hotmail.accountsignin.info Open in urlscan Pro
2606:4700:30::681c:e1b Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://hotmail.accountsignin.info/
Submission Tags: phishingcatcher certstream Search All
Submission: On July 22 via api (July 22nd 2019, 5:07:58 am UTC) from CH

Summary HTTP 22 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 22 HTTP transactions. The main IP is 2606:4700:30::681c:e1b, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is hotmail.accountsignin.info.

This is the only time hotmail.accountsignin.info was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
13	2606:4700:30:... 2606:4700:30::681c:e1b	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	2a02:26f0:6c0... 2a02:26f0:6c00:29f::34ef	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
7	2a02:26f0:6c0... 2a02:26f0:6c00:28a::753	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
22	3

13 2606:4700:30::681c:e1b (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

hotmail.accountsignin.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:6c00:29f::34ef (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

auth.gfx.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:26f0:6c00:28a::753 (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

r4.res.office365.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	accountsignin.info hotmail.accountsignin.info	734 KB
7	office365.com r4.res.office365.com	706 KB
2	gfx.ms auth.gfx.ms	416 B
22	3

	Domain	Requested by
13	hotmail.accountsignin.info	hotmail.accountsignin.info
7	r4.res.office365.com	hotmail.accountsignin.info
2	auth.gfx.ms	hotmail.accountsignin.info
22	3

This site contains links to these domains. Also see Links.

Domain
signup.live.com
account.live.com
login.live.com

Subject Issuer	Validity	Valid
	`1970-01-01` - `1970-01-01`	a few seconds	crt.sh
msagfx.live.com Microsoft IT TLS CA 2	`2019-06-13` - `2021-06-13`	2 years	crt.sh
*.res.outlook.com Microsoft IT TLS CA 5	`2017-11-27` - `2019-11-27`	2 years	crt.sh

This page contains 2 frames:

Primary Page: http://hotmail.accountsignin.info/
Frame ID: 2F92A6B44A103452F8EB3FDAEC08CB97
Requests: 7 HTTP requests in this frame

Frame: http://hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/prefetch.html
Frame ID: 6BCC2C82A39054835DFB8C1251524CE6
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

22
Requests

41 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

1441 kB
Transfer

5814 kB
Size

2
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1550039419&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3da5818c76-f632-2f83-6397-0f7cfa7ade25&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=54E307DBA3647D1E&bk=1550039420&uiflavor=web&mkt=EN-US&lc=1033
Title: Create one!

Search URL Search Domain Scan URL

URL: https://account.live.com/username/recover?wreply=https://login.live.com/login.srf%3flc%3d1033%26mkt%3dEN-US%26wa%3dwsignin1.0%26rpsnv%3d13%26ct%3d1550039419%26rver%3d7.0.6737.0%26wp%3dMBI_SSL%26wreply%3dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253da5818c76-f632-2f83-6397-0f7cfa7ade25%26id%3d292841%26aadredir%3d1%26CBCXT%3dout%26lw%3d1%26fl%3ddob%252cflname%252cwld%26cobrandid%3d90015%26contextid%3d54E307DBA3647D1E%26bk%3d1550039420&id=292841&cobrandid=90015&mkt=EN-US&lc=1033&uiflavor=web
Title: Forgot username

Search URL Search Domain Scan URL

URL: https://login.live.com/gls.srf?urlID=WinLiveTermsOfUse&mkt=EN-US&vv=1600
Title: Terms of use

Search URL Search Domain Scan URL

URL: https://login.live.com/gls.srf?urlID=MSNPrivacyStatement&mkt=EN-US&vv=1600
Title: Privacy & cookies

Search URL Search Domain Scan URL

URL: https://login.live.com/pp1600/
Title:

