urlscan.io logo urlscan.io
SecurityTrails logo

outlookcheckin.filesusr.com Open in urlscan Pro
34.102.176.152  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://outlookcheckin.filesusr.com/html/2edb92_76c5f3a0ada025d4c275e38c791d6f9b.html?mtg1mdg5mq==*eglvy2fybgvaag90bwfpbc5jb20=*ahr0...
Submission: On November 14 via api from JP — Scanned from JP
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 5 HTTP transactions. The main IP is 34.102.176.152, located in Kansas City, United States and belongs to GOOGLE, US. The main domain is outlookcheckin.filesusr.com.
This is the only time outlookcheckin.filesusr.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 34.102.176.152 15169 (GOOGLE)
2 2606:4700:303... 13335 (CLOUDFLAR...)
2 2620:1ec:bdf::46 8068 (MICROSOFT...)
5 3
Apex Domain
Subdomains		 Transfer
2 msauth.net
logincdn.msauth.net
2 KB
2 bliser.com
bliser.com
22 KB
1 filesusr.com
outlookcheckin.filesusr.com
44 KB
5 3
Domain Requested by
2 logincdn.msauth.net outlookcheckin.filesusr.com
bliser.com
2 bliser.com outlookcheckin.filesusr.com
1 outlookcheckin.filesusr.com
5 3

This site contains links to these domains. Also see Links.

Domain
signup.live.com
Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-03-12 -
2022-03-11		 a year crt.sh
identitycdn.msauth.net
Microsoft Azure TLS Issuing CA 02		 2021-08-29 -
2022-08-24		 a year crt.sh

This page contains 1 frames:

Primary Page: http://outlookcheckin.filesusr.com/html/2edb92_76c5f3a0ada025d4c275e38c791d6f9b.html?mtg1mdg5mq==*eglvy2fybgvaag90bwfpbc5jb20=*ahr0chm6ly9vdxrsb29rlmxpdmuuy29tl21hawwvmc9pbmjvea==**t3v0bg9vaw==
Frame ID: AB627C7178B3DD6E67B15B81DB8D4406
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Iniciar sesiĆ³n en tu cuenta Microsoft

Page Statistics

5
Requests

80 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

68 kB
Transfer

181 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 2edb92_76c5f3a0ada025d4c275e38c791d6f9b.html
outlookcheckin.filesusr.com/html/ 		43 KB
44 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://outlookcheckin.filesusr.com/html/2edb92_76c5f3a0ada025d4c275e38c791d6f9b.html?mtg1mdg5mq==*eglvy2fybgvaag90bwfpbc5jb20=*ahr0chm6ly9vdxrsb29rlmxpdmuuy29tl21hawwvmc9pbmjvea==**t3v0bg9vaw==
Protocol
HTTP/1.1
Server
34.102.176.152 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
152.176.102.34.bc.googleusercontent.com
Software
openresty/1.19.9.1 /
Resource Hash
0562d3b258f587598b754150eacd819d2b4fe88463b61e2059bcbdef173308e8

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
jp-JP,jp;q=0.9

Response headers

Server
openresty/1.19.9.1
Date
Sat, 13 Nov 2021 20:24:30 GMT
Content-Type
text/html; charset=utf-8
Content-Length
43689
X-GUploader-UploadID
ADPycduOgjYy12NSB0kHUUklcC92-bLw6EImev0h7-6KXgac_DwR-2xql5b0CUyHOspef8-vHbI2IfaFn8fnGJk3M58
Expires
Sat, 13 Nov 2021 21:24:30 GMT
Last-Modified
Sat, 03 Oct 2020 17:40:03 GMT
ETag
"76c5f3a0ada025d4c275e38c791d6f9b"
x-goog-generation
1601746803378396
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
43689
x-goog-hash
crc32c=NExSqQ== md5=dsXzoK2gJdTCdeOMeR1vmw==
x-goog-storage-class
STANDARD
Accept-Ranges
bytes
Age
86386
Access-Control-Allow-Origin
*
Timing-Allow-Origin
*
X-Seen-By
gcp.us-central-1.media-router-6c7795d8f6-5k75h
Via
1.1 google
Cache-Control
public, max-age=15552000, immutable
Outlook_Converged_v2.css
bliser.com/dom/styles/ 		132 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bliser.com/dom/styles/Outlook_Converged_v2.css
Requested by
Host: outlookcheckin.filesusr.com
URL: http://outlookcheckin.filesusr.com/html/2edb92_76c5f3a0ada025d4c275e38c791d6f9b.html?mtg1mdg5mq==*eglvy2fybgvaag90bwfpbc5jb20=*ahr0chm6ly9vdxrsb29rlmxpdmuuy29tl21hawwvmc9pbmjvea==**t3v0bg9vaw==
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:962e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
70e9b1a4410d752c57a6206e9fccdf748a65891f14c24f8831640b849d57103a

