)
12 3
Domain Requested by
10 logincdn.msauth.net login.outlook.gptgroup.com.au
logincdn.msauth.net
1 outlook.office365.com logincdn.msauth.net
1 login.outlook.gptgroup.com.au
1 outlook.outlook.gptgroup.com.au 1 redirects
1 account.outlook.gptgroup.com.au 1 redirects
12 5

This site contains links to these domains. Also see Links.

Domain
signup.live.com
Subject Issuer Validity Valid
outlook.outlook.gptgroup.com.au
Let's Encrypt Authority X3		 2020-10-06 -
2021-01-04		 3 months crt.sh
identitycdn.msauth.net
DigiCert SHA2 Secure Server CA		 2020-07-20 -
2021-07-20		 a year crt.sh
outlook.com
DigiCert Cloud Services CA-1		 2020-07-02 -
2022-07-02		 2 years crt.sh

This page contains 2 frames:

Primary Page: https://login.outlook.gptgroup.com.au/login.srf?wa=wsignin1.0&rpsnv=13&ct=1602033264&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d5e593a8b-1395-71ee-65f4-062be9fb7f25&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
Frame ID: A14F8B8B3AD02CA28ED766DF1DEFD09E
Requests: 11 HTTP requests in this frame

Frame: https://outlook.office365.com/owa/prefetch.aspx?id=292841&mkt=EN-US
Frame ID: 285F24426EB544A035B9991A2C40753B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://account.outlook.gptgroup.com.au/ HTTP 302
    https://outlook.outlook.gptgroup.com.au/owa/?nlp=1 HTTP 302
    https://login.outlook.gptgroup.com.au/login.srf?wa=wsignin1.0&rpsnv=13&ct=1602033264&rver=7.0.6737.0&wp=MBI_SSL&wr... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

Page Statistics

12
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

5
Subdomains

3
IPs

3
Countries

171 kB
Transfer

570 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://account.outlook.gptgroup.com.au/ HTTP 302
    https://outlook.outlook.gptgroup.com.au/owa/?nlp=1 HTTP 302
    https://login.outlook.gptgroup.com.au/login.srf?wa=wsignin1.0&rpsnv=13&ct=1602033264&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d5e593a8b-1395-71ee-65f4-062be9fb7f25&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set login.srf
login.outlook.gptgroup.com.au/
Redirect Chain
  • https://account.outlook.gptgroup.com.au/
  • https://outlook.outlook.gptgroup.com.au/owa/?nlp=1
  • https://login.outlook.gptgroup.com.au/login.srf?wa=wsignin1.0&rpsnv=13&ct=1602033264&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d5e593a8b-13...
28 KB
29 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.outlook.gptgroup.com.au/login.srf?wa=wsignin1.0&rpsnv=13&ct=1602033264&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d5e593a8b-1395-71ee-65f4-062be9fb7f25&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.25.162.208 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-25-162-208.ap-southeast-2.compute.amazonaws.com
Software
Microsoft-IIS/10.0 /
Resource Hash
8c1bc2dab28b6f95f5a14f5d9088c4e6f6abbcc87bcdbc6de30d0791beab0963

