![](/screenshots/c540dd83-5ac5-46d5-b460-2484d88ba2f0.png)
141.118.125.34.bc.googleusercontent.com
Open in
urlscan Pro
34.125.118.141
Malicious Activity!
Public Scan
Submission: On October 10 via manual from DE — Scanned from DE
Summary
This is the only time 141.118.125.34.bc.googleusercontent.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
11 | 34.125.118.141 34.125.118.141 | 15169 (GOOGLE) (GOOGLE) | |
1 | 34.251.77.56 34.251.77.56 | 16509 (AMAZON-02) (AMAZON-02) | |
17 | 3 |
ASN15169 (GOOGLE, US)
PTR: 141.118.125.34.bc.googleusercontent.com
141.118.125.34.bc.googleusercontent.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-34-251-77-56.eu-west-1.compute.amazonaws.com
windowslive.tt.omtrdc.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
googleusercontent.com
141.118.125.34.bc.googleusercontent.com |
77 KB |
1 |
omtrdc.net
windowslive.tt.omtrdc.net |
400 B |
0 |
microsoft.com
Failed
s.imp.microsoft.com Failed |
|
0 |
live.com
Failed
secure.shared.live.com Failed sc.imp.live.com Failed |
|
17 | 4 |
Domain | Requested by | |
---|---|---|
11 | 141.118.125.34.bc.googleusercontent.com |
141.118.125.34.bc.googleusercontent.com
|
1 | windowslive.tt.omtrdc.net |
141.118.125.34.bc.googleusercontent.com
|
0 | s.imp.microsoft.com Failed |
141.118.125.34.bc.googleusercontent.com
|
0 | sc.imp.live.com Failed |
141.118.125.34.bc.googleusercontent.com
|
0 | secure.shared.live.com Failed |
141.118.125.34.bc.googleusercontent.com
|
17 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
go.microsoft.com |
account.live.com |
signup.live.com |
login.live.com |
Subject Issuer | Validity | Valid |
---|
This page contains 3 frames:
Primary Page:
http://141.118.125.34.bc.googleusercontent.com/outlook/
Frame ID: 2DA2D4131205A6FF11FD85970E87EFCB
Requests: 3 HTTP requests in this frame
Frame:
http://141.118.125.34.bc.googleusercontent.com/outlook/index_arquivos/PT-BR.htm
Frame ID: 7BACACD733A4FDDE2C914D2644D20C6B
Requests: 11 HTTP requests in this frame
Frame:
http://141.118.125.34.bc.googleusercontent.com/outlook/index_arquivos/PT-BR_002.htm
Frame ID: 27574E311DDD78EE80883C44996C2B86
Requests: 3 HTTP requests in this frame
7 Outgoing links
These are links going to different origins than the main page.
Title: O que é isto?
Search URL Search Domain Scan URL
Title: Não consegue acessar sua conta?
Search URL Search Domain Scan URL
Title: Inscreva-se já
Search URL Search Domain Scan URL
Title: Termos
Search URL Search Domain Scan URL
Title: Privacidade e cookies
Search URL Search Domain Scan URL
Title: Central de Ajuda
Search URL Search Domain Scan URL
Title: Comentários
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
141.118.125.34.bc.googleusercontent.com/outlook/ |
8 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
R3WinLive1046.css
141.118.125.34.bc.googleusercontent.com/outlook/index_arquivos/ |
31 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
PT-BR.htm
141.118.125.34.bc.googleusercontent.com/outlook/index_arquivos/ Frame 7BAC |
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
PT-BR_002.htm
141.118.125.34.bc.googleusercontent.com/outlook/index_arquivos/ Frame 2757 |
494 B 683 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
controls.png
secure.shared.live.com/~Live.SiteContent.ID/~17.0.11/~/~/~/~/images/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
header.css
141.118.125.34.bc.googleusercontent.com/outlook/index_arquivos/PT-BR_data_002/ Frame 2757 |
195 B 492 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_mail.png
141.118.125.34.bc.googleusercontent.com/outlook/index_arquivos/PT-BR_data_002/ Frame 2757 |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
141.118.125.34.bc.googleusercontent.com/outlook/index_arquivos/PT-BR_data/ Frame 7BAC |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mbox.js
141.118.125.34.bc.googleusercontent.com/outlook/index_arquivos/PT-BR_data/ Frame 7BAC |
25 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ol_sisu_ie10q3_upgrade_win7ie9-8_latam_pt-br.jpg
