outl00k-login36048150-com.filesusr.com

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 5 HTTP transactions. The main IP is 34.102.176.152, located in United States and belongs to GOOGLE, US. The main domain is outl00k-login36048150-com.filesusr.com.

This is the only time outl00k-login36048150-com.filesusr.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1	34.102.176.152 34.102.176.152	15169 (GOOGLE) (GOOGLE)
2	2606:4700:303... 2606:4700:3033::681f:43b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	192.229.221.185 192.229.221.185	15133 (EDGECAST) (EDGECAST)
5	3

1 34.102.176.152 (United States)

ASN15169 (GOOGLE, US)
PTR: 152.176.102.34.bc.googleusercontent.com

outl00k-login36048150-com.filesusr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3033::681f:43b0 (United States)

ASN13335 (CLOUDFLARENET, US)

bliser.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.229.221.185 (United States)

ASN15133 (EDGECAST, US)

logincdn.msauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	msauth.net logincdn.msauth.net	2 KB
2	bliser.com bliser.com	19 KB
1	filesusr.com outl00k-login36048150-com.filesusr.com	41 KB
5	3

	Domain	Requested by
2	logincdn.msauth.net	outl00k-login36048150-com.filesusr.com bliser.com
2	bliser.com	outl00k-login36048150-com.filesusr.com
1	outl00k-login36048150-com.filesusr.com
5	3

This site contains links to these domains. Also see Links.

Domain
signup.live.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-31` - `2021-08-31`	a year	crt.sh
identitycdn.msauth.net DigiCert SHA2 Secure Server CA	`2020-07-20` - `2021-07-20`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://outl00k-login36048150-com.filesusr.com/html/ee6c69_5f7f51481294ea1fdc66034f0c6ad29f.html?NjY2MTAzNw==facebook/d=sn&*bW9uaWVyQGdtYWlsLmNvbQ==*aHR0cHM6Ly9ocmVmLmxpLz9odHRwczovL3d3dy5ob3RtYWlsLmNvbQ==**MzYwNDgxNTA=*SG90bWFpbCBFc3Bhw7FvbA==*
Frame ID: 6C4C439D050746CF18A4A21814695A5B
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Lua (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /openresty(?:\/([\d.]+))?/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /openresty(?:\/([\d.]+))?/i

OpenResty (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /openresty(?:\/([\d.]+))?/i

Google Cloud (CDN) Expand

Overall confidence: 100%
Detected patterns

headers via /^1\.1 google$/i

Page Statistics

5
Requests

80 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

62 kB
Transfer

179 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1600048180&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3da965b31e-5473-1fbd-290d-9caa6149cdaa&id=292841&aadredir=1&whr=hotmail.com&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=4AEDAA6F398F9599&bk=1600048180&uiflavor=web&lic=1&mkt=ES-MX&lc=2058&uaid=4814440d56944824a7a62e7f14dfcd70
Title: Cree una.

