outlook.verificacion.hstn.me Open in urlscan Pro
185.27.134.117 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://outlook.verificacion.hstn.me/?i=1
Effective URL:
http://outlook.verificacion.hstn.me/?i=2
Submission: On April 04 via api (April 4th 2024, 1:38:05 am UTC) from GB — Scanned from GB

Summary HTTP 11 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 5 domains to perform 11 HTTP transactions. The main IP is 185.27.134.117, located in United Kingdom and belongs to WILDCARD-AS Wildcard UK Limited, GB. The main domain is outlook.verificacion.hstn.me.

This is the only time outlook.verificacion.hstn.me was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
4	185.27.134.117 185.27.134.117	34119 (WILDCARD-...) (WILDCARD-AS Wildcard UK Limited)
1	2620:1ec:bdf::60 2620:1ec:bdf::60	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2606:2800:233... 2606:2800:233:78b9:f44e:2c1f:31aa:d9ef	15133 (EDGECAST) (EDGECAST)
11	4

4 185.27.134.117 (United Kingdom)

ASN34119 (WILDCARD-AS Wildcard UK Limited, GB)

outlook.verificacion.hstn.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:bdf::60 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

logincdn.msauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:233:78b9:f44e:2c1f:31aa:d9ef (United States)

ASN15133 (EDGECAST, US)

aadcdn.msftauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	hstn.me outlook.verificacion.hstn.me	138 KB
2	msftauth.net aadcdn.msftauth.net — Cisco Umbrella Rank: 852	280 KB
1	msauth.net logincdn.msauth.net — Cisco Umbrella Rank: 4082	2 KB
0	aeonfree.com Failed aeonfree.com Failed
0	Failed function sub() { [native code] }. Failed
11	5

	Domain	Requested by
4	outlook.verificacion.hstn.me	outlook.verificacion.hstn.me
2	aadcdn.msftauth.net	outlook.verificacion.hstn.me
1	logincdn.msauth.net	outlook.verificacion.hstn.me
0	aeonfree.com Failed
0	blank Failed	outlook.verificacion.hstn.me
11	5

This site contains links to these domains. Also see Links.

Domain
signup.live.com
login.live.com

Subject Issuer	Validity	Valid
identitycdn.msauth.net Microsoft Azure RSA TLS Issuing CA 03	`2024-01-17` - `2025-01-11`	a year	crt.sh
aadcdn.msftauth.net DigiCert SHA2 Secure Server CA	`2023-12-01` - `2024-12-01`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://outlook.verificacion.hstn.me/?i=2
Frame ID: 280C1E58C50BC05E7900B129F713B668
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Iniciar sesión en tu cuenta Microsoft

Page URL History Show full URLs

http://outlook.verificacion.hstn.me/?i=1 HTTP 307
https://outlook.verificacion.hstn.me/?i=1 HTTP 307
http://outlook.verificacion.hstn.me/?i=1 Page URL
http://outlook.verificacion.hstn.me/?i=2 Page URL

Page Statistics

11
Requests

27 %
HTTPS

67 %
IPv6

5
Domains

5
Subdomains

4
IPs

3
Countries

420 kB
Transfer

420 kB
Size

1
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1585627963&rver=7.0.6730.0&wp=LBI&wreply=https:%2f%2fwww.msn.com%2fes-es%2fhomepage%2fSecure%2fPassport%3fru%3dhttps%253a%252f%252fwww.msn.com%252fes-es%253fpfr%253d1&id=1184&pcexp=True&contextid=C354DCAE75FF72B1&bk=1585628021&uiflavor=web&lic=1&mkt=ES-ES&lc=3082&uaid=df9cef49f8e44095a77afe4745d6420f
Title: Cree una.

