urlscan.io logo urlscan.io
SecurityTrails logo

login.microsoftonline.com.office.prodoffice365.atrium.myshn.net Open in urlscan Pro
162.212.241.214  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://attachments.office.net.office.prodoffice365.atrium.myshn.net/
Effective URL: https://login.microsoftonline.com.office.prodoffice365.atrium.myshn.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%...
Submission: On July 30 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 18 HTTP transactions. The main IP is 162.212.241.214, located in United States and belongs to SHNAC1 - Skyhigh Networks Inc, US. The main domain is login.microsoftonline.com.office.prodoffice365.atrium.myshn.net.
TLS certificate: Issued by GlobalSign RSA OV SSL CA 2018 on July 30th 2019. Valid for: a year.
This is the only time login.microsoftonline.com.office.prodoffice365.atrium.myshn.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
2 11 162.212.241.214 14807 (SHNAC1)
9 2620:1ec:bdf::10 8068 (MICROSOFT...)
18 2
Domain Requested by
9 aadcdn.msauth.net login.microsoftonline.com.office.prodoffice365.atrium.myshn.net
aadcdn.msauth.net
7 r4.res.office365.com.office.prodoffice365.atrium.myshn.net outlook.office365.com.office.prodoffice365.atrium.myshn.net
2 attachments.office.net.office.prodoffice365.atrium.myshn.net 2 redirects
1 outlook.office365.com.office.prodoffice365.atrium.myshn.net aadcdn.msauth.net
1 login.microsoftonline.com.office.prodoffice365.atrium.myshn.net
18 5
Subject Issuer Validity Valid
office.prodoffice365.atrium.myshn.net
GlobalSign RSA OV SSL CA 2018		 2019-07-30 -
2020-07-30		 a year crt.sh
aadcdn.msauth.net
Microsoft IT TLS CA 4		 2018-11-07 -
2020-11-07		 2 years crt.sh

This page contains 2 frames:

Primary Page: https://login.microsoftonline.com.office.prodoffice365.atrium.myshn.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2fattachments.office.net.office.prodoffice365.atrium.myshn.net%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=c73cf8a5-7300-4cdd-9c23-b2cf6be08a07&protectedtoken=true&nonce=637000641560135292.17d53e62-c700-4d6e-be84-d77deffa76ab&state=DYtBEoAgCACxpueQKAr1HA28duz7cdi97GwCgD3YgkQhUGElImmlCxXu9a5nUevsUvGJhM3EcfrV0FTN1xoqY6Z4j_x-I_8
Frame ID: 7A399C81D666180C5C65D013488152C2
Requests: 10 HTTP requests in this frame

Frame: https://outlook.office365.com.office.prodoffice365.atrium.myshn.net/owa/prefetch.aspx
Frame ID: 543C5978156EBFE9BFDEE420F3B1D773
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://attachments.office.net.office.prodoffice365.atrium.myshn.net/ HTTP 302
    https://attachments.office.net.office.prodoffice365.atrium.myshn.net/owa/ HTTP 302
    https://login.microsoftonline.com.office.prodoffice365.atrium.myshn.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redir... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

18
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

5
Subdomains

2
IPs

1
Countries

1184 kB
Transfer

3851 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://attachments.office.net.office.prodoffice365.atrium.myshn.net/ HTTP 302
    https://attachments.office.net.office.prodoffice365.atrium.myshn.net/owa/ HTTP 302
    https://login.microsoftonline.com.office.prodoffice365.atrium.myshn.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2fattachments.office.net.office.prodoffice365.atrium.myshn.net%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=c73cf8a5-7300-4cdd-9c23-b2cf6be08a07&protectedtoken=true&nonce=637000641560135292.17d53e62-c700-4d6e-be84-d77deffa76ab&state=DYtBEoAgCACxpueQKAr1HA28duz7cdi97GwCgD3YgkQhUGElImmlCxXu9a5nUevsUvGJhM3EcfrV0FTN1xoqY6Z4j_x-I_8 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set authorize
login.microsoftonline.com.office.prodoffice365.atrium.myshn.net/common/oauth2/
Redirect Chain
  • https://attachments.office.net.office.prodoffice365.atrium.myshn.net/
  • https://attachments.office.net.office.prodoffice365.atrium.myshn.net/owa/
  • https://login.microsoftonline.com.office.prodoffice365.atrium.myshn.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2fattachments.office.net.offi...
29 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.microsoftonline.com.office.prodoffice365.atrium.myshn.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2fattachments.office.net.office.prodoffice365.atrium.myshn.net%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=c73cf8a5-7300-4cdd-9c23-b2cf6be08a07&protectedtoken=true&nonce=637000641560135292.17d53e62-c700-4d6e-be84-d77deffa76ab&state=DYtBEoAgCACxpueQKAr1HA28duz7cdi97GwCgD3YgkQhUGElImmlCxXu9a5nUevsUvGJhM3EcfrV0FTN1xoqY6Z4j_x-I_8
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.212.241.214 , United States, ASN14807 (SHNAC1 - Skyhigh Networks Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
1543abbb97b68b13cb83996ed64cec53e1a1179ce9a21a8e85ca4aedc5f74644
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Host
login.microsoftonline.com.office.prodoffice365.atrium.myshn.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