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request ee6c69_5f7f51481294ea1fdc66034f0c6ad29f.html Show response outl00k-login36048150-com.filesusr.com/html/	40 KB 41 KB	188ms 164ms	Document text/html	34.102.176.152 GOOGLE
General Check archive.org Show headers Download Go to Full URL http://outl00k-login36048150-com.filesusr.com/html/ee6c69_5f7f51481294ea1fdc66034f0c6ad29f.html?NjY2MTAzNw==facebook/d=sn&bW9uaWVyQGdtYWlsLmNvbQ==aHR0cHM6Ly9ocmVmLmxpLz9odHRwczovL3d3dy5ob3RtYWlsLmNvbQ==*MzYwNDgxNTA=SG90bWFpbCBFc3Bhw7FvbA==* Protocol HTTP/1.1 Server 34.102.176.152 , United States, ASN15169 (GOOGLE, US), Reverse DNS 152.176.102.34.bc.googleusercontent.com Software openresty/1.17.8.2 / Resource Hash `c6437b090bc71e7579de48772d4e58f0e29a50c7c11f3fc29a115a6ce072711e` Request headers Host outl00k-login36048150-com.filesusr.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Server openresty/1.17.8.2 Date Thu, 29 Oct 2020 01:28:12 GMT Content-Type text/html; charset=utf-8 Content-Length 40809 X-GUploader-UploadID ABg5-UzqV-QuAyLYspqnZw5VjX2ERozV7CpCXkkVwb7P7hpOtpjth2XOUPiJNLwpG6ok_JuMM7EXx_B0EOFNhIK9MyQ Expires Thu, 29 Oct 2020 02:17:22 GMT Last-Modified Tue, 15 Sep 2020 18:25:21 GMT ETag "5f7f51481294ea1fdc66034f0c6ad29f" x-goog-generation 1600194321136803 x-goog-metageneration 1 x-goog-stored-content-encoding identity x-goog-stored-content-length 40809 x-goog-hash crc32c=RwAMZQ== md5=X39RSBKU6h/cZgNPDGrSnw== x-goog-storage-class STANDARD Accept-Ranges bytes Cache-Control public, max-age=15552000, immutable Age 650 Access-Control-Allow-Origin * Timing-Allow-Origin * X-Seen-By gcp.us-central-1.media-router-779d4599d7-l6vq9 Via 1.1 google
GET H2	200	Outlook_Converged_v2.css bliser.com/dom/styles/	132 KB 17 KB	73ms 49ms	Stylesheet text/css	2606:4700:3033::681f:43b0 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://bliser.com/dom/styles/Outlook_Converged_v2.css Requested by Host: outl00k-login36048150-com.filesusr.com URL: http://outl00k-login36048150-com.filesusr.com/html/ee6c69_5f7f51481294ea1fdc66034f0c6ad29f.html?NjY2MTAzNw==facebook/d=sn&bW9uaWVyQGdtYWlsLmNvbQ==aHR0cHM6Ly9ocmVmLmxpLz9odHRwczovL3d3dy5ob3RtYWlsLmNvbQ==*MzYwNDgxNTA=SG90bWFpbCBFc3Bhw7FvbA==* Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::681f:43b0 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `70e9b1a4410d752c57a6206e9fccdf748a65891f14c24f8831640b849d57103a` Request headers Referer http://outl00k-login36048150-com.filesusr.com/html/ee6c69_5f7f51481294ea1fdc66034f0c6ad29f.html?NjY2MTAzNw==facebook/d=sn&bW9uaWVyQGdtYWlsLmNvbQ==aHR0cHM6Ly9ocmVmLmxpLz9odHRwczovL3d3dy5ob3RtYWlsLmNvbQ==*MzYwNDgxNTA=SG90bWFpbCBFc3Bhw7FvbA==* User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 29 Oct 2020 01:28:12 GMT content-encoding br cf-cache-status MISS last-modified Mon, 14 Sep 2020 18:43:23 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary X-Forwarded-Proto,Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=HLQVwbwA0z2XqXv0doaFMIYdTVsJFi63yyhvXqP2eqpfaEb2EWsBlOXhbYam%2F5KxRfzN23SW0UDbqgwMfUZ0xw%2F7u5e6%2BrROhz0q%2FfOSGzotMsesAZ3B"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=utf-8 status 200 cache-control public, max-age=31536000 nel {"report_to":"cf-nel","max_age":604800} cf-ray 5e991e558a2d05bb-FRA cf-request-id 0613914979000005bb68a31000000001 expires Fri, 29 Oct 2021 01:28:12 GMT
GET H2	200	msf.svg bliser.com/dom/styles/	4 KB 2 KB	53ms 31ms	Image image/svg+xml	2606:4700:3033::681f:43b0 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://bliser.com/dom/styles/msf.svg Requested by Host: outl00k-login36048150-com.filesusr.com URL: http://outl00k-login36048150-com.filesusr.com/html/ee6c69_5f7f51481294ea1fdc66034f0c6ad29f.html?NjY2MTAzNw==facebook/d=sn&bW9uaWVyQGdtYWlsLmNvbQ==aHR0cHM6Ly9ocmVmLmxpLz9odHRwczovL3d3dy5ob3RtYWlsLmNvbQ==*MzYwNDgxNTA=SG90bWFpbCBFc3Bhw7FvbA==* Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::681f:43b0 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `bff317df51b12531b9045af90ef418830ea7a76b23c62702b5d4ac80eda889a3` Request headers Referer http://outl00k-login36048150-com.filesusr.com/html/ee6c69_5f7f51481294ea1fdc66034f0c6ad29f.html?NjY2MTAzNw==facebook/d=sn&bW9uaWVyQGdtYWlsLmNvbQ==aHR0cHM6Ly9ocmVmLmxpLz9odHRwczovL3d3dy5ob3RtYWlsLmNvbQ==*MzYwNDgxNTA=SG90bWFpbCBFc3Bhw7FvbA==* User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 29 Oct 2020 01:28:12 GMT content-encoding br cf-cache-status MISS last-modified Mon, 14 Sep 2020 01:00:37 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary X-Forwarded-Proto,Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2BeJMyyN05UKbMml3ah67cJ0t9hk3tEDFy3a2WTBVXhYS%2FUS15O%2BDG9jyAKptrBelXpNs5Td6llOoyotDQGCkYlC07KXjHIxovLA1tiFQKBy4a2jzVvAq"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml status 200 cache-control public, max-age=2592000 nel {"report_to":"cf-nel","max_age":604800} cf-ray 5e991e558a2e05bb-FRA cf-request-id 0613914978000005bba112a000000001 expires Sat, 28 Nov 2020 01:28:12 GMT
