urlscan.io logo urlscan.io
SecurityTrails logo

1liveoutlook.vercel.app Open in urlscan Pro
76.76.21.21  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://1liveoutlook.vercel.app/
Submission: On August 18 via manual from IN
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 4 countries across 5 domains to perform 23 HTTP transactions. The main IP is 76.76.21.21, located in United States and belongs to AMAZON-02, US. The main domain is 1liveoutlook.vercel.app.
TLS certificate: Issued by R3 on August 16th 2021. Valid for: 3 months.
This is the only time 1liveoutlook.vercel.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 76.76.21.21 16509 (AMAZON-02)
18 152.199.23.37 15133 (EDGECAST)
1 2620:1ec:a92:... 8068 (MICROSOFT...)
1 1 2603:1026:c0d... 8075 (MICROSOFT...)
1 2603:1026:100... 8075 (MICROSOFT...)
1 2603:1026:240... 8075 (MICROSOFT...)
1 2a02:26f0:fb:... 20940 (AKAMAI-ASN1)
23 6
1    76.76.21.21 (United States)

ASN16509 (AMAZON-02, US)
1liveoutlook.vercel.app
18    152.199.23.37 (United States)

ASN15133 (EDGECAST, US)
aadcdn.msftauth.net
1    2620:1ec:a92::156 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.office.com
1    2603:1026:c0d:c02::2 (Frankfurt am Main, Germany)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
outlook.office365.com
1    2603:1026:100:14::2 (Paris, France)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
outlook.office.com
1    2603:1026:2404:1::1 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
webshell.suite.office.com
1    2a02:26f0:fb:5b2::4b36 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
shell.cdn.office.net
Domain Requested by
18 aadcdn.msftauth.net 1liveoutlook.vercel.app
1 shell.cdn.office.net webshell.suite.office.com
1 webshell.suite.office.com 1liveoutlook.vercel.app
1 outlook.office.com 1liveoutlook.vercel.app
1 outlook.office365.com 1 redirects
1 www.office.com 1liveoutlook.vercel.app
1 1liveoutlook.vercel.app
23 7

This site contains no links.

Subject Issuer Validity Valid
*.vercel.app
R3		 2021-08-16 -
2021-11-14		 3 months crt.sh
aadcdn.msftauth.net
DigiCert SHA2 Secure Server CA		 2021-05-13 -
2022-05-13		 a year crt.sh
portal.office.com
DigiCert Cloud Services CA-1		 2021-03-24 -
2022-03-23		 a year crt.sh
outlook.com
DigiCert Cloud Services CA-1		 2020-07-02 -
2022-07-02		 2 years crt.sh
webshell.suite.office.com
DigiCert Cloud Services CA-1		 2020-07-21 -
2022-07-21		 2 years crt.sh
*.cdn.office.net
Microsoft RSA TLS CA 01		 2021-01-26 -
2022-01-26		 a year crt.sh

This page contains 4 frames:

Primary Page: https://1liveoutlook.vercel.app/
Frame ID: 147E6C2786497BE70521294057DF4D29
Requests: 19 HTTP requests in this frame

Frame: https://www.office.com/logout?sid=494fe386-9fa1-4fbf-885f-5038fa243363
Frame ID: 301F9D848EEB784FA4A0ADF8EF8F8967
Requests: 1 HTTP requests in this frame

Frame: https://outlook.office.com/owa/auth/logoff.aspx?cmd=logoff&exlive=1&lgtype=1&sid=494fe386-9fa1-4fbf-885f-5038fa243363&pngSites=none
Frame ID: 4C87F1D81DCDA220411F957D19251301
Requests: 1 HTTP requests in this frame

Frame: https://webshell.suite.office.com/iframe/TokenFactoryIframe/Logout?sid=494fe386-9fa1-4fbf-885f-5038fa243363
Frame ID: B410F8DE2592E67D7E1A6C20951FF910
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Statistics

23
Requests

100 %
HTTPS

71 %
IPv6

5
Domains

7
Subdomains

6
IPs

4
Countries

646 kB
Transfer

1243 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 7
  • https://outlook.office365.com/owa/auth/logoff.aspx?cmd=logoff&exlive=1&lgtype=1&sid=494fe386-9fa1-4fbf-885f-5038fa243363 HTTP 302
  • https://outlook.office.com/owa/auth/logoff.aspx?cmd=logoff&exlive=1&lgtype=1&sid=494fe386-9fa1-4fbf-885f-5038fa243363&pngSites=none

