urlscan.io logo urlscan.io
SecurityTrails logo

webmail.intl.hoganlovells.com Open in urlscan Pro
193.104.164.40  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://webmail.intl.hoganlovells.com/my.policy
Effective URL: https://webmail.intl.hoganlovells.com/my.logout.php3?errorcode=19
Submission: On December 20 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 193.104.164.40, located in United Kingdom and belongs to ZAYO-6461 - Zayo Bandwidth, US. The main domain is webmail.intl.hoganlovells.com.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on March 27th 2019. Valid for: 2 years.
This is the only time webmail.intl.hoganlovells.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Outlook Web Access (Online)

Domain & IP information

IP Address AS Autonomous System
1 11 193.104.164.40 6461 (ZAYO-6461)
10 1
Apex Domain
Subdomains		 Transfer
11 hoganlovells.com
webmail.intl.hoganlovells.com
27 KB
10 1
Domain Requested by
11 webmail.intl.hoganlovells.com 1 redirects webmail.intl.hoganlovells.com
10 1

This site contains no links.

Subject Issuer Validity Valid
webmail.intl.hoganlovells.com
DigiCert SHA2 Secure Server CA		 2019-03-27 -
2021-03-31		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://webmail.intl.hoganlovells.com/my.logout.php3?errorcode=19
Frame ID: 82C8344692CF930C09B28F9442DD0693
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://webmail.intl.hoganlovells.com/my.policy HTTP 302
    https://webmail.intl.hoganlovells.com/my.logout.php3?errorcode=19 Page URL

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

27 kB
Transfer

33 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://webmail.intl.hoganlovells.com/my.policy HTTP 302
    https://webmail.intl.hoganlovells.com/my.logout.php3?errorcode=19 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set my.logout.php3
webmail.intl.hoganlovells.com/
Redirect Chain
  • https://webmail.intl.hoganlovells.com/my.policy
  • https://webmail.intl.hoganlovells.com/my.logout.php3?errorcode=19
16 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://webmail.intl.hoganlovells.com/my.logout.php3?errorcode=19
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.104.164.40 , United Kingdom, ASN6461 (ZAYO-6461 - Zayo Bandwidth, US),
Reverse DNS
Software
HLINT /
Resource Hash
7c2c9ae72e0335ecc949d8c5859bbcd3917b58b957be9ceeb7a22eaf8a0ba8b7
Security Headers
Name Value
Strict-Transport-Security
X-Frame-Options DENY

Request headers

Host
webmail.intl.hoganlovells.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-User
?1
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Accept-Encoding
gzip, deflate, br
Cookie
LastMRH_Session=; MRHSession=
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-User
?1

Response headers

Server
HLINT
Content-Type
text/html; charset=utf-8
Accept-Ranges
bytes
Connection
Keep-Alive
Date
Fri, 20 Dec 2019 04:22:51 GMT
Age
11549
Content-Length
5937
X-Frame-Options
DENY
Set-Cookie
MRHSession=deleted;expires=Thu, 01-Jan-1970 00:00:01 GMT;path=/ F5_ST=deleted;expires=Thu, 01-Jan-1970 00:00:01 GMT;path=/ MRHSHint=deleted;expires=Thu, 01-Jan-1970 00:00:01 GMT;path=/ F5_HT_shrinked=deleted;expires=Thu, 01-Jan-1970 00:00:01 GMT;path=/ F5_fullWT=deleted;expires=Thu, 01-Jan-1970 00:00:01 GMT;path=/ MRHSequence=deleted;expires=Thu, 01-Jan-1970 00:00:01 GMT;path=/
Pragma
no-cache
Cache-Control
no-cache, must-revalidate
Vary
Accept-Encoding
Content-Encoding
gzip
Strict-Transport-Security

