outlook-mail-25.azurewebsites.net Open in urlscan Pro
13.89.172.5 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://u15821084.ct.sendgrid.net/ls/click?upn=rSRwjz-2BEFahIMxv10h3JxHtqmu5dEw6nQlvaD02LzyX2kQ4f-2FkQmBPB8V2e4YuGgdlrOAAhq-2Fqihu...
Effective URL:
https://outlook-mail-25.azurewebsites.net/?email=brandee.martin@blockadvisors.com
Submission: On April 17 via manual (April 17th 2020, 7:55:38 pm UTC) from US

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 6 domains to perform 14 HTTP transactions. The main IP is 13.89.172.5, located in Des Moines, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is outlook-mail-25.azurewebsites.net.
TLS certificate: Issued by Microsoft IT TLS CA 5 on September 24th 2019. Valid for: 2 years.

This is the only time outlook-mail-25.azurewebsites.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 1	167.89.115.54 167.89.115.54	11377 (SENDGRID) (SENDGRID)
1 1	3.220.109.66 3.220.109.66	14618 (AMAZON-AES) (AMAZON-AES)
4	13.89.172.5 13.89.172.5	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4	151.101.112.193 151.101.112.193	54113 (FASTLY) (FASTLY)
4	152.199.23.37 152.199.23.37	15133 (EDGECAST) (EDGECAST)
2	2620:1ec:bdf::10 2620:1ec:bdf::10	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
14	4

1 167.89.115.54 (United States) 1 redirects

ASN11377 (SENDGRID, US)
PTR: o16789115x54.outbound-mail.sendgrid.net

u15821084.ct.sendgrid.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.220.109.66 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-220-109-66.compute-1.amazonaws.com

app.nutshell.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 13.89.172.5 (Des Moines, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

outlook-mail-25.azurewebsites.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.112.193 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

i.imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 152.199.23.37 (United States)

ASN15133 (EDGECAST, US)

aadcdn.msftauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:bdf::10 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

aadcdn.msauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	msftauth.net aadcdn.msftauth.net	2 KB
4	imgur.com i.imgur.com	278 KB
4	azurewebsites.net outlook-mail-25.azurewebsites.net	26 KB
2	msauth.net aadcdn.msauth.net	30 KB
1	nutshell.com 1 redirects app.nutshell.com	340 B
1	sendgrid.net 1 redirects u15821084.ct.sendgrid.net	319 B
14	6

	Domain	Requested by
4	aadcdn.msftauth.net	outlook-mail-25.azurewebsites.net
4	i.imgur.com	outlook-mail-25.azurewebsites.net
4	outlook-mail-25.azurewebsites.net	outlook-mail-25.azurewebsites.net
2	aadcdn.msauth.net	outlook-mail-25.azurewebsites.net
1	app.nutshell.com	1 redirects
1	u15821084.ct.sendgrid.net	1 redirects
14	6

This site contains no links.

Subject Issuer	Validity	Valid
*.azurewebsites.net Microsoft IT TLS CA 5	`2019-09-24` - `2021-09-24`	2 years	crt.sh
*.imgur.com DigiCert SHA2 Secure Server CA	`2020-01-15` - `2022-03-16`	2 years	crt.sh
aadcdn.msftauth.net Microsoft IT TLS CA 5	`2018-11-07` - `2020-11-07`	2 years	crt.sh
aadcdn.msauth.net Microsoft IT TLS CA 4	`2018-11-07` - `2020-11-07`	2 years	crt.sh

This page contains 2 frames:

Primary Page: https://outlook-mail-25.azurewebsites.net/?email=brandee.martin@blockadvisors.com
Frame ID: 32714CAF432046DB6F5D30ACA4319294
Requests: 13 HTTP requests in this frame

Frame: https://outlook-mail-25.azurewebsites.net/index_1.html
Frame ID: 7F95366CCE367296B02152924BC43D23
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://u15821084.ct.sendgrid.net/ls/click?upn=rSRwjz-2BEFahIMxv10h3JxHtqmu5dEw6nQlvaD02LzyX2kQ4f-2FkQmBPB8V2e... HTTP 302
https://app.nutshell.com/email/click/127951/318646/7864f69253b349ee20e3ac30ec52e1b9921643e72edb5b84d6... HTTP 302
https://outlook-mail-25.azurewebsites.net/?email=brandee.martin@blockadvisors.com Page URL