Server
nginx
Date
Tue, 30 Jul 2019 06:15:56 GMT
Content-Type
text/html; charset=utf-8
Content-Length
11927
Connection
keep-alive
Cache-Control
no-cache, no-store
Content-Encoding
gzip
Expires
-1
Link
<https://aadcdn.msauth.net>; rel=preconnect; crossorigin <https://aadcdn.msauth.net>; rel=dns-prefetch <https://aadcdn.msftauth.net>; rel=dns-prefetch
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma
no-cache
Set-Cookie
buid=AQABAAEAAAAP0wLlqdLVToOpA4kwzSnxTlO3f9-jb6OG61rq1_k2LBVQ5yC0pO_fTFMCv6osVM0Lq1lfGd9vHovYX6SkTToU5AIdml6W1TyYYc7Gj9YyZmalnBs2lGW6_aU4dlc_t8kgAA; Expires=Thu, 29-Aug-2019 06:15:56 GMT; Path=/; Secure; HTTPOnly fpc=AsEWrkwAVSpLptPwsHq23FI-NjKRAQAAAJvX0dQOAAAA; Expires=Thu, 29-Aug-2019 06:15:56 GMT; Path=/; Secure; HTTPOnly esctx=AQABAAAAAAAP0wLlqdLVToOpA4kwzSnxSqdKPOVafdgc1-5p4PVd6YIdD7-8e3WNnRKH1gxv6Uavl8W_0QI7p0XpVjVbaHjD_-hXHutzX6s5fURMz4d7eCfF-8qo2QDYi15mez6X1E3tJKC28kgxjn7sf9sTjKe8bL22xYoNAXDiw_VMfG9pev6sC-LHMDoHFCKsEBDWxU8gAA; Path=/; Domain=.login.microsoftonline.com.office.prodoffice365.atrium.myshn.net; Secure; HTTPOnly x-ms-gateway-slice=prod; Path=/; Secure; HTTPOnly stsservicecookie=ests; Path=/; Secure; HTTPOnly
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-DNS-Prefetch-Control
on
X-Frame-Options
DENY
x-ms-request-id
3508470f-a500-4fad-a182-2ec0d5640900
X-Robots-Tag
none
X-SkyHigh-Version
BuildNumber=29, BuildDate=2019-07-25 13:39

Redirect headers

Server
nginx
Date
Tue, 30 Jul 2019 06:15:56 GMT
Content-Type
text/html; charset=utf-8
Content-Length
755
Connection
keep-alive
Location
https://login.microsoftonline.com.office.prodoffice365.atrium.myshn.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2fattachments.office.net.office.prodoffice365.atrium.myshn.net%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=c73cf8a5-7300-4cdd-9c23-b2cf6be08a07&protectedtoken=true&nonce=637000641560135292.17d53e62-c700-4d6e-be84-d77deffa76ab&state=DYtBEoAgCACxpueQKAr1HA28duz7cdi97GwCgD3YgkQhUGElImmlCxXu9a5nUevsUvGJhM3EcfrV0FTN1xoqY6Z4j_x-I_8
P3P
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
request-id
c73cf8a5-7300-4cdd-9c23-b2cf6be08a07
Set-Cookie
ClientId=8D41630CDD0743CAB7D75F9D464CD901; Expires=Thu, 30-Jul-2020 06:15:56 GMT; Path=/; Secure ClientId=8D41630CDD0743CAB7D75F9D464CD901; Expires=Thu, 30-Jul-2020 06:15:56 GMT; Path=/; Secure OIDC=1; Expires=Thu, 30-Jan-2020 06:15:56 GMT; Path=/; Secure; HTTPOnly OpenIdConnect.token.v1=; Expires=Sun, 30-Jul-1989 06:15:56 GMT; Path=/; Secure OpenIdConnect.token.v1=; Expires=Sun, 30-Jul-1989 06:15:56 GMT; Path=/; Domain=attachments.office.net.office.prodoffice365.atrium.myshn.net; Secure OpenIdConnect.id_token.v1=; Expires=Sun, 30-Jul-1989 06:15:56 GMT; Path=/; Secure OpenIdConnect.code.v1=; Expires=Sun, 30-Jul-1989 06:15:56 GMT; Path=/; Secure OpenIdConnect.idp_nonce.v1=; Expires=Sun, 30-Jul-1989 06:15:56 GMT; Path=/; Secure OpenIdConnect.idp_correlation_id=; Expires=Sun, 30-Jul-1989 06:15:56 GMT; Path=/; Secure OpenIdConnect.tokenPostPath=; Expires=Sun, 30-Jul-1989 06:15:56 GMT; Path=/; Secure OpenIdConnect.id_token.v1=; Expires=Sun, 30-Jul-1989 06:15:56 GMT; Path=/; Domain=attachments.office.net.office.prodoffice365.atrium.myshn.net; Secure OpenIdConnect.code.v1=; Expires=Sun, 30-Jul-1989 06:15:56 GMT; Path=/; Domain=attachments.office.net.office.prodoffice365.atrium.myshn.net; Secure OpenIdConnect.idp_nonce.v1=; Expires=Sun, 30-Jul-1989 06:15:56 GMT; Path=/; Domain=attachments.office.net.office.prodoffice365.atrium.myshn.net; Secure OpenIdConnect.idp_correlation_id=; Expires=Sun, 30-Jul-1989 06:15:56 GMT; Path=/; Domain=attachments.office.net.office.prodoffice365.atrium.myshn.net; Secure OpenIdConnect.tokenPostPath=; Expires=Sun, 30-Jul-1989 06:15:56 GMT; Path=/; Domain=attachments.office.net.office.prodoffice365.atrium.myshn.net; Secure OpenIdConnect.nonce.v3.fnqTvX9onFx1lT5ddvpEhUY8HuCVMNCdXZ-vBBEgBc4=637000641560135292.17d53e62-c700-4d6e-be84-d77deffa76ab; Expires=Tue, 30-Jul-2019 07:15:56 GMT; Path=/; Secure; HTTPOnly HostSwitchPrg=; Expires=Sun, 30-Jul-1989 06:15:56 GMT; Path=/; Secure OptInPrg=; Expires=Sun, 30-Jul-1989 06:15:56 GMT; Path=/; Secure SuiteServiceProxyKey=; Expires=Sun, 30-Jul-1989 06:15:56 GMT; Path=/; Secure ClientId=8D41630CDD0743CAB7D75F9D464CD901; Expires=Thu, 30-Jul-2020 06:15:56 GMT; Path=/; Secure OIDC=1; Expires=Thu, 30-Jan-2020 06:15:56 GMT; Path=/; Secure; HTTPOnly OpenIdConnect.token.v1=; Expires=Sun, 30-Jul-1989 06:15:56 GMT; Path=/; Secure OpenIdConnect.token.v1=; Expires=Sun, 30-Jul-1989 06:15:56 GMT; Path=/; Domain=attachments.office.net.office.prodoffice365.atrium.myshn.net; Secure OpenIdConnect.id_token.v1=; Expires=Sun, 30-Jul-1989 06:15:56 GMT; Path=/; Secure OpenIdConnect.code.v1=; Expires=Sun, 30-Jul-1989 06:15:56 GMT; Path=/; Secure OpenIdConnect.idp_nonce.v1=; Expires=Sun, 30-Jul-1989 06:15:56 GMT; Path=/; Secure OpenIdConnect.idp_correlation_id=; Expires=Sun, 30-Jul-1989 06:15:56 GMT; Path=/; Secure OpenIdConnect.tokenPostPath=; Expires=Sun, 30-Jul-1989 06:15:56 GMT; Path=/; Secure OpenIdConnect.id_token.v1=; Expires=Sun, 30-Jul-1989 06:15:56 GMT; Path=/; Domain=attachments.office.net.office.prodoffice365.atrium.myshn.net; Secure OpenIdConnect.code.v1=; Expires=Sun, 30-Jul-1989 06:15:56 GMT; Path=/; Domain=attachments.office.net.office.prodoffice365.atrium.myshn.net; Secure OpenIdConnect.idp_nonce.v1=; Expires=Sun, 30-Jul-1989 06:15:56 GMT; Path=/; Domain=attachments.office.net.office.prodoffice365.atrium.myshn.net; Secure OpenIdConnect.idp_correlation_id=; Expires=Sun, 30-Jul-1989 06:15:56 GMT; Path=/; Domain=attachments.office.net.office.prodoffice365.atrium.myshn.net; Secure OpenIdConnect.tokenPostPath=; Expires=Sun, 30-Jul-1989 06:15:56 GMT; Path=/; Domain=attachments.office.net.office.prodoffice365.atrium.myshn.net; Secure OpenIdConnect.nonce.v3.fnqTvX9onFx1lT5ddvpEhUY8HuCVMNCdXZ-vBBEgBc4=637000641560135292.17d53e62-c700-4d6e-be84-d77deffa76ab; Expires=Tue, 30-Jul-2019 07:15:56 GMT; Path=/; Secure; HTTPOnly HostSwitchPrg=; Expires=Sun, 30-Jul-1989 06:15:56 GMT; Path=/; Secure OptInPrg=; Expires=Sun, 30-Jul-1989 06:15:56 GMT; Path=/; Secure SuiteServiceProxyKey=; Expires=Sun, 30-Jul-1989 06:15:56 GMT; Path=/; Secure X-OWA-RedirectHistory=ArLym14Bh23jYbUU1wg; Expires=Tue, 30-Jul-2019 12:17:56 GMT; Path=/; Secure; HTTPOnly
Strict-Transport-Security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-BackEnd-Begin
2019-07-30T06:15:56.013
X-BackEnd-End
2019-07-30T06:15:56.014
X-BackEndHttpStatus
302 302
X-BEServer
BYAPR05MB4054
X-BeSku
WCS5
X-CalculatedBETarget
BYAPR05MB4054.namprd05.prod.outlook.com
X-CalculatedFETarget
BYAPR21CU001.internal.outlook.com
X-Content-Type-Options
nosniff
X-DiagInfo
BYAPR05MB4054
X-FEProxyInfo
BYAPR21CA0019.NAMPRD21.PROD.OUTLOOK.COM
X-FEServer
BYAPR21CA0019 MN2PR05CA0017
X-MSEdge-Ref
Ref A: 3689F4DA91954A1CA7156F5DB66449D0 Ref B: BLUEDGE0111 Ref C: 2019-07-30T06:15:55Z
X-OWA-DiagnosticsInfo
1;0;0
X-Robots-Tag
none
X-RUM-Validated
1
X-SkyHigh-Version
BuildNumber=29, BuildDate=2019-07-25 13:39
X-UA-Compatible
IE=EmulateIE7
converged.v2.login.min_eihab3wwm23ia-nkvubaww2.css
aadcdn.msauth.net/ests/2.1/content/cdnbundles/ 		99 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_eihab3wwm23ia-nkvubaww2.css
Requested by
Host: login.microsoftonline.com.office.prodoffice365.atrium.myshn.net
URL: https://login.microsoftonline.com.office.prodoffice365.atrium.myshn.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2fattachments.office.net.office.prodoffice365.atrium.myshn.net%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=c73cf8a5-7300-4cdd-9c23-b2cf6be08a07&protectedtoken=true&nonce=637000641560135292.17d53e62-c700-4d6e-be84-d77deffa76ab&state=DYtBEoAgCACxpueQKAr1HA28duz7cdi97GwCgD3YgkQhUGElImmlCxXu9a5nUevsUvGJhM3EcfrV0FTN1xoqY6Z4j_x-I_8
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::10 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
0fa2b179b0e2652b5befbfa696f12cd1dcebfbdc58def206a70c43c515fb9810

