outlook.verificacion.hstn.me Open in urlscan Pro
185.27.134.117 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://outlook.verificacion.hstn.me/
Effective URL:
http://outlook.verificacion.hstn.me/?i=1
Submission: On July 05 via api (July 5th 2024, 12:20:45 am UTC) from BY — Scanned from GB

Summary HTTP 11 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 5 domains to perform 11 HTTP transactions. The main IP is 185.27.134.117, located in United Kingdom and belongs to WILDCARD-AS Wildcard UK Limited, GB. The main domain is outlook.verificacion.hstn.me.

This is the only time outlook.verificacion.hstn.me was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
4	185.27.134.117 185.27.134.117	34119 (WILDCARD-...) (WILDCARD-AS Wildcard UK Limited)
1	2620:1ec:bdf::45 2620:1ec:bdf::45	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2606:2800:233... 2606:2800:233:1cb7:261b:1f9c:2074:3c	15133 (EDGECAST) (EDGECAST)
11	4

4 185.27.134.117 (United Kingdom)

ASN34119 (WILDCARD-AS Wildcard UK Limited, GB)

outlook.verificacion.hstn.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:bdf::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

logincdn.msauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:233:1cb7:261b:1f9c:2074:3c (United States)

ASN15133 (EDGECAST, US)

aadcdn.msftauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	hstn.me outlook.verificacion.hstn.me	138 KB
2	msftauth.net aadcdn.msftauth.net — Cisco Umbrella Rank: 1065	280 KB
1	msauth.net logincdn.msauth.net — Cisco Umbrella Rank: 4527	2 KB
0	aeonfree.com Failed aeonfree.com Failed
0	Failed function sub() { [native code] }. Failed
11	5

	Domain	Requested by
4	outlook.verificacion.hstn.me	outlook.verificacion.hstn.me
2	aadcdn.msftauth.net	outlook.verificacion.hstn.me
1	logincdn.msauth.net	outlook.verificacion.hstn.me
0	aeonfree.com Failed
0	blank Failed	outlook.verificacion.hstn.me
11	5

This site contains links to these domains. Also see Links.

Domain
signup.live.com
login.live.com

Subject Issuer	Validity	Valid
identitycdn.msauth.net Microsoft Azure RSA TLS Issuing CA 03	`2024-06-07` - `2025-06-02`	a year	crt.sh
aadcdn.msftauth.net DigiCert SHA2 Secure Server CA	`2024-05-25` - `2025-05-25`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://outlook.verificacion.hstn.me/?i=1
Frame ID: 6FB959F8094B6BBBBFEA40F7F20F43E2
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Iniciar sesión en tu cuenta Microsoft

Page URL History Show full URLs

http://outlook.verificacion.hstn.me/ HTTP 307
https://outlook.verificacion.hstn.me/ HTTP 307
http://outlook.verificacion.hstn.me/ Page URL
http://outlook.verificacion.hstn.me/?i=1 Page URL

Page Statistics

11
Requests

27 %
HTTPS

67 %
IPv6

5
Domains

5
Subdomains

4
IPs

3
Countries

420 kB
Transfer

420 kB
Size

1
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1585627963&rver=7.0.6730.0&wp=LBI&wreply=https:%2f%2fwww.msn.com%2fes-es%2fhomepage%2fSecure%2fPassport%3fru%3dhttps%253a%252f%252fwww.msn.com%252fes-es%253fpfr%253d1&id=1184&pcexp=True&contextid=C354DCAE75FF72B1&bk=1585628021&uiflavor=web&lic=1&mkt=ES-ES&lc=3082&uaid=df9cef49f8e44095a77afe4745d6420f
Title: Cree una.