Redirect headers

Server
HLINT
Cache-Control
no-cache, no-store
Connection
Close
Content-Length
0
Location
/my.logout.php3?errorcode=19
Set-Cookie
LastMRH_Session=;path=/;secure MRHSession=;path=/;secure
image00_en.gif
webmail.intl.hoganlovells.com/public/images/customization/Common/lon_exchange_live_ext_logout/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://webmail.intl.hoganlovells.com/public/images/customization/Common/lon_exchange_live_ext_logout/image00_en.gif
Requested by
Host: webmail.intl.hoganlovells.com
URL: https://webmail.intl.hoganlovells.com/my.logout.php3?errorcode=19
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.104.164.40 , United Kingdom, ASN6461 (ZAYO-6461 - Zayo Bandwidth, US),
Reverse DNS
Software
HLINT /
Resource Hash
b478b93f8f9a262321211d8ce812cdd6accdfb4ede6e0230ccf44e77ad161f97
Security Headers
Name Value
Strict-Transport-Security
X-Frame-Options DENY

Request headers

Referer
https://webmail.intl.hoganlovells.com/my.logout.php3?errorcode=19
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 20 Dec 2019 04:22:51 GMT
Last-Modified
Sat, 17 Nov 2018 00:30:27 GMT
Server
HLINT
Age
31315
ETag
"181ab-1167-57ad163f04ec0"
X-Frame-Options
DENY
Content-Type
image/gif
Connection
Keep-Alive
Strict-Transport-Security
Accept-Ranges
bytes
Content-Length
4455
image01_en.gif
webmail.intl.hoganlovells.com/public/images/customization/Common/lon_exchange_live_ext_logout/ 		581 B
919 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://webmail.intl.hoganlovells.com/public/images/customization/Common/lon_exchange_live_ext_logout/image01_en.gif
Requested by
Host: webmail.intl.hoganlovells.com
URL: https://webmail.intl.hoganlovells.com/my.logout.php3?errorcode=19
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.104.164.40 , United Kingdom, ASN6461 (ZAYO-6461 - Zayo Bandwidth, US),
Reverse DNS
Software
HLINT /
Resource Hash
f27d451896ac6a8b768361e3f07c2adf1ee7ae6bcb92ac6d0bda7fb5cf915301
Security Headers
Name Value
Strict-Transport-Security
X-Frame-Options DENY

Request headers

Referer
https://webmail.intl.hoganlovells.com/my.logout.php3?errorcode=19
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 20 Dec 2019 04:22:51 GMT
Last-Modified
Sat, 17 Nov 2018 00:30:27 GMT
Server
HLINT
Age
78494
X-Frame-Options
DENY
ETag
"181ae-245-57ad163f04ec0"
Vary
Accept-Encoding
Content-Type
image/gif
Connection
Keep-Alive
Strict-Transport-Security
Accept-Ranges
bytes
Content-Length
581
tr.gif
webmail.intl.hoganlovells.com/public/images/my/ 		43 B
426 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://webmail.intl.hoganlovells.com/public/images/my/tr.gif
Requested by
Host: webmail.intl.hoganlovells.com
URL: https://webmail.intl.hoganlovells.com/my.logout.php3?errorcode=19
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.104.164.40 , United Kingdom, ASN6461 (ZAYO-6461 - Zayo Bandwidth, US),
Reverse DNS
Software
HLINT /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
Security Headers
Name Value
Strict-Transport-Security
X-Frame-Options DENY

Request headers

Referer
https://webmail.intl.hoganlovells.com/my.logout.php3?errorcode=19
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 20 Dec 2019 04:22:51 GMT
Last-Modified
Sat, 10 Mar 2007 05:11:20 GMT
Server
HLINT
Age
1961
X-Frame-Options
DENY
ETag
"18093-2b-42b4b92116e00"
Vary
Accept-Encoding
Connection
Keep-Alive
Content-Type
image/gif
Cache-Control
max-age=3600, must-revalidate
Strict-Transport-Security
Accept-Ranges
bytes
Content-Length
43
image02_en.gif
webmail.intl.hoganlovells.com/public/images/customization/Common/lon_exchange_live_ext_logout/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://webmail.intl.hoganlovells.com/public/images/customization/Common/lon_exchange_live_ext_logout/image02_en.gif
Requested by
Host: webmail.intl.hoganlovells.com
URL: https://webmail.intl.hoganlovells.com/my.logout.php3?errorcode=19
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.104.164.40 , United Kingdom, ASN6461 (ZAYO-6461 - Zayo Bandwidth, US),
Reverse DNS
Software
HLINT /
Resource Hash
0e2cda541bf24815df2facd5729d44b70ef4e4bdd160169295944aefc9e51b0b
Security Headers
Name Value
Strict-Transport-Security
X-Frame-Options DENY

