asbigastexas.com
Open in
urlscan Pro
216.222.194.4
Malicious Activity!
Public Scan
Effective URL: https://asbigastexas.com/unblock-update/sharep/upis/admn/figure/
Submission: On September 27 via manual from US
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on September 9th 2018. Valid for: 3 months.
This is the only time asbigastexas.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Office 365 (Online) Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2400:cb00:204... 2400:cb00:2048:1::6814:da2a | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
15 | 216.222.194.4 216.222.194.4 | 17054 (AS17054) (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA) | |
4 | 2a02:26f0:6c0... 2a02:26f0:6c00:291::35c1 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
2 | 184.31.91.18 184.31.91.18 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
5 | 46.137.81.30 46.137.81.30 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
1 | 2603:1026:208... 2603:1026:208:15::2 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation) | |
7 | 2a02:26f0:6c0... 2a02:26f0:6c00:288::753 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 1 | 52.42.127.208 52.42.127.208 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
1 1 | 52.43.16.30 52.43.16.30 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
1 | 52.30.5.88 52.30.5.88 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
4 12 | 184.31.93.109 184.31.93.109 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
43 | 8 |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
tinyurl.com |
ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US)
PTR: vmcp05.myhostcenter.com
asbigastexas.com |
ASN20940 (AKAMAI-ASN1, US)
secure.aadcdn.microsoftonline-p.com |
ASN20940 (AKAMAI-ASN1, US)
PTR: a184-31-91-18.deploy.static.akamaitechnologies.com
deluxe.script.ag |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-46-137-81-30.eu-west-1.compute.amazonaws.com
s.thebrighttag.com |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
outlook.office365.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-42-127-208.us-west-2.compute.amazonaws.com
live.rezync.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-43-16-30.us-west-2.compute.amazonaws.com
live.rezync.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-30-5-88.eu-west-1.compute.amazonaws.com
s.thebrighttag.com |
ASN20940 (AKAMAI-ASN1, US)
PTR: a184-31-93-109.deploy.static.akamaitechnologies.com
px.owneriq.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
asbigastexas.com
asbigastexas.com |
3 MB |
12 |
owneriq.net
4 redirects
px.owneriq.net |
8 KB |
8 |
office365.com
outlook.office365.com r1.res.office365.com |
647 KB |
6 |
thebrighttag.com
s.thebrighttag.com |
6 KB |
4 |
microsoftonline-p.com
secure.aadcdn.microsoftonline-p.com |
206 KB |
2 |
rezync.com
2 redirects
live.rezync.com |
1 KB |
2 |
script.ag
deluxe.script.ag |
12 KB |
1 |
tinyurl.com
1 redirects
tinyurl.com |
421 B |
43 | 8 |
Domain | Requested by | |
---|---|---|
15 | asbigastexas.com |
asbigastexas.com
|
12 | px.owneriq.net |
4 redirects
asbigastexas.com
px.owneriq.net |
7 | r1.res.office365.com |
asbigastexas.com
|
6 | s.thebrighttag.com |
deluxe.script.ag
|
4 | secure.aadcdn.microsoftonline-p.com |
asbigastexas.com
|
2 | live.rezync.com | 2 redirects |
2 | deluxe.script.ag |
asbigastexas.com
|
1 | outlook.office365.com |
asbigastexas.com
|
1 | tinyurl.com | 1 redirects |
43 | 9 |
This site contains links to these domains. Also see Links.