141.118.125.34.bc.googleusercontent.com/outlook/index_arquivos/PT-BR_data/ Frame 7BAC |
48 KB 48 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style_win8.css
141.118.125.34.bc.googleusercontent.com/outlook/index_arquivos/PT-BR_data/ Frame 7BAC |
2 KB 746 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
standard
141.118.125.34.bc.googleusercontent.com/outlook/index_arquivos/PT-BR_data/ Frame 7BAC |
2 KB 2 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
standard
windowslive.tt.omtrdc.net/m2/windowslive/mbox/ Frame 7BAC |
141 B 400 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
style.css
sc.imp.live.com/content/dam/imp/surfaces/mail_signin/v3/css/ Frame 7BAC |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
ol_sisu_ie10q3_upgrade_win7ie9-8_latam_pt-br.jpg
sc.imp.live.com/content/dam/imp/surfaces/mail_signin/v3/images/ Frame 7BAC |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
style_win8.css
sc.imp.live.com/content/dam/imp/surfaces/mail_signin/v3/css/ Frame 7BAC |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
zag.gif
s.imp.microsoft.com/ Frame 7BAC |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- secure.shared.live.com
- URL
- https://secure.shared.live.com/~Live.SiteContent.ID/~17.0.11/~/~/~/~/images/controls.png
- Domain
- sc.imp.live.com
- URL
- https://sc.imp.live.com/content/dam/imp/surfaces/mail_signin/v3/css/style.css
- Domain
- sc.imp.live.com
- URL
- https://sc.imp.live.com/content/dam/imp/surfaces/mail_signin/v3/images/ol_sisu_ie10q3_upgrade_win7ie9-8_latam_pt-br.jpg
- Domain
- sc.imp.live.com
- URL
- https://sc.imp.live.com/content/dam/imp/surfaces/mail_signin/v3/css/style_win8.css
- Domain
- s.imp.microsoft.com
- URL
- https://s.imp.microsoft.com/zag.gif?Log=1&tntcalltype=1&tntPCID=1365385973882-465856.20_14&tntANID=8288A4F0B72ECC3EAA386708FFFFFFFF&tntSessionID=1365385973882-465856&tntCampaignID=60278&tntCampaignName=IE_Win7_NoIE%3Fc000014159%7Cet04%7C1CCA987F&tntOfferID=47299&tntOfferName=pt_br%20OL%20SISU%20IE10Q3%20Upgrade%20Win7NoIE?o00000022803|7C2A6F8A&tntMbox=PROD-outlook_signin&tntRecipeID=1&tntRecipeName=EE02%3Fee02%7C896C6721&tntPage=http%3A//141.118.125.34.bc.googleusercontent.com/outlook/index_arquivos/PT-BR.htm&tntMrkt=pt-br&tntFirstSession=true&tntTrafficType=0&tntPageID=1633907163291-328272&tntTime=1633907163440&tntTitle=Sign%20In&tntGeoCountry=brazil&tntGeoState=sao%20paulo&tntGeoDMA=not%20metroized&tntGeoCity=&tntGeoZip=&tntReferrer=http%3A//141.118.125.34.bc.googleusercontent.com/outlook/
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic (Online)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| onbeforexrselect boolean| originAgentCluster object| PROOF1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.141.118.125.34.bc.googleusercontent.com/ | Name: mbox Value: check#true#1633907224|session#1633907163291-328272#1633909024|PC#1365385973882-465856.20_14#1635116764 |
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
141.118.125.34.bc.googleusercontent.com
s.imp.microsoft.com
sc.imp.live.com
secure.shared.live.com
windowslive.tt.omtrdc.net
s.imp.microsoft.com
sc.imp.live.com
secure.shared.live.com
34.125.118.141
34.251.77.56
0a5318c07463a5ca8220492266cb43a459fd33514fbd77f3bc81bc86ca981563
0db4e6c6432d3514b8db09abfdd9a245b1b63b24f7297ea337407a229cb84b27
1201c9e70331fab3bfeaae83d453b392f35eeccc008f0674c30b74492e9b1fa0
6302b418596cd60bd011a9c727f6d081216a26f5289cafc25f0249684a2db438
6b1af85883b2ab64690488468bf9fb0699b82e0b8c3239129847e726bcd79c1b
6ff5acbf89de6b03a6f54f3f29dc2771cf1ce511bc4e3063917dda08c6bfbc27
81392391b2a9eecedcbec6ead8eb5d8e600cae122d06d383266dade38f8e4f0e
a891e16b49592800a9243816e365d0f941c93a4db7471b391154dbf9b4117477
b472c6780aad385f69ae26c023eccc28e104ddd52a52464b2f06c292108c1f8c
c8b81b9ae777399a884937aaf69738f4dcc042a0260fcb7c9dd898d05ad2c4d1
caf380f27bcda4b7d549bf77b61fc62399998f8d13d534cc9c1446c14743cd6e
f7eac1664e88643606b83864597f245cbf0eac5964dd88a66d186d0c7ed02edc