23 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
1liveoutlook.vercel.app/ 		32 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://1liveoutlook.vercel.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
60f25217690579b5cc467e032a6407f5985c883edd2d5586554a061b4a6536e2
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

:method
GET
:authority
1liveoutlook.vercel.app
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 18 Aug 2021 00:31:47 GMT
content-type
text/html; charset=utf-8
content-disposition
inline; filename="index.html"
cache-control
public, max-age=0, must-revalidate
access-control-allow-origin
*
etag
W/"60f25217690579b5cc467e032a6407f5985c883edd2d5586554a061b4a6536e2"
x-vercel-cache
MISS
age
0
server
Vercel
x-vercel-id
arn1::frxd5-1629246706083-f4b19aa3d9a5
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
converged.v2.login.min_59_uuouser7hrkmvbaz1jw2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 		106 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_59_uuouser7hrkmvbaz1jw2.css
Requested by
Host: 1liveoutlook.vercel.app
URL: https://1liveoutlook.vercel.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (lhd/35F5) /
Resource Hash
1e3dceb93e7c252036cfcded7e108e7e2473dae923a2401a84dd7925f5a9f0ad

Request headers

Origin
https://1liveoutlook.vercel.app
Referer
https://1liveoutlook.vercel.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 18 Aug 2021 00:31:47 GMT
content-encoding
gzip
content-md5
bjqCIB9rMEZAA8TrOKRGgQ==
age
21854476
x-cache
HIT
content-length
19771
x-ms-lease-status
unlocked
last-modified
Sat, 17 Oct 2020 19:18:26 GMT
server
ECAcc (lhd/35F5)
etag
0x8D872D16C711C33
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
f09ca56f-401e-0009-0a04-cd07a7000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
jquery.1.11.min__yok_chwseypwbmuffnnaa2.js
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 		109 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/jquery.1.11.min__yok_chwseypwbmuffnnaa2.js
Requested by
Host: 1liveoutlook.vercel.app
URL: https://1liveoutlook.vercel.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (lhd/370F) /
Resource Hash
35cceb3348d8d50cb9d46478114cc11727f9b3e78b08fc7f07101aea4bad7d1c

Request headers

Origin
https://1liveoutlook.vercel.app
Referer
https://1liveoutlook.vercel.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 18 Aug 2021 00:31:47 GMT
content-encoding
gzip
content-md5
rh/aFGJ6VR89aDdTZ7hodQ==
age
21854467
x-cache
HIT
content-length
38927
x-ms-lease-status
unlocked
last-modified
Thu, 22 Oct 2020 20:43:26 GMT
server
ECAcc (lhd/370F)
etag
0x8D876CB2080AB77
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
6867497b-f01e-0033-3b04-cdec9c000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
aad.login.min_ynywyfekfmsp3ljup2epra2.js
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 		176 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/aad.login.min_ynywyfekfmsp3ljup2epra2.js
Requested by
Host: 1liveoutlook.vercel.app
URL: https://1liveoutlook.vercel.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (lhd/35E4) /
Resource Hash
4a3c3d489ffcf962a1279ebe7e1ba3582e4debffdde6ef9a0ff2b4bd839a53b9

Request headers

Origin
https://1liveoutlook.vercel.app
Referer
https://1liveoutlook.vercel.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 18 Aug 2021 00:31:47 GMT
content-encoding
gzip
content-md5
7Zr/RHMNzHhijIc1jDYQ/w==
age
21854467
x-cache
HIT
content-length
44333
x-ms-lease-status
unlocked
last-modified
Thu, 22 Oct 2020 20:43:13 GMT
server
ECAcc (lhd/35E4)
etag
0x8D876CB187B0320
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
10626564-601e-005e-5604-cd5ce1000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
microsoft_logo_7zyesnzhfxur7eprws2m2q2.png
aadcdn.msftauth.net/ests/2.1/content/images/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/images/microsoft_logo_7zyesnzhfxur7eprws2m2q2.png
Requested by
Host: 1liveoutlook.vercel.app
URL: https://1liveoutlook.vercel.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (lhd/35B3) /
Resource Hash
f664b8138c2da6ec7565500a7cc839da6372614a31dc04c5a2169a26b8d9767c

