outlook.live.com.office.mcafeedemo.rockyseo.myshn.net
Open in
urlscan Pro
44.242.128.240
Malicious Activity!
Public Scan
Effective URL: https://outlook.live.com.office.mcafeedemo.rockyseo.myshn.net/owa/
Submission: On December 01 via api from JP — Scanned from JP
Summary
TLS certificate: Issued by GlobalSign RSA OV SSL CA 2018 on December 1st 2022. Valid for: a year.
This is the only time outlook.live.com.office.mcafeedemo.rockyseo.myshn.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Outlook (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 14 | 44.241.184.14 44.241.184.14 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 44.242.128.240 44.242.128.240 | 16509 (AMAZON-02) (AMAZON-02) | |
15 | 3 |
ASN16509 (AMAZON-02, US)
PTR: ec2-44-241-184-14.us-west-2.compute.amazonaws.com
security.live.com.office.mcafeedemo.rockyseo.myshn.net | |
ow2.res.office365.com.office.mcafeedemo.rockyseo.myshn.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-44-242-128-240.us-west-2.compute.amazonaws.com
outlook.live.com.office.mcafeedemo.rockyseo.myshn.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
myshn.net
1 redirects
security.live.com.office.mcafeedemo.rockyseo.myshn.net outlook.live.com.office.mcafeedemo.rockyseo.myshn.net az725175.vo.msecnd.net.office.mcafeedemo.rockyseo.myshn.net Failed ow2.res.office365.com.office.mcafeedemo.rockyseo.myshn.net |
864 KB |
15 | 1 |
Domain | Requested by | |
---|---|---|
13 | ow2.res.office365.com.office.mcafeedemo.rockyseo.myshn.net |
outlook.live.com.office.mcafeedemo.rockyseo.myshn.net
|
1 | outlook.live.com.office.mcafeedemo.rockyseo.myshn.net | |
1 | security.live.com.office.mcafeedemo.rockyseo.myshn.net | 1 redirects |
0 | az725175.vo.msecnd.net.office.mcafeedemo.rockyseo.myshn.net Failed |
outlook.live.com.office.mcafeedemo.rockyseo.myshn.net
|
15 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
office.mcafeedemo.rockyseo.myshn.net GlobalSign RSA OV SSL CA 2018 |
2022-12-01 - 2024-01-02 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://outlook.live.com.office.mcafeedemo.rockyseo.myshn.net/owa/
Frame ID: 9FCB1C853DA0E8051BBE912DAF81C2D6
Requests: 15 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://security.live.com.office.mcafeedemo.rockyseo.myshn.net/
HTTP 301
https://outlook.live.com.office.mcafeedemo.rockyseo.myshn.net/owa/ Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://security.live.com.office.mcafeedemo.rockyseo.myshn.net/
HTTP 301
https://outlook.live.com.office.mcafeedemo.rockyseo.myshn.net/owa/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
outlook.live.com.office.mcafeedemo.rockyseo.myshn.net/owa/ Redirect Chain
|
40 KB 11 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
jsll-4.js
az725175.vo.msecnd.net.office.mcafeedemo.rockyseo.myshn.net/scripts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vh-check.min.js
ow2.res.office365.com.office.mcafeedemo.rockyseo.myshn.net/owalanding/2022.9.20.02/javascripts/ |
899 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.6.0.min.js
ow2.res.office365.com.office.mcafeedemo.rockyseo.myshn.net/owalanding/2022.9.20.02/javascripts/ |
87 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lazyload.min.js
ow2.res.office365.com.office.mcafeedemo.rockyseo.myshn.net/owalanding/2022.9.20.02/javascripts/ |
5 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.onscreen.js
ow2.res.office365.com.office.mcafeedemo.rockyseo.myshn.net/owalanding/2022.9.20.02/javascripts/ |
6 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