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set / Show response hotmail.accountsignin.info/	37 KB 11 KB	107ms 77ms	Document text/html	2606:4700:30::681c:e1b Cloudflare
General Check archive.org Show headers Download Go to Full URL http://hotmail.accountsignin.info/ Protocol HTTP/1.1 Server 2606:4700:30::681c:e1b , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / PHP/5.6.37 Resource Hash `864434a98e6ca0adea61620dbd749274f94e9705ce87b1bb149ba8af96e58332` Request headers Host hotmail.accountsignin.info Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 22 Jul 2019 05:07:40 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive Set-Cookie __cfduid=dcfbdbc194f1957750d3613524e661be11563772060; expires=Tue, 21-Jul-20 05:07:40 GMT; path=/; domain=.accountsignin.info; HttpOnly X-Powered-By PHP/5.6.37 Server cloudflare CF-RAY 4fa2e474ba68c2db-FRA Content-Encoding gzip
GET H/1.1	200 OK	Converged_v21033.css hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/	100 KB 19 KB	76ms 74ms	Stylesheet text/css	2606:4700:30::681c:e1b Cloudflare
General Check archive.org Show headers Download Go to Full URL http://hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/Converged_v21033.css Requested by Host: hotmail.accountsignin.info URL: http://hotmail.accountsignin.info/ Protocol HTTP/1.1 Security , , Server 2606:4700:30::681c:e1b , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `b1d84f645e148ba12325f398b57d22df7cc466e32a95d6e311ff1a85dcdadc66` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer http://hotmail.accountsignin.info/ Origin http://hotmail.accountsignin.info Response headers Date Mon, 22 Jul 2019 05:07:41 GMT Content-Encoding gzip CF-Cache-Status MISS Last-Modified Thu, 21 Feb 2019 09:19:30 GMT Server cloudflare ETag W/"18e7a-58263f8c182e3" Vary Accept-Encoding Content-Type text/css Cache-Control public, max-age=14400 Transfer-Encoding chunked Connection keep-alive CF-RAY 4fa2e4754c07c2db-FRA Expires Mon, 22 Jul 2019 09:07:41 GMT
GET H/1.1	200 OK	microsoft_logo.svg hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/	4 KB 2 KB	42ms 41ms	Image image/svg+xml	2606:4700:30::681c:e1b Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL http://hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/microsoft_logo.svg Requested by Host: hotmail.accountsignin.info URL: http://hotmail.accountsignin.info/ Protocol HTTP/1.1 Security , , Server 2606:4700:30::681c:e1b , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a` Request headers Referer http://hotmail.accountsignin.info/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 22 Jul 2019 05:07:41 GMT Content-Encoding gzip CF-Cache-Status MISS Last-Modified Thu, 21 Feb 2019 09:19:30 GMT Server cloudflare ETag W/"e43-58263f8c63dd9" Vary Accept-Encoding Content-Type image/svg+xml Cache-Control public, max-age=14400 Transfer-Encoding chunked Connection keep-alive CF-RAY 4fa2e4755bb563fb-FRA Expires Mon, 22 Jul 2019 09:07:41 GMT
GET H/1.1	200 OK	ellipsis_white.svg hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/	915 B 686 B	49ms 42ms	Image image/svg+xml	2606:4700:30::681c:e1b Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL http://hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/ellipsis_white.svg Requested by Host: hotmail.accountsignin.info URL: http://hotmail.accountsignin.info/ Protocol HTTP/1.1 Security , , Server 2606:4700:30::681c:e1b , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea` Request headers Referer http://hotmail.accountsignin.info/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 22 Jul 2019 05:07:41 GMT Content-Encoding gzip CF-Cache-Status MISS Last-Modified Thu, 21 Feb 2019 09:19:30 GMT Server cloudflare ETag W/"393-58263f8c5dc31" Vary Accept-Encoding Content-Type image/svg+xml Cache-Control public, max-age=14400 Transfer-Encoding chunked Connection keep-alive CF-RAY 4fa2e4756f00d719-FRA Expires Mon, 22 Jul 2019 09:07:41 GMT
GET H/1.1	200 OK	ellipsis_grey.svg hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/	915 B 685 B	40ms 39ms	Image image/svg+xml	2606:4700:30::681c:e1b Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL http://hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/ellipsis_grey.svg Requested by Host: hotmail.accountsignin.info URL: http://hotmail.accountsignin.info/ Protocol HTTP/1.1 Security , , Server 2606:4700:30::681c:e1b , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6` Request headers Referer http://hotmail.accountsignin.info/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 22 Jul 2019 05:07:41 GMT Content-Encoding gzip CF-Cache-Status MISS Last-Modified Thu, 21 Feb 2019 09:19:30 GMT Server cloudflare ETag W/"393-58263f8c0ee72" Vary Accept-Encoding Content-Type image/svg+xml Cache-Control public, max-age=14400 Transfer-Encoding chunked Connection keep-alive CF-RAY 4fa2e4759bde63fb-FRA Expires Mon, 22 Jul 2019 09:07:41 GMT