Request headers

Referer
https://1liveoutlook.vercel.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 18 Aug 2021 00:31:47 GMT
content-md5
7ZyesNzhfXUr7eprWs2m2Q==
age
67927
x-cache
HIT
content-length
1057
x-ms-lease-status
unlocked
last-modified
Fri, 02 Nov 2018 20:25:21 GMT
server
ECAcc (lhd/35B3)
etag
0x8D6410150617FD9
content-type
image/png
access-control-allow-origin
*
x-ms-request-id
8723df09-501e-0089-4f2a-93ffe2000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=604800
x-ms-version
2009-09-19
accept-ranges
bytes
0-small_e4vo5it6bo-bdehiean-dq2.jpg
aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/0-small_e4vo5it6bo-bdehiean-dq2.jpg
Requested by
Host: 1liveoutlook.vercel.app
URL: https://1liveoutlook.vercel.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (lhd/35E6) /
Resource Hash
f89e908280791803bbf1f33b596ff4a2179b355a8e15ad02ebaa2b1da11127ea

Request headers

Referer
https://1liveoutlook.vercel.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 18 Aug 2021 00:31:47 GMT
content-md5
E4vO5iT6BO+bdehiEan+DQ==
age
62040
x-cache
HIT
content-length
3006
x-ms-lease-status
unlocked
last-modified
Fri, 02 Nov 2018 20:26:15 GMT
server
ECAcc (lhd/35E6)
etag
0x8D64101701CB973
content-type
image/jpeg
access-control-allow-origin
*
x-ms-request-id
0927e315-b01e-0016-6a37-93876c000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=604800
x-ms-version
2009-09-19
accept-ranges
bytes
0_pdvuot_2pyxh5ith335y8a2.jpg
aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/ 		277 KB
277 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/0_pdvuot_2pyxh5ith335y8a2.jpg
Requested by
Host: 1liveoutlook.vercel.app
URL: https://1liveoutlook.vercel.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (lhd/35E1) /
Resource Hash
211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb

Request headers

Referer
https://1liveoutlook.vercel.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 18 Aug 2021 00:31:47 GMT
content-md5
pdvUOT/2pyXH5ith335y8A==
age
63516
x-cache
HIT
content-length
283351
x-ms-lease-status
unlocked
last-modified
Fri, 02 Nov 2018 20:26:15 GMT
server
ECAcc (lhd/35E1)
etag
0x8D641017036B05E
content-type
image/jpeg
access-control-allow-origin
*
x-ms-request-id
2571acb8-101e-0020-1d34-93a0d4000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=604800
x-ms-version
2009-09-19
accept-ranges
bytes
logout
www.office.com/ Frame 301F 		893 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.office.com/logout?sid=494fe386-9fa1-4fbf-885f-5038fa243363
Requested by
Host: 1liveoutlook.vercel.app
URL: https://1liveoutlook.vercel.app/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:a92::156 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
760a468144b22ebe39784f178352c0c86d5b26bf70b9d69e244753e47e407ac0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.office.com
:scheme
https
:path
/logout?sid=494fe386-9fa1-4fbf-885f-5038fa243363
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://1liveoutlook.vercel.app/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://1liveoutlook.vercel.app/

Response headers

cache-control
no-cache
pragma
no-cache
content-type
text/html; charset=utf-8
content-encoding
gzip
vary
Accept-Encoding
set-cookie
OH.SID=98f8a9f7-2b6e-4af1-9fb2-05ff198cd56b; path=/; secure; samesite=none; httponly OH.DCAffinity=OH-weu; expires=Wed, 18 Aug 2021 08:31:47 GMT; path=/; secure; samesite=none; httponly OH.FLID=4241bbf9-4b1d-4953-9e17-a153173492bb; expires=Thu, 18 Aug 2022 00:31:47 GMT; path=/; secure; samesite=none; httponly UserIndex=; expires=Tue, 17 Aug 2021 00:31:47 GMT; path=/; secure; samesite=none; httponly
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge,chrome=1
x-cache
CONFIG_NOCACHE
x-msedge-ref
Ref A: 0C19B9FBF98541789CAB51C81981A622 Ref B: AMS04EDGE1722 Ref C: 2021-08-18T00:31:47Z
date
Wed, 18 Aug 2021 00:31:47 GMT
logoff.aspx
outlook.office.com/owa/auth/ Frame 4C87
Redirect Chain
  • https://outlook.office365.com/owa/auth/logoff.aspx?cmd=logoff&exlive=1&lgtype=1&sid=494fe386-9fa1-4fbf-885f-5038fa243363
  • https://outlook.office.com/owa/auth/logoff.aspx?cmd=logoff&exlive=1&lgtype=1&sid=494fe386-9fa1-4fbf-885f-5038fa243363&pngSites=none
263 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://outlook.office.com/owa/auth/logoff.aspx?cmd=logoff&exlive=1&lgtype=1&sid=494fe386-9fa1-4fbf-885f-5038fa243363&pngSites=none
Requested by
Host: 1liveoutlook.vercel.app
URL: https://1liveoutlook.vercel.app/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2603:1026:100:14::2 Paris, France, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
7ad1ad65fa56e4154d943099b98bcf6d8dd59df30f637f1088b2c228bb5a5c79
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