Request headers

Referer
https://webmail.intl.hoganlovells.com/my.logout.php3?errorcode=19
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 20 Dec 2019 04:22:51 GMT
Last-Modified
Sat, 17 Nov 2018 00:30:27 GMT
Server
HLINT
Age
73753
ETag
"181a6-245f-57ad163f04ec0"
X-Frame-Options
DENY
Content-Type
image/gif
Connection
Keep-Alive
Strict-Transport-Security
Accept-Ranges
bytes
Content-Length
9311
image03_en.gif
webmail.intl.hoganlovells.com/public/images/customization/Common/lon_exchange_live_ext_logout/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://webmail.intl.hoganlovells.com/public/images/customization/Common/lon_exchange_live_ext_logout/image03_en.gif
Requested by
Host: webmail.intl.hoganlovells.com
URL: https://webmail.intl.hoganlovells.com/my.logout.php3?errorcode=19
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.104.164.40 , United Kingdom, ASN6461 (ZAYO-6461 - Zayo Bandwidth, US),
Reverse DNS
Software
HLINT /
Resource Hash
97305ffb8ff74176df42bcd213e7cdfd7679630e19911a2db7b399c7960aec3e
Security Headers
Name Value
Strict-Transport-Security
X-Frame-Options DENY

Request headers

Referer
https://webmail.intl.hoganlovells.com/my.logout.php3?errorcode=19
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 20 Dec 2019 04:22:51 GMT
Last-Modified
Sat, 17 Nov 2018 00:30:27 GMT
Server
HLINT
Age
10355
ETag
"181a8-958-57ad163f04ec0"
X-Frame-Options
DENY
Content-Type
image/gif
Connection
Keep-Alive
Strict-Transport-Security
Accept-Ranges
bytes
Content-Length
2392
image07_en.gif
webmail.intl.hoganlovells.com/public/images/customization/Common/lon_exchange_live_ext_logout/ 		58 B
395 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://webmail.intl.hoganlovells.com/public/images/customization/Common/lon_exchange_live_ext_logout/image07_en.gif
Requested by
Host: webmail.intl.hoganlovells.com
URL: https://webmail.intl.hoganlovells.com/my.logout.php3?errorcode=19
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.104.164.40 , United Kingdom, ASN6461 (ZAYO-6461 - Zayo Bandwidth, US),
Reverse DNS
Software
HLINT /
Resource Hash
9d894a6800fd18d20423c66066097b9653be9eb3796f6a0e216dca220c45d6d6
Security Headers
Name Value
Strict-Transport-Security
X-Frame-Options DENY

Request headers

Referer
https://webmail.intl.hoganlovells.com/my.logout.php3?errorcode=19
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 20 Dec 2019 04:22:51 GMT
Last-Modified
Sat, 17 Nov 2018 00:30:27 GMT
Server
HLINT
Age
73753
X-Frame-Options
DENY
ETag
"181ad-3a-57ad163f04ec0"
Vary
Accept-Encoding
Content-Type
image/gif
Connection
Keep-Alive
Strict-Transport-Security
Accept-Ranges
bytes
Content-Length
58
image04_en.gif
webmail.intl.hoganlovells.com/public/images/customization/Common/lon_exchange_live_ext_logout/ 		290 B
628 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://webmail.intl.hoganlovells.com/public/images/customization/Common/lon_exchange_live_ext_logout/image04_en.gif
Requested by
Host: webmail.intl.hoganlovells.com
URL: https://webmail.intl.hoganlovells.com/my.logout.php3?errorcode=19
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.104.164.40 , United Kingdom, ASN6461 (ZAYO-6461 - Zayo Bandwidth, US),
Reverse DNS
Software
HLINT /
Resource Hash
96a4b86c4a5ff1f1aa67c52287be64ebd51598d32cbd1249351e462cae549185
Security Headers
Name Value
Strict-Transport-Security
X-Frame-Options DENY