Search URL Search Domain Scan URL

URL: https://login.live.com/pp1600/
Title: Opciones de inicio de sesión

Search URL Search Domain Scan URL

URL: https://login.live.com/gls.srf?urlID=WinLiveTermsOfUse&mkt=ES-ES&vv=1600&uaid=df9cef49f8e44095a77afe4745d6420f
Title: Términos de uso

Search URL Search Domain Scan URL

URL: https://login.live.com/gls.srf?urlID=MSNPrivacyStatement&mkt=ES-ES&vv=1600&uaid=df9cef49f8e44095a77afe4745d6420f
Title: Privacidad y cookies

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://outlook.verificacion.hstn.me/?i=1 HTTP 307
https://outlook.verificacion.hstn.me/?i=1 HTTP 307
http://outlook.verificacion.hstn.me/?i=1 Page URL
http://outlook.verificacion.hstn.me/?i=2 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://outlook.verificacion.hstn.me/?i=1 HTTP 307
https://outlook.verificacion.hstn.me/?i=1 HTTP 307
http://outlook.verificacion.hstn.me/?i=1

Request Chain 9

http://outlook.verificacion.hstn.me/favicon.ico HTTP 302
https://aeonfree.com/error/404/ HTTP 301
https://aeonfree.com/error/404

11 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ Show response outlook.verificacion.hstn.me/ Redirect Chain http://outlook.verificacion.hstn.me/?i=1 https://outlook.verificacion.hstn.me/?i=1 http://outlook.verificacion.hstn.me/?i=1	839 B 1 KB	57ms 57ms	Document text/html	185.27.134.117 WILDCARD-AS Wildc...
General Check archive.org Show headers Download Go to Full URL http://outlook.verificacion.hstn.me/?i=1 Protocol HTTP/1.1 Server 185.27.134.117 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB), Reverse DNS Software nginx / Resource Hash `9ca2b0a0b927faa8b5e059b4e64c2b11c9720beafd386e04b7f1ff74de3f50df` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers Cache-Control no-cache Connection keep-alive Content-Length 839 Content-Type text/html Date Thu, 04 Apr 2024 01:37:58 GMT Expires Thu, 01 Jan 1970 00:00:01 GMT Server nginx Redirect headers Location http://outlook.verificacion.hstn.me/?i=1 Non-Authoritative-Reason HttpsUpgrades
GET H/1.1	200 OK	aes.js Show response outlook.verificacion.hstn.me/	13 KB 14 KB	57ms 57ms	Script application/javascript	185.27.134.117 WILDCARD-AS Wildc...
General Check archive.org Show headers Download Go to Full URL http://outlook.verificacion.hstn.me/aes.js Requested by Host: outlook.verificacion.hstn.me URL: http://outlook.verificacion.hstn.me/?i=1 Protocol HTTP/1.1 Server 185.27.134.117 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB), Reverse DNS Software nginx / Resource Hash `5069425b121346b36f730910d05402d50920fc2178b01e0c878b71af4ef1eb96` Request headers accept-language en-GB,en;q=0.9 Referer http://outlook.verificacion.hstn.me/?i=1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Response headers Date Thu, 04 Apr 2024 01:37:58 GMT Last-Modified Sun, 15 Oct 2023 16:31:22 GMT Server nginx ETag "652c13da-35a5" Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 13733
GET H/1.1	200 OK	Primary Request / Show response outlook.verificacion.hstn.me/	24 KB 24 KB	86ms 86ms	Document text/html	185.27.134.117 WILDCARD-AS Wildc...
General Check archive.org Show headers Download Go to Full URL http://outlook.verificacion.hstn.me/?i=2 Requested by Host: outlook.verificacion.hstn.me URL: http://outlook.verificacion.hstn.me/?i=1 Protocol HTTP/1.1 Server 185.27.134.117 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB), Reverse DNS Software nginx / Resource Hash `e78d9717dfd6ebe4c2467e85ffda0812ca3b3a17262029942d6e86d549269ac7` Request headers Referer http://outlook.verificacion.hstn.me/?i=1 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers Cache-Control max-age=0 Connection keep-alive Content-Type text/html; charset=UTF-8 Date Thu, 04 Apr 2024 01:37:58 GMT Expires Thu, 04 Apr 2024 01:37:58 GMT Server nginx Transfer-Encoding chunked
GET H/1.1	200 OK	Converged_v23082_AZXChPIB5jI3ijrmoNll5w2.css outlook.verificacion.hstn.me/css/	99 KB 99 KB	110ms 58ms	Stylesheet text/css	185.27.134.117 WILDCARD-AS Wildc...
General Check archive.org Show headers Download Go to Full URL http://outlook.verificacion.hstn.me/css/Converged_v23082_AZXChPIB5jI3ijrmoNll5w2.css Requested by Host: outlook.verificacion.hstn.me URL: http://outlook.verificacion.hstn.me/?i=2 Protocol HTTP/1.1 Server 185.27.134.117 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB), Reverse DNS Software nginx / Resource Hash `12fbcb2ab13dbba118402462d0d6b3802ff6895fee0f3ce964a55afede0beaf1` Request headers accept-language en-GB,en;q=0.9 Referer http://outlook.verificacion.hstn.me/?i=2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Response headers Date Thu, 04 Apr 2024 01:37:59 GMT Last-Modified Sat, 23 Mar 2024 18:42:30 GMT Server nginx ETag "18b13-614584d80ace0" Content-Type text/css Cache-Control max-age=2592000, public, proxy-revalidate, must-revalidate Connection keep-alive Accept-Ranges bytes Content-Length 101139 Expires Sat, 04 May 2024 01:37:59 GMT
GET		blank /	0 0