:method
GET
:authority
outlook.office.com
:scheme
https
:path
/owa/auth/logoff.aspx?cmd=logoff&exlive=1&lgtype=1&sid=494fe386-9fa1-4fbf-885f-5038fa243363&pngSites=none
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://1liveoutlook.vercel.app/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://1liveoutlook.vercel.app/

Response headers

cache-control
private
content-type
image/gif
server
Microsoft-IIS/10.0
request-id
0be38a33-43f0-c0bb-bb06-eb6611dce21d
strict-transport-security
max-age=31536000; includeSubDomains; preload
p3p
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
x-aspnet-version
4.0.30319
set-cookie
UserContext=; expires=Sun, 18-Aug-1991 00:31:47 GMT; path=/; secure SuiteServiceProxyKey=; expires=Sun, 18-Aug-1991 00:31:47 GMT; path=/; secure DefaultAnchorMailbox=; expires=Sun, 18-Aug-1991 00:31:47 GMT; path=/; secure O365Consumer=; expires=Sun, 18-Aug-1991 00:31:47 GMT; path=/; secure HostSwitchPrg=; expires=Sun, 18-Aug-1991 00:31:47 GMT; path=/; secure SdfV2LDomain=; expires=Sun, 18-Aug-1991 00:31:47 GMT; path=/; secure OptInPrg=; expires=Sun, 18-Aug-1991 00:31:47 GMT; path=/; secure LI=; expires=Sun, 18-Aug-1991 00:31:47 GMT; path=/; secure UserContext=; domain=outlook.office.com; expires=Sun, 18-Aug-1991 00:31:47 GMT; path=/; secure SuiteServiceProxyKey=; domain=outlook.office.com; expires=Sun, 18-Aug-1991 00:31:47 GMT; path=/; secure DefaultAnchorMailbox=; domain=outlook.office.com; expires=Sun, 18-Aug-1991 00:31:47 GMT; path=/; secure O365Consumer=; domain=outlook.office.com; expires=Sun, 18-Aug-1991 00:31:47 GMT; path=/; secure HostSwitchPrg=; domain=outlook.office.com; expires=Sun, 18-Aug-1991 00:31:47 GMT; path=/; secure SdfV2LDomain=; domain=outlook.office.com; expires=Sun, 18-Aug-1991 00:31:47 GMT; path=/; secure OptInPrg=; domain=outlook.office.com; expires=Sun, 18-Aug-1991 00:31:47 GMT; path=/; secure LI=; domain=outlook.office.com; expires=Sun, 18-Aug-1991 00:31:47 GMT; path=/; secure RPSAuth=; domain=outlook.office.com; expires=Thu, 30-Oct-1980 16:00:00 GMT; path=/;SameSite=None RPSSecAuth=; domain=outlook.office.com; expires=Thu, 30-Oct-1980 16:00:00 GMT; path=/;SameSite=None; secure RPSClearCT=; domain=outlook.office.com; expires=Thu, 30-Oct-1980 16:00:00 GMT; path=/;SameSite=None; secure
x-powered-by
ASP.NET
date
Wed, 18 Aug 2021 00:31:47 GMT