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
Referer
https://login.microsoftonline.com.office.prodoffice365.atrium.myshn.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2fattachments.office.net.office.prodoffice365.atrium.myshn.net%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=c73cf8a5-7300-4cdd-9c23-b2cf6be08a07&protectedtoken=true&nonce=637000641560135292.17d53e62-c700-4d6e-be84-d77deffa76ab&state=DYtBEoAgCACxpueQKAr1HA28duz7cdi97GwCgD3YgkQhUGElImmlCxXu9a5nUevsUvGJhM3EcfrV0FTN1xoqY6Z4j_x-I_8
Origin
https://login.microsoftonline.com.office.prodoffice365.atrium.myshn.net

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 30 Jul 2019 06:15:56 GMT
content-encoding
gzip
x-azure-ref-originshield
0Sko/XQAAAACWqpBn+iAsTZ1QyCT0NueqQU1TRURHRTA1MTQAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-md5
Ad0mK15RRqUtTX8eZlxHHg==
x-cache
TCP_HIT
status
200
content-length
18573
x-ms-lease-status
unlocked
last-modified
Fri, 28 Jun 2019 04:55:08 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D6FB84CB7015B1
x-azure-ref
0nOA/XQAAAADBV3N5kleDRIe6rifrfvdhVklFRURHRTAxMDgAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
46a42afa-201e-0011-7d70-44ac53000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
ux.converged.login.pcore.min_qgmemp6whsrem51-khqjmg2.js
aadcdn.msauth.net/ests/2.1/content/cdnbundles/ 		567 KB
146 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.login.pcore.min_qgmemp6whsrem51-khqjmg2.js
Requested by
Host: login.microsoftonline.com.office.prodoffice365.atrium.myshn.net
URL: https://login.microsoftonline.com.office.prodoffice365.atrium.myshn.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2fattachments.office.net.office.prodoffice365.atrium.myshn.net%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=c73cf8a5-7300-4cdd-9c23-b2cf6be08a07&protectedtoken=true&nonce=637000641560135292.17d53e62-c700-4d6e-be84-d77deffa76ab&state=DYtBEoAgCACxpueQKAr1HA28duz7cdi97GwCgD3YgkQhUGElImmlCxXu9a5nUevsUvGJhM3EcfrV0FTN1xoqY6Z4j_x-I_8
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::10 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
954bd482f102fd4b8d6db06d553233df847a5909fb04bc25f99451bbaea034a4

