buzonoutlook.eshost.com.ar Open in urlscan Pro
185.27.134.138 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://buzonoutlook.eshost.com.ar/
Effective URL:
http://buzonoutlook.eshost.com.ar/?i=1
Submission: On February 22 via manual (February 22nd 2023, 7:44:02 pm UTC) from CO — Scanned from GB

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 185.27.134.138, located in United Kingdom and belongs to WILDCARD-AS Wildcard UK Limited, GB. The main domain is buzonoutlook.eshost.com.ar.

This is the only time buzonoutlook.eshost.com.ar was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Outlook (Online)

Domain & IP information

	IP Address		AS Autonomous System
10	185.27.134.138 185.27.134.138		34119 (WILDCARD-...) (WILDCARD-AS Wildcard UK Limited)
10	1

10 185.27.134.138 (United Kingdom)

ASN34119 (WILDCARD-AS Wildcard UK Limited, GB)

buzonoutlook.eshost.com.ar	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	eshost.com.ar buzonoutlook.eshost.com.ar	2 MB
10	1

	Domain	Requested by
10	buzonoutlook.eshost.com.ar	buzonoutlook.eshost.com.ar
10	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://buzonoutlook.eshost.com.ar/?i=1
Frame ID: BA8E2DBB3DB9BF2DB1045ECE2ECB9E22
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://buzonoutlook.eshost.com.ar/ Page URL
http://buzonoutlook.eshost.com.ar/?i=1 Page URL