Redirect headers

Cache-Control
no-cache
Pragma
no-cache
Content-Type
text/html; charset=utf-8
Expires
-1
Location
https://outlook.office.com/owa/auth/logoff.aspx?cmd=logoff&exlive=1&lgtype=1&sid=494fe386-9fa1-4fbf-885f-5038fa243363&pngSites=none
Server
Microsoft-IIS/10.0
request-id
013de353-4834-dba5-a8a4-d8179032b199
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
P3P
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie
UserContext=; expires=Sun, 18-Aug-1991 00:31:47 GMT; path=/; secure SuiteServiceProxyKey=; expires=Sun, 18-Aug-1991 00:31:47 GMT; path=/; secure DefaultAnchorMailbox=; expires=Sun, 18-Aug-1991 00:31:47 GMT; path=/; secure O365Consumer=; expires=Sun, 18-Aug-1991 00:31:47 GMT; path=/; secure HostSwitchPrg=; expires=Sun, 18-Aug-1991 00:31:47 GMT; path=/; secure SdfV2LDomain=; expires=Sun, 18-Aug-1991 00:31:47 GMT; path=/; secure OptInPrg=; expires=Sun, 18-Aug-1991 00:31:47 GMT; path=/; secure LI=; expires=Sun, 18-Aug-1991 00:31:47 GMT; path=/; secure UserContext=; domain=outlook.office365.com; expires=Sun, 18-Aug-1991 00:31:47 GMT; path=/; secure SuiteServiceProxyKey=; domain=outlook.office365.com; expires=Sun, 18-Aug-1991 00:31:47 GMT; path=/; secure DefaultAnchorMailbox=; domain=outlook.office365.com; expires=Sun, 18-Aug-1991 00:31:47 GMT; path=/; secure O365Consumer=; domain=outlook.office365.com; expires=Sun, 18-Aug-1991 00:31:47 GMT; path=/; secure HostSwitchPrg=; domain=outlook.office365.com; expires=Sun, 18-Aug-1991 00:31:47 GMT; path=/; secure SdfV2LDomain=; domain=outlook.office365.com; expires=Sun, 18-Aug-1991 00:31:47 GMT; path=/; secure OptInPrg=; domain=outlook.office365.com; expires=Sun, 18-Aug-1991 00:31:47 GMT; path=/; secure LI=; domain=outlook.office365.com; expires=Sun, 18-Aug-1991 00:31:47 GMT; path=/; secure RPSAuth=; domain=outlook.office365.com; expires=Thu, 30-Oct-1980 16:00:00 GMT; path=/;SameSite=None RPSSecAuth=; domain=outlook.office365.com; expires=Thu, 30-Oct-1980 16:00:00 GMT; path=/;SameSite=None; secure RPSClearCT=; domain=outlook.office365.com; expires=Thu, 30-Oct-1980 16:00:00 GMT; path=/;SameSite=None; secure
X-Powered-By
ASP.NET
Date
Wed, 18 Aug 2021 00:31:47 GMT
Content-Length
264
Logout
webshell.suite.office.com/iframe/TokenFactoryIframe/ Frame B410 		440 B
968 B 		Document
General
Check archive.org
Download Go to
Full URL
https://webshell.suite.office.com/iframe/TokenFactoryIframe/Logout?sid=494fe386-9fa1-4fbf-885f-5038fa243363
Requested by
Host: 1liveoutlook.vercel.app
URL: https://1liveoutlook.vercel.app/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2603:1026:2404:1::1 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Kestrel /
Resource Hash
adef966e25f4814cf48dea18c57f10d10ed13f5f47c654cf4c8a553abfcb651d
Security Headers
Name Value
Content-Security-Policy default-src 'none'; frame-src *; script-src https://shell.cdn.office.net 'nonce-4XsBjymSPu26UqYGRDwpmpc+5AqWGm1vOtnDs8Xa840=' 'unsafe-inline'; connect-src *;
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff

Request headers

:method
GET
:authority
webshell.suite.office.com
:scheme
https
:path
/iframe/TokenFactoryIframe/Logout?sid=494fe386-9fa1-4fbf-885f-5038fa243363
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://1liveoutlook.vercel.app/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://1liveoutlook.vercel.app/

Response headers

cache-control
private,max-age=3600
date
Wed, 18 Aug 2021 00:31:46 GMT
content-type
text/html; charset=utf-8
server
Kestrel
x-content-type-options
nosniff
strict-transport-security
max-age=2592000
content-security-policy
default-src 'none'; frame-src *; script-src https://shell.cdn.office.net 'nonce-4XsBjymSPu26UqYGRDwpmpc+5AqWGm1vOtnDs8Xa840=' 'unsafe-inline'; connect-src *;
cross-origin-resource-policy
cross-origin
x-o365suiteuxshell-correlationid
ec412fb5-55ba-44ea-9952-d639a62d17b7
suiteux.shell.tokenfactoryiframe.82e713fa4ad10e1f793f.js
shell.cdn.office.net/shellux/o365/versionless/ Frame B410 		142 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://shell.cdn.office.net/shellux/o365/versionless/suiteux.shell.tokenfactoryiframe.82e713fa4ad10e1f793f.js
Requested by
Host: webshell.suite.office.com
URL: https://webshell.suite.office.com/iframe/TokenFactoryIframe/Logout?sid=494fe386-9fa1-4fbf-885f-5038fa243363
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:fb:5b2::4b36 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
9760576a5ea7ae48942c0ae955afb3c025ef25ad2e398fb92eda22ed825af56a

