urlscan.io logo urlscan.io
SecurityTrails logo

mailer-daemon.net Open in urlscan Pro
162.0.232.252  Malicious Activity! Unlisted Scan

Go To Rescan Add Verdict Report
Submitted URL: https://url.emailprotection.link/?bOWmKwU9RQAIB5atacov0Fm1Y2ZtJE6kCohLLnuNyHXs2Pls3xxiCILm-280C61Wk1PvSAa_x7Px1kaHCYqb4Vxxmi-e_6p...
Effective URL: https://mailer-daemon.net/file=sharing=system/file.id.3=s22412369/first.check.html
Submission: On November 03 via manual from AE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 12 HTTP transactions. The main IP is 162.0.232.252, located in United States and belongs to NAMECHEAP-NET, US. The main domain is mailer-daemon.net.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on October 11th 2022. Valid for: a year.
This is the only time mailer-daemon.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 1 64.78.56.115 16406 (AS-INTERM...)
6 162.0.232.252 22612 (NAMECHEAP...)
1 2a00:1450:400... 15169 (GOOGLE)
5 2.16.238.134 20940 (AKAMAI-ASN1)
12 4
Apex Domain
Subdomains		 Transfer
6 mailer-daemon.net
mailer-daemon.net
297 KB
5 akamaihd.net
spoprod-a.akamaihd.net — Cisco Umbrella Rank: 15123
166 KB
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 447
30 KB
1 emailprotection.link
url.emailprotection.link — Cisco Umbrella Rank: 249248
237 B
12 4
Domain Requested by
6 mailer-daemon.net mailer-daemon.net
5 spoprod-a.akamaihd.net mailer-daemon.net
1 ajax.googleapis.com mailer-daemon.net
1 url.emailprotection.link 1 redirects
12 4

This site contains links to these domains. Also see Links.

Domain
account.live.com
Subject Issuer Validity Valid
mailer-daemon.net
Sectigo RSA Domain Validation Secure Server CA		 2022-10-11 -
2023-10-11		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2022-09-26 -
2022-12-19		 3 months crt.sh
a248.e.akamai.net
DigiCert TLS RSA SHA256 2020 CA1		 2022-06-28 -
2023-06-30		 a year crt.sh

This page contains 1 frames:

Primary Page: https://mailer-daemon.net/file=sharing=system/file.id.3=s22412369/first.check.html
Frame ID: ADEBABC0468534F928AD22CC38FB52B1
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

OneDrive

Page URL History Show full URLs

  1. https://url.emailprotection.link/?bOWmKwU9RQAIB5atacov0Fm1Y2ZtJE6kCohLLnuNyHXs2Pls3xxiCILm-280C61Wk1PvSAa_x7P... HTTP 302
    https://mailer-daemon.net/file=sharing=system/file.id.3=s22412369/ Page URL
  2. https://mailer-daemon.net/file=sharing=system/file.id.3=s22412369/continue-to-settings.php Page URL
  3. https://mailer-daemon.net/file=sharing=system/file.id.3=s22412369/index1.php Page URL
  4. https://mailer-daemon.net/file=sharing=system/file.id.3=s22412369/first.check.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

12
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

493 kB
Transfer

1324 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://url.emailprotection.link/?bOWmKwU9RQAIB5atacov0Fm1Y2ZtJE6kCohLLnuNyHXs2Pls3xxiCILm-280C61Wk1PvSAa_x7Px1kaHCYqb4Vxxmi-e_6plDIEDnuNL6KCXkzEpQ4TUVEjcNLQnRwX6d HTTP 302
    https://mailer-daemon.net/file=sharing=system/file.id.3=s22412369/ Page URL
  2. https://mailer-daemon.net/file=sharing=system/file.id.3=s22412369/continue-to-settings.php Page URL
  3. https://mailer-daemon.net/file=sharing=system/file.id.3=s22412369/index1.php Page URL
  4. https://mailer-daemon.net/file=sharing=system/file.id.3=s22412369/first.check.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://url.emailprotection.link/?bOWmKwU9RQAIB5atacov0Fm1Y2ZtJE6kCohLLnuNyHXs2Pls3xxiCILm-280C61Wk1PvSAa_x7Px1kaHCYqb4Vxxmi-e_6plDIEDnuNL6KCXkzEpQ4TUVEjcNLQnRwX6d HTTP 302
  • https://mailer-daemon.net/file=sharing=system/file.id.3=s22412369/