GET H/1.1	200 OK	prefetch.html Show response hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/ Frame 6BCC	8 KB 3 KB	38ms 38ms	Document text/html	2606:4700:30::681c:e1b Cloudflare
General Check archive.org Show headers Download Go to Full URL http://hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/prefetch.html Requested by Host: hotmail.accountsignin.info URL: http://hotmail.accountsignin.info/ Protocol HTTP/1.1 Server 2606:4700:30::681c:e1b , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `bc43ba73e7b0abc470b8d9dca6bb7250ce08b818615b97870b3aa7ba2e1c156c` Request headers Host hotmail.accountsignin.info Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Referer http://hotmail.accountsignin.info/ Accept-Encoding gzip, deflate Cookie __cfduid=dcfbdbc194f1957750d3613524e661be11563772060 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer http://hotmail.accountsignin.info/ Response headers Date Mon, 22 Jul 2019 05:07:41 GMT Content-Type text/html Transfer-Encoding chunked Connection keep-alive Last-Modified Thu, 21 Feb 2019 09:19:34 GMT Server cloudflare CF-RAY 4fa2e475cd15c2db-FRA Content-Encoding gzip
GET H/1.1	404 Not Found	0-small.jpg auth.gfx.ms/16.000.28071.00/images/Backgrounds/	0 208 B	495ms 471ms	Image text/plain	2a02:26f0:6c00:29f::34ef AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://auth.gfx.ms/16.000.28071.00/images/Backgrounds/0-small.jpg?x=138bcee624fa04ef9b75e86211a9fe0d Requested by Host: hotmail.accountsignin.info URL: http://hotmail.accountsignin.info/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:6c00:29f::34ef , Ascension Island, ASN20940 (AKAMAI-ASN1, US), Reverse DNS Software Microsoft-IIS/8.5 / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer http://hotmail.accountsignin.info/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Access-Control-Allow-Origin * Date Mon, 22 Jul 2019 05:07:41 GMT PPServer PPV: 30 H: BL2IDSPRTS1A002 V: 0 Connection keep-alive Content-Length 0 Server Microsoft-IIS/8.5
GET H/1.1	404 Not Found	0.jpg auth.gfx.ms/16.000.28071.00/images/Backgrounds/	0 208 B	497ms 473ms	Image text/plain	2a02:26f0:6c00:29f::34ef AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://auth.gfx.ms/16.000.28071.00/images/Backgrounds/0.jpg?x=a5dbd4393ff6a725c7e62b61df7e72f0 Requested by Host: hotmail.accountsignin.info URL: http://hotmail.accountsignin.info/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:6c00:29f::34ef , Ascension Island, ASN20940 (AKAMAI-ASN1, US), Reverse DNS Software Microsoft-IIS/8.5 / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer http://hotmail.accountsignin.info/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Access-Control-Allow-Origin * Date Mon, 22 Jul 2019 05:07:41 GMT PPServer PPV: 30 H: BL2IDSPRTS1A003 V: 0 Connection keep-alive Content-Length 0 Server Microsoft-IIS/8.5
GET H/1.1	200 OK	boot.worldwide.0.mouse.js.download hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/ Frame 6BCC	647 KB 175 KB	40ms 39ms	Stylesheet application/javascript	2606:4700:30::681c:e1b Cloudflare
General Check archive.org Show headers Download Go to Full URL http://hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/boot.worldwide.0.mouse.js.download Requested by Host: hotmail.accountsignin.info URL: http://hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/prefetch.html Protocol HTTP/1.1 Security , , Server 2606:4700:30::681c:e1b , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `4afadcf75a08e1ca3b0023e2e45998a7ddecd7db364ade88f4cef4ecc211f1d2` Request headers Referer http://hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/prefetch.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 22 Jul 2019 05:07:41 GMT Content-Encoding gzip Last-Modified Thu, 21 Feb 2019 09:19:20 GMT Server cloudflare ETag W/"a1c4f-58263f82c6e0b" Transfer-Encoding chunked Content-Type application/javascript Connection keep-alive CF-RAY 4fa2e4761dc7c2db-FRA
GET H/1.1	200 OK	boot.worldwide.1.mouse.js.download hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/ Frame 6BCC	644 KB 157 KB	38ms 37ms	Stylesheet application/javascript	2606:4700:30::681c:e1b Cloudflare
