urlscan.io logo urlscan.io
SecurityTrails logo

login.office.com.onmicrosophtdrive.xyz Open in urlscan Pro
162.241.29.89  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://emarketing.imprezahost.com/campaigns/sg513ed68l889/track-url/tx075hv04zd8a/9108e2fb7a4f9a0153d516daa71826c7aab01489
Effective URL: https://login.office.com.onmicrosophtdrive.xyz/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&r...
Submission: On June 10 via manual from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 10 HTTP transactions. The main IP is 162.241.29.89, located in Provo, United States and belongs to UNIFIEDLAYER-AS-1 - Unified Layer, US. The main domain is login.office.com.onmicrosophtdrive.xyz.
TLS certificate: Issued by Let's Encrypt Authority X3 on June 5th 2019. Valid for: 3 months.
This is the only time login.office.com.onmicrosophtdrive.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 1 41.203.16.156 37153 (HETZNER)
3 4 162.241.29.89 46606 (UNIFIEDLA...)
8 2620:1ec:bdf::10 8068 (MICROSOFT...)
10 3
1    2606:4700:20::6819:2f1e (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
emarketing.imprezahost.com
1    41.203.16.156 (South Africa)

ASN37153 (HETZNER, ZA)
PTR: dedi156.jnb2.host-h.net
www.dev.eng.co.za
4    162.241.29.89 (Provo, United States)

ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
PTR: 162-241-29-89.unifiedlayer.com
login.office.com.onmicrosophtdrive.xyz
www.office.com.onmicrosophtdrive.xyz
8    2620:1ec:bdf::10 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
aadcdn.msauth.net
Domain Requested by
8 aadcdn.msauth.net login.office.com.onmicrosophtdrive.xyz
aadcdn.msauth.net
3 login.office.com.onmicrosophtdrive.xyz 2 redirects
1 www.office.com.onmicrosophtdrive.xyz 1 redirects
1 www.dev.eng.co.za 1 redirects
1 emarketing.imprezahost.com 1 redirects
0 www.office.com.onmicrosophtdrive.xyz.onmicrosophtdrive.xyz Failed aadcdn.msauth.net
10 6

This site contains links to these domains. Also see Links.

Domain
login.live.com
www.microsoft.com
privacy.microsoft.com
Subject Issuer Validity Valid
login.office.com.onmicrosophtdrive.xyz
Let's Encrypt Authority X3		 2019-06-05 -
2019-09-03		 3 months crt.sh
aadcdn.msauth.net
Microsoft IT TLS CA 4		 2018-11-07 -
2020-11-07		 2 years crt.sh

This page contains 2 frames:

Primary Page: https://login.office.com.onmicrosophtdrive.xyz/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3dnMt-LTrcKmgGrd4l89Mp2_LYxpVG6SVFe-XkGzeIcI9ck05GAiK7itgr0pu9dyH4GNk-YR4mizbCV4Dwms96av8sZN8entBiwgASZbNnSKg70QRO57SgCXs3LoYD4srK&nonce=636957738448070344.NTkzZDYyMjQtZDAwNC00NDZhLWE0ZWYtY2IyYzZjNDY4MDZmYzdkMjk4NjQtMTgwNS00NjMzLTg5N2EtNTEwMDFjNTg1OTkz&redirect_uri=https%3a%2f%2fwww.office.com%2f&ui_locales=en-US&mkt=en-US
Frame ID: D1662708A76D5277DE97FB4A91BBFC96
Requests: 9 HTTP requests in this frame

Frame: https://www.office.com.onmicrosophtdrive.xyz.onmicrosophtdrive.xyz/prefetch/prefetch
Frame ID: 777906384D0EBBC5DD58BFCDB7A663F6
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://emarketing.imprezahost.com/campaigns/sg513ed68l889/track-url/tx075hv04zd8a/9108e2fb7a4f9a0153d516daa718... HTTP 301
    https://www.dev.eng.co.za/sites/default/files/config.php HTTP 302
    https://login.office.com.onmicrosophtdrive.xyz/dQeMfXtQ HTTP 302
    https://login.office.com.onmicrosophtdrive.xyz/ HTTP 302
    https://www.office.com.onmicrosophtdrive.xyz/login HTTP 302
    https://login.office.com.onmicrosophtdrive.xyz/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&respo... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • env /^ko$/i
Overall confidence: 100%
Detected patterns
  • env /^webpackJsonp$/i

