signup.live.com.office.flagstarbancorp.myshn.net
Open in
urlscan Pro
54.183.76.102
Malicious Activity!
Public Scan
Effective URL: https://signup.live.com.office.flagstarbancorp.myshn.net/signup?amp%3bcontextid=C937CE96B0869538&%3bcontextid=C937CE96B0869538&%3bbk=1598527200&...
Submission: On September 27 via automatic, source openphish
Summary
TLS certificate: Issued by GlobalSign RSA OV SSL CA 2018 on January 16th 2020. Valid for: a year.
This is the only time signup.live.com.office.flagstarbancorp.myshn.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 10 | 54.183.76.102 54.183.76.102 | 16509 (AMAZON-02) (AMAZON-02) | |
1 16 | 52.52.9.238 52.52.9.238 | 16509 (AMAZON-02) (AMAZON-02) | |
23 | 2 |
ASN16509 (AMAZON-02, US)
PTR: ec2-54-183-76-102.us-west-1.compute.amazonaws.com
signup.live.com.office.flagstarbancorp.myshn.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-52-9-238.us-west-1.compute.amazonaws.com
Domain | Requested by | |
---|---|---|
10 | acctcdn.msauth.net.office.flagstarbancorp.myshn.net |
signup.live.com.office.flagstarbancorp.myshn.net
|
10 | signup.live.com.office.flagstarbancorp.myshn.net |
2 redirects
signup.live.com.office.flagstarbancorp.myshn.net
|
3 | uhf.microsoft.com.office.flagstarbancorp.myshn.net |
signup.live.com.office.flagstarbancorp.myshn.net
|
1 | acctcdnmsftuswe2.azureedge.net.office.flagstarbancorp.myshn.net |
signup.live.com.office.flagstarbancorp.myshn.net
|
1 | acctcdn.msftauth.net.office.flagstarbancorp.myshn.net |
signup.live.com.office.flagstarbancorp.myshn.net
|
1 | login.live.com.office.flagstarbancorp.myshn.net | 1 redirects |
23 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
go.microsoft.com.office.flagstarbancorp.myshn.net |
login.live.com.office.flagstarbancorp.myshn.net |
www.microsoft.com.office.flagstarbancorp.myshn.net |
Subject Issuer | Validity | Valid | |
---|---|---|---|
office.flagstarbancorp.myshn.net GlobalSign RSA OV SSL CA 2018 |
2020-01-16 - 2021-01-16 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://signup.live.com.office.flagstarbancorp.myshn.net/signup?amp%3bcontextid=C937CE96B0869538&%3bcontextid=C937CE96B0869538&%3bbk=1598527200&%3bbk=1598527200&%3bru=https%3a%2f%2flogin.live.com.office.flagstarbancorp.myshn.net%2flogin.srf%3famp%3bmkt%3dEN-US&%3bmkt=EN-US&%3blc=1033&%3blc=1033&%3buaid=e22db69c379149a08284cb2707a0c3f1&%3buaid=e22db69c379149a08284cb2707a0c3f1&%3buiflavor=web&%3blic=1&lic=1&uaid=97295da96d5841699b436dc6758214a4
Frame ID: AD96414244791341207A85C5F53C6A2B
Requests: 23 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://signup.live.com.office.flagstarbancorp.myshn.net/signup?f=9&contextid=C937CE96B0869538&bk=1598527200&ru=https://l...
HTTP 302
https://signup.live.com.office.flagstarbancorp.myshn.net/signup?amp;contextid=C937CE96B0869538&contextid=C937CE96B0869538&bk=... HTTP 302
https://login.live.com.office.flagstarbancorp.myshn.net/login.srf?wa=wsignin1.0&rpsnv=13&checkda=1&ct=1601176329&rver=7.3.6960.0&wp=... HTTP 302
https://signup.live.com.office.flagstarbancorp.myshn.net/signup?amp%3bcontextid=C937CE96B0869538&%3bcontextid=C937CE96B0869538&... Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
Title: Learn more
Search URL Search Domain Scan URL
Title: Use another account
Search URL Search Domain Scan URL
Title: Terms of Use
Search URL Search Domain Scan URL
Title: Privacy & Cookies
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://signup.live.com.office.flagstarbancorp.myshn.net/signup?f=9&contextid=C937CE96B0869538&bk=1598527200&ru=https://login.live.com.office.flagstarbancorp.myshn.net/login.srf?f=9&contextid=C937CE96B0869538&mkt=EN-US&lc=1033&bk=1598527200&uaid=e22db69c379149a08284cb2707a0c3f1&uiflavor=web&lic=1&mkt=EN-US&lc=1033&uaid=e22db69c379149a08284cb2707a0c3f1
HTTP 302
https://signup.live.com.office.flagstarbancorp.myshn.net/signup?amp;contextid=C937CE96B0869538&contextid=C937CE96B0869538&bk=1598527200&bk=1598527200&ru=https://login.live.com.office.flagstarbancorp.myshn.net/login.srf?amp;mkt=EN-US&mkt=EN-US&lc=1033&lc=1033&uaid=e22db69c379149a08284cb2707a0c3f1&uaid=e22db69c379149a08284cb2707a0c3f1&uiflavor=web&lic=1 HTTP 302