General Check archive.org Show headers Download Go to Full URL http://hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/boot.worldwide.1.mouse.js.download Requested by Host: hotmail.accountsignin.info URL: http://hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/prefetch.html Protocol HTTP/1.1 Security , , Server 2606:4700:30::681c:e1b , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `eded2cc792d865cc037816db7966d3f32d2cd9cd832e163d2245984d8099a7de` Request headers Referer http://hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/prefetch.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 22 Jul 2019 05:07:41 GMT Content-Encoding gzip Last-Modified Thu, 21 Feb 2019 09:19:25 GMT Server cloudflare ETag W/"a0eb3-58263f87713cf" Transfer-Encoding chunked Content-Type application/javascript Connection keep-alive CF-RAY 4fa2e4761c2063fb-FRA
GET H/1.1	200 OK	boot.worldwide.2.mouse.js.download hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/ Frame 6BCC	646 KB 165 KB	38ms 37ms	Stylesheet application/javascript	2606:4700:30::681c:e1b Cloudflare
General Check archive.org Show headers Download Go to Full URL http://hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/boot.worldwide.2.mouse.js.download Requested by Host: hotmail.accountsignin.info URL: http://hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/prefetch.html Protocol HTTP/1.1 Security , , Server 2606:4700:30::681c:e1b , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `2236e2d64e00b3c05518246337a75741c7ed30fd9404bf79e236ce9f41216d97` Request headers Referer http://hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/prefetch.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 22 Jul 2019 05:07:41 GMT Content-Encoding gzip Last-Modified Thu, 21 Feb 2019 09:19:25 GMT Server cloudflare ETag W/"a1872-58263f87039de" Transfer-Encoding chunked Content-Type application/javascript Connection keep-alive CF-RAY 4fa2e4761920d719-FRA
GET H/1.1	200 OK	boot.worldwide.3.mouse.js.download hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/ Frame 6BCC	644 KB 141 KB	53ms 47ms	Stylesheet application/javascript	2606:4700:30::681c:e1b Cloudflare
General Check archive.org Show headers Download Go to Full URL http://hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/boot.worldwide.3.mouse.js.download Requested by Host: hotmail.accountsignin.info URL: http://hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/prefetch.html Protocol HTTP/1.1 Security , , Server 2606:4700:30::681c:e1b , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `df1aed2b3398d4df9dad00cb8998b92af6e62410b7c4f6e7bd1a5d4d6bc20b40` Request headers Referer http://hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/prefetch.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 22 Jul 2019 05:07:41 GMT Content-Encoding gzip Last-Modified Thu, 21 Feb 2019 09:19:29 GMT Server cloudflare ETag W/"a11b5-58263f8ba6e59" Transfer-Encoding chunked Content-Type application/javascript Connection keep-alive CF-RAY 4fa2e4761d6fc281-FRA
GET H/1.1	200 OK	sprite1.mouse.png hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/ Frame 6BCC	16 KB 17 KB	57ms 51ms	Stylesheet image/png	2606:4700:30::681c:e1b Cloudflare
General Check archive.org Show headers Download Go to Full URL http://hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/sprite1.mouse.png Requested by Host: hotmail.accountsignin.info URL: http://hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/prefetch.html Protocol HTTP/1.1 Security , , Server 2606:4700:30::681c:e1b , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `99190cfe65f919edb8071d84eee7096ec27561bc9b9fa396e55e0eb5e2cd0194` Request headers Referer http://hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/prefetch.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 22 Jul 2019 05:07:41 GMT CF-Cache-Status MISS Last-Modified Thu, 21 Feb 2019 09:19:35 GMT Server cloudflare ETag "4118-58263f90c827f" Vary Accept-Encoding Content-Type image/png Cache-Control public, max-age=14400 Connection keep-alive Accept-Ranges bytes CF-RAY 4fa2e4761e8596d4-FRA Content-Length 16664 Expires Mon, 22 Jul 2019 09:07:41 GMT
GET H/1.1	200 OK	sprite1.mouse.css hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/ Frame 6BCC	7 KB 1 KB	50ms 44ms	Stylesheet text/css	2606:4700:30::681c:e1b Cloudflare
General Check archive.org Show headers Download Go to Full URL http://hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/sprite1.mouse.css Requested by Host: hotmail.accountsignin.info URL: http://hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/prefetch.html Protocol HTTP/1.1 Security , , Server 2606:4700:30::681c:e1b , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `461f87e55bba34c4d9248d1b45685ea832eba56c15ebf6cccf75d49f1547b502` Request headers Referer http://hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/prefetch.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 22 Jul 2019 05:07:41 GMT Content-Encoding gzip CF-Cache-Status MISS Last-Modified Thu, 21 Feb 2019 09:19:35 GMT Server cloudflare ETag W/"1db4-58263f908e4b3" Vary Accept-Encoding Content-Type text/css Cache-Control public, max-age=14400 Transfer-Encoding chunked Connection keep-alive CF-RAY 4fa2e4761d0b96da-FRA Expires Mon, 22 Jul 2019 09:07:41 GMT
