gtarp.be
Open in
urlscan Pro
2606:4700:3035::ac43:82bd
Malicious Activity!
Public Scan
Submitted URL: http://gtarp.be/000000000000009qwueyfgrey8edfvbdcv/MCROOUT/outlk/November/index.php?email=karstenconstruction%40...
Effective URL: http://gtarp.be/000000000000009qwueyfgrey8edfvbdcv/MCROOUT/outlk/November/default.php
Submission: On June 16 via api from IE — Scanned from DE
Effective URL: http://gtarp.be/000000000000009qwueyfgrey8edfvbdcv/MCROOUT/outlk/November/default.php
Submission: On June 16 via api from IE — Scanned from DE
Summary
This website contacted 7 IPs
in 3 countries
across 8 domains to perform 38 HTTP transactions.
The main IP is 2606:4700:3035::ac43:82bd, located in
United States and
belongs to CLOUDFLARENET, US.
The main domain is gtarp.be.
This is the only time gtarp.be was scanned on urlscan.io!
This is the only time gtarp.be was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic (Online)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 21 | 2606:4700:303... 2606:4700:3035::ac43:82bd | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 3 | 104.86.56.12 104.86.56.12 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
| 1 2 | 192.229.133.221 192.229.133.221 | 15133 (EDGECAST) (EDGECAST) | |
| 1 | 184.24.21.13 184.24.21.13 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
| 1 | 66.235.152.115 66.235.152.115 | 15224 (OMNITURE) (OMNITURE) | |
| 1 | 69.192.160.219 69.192.160.219 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
| 38 | 7 |
3
104.86.56.12
(Berlin, Germany)
ASN16625 (AKAMAI-AS, US)
PTR: a104-86-56-12.deploy.static.akamaitechnologies.com
ASN16625 (AKAMAI-AS, US)
PTR: a104-86-56-12.deploy.static.akamaitechnologies.com
| secure.wlxrs.com |
1
184.24.21.13
(Amsterdam, Netherlands)
ASN16625 (AKAMAI-AS, US)
PTR: a184-24-21-13.deploy.static.akamaitechnologies.com
ASN16625 (AKAMAI-AS, US)
PTR: a184-24-21-13.deploy.static.akamaitechnologies.com
| tags.bkrtx.com |
1
66.235.152.115
(United States)
ASN15224 (OMNITURE, US)
PTR: ip-66-235-152-115.data.adobedc.net
ASN15224 (OMNITURE, US)
PTR: ip-66-235-152-115.data.adobedc.net
| windowslive.tt.omtrdc.net |
1
69.192.160.219
(Frankfurt am Main, Germany)
ASN16625 (AKAMAI-AS, US)
PTR: a69-192-160-219.deploy.static.akamaitechnologies.com
ASN16625 (AKAMAI-AS, US)
PTR: a69-192-160-219.deploy.static.akamaitechnologies.com
| stags.bluekai.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 21 |
gtarp.be
gtarp.be |
189 KB |
| 3 |
wlxrs.com
secure.wlxrs.com — Cisco Umbrella Rank: 338870 |
23 KB |
| 2 |
w3schools.com
1 redirects
www.w3schools.com — Cisco Umbrella Rank: 16740 |
33 KB |
| 1 |
bluekai.com
stags.bluekai.com — Cisco Umbrella Rank: 589 |
721 B |
| 1 |
omtrdc.net
windowslive.tt.omtrdc.net |
1 KB |
| 1 |
bkrtx.com
tags.bkrtx.com — Cisco Umbrella Rank: 4866 |
16 KB |
| 0 |
microsoft.com
Failed
s.imp.microsoft.com Failed |
|
| 0 |
live.com
Failed
sc.imp.live.com Failed |
|
| 38 | 8 |
| Domain | Requested by | |
|---|---|---|
