162.33.177.227 Open in urlscan Pro
162.33.177.227  Malicious Activity! Public Scan

1 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response 162.33.177.227/	36 KB 36 KB	252ms 130ms	Document text/html	162.33.177.227 BLNWX
General Check archive.org Show headers Download Go to Full URL http://162.33.177.227/ Protocol HTTP/1.1 Server 162.33.177.227 Chicago, United States, ASN399629 (BLNWX, US), Reverse DNS Software Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33 / Resource Hash 4946c893d90d6b302e57d6f54a82b500a6d85900199bc1c50e2f078f02d54f47 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Accept-Ranges bytes Connection Keep-Alive Content-Length 36770 Content-Type text/html Date Sat, 17 Dec 2022 04:04:12 GMT ETag "8fa2-5efbbef3358a2" Keep-Alive timeout=5, max=100 Last-Modified Tue, 13 Dec 2022 21:02:14 GMT Server Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
GET H/1.1	200 OK	style.css 162.33.177.227/index_files/	8 KB 8 KB	239ms 123ms	Stylesheet text/css	162.33.177.227 BLNWX
General Check archive.org Show headers Download Go to Full URL http://162.33.177.227/index_files/style.css Requested by Host: 162.33.177.227 URL: http://162.33.177.227/ Protocol HTTP/1.1 Server 162.33.177.227 Chicago, United States, ASN399629 (BLNWX, US), Reverse DNS Software Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33 / Resource Hash 47c8b22935bc876849dbb14cbe8e2e5166bed47df9e72dfd5a4050e80efc46e8 Request headers accept-language de-DE,de;q=0.9 Referer http://162.33.177.227/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Sat, 17 Dec 2022 04:04:12 GMT Last-Modified Tue, 13 Dec 2022 10:13:18 GMT Server Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33 ETag "1e95-5efb2de660b80" Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 7829
GET H/1.1	200 OK	ai.0.js.download Show response 162.33.177.227/index_files/	94 KB 95 KB	242ms 123ms	Script application/javascript	162.33.177.227 BLNWX
General Check archive.org Show headers Download Go to Full URL http://162.33.177.227/index_files/ai.0.js.download Requested by Host: 162.33.177.227 URL: http://162.33.177.227/ Protocol HTTP/1.1 Server 162.33.177.227 Chicago, United States, ASN399629 (BLNWX, US), Reverse DNS Software Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33 / Resource Hash 5201c813c37a4168cc5c20c701d4391fd0a55625f97eb9f263a74fb52b52fd0e Request headers accept-language de-DE,de;q=0.9 Referer http://162.33.177.227/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Sat, 17 Dec 2022 04:04:12 GMT Last-Modified Tue, 13 Dec 2022 10:13:20 GMT Server Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33 ETag "179c1-5efb2de849000" Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 96705
GET H/1.1	200 OK	logo.png 162.33.177.227/index_files/	8 KB 8 KB	122ms 121ms	Image image/png	162.33.177.227 BLNWX
General Check archive.org Show headers Download Go to Show image Full URL http://162.33.177.227/index_files/logo.png Requested by Host: 162.33.177.227 URL: http://162.33.177.227/ Protocol HTTP/1.1 Server 162.33.177.227 Chicago, United States, ASN399629 (BLNWX, US), Reverse DNS Software Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33 / Resource Hash 69542c15e2244136a155dee3d010770418fa2059c88ea83b468b81ee0aacb9f9 Request headers accept-language de-DE,de;q=0.9 Referer http://162.33.177.227/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Sat, 17 Dec 2022 04:04:12 GMT Last-Modified Tue, 13 Dec 2022 10:13:20 GMT Server Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33 ETag "1e0a-5efb2de849000" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 7690
GET H/1.1	200 OK	illustration.jpg 162.33.177.227/index_files/	98 KB 99 KB	122ms 122ms	Image image/jpeg	162.33.177.227 BLNWX
General Check archive.org Show headers Download Go to Show image Full URL http://162.33.177.227/index_files/illustration.jpg Requested by Host: 162.33.177.227 URL: http://162.33.177.227/ Protocol HTTP/1.1 Server 162.33.177.227 Chicago, United States, ASN399629 (BLNWX, US), Reverse DNS Software Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33 / Resource Hash f5d3401b475e1b766dff6bbd079353451823f1fc4e3268d6d75f2b5a6efa0ca1 Request headers accept-language de-DE,de;q=0.9 Referer http://162.33.177.227/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Sat, 17 Dec 2022 04:04:12 GMT Last-Modified Tue, 13 Dec 2022 10:14:42 GMT Server Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33 ETag "189a3-5efb2e367c880" Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 100771
GET H/1.1	200 OK	ai.0.js Show response az416426.vo.msecnd.net/scripts/a/	94 KB 23 KB	55ms 21ms	Script application/x-javascript	2606:2800:133:206e:1315:22a5:2006:24fd EDGECAST
General Check archive.org Show headers Download Go to Full URL http://az416426.vo.msecnd.net/scripts/a/ai.0.js Requested by Host: 162.33.177.227 URL: http://162.33.177.227/ Protocol HTTP/1.1 Server 2606:2800:133:206e:1315:22a5:2006:24fd , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (frc/4CD6) / Resource Hash 5201c813c37a4168cc5c20c701d4391fd0a55625f97eb9f263a74fb52b52fd0e Request headers accept-language de-DE,de;q=0.9 Referer http://162.33.177.227/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers x-ms-blob-type BlockBlob Date Sat, 17 Dec 2022 04:04:13 GMT Content-Encoding gzip x-ms-meta-lastmodified 2020-10-01 19:31:04 Content-MD5 HdY95yzx9wIyQkVEGES+Ew== Age 914 X-Cache HIT Content-Length 22495 x-ms-lease-status unlocked Last-Modified Thu, 11 Mar 2021 07:46:59 GMT Server ECAcc (frc/4CD6) Etag 0x8D8E461DA1A5889 Vary Accept-Encoding Content-Type application/x-javascript Access-Control-Allow-Origin * x-ms-request-id bacc0991-c01e-0012-5fca-117ead000000 Access-Control-Expose-Headers x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding Cache-Control public, max-age=1800 x-ms-version 2009-09-19 Expires Sat, 17 Dec 2022 04:34:13 GMT
POST H2	200	track Show response dc.services.visualstudio.com/v2/	96 B 162 B	158ms 157ms	XHR application/json	13.69.106.211 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://dc.services.visualstudio.com/v2/track Requested by Host: az416426.vo.msecnd.net URL: http://az416426.vo.msecnd.net/scripts/a/ai.0.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 13.69.106.211 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 8eac8ee70ed351db62d39cc87f0a6d3f4fe53e64d2437348284a3e3ed339426c Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers Referer http://162.33.177.227/ accept-language de-DE,de;q=0.9 Sdk-Context appId User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Content-type application/json Response headers x-ms-session-id E71A1AC1-E101-4170-BF1A-3C18D9242507 strict-transport-security max-age=31536000 date Sat, 17 Dec 2022 04:04:13 GMT x-content-type-options nosniff access-control-max-age 3600 content-type application/json; charset=utf-8 access-control-allow-origin * access-control-allow-headers Origin, X-Requested-With, Content-Name, Content-Type, Accept, Cache-Control, Sdk-Context content-length 96
OPTIONS H2	200	track dc.services.visualstudio.com/v2/	0 0	414ms 32ms	Preflight	13.69.106.211 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://dc.services.visualstudio.com/v2/track Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 13.69.106.211 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept */* Access-Control-Request-Headers content-type,sdk-context Access-Control-Request-Method POST Origin http://162.33.177.227 Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers access-control-allow-headers Origin, X-Requested-With, Content-Name, Content-Type, Accept, Sdk-Context access-control-allow-methods POST access-control-allow-origin * access-control-max-age 3600 content-length 0 date Sat, 17 Dec 2022 04:04:13 GMT x-content-type-options nosniff
POST H2	200	track Show response dc.services.visualstudio.com/v2/	96 B 280 B	144ms 143ms	XHR application/json	13.69.106.211 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://dc.services.visualstudio.com/v2/track Requested by Host: az416426.vo.msecnd.net URL: http://az416426.vo.msecnd.net/scripts/a/ai.0.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 13.69.106.211 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 319cafed703eabf3781f9ebd9f6ac9323b7ad46711b9310587f7b2490e75c99b Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers Referer http://162.33.177.227/ accept-language de-DE,de;q=0.9 Sdk-Context appId User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Content-type application/json Response headers x-ms-session-id 445214E2-4181-43AA-937F-616224FD12B0 strict-transport-security max-age=31536000 date Sat, 17 Dec 2022 04:04:13 GMT x-content-type-options nosniff access-control-max-age 3600 content-type application/json; charset=utf-8 access-control-allow-origin * access-control-allow-headers Origin, X-Requested-With, Content-Name, Content-Type, Accept, Cache-Control, Sdk-Context content-length 96
OPTIONS H2	200	track dc.services.visualstudio.com/v2/	0 0	413ms 32ms	Preflight	13.69.106.211 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://dc.services.visualstudio.com/v2/track Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 13.69.106.211 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept */* Access-Control-Request-Headers content-type,sdk-context Access-Control-Request-Method POST Origin http://162.33.177.227 Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers access-control-allow-headers Origin, X-Requested-With, Content-Name, Content-Type, Accept, Sdk-Context access-control-allow-methods POST access-control-allow-origin * access-control-max-age 3600 content-length 0 date Sat, 17 Dec 2022 04:04:13 GMT x-content-type-options nosniff