Detected technologies

Windows Server (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

IIS (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

14
Requests

100 %
HTTPS

17 %
IPv6

6
Domains

6
Subdomains

4
IPs

2
Countries

336 kB
Transfer

405 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://u15821084.ct.sendgrid.net/ls/click?upn=rSRwjz-2BEFahIMxv10h3JxHtqmu5dEw6nQlvaD02LzyX2kQ4f-2FkQmBPB8V2e4YuGgdlrOAAhq-2Fqihunysqqvp37zYcc9eR01AUcJD9pOQYIVRLcLOaEP7F1zrM9karBGQUROKKhnwHBz6pa6RT-2FiZm7QYx46t2CYY9y4DkMtQlW8-3DKlbd_IV4x5SShmRN3iVDkbvLI8PxqxtHnhJZFY9qWmDaMEAJD3UOSxOi0MEnKf-2BRTw8Xukrh8XdEkqazoOjFl2-2FPdx139Vu2dSKe5jej5gfwp5VQSlicAQ1Nu8tU4p0w2p5gzEQD8yFhvCg4lDuMTdaqzlmsWu2hg1lBZg597fxsWhbJGKZ8mDc4Q8Gc22hyJGxE-2FhQLXtSvcf9coZOiu90mPzPlDR9Y0w73pWnJWg-2BSBxhA-3D HTTP 302
https://app.nutshell.com/email/click/127951/318646/7864f69253b349ee20e3ac30ec52e1b9921643e72edb5b84d63860cac170d8fd HTTP 302
https://outlook-mail-25.azurewebsites.net/?email=brandee.martin@blockadvisors.com Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set / Show response outlook-mail-25.azurewebsites.net/ Redirect Chain http://u15821084.ct.sendgrid.net/ls/click?upn=rSRwjz-2BEFahIMxv10h3JxHtqmu5dEw6nQlvaD02LzyX2kQ4f-2FkQmBPB8V2e4YuGgdlrOAAhq-2Fqihunysqqvp37zYcc9eR01AUcJD9pOQYIVRLcLOaEP7F1zrM9karBGQUROKKhnwHBz6pa6RT... https://app.nutshell.com/email/click/127951/318646/7864f69253b349ee20e3ac30ec52e1b9921643e72edb5b84d63860cac170d8fd https://outlook-mail-25.azurewebsites.net/?email=brandee.martin@blockadvisors.com	26 KB 8 KB	638ms 146ms	Document text/html	13.89.172.5 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://outlook-mail-25.azurewebsites.net/?email=brandee.martin@blockadvisors.com Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 13.89.172.5 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/10.0 / ASP.NET Resource Hash `0d6264d8dd920f797b600878f7a964792a625b7574bf3765f165db373382436f` Request headers Host outlook-mail-25.azurewebsites.net Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Sec-Fetch-Dest document Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Content-Length 7327 Content-Type text/html Content-Encoding gzip Last-Modified Fri, 17 Apr 2020 18:22:54 GMT Accept-Ranges bytes ETag "053ff35e514d61:0" Vary Accept-Encoding Server Microsoft-IIS/10.0 X-Powered-By ASP.NET Set-Cookie ARRAffinity=95ba24f60242a899eb8a2c9caf13e3ff7d28b7efcb73a89e5909abb89b811d04;Path=/;HttpOnly;Domain=outlook-mail-25.azurewebsites.net Date Fri, 17 Apr 2020 19:55:21 GMT Redirect headers status 302 date Fri, 17 Apr 2020 19:55:20 GMT content-type text/html; charset=UTF-8 location https://outlook-mail-25.azurewebsites.net/?email=brandee.martin@blockadvisors.com server nginx/1.16.1 set-cookie PHPSESSID=pu2hop7vkgqdd05iiktle0bgd8; path=/; secure expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate pragma no-cache x-ua-compatible IE=Edge referrer-policy origin-when-cross-origin x-nutshell-app-version 3709
GET H/1.1	404 Not Found	jquery.js outlook-mail-25.azurewebsites.net/js/	0 0	263ms 130ms	Script text/html	13.89.172.5 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://outlook-mail-25.azurewebsites.net/js/jquery.js Requested by Host: outlook-mail-25.azurewebsites.net URL: https://outlook-mail-25.azurewebsites.net/?email=brandee.martin@blockadvisors.com Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 13.89.172.5 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/10.0 / ASP.NET Resource Hash Request headers Referer https://outlook-mail-25.azurewebsites.net/?email=brandee.martin@blockadvisors.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Fri, 17 Apr 2020 19:55:21 GMT Server Microsoft-IIS/10.0 X-Powered-By ASP.NET Content-Length 103 Content-Type text/html
GET H/1.1	200 OK	converged.v2.login.min_50vzauwvxyzipxbkbzkzpg2.css outlook-mail-25.azurewebsites.net/	99 KB 19 KB	128ms 128ms	Stylesheet text/css	13.89.172.5 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://outlook-mail-25.azurewebsites.net/converged.v2.login.min_50vzauwvxyzipxbkbzkzpg2.css Requested by Host: outlook-mail-25.azurewebsites.net URL: https://outlook-mail-25.azurewebsites.net/?email=brandee.martin@blockadvisors.com Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 13.89.172.5 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/10.0 / ASP.NET Resource Hash `c994b23755a95cd0a30063bb2f56037e5a121c3a7a6b15dd2f37a3a3f95ed931` Request headers Referer https://outlook-mail-25.azurewebsites.net/?email=brandee.martin@blockadvisors.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Fri, 17 Apr 2020 19:55:21 GMT Content-Encoding gzip ETag "80bc6635e514d61:0" Last-Modified Fri, 17 Apr 2020 18:22:53 GMT Server Microsoft-IIS/10.0 X-Powered-By ASP.NET Vary Accept-Encoding Content-Type text/css Accept-Ranges bytes Content-Length 18659