GET H/1.1	200 OK	boot.worldwide.mouse.css hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/ Frame 6BCC	227 KB 43 KB	125ms 75ms	Stylesheet text/css	2606:4700:30::681c:e1b Cloudflare
General Check archive.org Show headers Download Go to Full URL http://hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/boot.worldwide.mouse.css Requested by Host: hotmail.accountsignin.info URL: http://hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/prefetch.html Protocol HTTP/1.1 Security , , Server 2606:4700:30::681c:e1b , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `ec4d9c5bae42b5b76dbe31a3df7bf24f1dde703f79499ee4bf3e1e63f11e6e86` Request headers Referer http://hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/prefetch.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 22 Jul 2019 05:07:41 GMT Content-Encoding gzip CF-Cache-Status MISS Last-Modified Thu, 21 Feb 2019 09:19:27 GMT Server cloudflare ETag W/"38bba-58263f89ceb82" Vary Accept-Encoding Content-Type text/css Cache-Control public, max-age=14400 Transfer-Encoding chunked Connection keep-alive CF-RAY 4fa2e4766d6b96da-FRA Expires Mon, 22 Jul 2019 09:07:41 GMT
GET H2	200	boot.worldwide.0.mouse.js r4.res.office365.com/owa/prem/16.2859.3.2661903/scripts/ Frame 6BCC	647 KB 176 KB	376ms 355ms	Stylesheet application/x-javascript	2a02:26f0:6c00:28a::753 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://r4.res.office365.com/owa/prem/16.2859.3.2661903/scripts/boot.worldwide.0.mouse.js Requested by Host: hotmail.accountsignin.info URL: http://hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/prefetch.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:6c00:28a::753 , Ascension Island, ASN20940 (AKAMAI-ASN1, US), Reverse DNS Software Apache / Resource Hash `4afadcf75a08e1ca3b0023e2e45998a7ddecd7db364ade88f4cef4ecc211f1d2` Request headers Referer http://hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/prefetch.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Mon, 22 Jul 2019 05:07:41 GMT content-encoding gzip last-modified Thu, 31 Jan 2019 16:56:43 GMT server Apache access-control-allow-origin * vary Accept-Encoding content-type application/x-javascript status 200 cache-control public,max-age=630720000, s-maxage=630720000 accept-ranges bytes timing-allow-origin *
GET H2	200	boot.worldwide.1.mouse.js r4.res.office365.com/owa/prem/16.2859.3.2661903/scripts/ Frame 6BCC	644 KB 160 KB	410ms 410ms	Stylesheet application/x-javascript	2a02:26f0:6c00:28a::753 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://r4.res.office365.com/owa/prem/16.2859.3.2661903/scripts/boot.worldwide.1.mouse.js Requested by Host: hotmail.accountsignin.info URL: http://hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/prefetch.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:6c00:28a::753 , Ascension Island, ASN20940 (AKAMAI-ASN1, US), Reverse DNS Software Apache / Resource Hash `eded2cc792d865cc037816db7966d3f32d2cd9cd832e163d2245984d8099a7de` Request headers Referer http://hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/prefetch.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Mon, 22 Jul 2019 05:07:42 GMT content-encoding gzip last-modified Thu, 31 Jan 2019 16:56:37 GMT server Apache access-control-allow-origin * vary Accept-Encoding content-type application/x-javascript status 200 cache-control public,max-age=630720000, s-maxage=630720000 accept-ranges bytes timing-allow-origin *
GET H2	200	boot.worldwide.2.mouse.js r4.res.office365.com/owa/prem/16.2859.3.2661903/scripts/ Frame 6BCC	646 KB 167 KB	317ms 316ms	Stylesheet application/x-javascript	2a02:26f0:6c00:28a::753 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://r4.res.office365.com/owa/prem/16.2859.3.2661903/scripts/boot.worldwide.2.mouse.js Requested by Host: hotmail.accountsignin.info URL: http://hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/prefetch.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:6c00:28a::753 , Ascension Island, ASN20940 (AKAMAI-ASN1, US), Reverse DNS Software Apache / Resource Hash `2236e2d64e00b3c05518246337a75741c7ed30fd9404bf79e236ce9f41216d97` Request headers Referer http://hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/prefetch.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Mon, 22 Jul 2019 05:07:42 GMT content-encoding gzip last-modified Thu, 31 Jan 2019 16:56:43 GMT server Apache access-control-allow-origin * vary Accept-Encoding content-type application/x-javascript status 200 cache-control public,max-age=630720000, s-maxage=630720000 accept-ranges bytes timing-allow-origin *
