urlscan.io logo urlscan.io
SecurityTrails logo

ms-outlookpostmaster.rpeninsulares.com Open in urlscan Pro
174.136.25.66  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://latur.com/targest
Effective URL: https://ms-outlookpostmaster.rpeninsulares.com/
Submission: On August 08 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 11 HTTP transactions. The main IP is 174.136.25.66, located in United States and belongs to AS17378, US. The main domain is ms-outlookpostmaster.rpeninsulares.com.
TLS certificate: Issued by R3 on August 7th 2023. Valid for: 3 months.
This is the only time ms-outlookpostmaster.rpeninsulares.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 3 119.18.48.91 394695 (PUBLIC-DO...)
7 174.136.25.66 17378 (AS17378)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 104.237.62.211 18450 (WEBNX)
11 5
Apex Domain
Subdomains		 Transfer
7 rpeninsulares.com
ms-outlookpostmaster.rpeninsulares.com
857 KB
3 latur.com
latur.com
2 KB
1 ipify.org
api.ipify.org — Cisco Umbrella Rank: 2694
219 B
1 ipapi.co
ipapi.co — Cisco Umbrella Rank: 16277
899 B
11 4
Domain Requested by
7 ms-outlookpostmaster.rpeninsulares.com latur.com
ms-outlookpostmaster.rpeninsulares.com
3 latur.com 1 redirects latur.com
1 api.ipify.org ms-outlookpostmaster.rpeninsulares.com
1 ipapi.co ms-outlookpostmaster.rpeninsulares.com
11 4

This site contains no links.

Subject Issuer Validity Valid
www.ms-outlookpostmaster.rpeninsulares.com
R3		 2023-08-07 -
2023-11-05		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-04-16 -
2024-04-15		 a year crt.sh
*.ipify.org
Sectigo RSA Domain Validation Secure Server CA		 2023-02-07 -
2024-02-18		 a year crt.sh

This page contains 1 frames:

Primary Page: https://ms-outlookpostmaster.rpeninsulares.com/
Frame ID: 824C53C1B9B67C4061FF62DAD48D482D
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

access

Page URL History Show full URLs

  1. http://latur.com/targest HTTP 301
    http://latur.com/targest/ Page URL
  2. http://latur.com/targest/on1.html Page URL
  3. https://ms-outlookpostmaster.rpeninsulares.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <[^>]+\sdata-v(?:ue)?-

Page Statistics

11
Requests

82 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

859 kB
Transfer

858 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://latur.com/targest HTTP 301
    http://latur.com/targest/ Page URL
  2. http://latur.com/targest/on1.html Page URL
  3. https://ms-outlookpostmaster.rpeninsulares.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://latur.com/targest HTTP 301
  • http://latur.com/targest/

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
latur.com/targest/
Redirect Chain
  • http://latur.com/targest
  • http://latur.com/targest/
914 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://latur.com/targest/
Protocol
HTTP/1.1
Server
119.18.48.91 , India, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS
thror.woyaah.com
Software
Apache /
Resource Hash
c7c4669b0e2c7aff09c4322201b945eebbadd4739998f810fe69206101ec6f8c

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
Keep-Alive
Content-Length
914
Content-Type
text/html
Date
Tue, 08 Aug 2023 14:21:59 GMT
Keep-Alive
timeout=5, max=149
Last-Modified
Tue, 08 Aug 2023 12:28:16 GMT
Server
Apache

Redirect headers

Connection
Keep-Alive
Content-Length
233
Content-Type
text/html; charset=iso-8859-1
Date
Tue, 08 Aug 2023 14:21:59 GMT
Keep-Alive
timeout=5, max=150
Location
http://latur.com/targest/
Server
Apache
on1.html
latur.com/targest/ 		226 B
468 B 		Document
General
Check archive.org
Download Go to
Full URL
http://latur.com/targest/on1.html
Requested by
Host: latur.com
URL: http://latur.com/targest/
Protocol
HTTP/1.1
Server
119.18.48.91 , India, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS
thror.woyaah.com
Software
Apache /
Resource Hash