| 21 | gtarp.be |
gtarp.be
|
| 3 | secure.wlxrs.com |
gtarp.be
|
| 2 | www.w3schools.com |
1 redirects
gtarp.be
|
| 1 | stags.bluekai.com |
tags.bkrtx.com
|
| 1 | windowslive.tt.omtrdc.net |
gtarp.be
|
| 1 | tags.bkrtx.com |
gtarp.be
|
| 0 | s.imp.microsoft.com Failed |
gtarp.be
|
| 0 | sc.imp.live.com Failed |
gtarp.be
|
| 38 | 8 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| go.microsoft.com |
| account.live.com |
| signup.live.com |
| login.live.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.test.edgekey.net DigiCert TLS RSA SHA256 2020 CA1 |
2022-09-13 - 2023-09-13 |
a year | crt.sh |
| *.bkrtx.com DigiCert TLS RSA SHA256 2020 CA1 |
2023-01-18 - 2024-01-17 |
a year | crt.sh |
| odc-pixel-prod-01.oracle.com DigiCert TLS RSA SHA256 2020 CA1 |
2023-02-07 - 2024-02-08 |
a year | crt.sh |
This page contains 4 frames:
Primary Page:
http://gtarp.be/000000000000009qwueyfgrey8edfvbdcv/MCROOUT/outlk/November/default.php
Frame ID: EE98CF1071AC6E686BB92CB26D0EF2A8
Requests: 13 HTTP requests in this frame
Frame:
http://gtarp.be/000000000000009qwueyfgrey8edfvbdcv/MCROOUT/outlk/November/login_files/EN-US.htm
Frame ID: 8C0B63B1E1F994CEF6A9FC6B0B95D233
Requests: 21 HTTP requests in this frame
Frame:
http://gtarp.be/000000000000009qwueyfgrey8edfvbdcv/MCROOUT/outlk/November/login_files/header.htm
Frame ID: 125FB16CD0581BF501285D31F37F7791
Requests: 3 HTTP requests in this frame
Frame:
https://stags.bluekai.com/site/14441?ret=html&phint=page%3DPROD-outlook_signin&phint=market%3Den-us&phint=__bk_t%3DSign%20In&phint=__bk_k%3D&phint=__bk_pr%3Dhttp%3A%2F%2Fgtarp.be%2F000000000000009qwueyfgrey8edfvbdcv%2FMCROOUT%2Foutlk%2FNovember%2Fdefault.php&phint=__bk_l%3Dhttp%3A%2F%2Fgtarp.be%2F000000000000009qwueyfgrey8edfvbdcv%2FMCROOUT%2Foutlk%2FNovember%2Flogin_files%2FEN-US.htm&phint=__bk_v%3D3.1.10&limit=4&r=34751104
Frame ID: B5FE41121EA77BA9B938DCCFE3C3E6B1
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
Sign InPage URL History Show full URLs
- http://gtarp.be/000000000000009qwueyfgrey8edfvbdcv/MCROOUT/outlk/November/index.php?email=ka... Page URL
- http://gtarp.be/000000000000009qwueyfgrey8edfvbdcv/MCROOUT/outlk/November/default.php Page URL
Detected technologies
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- \.php(?:$|\?)
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
7 Outgoing links
These are links going to different origins than the main page.
URL: https://go.microsoft.com/fwlink/?LinkID=254486
Title: What's this?
Title: What's this?
Search URL Search Domain Scan URL
URL: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3fwa%3dwsignin1.0%26rpsnv%3d11%26ct%3d1354873019%26rver%3d6.1.6206.0%26wp%3dMBI_SSL_SHARED%26wreply%3dhttps:%252F%252Fmail.live.com%252Fdefault.aspx%253Frru%253Dhome%2526livecom%253D1%26id%3d64855%26cbcxt%3dmai%26vv%3d1350%26mkt%3dEN-US%26lc%3d1033&id=64855&mkt=EN-US&lc=1033&bk=1354873022&username=
Title: Can't access your account?
Title: Can't access your account?