Domain |
---|
passwordreset.microsoftonline.com |
login.live.com |
www.microsoft.com |
privacy.microsoft.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
asbigastexas.com cPanel, Inc. Certification Authority |
2018-09-09 - 2018-12-08 |
3 months | crt.sh |
secure.aadcdn.microsoftonline-p.com Microsoft IT TLS CA 1 |
2017-08-15 - 2019-08-15 |
2 years | crt.sh |
cl.script.ag Let's Encrypt Authority X3 |
2018-08-01 - 2018-10-30 |
3 months | crt.sh |
*.thebrighttag.com DigiCert SHA2 Secure Server CA |
2018-04-04 - 2020-04-03 |
2 years | crt.sh |
outlook.com DigiCert Cloud Services CA-1 |
2018-08-01 - 2020-08-01 |
2 years | crt.sh |
*.res.outlook.com Microsoft IT TLS CA 5 |
2017-11-27 - 2019-11-27 |
2 years | crt.sh |
*.owneriq.net GeoTrust RSA CA 2018 |
2018-01-24 - 2019-01-24 |
a year | crt.sh |
This page contains 5 frames:
Primary Page:
https://asbigastexas.com/unblock-update/sharep/upis/admn/figure/
Frame ID: 505B2BE107E907B6E4C9ABAF53A4E6C5
Requests: 18 HTTP requests in this frame
Frame:
https://asbigastexas.com/unblock-update/sharep/upis/admn/figure/Sign%20in%20to%20your%20account_files/prefetch.htm
Frame ID: 792AF37894907F38E847E80A1515348B
Requests: 22 HTTP requests in this frame
Frame:
https://outlook.office365.com/owa/prefetch.aspx
Frame ID: A166BE7E2EEF327B30ED39B07B128BF2
Requests: 1 HTTP requests in this frame
Frame:
https://px.owneriq.net/noop?ct=text%2Fhtml
Frame ID: 429AF5FE583254E4BE8853F08AE87ADE
Requests: 1 HTTP requests in this frame
Frame:
https://px.owneriq.net/noop?ct=text%2Fhtml
Frame ID: 57A0695D29532BA025AEE4EF3EA401BE
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://tinyurl.com/yad4galy
HTTP 301
https://asbigastexas.com/unblock-update/sharep/upis/admn/figure/ Page URL
Detected technologies
UNIX (Operating Systems) ExpandDetected patterns
- headers server /Unix/i
OpenSSL (Web Server Extensions) Expand
Detected patterns
- headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i
mod_ssl (Web Server Extensions) Expand
Detected patterns
- headers server /mod_ssl(?:\/([\d.]+))?/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
- headers server /mod_ssl(?:\/([\d.]+))?/i
HeadJS (JavaScript Libraries) Expand
Detected patterns
- env /^head$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
Title: Can't access your account?
Search URL Search Domain Scan URL
Title: Sign in with a Microsoft account
Search URL Search Domain Scan URL
Title: Terms of use
Search URL Search Domain Scan URL
Title: Privacy & Cookies
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://tinyurl.com/yad4galy
HTTP 301
https://asbigastexas.com/unblock-update/sharep/upis/admn/figure/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 25- https://live.rezync.com/sync?c=ef15e91f7672c7df032874c1f72a6eb0&p=31b1575897952390b0a28e1ab52086f4 HTTP 302
- https://s.thebrighttag.com/px?site=DbKyKJ7&referrer=d_px&d_c=7c31fcbc-e60e-468d-9600-1c477814bdc6%3A1538073810.98&geo=US
- https://live.rezync.com/sync?c=ef15e91f7672c7df032874c1f72a6eb0&p=31b1575897952390b0a28e1ab52086f4 HTTP 302
- https://s.thebrighttag.com/px?site=DbKyKJ7&referrer=d_px&d_c=46aa0daf-6899-404b-a182-07b24a0741f9%3A1538073810.99&geo=US
- https://px.owneriq.net/eps?pt=b9r11j&pid=7831&uid=Q5913602102140981313J&l=true HTTP 302
- https://px.owneriq.net/noop?ct=text%2Fhtml
- https://px.owneriq.net/ep?sid%5B%5D=9383914557&sid%5B%5D=9383914567&sid%5B%5D=9383914572&sid%5B%5D=7835702862&sid%5B%5D=8269461322&pt=b9r11j&uid=Q5913602102140981313J&jcs=1 HTTP 302
- https://px.owneriq.net/noop?ct=text%2Fhtml
- https://px.owneriq.net/eps?pt=b9r11j&pid=7831&uid=Q5913602101677068775J&l=true HTTP 302
- https://px.owneriq.net/noop?ct=text%2Fhtml