Request headers

Host
login.outlook.gptgroup.com.au
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
logonLatency=LGN01=637376300641064238
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Cache-Control
max-age=0, no-store
Connection
close
Content-Type
text/html; charset=utf-8
Date
Wed, 07 Oct 2020 01:14:25 GMT
Expires
Wed, 07 Oct 2020 01:13:26 GMT
P3p
CP="DSP CUR OTPi IND OTRi ONL FIN"
Ppserver
PPV: 30 H: BL02PF4C8736034 V: 0
Referrer-Policy
strict-origin-when-cross-origin
Server
Microsoft-IIS/10.0
Set-Cookie
uaid=e50810d44795422ca745c001e20c6e77; Path=/; Domain=login.outlook.gptgroup.com.au; HttpOnly; Secure; SameSite=None MSPRequ=id=292841&lt=1602033266&co=1; Path=/; Domain=login.outlook.gptgroup.com.au; HttpOnly; Secure; SameSite=None MSCC=3.25.162.208-AU; Path=/; Domain=login.outlook.gptgroup.com.au; Expires=Mon, 01 Nov 2021 01:14:26 GMT; HttpOnly; Secure; SameSite=None OParams=11DaHpfTxIxi1rSNRyDLpCB2**OXpuJoh*vymBq*vFBzfreljqgNgZbU1DaFjQbn5rzjaQHEw5WJglTqrCa3LlZ2l3xeUSbgo0TZJlc9brzqYPJvfexdXwwNQCOTsYpIxQhYeQcTTRNysUBYXsf4HFr!6JYrSUXtfO7q4b2M9maMge6ugS4rMiCTsYez6!kTZGIjRHOEq!bK1Ivr7ZeTur6RukIKH7K5dxlIq5Y*XedvwZs*W9tOIgG7PWvdd719yEnafI7yHD6oUOU!VcfDx5FnQ0!AIBju1giG!S6UovqfHk2GpNyANTvnKSW1j6jvTDAANPuhstql!3vcHSHq3niW5pdLimIHGf45yjtPU0YXx99tNFPlJD6hlz8rYx*WgggeI9ZfyCWPkl0ax3dsgdQ1c9G*BqqQ0PpeDGyR3eQdGNh6XahKvUHway0MdqFKwSK9fBF4TUkcWmDK!okzQUDKf2h!mQb9tVf2lEM5WppTH0BtEomcJ*!sYlSB1zfxIk1FJZuWatB9Sk*tmpLICiL7Y$; Path=/; Domain=login.outlook.gptgroup.com.au; HttpOnly; Secure; SameSite=None MSPOK=$uuid-042febbc-ded5-4776-898f-e66350c79f48; Path=/; Domain=login.outlook.gptgroup.com.au; HttpOnly; Secure; SameSite=None
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Ms-Request-Id
d516bd4e-1efd-4ff2-8828-dbfa4c436fba

