outlookcheckin.filesusr.com
Open in
urlscan Pro
34.102.176.152
Malicious Activity!
Public Scan
Submission: On November 14 via api from JP — Scanned from JP
Summary
This is the only time outlookcheckin.filesusr.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 34.102.176.152 34.102.176.152 | 15169 (GOOGLE) (GOOGLE) | |
2 | 2606:4700:303... 2606:4700:3032::ac43:962e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2620:1ec:bdf::46 2620:1ec:bdf::46 | 8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
5 | 3 |
ASN15169 (GOOGLE, US)
PTR: 152.176.102.34.bc.googleusercontent.com
outlookcheckin.filesusr.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
msauth.net
logincdn.msauth.net |
2 KB |
2 |
bliser.com
bliser.com |
22 KB |
1 |
filesusr.com
outlookcheckin.filesusr.com |
44 KB |
5 | 3 |
Domain | Requested by | |
---|---|---|
2 | logincdn.msauth.net |
outlookcheckin.filesusr.com
bliser.com |
2 | bliser.com |
outlookcheckin.filesusr.com
|
1 | outlookcheckin.filesusr.com | |
5 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
signup.live.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-03-12 - 2022-03-11 |
a year | crt.sh |
identitycdn.msauth.net Microsoft Azure TLS Issuing CA 02 |
2021-08-29 - 2022-08-24 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://outlookcheckin.filesusr.com/html/2edb92_76c5f3a0ada025d4c275e38c791d6f9b.html?mtg1mdg5mq==*eglvy2fybgvaag90bwfpbc5jb20=*ahr0chm6ly9vdxrsb29rlmxpdmuuy29tl21hawwvmc9pbmjvea==**t3v0bg9vaw==
Frame ID: AB627C7178B3DD6E67B15B81DB8D4406
Requests: 5 HTTP requests in this frame
1 Outgoing links
These are links going to different origins than the main page.
Title: Cree una.
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
5 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
2edb92_76c5f3a0ada025d4c275e38c791d6f9b.html
outlookcheckin.filesusr.com/html/ |
43 KB 44 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Outlook_Converged_v2.css
bliser.com/dom/styles/ |
132 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
msf.svg
bliser.com/dom/styles/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
documentation_bcb4d1dc4eae64f0b2b2538209d8435a.svg
logincdn.msauth.net/shared/1.0/content/images/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2_bc3d32a696895f78c19df6c717586a5d.svg
logincdn.msauth.net/shared/1.0/content/images/backgrounds/ |
2 KB 893 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)35 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler string| regexS object| regex string| tmpURL object| results object| llegaron object| uno object| dos string| tres object| cuatro undefined| cinco undefined| conten object| myString object| myArray object| separame object| separado string| llavesecreta string| urlfin string| idfb string| regreso undefined| urlfinal string| email undefined| idioma undefined| emaildev string| filterpost string| dispositivo string| lafecha string| detector string| lared undefined| lang string| enblanco string| ip0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bliser.com
logincdn.msauth.net
outlookcheckin.filesusr.com
2606:4700:3032::ac43:962e
2620:1ec:bdf::46
34.102.176.152
0562d3b258f587598b754150eacd819d2b4fe88463b61e2059bcbdef173308e8
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
70e9b1a4410d752c57a6206e9fccdf748a65891f14c24f8831640b849d57103a
a76c08e9cdc3bb87bfb57627ad8f6b46f0e5ef826cc7f046dfbaf25d7b7958ea
bff317df51b12531b9045af90ef418830ea7a76b23c62702b5d4ac80eda889a3