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
Referer
https://login.microsoftonline.com.office.prodoffice365.atrium.myshn.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2fattachments.office.net.office.prodoffice365.atrium.myshn.net%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=c73cf8a5-7300-4cdd-9c23-b2cf6be08a07&protectedtoken=true&nonce=637000641560135292.17d53e62-c700-4d6e-be84-d77deffa76ab&state=DYtBEoAgCACxpueQKAr1HA28duz7cdi97GwCgD3YgkQhUGElImmlCxXu9a5nUevsUvGJhM3EcfrV0FTN1xoqY6Z4j_x-I_8
Origin
https://login.microsoftonline.com.office.prodoffice365.atrium.myshn.net

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 30 Jul 2019 06:15:56 GMT
content-encoding
gzip
x-azure-ref-originshield
0ths6XQAAAACJ8Oau5MUwSrLxVel1ed+fQU1TRURHRTA1MTgAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-md5
di8RE1Yucm3rAmZabwJfHw==
x-cache
TCP_HIT
status
200
content-length
149570
x-ms-lease-status
unlocked
last-modified
Thu, 11 Jul 2019 17:17:38 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D70623AC4E7C7E
x-azure-ref
0nOA/XQAAAACT7sC+KsA2RLB8X7oOvWHyVklFRURHRTAxMDgAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
0ed19453-401e-0007-1778-42e67d000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
ux.converged.login.strings-en.min_m6_6gc8vfflqvlkuqzgmpg2.js
aadcdn.msauth.net/ests/2.1/content/cdnbundles/ 		31 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_m6_6gc8vfflqvlkuqzgmpg2.js
Requested by
Host: login.microsoftonline.com.office.prodoffice365.atrium.myshn.net
URL: https://login.microsoftonline.com.office.prodoffice365.atrium.myshn.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2fattachments.office.net.office.prodoffice365.atrium.myshn.net%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=c73cf8a5-7300-4cdd-9c23-b2cf6be08a07&protectedtoken=true&nonce=637000641560135292.17d53e62-c700-4d6e-be84-d77deffa76ab&state=DYtBEoAgCACxpueQKAr1HA28duz7cdi97GwCgD3YgkQhUGElImmlCxXu9a5nUevsUvGJhM3EcfrV0FTN1xoqY6Z4j_x-I_8
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::10 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
86b5b5f839dc0f734d4049b7a68db228c92e07e35f01ad7024b281079c85be3b

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
Referer
https://login.microsoftonline.com.office.prodoffice365.atrium.myshn.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2fattachments.office.net.office.prodoffice365.atrium.myshn.net%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=c73cf8a5-7300-4cdd-9c23-b2cf6be08a07&protectedtoken=true&nonce=637000641560135292.17d53e62-c700-4d6e-be84-d77deffa76ab&state=DYtBEoAgCACxpueQKAr1HA28duz7cdi97GwCgD3YgkQhUGElImmlCxXu9a5nUevsUvGJhM3EcfrV0FTN1xoqY6Z4j_x-I_8
Origin
https://login.microsoftonline.com.office.prodoffice365.atrium.myshn.net

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 30 Jul 2019 06:15:56 GMT
content-encoding
gzip
x-azure-ref-originshield
0uRw6XQAAAABPXqZxHX3hTaM59dSoHk/5QU1TRURHRTA1MTgAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-md5
tttUiQE2frWJxeAydbTA8Q==
x-cache
TCP_HIT
status
200
content-length
10175
x-ms-lease-status
unlocked
last-modified
Wed, 10 Jul 2019 06:26:58 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D704FF9CB66FD8
x-azure-ref
0nOA/XQAAAABQk7cZG9pKQaE2MCU59kl2VklFRURHRTAxMDgAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
3fa26f95-c01e-0023-4c30-3edb46000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
Cookie set prefetch.aspx
outlook.office365.com.office.prodoffice365.atrium.myshn.net/owa/ Frame 543C 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://outlook.office365.com.office.prodoffice365.atrium.myshn.net/owa/prefetch.aspx
Requested by
Host: aadcdn.msauth.net
URL: https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.login.pcore.min_qgmemp6whsrem51-khqjmg2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.212.241.214 , United States, ASN14807 (SHNAC1 - Skyhigh Networks Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
4be411e7506a4347ac58a07eb4aa7ae98d57704db362dfb35edb16e7f8a8d9a8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Host
outlook.office365.com.office.prodoffice365.atrium.myshn.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer
https://login.microsoftonline.com.office.prodoffice365.atrium.myshn.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2fattachments.office.net.office.prodoffice365.atrium.myshn.net%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=c73cf8a5-7300-4cdd-9c23-b2cf6be08a07&protectedtoken=true&nonce=637000641560135292.17d53e62-c700-4d6e-be84-d77deffa76ab&state=DYtBEoAgCACxpueQKAr1HA28duz7cdi97GwCgD3YgkQhUGElImmlCxXu9a5nUevsUvGJhM3EcfrV0FTN1xoqY6Z4j_x-I_8
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
Referer
https://login.microsoftonline.com.office.prodoffice365.atrium.myshn.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2fattachments.office.net.office.prodoffice365.atrium.myshn.net%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=c73cf8a5-7300-4cdd-9c23-b2cf6be08a07&protectedtoken=true&nonce=637000641560135292.17d53e62-c700-4d6e-be84-d77deffa76ab&state=DYtBEoAgCACxpueQKAr1HA28duz7cdi97GwCgD3YgkQhUGElImmlCxXu9a5nUevsUvGJhM3EcfrV0FTN1xoqY6Z4j_x-I_8