Search URL Search Domain Scan URL
URL: https://signup.live.com/?wa=wsignin1.0&rpsnv=11&ct=1354873019&rver=6.1.6206.0&wp=MBI_SSL_SHARED&wreply=https:%2F%2Fmail.live.com%2Fdefault.aspx%3Frru%3Dhome%26livecom%3D1&id=64855&cbcxt=mai&bk=1354873022&uiflavor=web&mkt=EN-US&lc=1033
Title: Sign up now
Title: Sign up now
Search URL Search Domain Scan URL
URL: http://login.live.com/gls.srf?urlID=WinLiveTermsOfUse&mkt=EN-US&vv=1350
Title: Terms
Title: Terms
Search URL Search Domain Scan URL
URL: http://login.live.com/gls.srf?urlID=MSNPrivacyStatement&mkt=EN-US&vv=1350
Title: Privacy & Cookies
Title: Privacy & Cookies
Search URL Search Domain Scan URL
URL: http://login.live.com/gls.srf?urlID=WLHelpCentral&mkt=EN-US&vv=1350
Title: Help Center
Title: Help Center
Search URL Search Domain Scan URL
URL: http://login.live.com/gls.srf?urlID=WLFeedback&mkt=EN-US&vv=1350
Title: Feedback
Title: Feedback
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://gtarp.be/000000000000009qwueyfgrey8edfvbdcv/MCROOUT/outlk/November/index.php?email=karstenconstruction%40live.com Page URL
- http://gtarp.be/000000000000009qwueyfgrey8edfvbdcv/MCROOUT/outlk/November/default.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 5- http://www.w3schools.com/jquery/jquery.js HTTP 301
- https://www.w3schools.com/jquery/jquery.js
38 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
index.php
gtarp.be/000000000000009qwueyfgrey8edfvbdcv/MCROOUT/outlk/November/ |
10 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
NYKpPzcj59cAccountCSSX.css
secure.wlxrs.com/jy5kqke3ytP4lb3i5ZDpNLiWSfajaQ-eDIOI7KaGMzOGtx7r-zkJzcZQdL-oXfcuo!qhAxV70lLofVjqeMaFkn0-MYEtUYM8BG5a7nbwMSo/Base/16.4.4507/ |
101 KB 20 KB |
Stylesheet
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
invis.gif
secure.wlxrs.com/$live.controls.images/is/ |
43 B 262 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
progressindicator.gif
gtarp.be/000000000000009qwueyfgrey8edfvbdcv/MCROOUT/outlk/November/ |
12 KB 13 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
c4.png
secure.wlxrs.com/$live.controls.images/h/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Primary Request
default.php
gtarp.be/000000000000009qwueyfgrey8edfvbdcv/MCROOUT/outlk/November/ |
10 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.js
www.w3schools.com/jquery/ Redirect Chain
|
91 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
SpryValidationTextField.js
gtarp.be/000000000000009qwueyfgrey8edfvbdcv/MCROOUT/outlk/November/SpryAssets/ |
73 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
R3WinLive1033.css
gtarp.be/000000000000009qwueyfgrey8edfvbdcv/MCROOUT/outlk/November/login_files/ |
32 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
SpryValidationTextField.css
gtarp.be/000000000000009qwueyfgrey8edfvbdcv/MCROOUT/outlk/November/SpryAssets/ |
3 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
untitled.png
gtarp.be/000000000000009qwueyfgrey8edfvbdcv/MCROOUT/outlk/November/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
email-decode.min.js
gtarp.be/cdn-cgi/scripts/5c5dd728/cloudflare-static/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
EN-US.htm