Request headers

Referer
https://webshell.suite.office.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 18 Aug 2021 00:31:47 GMT
content-encoding
br
x-cdn
9, 54
content-md5
Pu76xPBZz8jVHJU9A1TSVQ==
x-cache-start
1625174783, 1625174792, 1625174837, 1625174837
content-length
36241
x-ms-lease-status
unlocked
last-modified
Tue, 29 Jun 2021 20:30:47 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D93B3CC710E0CD
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
088bf219-c01e-0078-75bf-6e85b5000000
cache-control
max-age=1209600
access-control-allow-credentials
true
x-ms-version
2009-09-19
timing-allow-origin
*
microsoft_logo_7zyesnzhfxur7eprws2m2q2.png
aadcdn.msftauth.net/ests/2.1/content/images/ 		0
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/images/microsoft_logo_7zyesnzhfxur7eprws2m2q2.png
Requested by
Host: 1liveoutlook.vercel.app
URL: https://1liveoutlook.vercel.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (lhd/35B3) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://1liveoutlook.vercel.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 18 Aug 2021 00:31:47 GMT
content-md5
7ZyesNzhfXUr7eprWs2m2Q==
age
67927
x-cache
HIT
content-length
1057
x-ms-lease-status
unlocked
last-modified
Fri, 02 Nov 2018 20:25:21 GMT
server
ECAcc (lhd/35B3)
etag
0x8D6410150617FD9
content-type
image/png
access-control-allow-origin
*
x-ms-request-id
8723df09-501e-0089-4f2a-93ffe2000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=604800
x-ms-version
2009-09-19
accept-ranges
bytes
work_account_gwpgszjrdzmg9t-etotdlg2.png
aadcdn.msftauth.net/ests/2.1/content/images/ 		0
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/images/work_account_gwpgszjrdzmg9t-etotdlg2.png
Requested by
Host: 1liveoutlook.vercel.app
URL: https://1liveoutlook.vercel.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (lhd/35FB) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://1liveoutlook.vercel.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 18 Aug 2021 00:31:47 GMT
content-md5
GWPGsZJrdzmG9T+ETOTDLg==
age
59862
x-cache
HIT
content-length
1487
x-ms-lease-status
unlocked
last-modified
Fri, 02 Nov 2018 20:25:45 GMT
server
ECAcc (lhd/35FB)
etag
0x8D641015E39CEB4
content-type
image/png
access-control-allow-origin
*
x-ms-request-id
4e977aff-c01e-006e-093d-939d98000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=604800
x-ms-version
2009-09-19
accept-ranges
bytes
personal_account_d3k1lqya8k5_mmblgg85rq2.png
aadcdn.msftauth.net/ests/2.1/content/images/ 		0
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/images/personal_account_d3k1lqya8k5_mmblgg85rq2.png
Requested by
Host: 1liveoutlook.vercel.app
URL: https://1liveoutlook.vercel.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (lhd/35FE) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://1liveoutlook.vercel.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 18 Aug 2021 00:31:47 GMT
content-md5
D3K1lQYA8k5/mmBLGG85RQ==
age
59862
x-cache
HIT
content-length
1335
x-ms-lease-status
unlocked
last-modified
Fri, 02 Nov 2018 20:25:24 GMT
server
ECAcc (lhd/35FE)
etag
0x8D64101523A34D6
content-type
image/png
access-control-allow-origin
*
x-ms-request-id
fce98270-d01e-0000-5f3d-93de85000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=604800
x-ms-version
2009-09-19
accept-ranges
bytes
converged.v2.login.min_59_uuouser7hrkmvbaz1jw2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 		0
20 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_59_uuouser7hrkmvbaz1jw2.css
Requested by
Host: 1liveoutlook.vercel.app
URL: https://1liveoutlook.vercel.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (lhd/35F5) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://1liveoutlook.vercel.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 18 Aug 2021 00:31:47 GMT
content-encoding
gzip
content-md5
bjqCIB9rMEZAA8TrOKRGgQ==
age
21854476
x-cache
HIT
content-length
19771
x-ms-lease-status
unlocked
last-modified
Sat, 17 Oct 2020 19:18:26 GMT
server
ECAcc (lhd/35F5)
etag
0x8D872D16C711C33
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
f09ca56f-401e-0009-0a04-cd07a7000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
jquery.1.11.min__yok_chwseypwbmuffnnaa2.js
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 		0
38 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/jquery.1.11.min__yok_chwseypwbmuffnnaa2.js
Requested by
Host: 1liveoutlook.vercel.app
URL: https://1liveoutlook.vercel.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (lhd/370F) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://1liveoutlook.vercel.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 18 Aug 2021 00:31:47 GMT
content-encoding
gzip
content-md5
rh/aFGJ6VR89aDdTZ7hodQ==
age
21854467
x-cache
HIT
content-length
38927
x-ms-lease-status
unlocked
last-modified
Thu, 22 Oct 2020 20:43:26 GMT
server
ECAcc (lhd/370F)
etag
0x8D876CB2080AB77
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
6867497b-f01e-0033-3b04-cdec9c000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
aad.login.min_ynywyfekfmsp3ljup2epra2.js
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 		0
43 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/aad.login.min_ynywyfekfmsp3ljup2epra2.js
Requested by
Host: 1liveoutlook.vercel.app
URL: https://1liveoutlook.vercel.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (lhd/35E4) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://1liveoutlook.vercel.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 18 Aug 2021 00:31:47 GMT
content-encoding
gzip
content-md5
7Zr/RHMNzHhijIc1jDYQ/w==
age
21854467
x-cache
HIT
content-length
44333
x-ms-lease-status
unlocked
last-modified
Thu, 22 Oct 2020 20:43:13 GMT
server
ECAcc (lhd/35E4)
etag
0x8D876CB187B0320
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
10626564-601e-005e-5604-cd5ce1000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
microsoft_logo_7zyesnzhfxur7eprws2m2q2.png
aadcdn.msftauth.net/ests/2.1/content/images/ 		1 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/images/microsoft_logo_7zyesnzhfxur7eprws2m2q2.png
Requested by
Host: 1liveoutlook.vercel.app
URL: https://1liveoutlook.vercel.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (lhd/35B3) /
Resource Hash
f664b8138c2da6ec7565500a7cc839da6372614a31dc04c5a2169a26b8d9767c