Response headers

Server
nginx
Date
Tue, 30 Jul 2019 06:15:58 GMT
Content-Type
text/html; charset=utf-8
Content-Length
1052
Connection
keep-alive
Cache-Control
private, no-store
Content-Encoding
gzip
request-id
6f5bfdbf-6b08-4579-a78c-84f404f12f66
Set-Cookie
ClientId=77937705B8254C7CA1763A7C4E3FFA1A; Expires=Thu, 30-Jul-2020 06:15:58 GMT; Path=/; Secure ClientId=77937705B8254C7CA1763A7C4E3FFA1A; Expires=Thu, 30-Jul-2020 06:15:58 GMT; Path=/; Secure OIDC=1; Expires=Thu, 30-Jan-2020 06:15:58 GMT; Path=/; Secure; HTTPOnly OWAPF=v:16.3177.2.2704109&l:mouse; Path=/
Strict-Transport-Security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
Vary
Accept-Encoding
X-BackEnd-Begin
2019-07-30T06:15:58.391
X-BackEnd-End
2019-07-30T06:15:58.393
X-BackEndHttpStatus
200 200
X-BEServer
BN8PR02MB5730
X-BeSku
WCS5
X-CalculatedBETarget
BN8PR02MB5730.namprd02.prod.outlook.com
X-CalculatedFETarget
BN8PR15CU001.internal.outlook.com
X-Content-Type-Options
nosniff
X-DiagInfo
BN8PR02MB5730
X-FEProxyInfo
BN8PR15CA0025.NAMPRD15.PROD.OUTLOOK.COM
X-FEServer
BN8PR15CA0025 MN2PR02CA0010
X-OWA-DiagnosticsInfo
2;0;0
X-OWA-Version
15.20.2115.15
X-Robots-Tag
none
X-RUM-Validated
1
X-SkyHigh-Version
BuildNumber=29, BuildDate=2019-07-25 13:39
X-UA-Compatible
IE=EmulateIE7
microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
aadcdn.msauth.net/ests/2.1/content/images/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msauth.net/ests/2.1/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::10 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

Referer
https://login.microsoftonline.com.office.prodoffice365.atrium.myshn.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2fattachments.office.net.office.prodoffice365.atrium.myshn.net%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=c73cf8a5-7300-4cdd-9c23-b2cf6be08a07&protectedtoken=true&nonce=637000641560135292.17d53e62-c700-4d6e-be84-d77deffa76ab&state=DYtBEoAgCACxpueQKAr1HA28duz7cdi97GwCgD3YgkQhUGElImmlCxXu9a5nUevsUvGJhM3EcfrV0FTN1xoqY6Z4j_x-I_8
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 30 Jul 2019 06:15:56 GMT
content-encoding
gzip
x-azure-ref-originshield
0EZ09XQAAAAAKW928iqQ7Q6gZd89a4zGtQU1TRURHRTA0MTMAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-md5
nzaLxFgP7ZB3dfMcaybWzw==
x-cache
TCP_HIT
status
200
content-length
1435
x-ms-lease-status
unlocked
last-modified
Fri, 02 Nov 2018 20:25:31 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D64101560D5E58
x-azure-ref
0neA/XQAAAAAyBuuyELwyTanQgQpPYgbvVklFRURHRTAyMjIAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
3ceec0e5-c01e-0067-7624-44a45f000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=604800
x-ms-version
2009-09-19
ellipsis_white_5ac590ee72bfe06a7cecfd75b588ad73.svg
aadcdn.msauth.net/ests/2.1/content/images/ 		915 B
563 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msauth.net/ests/2.1/content/images/ellipsis_white_5ac590ee72bfe06a7cecfd75b588ad73.svg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::10 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea

Request headers

Referer
https://login.microsoftonline.com.office.prodoffice365.atrium.myshn.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2fattachments.office.net.office.prodoffice365.atrium.myshn.net%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=c73cf8a5-7300-4cdd-9c23-b2cf6be08a07&protectedtoken=true&nonce=637000641560135292.17d53e62-c700-4d6e-be84-d77deffa76ab&state=DYtBEoAgCACxpueQKAr1HA28duz7cdi97GwCgD3YgkQhUGElImmlCxXu9a5nUevsUvGJhM3EcfrV0FTN1xoqY6Z4j_x-I_8
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 30 Jul 2019 06:15:56 GMT
content-encoding
gzip
x-azure-ref-originshield
0ngI6XQAAAADSICVYICh+SaYCyFmlFQ4nQU1TRURHRTA2MTYAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-md5
HMwsHhNXdtrfirQDkzcqMA==
x-cache
TCP_HIT
status
200
content-length
263
x-ms-lease-status
unlocked
last-modified
Fri, 02 Nov 2018 20:25:24 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D64101521A1ED5
x-azure-ref
0neA/XQAAAABzhFaqz0j6QIVvA+b54k+NVklFRURHRTAyMjIAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
ac431d87-c01e-005b-5675-3e7157000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=604800
x-ms-version
2009-09-19
ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg
aadcdn.msauth.net/ests/2.1/content/images/ 		915 B
555 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msauth.net/ests/2.1/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::10 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6