GET H2	200	mlOIhll.png i.imgur.com/	2 KB 2 KB	64ms 25ms	Image image/png	151.101.112.193 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://i.imgur.com/mlOIhll.png Requested by Host: outlook-mail-25.azurewebsites.net URL: https://outlook-mail-25.azurewebsites.net/?email=brandee.martin@blockadvisors.com Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US), Reverse DNS Software cat factory 1.0 / Resource Hash `b5d587f6c48a9b22bbe97150249e0c0655ac1780bd273431480a22f8a5bfef6c` Request headers Referer https://outlook-mail-25.azurewebsites.net/?email=brandee.martin@blockadvisors.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Fri, 17 Apr 2020 19:55:21 GMT age 779646 x-cache HIT, HIT status 200 content-length 1750 x-served-by cache-bwi5143-BWI, cache-hhn4023-HHN last-modified Sun, 15 Mar 2020 08:44:36 GMT server cat factory 1.0 x-timer S1587153321.491186,VS0,VE1 etag "533e293f0c8947ada653b47c00e394e2" access-control-allow-methods GET, OPTIONS content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes x-cache-hits 1, 1
GET H2	200	SxJRwP7.png i.imgur.com/	2 KB 2 KB	22ms 22ms	Image image/png	151.101.112.193 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://i.imgur.com/SxJRwP7.png Requested by Host: outlook-mail-25.azurewebsites.net URL: https://outlook-mail-25.azurewebsites.net/?email=brandee.martin@blockadvisors.com Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US), Reverse DNS Software cat factory 1.0 / Resource Hash `175986272200fb72da9a598d30016bbda9ddcaa9e6e3f07eb94bc74196d4b805` Request headers Referer https://outlook-mail-25.azurewebsites.net/?email=brandee.martin@blockadvisors.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Fri, 17 Apr 2020 19:55:21 GMT age 1210479 x-cache HIT, HIT status 200 content-length 1637 x-served-by cache-bwi5134-BWI, cache-hhn4023-HHN last-modified Sun, 15 Mar 2020 10:08:30 GMT server cat factory 1.0 x-timer S1587153322.516975,VS0,VE1 etag "ee236805d05e24861ce1b6b0e7d94b8d" access-control-allow-methods GET, OPTIONS content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes x-cache-hits 1, 1
GET H2	200	picker_account_aad_9de70d1c5191d1852a0d5aac28b44a6c.svg aadcdn.msftauth.net/ests/2.1/content/images/	756 B 786 B	58ms 15ms	Image image/svg+xml	152.199.23.37 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://aadcdn.msftauth.net/ests/2.1/content/images/picker_account_aad_9de70d1c5191d1852a0d5aac28b44a6c.svg Requested by Host: outlook-mail-25.azurewebsites.net URL: https://outlook-mail-25.azurewebsites.net/?email=brandee.martin@blockadvisors.com Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.199.23.37 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (ama/8ACF) / Resource Hash `5d3357bd875b7335ace42e8ee3a64578e4253bed1a4e279109de403eedae3a69` Request headers Referer https://outlook-mail-25.azurewebsites.net/?email=brandee.martin@blockadvisors.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Fri, 17 Apr 2020 19:55:21 GMT content-encoding gzip content-md5 Sm6wIsHj8wthIZkm/aQWhA== age 354112 x-cache HIT status 200 content-length 394 x-ms-lease-status unlocked last-modified Fri, 02 Nov 2018 20:25:26 GMT server ECAcc (ama/8ACF) etag 0x8D64101535909BA vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * x-ms-request-id 94b313be-401e-000f-02b9-11e166000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding cache-control public, max-age=604800 x-ms-version 2009-09-19 accept-ranges bytes
GET H2	200	picker_more_7568a43cf440757c55d2e7f51557ae1f.svg aadcdn.msftauth.net/ests/2.1/content/images/	899 B 408 B	20ms 18ms	Image image/svg+xml	152.199.23.37 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://aadcdn.msftauth.net/ests/2.1/content/images/picker_more_7568a43cf440757c55d2e7f51557ae1f.svg Requested by Host: outlook-mail-25.azurewebsites.net URL: https://outlook-mail-25.azurewebsites.net/?email=brandee.martin@blockadvisors.com Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.199.23.37 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (ama/8B4F) / Resource Hash `b7fcd37eaafe3f08647ed072d5289eadfff6c660a26cdef31532b3fcfb4a0bb2` Request headers Referer https://outlook-mail-25.azurewebsites.net/?email=brandee.martin@blockadvisors.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Fri, 17 Apr 2020 19:55:21 GMT content-encoding gzip content-md5 K28EA/F25txr6jQahXym+g== age 419412 x-cache HIT status 200 content-length 257 x-ms-lease-status unlocked last-modified Fri, 02 Nov 2018 20:25:30 GMT server ECAcc (ama/8B4F) etag 0x8D641015563B044 vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * x-ms-request-id 90dc14cb-801e-006c-1c21-1190f5000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding cache-control public, max-age=604800 x-ms-version 2009-09-19 accept-ranges bytes