Redirect headers

Connection
close
Content-Type
text/html; charset=utf-8
Date
Wed, 07 Oct 2020 01:14:23 GMT
Location
https://login.outlook.gptgroup.com.au/login.srf?wa=wsignin1.0&rpsnv=13&ct=1602033264&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d5e593a8b-1395-71ee-65f4-062be9fb7f25&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
Nel
{"report_to":"NelOfficeUpload1","max_age":86400,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01} {"report_to":"NelOfficeUpload1","max_age":86400,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
P3p
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Report-To
{"group":"NelOfficeUpload1","max_age":86400,"endpoints":[{"url":"https://exo.nel.measure.office.net/api/report?cat=mdocs"}],"include_subdomains":true} {"group":"NelOfficeUpload1","max_age":86400,"endpoints":[{"url":"https://exo.nel.measure.office.net/api/report?cat=mdocs"}],"include_subdomains":true}
Request-Id
4b8b75b7-4f19-4424-9a38-9f1cf9351ef7
Set-Cookie
ClientId=9945380E4C694FE9A911E520D4A59DD2; Path=/; Expires=Thu, 07 Oct 2021 01:14:24 GMT; Secure; SameSite=None ClientId=9945380E4C694FE9A911E520D4A59DD2; Path=/; Expires=Thu, 07 Oct 2021 01:14:24 GMT; Secure; SameSite=None RoutingKeyCookie=; Path=/; Expires=Sun, 07 Oct 1990 01:14:24 GMT; Secure HostSwitchPrg=; Path=/; Expires=Sun, 07 Oct 1990 01:14:24 GMT; Secure OptInPrg=; Path=/; Expires=Sun, 07 Oct 1990 01:14:24 GMT; Secure logonLatency=LGN01=637376300641064238; Path=/; Domain=outlook.gptgroup.com.au; HttpOnly; Secure exchangecookie=ad9c3abbbdaf482d9f58b53f3c215cd4; Path=/; HttpOnly; Secure; SameSite=None RpsCsrfState.DWefTx6K7QhcMYv1B5AO4s9SNA6UCF6jq4Besvb_l_E=5e593a8b-1395-71ee-65f4-062be9fb7f25; Path=/; HttpOnly; Secure; SameSite=None ClientId=9945380E4C694FE9A911E520D4A59DD2; Path=/; Expires=Thu, 07 Oct 2021 01:14:24 GMT; Secure; SameSite=None RoutingKeyCookie=; Path=/; Expires=Sun, 07 Oct 1990 01:14:24 GMT; Secure HostSwitchPrg=; Path=/; Expires=Sun, 07 Oct 1990 01:14:24 GMT; Secure OptInPrg=; Path=/; Expires=Sun, 07 Oct 1990 01:14:24 GMT; Secure logonLatency=LGN01=637376300641064238; Path=/; Domain=outlook.gptgroup.com.au; HttpOnly; Secure exchangecookie=ad9c3abbbdaf482d9f58b53f3c215cd4; Path=/; HttpOnly; Secure; SameSite=None RpsCsrfState.DWefTx6K7QhcMYv1B5AO4s9SNA6UCF6jq4Besvb_l_E=5e593a8b-1395-71ee-65f4-062be9fb7f25; Path=/; HttpOnly; Secure; SameSite=None X-OWA-RedirectHistory=AhR7n8MBQuP2U15q2Ag; Path=/; Expires=Wed, 07 Oct 2020 07:16:24 GMT; HttpOnly; Secure; SameSite=None
Transfer-Encoding
chunked
X-Backend-Begin
2020-10-07T01:14:24.086
X-Backend-End
2020-10-07T01:14:24.108
X-Backendhttpstatus
302 302
X-Beserver
MEAPR01MB5032
X-Besku
WCS5
X-Calculatedbetarget
MEAPR01MB5032.ausprd01.prod.outlook.com
X-Calculatedfetarget
ME2PR01CU005.internal.outlook.com
X-Diaginfo
MEAPR01MB5032
X-Feproxyinfo
ME2PR01CA0112.AUSPRD01.PROD.OUTLOOK.COM
X-Feserver
ME2PR01CA0112 SYCPR01CA0020
X-Msedge-Ref
Ref A: CCD14149A30546D5A8EC3E694F2A4157 Ref B: SYD03EDGE0814 Ref C: 2020-10-07T01:14:24Z
X-Owa-Diagnosticsinfo
21;0;0
X-Proxy-Backendserverstatus
302
X-Proxy-Routingcorrectness
1
X-Rum-Validated
1
X-Ua-Compatible
IE=EmulateIE7
Converged_v21033_5plpI1P0_uKjrokWdqCoBw2.css
logincdn.msauth.net/16.000/ 		103 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://logincdn.msauth.net/16.000/Converged_v21033_5plpI1P0_uKjrokWdqCoBw2.css
Requested by
Host: login.outlook.gptgroup.com.au
URL: https://login.outlook.gptgroup.com.au/login.srf?wa=wsignin1.0&rpsnv=13&ct=1602033264&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d5e593a8b-1395-71ee-65f4-062be9fb7f25&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.185 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (mil/6C6A) /
Resource Hash
edc22ddb46d0dee7c192892cb834e4c9bfea54bf5fd324d01357d5249db8d6d4

Request headers

Referer
https://login.outlook.gptgroup.com.au/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 07 Oct 2020 01:14:26 GMT
content-encoding
gzip
content-md5
VBwBzy3TblLMnS1j3l8rDQ==
age
6704537
x-cache
HIT
status
200
content-length
19290
x-ms-lease-status
unlocked
last-modified
Sat, 11 Jul 2020 05:10:57 GMT
server
ECAcc (mil/6C6A)
etag
0x8D82558CBC4E5D5
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
905b9429-501e-0003-194c-5f2de5000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
ConvergedLoginPaginatedStrings.en_B1ZHW_gchzesEhuLkh22-g2.js
logincdn.msauth.net/16.000/content/js/ 		29 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://logincdn.msauth.net/16.000/content/js/ConvergedLoginPaginatedStrings.en_B1ZHW_gchzesEhuLkh22-g2.js
Requested by
Host: login.outlook.gptgroup.com.au
URL: https://login.outlook.gptgroup.com.au/login.srf?wa=wsignin1.0&rpsnv=13&ct=1602033264&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d5e593a8b-1395-71ee-65f4-062be9fb7f25&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.185 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (mil/6CA8) /
Resource Hash
44c9907a2b233c421aa427d4869636846bbb6ec2aae5730e111db35d3329703e