gtarp.be/000000000000009qwueyfgrey8edfvbdcv/MCROOUT/outlk/November/login_files/ Frame 8C0B |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
header.htm
gtarp.be/000000000000009qwueyfgrey8edfvbdcv/MCROOUT/outlk/November/login_files/ Frame 125F |
458 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
controls.png
gtarp.be/000000000000009qwueyfgrey8edfvbdcv/MCROOUT/outlk/November/login_files/hig/img/ |
785 B 785 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
style.css
gtarp.be/000000000000009qwueyfgrey8edfvbdcv/MCROOUT/outlk/November/login_files/EN-US_data/ Frame 8C0B |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
mbox.js
gtarp.be/000000000000009qwueyfgrey8edfvbdcv/MCROOUT/outlk/November/login_files/EN-US_data/ Frame 8C0B |
23 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
sisu_mediasharing_frame.jpg
gtarp.be/000000000000009qwueyfgrey8edfvbdcv/MCROOUT/outlk/November/login_files/EN-US_data/ Frame 8C0B |
65 KB 66 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
style_win8.css
gtarp.be/000000000000009qwueyfgrey8edfvbdcv/MCROOUT/outlk/November/login_files/EN-US_data/ Frame 8C0B |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
SISU.css
gtarp.be/000000000000009qwueyfgrey8edfvbdcv/MCROOUT/outlk/November/login_files/EN-US_data/ Frame 8C0B |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bk-coretag.js
gtarp.be/000000000000009qwueyfgrey8edfvbdcv/MCROOUT/outlk/November/login_files/EN-US_data/ Frame 8C0B |
27 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
standard
gtarp.be/000000000000009qwueyfgrey8edfvbdcv/MCROOUT/outlk/November/login_files/EN-US_data/ Frame 8C0B |
4 KB 2 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
sisu_surface_animation_mediasharing.js
gtarp.be/000000000000009qwueyfgrey8edfvbdcv/MCROOUT/outlk/November/login_files/EN-US_data/ Frame 8C0B |
131 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
header.css
gtarp.be/000000000000009qwueyfgrey8edfvbdcv/MCROOUT/outlk/November/login_files/header_data/ Frame 125F |
212 B 915 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
logo_mail.png
gtarp.be/000000000000009qwueyfgrey8edfvbdcv/MCROOUT/outlk/November/login_files/header_data/ Frame 125F |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
sisu_mediasharing_base-image.jpg
sc.imp.live.com/content/dam/imp/surfaces/mail_signin/v3/img/rm_outlook_perception/en-us/ Frame 8C0B |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
sisu_surface_animation_mediasharing.js
sc.imp.live.com/content/dam/imp/surfaces/mail_signin/v3/js/ Frame 8C0B |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
sisu_mediasharing_frame.jpg
sc.imp.live.com/content/dam/imp/surfaces/mail_signin/v3/img/rm_outlook_perception/en-us/ Frame 8C0B |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bk-coretag.js
tags.bkrtx.com/js/ Frame 8C0B |
51 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
standard
windowslive.tt.omtrdc.net/m2/windowslive/mbox/ Frame 8C0B |
747 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
style.css
sc.imp.live.com/content/dam/imp/surfaces/mail_signin/v3/css/ Frame 8C0B |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