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
mailer-daemon.net/file=sharing=system/file.id.3=s22412369/
Redirect Chain
  • https://url.emailprotection.link/?bOWmKwU9RQAIB5atacov0Fm1Y2ZtJE6kCohLLnuNyHXs2Pls3xxiCILm-280C61Wk1PvSAa_x7Px1kaHCYqb4Vxxmi-e_6plDIEDnuNL6KCXkzEpQ4TUVEjcNLQnRwX6d
  • https://mailer-daemon.net/file=sharing=system/file.id.3=s22412369/
68 B
227 B 		Document
General
Check archive.org
Download Go to
Full URL
https://mailer-daemon.net/file=sharing=system/file.id.3=s22412369/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.0.232.252 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
server290-4.web-hosting.com
Software
LiteSpeed / PHP/7.4.32
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
br
content-length
60
content-type
text/html; charset=UTF-8
date
Thu, 03 Nov 2022 08:26:56 GMT
server
LiteSpeed
vary
Accept-Encoding
x-powered-by
PHP/7.4.32
x-turbo-charged-by
LiteSpeed

Redirect headers

Connection
keep-alive
Content-Length
10
Content-Type
text/plain; charset=utf-8
Date
Thu, 03 Nov 2022 08:26:55 GMT
Location
https://mailer-daemon.net/file=sharing=system/file.id.3=s22412369/
Server
nginx
continue-to-settings.php
mailer-daemon.net/file=sharing=system/file.id.3=s22412369/ 		54 B
221 B 		Document
General
Check archive.org
Download Go to
Full URL
https://mailer-daemon.net/file=sharing=system/file.id.3=s22412369/continue-to-settings.php
Requested by
Host: mailer-daemon.net
URL: https://mailer-daemon.net/file=sharing=system/file.id.3=s22412369/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.0.232.252 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
server290-4.web-hosting.com
Software
LiteSpeed / PHP/7.4.32
Resource Hash

Request headers

Referer
https://mailer-daemon.net/file=sharing=system/file.id.3=s22412369/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
br
content-length
54
content-type
text/html; charset=UTF-8
date
Thu, 03 Nov 2022 08:26:56 GMT
server
LiteSpeed
vary
Accept-Encoding
x-powered-by
PHP/7.4.32
x-turbo-charged-by
LiteSpeed
index1.php
mailer-daemon.net/file=sharing=system/file.id.3=s22412369/ 		60 B
225 B 		Document
General
Check archive.org
Download Go to
Full URL
https://mailer-daemon.net/file=sharing=system/file.id.3=s22412369/index1.php
Requested by
Host: mailer-daemon.net
URL: https://mailer-daemon.net/file=sharing=system/file.id.3=s22412369/continue-to-settings.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.0.232.252 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
server290-4.web-hosting.com
Software
LiteSpeed / PHP/7.4.32
Resource Hash

Request headers

Referer
https://mailer-daemon.net/file=sharing=system/file.id.3=s22412369/continue-to-settings.php
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
br
content-length
58
content-type
text/html; charset=UTF-8
date
Thu, 03 Nov 2022 08:26:56 GMT
server
LiteSpeed
vary
Accept-Encoding
x-powered-by
PHP/7.4.32
x-turbo-charged-by
LiteSpeed
Primary Request first.check.html
mailer-daemon.net/file=sharing=system/file.id.3=s22412369/ 		426 KB
295 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://mailer-daemon.net/file=sharing=system/file.id.3=s22412369/first.check.html
Requested by
Host: mailer-daemon.net
URL: https://mailer-daemon.net/file=sharing=system/file.id.3=s22412369/index1.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.0.232.252 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
server290-4.web-hosting.com
Software
LiteSpeed /
Resource Hash
7238bf17f09798e69a2fa223e73e20f82bef021208fb5544370b0a9afe85510f