Request headers

Referer
http://latur.com/targest/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
Keep-Alive
Content-Length
226
Content-Type
text/html
Date
Tue, 08 Aug 2023 14:22:01 GMT
Keep-Alive
timeout=5, max=148
Last-Modified
Tue, 08 Aug 2023 12:27:17 GMT
Server
Apache
Primary Request /
ms-outlookpostmaster.rpeninsulares.com/ 		660 B
868 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ms-outlookpostmaster.rpeninsulares.com/
Requested by
Host: latur.com
URL: http://latur.com/targest/on1.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
174.136.25.66 , United States, ASN17378 (AS17378, US),
Reverse DNS
svgs179.serverneubox.com.mx
Software
Apache /
Resource Hash
2975edd994705d4e7761f85b0035bbb3121fbb2e8bfa31fac090c78929501cf9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
http://latur.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
content-length
660
content-type
text/html
date
Tue, 08 Aug 2023 14:22:03 GMT
last-modified
Fri, 16 Jun 2023 11:03:50 GMT
referrer-policy
no-referrer-when-downgrade
server
Apache
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1
chunk-vendors.a9abdb4f.js
ms-outlookpostmaster.rpeninsulares.com/js/ 		235 KB
235 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ms-outlookpostmaster.rpeninsulares.com/js/chunk-vendors.a9abdb4f.js
Requested by
Host: ms-outlookpostmaster.rpeninsulares.com
URL: https://ms-outlookpostmaster.rpeninsulares.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
174.136.25.66 , United States, ASN17378 (AS17378, US),
Reverse DNS
svgs179.serverneubox.com.mx
Software
Apache /
Resource Hash
54ba567019ae9b85d058edbe1d58f457a974c7373798bc5521402b0d481b855a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ms-outlookpostmaster.rpeninsulares.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Tue, 08 Aug 2023 14:22:03 GMT
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 16 Jun 2023 11:03:50 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
application/javascript
accept-ranges
bytes
content-length
240139
x-xss-protection
1
app.bb5fc7f9.js
ms-outlookpostmaster.rpeninsulares.com/js/ 		197 KB
197 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ms-outlookpostmaster.rpeninsulares.com/js/app.bb5fc7f9.js
Requested by
Host: ms-outlookpostmaster.rpeninsulares.com
URL: https://ms-outlookpostmaster.rpeninsulares.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
174.136.25.66 , United States, ASN17378 (AS17378, US),
Reverse DNS
svgs179.serverneubox.com.mx
Software
Apache /
Resource Hash
424cd8da948858b62a4074f4cff2b553d0952183a5b39aa12ac3ddcffd6fb652
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ms-outlookpostmaster.rpeninsulares.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Tue, 08 Aug 2023 14:22:03 GMT
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 28 Jun 2023 23:07:42 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
application/javascript
accept-ranges
bytes
content-length
201717
x-xss-protection
1
chunk-vendors.269fb860.css
ms-outlookpostmaster.rpeninsulares.com/css/ 		257 KB
257 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ms-outlookpostmaster.rpeninsulares.com/css/chunk-vendors.269fb860.css
Requested by
Host: ms-outlookpostmaster.rpeninsulares.com
URL: https://ms-outlookpostmaster.rpeninsulares.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
174.136.25.66 , United States, ASN17378 (AS17378, US),
Reverse DNS
svgs179.serverneubox.com.mx
Software
Apache /
Resource Hash
f7217dbbb757246366eaae3088041d8ded454c0703ed1e86e6a5710e2e4eca25
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ms-outlookpostmaster.rpeninsulares.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Tue, 08 Aug 2023 14:22:03 GMT
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 16 Jun 2023 11:03:50 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
text/css
accept-ranges
bytes
content-length
263056
x-xss-protection
1
app.c09fc91f.css
ms-outlookpostmaster.rpeninsulares.com/css/ 		101 KB
101 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ms-outlookpostmaster.rpeninsulares.com/css/app.c09fc91f.css
Requested by
Host: ms-outlookpostmaster.rpeninsulares.com
URL: https://ms-outlookpostmaster.rpeninsulares.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
174.136.25.66 , United States, ASN17378 (AS17378, US),
Reverse DNS
svgs179.serverneubox.com.mx
Software
Apache /
Resource Hash
7788cd82e04ff5a21e666d9105fb49e0a5897a625d846c2b4b8a3c38e6fbf7e1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ms-outlookpostmaster.rpeninsulares.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Tue, 08 Aug 2023 14:22:03 GMT
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 16 Jun 2023 11:03:50 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
text/css
accept-ranges
bytes
content-length
103283
x-xss-protection
1
bg.86ac577b.svg
ms-outlookpostmaster.rpeninsulares.com/img/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ms-outlookpostmaster.rpeninsulares.com/img/bg.86ac577b.svg
Requested by
Host: ms-outlookpostmaster.rpeninsulares.com
URL: https://ms-outlookpostmaster.rpeninsulares.com/css/app.c09fc91f.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
174.136.25.66 , United States, ASN17378 (AS17378, US),
Reverse DNS
svgs179.serverneubox.com.mx
Software
Apache /
Resource Hash
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ms-outlookpostmaster.rpeninsulares.com/css/app.c09fc91f.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Tue, 08 Aug 2023 14:22:04 GMT
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 16 Jun 2023 11:03:50 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
accept-ranges
bytes
content-length
1864
x-xss-protection
1
/
ipapi.co/json/ 		748 B
899 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ipapi.co/json/
Requested by
Host: ms-outlookpostmaster.rpeninsulares.com
URL: https://ms-outlookpostmaster.rpeninsulares.com/js/app.bb5fc7f9.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:20::681a:82c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
caa60e3b2281dba522c86e2e49840ec303a459e4722d255a094e0d433a8eb129
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ms-outlookpostmaster.rpeninsulares.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Tue, 08 Aug 2023 14:22:04 GMT
content-encoding
br
x-content-type-options
nosniff
referrer-policy
same-origin
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Host, origin
allow
OPTIONS, POST, GET, HEAD, OPTIONS
content-type
application/json
access-control-allow-origin
https://ms-outlookpostmaster.rpeninsulares.com
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f3MjHPkVIS8OxnoaoHiMi4ltMHWdwHJfeuMo6lui0zkWo1d0qfN6atqAUkXKRcrcRTNt1sGr70xoWIklMtV3SZQkTjV9uK2uQvJrRnjJjL%2BrJN8rVAfc5V2mZsg4c69TDiHBiKbE"}],"group":"cf-nel","max_age":604800}
x-frame-options
DENY
cf-ray
7f3868cf2c4037f8-FRA
/
api.ipify.org/ 		19 B
219 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.ipify.org/?format=json
Requested by
Host: ms-outlookpostmaster.rpeninsulares.com
URL: https://ms-outlookpostmaster.rpeninsulares.com/js/chunk-vendors.a9abdb4f.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.237.62.211 El Segundo, United States, ASN18450 (WEBNX, US),
Reverse DNS
hosted-by.racknerd.com
Software
nginx/1.25.1 /
Resource Hash
b6768babc48e43f6555965796b90d427a3757eaf07a3ed45f1c334a81ae1e7bb