- https://px.owneriq.net/ep?sid%5B%5D=9383677272&sid%5B%5D=9383677277&sid%5B%5D=9383677282&sid%5B%5D=7835702862&sid%5B%5D=8269461322&pt=b9r11j&uid=Q5913602101677068775J&jcs=1 HTTP 302
- https://px.owneriq.net/noop?ct=text%2Fhtml
43 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
asbigastexas.com/unblock-update/sharep/upis/admn/figure/ Redirect Chain
|
40 KB 40 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.css
asbigastexas.com/unblock-update/sharep/upis/admn/figure/Sign%20in%20to%20your%20account_files/ |
21 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login_hover.css
asbigastexas.com/unblock-update/sharep/upis/admn/figure/Sign%20in%20to%20your%20account_files/ |
89 B 430 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js
asbigastexas.com/unblock-update/sharep/upis/admn/figure/Sign%20in%20to%20your%20account_files/ |
107 KB 107 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
aad.js
asbigastexas.com/unblock-update/sharep/upis/admn/figure/Sign%20in%20to%20your%20account_files/ |
164 KB 164 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
heroillustration.jpg
asbigastexas.com/unblock-update/sharep/upis/admn/figure/Sign%20in%20to%20your%20account_files/ |
199 KB 199 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bannerlogo.png
asbigastexas.com/unblock-update/sharep/upis/admn/figure/Sign%20in%20to%20your%20account_files/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
microsoft_logo.png
secure.aadcdn.microsoftonline-p.com/ests/2.1.6102.15/content/images/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login_hover.min.css
secure.aadcdn.microsoftonline-p.com/ests/2.1.4653.2/content/cdnbundles/ |
89 B 548 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
prefetch.htm
asbigastexas.com/unblock-update/sharep/upis/admn/figure/Sign%20in%20to%20your%20account_files/ Frame 792A |
4 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tag.js
deluxe.script.ag/ |
34 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bannerlogo
secure.aadcdn.microsoftonline-p.com/dbd5a2dd-uymyxxfhpwrbckvwvlxle8radh6vkzaj7cwkqpqixg/appbranding/npdp3ivuhlrwvd1ynsq0x-mjc7zhvnj0i7k676ppafa/0/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
heroillustration
secure.aadcdn.microsoftonline-p.com/dbd5a2dd-uymyxxfhpwrbckvwvlxle8radh6vkzaj7cwkqpqixg/appbranding/npdp3ivuhlrwvd1ynsq0x-mjc7zhvnj0i7k676ppafa/0/ |
199 KB 199 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tag
s.thebrighttag.com/ |
6 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
boot.js
asbigastexas.com/unblock-update/sharep/upis/admn/figure/Sign%20in%20to%20your%20account_files/prefetch_data/ Frame 792A |
610 KB 610 KB |
Stylesheet
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
boot_003.js
asbigastexas.com/unblock-update/sharep/upis/admn/figure/Sign%20in%20to%20your%20account_files/prefetch_data/ Frame 792A |
608 KB 608 KB |
Stylesheet
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
boot_004.js
asbigastexas.com/unblock-update/sharep/upis/admn/figure/Sign%20in%20to%20your%20account_files/prefetch_data/ Frame 792A |
609 KB 609 KB |
Stylesheet
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
boot_002.js
asbigastexas.com/unblock-update/sharep/upis/admn/figure/Sign%20in%20to%20your%20account_files/prefetch_data/ Frame 792A |
610 KB 610 KB |
Stylesheet
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sprite1.png
asbigastexas.com/unblock-update/sharep/upis/admn/figure/Sign%20in%20to%20your%20account_files/prefetch_data/ Frame 792A |
17 KB 17 KB |
Stylesheet
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sprite1.css
asbigastexas.com/unblock-update/sharep/upis/admn/figure/Sign%20in%20to%20your%20account_files/prefetch_data/ Frame 792A |
7 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
boot.css