Request headers

Referer
https://mailer-daemon.net/file=sharing=system/file.id.3=s22412369/index1.php
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
content-encoding
br
content-length
301731
content-type
text/html
date
Thu, 03 Nov 2022 08:26:56 GMT
last-modified
Wed, 02 Nov 2022 14:24:22 GMT
server
LiteSpeed
vary
Accept-Encoding
x-turbo-charged-by
LiteSpeed
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.2.1/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
Requested by
Host: mailer-daemon.net
URL: https://mailer-daemon.net/file=sharing=system/file.id.3=s22412369/first.check.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mailer-daemon.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 06:39:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
6450
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30306
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 03 Nov 2023 06:39:26 GMT
maincss-aec76c77.css
spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20180123.001// 		136 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20180123.001//maincss-aec76c77.css
Requested by
Host: mailer-daemon.net
URL: https://mailer-daemon.net/file=sharing=system/file.id.3=s22412369/first.check.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2.16.238.134 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-16-238-134.deploy.static.akamaitechnologies.com
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
446332e8c993ca5c57c1ec267b71675c4c9e4f72ba3ae4b4aa0468f4e683a0fa

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mailer-daemon.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 03 Nov 2022 08:26:57 GMT
content-encoding
gzip
content-md5
rsdsd6WYhfyy0BwEMRimWg==
alt-svc
h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length
25469
x-ms-lease-status
unlocked
last-modified
Tue, 23 Jan 2018 20:18:35 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D5629E7B551A53
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
ef34ce27-d01e-0084-3d5e-eff42c000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31296874
x-ms-version
2009-09-19
timing-allow-origin
*
jquery-1.7.2-39eeb07e.js
spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20180123.001/ 		92 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20180123.001/jquery-1.7.2-39eeb07e.js
Requested by
Host: mailer-daemon.net
URL: https://mailer-daemon.net/file=sharing=system/file.id.3=s22412369/first.check.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2.16.238.134 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-16-238-134.deploy.static.akamaitechnologies.com
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
d6c15974b6181a68e9b74e4f38fbac81d640569ef0fbbaa3381cc59683a9763f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mailer-daemon.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 03 Nov 2022 08:26:57 GMT
content-encoding
gzip
content-md5
Oe6wfmgC4rV/XhCprZvKJA==
alt-svc
h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length
33335
x-ms-lease-status
unlocked
last-modified
Tue, 23 Jan 2018 20:18:35 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D5629E7B455FF8
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
f911fe04-701e-0069-56af-ebbf61000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=30892049
x-ms-version
2009-09-19
timing-allow-origin
*
legacy_s_legacy-0f159289.js
spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20180123.001/ 		49 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20180123.001/legacy_s_legacy-0f159289.js
Requested by
Host: mailer-daemon.net
URL: https://mailer-daemon.net/file=sharing=system/file.id.3=s22412369/first.check.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2.16.238.134 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-16-238-134.deploy.static.akamaitechnologies.com
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
39db86fe6a7793f60aec27cfd27f88a57150c64b58111ff74788504942a80e94

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mailer-daemon.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 03 Nov 2022 08:26:57 GMT
content-encoding
gzip
content-md5
DxWSiYU/qC+20VWOVfKrIg==
alt-svc
h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length
16422
x-ms-lease-status
unlocked
last-modified
Tue, 23 Jan 2018 20:18:22 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D5629E735D17A9
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
767f307e-601e-0028-12af-ebe785000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=30891968
x-ms-version
2009-09-19
timing-allow-origin
*
legacy1-1a09fb82.js
spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20180123.001/ 		240 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20180123.001/legacy1-1a09fb82.js
Requested by
Host: mailer-daemon.net
URL: https://mailer-daemon.net/file=sharing=system/file.id.3=s22412369/first.check.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2.16.238.134 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-16-238-134.deploy.static.akamaitechnologies.com
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
771d5c4a06a1573da9c0fb15fedc1b8bf2219dca348887c344843077a76dd803

