outlook-mail-25.azurewebsites.net
Open in
urlscan Pro
13.89.172.5
Malicious Activity!
Public Scan
Effective URL: https://outlook-mail-25.azurewebsites.net/?email=brandee.martin@blockadvisors.com
Submission: On April 17 via manual from US
Summary
TLS certificate: Issued by Microsoft IT TLS CA 5 on September 24th 2019. Valid for: 2 years.
This is the only time outlook-mail-25.azurewebsites.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 167.89.115.54 167.89.115.54 | 11377 (SENDGRID) (SENDGRID) | |
1 1 | 3.220.109.66 3.220.109.66 | 14618 (AMAZON-AES) (AMAZON-AES) | |
4 | 13.89.172.5 13.89.172.5 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
4 | 151.101.112.193 151.101.112.193 | 54113 (FASTLY) (FASTLY) | |
4 | 152.199.23.37 152.199.23.37 | 15133 (EDGECAST) (EDGECAST) | |
2 | 2620:1ec:bdf::10 2620:1ec:bdf::10 | 8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
14 | 4 |
ASN11377 (SENDGRID, US)
PTR: o16789115x54.outbound-mail.sendgrid.net
u15821084.ct.sendgrid.net |
ASN14618 (AMAZON-AES, US)
PTR: ec2-3-220-109-66.compute-1.amazonaws.com
app.nutshell.com |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
outlook-mail-25.azurewebsites.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
msftauth.net
aadcdn.msftauth.net |
2 KB |
4 |
imgur.com
i.imgur.com |
278 KB |
4 |
azurewebsites.net
outlook-mail-25.azurewebsites.net |
26 KB |
2 |
msauth.net
aadcdn.msauth.net |
30 KB |
1 |
nutshell.com
1 redirects
app.nutshell.com |
340 B |
1 |
sendgrid.net
1 redirects
u15821084.ct.sendgrid.net |
319 B |
14 | 6 |
Domain | Requested by | |
---|---|---|
4 | aadcdn.msftauth.net |
outlook-mail-25.azurewebsites.net
|
4 | i.imgur.com |
outlook-mail-25.azurewebsites.net
|
4 | outlook-mail-25.azurewebsites.net |
outlook-mail-25.azurewebsites.net
|
2 | aadcdn.msauth.net |
outlook-mail-25.azurewebsites.net
|
1 | app.nutshell.com | 1 redirects |
1 | u15821084.ct.sendgrid.net | 1 redirects |
14 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.azurewebsites.net Microsoft IT TLS CA 5 |
2019-09-24 - 2021-09-24 |
2 years | crt.sh |
*.imgur.com DigiCert SHA2 Secure Server CA |
2020-01-15 - 2022-03-16 |
2 years | crt.sh |
aadcdn.msftauth.net Microsoft IT TLS CA 5 |
2018-11-07 - 2020-11-07 |
2 years | crt.sh |
aadcdn.msauth.net Microsoft IT TLS CA 4 |
2018-11-07 - 2020-11-07 |
2 years | crt.sh |
This page contains 2 frames:
Primary Page:
https://outlook-mail-25.azurewebsites.net/?email=brandee.martin@blockadvisors.com
Frame ID: 32714CAF432046DB6F5D30ACA4319294
Requests: 13 HTTP requests in this frame
Frame:
https://outlook-mail-25.azurewebsites.net/index_1.html
Frame ID: 7F95366CCE367296B02152924BC43D23
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://u15821084.ct.sendgrid.net/ls/click?upn=rSRwjz-2BEFahIMxv10h3JxHtqmu5dEw6nQlvaD02LzyX2kQ4f-2FkQmBPB8V2e...