GET H2	200	picker_account_add_56e73414003cdb676008ff7857343074.svg aadcdn.msftauth.net/ests/2.1/content/images/	222 B 334 B	16ms 15ms	Image image/svg+xml	152.199.23.37 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://aadcdn.msftauth.net/ests/2.1/content/images/picker_account_add_56e73414003cdb676008ff7857343074.svg Requested by Host: outlook-mail-25.azurewebsites.net URL: https://outlook-mail-25.azurewebsites.net/?email=brandee.martin@blockadvisors.com Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.199.23.37 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (ama/8B21) / Resource Hash `749f85621d92a5b31b2a377a8c385a36d48a83327dad9a8a8da93cd831b8c9a2` Request headers Referer https://outlook-mail-25.azurewebsites.net/?email=brandee.martin@blockadvisors.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Fri, 17 Apr 2020 19:55:21 GMT content-encoding gzip content-md5 ykuOnMaTo0vw2Gx/ZceiPg== age 421727 x-cache HIT status 200 content-length 184 x-ms-lease-status unlocked last-modified Fri, 02 Nov 2018 20:25:27 GMT server ECAcc (ama/8B21) etag 0x8D6410153A20B4B vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * x-ms-request-id 41e4ce4a-b01e-0053-101c-116e6f000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding cache-control public, max-age=604800 x-ms-version 2009-09-19 accept-ranges bytes
GET H2	200	ellipsis_white_5ac590ee72bfe06a7cecfd75b588ad73.svg aadcdn.msftauth.net/ests/2.1/content/images/	915 B 414 B	16ms 15ms	Image image/svg+xml	152.199.23.37 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_white_5ac590ee72bfe06a7cecfd75b588ad73.svg Requested by Host: outlook-mail-25.azurewebsites.net URL: https://outlook-mail-25.azurewebsites.net/?email=brandee.martin@blockadvisors.com Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.199.23.37 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (ama/8B32) / Resource Hash `6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea` Request headers Referer https://outlook-mail-25.azurewebsites.net/?email=brandee.martin@blockadvisors.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Fri, 17 Apr 2020 19:55:21 GMT content-encoding gzip content-md5 HMwsHhNXdtrfirQDkzcqMA== age 569135 x-cache HIT status 200 content-length 263 x-ms-lease-status unlocked last-modified Fri, 02 Nov 2018 20:25:15 GMT server ECAcc (ama/8B32) etag 0x8D641014CC1CD9F vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * x-ms-request-id 8c4a7ef3-301e-0032-5fc5-0f1291000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding cache-control public, max-age=604800 x-ms-version 2009-09-19 accept-ranges bytes
GET H2	200	converged.v2.login.min_50vzauwvxyzipxbkbzkzpg2.css aadcdn.msauth.net/ests/2.1/content/cdnbundles/	0 19 KB	215ms 168ms	Other text/css	2620:1ec:bdf::10 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_50vzauwvxyzipxbkbzkzpg2.css Requested by Host: outlook-mail-25.azurewebsites.net URL: https://outlook-mail-25.azurewebsites.net/?email=brandee.martin@blockadvisors.com Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:bdf::10 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer https://outlook-mail-25.azurewebsites.net/?email=brandee.martin@blockadvisors.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Fri, 17 Apr 2020 19:55:21 GMT content-encoding gzip x-azure-ref-originshield 0qQmaXgAAAAAg6tS1T+4eRLPi+pn0EG39QU1TRURHRTA2MjAAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2 content-md5 xlNGh4B09W+8khn0UZpq9w== x-cache TCP_REMOTE_HIT status 200 content-length 18714 x-ms-lease-status unlocked last-modified Wed, 18 Dec 2019 23:55:10 GMT server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 etag 0x8D78415B7CDD900 x-azure-ref 0qQmaXgAAAAAF+NlT6SdUQ6/1BMrk9x/eRlJBRURHRTEwMTcAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2 content-type text/css access-control-allow-origin * x-ms-request-id caccca3e-701e-0020-2b10-10a640000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19