Request headers

Accept
application/json, text/plain, */*
Referer
https://ms-outlookpostmaster.rpeninsulares.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 08 Aug 2023 14:22:05 GMT
Server
nginx/1.25.1
Connection
keep-alive
Content-Length
19
Vary
Origin
Content-Type
application/json
app.c09fc91f.css
ms-outlookpostmaster.rpeninsulares.com/css/ 		64 KB
64 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ms-outlookpostmaster.rpeninsulares.com/css/app.c09fc91f.css
Requested by
Host: ms-outlookpostmaster.rpeninsulares.com
URL: https://ms-outlookpostmaster.rpeninsulares.com/css/app.c09fc91f.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
174.136.25.66 , United States, ASN17378 (AS17378, US),
Reverse DNS
svgs179.serverneubox.com.mx
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ms-outlookpostmaster.rpeninsulares.com/css/app.c09fc91f.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Tue, 08 Aug 2023 14:22:05 GMT
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 16 Jun 2023 11:03:50 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
text/css
accept-ranges
bytes
content-length
103283
x-xss-protection
1
truncated
/ 		884 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8dc9d7f2be71e0f35b358e763545085d4d35476570b64dd10f38e5884d5f3698

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| webpackChunkaccess boolean| __VUE__ function| jQuery function| $

0 Cookies