Request headers

Referer
https://login.microsoftonline.com.office.prodoffice365.atrium.myshn.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2fattachments.office.net.office.prodoffice365.atrium.myshn.net%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=c73cf8a5-7300-4cdd-9c23-b2cf6be08a07&protectedtoken=true&nonce=637000641560135292.17d53e62-c700-4d6e-be84-d77deffa76ab&state=DYtBEoAgCACxpueQKAr1HA28duz7cdi97GwCgD3YgkQhUGElImmlCxXu9a5nUevsUvGJhM3EcfrV0FTN1xoqY6Z4j_x-I_8
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 30 Jul 2019 06:15:56 GMT
content-encoding
gzip
x-azure-ref-originshield
0Mcc/XQAAAAC69h7SaHRuSJnr4b3wxwgwQU1TRURHRTA2MDcAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-md5
/a3y/mpA+HRaVAiPACrsog==
x-cache
TCP_HIT
status
200
content-length
263
x-ms-lease-status
unlocked
last-modified
Fri, 02 Nov 2018 20:25:23 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D641015168A4FB
x-azure-ref
0neA/XQAAAAAtBxCQGeQ1TZFFg78uq104VklFRURHRTAyMjIAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
6bd5bc05-201e-0001-543a-441c71000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=604800
x-ms-version
2009-09-19
33-small_138bcee624fa04ef9b75e86211a9fe0d.jpg
aadcdn.msauth.net/ests/2.1/content/images/appbackgrounds/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msauth.net/ests/2.1/content/images/appbackgrounds/33-small_138bcee624fa04ef9b75e86211a9fe0d.jpg
Requested by
Host: aadcdn.msauth.net
URL: https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.login.pcore.min_qgmemp6whsrem51-khqjmg2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::10 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
f89e908280791803bbf1f33b596ff4a2179b355a8e15ad02ebaa2b1da11127ea

Request headers

Referer
https://login.microsoftonline.com.office.prodoffice365.atrium.myshn.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2fattachments.office.net.office.prodoffice365.atrium.myshn.net%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=c73cf8a5-7300-4cdd-9c23-b2cf6be08a07&protectedtoken=true&nonce=637000641560135292.17d53e62-c700-4d6e-be84-d77deffa76ab&state=DYtBEoAgCACxpueQKAr1HA28duz7cdi97GwCgD3YgkQhUGElImmlCxXu9a5nUevsUvGJhM3EcfrV0FTN1xoqY6Z4j_x-I_8
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 30 Jul 2019 06:15:56 GMT
x-azure-ref-originshield
0eck8XQAAAAAhaXw6Dh3uSpaxhb0y7b4IQU1TRURHRTA2MjEAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-md5
E4vO5iT6BO+bdehiEan+DQ==
x-cache
TCP_HIT
status
200
content-length
3006
x-ms-lease-status
unlocked
last-modified
Wed, 13 Mar 2019 20:50:28 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D6A7F58641DEFF
x-azure-ref
0neA/XQAAAAB1mASrzQrDSJEkz9dylmZ3VklFRURHRTAyMjIAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-type
image/jpeg
access-control-allow-origin
*
x-ms-request-id
8552d229-101e-000a-232d-443966000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
33_a5dbd4393ff6a725c7e62b61df7e72f0.jpg
aadcdn.msauth.net/ests/2.1/content/images/appbackgrounds/ 		277 KB
277 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msauth.net/ests/2.1/content/images/appbackgrounds/33_a5dbd4393ff6a725c7e62b61df7e72f0.jpg
Requested by
Host: aadcdn.msauth.net
URL: https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.login.pcore.min_qgmemp6whsrem51-khqjmg2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::10 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb

Request headers

Referer
https://login.microsoftonline.com.office.prodoffice365.atrium.myshn.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2fattachments.office.net.office.prodoffice365.atrium.myshn.net%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=c73cf8a5-7300-4cdd-9c23-b2cf6be08a07&protectedtoken=true&nonce=637000641560135292.17d53e62-c700-4d6e-be84-d77deffa76ab&state=DYtBEoAgCACxpueQKAr1HA28duz7cdi97GwCgD3YgkQhUGElImmlCxXu9a5nUevsUvGJhM3EcfrV0FTN1xoqY6Z4j_x-I_8
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 30 Jul 2019 06:15:56 GMT
x-azure-ref-originshield
01+s5XQAAAADd4ZqSm4LsQICVQQaak+bjQU1TRURHRTA0MTAAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-md5
pdvUOT/2pyXH5ith335y8A==
x-cache
TCP_HIT
status
200
content-length
283351
x-ms-lease-status
unlocked
last-modified
Wed, 13 Mar 2019 20:50:28 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D6A7F5866686F7
x-azure-ref
0neA/XQAAAABMUhCsY1jOTpVt5X4RnzavVklFRURHRTAyMjIAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-type
image/jpeg
access-control-allow-origin
*
x-ms-request-id
7efdb9be-f01e-0014-1ca1-3e2b59000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
37_533e293f0c8947ada653b47c00e394e2.png
aadcdn.msauth.net/ests/2.1/content/images/applogos/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msauth.net/ests/2.1/content/images/applogos/37_533e293f0c8947ada653b47c00e394e2.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::10 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
b5d587f6c48a9b22bbe97150249e0c0655ac1780bd273431480a22f8a5bfef6c

Request headers

Referer
https://login.microsoftonline.com.office.prodoffice365.atrium.myshn.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2fattachments.office.net.office.prodoffice365.atrium.myshn.net%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=c73cf8a5-7300-4cdd-9c23-b2cf6be08a07&protectedtoken=true&nonce=637000641560135292.17d53e62-c700-4d6e-be84-d77deffa76ab&state=DYtBEoAgCACxpueQKAr1HA28duz7cdi97GwCgD3YgkQhUGElImmlCxXu9a5nUevsUvGJhM3EcfrV0FTN1xoqY6Z4j_x-I_8
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 30 Jul 2019 06:15:56 GMT
x-azure-ref-originshield
0ZRs6XQAAAAB/ZndFiobnSIVpQmX3//1OQU1TRURHRTA1MTgAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-md5
Uz4pPwyJR62mU7R8AOOU4g==
x-cache
TCP_HIT
status
200
content-length
1750
x-ms-lease-status
unlocked
last-modified
Wed, 13 Mar 2019 20:50:51 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D6A7F594080DCC
x-azure-ref
0neA/XQAAAAB3t+RMQ2O4TacPmB48GplgVklFRURHRTAyMjIAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-type
image/png
access-control-allow-origin
*
x-ms-request-id
1c67ad8c-901e-003e-22d8-3eb47f000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
boot.worldwide.0.mouse.js
r4.res.office365.com.office.prodoffice365.atrium.myshn.net/owa/prem/16.3177.2.2704109/scripts/ Frame 543C 		648 KB
176 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r4.res.office365.com.office.prodoffice365.atrium.myshn.net/owa/prem/16.3177.2.2704109/scripts/boot.worldwide.0.mouse.js
Requested by
Host: outlook.office365.com.office.prodoffice365.atrium.myshn.net
URL: https://outlook.office365.com.office.prodoffice365.atrium.myshn.net/owa/prefetch.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.212.241.214 , United States, ASN14807 (SHNAC1 - Skyhigh Networks Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
05be5ab63f6a6dba8849706f2ae869706c964579968fb35059896389c0786f5a