GET H2	200	ux.converged.login.strings-en.min_k0kzc1t8sf_bjqqlvfbktq2.js aadcdn.msauth.net/ests/2.1/content/cdnbundles/	0 12 KB	69ms 23ms	Other application/x-javascript	2620:1ec:bdf::10 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_k0kzc1t8sf_bjqqlvfbktq2.js Requested by Host: outlook-mail-25.azurewebsites.net URL: https://outlook-mail-25.azurewebsites.net/?email=brandee.martin@blockadvisors.com Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:bdf::10 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer https://outlook-mail-25.azurewebsites.net/?email=brandee.martin@blockadvisors.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Fri, 17 Apr 2020 19:55:21 GMT content-encoding gzip x-azure-ref-originshield 0qQmaXgAAAACSgnnQU8BbRIT8qGcNWRo/QU1TRURHRTA1MTIAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2 content-md5 KwZTGnzGFnHpGxnzY7eEKQ== x-cache TCP_REMOTE_HIT status 200 content-length 11138 x-ms-lease-status unlocked last-modified Fri, 10 Jan 2020 00:48:56 GMT server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 etag 0x8D79566DF8BE7E3 x-azure-ref 0qQmaXgAAAABxRYr8wTlhSqQOKrnJHBWpRlJBRURHRTEwMTcAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2 content-type application/x-javascript access-control-allow-origin * x-ms-request-id 7fcb78f1-a01e-0019-737a-14f442000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19
GET H2	200	hVEHZRR.jpg i.imgur.com/	602 B 756 B	22ms 22ms	Image image/jpeg	151.101.112.193 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://i.imgur.com/hVEHZRR.jpg Requested by Host: outlook-mail-25.azurewebsites.net URL: https://outlook-mail-25.azurewebsites.net/?email=brandee.martin@blockadvisors.com Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US), Reverse DNS Software cat factory 1.0 / Resource Hash `ecc685ca21e268a74a0aad4ae1bf40cd2869bd092cbd0b8cd8945f113bebd92d` Request headers Referer https://outlook-mail-25.azurewebsites.net/?email=brandee.martin@blockadvisors.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Fri, 17 Apr 2020 19:55:21 GMT age 316640 x-cache HIT, HIT status 200 content-length 602 x-served-by cache-bwi5138-BWI, cache-hhn4023-HHN last-modified Sun, 15 Mar 2020 08:42:00 GMT server cat factory 1.0 x-timer S1587153322.588062,VS0,VE1 etag "2bea3e2a74cc42cd62050d353b51b0f8" access-control-allow-methods GET, OPTIONS content-type image/jpeg access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes x-cache-hits 1, 1
GET H2	200	dAoJOh5.jpg i.imgur.com/	273 KB 274 KB	23ms 22ms	Image image/jpeg	151.101.112.193 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://i.imgur.com/dAoJOh5.jpg Requested by Host: outlook-mail-25.azurewebsites.net URL: https://outlook-mail-25.azurewebsites.net/?email=brandee.martin@blockadvisors.com Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US), Reverse DNS Software cat factory 1.0 / Resource Hash `e3e1a3fdc2a06f30e03ee7c32ff1bc243c74fb7e5baa0f826f68fcb927a782a4` Request headers Referer https://outlook-mail-25.azurewebsites.net/?email=brandee.martin@blockadvisors.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Fri, 17 Apr 2020 19:55:21 GMT age 315460 x-cache HIT, HIT status 200 content-length 279839 x-served-by cache-bwi5145-BWI, cache-hhn4023-HHN last-modified Sun, 15 Mar 2020 08:32:36 GMT server cat factory 1.0 x-timer S1587153322.588033,VS0,VE2 etag "3fc2cc6cda0918247d338d965387f330" access-control-allow-methods GET, OPTIONS content-type image/jpeg access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes x-cache-hits 1, 1
GET H/1.1	404 Not Found	index_1.html Show response outlook-mail-25.azurewebsites.net/ Frame 7F95	103 B 263 B	130ms 130ms	Document text/html	13.89.172.5 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://outlook-mail-25.azurewebsites.net/index_1.html Requested by Host: outlook-mail-25.azurewebsites.net URL: https://outlook-mail-25.azurewebsites.net/?email=brandee.martin@blockadvisors.com Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 13.89.172.5 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/10.0 / ASP.NET Resource Hash `90b2d35cd5e08370ed20db81197dd9da1a4dbb421f71293fd5733ea49eb7b3e1` Request headers Host outlook-mail-25.azurewebsites.net Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site same-origin Sec-Fetch-Mode navigate Sec-Fetch-Dest iframe Referer https://outlook-mail-25.azurewebsites.net/?email=brandee.martin@blockadvisors.com Accept-Encoding gzip, deflate, br Accept-Language en-US Cookie ARRAffinity=95ba24f60242a899eb8a2c9caf13e3ff7d28b7efcb73a89e5909abb89b811d04 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer https://outlook-mail-25.azurewebsites.net/?email=brandee.martin@blockadvisors.com Response headers Content-Length 103 Content-Type text/html Server Microsoft-IIS/10.0 X-Powered-By ASP.NET Date Fri, 17 Apr 2020 19:55:21 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| getQueryString function| index5function