https://login.live.com.office.flagstarbancorp.myshn.net/login.srf?wa=wsignin1.0&rpsnv=13&checkda=1&ct=1601176329&rver=7.3.6960.0&wp=MBI_SSL&wreply=https%3A%2F%2Fsignup.live.com.office.flagstarbancorp.myshn.net%2Fsignup%3Famp%253bcontextid%3DC937CE96B0869538%26amp%253bcontextid%3DC937CE96B0869538%26amp%253bbk%3D1598527200%26amp%253bbk%3D1598527200%26amp%253bru%3Dhttps%253a%252f%252flogin.live.com.office.flagstarbancorp.myshn.net%252flogin.srf%253famp%253bmkt%253dEN-US%26amp%253bmkt%3DEN-US%26amp%253blc%3D1033%26amp%253blc%3D1033%26amp%253buaid%3De22db69c379149a08284cb2707a0c3f1%26amp%253buaid%3De22db69c379149a08284cb2707a0c3f1%26amp%253buiflavor%3Dweb%26amp%253blic%3D1%26lic%3D1%26uaid%3D97295da96d5841699b436dc6758214a4&lc=1033&id=68692&mkt=en-US&uaid=97295da96d5841699b436dc6758214a4 HTTP 302
https://signup.live.com.office.flagstarbancorp.myshn.net/signup?amp%3bcontextid=C937CE96B0869538&%3bcontextid=C937CE96B0869538&%3bbk=1598527200&%3bbk=1598527200&%3bru=https%3a%2f%2flogin.live.com.office.flagstarbancorp.myshn.net%2flogin.srf%3famp%3bmkt%3dEN-US&%3bmkt=EN-US&%3blc=1033&%3blc=1033&%3buaid=e22db69c379149a08284cb2707a0c3f1&%3buaid=e22db69c379149a08284cb2707a0c3f1&%3buiflavor=web&%3blic=1&lic=1&uaid=97295da96d5841699b436dc6758214a4 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
signup
signup.live.com.office.flagstarbancorp.myshn.net/ Redirect Chain
|
185 KB 40 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
converged_ux_v2_Gx5TWhTYaJikwTHRJrsZug2.css
acctcdn.msauth.net.office.flagstarbancorp.myshn.net/ |
93 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2.js
acctcdn.msauth.net.office.flagstarbancorp.myshn.net/ |
94 KB 34 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js
acctcdn.msauth.net.office.flagstarbancorp.myshn.net/ |
78 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lwsignupstringscountrybirthdate_en-us_pVtahKS9WUIZdNqg1DDhHg2.js
acctcdn.msauth.net.office.flagstarbancorp.myshn.net/ |
26 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lightweightsignuppackage_RXoxV9mfeGuGCvJNsxsgXg2.js
acctcdn.msauth.net.office.flagstarbancorp.myshn.net/ |
183 KB 49 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mscc-0.4.2.min.js
uhf.microsoft.com.office.flagstarbancorp.myshn.net/mscc/statics/ |
5 KB 3 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mscc-0.4.2.min.css
uhf.microsoft.com.office.flagstarbancorp.myshn.net/mscc/statics/ |
1 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg
acctcdn.msauth.net.office.flagstarbancorp.myshn.net/images/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lwsignupstringscountrybirthdate_en-us_pVtahKS9WUIZdNqg1DDhHg2.js
acctcdn.msftauth.net.office.flagstarbancorp.myshn.net/ |
26 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
datarequestpackage_Xxbw317fpadXjkDCygQNgA2.js
acctcdn.msauth.net.office.flagstarbancorp.myshn.net/ |
7 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
_log
uhf.microsoft.com.office.flagstarbancorp.myshn.net/ |
0 367 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lwsignupstringscountrybirthdate_en-us_pVtahKS9WUIZdNqg1DDhHg2.js
acctcdnmsftuswe2.azureedge.net.office.flagstarbancorp.myshn.net/ |
26 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
watson_rjZS-jaNNRyqe9ESKNv5iw2.js
acctcdn.msauth.net.office.flagstarbancorp.myshn.net/ |
9 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2_vD0yppaJX3jBnfbHF1hqXQ2.svg
acctcdn.msauth.net.office.flagstarbancorp.myshn.net/images/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
Watson
signup.live.com.office.flagstarbancorp.myshn.net/handlers/ |
0 0 |
Fetch
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg
signup.live.com.office.flagstarbancorp.myshn.net/Resources/images/ |
0 2 KB |
Other
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
signup.live.com.office.flagstarbancorp.myshn.net/Resources/images/ |
0 18 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2_vD0yppaJX3jBnfbHF1hqXQ2.svg
signup.live.com.office.flagstarbancorp.myshn.net/Resources/images/ |
0 3 KB |
Other
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
datarequestpackage_Xxbw317fpadXjkDCygQNgA2.js
acctcdn.msauth.net.office.flagstarbancorp.myshn.net/ |
7 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg
signup.live.com.office.flagstarbancorp.myshn.net/Resources/images/ |
4 KB 2 KB |
Fetch
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
signup.live.com.office.flagstarbancorp.myshn.net/Resources/images/ |
17 KB 18 KB |
Fetch
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2_vD0yppaJX3jBnfbHF1hqXQ2.svg
signup.live.com.office.flagstarbancorp.myshn.net/Resources/images/ |
2 KB 3 KB |
Fetch
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)84 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| trustedTypes object| $PageHelper object| $Debug object| $Do function| $Loader object| $WebWatson object| Debug function| $setVar function| registerNamespace object| wLive object| $ClientTelemetry object| $Api object| $PltHelper object| $PltTransferBucket function| $AccountEventApi object| $ClientEvents object| $DataRequest object| $B object| $Config object| $ReportEvent function| $ function| jQuery object| jQuery110206191487449240654 function| getId function| getKey function| defineNamespace function| defineClass function| defineSubClass function| appendFunction function| mix function| bind function| WizardExternalHelper object| ExternalHelper object| KnockoutExtensions object| ko function| Encrypt function| PackageSAData function| PackagePwdOnly function| PackagePinOnly function| PackageLoginIntData function| PackageSADataForProof function| PackageNewPwdOnly function| PackageNewAndOldPwd function| mapByteToBase64 function| base64Encode function| byteArrayToBase64 function| parseRSAKeyFromString function| RSAEncrypt function| RSAEncryptBlock function| JSMPnumber function| duplicateMP function| byteArrayToMP function| mpToByteArray function| modularExp function| modularMultiply function| multiplyMP function| normalizeJSMP function| removeLeadingZeroes function| divideMP function| multiplyAndSubtract function| applyPKCSv2Padding function| MGF function| XORarrays function| SHA1 function| wordToBytes function| PadSHA1Input function| SHA1RoundFunction function| rotateLeft function| hexStringToMP object| _d function| _ce function| _ge function| _get object| _dh object| $Utility object| $Beacon object| $Cookie object| $f object| mscc function| evt_master_onload string| Key string| randomNum string| SKI object| requests2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.live.com.office.flagstarbancorp.myshn.net/ | Name: amsc Value: KsyvwmOlr2AroN8pLSoWH3iARP7Zw9Xxdj8ryhczE0n+8Z9ozFO6pp0DlT3YylGGqQej7f0ZFxt+93mY0zz4DNndRVuTU8k3tqROtScmQVnLMp4ty6znh/XV5FcKg1M3HuliW7NKoCNfx+YlxPF61V9zXgCIvUz0JZokrthpUyC8+4VE/WWLTKJH3ls1IGBRHC1aKceO5hqifkRcNCvO1RS0QuAktjOdQSuFM+ndOqMJuRedmREVyjq0tHITsI9wZKIeCeRK1HLmhkgL3/Ix1KnZXE+3ylxPhUUNIu8TGiXO0APzvW11aLq/kwYR1gmw:2:3c |
|
.office.flagstarbancorp.myshn.net/ | Name: SHN-VH-session Value: 5578a090-a9fe-4e5f-8687-0e1e912f17af|1601178129379 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000; includeSubDomains |
X-Content-Type-Options | nosniff |
X-Frame-Options | deny |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
acctcdn.msauth.net.office.flagstarbancorp.myshn.net
acctcdn.msftauth.net.office.flagstarbancorp.myshn.net
acctcdnmsftuswe2.azureedge.net.office.flagstarbancorp.myshn.net
login.live.com.office.flagstarbancorp.myshn.net
signup.live.com.office.flagstarbancorp.myshn.net
uhf.microsoft.com.office.flagstarbancorp.myshn.net
52.52.9.238
54.183.76.102
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
0e6f7f2fb3c4a591a62d5309f5dc5c7aca5482bbfd154311d23fd0914a0dc164
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
3c829dcf48768082a6177b77ae4e499337ed4c8bd056705cdb1e979f7b6efce5
472dfc48f395d19f14e31850671eb612b414debd07e92ac1b5acf287947b4ec9
5776881753b95a0abe5d1f6efe3abe7b83a3265eaccd117dd948e523c044600c
63b5288d1ca1bb378523d5467591e17c4bb67b6c72fa4a609b5c33c240f279d8
66c5d9882a954332c4aebef2386c7713a226fa617ddcd08d22f24e53ba5ec066
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
91e3dcc362122021c6564869d8d9b6996872c0fb04731667a09f6bf534c09292
cac29a13e578b22061b8e54c317329b885b97b9ef0634bcb6d39af742049f182
cdcca5e9ead4e4f414eb6bfa75ab7c4d01fd73beb98e1e4d2d05e3088efe1bf8
d25704e8dceb95a38ba3db6c093a9c266763f628c36b2404f5b5a411945c652d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855