Page Statistics

10
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

1558 kB
Transfer

1690 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://buzonoutlook.eshost.com.ar/ Page URL
http://buzonoutlook.eshost.com.ar/?i=1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ Show response buzonoutlook.eshost.com.ar/	837 B 832 B	184ms 61ms	Document text/html	185.27.134.138 WILDCARD-AS Wildc...
General Check archive.org Show headers Download Go to Full URL http://buzonoutlook.eshost.com.ar/ Protocol HTTP/1.1 Server 185.27.134.138 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB), Reverse DNS Software nginx / Resource Hash `72513b5e3c1818339c1d88e3b169b8640e6181324d89d86670ecf620338e0162` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers Cache-Control no-cache Connection keep-alive Content-Encoding gzip Content-Type text/html Date Wed, 22 Feb 2023 19:43:55 GMT Expires Thu, 01 Jan 1970 00:00:01 GMT Server nginx Transfer-Encoding chunked Vary Accept-Encoding
GET H/1.1	200 OK	aes.js Show response buzonoutlook.eshost.com.ar/	30 KB 31 KB	60ms 60ms	Script application/javascript	185.27.134.138 WILDCARD-AS Wildc...
General Check archive.org Show headers Download Go to Full URL http://buzonoutlook.eshost.com.ar/aes.js Requested by Host: buzonoutlook.eshost.com.ar URL: http://buzonoutlook.eshost.com.ar/ Protocol HTTP/1.1 Server 185.27.134.138 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB), Reverse DNS Software nginx / Resource Hash `d2701c86a2a31a641520e72121749dbbabeed4b1a59aece20bbf14f9c9de82bc` Request headers accept-language en-GB,en;q=0.9 Referer http://buzonoutlook.eshost.com.ar/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers Date Wed, 22 Feb 2023 19:43:55 GMT Last-Modified Sat, 08 Aug 2015 08:12:26 GMT Server nginx ETag "55c5b9ea-79e6" Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 31206
GET H/1.1	200 OK	Primary Request / Show response buzonoutlook.eshost.com.ar/	2 KB 1 KB	75ms 75ms	Document text/html	185.27.134.138 WILDCARD-AS Wildc...
General Check archive.org Show headers Download Go to Full URL http://buzonoutlook.eshost.com.ar/?i=1 Requested by Host: buzonoutlook.eshost.com.ar URL: http://buzonoutlook.eshost.com.ar/ Protocol HTTP/1.1 Server 185.27.134.138 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB), Reverse DNS Software nginx / Resource Hash `898be77a6b60299a7d8c0a9db404d36dbf1148175bbff634c47a80e1474b38c7` Request headers Referer http://buzonoutlook.eshost.com.ar/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers Cache-Control max-age=0 Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Wed, 22 Feb 2023 19:43:55 GMT Expires Wed, 22 Feb 2023 19:43:55 GMT Server nginx Transfer-Encoding chunked Vary Accept-Encoding
GET H/1.1	200 OK	util.css buzonoutlook.eshost.com.ar/css/	82 KB 15 KB	63ms 62ms	Stylesheet text/css	185.27.134.138 WILDCARD-AS Wildc...
General Check archive.org Show headers Download Go to Full URL http://buzonoutlook.eshost.com.ar/css/util.css Requested by Host: buzonoutlook.eshost.com.ar URL: http://buzonoutlook.eshost.com.ar/?i=1 Protocol HTTP/1.1 Server 185.27.134.138 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB), Reverse DNS Software nginx / Resource Hash `837494f2b4a3de7bceb87d79e841ae48b96f81082a2421858e06b1d5d1e117f8` Request headers accept-language en-GB,en;q=0.9 Referer http://buzonoutlook.eshost.com.ar/?i=1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers Date Wed, 22 Feb 2023 19:43:55 GMT Content-Encoding gzip Last-Modified Tue, 21 Feb 2023 19:29:36 GMT Server nginx Transfer-Encoding chunked Vary Accept-Encoding Content-Type text/css Cache-Control max-age=2592000, public, proxy-revalidate, public, proxy-revalidate, must-revalidate Connection keep-alive Expires Fri, 24 Mar 2023 19:43:55 GMT
GET H/1.1	200 OK	main.css buzonoutlook.eshost.com.ar/css/	8 KB 2 KB	122ms 62ms	Stylesheet text/css	185.27.134.138 WILDCARD-AS Wildc...
General Check archive.org Show headers Download Go to Full URL http://buzonoutlook.eshost.com.ar/css/main.css Requested by Host: buzonoutlook.eshost.com.ar URL: http://buzonoutlook.eshost.com.ar/?i=1 Protocol HTTP/1.1 Server 185.27.134.138 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB), Reverse DNS Software nginx / Resource Hash `afeb11f10efd640c24caf08ceef8be509a4507a2796672852ad9b2d667858a22` Request headers accept-language en-GB,en;q=0.9 Referer http://buzonoutlook.eshost.com.ar/?i=1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers Date Wed, 22 Feb 2023 19:43:55 GMT Content-Encoding gzip Last-Modified Tue, 21 Feb 2023 19:29:35 GMT Server nginx Transfer-Encoding chunked Vary Accept-Encoding Content-Type text/css Cache-Control max-age=2592000, public, proxy-revalidate, public, proxy-revalidate, must-revalidate Connection keep-alive Expires Fri, 24 Mar 2023 19:43:55 GMT
GET H/1.1	200 OK	material-design-iconic-font.min.css buzonoutlook.eshost.com.ar/fonts/iconic/css/	69 KB 10 KB	123ms 63ms	Stylesheet text/css	185.27.134.138 WILDCARD-AS Wildc...
General Check archive.org Show headers Download Go to Full URL http://buzonoutlook.eshost.com.ar/fonts/iconic/css/material-design-iconic-font.min.css Requested by Host: buzonoutlook.eshost.com.ar URL: http://buzonoutlook.eshost.com.ar/?i=1 Protocol HTTP/1.1 Server 185.27.134.138 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB), Reverse DNS Software nginx / Resource Hash `dec3e9f0190a504ed0c8f4a5e957c107206ba106cac4a1bbb6cbac6369a16d56` Request headers accept-language en-GB,en;q=0.9 Referer http://buzonoutlook.eshost.com.ar/?i=1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers Date Wed, 22 Feb 2023 19:43:55 GMT Content-Encoding gzip Last-Modified Tue, 21 Feb 2023 19:30:14 GMT Server nginx Transfer-Encoding chunked Vary Accept-Encoding Content-Type text/css Cache-Control max-age=2592000, public, proxy-revalidate, public, proxy-revalidate, must-revalidate Connection keep-alive Expires Fri, 24 Mar 2023 19:43:55 GMT
GET H/1.1	200 OK	fond.png buzonoutlook.eshost.com.ar/images/	1 MB 1 MB	68ms 68ms	Image image/png	185.27.134.138 WILDCARD-AS Wildc...
General Check archive.org Show headers Download Go to Show image Full URL http://buzonoutlook.eshost.com.ar/images/fond.png Requested by Host: buzonoutlook.eshost.com.ar URL: http://buzonoutlook.eshost.com.ar/?i=1 Protocol HTTP/1.1 Server 185.27.134.138 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB), Reverse DNS Software nginx / Resource Hash `90b87983a346c4968b798fa8259d113a0533ba604ba8dd1c1667501d3f71602d` Request headers accept-language en-GB,en;q=0.9 Referer http://buzonoutlook.eshost.com.ar/?i=1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers Date Wed, 22 Feb 2023 19:43:55 GMT Last-Modified Tue, 21 Feb 2023 19:29:36 GMT Server nginx Content-Type image/png Cache-Control max-age=2592000, public, proxy-revalidate, public, proxy-revalidate Connection keep-alive Accept-Ranges bytes Content-Length 1205554 Expires Fri, 24 Mar 2023 19:43:55 GMT
GET H/1.1	200 OK	Poppins-Regular.ttf buzonoutlook.eshost.com.ar/fonts/poppins/	142 KB 142 KB	244ms 244ms	Font application/x-font-ttf	185.27.134.138 WILDCARD-AS Wildc...
General Check archive.org Show headers Download Go to Full URL http://buzonoutlook.eshost.com.ar/fonts/poppins/Poppins-Regular.ttf Requested by Host: buzonoutlook.eshost.com.ar URL: http://buzonoutlook.eshost.com.ar/css/main.css Protocol HTTP/1.1 Server 185.27.134.138 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB), Reverse DNS Software nginx / Resource Hash `2425ebbc021bfdd18fe55edbeeb1539d22a217212c14430a7d4d75266a333bbc` Request headers Referer http://buzonoutlook.eshost.com.ar/css/main.css Origin http://buzonoutlook.eshost.com.ar accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers Date Wed, 22 Feb 2023 19:43:55 GMT Last-Modified Tue, 21 Feb 2023 19:29:48 GMT Server nginx Transfer-Encoding chunked Content-Type application/x-font-ttf Cache-Control max-age=0 Connection keep-alive Accept-Ranges bytes Expires Wed, 22 Feb 2023 19:43:55 GMT
GET H/1.1	200 OK	Poppins-Medium.ttf buzonoutlook.eshost.com.ar/fonts/poppins/	140 KB 140 KB	245ms 244ms	Font application/x-font-ttf	185.27.134.138 WILDCARD-AS Wildc...
General Check archive.org Show headers Download Go to Full URL http://buzonoutlook.eshost.com.ar/fonts/poppins/Poppins-Medium.ttf Requested by Host: buzonoutlook.eshost.com.ar URL: http://buzonoutlook.eshost.com.ar/css/main.css Protocol HTTP/1.1 Server 185.27.134.138 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB), Reverse DNS Software nginx / Resource Hash `45870260a29fa7d3e0eff8cdd91993fb4a9ce4cced3d7b72c3ef7d24380bfc2d` Request headers Referer http://buzonoutlook.eshost.com.ar/css/main.css Origin http://buzonoutlook.eshost.com.ar accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers Date Wed, 22 Feb 2023 19:43:55 GMT Last-Modified Tue, 21 Feb 2023 19:29:46 GMT Server nginx Transfer-Encoding chunked Content-Type application/x-font-ttf Cache-Control max-age=0 Connection keep-alive Accept-Ranges bytes Expires Wed, 22 Feb 2023 19:43:55 GMT
GET H/1.1	200 OK	Material-Design-Iconic-Font.woff2 buzonoutlook.eshost.com.ar/fonts/iconic/fonts/	37 KB 38 KB	179ms 119ms	Font application/octet-stream	185.27.134.138 WILDCARD-AS Wildc...
General Check archive.org Show headers Download Go to Full URL http://buzonoutlook.eshost.com.ar/fonts/iconic/fonts/Material-Design-Iconic-Font.woff2?v=2.2.0 Requested by Host: buzonoutlook.eshost.com.ar URL: http://buzonoutlook.eshost.com.ar/fonts/iconic/css/material-design-iconic-font.min.css Protocol HTTP/1.1 Server 185.27.134.138 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB), Reverse DNS Software nginx / Resource Hash `e8eea96e29a7c0a72612ab85ca3229979666467a28349642c2176e7189a1a39c` Request headers Referer http://buzonoutlook.eshost.com.ar/fonts/iconic/css/material-design-iconic-font.min.css Origin http://buzonoutlook.eshost.com.ar accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers Date Wed, 22 Feb 2023 19:43:55 GMT Last-Modified Tue, 21 Feb 2023 19:30:19 GMT Server nginx Transfer-Encoding chunked Cache-Control max-age=0 Connection keep-alive Accept-Ranges bytes Expires Wed, 22 Feb 2023 19:43:55 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Outlook (Online)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| oncontentvisibilityautostatechange function| soloNumeros