Request headers

Referer
https://webmail.intl.hoganlovells.com/my.logout.php3?errorcode=19
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 20 Dec 2019 04:22:51 GMT
Last-Modified
Sat, 17 Nov 2018 00:30:27 GMT
Server
HLINT
Age
73753
X-Frame-Options
DENY
ETag
"181a9-122-57ad163f04ec0"
Vary
Accept-Encoding
Content-Type
image/gif
Connection
Keep-Alive
Strict-Transport-Security
Accept-Ranges
bytes
Content-Length
290
image05_en.gif
webmail.intl.hoganlovells.com/public/images/customization/Common/lon_exchange_live_ext_logout/ 		306 B
644 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://webmail.intl.hoganlovells.com/public/images/customization/Common/lon_exchange_live_ext_logout/image05_en.gif
Requested by
Host: webmail.intl.hoganlovells.com
URL: https://webmail.intl.hoganlovells.com/my.logout.php3?errorcode=19
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.104.164.40 , United Kingdom, ASN6461 (ZAYO-6461 - Zayo Bandwidth, US),
Reverse DNS
Software
HLINT /
Resource Hash
a9626d4f60b20f2da50f763f20d891a70625dde0dba68116896026c400b8b775
Security Headers
Name Value
Strict-Transport-Security
X-Frame-Options DENY

Request headers

Referer
https://webmail.intl.hoganlovells.com/my.logout.php3?errorcode=19
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 20 Dec 2019 04:22:51 GMT
Last-Modified
Sat, 17 Nov 2018 00:30:27 GMT
Server
HLINT
Age
73753
X-Frame-Options
DENY
ETag
"181aa-132-57ad163f04ec0"
Vary
Accept-Encoding
Content-Type
image/gif
Connection
Keep-Alive
Strict-Transport-Security
Accept-Ranges
bytes
Content-Length
306
image08_en.gif
webmail.intl.hoganlovells.com/public/images/customization/Common/lon_exchange_live_ext_logout/ 		276 B
614 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://webmail.intl.hoganlovells.com/public/images/customization/Common/lon_exchange_live_ext_logout/image08_en.gif
Requested by
Host: webmail.intl.hoganlovells.com
URL: https://webmail.intl.hoganlovells.com/my.logout.php3?errorcode=19
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.104.164.40 , United Kingdom, ASN6461 (ZAYO-6461 - Zayo Bandwidth, US),
Reverse DNS
Software
HLINT /
Resource Hash
6097839fd066f359bbe21fb228714cd33385a6995a060eaa504ee190e3c1178a
Security Headers
Name Value
Strict-Transport-Security
X-Frame-Options DENY

Request headers

Referer
https://webmail.intl.hoganlovells.com/my.logout.php3?errorcode=19
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 20 Dec 2019 04:22:51 GMT
Last-Modified
Sat, 17 Nov 2018 00:30:27 GMT
Server
HLINT
Age
73753
X-Frame-Options
DENY
ETag
"181a7-114-57ad163f04ec0"
Vary
Accept-Encoding
Content-Type
image/gif
Connection
Keep-Alive
Strict-Transport-Security
Accept-Ranges
bytes
Content-Length
276

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Outlook Web Access (Online)

24 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| initLogon function| redir function| shw function| hd function| clkExp function| clkSec function| clkBsc function| clkLgn function| clkRtry function| clkReLgn function| gbid function| IsOwaPremiumBrowser function| hres function| LogoffMime function| addPerfMarker function| F5_include_JS undefined| f5VirtualKeyboardMove undefined| f5VirtualKeyboardForceBlur undefined| f5VirtualKeyboardMessageText undefined| f5VirtualKeyboardHideText undefined| VirtualKeyboard_CustomizedMessageTextGet undefined| VirtualKeyboard_CustomizedHideTextGet

1 Cookies

Domain/Path Name / Value
webmail.intl.hoganlovells.com/ Name: LastMRH_Session
Value:

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security
X-Frame-Options DENY