Search URL Search Domain Scan URL

URL: https://login.live.com/pp1600/
Title: Opciones de inicio de sesión

Search URL Search Domain Scan URL

URL: https://login.live.com/gls.srf?urlID=WinLiveTermsOfUse&mkt=ES-ES&vv=1600&uaid=df9cef49f8e44095a77afe4745d6420f
Title: Términos de uso

Search URL Search Domain Scan URL

URL: https://login.live.com/gls.srf?urlID=MSNPrivacyStatement&mkt=ES-ES&vv=1600&uaid=df9cef49f8e44095a77afe4745d6420f
Title: Privacidad y cookies

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://outlook.verificacion.hstn.me/ HTTP 307
https://outlook.verificacion.hstn.me/ HTTP 307
http://outlook.verificacion.hstn.me/ Page URL
http://outlook.verificacion.hstn.me/?i=1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://outlook.verificacion.hstn.me/ HTTP 307
https://outlook.verificacion.hstn.me/ HTTP 307
http://outlook.verificacion.hstn.me/

Request Chain 9

http://outlook.verificacion.hstn.me/favicon.ico HTTP 302
https://aeonfree.com/error/404/ HTTP 301
https://aeonfree.com/error/404

11 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ Show response outlook.verificacion.hstn.me/ Redirect Chain http://outlook.verificacion.hstn.me/ https://outlook.verificacion.hstn.me/ http://outlook.verificacion.hstn.me/	839 B 1 KB	57ms 56ms	Document text/html	185.27.134.117 WILDCARD-AS Wildc...
General Check archive.org Show headers Download Go to Full URL http://outlook.verificacion.hstn.me/ Protocol HTTP/1.1 Server 185.27.134.117 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB), Reverse DNS Software nginx / Resource Hash `66075e889e497a2663b35e19513375c159be1ceb7d2d21de638c8a6a5644da08` Request headers Accept-Language en-GB,en;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Cache-Control no-cache Connection keep-alive Content-Length 839 Content-Type text/html Date Fri, 05 Jul 2024 00:20:39 GMT Expires Thu, 01 Jan 1970 00:00:01 GMT Server nginx Redirect headers Location http://outlook.verificacion.hstn.me/ Non-Authoritative-Reason HttpsUpgrades
GET H/1.1	200 OK	aes.js Show response outlook.verificacion.hstn.me/	13 KB 14 KB	56ms 56ms	Script application/javascript	185.27.134.117 WILDCARD-AS Wildc...
General Check archive.org Show headers Download Go to Full URL http://outlook.verificacion.hstn.me/aes.js Requested by Host: outlook.verificacion.hstn.me URL: http://outlook.verificacion.hstn.me/ Protocol HTTP/1.1 Server 185.27.134.117 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB), Reverse DNS Software nginx / Resource Hash `5069425b121346b36f730910d05402d50920fc2178b01e0c878b71af4ef1eb96` Request headers Accept-Language en-GB,en;q=0.9;q=0.9 Referer http://outlook.verificacion.hstn.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Fri, 05 Jul 2024 00:20:39 GMT Last-Modified Sun, 15 Oct 2023 16:31:22 GMT Server nginx ETag "652c13da-35a5" Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 13733
GET H/1.1	200 OK	Primary Request / Show response outlook.verificacion.hstn.me/	24 KB 24 KB	74ms 73ms	Document text/html	185.27.134.117 WILDCARD-AS Wildc...
General Check archive.org Show headers Download Go to Full URL http://outlook.verificacion.hstn.me/?i=1 Requested by Host: outlook.verificacion.hstn.me URL: http://outlook.verificacion.hstn.me/ Protocol HTTP/1.1 Server 185.27.134.117 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB), Reverse DNS Software nginx / Resource Hash `e78d9717dfd6ebe4c2467e85ffda0812ca3b3a17262029942d6e86d549269ac7` Request headers Accept-Language en-GB,en;q=0.9;q=0.9 Referer http://outlook.verificacion.hstn.me/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Cache-Control max-age=0 Connection keep-alive Content-Type text/html; charset=UTF-8 Date Fri, 05 Jul 2024 00:20:39 GMT Expires Fri, 05 Jul 2024 00:20:39 GMT Server nginx Transfer-Encoding chunked
GET H/1.1	200 OK	Converged_v23082_AZXChPIB5jI3ijrmoNll5w2.css outlook.verificacion.hstn.me/css/	99 KB 99 KB	59ms 59ms	Stylesheet text/css	185.27.134.117 WILDCARD-AS Wildc...
General Check archive.org Show headers Download Go to Full URL http://outlook.verificacion.hstn.me/css/Converged_v23082_AZXChPIB5jI3ijrmoNll5w2.css Requested by Host: outlook.verificacion.hstn.me URL: http://outlook.verificacion.hstn.me/?i=1 Protocol HTTP/1.1 Server 185.27.134.117 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB), Reverse DNS Software nginx / Resource Hash `12fbcb2ab13dbba118402462d0d6b3802ff6895fee0f3ce964a55afede0beaf1` Request headers Accept-Language en-GB,en;q=0.9;q=0.9 Referer http://outlook.verificacion.hstn.me/?i=1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Fri, 05 Jul 2024 00:20:39 GMT Last-Modified Sat, 23 Mar 2024 18:42:30 GMT Server nginx ETag "18b13-614584d80ace0" Content-Type text/css Cache-Control max-age=2592000, public, proxy-revalidate, must-revalidate Connection keep-alive Accept-Ranges bytes Content-Length 101139 Expires Sun, 04 Aug 2024 00:20:39 GMT
GET		blank /	0 0