GET H2	200	documentation_bcb4d1dc4eae64f0b2b2538209d8435a.svg logincdn.msauth.net/shared/1.0/content/images/	2 KB 1 KB	113ms 30ms	Image image/svg+xml	192.229.221.185 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://logincdn.msauth.net/shared/1.0/content/images/documentation_bcb4d1dc4eae64f0b2b2538209d8435a.svg Requested by Host: outl00k-login36048150-com.filesusr.com URL: http://outl00k-login36048150-com.filesusr.com/html/ee6c69_5f7f51481294ea1fdc66034f0c6ad29f.html?NjY2MTAzNw==facebook/d=sn&bW9uaWVyQGdtYWlsLmNvbQ==aHR0cHM6Ly9ocmVmLmxpLz9odHRwczovL3d3dy5ob3RtYWlsLmNvbQ==*MzYwNDgxNTA=SG90bWFpbCBFc3Bhw7FvbA==* Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.229.221.185 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (ska/F738) / Resource Hash `a76c08e9cdc3bb87bfb57627ad8f6b46f0e5ef826cc7f046dfbaf25d7b7958ea` Request headers Referer http://outl00k-login36048150-com.filesusr.com/html/ee6c69_5f7f51481294ea1fdc66034f0c6ad29f.html?NjY2MTAzNw==facebook/d=sn&bW9uaWVyQGdtYWlsLmNvbQ==aHR0cHM6Ly9ocmVmLmxpLz9odHRwczovL3d3dy5ob3RtYWlsLmNvbQ==*MzYwNDgxNTA=SG90bWFpbCBFc3Bhw7FvbA==* User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Thu, 29 Oct 2020 01:28:12 GMT content-encoding gzip content-md5 6dTbAT1RVL9d6geobv3IJg== age 12138450 x-cache HIT status 200 content-length 606 x-ms-lease-status unlocked last-modified Wed, 22 Jan 2020 00:32:48 GMT server ECAcc (ska/F738) etag 0x8D79ED29BA5E089 vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * x-ms-request-id e135878f-101e-0042-612c-3f2f4a000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 accept-ranges bytes
GET H2	200	2_bc3d32a696895f78c19df6c717586a5d.svg logincdn.msauth.net/shared/1.0/content/images/backgrounds/	2 KB 824 B	35ms 30ms	Image image/svg+xml	192.229.221.185 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://logincdn.msauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg Requested by Host: bliser.com URL: https://bliser.com/dom/styles/Outlook_Converged_v2.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.229.221.185 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (ska/F795) / Resource Hash `0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68` Request headers Referer https://bliser.com/dom/styles/Outlook_Converged_v2.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Thu, 29 Oct 2020 01:28:12 GMT content-encoding gzip content-md5 DhdidjYrlCeaRJJRG/y9mA== age 12231026 x-cache HIT status 200 content-length 673 x-ms-lease-status unlocked last-modified Wed, 12 Feb 2020 22:01:42 GMT server ECAcc (ska/F795) etag 0x8D7B00724D9E930 vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * x-ms-request-id ee13a35c-101e-0001-6255-3e2088000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 accept-ranges bytes

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

28 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bliser.com
logincdn.msauth.net
outl00k-login36048150-com.filesusr.com
192.229.221.185
2606:4700:3033::681f:43b0
34.102.176.152
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
70e9b1a4410d752c57a6206e9fccdf748a65891f14c24f8831640b849d57103a
a76c08e9cdc3bb87bfb57627ad8f6b46f0e5ef826cc7f046dfbaf25d7b7958ea
bff317df51b12531b9045af90ef418830ea7a76b23c62702b5d4ac80eda889a3
c6437b090bc71e7579de48772d4e58f0e29a50c7c11f3fc29a115a6ce072711e

outl00k-login36048150-com.filesusr.com Open in urlscan Pro 34.102.176.152 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

5 Requests

80 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

3 IPs

1 Countries

62 kBTransfer

179 kBSize

0 Cookies

1 Outgoing links

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

28 JavaScript Global Variables

0 Cookies

Indicators

outl00k-login36048150-com.filesusr.com Open in urlscan Pro
34.102.176.152 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

80 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

62 kB
Transfer

179 kB
Size

0
Cookies

5 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!