Request headers

Origin
https://login.outlook.gptgroup.com.au
Referer
https://login.outlook.gptgroup.com.au/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 07 Oct 2020 01:14:26 GMT
content-encoding
gzip
content-md5
vAa7ggWCYPf7lIts9iEIQQ==
age
4791970
x-cache
HIT
status
200
content-length
7708
x-ms-lease-status
unlocked
last-modified
Sat, 01 Aug 2020 05:12:37 GMT
server
ECAcc (mil/6CA8)
etag
0x8D835D982128FB3
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
9c1f3b4a-b01e-009c-3ab2-70556b000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
ConvergedLogin_PCore_dPUlFZDruMhcATtVx_0xNw2.js
logincdn.msauth.net/shared/1.0/content/js/ 		400 KB
110 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://logincdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_dPUlFZDruMhcATtVx_0xNw2.js
Requested by
Host: login.outlook.gptgroup.com.au
URL: https://login.outlook.gptgroup.com.au/login.srf?wa=wsignin1.0&rpsnv=13&ct=1602033264&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d5e593a8b-1395-71ee-65f4-062be9fb7f25&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.185 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (mil/6C8D) /
Resource Hash
cbb0052a1e7d0a4b8f4769a2f116f1e01d3f4257075fae7703ef08da65a277a0

Request headers

Origin
https://login.outlook.gptgroup.com.au
Referer
https://login.outlook.gptgroup.com.au/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 07 Oct 2020 01:14:26 GMT
content-encoding
gzip
content-md5
ZS9yBVezctkQ9UoGDURJ1g==
age
2252676
x-cache
HIT
status
200
content-length
112072
x-ms-lease-status
unlocked
last-modified
Tue, 11 Aug 2020 23:51:44 GMT
server
ECAcc (mil/6C8D)
etag
0x8D83E5180935E0D
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
a3f60cee-301e-0050-12ca-879d0f000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
Cookie set prefetch.aspx
outlook.office365.com/owa/ Frame 285F 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://outlook.office365.com/owa/prefetch.aspx?id=292841&mkt=EN-US
Requested by
Host: logincdn.msauth.net
URL: https://logincdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_dPUlFZDruMhcATtVx_0xNw2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2603:1026:207:163::2 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Host
outlook.office365.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://login.outlook.gptgroup.com.au/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://login.outlook.gptgroup.com.au/

Response headers

Cache-Control
private, no-store
Content-Length
1239
Content-Type
text/html; charset=utf-8
Content-Encoding
gzip
Vary
Accept-Encoding
Server
Microsoft-IIS/10.0
request-id
1e01ce31-5951-4cc6-94fd-44c011e0bc81
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains; preload
X-CalculatedFETarget
DB6PR07CU008.internal.outlook.com
X-BackEndHttpStatus
200 200
Set-Cookie
ClientId=62F042FF74DC49B9A6ABDB8F4FDA949E; expires=Thu, 07-Oct-2021 01:14:27 GMT; path=/;SameSite=None; secure ClientId=62F042FF74DC49B9A6ABDB8F4FDA949E; expires=Thu, 07-Oct-2021 01:14:27 GMT; path=/;SameSite=None; secure OIDC=1; expires=Wed, 07-Apr-2021 01:14:27 GMT; path=/;SameSite=None; secure; HttpOnly OWAPF=v:16.3790.0.2749802&l:mouse; path=/
X-FEProxyInfo
DB6PR07CA0203.EURPRD07.PROD.OUTLOOK.COM
X-CalculatedBETarget
DB7PR01MB4682.eurprd01.prod.exchangelabs.com
X-RUM-Validated
1
X-Content-Type-Options
nosniff
X-BeSku
WCS5
X-OWA-Version
15.20.3433.45
X-OWA-DiagnosticsInfo
2;0;0
X-BackEnd-Begin
2020-10-07T01:14:27.112
X-BackEnd-End
2020-10-07T01:14:27.115
X-DiagInfo
DB7PR01MB4682
X-BEServer
DB7PR01MB4682
X-UA-Compatible
IE=EmulateIE7
X-Proxy-RoutingCorrectness
1
Report-To
{"group":"NelOfficeUpload1","max_age":86400,"endpoints":[{"url":"https://exo.nel.measure.office.net/api/report?cat=mdocs"}],"include_subdomains":true} {"group":"NelOfficeUpload1","max_age":86400,"endpoints":[{"url":"https://exo.nel.measure.office.net/api/report?cat=mdocs"}],"include_subdomains":true}
NEL
{"report_to":"NelOfficeUpload1","max_age":86400,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01} {"report_to":"NelOfficeUpload1","max_age":86400,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
X-Proxy-BackendServerStatus
200
X-FEServer
DB6PR07CA0203 AM0PR01CA0131
Date
Wed, 07 Oct 2020 01:14:26 GMT
microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
logincdn.msauth.net/shared/1.0/content/images/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://logincdn.msauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.185 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (mil/6C0A) /
Resource Hash
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