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			buzonoutlook.eshost.com.ar/	1970-01-20 19:27:35	Name: __test Value: f2d3ebac50398593cc7f8b02cb27af59

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

buzonoutlook.eshost.com.ar
185.27.134.138
2425ebbc021bfdd18fe55edbeeb1539d22a217212c14430a7d4d75266a333bbc
45870260a29fa7d3e0eff8cdd91993fb4a9ce4cced3d7b72c3ef7d24380bfc2d
72513b5e3c1818339c1d88e3b169b8640e6181324d89d86670ecf620338e0162
837494f2b4a3de7bceb87d79e841ae48b96f81082a2421858e06b1d5d1e117f8
898be77a6b60299a7d8c0a9db404d36dbf1148175bbff634c47a80e1474b38c7
90b87983a346c4968b798fa8259d113a0533ba604ba8dd1c1667501d3f71602d
afeb11f10efd640c24caf08ceef8be509a4507a2796672852ad9b2d667858a22
d2701c86a2a31a641520e72121749dbbabeed4b1a59aece20bbf14f9c9de82bc
dec3e9f0190a504ed0c8f4a5e957c107206ba106cac4a1bbb6cbac6369a16d56
e8eea96e29a7c0a72612ab85ca3229979666467a28349642c2176e7189a1a39c

buzonoutlook.eshost.com.ar Open in urlscan Pro 185.27.134.138 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

10 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

1558 kBTransfer

1690 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

1 Cookies

Indicators

buzonoutlook.eshost.com.ar Open in urlscan Pro
185.27.134.138 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

1558 kB
Transfer

1690 kB
Size

1
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!