device-utils.js
ow2.res.office365.com.office.mcafeedemo.rockyseo.myshn.net/owalanding/2022.9.20.02/javascripts/ |
781 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dom-scripts.js
ow2.res.office365.com.office.mcafeedemo.rockyseo.myshn.net/owalanding/2022.9.20.02/javascripts/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
compiled.css
ow2.res.office365.com.office.mcafeedemo.rockyseo.myshn.net/owalanding/2022.9.20.02/stylesheets/ |
105 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mobile-scenario-triptych-android-01.png
ow2.res.office365.com.office.mcafeedemo.rockyseo.myshn.net/owalanding/2022.9.20.02/images/ |
82 KB 83 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mobile-scenario-triptych-android-02.png
ow2.res.office365.com.office.mcafeedemo.rockyseo.myshn.net/owalanding/2022.9.20.02/images/ |
85 KB 85 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mobile-scenario-triptych-android-03.png
ow2.res.office365.com.office.mcafeedemo.rockyseo.myshn.net/owalanding/2022.9.20.02/images/ |
77 KB 77 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mobile-scenario-triptych-ios-01.png
ow2.res.office365.com.office.mcafeedemo.rockyseo.myshn.net/owalanding/2022.9.20.02/images/ |
266 KB 267 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mobile-scenario-triptych-ios-02.png
ow2.res.office365.com.office.mcafeedemo.rockyseo.myshn.net/owalanding/2022.9.20.02/images/ |
198 KB 199 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mobile-scenario-triptych-ios-03.png
ow2.res.office365.com.office.mcafeedemo.rockyseo.myshn.net/owalanding/2022.9.20.02/images/ |
85 KB 86 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- az725175.vo.msecnd.net.office.mcafeedemo.rockyseo.myshn.net
- URL
- https://az725175.vo.msecnd.net.office.mcafeedemo.rockyseo.myshn.net/scripts/jsll-4.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Outlook (Online)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
outlook.live.com.office.mcafeedemo.rockyseo.myshn.net/ | Name: ClientId Value: 6A4C290A56284B669706CC4168223F81 |
|
.live.com.office.mcafeedemo.rockyseo.myshn.net/ | Name: logonLatency Value: LGN01=638054702476994179 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
X-Content-Type-Options | nosniff |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
az725175.vo.msecnd.net.office.mcafeedemo.rockyseo.myshn.net
outlook.live.com.office.mcafeedemo.rockyseo.myshn.net
ow2.res.office365.com.office.mcafeedemo.rockyseo.myshn.net
security.live.com.office.mcafeedemo.rockyseo.myshn.net
az725175.vo.msecnd.net.office.mcafeedemo.rockyseo.myshn.net
44.241.184.14
44.242.128.240
0a578abe8f72ec3b12545c88589b6f5977cec529d8a3b019268368e71cf1cc4e
0e7e3614409fdc1c45e322e7da56da4d529ebcbdac154bcc3da8353985e5b8f2
0f536c3e41fa697f72975955796ab70428bd2cd57605a72e2ee2c73697d0175c
13e8e3a74cce3422361296647326cdbc26ec35edfba0978df2373cb5084281bc
3d537fb9e273d85d6003624569dd8ed7db095a1ed6cf4988e4c498e112ee236b
4fdd6e4cb2c2a3940a3425018c99115cce42bfb99e2eab44aef5ac10ab5c45aa
558d8b7bd64db0779111105432910945d802cbe1e236341f37e5b1d1f9a6f009
5707747b4121c88eaf38ecaca02bc74495008df9dfce23a00177ffe8db4366a1
8c07b86a081e65e922020324f7be8133c7077926373b7c7e2add9cb009fc445f
8ffc26efed96228373a1b47b819f84dfc6e6b14e05289ab7fd41ed85c0bd0864
9bca45a8af173301105f3817ec04e9746ac6fc948862f72b14ca054709831d59
a768cb0bec908d25f90847eca4def8ce690fdd268b73c6c1adf6c2ca0b52a3c0
c3bf32ab9960748430a62f0d709a13e410dddee3ac6f10950d94337b49355d6b
e439f95877097c81c33c8ad37d9ddec0c17f572f96703738f6fd90583fc1c283