Referer
https://login.outlook.gptgroup.com.au/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 07 Oct 2020 01:14:27 GMT
content-encoding
gzip
content-md5
nzaLxFgP7ZB3dfMcaybWzw==
age
10327577
x-cache
HIT
status
200
content-length
1435
x-ms-lease-status
unlocked
last-modified
Wed, 22 Jan 2020 00:32:50 GMT
server
ECAcc (mil/6C0A)
etag
0x8D79ED29CF0C29A
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
a625b9f8-d01e-0062-0759-3e511b000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
ellipsis_white_5ac590ee72bfe06a7cecfd75b588ad73.svg
logincdn.msauth.net/shared/1.0/content/images/ 		915 B
393 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://logincdn.msauth.net/shared/1.0/content/images/ellipsis_white_5ac590ee72bfe06a7cecfd75b588ad73.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.185 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (mil/6C0B) /
Resource Hash
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea

Request headers

Referer
https://login.outlook.gptgroup.com.au/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 07 Oct 2020 01:14:27 GMT
content-encoding
gzip
content-md5
HMwsHhNXdtrfirQDkzcqMA==
age
10327577
x-cache
HIT
status
200
content-length
263
x-ms-lease-status
unlocked
last-modified
Wed, 22 Jan 2020 00:32:50 GMT
server
ECAcc (mil/6C0B)
etag
0x8D79ED29CD434F1
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
689261bf-f01e-0033-4559-3eec9c000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg
logincdn.msauth.net/shared/1.0/content/images/ 		915 B
392 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://logincdn.msauth.net/shared/1.0/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.185 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (mil/6C17) /
Resource Hash
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6

Request headers

Referer
https://login.outlook.gptgroup.com.au/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 07 Oct 2020 01:14:27 GMT
content-encoding
gzip
content-md5
/a3y/mpA+HRaVAiPACrsog==
age
10327577
x-cache
HIT
status
200
content-length
263
x-ms-lease-status
unlocked
last-modified
Wed, 22 Jan 2020 00:32:50 GMT
server
ECAcc (mil/6C17)
etag
0x8D79ED29CB2C46E
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
892b2aee-001e-0048-0b59-3e0508000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg
logincdn.msauth.net/shared/1.0/content/images/ 		915 B
330 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://logincdn.msauth.net/shared/1.0/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg
Requested by
Host: logincdn.msauth.net
URL: https://logincdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_dPUlFZDruMhcATtVx_0xNw2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.185 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (mil/6C17) /
Resource Hash
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6

Request headers

Referer
https://login.outlook.gptgroup.com.au/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 07 Oct 2020 01:14:27 GMT
content-encoding
gzip
content-md5
/a3y/mpA+HRaVAiPACrsog==
age
10327577
x-cache
HIT
status
200
content-length
263
x-ms-lease-status
unlocked
last-modified
Wed, 22 Jan 2020 00:32:50 GMT
server
ECAcc (mil/6C17)
etag
0x8D79ED29CB2C46E
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
892b2aee-001e-0048-0b59-3e0508000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
2_bc3d32a696895f78c19df6c717586a5d.svg
logincdn.msauth.net/shared/1.0/content/images/backgrounds/ 		2 KB
826 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://logincdn.msauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
Requested by
Host: login.outlook.gptgroup.com.au
URL: https://login.outlook.gptgroup.com.au/pp1600/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.185 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (mil/6CD4) /
Resource Hash
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68

Request headers

Referer
https://login.outlook.gptgroup.com.au/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 07 Oct 2020 01:14:27 GMT
content-encoding
gzip
content-md5
DhdidjYrlCeaRJJRG/y9mA==
age
10327577
x-cache
HIT
status
200
content-length
673
x-ms-lease-status
unlocked
last-modified
Wed, 12 Feb 2020 22:01:42 GMT
server
ECAcc (mil/6CD4)
etag
0x8D7B00724D9E930
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
925b4b48-d01e-0006-5c59-3e3844000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg
logincdn.msauth.net/shared/1.0/content/images/ 		900 B
382 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://logincdn.msauth.net/shared/1.0/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.185 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (mil/6C8C) /
Resource Hash
61d7ccc5d2c41bf86be6cefb0063405067849ba64e9f219f60596ef09a54a942