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.outlook-mail-25.azurewebsites.net/	1969-12-31 23:59:59	Name: ARRAffinity Value: 95ba24f60242a899eb8a2c9caf13e3ff7d28b7efcb73a89e5909abb89b811d04

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aadcdn.msauth.net
aadcdn.msftauth.net
app.nutshell.com
i.imgur.com
outlook-mail-25.azurewebsites.net
u15821084.ct.sendgrid.net
13.89.172.5
151.101.112.193
152.199.23.37
167.89.115.54
2620:1ec:bdf::10
3.220.109.66
0d6264d8dd920f797b600878f7a964792a625b7574bf3765f165db373382436f
175986272200fb72da9a598d30016bbda9ddcaa9e6e3f07eb94bc74196d4b805
5d3357bd875b7335ace42e8ee3a64578e4253bed1a4e279109de403eedae3a69
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea
749f85621d92a5b31b2a377a8c385a36d48a83327dad9a8a8da93cd831b8c9a2
90b2d35cd5e08370ed20db81197dd9da1a4dbb421f71293fd5733ea49eb7b3e1
b5d587f6c48a9b22bbe97150249e0c0655ac1780bd273431480a22f8a5bfef6c
b7fcd37eaafe3f08647ed072d5289eadfff6c660a26cdef31532b3fcfb4a0bb2
c994b23755a95cd0a30063bb2f56037e5a121c3a7a6b15dd2f37a3a3f95ed931
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3e1a3fdc2a06f30e03ee7c32ff1bc243c74fb7e5baa0f826f68fcb927a782a4
ecc685ca21e268a74a0aad4ae1bf40cd2869bd092cbd0b8cd8945f113bebd92d

outlook-mail-25.azurewebsites.net Open in urlscan Pro 13.89.172.5 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

100 %HTTPS

17 %IPv6

6 Domains

6 Subdomains

4 IPs

2 Countries

336 kBTransfer

405 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

1 Cookies

Indicators

outlook-mail-25.azurewebsites.net Open in urlscan Pro
13.89.172.5 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

17 %
IPv6

6
Domains

6
Subdomains

4
IPs

2
Countries

336 kB
Transfer

405 kB
Size

1
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!