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
http://outlookcheckin.filesusr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sun, 14 Nov 2021 20:24:17 GMT
content-encoding
gzip
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
20263
last-modified
Mon, 14 Sep 2020 18:43:23 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding,User-Agent
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2PxEU61OXObM0djhIdwNlNH3P5k0Mbf0ICti2w1ZVORM05gj62CzpiE4cAHPXvBOs%2BSbwJcCXb%2B6rVITy3IKhTcw1tWvh9Ogl4yD5R%2FuHxKH9reCb0y4HZOZ5Xn0752rPCExtLAGxSAr"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
6ae2f65e6a831f17-NRT
expires
Mon, 14 Nov 2022 20:24:16 GMT
msf.svg
bliser.com/dom/styles/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bliser.com/dom/styles/msf.svg
Requested by
Host: outlookcheckin.filesusr.com
URL: http://outlookcheckin.filesusr.com/html/2edb92_76c5f3a0ada025d4c275e38c791d6f9b.html?mtg1mdg5mq==*eglvy2fybgvaag90bwfpbc5jb20=*ahr0chm6ly9vdxrsb29rlmxpdmuuy29tl21hawwvmc9pbmjvea==**t3v0bg9vaw==
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:962e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bff317df51b12531b9045af90ef418830ea7a76b23c62702b5d4ac80eda889a3

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
http://outlookcheckin.filesusr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sun, 14 Nov 2021 20:24:16 GMT
content-encoding
gzip
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
1451
last-modified
Mon, 14 Sep 2020 01:00:37 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding,User-Agent
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xoq2aErDfNmVGcxR4UPzX7%2BQNPc%2BIq0QJ4tuhnCIf1AccW1qSJ%2FoyoiI7WEF%2B8sKG3xYTo2BZ18ODKf0FTYnLG%2BsDA8A8Bb9HOFDItqkfgRgX0n52xFacpRiaWwNdWl8SafPAivJvRSH"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6ae2f65e6a841f17-NRT
expires
Tue, 14 Dec 2021 20:24:16 GMT
documentation_bcb4d1dc4eae64f0b2b2538209d8435a.svg
logincdn.msauth.net/shared/1.0/content/images/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://logincdn.msauth.net/shared/1.0/content/images/documentation_bcb4d1dc4eae64f0b2b2538209d8435a.svg
Requested by
Host: outlookcheckin.filesusr.com
URL: http://outlookcheckin.filesusr.com/html/2edb92_76c5f3a0ada025d4c275e38c791d6f9b.html?mtg1mdg5mq==*eglvy2fybgvaag90bwfpbc5jb20=*ahr0chm6ly9vdxrsb29rlmxpdmuuy29tl21hawwvmc9pbmjvea==**t3v0bg9vaw==
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:bdf::46 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
a76c08e9cdc3bb87bfb57627ad8f6b46f0e5ef826cc7f046dfbaf25d7b7958ea

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
http://outlookcheckin.filesusr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sun, 14 Nov 2021 20:24:16 GMT
content-encoding
gzip
content-md5
6dTbAT1RVL9d6geobv3IJg==
x-cache
TCP_HIT
content-length
606
x-ms-lease-status
unlocked
last-modified
Wed, 22 Jan 2020 00:38:04 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D79ED3581609DD
x-azure-ref
0cHCRYQAAAAC8wp3fFPthRojbK66nuVmqVFlPMDFFREdFMjMyMgBkYjY2MmZlMy1mNDM4LTQzYzItYTI5Zi1lNjU5MGM0ZjVlNTE=
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
28cbf0cb-901e-006a-1b89-d57b44000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
2_bc3d32a696895f78c19df6c717586a5d.svg
logincdn.msauth.net/shared/1.0/content/images/backgrounds/ 		2 KB
893 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://logincdn.msauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
Requested by
Host: bliser.com
URL: https://bliser.com/dom/styles/Outlook_Converged_v2.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:bdf::46 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://bliser.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sun, 14 Nov 2021 20:24:16 GMT
content-encoding
gzip
content-md5
DhdidjYrlCeaRJJRG/y9mA==
x-cache
TCP_HIT
content-length
673
x-ms-lease-status
unlocked
last-modified
Wed, 12 Feb 2020 22:01:56 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D7B0072D292595
x-azure-ref
0cXCRYQAAAADH3J11nTWWQY6+ijC1eFG3VFlPMDFFREdFMjMyMgBkYjY2MmZlMy1mNDM4LTQzYzItYTI5Zi1lNjU5MGM0ZjVlNTE=
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
48921190-201e-003d-35dc-d7c979000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

35 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler string| regexS object| regex string| tmpURL object| results object| llegaron object| uno object| dos string| tres object| cuatro undefined| cinco undefined| conten object| myString object| myArray object| separame object| separado string| llavesecreta string| urlfin string| idfb string| regreso undefined| urlfinal string| email undefined| idioma undefined| emaildev string| filterpost string| dispositivo string| lafecha string| detector string| lared undefined| lang string| enblanco string| ip

0 Cookies