Request headers

Referer
https://outlook.office365.com.office.prodoffice365.atrium.myshn.net/owa/prefetch.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

Date
Tue, 30 Jul 2019 06:15:59 GMT
Content-Encoding
gzip
Last-Modified
Wed, 10 Jul 2019 15:31:03 GMT
Server
nginx
X-Robots-Tag
none
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Cache-Control
public,max-age=630720000, s-maxage=630720000
X-SkyHigh-Version
BuildNumber=29, BuildDate=2019-07-25 13:39
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
179694
boot.worldwide.1.mouse.js
r4.res.office365.com.office.prodoffice365.atrium.myshn.net/owa/prem/16.3177.2.2704109/scripts/ Frame 543C 		644 KB
160 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r4.res.office365.com.office.prodoffice365.atrium.myshn.net/owa/prem/16.3177.2.2704109/scripts/boot.worldwide.1.mouse.js
Requested by
Host: outlook.office365.com.office.prodoffice365.atrium.myshn.net
URL: https://outlook.office365.com.office.prodoffice365.atrium.myshn.net/owa/prefetch.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.212.241.214 , United States, ASN14807 (SHNAC1 - Skyhigh Networks Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
b4931428dc262e6d3f7112c8d20777d6a15842963589f3f9119d9827a00af1ed

Request headers

Referer
https://outlook.office365.com.office.prodoffice365.atrium.myshn.net/owa/prefetch.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

Date
Tue, 30 Jul 2019 06:15:59 GMT
Content-Encoding
gzip
Last-Modified
Wed, 10 Jul 2019 15:31:05 GMT
Server
nginx
X-Robots-Tag
none
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Cache-Control
public,max-age=630720000, s-maxage=630720000
X-SkyHigh-Version
BuildNumber=29, BuildDate=2019-07-25 13:39
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
163034
boot.worldwide.2.mouse.js
r4.res.office365.com.office.prodoffice365.atrium.myshn.net/owa/prem/16.3177.2.2704109/scripts/ Frame 543C 		647 KB
167 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r4.res.office365.com.office.prodoffice365.atrium.myshn.net/owa/prem/16.3177.2.2704109/scripts/boot.worldwide.2.mouse.js
Requested by
Host: outlook.office365.com.office.prodoffice365.atrium.myshn.net
URL: https://outlook.office365.com.office.prodoffice365.atrium.myshn.net/owa/prefetch.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.212.241.214 , United States, ASN14807 (SHNAC1 - Skyhigh Networks Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
33129f222345463087c34f69ebdd0c2146cd29c43e3e7e15a5e293783fddd8a3

Request headers

Referer
https://outlook.office365.com.office.prodoffice365.atrium.myshn.net/owa/prefetch.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

Date
Tue, 30 Jul 2019 06:16:00 GMT
Content-Encoding
gzip
Last-Modified
Wed, 10 Jul 2019 15:31:04 GMT
Server
nginx
X-Robots-Tag
none
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Cache-Control
public,max-age=630720000, s-maxage=630720000
X-SkyHigh-Version
BuildNumber=29, BuildDate=2019-07-25 13:39
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
170022
boot.worldwide.3.mouse.js
r4.res.office365.com.office.prodoffice365.atrium.myshn.net/owa/prem/16.3177.2.2704109/scripts/ Frame 543C 		646 KB
143 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r4.res.office365.com.office.prodoffice365.atrium.myshn.net/owa/prem/16.3177.2.2704109/scripts/boot.worldwide.3.mouse.js
Requested by
Host: outlook.office365.com.office.prodoffice365.atrium.myshn.net
URL: https://outlook.office365.com.office.prodoffice365.atrium.myshn.net/owa/prefetch.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.212.241.214 , United States, ASN14807 (SHNAC1 - Skyhigh Networks Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
0b5e3a0456cedbcf8108a2cb6304ff3efc61e504e7889de194816cff87192000

Request headers

Referer
https://outlook.office365.com.office.prodoffice365.atrium.myshn.net/owa/prefetch.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

Date
Tue, 30 Jul 2019 06:16:00 GMT
Content-Encoding
gzip
Last-Modified
Wed, 10 Jul 2019 15:31:05 GMT
Server
nginx
X-Robots-Tag
none
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Cache-Control
public,max-age=630720000, s-maxage=630720000
X-SkyHigh-Version
BuildNumber=29, BuildDate=2019-07-25 13:39
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
145784
sprite1.mouse.png
r4.res.office365.com.office.prodoffice365.atrium.myshn.net/owa/prem/16.3177.2.2704109/resources/images/0/ Frame 543C 		16 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r4.res.office365.com.office.prodoffice365.atrium.myshn.net/owa/prem/16.3177.2.2704109/resources/images/0/sprite1.mouse.png
Requested by
Host: outlook.office365.com.office.prodoffice365.atrium.myshn.net
URL: https://outlook.office365.com.office.prodoffice365.atrium.myshn.net/owa/prefetch.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.212.241.214 , United States, ASN14807 (SHNAC1 - Skyhigh Networks Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
99190cfe65f919edb8071d84eee7096ec27561bc9b9fa396e55e0eb5e2cd0194

Request headers

Referer
https://outlook.office365.com.office.prodoffice365.atrium.myshn.net/owa/prefetch.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

Date
Tue, 30 Jul 2019 06:16:01 GMT
Last-Modified
Wed, 10 Jul 2019 15:28:07 GMT
Server
nginx
X-Robots-Tag
none
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
public,max-age=630720000, s-maxage=630720000
X-SkyHigh-Version
BuildNumber=29, BuildDate=2019-07-25 13:39
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
16664
sprite1.mouse.css
r4.res.office365.com.office.prodoffice365.atrium.myshn.net/owa/prem/16.3177.2.2704109/resources/images/0/ Frame 543C 		7 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r4.res.office365.com.office.prodoffice365.atrium.myshn.net/owa/prem/16.3177.2.2704109/resources/images/0/sprite1.mouse.css
Requested by
Host: outlook.office365.com.office.prodoffice365.atrium.myshn.net
URL: https://outlook.office365.com.office.prodoffice365.atrium.myshn.net/owa/prefetch.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.212.241.214 , United States, ASN14807 (SHNAC1 - Skyhigh Networks Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
461f87e55bba34c4d9248d1b45685ea832eba56c15ebf6cccf75d49f1547b502