blank.gif
sc.imp.live.com/content/dam/imp/surfaces/mail_signin/v3/img/general_purpose_images/ Frame 8C0B |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
style_win8.css
sc.imp.live.com/content/dam/imp/surfaces/mail_signin/v3/css/ Frame 8C0B |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
SISU.css
sc.imp.live.com/content/dam/imp/surfaces/mail_signin/v3/css/ Frame 8C0B |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
14441
stags.bluekai.com/site/ Frame B5FE |
71 B 721 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
sisu_surface_animation_mediasharing.js
sc.imp.live.com/content/dam/imp/surfaces/mail_signin/v3/js/ Frame 8C0B |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
sisu_mediasharing_frame.jpg
sc.imp.live.com/content/dam/imp/surfaces/mail_signin/v3/img/rm_outlook_perception/en-us/ Frame 8C0B |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
zag.gif
s.imp.microsoft.com/ Frame 8C0B |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- sc.imp.live.com
- URL
- https://sc.imp.live.com/content/dam/imp/surfaces/mail_signin/v3/img/rm_outlook_perception/en-us/sisu_mediasharing_base-image.jpg
- Domain
- sc.imp.live.com
- URL
- https://sc.imp.live.com/content/dam/imp/surfaces/mail_signin/v3/js/sisu_surface_animation_mediasharing.js
- Domain
- sc.imp.live.com
- URL
- https://sc.imp.live.com/content/dam/imp/surfaces/mail_signin/v3/img/rm_outlook_perception/en-us/sisu_mediasharing_frame.jpg
- Domain
- sc.imp.live.com
- URL
- https://sc.imp.live.com/content/dam/imp/surfaces/mail_signin/v3/css/style.css
- Domain
- sc.imp.live.com
- URL
- https://sc.imp.live.com/content/dam/imp/surfaces/mail_signin/v3/img/general_purpose_images/blank.gif
- Domain
- sc.imp.live.com
- URL
- https://sc.imp.live.com/content/dam/imp/surfaces/mail_signin/v3/css/style_win8.css
- Domain
- sc.imp.live.com
- URL
- https://sc.imp.live.com/content/dam/imp/surfaces/mail_signin/v3/css/SISU.css
- Domain
- sc.imp.live.com
- URL
- https://sc.imp.live.com/content/dam/imp/surfaces/mail_signin/v3/js/sisu_surface_animation_mediasharing.js
- Domain
- sc.imp.live.com
- URL
- https://sc.imp.live.com/content/dam/imp/surfaces/mail_signin/v3/img/rm_outlook_perception/en-us/sisu_mediasharing_frame.jpg
- Domain
- s.imp.microsoft.com
- URL
- https://s.imp.microsoft.com/zag.gif?Log=1&tntcalltype=1&tntPCID=1374648259166-427757.21_22&tntANID=00000000000000000000000000000000&tntSessionID=1374654703123-816082&tntCampaignID=73898&tntCampaignName=OL%20SISU%20Perception%20Campaign%20_%20Social%20Media%20Sharing%3Fc000022676%7Cet08%7CF48FDB68&tntOfferID=60864&tntOfferName=en%20US%20OL%20SISU%20Perception%20Animated%20Media%20Sharing?o00000053511|9DD1A6EA&tntMbox=PROD-outlook_signin&tntRecipeID=0&tntRecipeName=EE01%3Fee01%7CA24134E2&tntPage=http%3A//gtarp.be/000000000000009qwueyfgrey8edfvbdcv/MCROOUT/outlk/November/login_files/EN-US.htm&tntMrkt=en-us&tntFirstSession=false&tntTrafficType=0&tntPageID=1686900310314-291577&tntTime=1686900310561&tntTitle=Sign%20In&tntGeoCountry=nigeria&tntGeoState=lagos&tntGeoDMA=not%20metroized&tntGeoCity=&tntGeoZip=&tntReferrer=http%3A//gtarp.be/000000000000009qwueyfgrey8edfvbdcv/MCROOUT/outlk/November/default.php