Request headers

Referer
https://1liveoutlook.vercel.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 18 Aug 2021 00:31:52 GMT
content-md5
7ZyesNzhfXUr7eprWs2m2Q==
age
67932
x-cache
HIT
content-length
1057
x-ms-lease-status
unlocked
last-modified
Fri, 02 Nov 2018 20:25:21 GMT
server
ECAcc (lhd/35B3)
etag
0x8D6410150617FD9
content-type
image/png
access-control-allow-origin
*
x-ms-request-id
8723df09-501e-0089-4f2a-93ffe2000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=604800
x-ms-version
2009-09-19
accept-ranges
bytes
work_account_gwpgszjrdzmg9t-etotdlg2.png
aadcdn.msftauth.net/ests/2.1/content/images/ 		1 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/images/work_account_gwpgszjrdzmg9t-etotdlg2.png
Requested by
Host: 1liveoutlook.vercel.app
URL: https://1liveoutlook.vercel.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (lhd/35FB) /
Resource Hash
9fc929be7892b2f4498627d22bc1b3990dc380efcfe40fe6c3cac2dea7565c8e

Request headers

Referer
https://1liveoutlook.vercel.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 18 Aug 2021 00:31:52 GMT
content-md5
GWPGsZJrdzmG9T+ETOTDLg==
age
59867
x-cache
HIT
content-length
1487
x-ms-lease-status
unlocked
last-modified
Fri, 02 Nov 2018 20:25:45 GMT
server
ECAcc (lhd/35FB)
etag
0x8D641015E39CEB4
content-type
image/png
access-control-allow-origin
*
x-ms-request-id
4e977aff-c01e-006e-093d-939d98000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=604800
x-ms-version
2009-09-19
accept-ranges
bytes
personal_account_d3k1lqya8k5_mmblgg85rq2.png
aadcdn.msftauth.net/ests/2.1/content/images/ 		1 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/images/personal_account_d3k1lqya8k5_mmblgg85rq2.png
Requested by
Host: 1liveoutlook.vercel.app
URL: https://1liveoutlook.vercel.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (lhd/35FE) /
Resource Hash
0b874f4ccfac9ff5264f1f7c29c4c016fde7e4e032512bac1bb43d145a44ea40