Request headers

Referer
https://login.outlook.gptgroup.com.au/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 07 Oct 2020 01:14:27 GMT
content-encoding
gzip
content-md5
GapJ5vNFgRzr6JUAPI/Pxw==
age
10327577
x-cache
HIT
status
200
content-length
252
x-ms-lease-status
unlocked
last-modified
Wed, 22 Jan 2020 00:32:50 GMT
server
ECAcc (mil/6C8C)
etag
0x8D79ED29C78BE93
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
5347b02e-301e-0032-2c59-3e1291000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
documentation_bcb4d1dc4eae64f0b2b2538209d8435a.svg
logincdn.msauth.net/shared/1.0/content/images/ 		2 KB
758 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://logincdn.msauth.net/shared/1.0/content/images/documentation_bcb4d1dc4eae64f0b2b2538209d8435a.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.185 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (mil/6C72) /
Resource Hash
a76c08e9cdc3bb87bfb57627ad8f6b46f0e5ef826cc7f046dfbaf25d7b7958ea

Request headers

Referer
https://login.outlook.gptgroup.com.au/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 07 Oct 2020 01:14:27 GMT
content-encoding
gzip
content-md5
6dTbAT1RVL9d6geobv3IJg==
age
10327577
x-cache
HIT
status
200
content-length
606
x-ms-lease-status
unlocked
last-modified
Wed, 22 Jan 2020 00:32:48 GMT
server
ECAcc (mil/6C72)
etag
0x8D79ED29BA5E089
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
87441734-a01e-003d-0159-3e2d72000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes object| PROOF function| $Loader object| $Do function| $DepLoader object| g_dtFirstByte object| g_objPageMode number| g_iSRSFailed string| g_sSRSSuccess function| SRSRetry object| ServerData object| HIP object| UXResourceDependencies function| WhenAllLoaded object| StringRepository boolean| __ConvergedLoginPaginatedStrings object| webpackJsonp object| ko boolean| __ConvergedLogin_PCore

7 Cookies

Domain/Path Name / Value
.login.outlook.gptgroup.com.au/ Name: MSPOK
Value: $uuid-042febbc-ded5-4776-898f-e66350c79f48
outlook.office365.com/ Name: ClientId
Value: 62F042FF74DC49B9A6ABDB8F4FDA949E
.login.outlook.gptgroup.com.au/ Name: OParams
Value: 11DaHpfTxIxi1rSNRyDLpCB2**OXpuJoh*vymBq*vFBzfreljqgNgZbU1DaFjQbn5rzjaQHEw5WJglTqrCa3LlZ2l3xeUSbgo0TZJlc9brzqYPJvfexdXwwNQCOTsYpIxQhYeQcTTRNysUBYXsf4HFr!6JYrSUXtfO7q4b2M9maMge6ugS4rMiCTsYez6!kTZGIjRHOEq!bK1Ivr7ZeTur6RukIKH7K5dxlIq5Y*XedvwZs*W9tOIgG7PWvdd719yEnafI7yHD6oUOU!VcfDx5FnQ0!AIBju1giG!S6UovqfHk2GpNyANTvnKSW1j6jvTDAANPuhstql!3vcHSHq3niW5pdLimIHGf45yjtPU0YXx99tNFPlJD6hlz8rYx*WgggeI9ZfyCWPkl0ax3dsgdQ1c9G*BqqQ0PpeDGyR3eQdGNh6XahKvUHway0MdqFKwSK9fBF4TUkcWmDK!okzQUDKf2h!mQb9tVf2lEM5WppTH0BtEomcJ*!sYlSB1zfxIk1FJZuWatB9Sk*tmpLICiL7Y$
outlook.office365.com/ Name: OIDC
Value: 1
.login.outlook.gptgroup.com.au/ Name: MSCC
Value: 3.25.162.208-AU
.login.outlook.gptgroup.com.au/ Name: MSPRequ
Value: id=292841&lt=1602033266&co=1
.login.outlook.gptgroup.com.au/ Name: uaid
Value: e50810d44795422ca745c001e20c6e77