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic (Online)14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 boolean| credentialless object| onbeforetoggle object| onscrollend function| $ function| jQuery object| Spry function| MM_findObj function| MM_validateForm object| emailField undefined| passwordField undefined| sprytextfield1 undefined| sprytextfield24 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| .gtarp.be/ | Name: mbox Value: check#true#1686900371|session#1686900310314-291577#1686902171 |
|
| .bluekai.com/ | Name: bkdc Value: phx |
|
| .bluekai.com/ | Name: bkpa Value: KJ0ND1a3yp91djgAaM5rwnR5xC7gOMr6vKNbBLZim1SmfEovuF2IvFux4zYWxW2we28e3NWMgnQxQZXiRB7MRBwxST5k3ODAh4jygnSj72ObqIuGk5wr/HM3S9OJ9ibqhQzojVwA7E0HBa77Ut881cHRfiWu6umsocCnNodDYrLRV91WXpdNKgkmzm+DCBLn+Blz+eXpiUqFhbGb4hmbjpx62lbsGRa/L/Vr7i006/Kk3dNUDIrP5gnEaAqSwFqjIzEGgzL91yDGsszXEb6KBJRiMVDC7oXTpXDFcLveKQ== |
|
| .bluekai.com/ | Name: bku Value: SEQ99aRmMsEbw/Tg |
10 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
gtarp.be
s.imp.microsoft.com
sc.imp.live.com
secure.wlxrs.com
stags.bluekai.com
tags.bkrtx.com
windowslive.tt.omtrdc.net
www.w3schools.com
s.imp.microsoft.com
sc.imp.live.com
104.86.56.12
184.24.21.13
192.229.133.221
2606:4700:3035::ac43:82bd
66.235.152.115
69.192.160.219
0b5c5a50b279a4954900f747ec3dbc6f7b9330e76853ef7deff7f1923e904c50
1529e3314d1770c5486b6c21004e7c0ceaec07d77a57e3e61435884bfc108551
18e28e47c05afb12b66054c5160974415e9967757f1f57419e15b933b86f0a42
1c37831c2c07c9b4cf5c9238209eee46ed561e27dd9859ea763cd9935ec27617
1f73b5c4310620c8c8e984a5dd058b0fab0e7042c4114f3baefd2cbc35d4e1af
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
365aeab514bc4d286034f3f206c2ab779d5ccb5bc0f85098a60423d8b4fffbb4
4b0e6a62b21d3b6aeeada5430d4a2b9dc9cb9176c984b26ff92aefcffd71ed4b
4eee5eb041d51fcc421874014281afb3c0c0a19277cf13e08c8de793537bc5bd
53350525edba0b889e87ea52a16ed843a928a2557e9f8d6747acd7ff991c95c3
56d73dd32524ce4475965c2ef09845b11175e3a27e99677e160f0f451d4ae4ba
68b14903c8454624e10d691090fb58c8b1e757bd56644736011636a56ba258a2
6b1af85883b2ab64690488468bf9fb0699b82e0b8c3239129847e726bcd79c1b
7555b2cd6c16af7c07bf8f2fc42f98019f2ddd877c3a798e1f65caf689e448b2
7d50a6cb6f66b607ec7195c7dac05592e2e09442ddb54fd39b340a0297ca24de
7d9cf81ca2cac297b6c39a2560cf6f5fe130d1d67c0e8481bfb9dbb8a2d96b9c
815cafd7fe760ca1a8fb09b46ae48fa7a5b341b0fcde026d583744d68ddbcc12
85502b52da9b5f99e088959d18e664b5974fe9d21ed0e3b3e5a9b0e61eb6c384
88cd43c3f5453f7b4db2cbe884b47db3c8317860a2ce6e9b2bc934ff4b8e32eb
91c5cb10f3cb331e0168f674b86f9ecf209a38b6763cb39da3aa6397971efabe
9d85b421ede55588adb13e1ef0c1bdc70c19717a6bce4a1a72d334cb49f52b8c
b6c8d7407143afc1471e0e21cbaf21feeeeb4d49c49a4ccc833f2dd2b10c74e2
bc365a20c44cbb2689becf42dc5777028663f01cb9ee7998a48c80b23bef29f9
c2d79eb57a1490c0c64e6db57235c820e3be6ea937340a24f460eb78bba3ac94
cb725f174a86bcf23b5b9f53e5b60d53eaa1524f88f4dcec165670a3b0eb6c2c
d71fb752bc1ddebdc8753fa4706280f90e0f03191e610cf65428c34804365e1b
dfbfc72e2b282d309847621829b78cc68d8dc1e7e1a79899e7846935c18c1969
f57655df3dc590783ad3e2257b2c74c441b0bd38edd32476a16023e6bd0c983f