login-live-com.office365.qacust1.fpcasbdev.com Open in urlscan Pro
3.137.109.9  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request jsDisabled.srf Show response login-live-com.office365.qacust1.fpcasbdev.com/	5 KB 4 KB	994ms 321ms	Document text/html	3.137.109.9 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://login-live-com.office365.qacust1.fpcasbdev.com/jsDisabled.srf?mkt=EN-US&lc=1033&uaid=7af27bbab42c442cab21511a649557b2 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 3.137.109.9 Columbus, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-137-109-9.us-east-2.compute.amazonaws.com Software / Resource Hash 29681091d01cceaa363c0bebc588ea9f247b90799f6f6be990c1a6cfe66179e1 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Accept-Language jp-JP,jp;q=0.9 Response headers Cache-Control no-store, no-cache Pragma no-cache Content-Type text/html; charset=utf-8 Content-Encoding deflate Expires Thu, 16 Dec 2021 04:06:13 GMT Vary Accept-Encoding P3P CP="DSP CUR OTPi IND OTRi ONL FIN" X-Frame-Options DENY Referrer-Policy strict-origin-when-cross-origin x-ms-route-info R3_BAY X-DNS-Prefetch-Control on Link <https://acctcdn.msauth.net>; rel=preconnect; crossorigin <https://logincdn.msauth.net>; rel=preconnect; crossorigin <https://acctcdn.msauth.net/>; rel=dns-prefetch <https://acctcdn-msftauth-net.office365.qacust1.fpcasbdev.com/>; rel=dns-prefetch <https://acctcdnmsftuswe2-azureedge-net.office365.qacust1.fpcasbdev.com/>; rel=dns-prefetch <https://acctcdnvzeuno-azureedge-net.office365.qacust1.fpcasbdev.com/>; rel=dns-prefetch <https://logincdn.msauth.net/>; rel=dns-prefetch <https://lgincdnvzeuno-azureedge-net.office365.qacust1.fpcasbdev.com/>; rel=dns-prefetch <https://lgincdnmsftuswe2-azureedge-net.office365.qacust1.fpcasbdev.com/>; rel=dns-prefetch x-ms-request-id 6a058727-d58e-4eef-a9cb-6b706b58adda PPServer PPV: 30 H: BY1PPF7D80F992E V: 0 X-Content-Type-Options nosniff Strict-Transport-Security max-age=31536000 X-XSS-Protection 1; mode=block Date Thu, 16 Dec 2021 04:07:13 GMT Transfer-Encoding chunked
GET H/1.1	200 OK	__sf_event_listener_hook.js Show response login-live-com.office365.qacust1.fpcasbdev.com/__sf_resource/_/	2 KB 2 KB	168ms 168ms	Script text/javascript	3.137.109.9 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://login-live-com.office365.qacust1.fpcasbdev.com/__sf_resource/_/__sf_event_listener_hook.js Requested by Host: login-live-com.office365.qacust1.fpcasbdev.com URL: https://login-live-com.office365.qacust1.fpcasbdev.com/jsDisabled.srf?mkt=EN-US&lc=1033&uaid=7af27bbab42c442cab21511a649557b2 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 3.137.109.9 Columbus, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-137-109-9.us-east-2.compute.amazonaws.com Software / Resource Hash a860b9561b1615b3dca00ef253ebc8f398b346e13042dc6bef68ccac5da536ad Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://login-live-com.office365.qacust1.fpcasbdev.com/jsDisabled.srf?mkt=EN-US&lc=1033&uaid=7af27bbab42c442cab21511a649557b2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers Cache-Control max-age=21600 Content-Length 1849 Content-Type text/javascript
GET H/1.1	200 OK	__sf_ajax_hook.js Show response login-live-com.office365.qacust1.fpcasbdev.com/__sf_resource/_/	6 KB 6 KB	336ms 168ms	Script text/javascript	3.137.109.9 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://login-live-com.office365.qacust1.fpcasbdev.com/__sf_resource/_/__sf_ajax_hook.js Requested by Host: login-live-com.office365.qacust1.fpcasbdev.com URL: https://login-live-com.office365.qacust1.fpcasbdev.com/jsDisabled.srf?mkt=EN-US&lc=1033&uaid=7af27bbab42c442cab21511a649557b2 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 3.137.109.9 Columbus, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-137-109-9.us-east-2.compute.amazonaws.com Software / Resource Hash ac92867bc5d68214d58a7c916ca2707b8e0d2e1b7156cac6d8df0ed49ea521d2 Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://login-live-com.office365.qacust1.fpcasbdev.com/jsDisabled.srf?mkt=EN-US&lc=1033&uaid=7af27bbab42c442cab21511a649557b2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers Cache-Control max-age=21600 Content-Length 6025 Content-Type text/javascript
GET H/1.1	200 OK	ms-logo-v2.jpg login-live-com.office365.qacust1.fpcasbdev.com/images/	3 KB 3 KB	409ms 241ms	Image image/jpeg	3.137.109.9 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://login-live-com.office365.qacust1.fpcasbdev.com/images/ms-logo-v2.jpg Requested by Host: login-live-com.office365.qacust1.fpcasbdev.com URL: https://login-live-com.office365.qacust1.fpcasbdev.com/jsDisabled.srf?mkt=EN-US&lc=1033&uaid=7af27bbab42c442cab21511a649557b2 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 3.137.109.9 Columbus, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-137-109-9.us-east-2.compute.amazonaws.com Software / Resource Hash bc2b16b51738b77d94ed7591ad1033fa804297ca9faaa35222aa65773f749164 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://login-live-com.office365.qacust1.fpcasbdev.com/jsDisabled.srf?mkt=EN-US&lc=1033&uaid=7af27bbab42c442cab21511a649557b2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Last-Modified Tue, 07 Dec 2021 10:33:40 GMT PPServer PPV: 30 H: SJ1PPF6A195CC9F V: 0 ETag "01a58e655ebd71:0" Content-Type image/jpeg x-ms-request-id 24f7136e-682c-4f7a-8935-8a01ded227e6 Cache-Control max-age=31536000 Date Thu, 16 Dec 2021 04:07:14 GMT Accept-Ranges bytes Content-Length 2797 X-XSS-Protection 1; mode=block

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| __sf__initEventListenersHook function| __sfLog function| __sf__redirect function| __sf__handleResponse function| __sf__trackXhr function| __sf__installAjaxHook function| __sf__installFetchHook function| show_verifcation_iframe function| sf_iframe_verification_success object| EventDict function| __sf__addEventListenerBase function| removeAllEventListeners function| __sf__removeEventListenerBase

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.office365.qacust1.fpcasbdev.com/	1969-12-31 23:59:59	Name: __SF__sessionId Value: 2d57d53e6f03aac63ad1bb6c9159bd
			.qacust1.fpcasbdev.com/	1970-01-23 15:03:07	Name: __SF__sfbid Value: 3mgq8KKkuvff7927d2

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

login-live-com.office365.qacust1.fpcasbdev.com
3.137.109.9
29681091d01cceaa363c0bebc588ea9f247b90799f6f6be990c1a6cfe66179e1
a860b9561b1615b3dca00ef253ebc8f398b346e13042dc6bef68ccac5da536ad
ac92867bc5d68214d58a7c916ca2707b8e0d2e1b7156cac6d8df0ed49ea521d2
bc2b16b51738b77d94ed7591ad1033fa804297ca9faaa35222aa65773f749164