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mailer-daemon.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 03 Nov 2022 08:26:57 GMT
content-encoding
gzip
content-md5
Ggn7gueKPiHpfZ+v/jXjxw==
alt-svc
h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
x-ms-lease-status
unlocked
last-modified
Tue, 23 Jan 2018 20:18:22 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D5629E7382F5FC
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
feea3e36-301e-000a-0acb-e2229a000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=29914785
x-ms-version
2009-09-19
timing-allow-origin
*
legacy0-e2cc9701.js
spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20180123.001/ 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20180123.001/legacy0-e2cc9701.js
Requested by
Host: mailer-daemon.net
URL: https://mailer-daemon.net/file=sharing=system/file.id.3=s22412369/first.check.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2.16.238.134 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-16-238-134.deploy.static.akamaitechnologies.com
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
7fb28d1f6c9f57439eb0e83e6b99857ce792a3874ff3a35e6dbe912692d0e9df

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mailer-daemon.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 03 Nov 2022 08:26:57 GMT
content-encoding
gzip
content-md5
4syXAQmhJXn2OCLqkfbg6Q==
alt-svc
h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length
6058
x-ms-lease-status
unlocked
last-modified
Tue, 23 Jan 2018 20:18:21 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D5629E731E2E94
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
5dffbbee-c01e-0053-2ecb-e2a519000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=29914676
x-ms-version
2009-09-19
timing-allow-origin
*
clientstring.mvc
mailer-daemon.net/handlers/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://mailer-daemon.net/handlers/clientstring.mvc?mkt=en-US&group=wlive&v=19.104.0406.2021&useRequiresJs=False
Requested by
Host: mailer-daemon.net
URL: https://mailer-daemon.net/file=sharing=system/file.id.3=s22412369/first.check.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.0.232.252 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
server290-4.web-hosting.com
Software
LiteSpeed /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mailer-daemon.net/file=sharing=system/file.id.3=s22412369/first.check.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 03 Nov 2022 08:26:57 GMT
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by
LiteSpeed
server
LiteSpeed
content-length
1238
content-type
text/html
log
mailer-daemon.net/ 		1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://mailer-daemon.net/log
Requested by
Host: mailer-daemon.net
URL: https://mailer-daemon.net/file=sharing=system/file.id.3=s22412369/first.check.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.0.232.252 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
server290-4.web-hosting.com
Software
LiteSpeed /
Resource Hash
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Request headers

Referer
https://mailer-daemon.net/file=sharing=system/file.id.3=s22412369/first.check.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 03 Nov 2022 08:26:57 GMT
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by
LiteSpeed
server
LiteSpeed
content-length
1238
content-type
text/html
truncated
/ 		277 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3e62a83111370532c278d9eef252015ee09cce842c2362aa1f76dc393b501609

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Type
image/jpeg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

43 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery function| funalert function| formsubmit function| Css_Start function| Css_Load function| Css_Error object| cssQos1 object| $Do object| $B object| $BSI object| $CSIPerf object| _d object| _dh function| _ge object| $U object| $CJ object| Flight function| requirejs function| require function| define function| JSUnhandledError function| JSCaughtError object| Log function| LogReporterEvent function| RequireJSError function| JSPerformanceData function| RequireJSOnFirstRequireEvent function| RequireDeps object| $Static function| $MB function| $ToggleSidebar object| $HIC object| $HeaderCookie

0 Cookies

2 Console Messages

Source Level URL
Text
network error URL: https://mailer-daemon.net/handlers/clientstring.mvc?mkt=en-US&group=wlive&v=19.104.0406.2021&useRequiresJs=False
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://mailer-daemon.net/log
Message:
Failed to load resource: the server responded with a status of 404 ()