HTTP 302
https://app.nutshell.com/email/click/127951/318646/7864f69253b349ee20e3ac30ec52e1b9921643e72edb5b84d6... HTTP 302
https://outlook-mail-25.azurewebsites.net/?email=brandee.martin@blockadvisors.com Page URL
Detected technologies
Windows Server (Operating Systems) ExpandDetected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
IIS (Web Servers) Expand
Detected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://u15821084.ct.sendgrid.net/ls/click?upn=rSRwjz-2BEFahIMxv10h3JxHtqmu5dEw6nQlvaD02LzyX2kQ4f-2FkQmBPB8V2e4YuGgdlrOAAhq-2Fqihunysqqvp37zYcc9eR01AUcJD9pOQYIVRLcLOaEP7F1zrM9karBGQUROKKhnwHBz6pa6RT-2FiZm7QYx46t2CYY9y4DkMtQlW8-3DKlbd_IV4x5SShmRN3iVDkbvLI8PxqxtHnhJZFY9qWmDaMEAJD3UOSxOi0MEnKf-2BRTw8Xukrh8XdEkqazoOjFl2-2FPdx139Vu2dSKe5jej5gfwp5VQSlicAQ1Nu8tU4p0w2p5gzEQD8yFhvCg4lDuMTdaqzlmsWu2hg1lBZg597fxsWhbJGKZ8mDc4Q8Gc22hyJGxE-2FhQLXtSvcf9coZOiu90mPzPlDR9Y0w73pWnJWg-2BSBxhA-3D
HTTP 302
https://app.nutshell.com/email/click/127951/318646/7864f69253b349ee20e3ac30ec52e1b9921643e72edb5b84d63860cac170d8fd HTTP 302
https://outlook-mail-25.azurewebsites.net/?email=brandee.martin@blockadvisors.com Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
/
outlook-mail-25.azurewebsites.net/ Redirect Chain
|
26 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js
outlook-mail-25.azurewebsites.net/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
converged.v2.login.min_50vzauwvxyzipxbkbzkzpg2.css
outlook-mail-25.azurewebsites.net/ |
99 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mlOIhll.png
i.imgur.com/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SxJRwP7.png
i.imgur.com/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
picker_account_aad_9de70d1c5191d1852a0d5aac28b44a6c.svg
aadcdn.msftauth.net/ests/2.1/content/images/ |
756 B 786 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
picker_more_7568a43cf440757c55d2e7f51557ae1f.svg
aadcdn.msftauth.net/ests/2.1/content/images/ |
899 B 408 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
picker_account_add_56e73414003cdb676008ff7857343074.svg
aadcdn.msftauth.net/ests/2.1/content/images/ |
222 B 334 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ellipsis_white_5ac590ee72bfe06a7cecfd75b588ad73.svg
aadcdn.msftauth.net/ests/2.1/content/images/ |
915 B 414 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
converged.v2.login.min_50vzauwvxyzipxbkbzkzpg2.css
aadcdn.msauth.net/ests/2.1/content/cdnbundles/ |
0 19 KB |
Other
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ux.converged.login.strings-en.min_k0kzc1t8sf_bjqqlvfbktq2.js
aadcdn.msauth.net/ests/2.1/content/cdnbundles/ |
0 12 KB |
Other
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hVEHZRR.jpg
i.imgur.com/ |
602 B 756 B |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dAoJOh5.jpg
i.imgur.com/ |
273 KB 274 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index_1.html
outlook-mail-25.azurewebsites.net/ Frame 7F95 |
103 B 263 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| getQueryString function| index5function1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.outlook-mail-25.azurewebsites.net/ | Name: ARRAffinity Value: 95ba24f60242a899eb8a2c9caf13e3ff7d28b7efcb73a89e5909abb89b811d04 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aadcdn.msauth.net
aadcdn.msftauth.net
app.nutshell.com
i.imgur.com
outlook-mail-25.azurewebsites.net
u15821084.ct.sendgrid.net
13.89.172.5
151.101.112.193
152.199.23.37
167.89.115.54
2620:1ec:bdf::10
3.220.109.66
0d6264d8dd920f797b600878f7a964792a625b7574bf3765f165db373382436f
175986272200fb72da9a598d30016bbda9ddcaa9e6e3f07eb94bc74196d4b805
5d3357bd875b7335ace42e8ee3a64578e4253bed1a4e279109de403eedae3a69
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea
749f85621d92a5b31b2a377a8c385a36d48a83327dad9a8a8da93cd831b8c9a2
90b2d35cd5e08370ed20db81197dd9da1a4dbb421f71293fd5733ea49eb7b3e1
b5d587f6c48a9b22bbe97150249e0c0655ac1780bd273431480a22f8a5bfef6c
b7fcd37eaafe3f08647ed072d5289eadfff6c660a26cdef31532b3fcfb4a0bb2
c994b23755a95cd0a30063bb2f56037e5a121c3a7a6b15dd2f37a3a3f95ed931
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3e1a3fdc2a06f30e03ee7c32ff1bc243c74fb7e5baa0f826f68fcb927a782a4
ecc685ca21e268a74a0aad4ae1bf40cd2869bd092cbd0b8cd8945f113bebd92d