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Comcast (Entertainment)

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange function| LoginErrors number| maxPasswordLength function| InputUtil object| AI object| Microsoft function| __extends function| _endsWith function| SelectOption function| Login undefined| emails undefined| msViewportStyle undefined| viewport function| getStyle function| computeLoadIllustration object| loginMessage object| userNameInput object| TelemetryManager object| pageTelemetryManager object| appInsights

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			162.33.177.227/	1970-01-20 16:59:45	Name: ai_user Value: 2SM5K|2022-12-17T04:04:13.049Z
			162.33.177.227/	1970-01-20 08:14:11	Name: ai_session Value: yH9d1|1671249853051.7|1671249853051.7

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	URL: http://162.33.177.227/(Line 4) Message: Error parsing a meta element's content: ';' is not a valid key-value pair separator. Please use ',' instead.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

az416426.vo.msecnd.net
dc.services.visualstudio.com
13.69.106.211
162.33.177.227
2606:2800:133:206e:1315:22a5:2006:24fd
319cafed703eabf3781f9ebd9f6ac9323b7ad46711b9310587f7b2490e75c99b
47c8b22935bc876849dbb14cbe8e2e5166bed47df9e72dfd5a4050e80efc46e8
4946c893d90d6b302e57d6f54a82b500a6d85900199bc1c50e2f078f02d54f47
5201c813c37a4168cc5c20c701d4391fd0a55625f97eb9f263a74fb52b52fd0e
69542c15e2244136a155dee3d010770418fa2059c88ea83b468b81ee0aacb9f9
8eac8ee70ed351db62d39cc87f0a6d3f4fe53e64d2437348284a3e3ed339426c
f5d3401b475e1b766dff6bbd079353451823f1fc4e3268d6d75f2b5a6efa0ca1