GET H2	200	boot.worldwide.3.mouse.js r4.res.office365.com/owa/prem/16.2859.3.2661903/scripts/ Frame 6BCC	644 KB 143 KB	233ms 232ms	Stylesheet application/x-javascript	2a02:26f0:6c00:28a::753 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://r4.res.office365.com/owa/prem/16.2859.3.2661903/scripts/boot.worldwide.3.mouse.js Requested by Host: hotmail.accountsignin.info URL: http://hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/prefetch.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:6c00:28a::753 , Ascension Island, ASN20940 (AKAMAI-ASN1, US), Reverse DNS Software Apache / Resource Hash `df1aed2b3398d4df9dad00cb8998b92af6e62410b7c4f6e7bd1a5d4d6bc20b40` Request headers Referer http://hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/prefetch.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Mon, 22 Jul 2019 05:07:43 GMT content-encoding gzip last-modified Thu, 31 Jan 2019 16:56:37 GMT server Apache access-control-allow-origin * vary Accept-Encoding content-type application/x-javascript status 200 cache-control public,max-age=630720000, s-maxage=630720000 accept-ranges bytes timing-allow-origin *
GET H2	200	sprite1.mouse.png r4.res.office365.com/owa/prem/16.2859.3.2661903/resources/images/0/ Frame 6BCC	16 KB 16 KB	10ms 9ms	Stylesheet image/png	2a02:26f0:6c00:28a::753 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://r4.res.office365.com/owa/prem/16.2859.3.2661903/resources/images/0/sprite1.mouse.png Requested by Host: hotmail.accountsignin.info URL: http://hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/prefetch.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:6c00:28a::753 , Ascension Island, ASN20940 (AKAMAI-ASN1, US), Reverse DNS Software Apache / Resource Hash `99190cfe65f919edb8071d84eee7096ec27561bc9b9fa396e55e0eb5e2cd0194` Request headers Referer http://hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/prefetch.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Mon, 22 Jul 2019 05:07:43 GMT last-modified Thu, 31 Jan 2019 16:51:50 GMT server Apache access-control-allow-origin * content-type image/png status 200 cache-control public,max-age=630720000, s-maxage=630720000 accept-ranges bytes timing-allow-origin * content-length 16664
GET H2	200	sprite1.mouse.css r4.res.office365.com/owa/prem/16.2859.3.2661903/resources/images/0/ Frame 6BCC	7 KB 1 KB	8ms 8ms	Stylesheet text/css	2a02:26f0:6c00:28a::753 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://r4.res.office365.com/owa/prem/16.2859.3.2661903/resources/images/0/sprite1.mouse.css Requested by Host: hotmail.accountsignin.info URL: http://hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/prefetch.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:6c00:28a::753 , Ascension Island, ASN20940 (AKAMAI-ASN1, US), Reverse DNS Software Apache / Resource Hash `461f87e55bba34c4d9248d1b45685ea832eba56c15ebf6cccf75d49f1547b502` Request headers Referer http://hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/prefetch.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Mon, 22 Jul 2019 05:07:43 GMT content-encoding gzip last-modified Thu, 31 Jan 2019 16:51:50 GMT server Apache access-control-allow-origin * vary Accept-Encoding content-type text/css status 200 cache-control public,max-age=630720000, s-maxage=630720000 accept-ranges bytes timing-allow-origin * content-length 1124
GET H2	200	boot.worldwide.mouse.css r4.res.office365.com/owa/prem/16.2859.3.2661903/resources/styles/0/ Frame 6BCC	227 KB 43 KB	20ms 20ms	Stylesheet text/css	2a02:26f0:6c00:28a::753 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://r4.res.office365.com/owa/prem/16.2859.3.2661903/resources/styles/0/boot.worldwide.mouse.css Requested by Host: hotmail.accountsignin.info URL: http://hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/prefetch.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:6c00:28a::753 , Ascension Island, ASN20940 (AKAMAI-ASN1, US), Reverse DNS Software Apache / Resource Hash `ec4d9c5bae42b5b76dbe31a3df7bf24f1dde703f79499ee4bf3e1e63f11e6e86` Request headers Referer http://hotmail.accountsignin.info/Sign%20in%20to%20your%20Microsoft%20account_files/prefetch.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Mon, 22 Jul 2019 05:07:43 GMT content-encoding gzip last-modified Thu, 31 Jan 2019 16:54:07 GMT server Apache access-control-allow-origin * vary Accept-Encoding content-type text/css status 200 cache-control public,max-age=630720000, s-maxage=630720000 accept-ranges bytes timing-allow-origin *