GET		blank /	0 0

GET H2	200	microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg logincdn.msauth.net/16.000.28510.10/content/images/	4 KB 2 KB	853ms 626ms	Image image/svg+xml	2620:1ec:bdf::60 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://logincdn.msauth.net/16.000.28510.10/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg Requested by Host: outlook.verificacion.hstn.me URL: http://outlook.verificacion.hstn.me/?i=2 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash `04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a` Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer http://outlook.verificacion.hstn.me/ accept-language en-GB,en;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-ms-blob-type BlockBlob date Thu, 04 Apr 2024 01:38:00 GMT content-encoding gzip x-cache TCP_MISS x-fd-int-roxy-purgeid 67912908 content-length 1435 x-ms-lease-status unlocked last-modified Tue, 24 Mar 2020 18:23:47 GMT etag 0x8D7D0207EBACD3E x-azure-ref 20240404T013800Z-6q195ph8vt41vdusyn1ptyu2s00000000qng0000000059bx content-type image/svg+xml access-control-allow-origin * x-ms-request-id d05ad5bd-801e-0052-1930-86d0a9000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 accept-ranges bytes
GET		blank /	0 0

GET H2	200	0-small_138bcee624fa04ef9b75e86211a9fe0d.jpg aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/	3 KB 3 KB	229ms 53ms	Image image/jpeg	2606:2800:233:78b9:f44e:2c1f:31aa:d9ef EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/0-small_138bcee624fa04ef9b75e86211a9fe0d.jpg Requested by Host: outlook.verificacion.hstn.me URL: http://outlook.verificacion.hstn.me/?i=2 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2606:2800:233:78b9:f44e:2c1f:31aa:d9ef , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (frc/4CCF) / Resource Hash `f89e908280791803bbf1f33b596ff4a2179b355a8e15ad02ebaa2b1da11127ea` Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer http://outlook.verificacion.hstn.me/ accept-language en-GB,en;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-ms-blob-type BlockBlob date Thu, 04 Apr 2024 01:38:00 GMT content-md5 E4vO5iT6BO+bdehiEan+DQ== age 337813 x-cache HIT content-length 3006 x-ms-lease-status unlocked last-modified Fri, 02 Nov 2018 20:26:15 GMT server ECAcc (frc/4CCF) etag 0x8D64101700C3AB4 content-type image/jpeg access-control-allow-origin * x-ms-request-id ad083ddf-601e-00c9-171e-83ad71000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding cache-control public, max-age=604800 x-ms-version 2009-09-19 accept-ranges bytes
GET H2	200	0_a5dbd4393ff6a725c7e62b61df7e72f0.jpg aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/	277 KB 277 KB	231ms 56ms	Image image/jpeg	2606:2800:233:78b9:f44e:2c1f:31aa:d9ef EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/0_a5dbd4393ff6a725c7e62b61df7e72f0.jpg Requested by Host: outlook.verificacion.hstn.me URL: http://outlook.verificacion.hstn.me/?i=2 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2606:2800:233:78b9:f44e:2c1f:31aa:d9ef , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (frc/4CA5) / Resource Hash `211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb` Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer http://outlook.verificacion.hstn.me/ accept-language en-GB,en;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-ms-blob-type