mailer-daemon.net
Open in
urlscan Pro
162.0.232.252
Malicious Activity!
Unlisted Scan
Effective URL: https://mailer-daemon.net/file=sharing=system/file.id.3=s22412369/first.check.html
Submission: On November 03 via manual from AE — Scanned from DE
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on October 11th 2022. Valid for: a year.
This is the only time mailer-daemon.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 64.78.56.115 64.78.56.115 | 16406 (AS-INTERM...) (AS-INTERMEDIA) | |
6 | 162.0.232.252 162.0.232.252 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
1 | 2a00:1450:400... 2a00:1450:4001:813::200a | 15169 (GOOGLE) (GOOGLE) | |
5 | 2.16.238.134 2.16.238.134 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
12 | 4 |
ASN16406 (AS-INTERMEDIA, US)
PTR: intermedia.net
url.emailprotection.link |
ASN22612 (NAMECHEAP-NET, US)
PTR: server290-4.web-hosting.com
mailer-daemon.net |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-238-134.deploy.static.akamaitechnologies.com
spoprod-a.akamaihd.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
mailer-daemon.net
mailer-daemon.net |
297 KB |
5 |
akamaihd.net
spoprod-a.akamaihd.net — Cisco Umbrella Rank: 15123 |
166 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 447 |
30 KB |
1 |
emailprotection.link
1 redirects
url.emailprotection.link — Cisco Umbrella Rank: 249248 |
237 B |
12 | 4 |
Domain | Requested by | |
---|---|---|
6 | mailer-daemon.net |
mailer-daemon.net
|
5 | spoprod-a.akamaihd.net |
mailer-daemon.net
|
1 | ajax.googleapis.com |
mailer-daemon.net
|
1 | url.emailprotection.link | 1 redirects |
12 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
account.live.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
mailer-daemon.net Sectigo RSA Domain Validation Secure Server CA |
2022-10-11 - 2023-10-11 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-09-26 - 2022-12-19 |
3 months | crt.sh |
a248.e.akamai.net DigiCert TLS RSA SHA256 2020 CA1 |
2022-06-28 - 2023-06-30 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://mailer-daemon.net/file=sharing=system/file.id.3=s22412369/first.check.html
Frame ID: ADEBABC0468534F928AD22CC38FB52B1
Requests: 14 HTTP requests in this frame
Screenshot
Page Title
OneDrivePage URL History Show full URLs
-
https://url.emailprotection.link/?bOWmKwU9RQAIB5atacov0Fm1Y2ZtJE6kCohLLnuNyHXs2Pls3xxiCILm-280C61Wk1PvSAa_x7P...
HTTP 302
https://mailer-daemon.net/file=sharing=system/file.id.3=s22412369/ Page URL
- https://mailer-daemon.net/file=sharing=system/file.id.3=s22412369/continue-to-settings.php Page URL
- https://mailer-daemon.net/file=sharing=system/file.id.3=s22412369/index1.php Page URL
- https://mailer-daemon.net/file=sharing=system/file.id.3=s22412369/first.check.html Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Forgot my code
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://url.emailprotection.link/?bOWmKwU9RQAIB5atacov0Fm1Y2ZtJE6kCohLLnuNyHXs2Pls3xxiCILm-280C61Wk1PvSAa_x7Px1kaHCYqb4Vxxmi-e_6plDIEDnuNL6KCXkzEpQ4TUVEjcNLQnRwX6d
HTTP 302
https://mailer-daemon.net/file=sharing=system/file.id.3=s22412369/ Page URL
- https://mailer-daemon.net/file=sharing=system/file.id.3=s22412369/continue-to-settings.php Page URL
- https://mailer-daemon.net/file=sharing=system/file.id.3=s22412369/index1.php Page URL
- https://mailer-daemon.net/file=sharing=system/file.id.3=s22412369/first.check.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://url.emailprotection.link/?bOWmKwU9RQAIB5atacov0Fm1Y2ZtJE6kCohLLnuNyHXs2Pls3xxiCILm-280C61Wk1PvSAa_x7Px1kaHCYqb4Vxxmi-e_6plDIEDnuNL6KCXkzEpQ4TUVEjcNLQnRwX6d HTTP 302
- https://mailer-daemon.net/file=sharing=system/file.id.3=s22412369/
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
mailer-daemon.net/file=sharing=system/file.id.3=s22412369/ Redirect Chain
|
68 B 227 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
continue-to-settings.php
mailer-daemon.net/file=sharing=system/file.id.3=s22412369/ |
54 B 221 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index1.php
mailer-daemon.net/file=sharing=system/file.id.3=s22412369/ |
60 B 225 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
first.check.html
mailer-daemon.net/file=sharing=system/file.id.3=s22412369/ |
426 KB 295 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.2.1/ |
85 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
maincss-aec76c77.css
spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20180123.001// |
136 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.7.2-39eeb07e.js
spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20180123.001/ |
92 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
legacy_s_legacy-0f159289.js
spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20180123.001/ |
49 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
legacy1-1a09fb82.js
spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20180123.001/ |
240 KB 84 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
legacy0-e2cc9701.js
spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20180123.001/ |
15 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
clientstring.mvc
mailer-daemon.net/handlers/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
log
mailer-daemon.net/ |
1 KB 1 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
277 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)43 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery function| funalert function| formsubmit function| Css_Start function| Css_Load function| Css_Error object| cssQos1 object| $Do object| $B object| $BSI object| $CSIPerf object| _d object| _dh function| _ge object| $U object| $CJ object| Flight function| requirejs function| require function| define function| JSUnhandledError function| JSCaughtError object| Log function| LogReporterEvent function| RequireJSError function| JSPerformanceData function| RequireJSOnFirstRequireEvent function| RequireDeps object| $Static function| $MB function| $ToggleSidebar object| $HIC object| $HeaderCookie0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
mailer-daemon.net
spoprod-a.akamaihd.net
url.emailprotection.link
162.0.232.252
2.16.238.134
2a00:1450:4001:813::200a
64.78.56.115
211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb
39db86fe6a7793f60aec27cfd27f88a57150c64b58111ff74788504942a80e94
3e62a83111370532c278d9eef252015ee09cce842c2362aa1f76dc393b501609
446332e8c993ca5c57c1ec267b71675c4c9e4f72ba3ae4b4aa0468f4e683a0fa
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
7238bf17f09798e69a2fa223e73e20f82bef021208fb5544370b0a9afe85510f
771d5c4a06a1573da9c0fb15fedc1b8bf2219dca348887c344843077a76dd803
7fb28d1f6c9f57439eb0e83e6b99857ce792a3874ff3a35e6dbe912692d0e9df
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
d6c15974b6181a68e9b74e4f38fbac81d640569ef0fbbaa3381cc59683a9763f