GET		blank /	0 0

GET H2	200	microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg logincdn.msauth.net/16.000.28510.10/content/images/	4 KB 2 KB	233ms 66ms	Image image/svg+xml	2620:1ec:bdf::45 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://logincdn.msauth.net/16.000.28510.10/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg Requested by Host: outlook.verificacion.hstn.me URL: http://outlook.verificacion.hstn.me/?i=1 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash `04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer http://outlook.verificacion.hstn.me/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-ms-blob-type BlockBlob date Fri, 05 Jul 2024 00:20:41 GMT content-encoding gzip x-cache TCP_HIT x-cache-info L1_T2 x-fd-int-roxy-purgeid 0 content-length 1435 x-ms-lease-status unlocked last-modified Tue, 24 Mar 2020 18:23:47 GMT etag 0x8D7D0207EBACD3E x-azure-ref 20240705T002041Z-r195c4c79d9sqgckvvz1u2gg3c00000003sg000000004rm7 content-type image/svg+xml access-control-allow-origin * x-ms-request-id 6a384d4e-301e-0012-023f-ceb886000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 accept-ranges bytes
GET		blank /	0 0

GET H2	200	0-small_138bcee624fa04ef9b75e86211a9fe0d.jpg aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/	3 KB 3 KB	380ms 210ms	Image image/jpeg	2606:2800:233:1cb7:261b:1f9c:2074:3c EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/0-small_138bcee624fa04ef9b75e86211a9fe0d.jpg Requested by Host: outlook.verificacion.hstn.me URL: http://outlook.verificacion.hstn.me/?i=1 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (frc/4CCF) / Resource Hash `f89e908280791803bbf1f33b596ff4a2179b355a8e15ad02ebaa2b1da11127ea` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer http://outlook.verificacion.hstn.me/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-ms-blob-type BlockBlob date Fri, 05 Jul 2024 00:20:41 GMT content-md5 E4vO5iT6BO+bdehiEan+DQ== age 418239 x-cache HIT content-length 3006 x-ms-lease-status unlocked last-modified Fri, 02 Nov 2018 20:26:15 GMT server ECAcc (frc/4CCF) etag 0x8D64101700C3AB4 content-type image/jpeg access-control-allow-origin * x-ms-request-id 88d55b28-d01e-0072-43a3-cafe22000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding cache-control public, max-age=604800 x-ms-version 2009-09-19 accept-ranges bytes
GET H2	200	0_a5dbd4393ff6a725c7e62b61df7e72f0.jpg aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/	277 KB 277 KB	223ms 53ms	Image image/jpeg	2606:2800:233:1cb7:261b:1f9c:2074:3c EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/0_a5dbd4393ff6a725c7e62b61df7e72f0.jpg Requested by Host: outlook.verificacion.hstn.me URL: http://outlook.verificacion.hstn.me/?i=1 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (frc/4CA5) / Resource Hash `211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer http://outlook.verificacion.hstn.me/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-ms-blob-type BlockBlob date Fri, 05 Jul 2024 00:20:41 GMT content-md5 pdvUOT/2pyXH5ith335y8A== age 418856 x-cache HIT content-length 283351 x-ms-lease-status unlocked last-modified Fri, 02 Nov 2018 20:26:15 GMT server ECAcc (frc/4CA5) etag 0x8D64101702F5B97 content-type image/jpeg access-control-allow-origin * x-ms-request-id d606b4dd-a01e-007d-5da1-ca773d000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding cache-control public, max-age=604800 x-ms-version 2009-09-19 accept-ranges bytes
GET		404 aeonfree.com/error/ Redirect Chain http://outlook.verificacion.hstn.me/favicon.ico https://aeonfree.com/error/404/ https://aeonfree.com/error/404	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: blank
URL: about:blank

Domain: blank
URL: about:blank

Domain: blank
URL: about:blank

Domain: aeonfree.com
URL: https://aeonfree.com/error/404

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			outlook.verificacion.hstn.me/	1970-01-21 07:24:58	Name: __test Value: 51dc2b5c3f07384c65074a6e2eec57f4

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: http://outlook.verificacion.hstn.me/?i=1 Message: Access to script at 'about:blank' from origin 'http://outlook.verificacion.hstn.me' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, isolated-app, chrome-extension, chrome, https, chrome-untrusted.
network	error	URL: about:blank Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://outlook.verificacion.hstn.me/?i=1 Message: Access to script at 'about:blank' from origin 'http://outlook.verificacion.hstn.me' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, isolated-app, chrome-extension, chrome, https, chrome-untrusted.
network	error	URL: about:blank Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://outlook.verificacion.hstn.me/?i=1 Message: Access to script at 'about:blank' from origin 'http://outlook.verificacion.hstn.me' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, isolated-app, chrome-extension, chrome, https, chrome-untrusted.
network	error	URL: about:blank Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aadcdn.msftauth.net
aeonfree.com
blank
logincdn.msauth.net
outlook.verificacion.hstn.me
aeonfree.com
blank
185.27.134.117
2606:2800:233:1cb7:261b:1f9c:2074:3c
2620:1ec:bdf::45
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
12fbcb2ab13dbba118402462d0d6b3802ff6895fee0f3ce964a55afede0beaf1
211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb
5069425b121346b36f730910d05402d50920fc2178b01e0c878b71af4ef1eb96
66075e889e497a2663b35e19513375c159be1ceb7d2d21de638c8a6a5644da08
e78d9717dfd6ebe4c2467e85ffda0812ca3b3a17262029942d6e86d549269ac7
f89e908280791803bbf1f33b596ff4a2179b355a8e15ad02ebaa2b1da11127ea

outlook.verificacion.hstn.me Open in urlscan Pro 185.27.134.117 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

11 Requests

27 %HTTPS

67 %IPv6

5 Domains

5 Subdomains

4 IPs

3 Countries

420 kBTransfer

420 kBSize

1 Cookies

4 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

1 Cookies

6 Console Messages

Indicators

outlook.verificacion.hstn.me Open in urlscan Pro
185.27.134.117 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

27 %
HTTPS

67 %
IPv6

5
Domains

5
Subdomains

4
IPs

3
Countries

420 kB
Transfer

420 kB
Size

1
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!