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			hotmail.accountsignin.info/	1969-12-31 23:59:59	Name: OWAPF Value: p:undefined1&
			.accountsignin.info/	1970-01-19 11:08:28	Name: __cfduid Value: dcfbdbc194f1957750d3613524e661be11563772060

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

auth.gfx.ms
hotmail.accountsignin.info
r4.res.office365.com
2606:4700:30::681c:e1b
2a02:26f0:6c00:28a::753
2a02:26f0:6c00:29f::34ef
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6
2236e2d64e00b3c05518246337a75741c7ed30fd9404bf79e236ce9f41216d97
461f87e55bba34c4d9248d1b45685ea832eba56c15ebf6cccf75d49f1547b502
4afadcf75a08e1ca3b0023e2e45998a7ddecd7db364ade88f4cef4ecc211f1d2
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea
864434a98e6ca0adea61620dbd749274f94e9705ce87b1bb149ba8af96e58332
99190cfe65f919edb8071d84eee7096ec27561bc9b9fa396e55e0eb5e2cd0194
b1d84f645e148ba12325f398b57d22df7cc466e32a95d6e311ff1a85dcdadc66
bc43ba73e7b0abc470b8d9dca6bb7250ce08b818615b97870b3aa7ba2e1c156c
df1aed2b3398d4df9dad00cb8998b92af6e62410b7c4f6e7bd1a5d4d6bc20b40
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ec4d9c5bae42b5b76dbe31a3df7bf24f1dde703f79499ee4bf3e1e63f11e6e86
eded2cc792d865cc037816db7966d3f32d2cd9cd832e163d2245984d8099a7de

hotmail.accountsignin.info Open in urlscan Pro 2606:4700:30::681c:e1b Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

22 Requests

41 %HTTPS

100 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

1441 kBTransfer

5814 kBSize

2 Cookies

5 Outgoing links

Redirected requests

22 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

12 JavaScript Global Variables

2 Cookies

Indicators

hotmail.accountsignin.info Open in urlscan Pro
2606:4700:30::681c:e1b Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

22
Requests

41 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

1441 kB
Transfer

5814 kB
Size

2
Cookies

22 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!