Request headers

Referer
https://1liveoutlook.vercel.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 18 Aug 2021 00:31:52 GMT
content-md5
D3K1lQYA8k5/mmBLGG85RQ==
age
59867
x-cache
HIT
content-length
1335
x-ms-lease-status
unlocked
last-modified
Fri, 02 Nov 2018 20:25:24 GMT
server
ECAcc (lhd/35FE)
etag
0x8D64101523A34D6
content-type
image/png
access-control-allow-origin
*
x-ms-request-id
fce98270-d01e-0000-5f3d-93de85000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=604800
x-ms-version
2009-09-19
accept-ranges
bytes
converged.v2.login.min_59_uuouser7hrkmvbaz1jw2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 		106 KB
19 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_59_uuouser7hrkmvbaz1jw2.css
Requested by
Host: 1liveoutlook.vercel.app
URL: https://1liveoutlook.vercel.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (lhd/35F5) /
Resource Hash
1e3dceb93e7c252036cfcded7e108e7e2473dae923a2401a84dd7925f5a9f0ad

Request headers

Referer
https://1liveoutlook.vercel.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 18 Aug 2021 00:31:52 GMT
content-encoding
gzip
content-md5
bjqCIB9rMEZAA8TrOKRGgQ==
age
21854481
x-cache
HIT
content-length
19771
x-ms-lease-status
unlocked
last-modified
Sat, 17 Oct 2020 19:18:26 GMT
server
ECAcc (lhd/35F5)
etag
0x8D872D16C711C33
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
f09ca56f-401e-0009-0a04-cd07a7000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
jquery.1.11.min__yok_chwseypwbmuffnnaa2.js
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 		109 KB
38 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/jquery.1.11.min__yok_chwseypwbmuffnnaa2.js
Requested by
Host: 1liveoutlook.vercel.app
URL: https://1liveoutlook.vercel.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (lhd/370F) /
Resource Hash
35cceb3348d8d50cb9d46478114cc11727f9b3e78b08fc7f07101aea4bad7d1c

Request headers

Referer
https://1liveoutlook.vercel.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 18 Aug 2021 00:31:52 GMT
content-encoding
gzip
content-md5
rh/aFGJ6VR89aDdTZ7hodQ==
age
21854472
x-cache
HIT
content-length
38927
x-ms-lease-status
unlocked
last-modified
Thu, 22 Oct 2020 20:43:26 GMT
server
ECAcc (lhd/370F)
etag
0x8D876CB2080AB77
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
6867497b-f01e-0033-3b04-cdec9c000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
aad.login.min_ynywyfekfmsp3ljup2epra2.js
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 		176 KB
43 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/aad.login.min_ynywyfekfmsp3ljup2epra2.js
Requested by
Host: 1liveoutlook.vercel.app
URL: https://1liveoutlook.vercel.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (lhd/35E4) /
Resource Hash
4a3c3d489ffcf962a1279ebe7e1ba3582e4debffdde6ef9a0ff2b4bd839a53b9

Request headers

Referer
https://1liveoutlook.vercel.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 18 Aug 2021 00:31:52 GMT
content-encoding
gzip
content-md5
7Zr/RHMNzHhijIc1jDYQ/w==
age
21854472
x-cache
HIT
content-length
44333
x-ms-lease-status
unlocked
last-modified
Thu, 22 Oct 2020 20:43:13 GMT
server
ECAcc (lhd/35E4)
etag
0x8D876CB187B0320
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
10626564-601e-005e-5604-cd5ce1000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

70 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| $Config object| $Debug object| $Do function| $Loader object| $WebWatson function| GetString function| GetErrorString function| GetUrl object| $B function| $ function| jQuery object| jQuery1112032205726281193514 object| MSLogin object| proxy object| ErrorCodes object| Constants object| Context object| Background object| Logo object| Instrument object| User object| tenant_info object| MSLogout object| ThirdPartyCookieStates object| PostType object| LoginOption object| TenantBranding object| users object| Tiles object| $Api object| EmailDiscovery object| Support object| Post object| StrongAuthCheck object| Util object| WindowsBrowserSso function| SetImageStatus function| ImageTimeout function| IframeTimeout function| MsaTimeout function| TryCompleteSignout function| CompleteSignout function| CompleteSignoutRender function| RenderSignoutSuccess function| RenderSignoutFailure function| WriteSignoutFailedCookie function| InitiatorRedirect object| imageStatusArray boolean| imageStatusTimeout object| updatedUsers number| msaSignoutStatus object| msaSignoutTimerId boolean| iframeStatusTimeout object| sendBtn object| email object| pass

3 Cookies

Domain/Path Name / Value
www.office.com/ Name: OH.FLID
Value: 4241bbf9-4b1d-4953-9e17-a153173492bb
www.office.com/ Name: OH.DCAffinity
Value: OH-weu
www.office.com/ Name: OH.SID
Value: 98f8a9f7-2b6e-4af1-9fb2-05ff198cd56b

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload