outl00k-login36048150-com.filesusr.com
Open in
urlscan Pro
34.102.176.152
Malicious Activity!
Public Scan
Submission: On October 29 via automatic, source openphish
Summary
This is the only time outl00k-login36048150-com.filesusr.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 34.102.176.152 34.102.176.152 | 15169 (GOOGLE) (GOOGLE) | |
2 | 2606:4700:303... 2606:4700:3033::681f:43b0 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 192.229.221.185 192.229.221.185 | 15133 (EDGECAST) (EDGECAST) | |
5 | 3 |
ASN15169 (GOOGLE, US)
PTR: 152.176.102.34.bc.googleusercontent.com
outl00k-login36048150-com.filesusr.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
msauth.net
logincdn.msauth.net |
2 KB |
2 |
bliser.com
bliser.com |
19 KB |
1 |
filesusr.com
outl00k-login36048150-com.filesusr.com |
41 KB |
5 | 3 |
Domain | Requested by | |
---|---|---|
2 | logincdn.msauth.net |
outl00k-login36048150-com.filesusr.com
bliser.com |
2 | bliser.com |
outl00k-login36048150-com.filesusr.com
|
1 | outl00k-login36048150-com.filesusr.com | |
5 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
signup.live.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-08-31 - 2021-08-31 |
a year | crt.sh |
identitycdn.msauth.net DigiCert SHA2 Secure Server CA |
2020-07-20 - 2021-07-20 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://outl00k-login36048150-com.filesusr.com/html/ee6c69_5f7f51481294ea1fdc66034f0c6ad29f.html?NjY2MTAzNw==facebook/d=sn&*bW9uaWVyQGdtYWlsLmNvbQ==*aHR0cHM6Ly9ocmVmLmxpLz9odHRwczovL3d3dy5ob3RtYWlsLmNvbQ==**MzYwNDgxNTA=*SG90bWFpbCBFc3Bhw7FvbA==*
Frame ID: 6C4C439D050746CF18A4A21814695A5B
Requests: 5 HTTP requests in this frame
Screenshot
Detected technologies
Lua (Programming Languages) ExpandDetected patterns
- headers server /openresty(?:\/([\d.]+))?/i
Nginx (Web Servers) Expand
Detected patterns
- headers server /openresty(?:\/([\d.]+))?/i
OpenResty (Web Servers) Expand
Detected patterns
- headers server /openresty(?:\/([\d.]+))?/i
Google Cloud (CDN) Expand
Detected patterns
- headers via /^1\.1 google$/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Cree una.
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
5 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
ee6c69_5f7f51481294ea1fdc66034f0c6ad29f.html
outl00k-login36048150-com.filesusr.com/html/ |
40 KB 41 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Outlook_Converged_v2.css
bliser.com/dom/styles/ |
132 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
msf.svg
bliser.com/dom/styles/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
documentation_bcb4d1dc4eae64f0b2b2538209d8435a.svg
logincdn.msauth.net/shared/1.0/content/images/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2_bc3d32a696895f78c19df6c717586a5d.svg
logincdn.msauth.net/shared/1.0/content/images/backgrounds/ |
2 KB 824 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)28 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| trustedTypes string| tmpURL object| llegaron object| uno object| dos string| tres object| cuatro object| cinco object| myString object| myArray object| separame object| separado string| llavesecreta undefined| urlfinal string| email undefined| idioma undefined| emaildev string| filterpost string| dispositivo string| lafecha string| detector string| lared string| regreso string| urlfin string| idfb object| lang string| enblanco string| ip0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bliser.com
logincdn.msauth.net
outl00k-login36048150-com.filesusr.com
192.229.221.185
2606:4700:3033::681f:43b0
34.102.176.152
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
70e9b1a4410d752c57a6206e9fccdf748a65891f14c24f8831640b849d57103a
a76c08e9cdc3bb87bfb57627ad8f6b46f0e5ef826cc7f046dfbaf25d7b7958ea
bff317df51b12531b9045af90ef418830ea7a76b23c62702b5d4ac80eda889a3
c6437b090bc71e7579de48772d4e58f0e29a50c7c11f3fc29a115a6ce072711e