asbigastexas.com/unblock-update/sharep/upis/admn/figure/Sign%20in%20to%20your%20account_files/prefetch_data/ Frame 792A |
178 KB 178 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
prefetch.aspx
outlook.office365.com/owa/ Frame A166 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tag.js
deluxe.script.ag/ Frame 792A |
34 KB 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tag
s.thebrighttag.com/ Frame 792A |
6 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
boot.worldwide.0.mouse.js
r1.res.office365.com/owa/prem/16.1389.11.2087567/scripts/ Frame 792A |
610 KB 166 KB |
Stylesheet
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tag
s.thebrighttag.com/ Frame 792A |
625 B 802 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
px
s.thebrighttag.com/ Frame 792A Redirect Chain
|
35 B 353 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
px
s.thebrighttag.com/ Redirect Chain
|
35 B 353 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tag
s.thebrighttag.com/ |
625 B 802 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
b9r11j.js
px.owneriq.net/stas/s/ Frame 792A |
15 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
px.owneriq.net/j/ Frame 792A |
888 B 845 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
noop
px.owneriq.net/ Frame 429A Redirect Chain
|
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
noop
px.owneriq.net/ Frame 792A Redirect Chain
|
0 287 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
b9r11j.js
px.owneriq.net/stas/s/ |
15 KB 0 |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
px.owneriq.net/j/ |
888 B 843 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
noop
px.owneriq.net/ Frame 57A0 Redirect Chain
|
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
noop
px.owneriq.net/ Redirect Chain
|
0 287 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
boot.worldwide.1.mouse.js
r1.res.office365.com/owa/prem/16.1389.11.2087567/scripts/ Frame 792A |
608 KB 150 KB |
Stylesheet
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
boot.worldwide.2.mouse.js
r1.res.office365.com/owa/prem/16.1389.11.2087567/scripts/ Frame 792A |
609 KB 156 KB |
Stylesheet
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
boot.worldwide.3.mouse.js
r1.res.office365.com/owa/prem/16.1389.11.2087567/scripts/ Frame 792A |
610 KB 132 KB |
Stylesheet
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sprite1.mouse.png
r1.res.office365.com/owa/prem/16.1389.11.2087567/resources/images/0/ Frame 792A |
17 KB 17 KB |
Stylesheet
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sprite1.mouse.css
r1.res.office365.com/owa/prem/16.1389.11.2087567/resources/images/0/ Frame 792A |
7 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
boot.worldwide.mouse.css
r1.res.office365.com/owa/prem/16.1389.11.2087567/resources/styles/0/ Frame 792A |
178 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Office 365 (Online) Microsoft (Consumer)94 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| $Config object| $Do object| $WebWatson function| GetString function| GetErrorString function| GetUrl object| $B boolean| isTouch string| cssId object| head object| link undefined| msViewportStyle function| $ function| jQuery function| pageOnReady object| MSLogin object| proxy object| ErrorCodes object| Constants object| Context object| Background object| Logo object| Instrument object| User object| tenant_info object| EmailDiscovery function| origHide function| origShow function| origAddClass function| origRemoveClass object| Support object| MSLogout object| ThirdPartyCookieStates object| PostType object| LoginOption object| Post object| TenantBranding object| users object| Tiles object| $Debug object| $Api