BlockBlob date Thu, 04 Apr 2024 01:38:00 GMT content-md5 pdvUOT/2pyXH5ith335y8A== age 338099 x-cache HIT content-length 283351 x-ms-lease-status unlocked last-modified Fri, 02 Nov 2018 20:26:15 GMT server ECAcc (frc/4CA5) etag 0x8D64101702F5B97 content-type image/jpeg access-control-allow-origin * x-ms-request-id acc60586-c01e-007b-011d-838d31000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding cache-control public, max-age=604800 x-ms-version 2009-09-19 accept-ranges bytes
GET		404 aeonfree.com/error/ Redirect Chain http://outlook.verificacion.hstn.me/favicon.ico https://aeonfree.com/error/404/ https://aeonfree.com/error/404	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: blank
URL: about:blank

Domain: blank
URL: about:blank

Domain: blank
URL: about:blank

Domain: aeonfree.com
URL: https://aeonfree.com/error/404

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			outlook.verificacion.hstn.me/	1970-01-21 05:12:34	Name: __test Value: 483dae1d668f0d9fdc796c5bf9c9a0a9

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: http://outlook.verificacion.hstn.me/?i=2 Message: Access to script at 'about:blank' from origin 'http://outlook.verificacion.hstn.me' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, isolated-app, chrome-extension, chrome, https, chrome-untrusted.
network	error	URL: about:blank Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://outlook.verificacion.hstn.me/?i=2 Message: Access to script at 'about:blank' from origin 'http://outlook.verificacion.hstn.me' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, isolated-app, chrome-extension, chrome, https, chrome-untrusted.
network	error	URL: about:blank Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://outlook.verificacion.hstn.me/?i=2 Message: Access to script at 'about:blank' from origin 'http://outlook.verificacion.hstn.me' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, isolated-app, chrome-extension, chrome, https, chrome-untrusted.
network	error	URL: about:blank Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aadcdn.msftauth.net
aeonfree.com
blank
logincdn.msauth.net
outlook.verificacion.hstn.me
aeonfree.com
blank
185.27.134.117
2606:2800:233:78b9:f44e:2c1f:31aa:d9ef
2620:1ec:bdf::60
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
12fbcb2ab13dbba118402462d0d6b3802ff6895fee0f3ce964a55afede0beaf1
211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb
5069425b121346b36f730910d05402d50920fc2178b01e0c878b71af4ef1eb96
9ca2b0a0b927faa8b5e059b4e64c2b11c9720beafd386e04b7f1ff74de3f50df
e78d9717dfd6ebe4c2467e85ffda0812ca3b3a17262029942d6e86d549269ac7
f89e908280791803bbf1f33b596ff4a2179b355a8e15ad02ebaa2b1da11127ea

outlook.verificacion.hstn.me Open in urlscan Pro 185.27.134.117 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

11 Requests

27 %HTTPS

67 %IPv6

5 Domains

5 Subdomains

4 IPs

3 Countries

420 kBTransfer

420 kBSize

1 Cookies

4 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

1 Cookies

6 Console Messages

Indicators

outlook.verificacion.hstn.me Open in urlscan Pro
185.27.134.117 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

27 %
HTTPS

67 %
IPv6

5
Domains

5
Subdomains

4
IPs

3
Countries

420 kB
Transfer

420 kB
Size

1
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!