Request headers

Referer
https://outlook.office365.com.office.prodoffice365.atrium.myshn.net/owa/prefetch.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

Date
Tue, 30 Jul 2019 06:16:01 GMT
Content-Encoding
gzip
Last-Modified
Wed, 10 Jul 2019 15:28:04 GMT
Server
nginx
X-Robots-Tag
none
Vary
Accept-Encoding
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
public,max-age=630720000, s-maxage=630720000
X-SkyHigh-Version
BuildNumber=29, BuildDate=2019-07-25 13:39
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
1124
boot.worldwide.mouse.css
r4.res.office365.com.office.prodoffice365.atrium.myshn.net/owa/prem/16.3177.2.2704109/resources/styles/0/ Frame 543C 		227 KB
44 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r4.res.office365.com.office.prodoffice365.atrium.myshn.net/owa/prem/16.3177.2.2704109/resources/styles/0/boot.worldwide.mouse.css
Requested by
Host: outlook.office365.com.office.prodoffice365.atrium.myshn.net
URL: https://outlook.office365.com.office.prodoffice365.atrium.myshn.net/owa/prefetch.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.212.241.214 , United States, ASN14807 (SHNAC1 - Skyhigh Networks Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
8dfade63d9153799d2f8a254edcff8718388ea8d65b5a0daf340fe0fb302270e

Request headers

Referer
https://outlook.office365.com.office.prodoffice365.atrium.myshn.net/owa/prefetch.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

Date
Tue, 30 Jul 2019 06:16:01 GMT
Content-Encoding
gzip
Last-Modified
Wed, 10 Jul 2019 15:29:19 GMT
Server
nginx
X-Robots-Tag
none
Vary
Accept-Encoding
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
public,max-age=630720000, s-maxage=630720000
X-SkyHigh-Version
BuildNumber=29, BuildDate=2019-07-25 13:39
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
44146

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask object| $Config object| $Debug object| $Do function| $Loader object| $WebWatson function| GetString function| GetErrorString function| GetUrl object| $B object| ServerData function| webpackJsonp object| ko object| PROOF object| StringRepository boolean| __ConvergedLogin_PCore boolean| __

6 Cookies

Domain/Path Name / Value
login.microsoftonline.com.office.prodoffice365.atrium.myshn.net/ Name: stsservicecookie
Value: ests
login.microsoftonline.com.office.prodoffice365.atrium.myshn.net/ Name: fpc
Value: AsEWrkwAVSpLptPwsHq23FI-NjKRAQAAAJvX0dQOAAAA
login.microsoftonline.com.office.prodoffice365.atrium.myshn.net/ Name: buid
Value: AQABAAEAAAAP0wLlqdLVToOpA4kwzSnxTlO3f9-jb6OG61rq1_k2LBVQ5yC0pO_fTFMCv6osVM0Lq1lfGd9vHovYX6SkTToU5AIdml6W1TyYYc7Gj9YyZmalnBs2lGW6_aU4dlc_t8kgAA
login.microsoftonline.com.office.prodoffice365.atrium.myshn.net/ Name: x-ms-gateway-slice
Value: prod
.login.microsoftonline.com.office.prodoffice365.atrium.myshn.net/ Name: esctx
Value: AQABAAAAAAAP0wLlqdLVToOpA4kwzSnxSqdKPOVafdgc1-5p4PVd6YIdD7-8e3WNnRKH1gxv6Uavl8W_0QI7p0XpVjVbaHjD_-hXHutzX6s5fURMz4d7eCfF-8qo2QDYi15mez6X1E3tJKC28kgxjn7sf9sTjKe8bL22xYoNAXDiw_VMfG9pev6sC-LHMDoHFCKsEBDWxU8gAA
login.microsoftonline.com.office.prodoffice365.atrium.myshn.net/common/oauth2 Name: CkTst
Value: G1564467356976

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aadcdn.msauth.net
attachments.office.net.office.prodoffice365.atrium.myshn.net
login.microsoftonline.com.office.prodoffice365.atrium.myshn.net
outlook.office365.com.office.prodoffice365.atrium.myshn.net
r4.res.office365.com.office.prodoffice365.atrium.myshn.net
162.212.241.214
2620:1ec:bdf::10
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
05be5ab63f6a6dba8849706f2ae869706c964579968fb35059896389c0786f5a
0b5e3a0456cedbcf8108a2cb6304ff3efc61e504e7889de194816cff87192000
0fa2b179b0e2652b5befbfa696f12cd1dcebfbdc58def206a70c43c515fb9810
1543abbb97b68b13cb83996ed64cec53e1a1179ce9a21a8e85ca4aedc5f74644
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6
211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb
33129f222345463087c34f69ebdd0c2146cd29c43e3e7e15a5e293783fddd8a3
461f87e55bba34c4d9248d1b45685ea832eba56c15ebf6cccf75d49f1547b502
4be411e7506a4347ac58a07eb4aa7ae98d57704db362dfb35edb16e7f8a8d9a8
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea
86b5b5f839dc0f734d4049b7a68db228c92e07e35f01ad7024b281079c85be3b
8dfade63d9153799d2f8a254edcff8718388ea8d65b5a0daf340fe0fb302270e
954bd482f102fd4b8d6db06d553233df847a5909fb04bc25f99451bbaea034a4
99190cfe65f919edb8071d84eee7096ec27561bc9b9fa396e55e0eb5e2cd0194
b4931428dc262e6d3f7112c8d20777d6a15842963589f3f9119d9827a00af1ed
b5d587f6c48a9b22bbe97150249e0c0655ac1780bd273431480a22f8a5bfef6c
f89e908280791803bbf1f33b596ff4a2179b355a8e15ad02ebaa2b1da11127ea