object| jQuery111205789966343503099 object| StrongAuthCheck object| Util object| WindowsBrowserSso object| body function| bt_eval function| bt_parameter function| bt_meta function| bt_cookie function| bt_data function| bt_log function| bt_handle_exception undefined| _bt_url_prefix undefined| _bt_referrer undefined| _bt_site undefined| _bt_mode function| btServe function| bt_data_escaped object| BrightTag object| _oiqq function| oiq_send_logging_error function| oiq_addPageMfg function| oiq_addPageBrand function| oiq_addPageDT function| oiq_addPageCat function| oiq_addPageProduct function| oiq_addPageSource function| oiq_addPageLifecycle function| oiq_addUserId function| oiq_addCustomKVP function| oiq_pushDCT function| oiq_ddPush function| oiq_is function| oiq_iifr function| oiq_sha256 function| oiq_md5 function| oiq_doTag boolean| _oiq_fps_js undefined| oiq_key object| t function| f function| oiq_getRefererImgURL function| oiq_parseURL function| oiq_findQueryArgument object| OIQLogging function| oiq_ii function| oiq_log_event object| oiq_pt string| oiq_uid number| _oiqSC object| oiq_pSource string| oiq_img_src_0 undefined| oiq_i_07 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
outlook.office365.com/ | Name: OWAPF Value: p:1&v:16.2555.9.2611443&l:mouse& |
|
outlook.office365.com/ | Name: ClientId Value: 54B68DC009B44539B7C689E1BE2245EA |
|
outlook.office365.com/ | Name: OIDC Value: 1 |
|
asbigastexas.com/ | Name: btpdb.0M6ZVb2.dGZjLjYwOTQyODU Value: VVNFUg |
|
asbigastexas.com/ | Name: btpdb.0M6ZVb2.dGZjLjYwOTQyOTk Value: U0VTU0lPTg |
|
asbigastexas.com/ | Name: btpdb.0M6ZVb2.dGZjLjYwOTQyNzg Value: REFZUw |
|
asbigastexas.com/ | Name: btpdb.0M6ZVb2.dGZjLjY2OTQ3NDY Value: SE9VUlM |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
asbigastexas.com
deluxe.script.ag
live.rezync.com
outlook.office365.com
px.owneriq.net
r1.res.office365.com
s.thebrighttag.com
secure.aadcdn.microsoftonline-p.com
tinyurl.com
184.31.91.18
184.31.93.109
216.222.194.4
2400:cb00:2048:1::6814:da2a
2603:1026:208:15::2
2a02:26f0:6c00:288::753
2a02:26f0:6c00:291::35c1
46.137.81.30
52.30.5.88
52.42.127.208
52.43.16.30
0c24e7b367b98461be6d7f161afb474a868af67fff3c726e34a7457c904e9af9
14d4e89d55b1f962a895050b05a52c71c399a59764bbf5649ec09a72cd64fdbe
15f6c0df09cd41626f2190908edd91543f3199f55b58860edb6d60120e15faac
17847032fcfccc743e8c8c345d66b870e3dbfb4ab84eea70389b3730d262d6cf
1c5b35d58708fef1d20982144818440f686f93745fb46e724ac457c90c02dbde
29b0b8c9f52e317ece7329506afa2085db2bb42466e17cba8b0d6d7df8d6895c
2c0c55ad4b496a3fd2f63d33372632c2d5175cdc005b1ec4ed7c7c3139f2f760
651e9d3e0c636b1f1080012ca5283b89ce6283bb3a8b3b2be479c9dcc575dc75
6fb48083f76fce3fb1e55f4ba99f7a80bbb74a51242c088eea3cc5191d55011e
70376375d7c956047bbd08eb168049a3cbe6e955e1c31f773ca1bebe128bf03e
76cac9ec70a44c80830f3027a28f28b2b624fe8119a72885e5aae866aba74cba
7e50e406688bd898803f653058d14ca384734cb9b39ba900bc5e2734b59c073b
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
9010b7166a4401bbfd970e21efd937c7be1fdd4004d0a5abbd289ce08089acdd
91c2b74542e11d0278e02715a980b39582eae2e3b519ddd2d4f9ca939e58109c
99722099e48f952b93c648fc74432bfe7edd3b0127775639701e6051be47a8f1
9fdb62c92091b48f08570b19077d643a182799347c2bcdf77ca610bddad3cbe6
aaf975e8d1a23a36967526e3406526e48856f3ffd78cf22e57930de26faa59c5
c3c006714198d9f762df7c89b708d14ba1715094b82d4390663c0d94fb600b90
c926ede3a9b3a6d8bfd123479367e378efefefb22a8e936b73c58b3c78137dea
d83b628407a21e171eab4ebd3baa638ecda547d65cc8d7d4443939e5ec3a0c41
db1e25d83282638169f11c96a42a5327f04100ae0cf9c0f39dd59cad1b69e4be
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f664b8138c2da6ec7565500a7cc839da6372614a31dc04c5a2169a26b8d9767c
fc5c3d7d2b298a42ec44dad2d8cd227b734db966b4afa68c0254a497e805f603