Page Statistics

10
Requests

90 %
HTTPS

50 %
IPv6

4
Domains

6
Subdomains

3
IPs

2
Countries

490 kB
Transfer

1001 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://emarketing.imprezahost.com/campaigns/sg513ed68l889/track-url/tx075hv04zd8a/9108e2fb7a4f9a0153d516daa71826c7aab01489 HTTP 301
    https://www.dev.eng.co.za/sites/default/files/config.php HTTP 302
    https://login.office.com.onmicrosophtdrive.xyz/dQeMfXtQ HTTP 302
    https://login.office.com.onmicrosophtdrive.xyz/ HTTP 302
    https://www.office.com.onmicrosophtdrive.xyz/login HTTP 302
    https://login.office.com.onmicrosophtdrive.xyz/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3dnMt-LTrcKmgGrd4l89Mp2_LYxpVG6SVFe-XkGzeIcI9ck05GAiK7itgr0pu9dyH4GNk-YR4mizbCV4Dwms96av8sZN8entBiwgASZbNnSKg70QRO57SgCXs3LoYD4srK&nonce=636957738448070344.NTkzZDYyMjQtZDAwNC00NDZhLWE0ZWYtY2IyYzZjNDY4MDZmYzdkMjk4NjQtMTgwNS00NjMzLTg5N2EtNTEwMDFjNTg1OTkz&redirect_uri=https%3a%2f%2fwww.office.com%2f&ui_locales=en-US&mkt=en-US Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set authorize
login.office.com.onmicrosophtdrive.xyz/common/oauth2/
Redirect Chain
  • https://emarketing.imprezahost.com/campaigns/sg513ed68l889/track-url/tx075hv04zd8a/9108e2fb7a4f9a0153d516daa71826c7aab01489
  • https://www.dev.eng.co.za/sites/default/files/config.php
  • https://login.office.com.onmicrosophtdrive.xyz/dQeMfXtQ
  • https://login.office.com.onmicrosophtdrive.xyz/
  • https://www.office.com.onmicrosophtdrive.xyz/login
  • https://login.office.com.onmicrosophtdrive.xyz/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=...
32 KB
33 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.office.com.onmicrosophtdrive.xyz/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3dnMt-LTrcKmgGrd4l89Mp2_LYxpVG6SVFe-XkGzeIcI9ck05GAiK7itgr0pu9dyH4GNk-YR4mizbCV4Dwms96av8sZN8entBiwgASZbNnSKg70QRO57SgCXs3LoYD4srK&nonce=636957738448070344.NTkzZDYyMjQtZDAwNC00NDZhLWE0ZWYtY2IyYzZjNDY4MDZmYzdkMjk4NjQtMTgwNS00NjMzLTg5N2EtNTEwMDFjNTg1OTkz&redirect_uri=https%3a%2f%2fwww.office.com%2f&ui_locales=en-US&mkt=en-US
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
162.241.29.89 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS
162-241-29-89.unifiedlayer.com
Software
/
Resource Hash
6125fb7243748d481ba1b18c5458772254053a5e430b11dd254d9a47ef1c5785

Request headers

Host
login.office.com.onmicrosophtdrive.xyz
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate, br
Cookie
fpc=Ass89sOLJtFAsp0lFPRQNnM; esctx=AQABAAAAAADCoMpjJXrxTq9VG9te-7FX1xGc-gglGTgcJpYmS957b51PJNxPe3t7TRAbfBoQsVFAKx9EVTpFFVUe2Vj9vafhpzrYVcKD8liQYVGDTb-E66fD0JEldy2uDa4YP2V_XajiLw7QLmNLEZ0IMcP2M-RyGQqMpFSFbz6sFHv_KvRfyeZgkpGrChV9wqBGipb_vssgAA; x-ms-gateway-slice=prod; stsservicecookie=ests; MUID=3BF613C8802762E21DEC1EBF814B63CB
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Cache-Control
no-cache, no-store
Connection
close
Content-Type
text/html; charset=utf-8
Date
Mon, 10 Jun 2019 14:30:44 GMT
Expires
-1
Link
<https://aadcdn.msauth.net>; rel=preconnect; crossorigin <https://aadcdn.msauth.net>; rel=dns-prefetch <https://aadcdn.msftauth.net>; rel=dns-prefetch
P3p
CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma
no-cache
Set-Cookie
buid=AQABAAEAAADCoMpjJXrxTq9VG9te-7FX-VKqSt0ps0WkVx8j2P31WUz7QT0rz4CHQIiCXAQP6ADyYiY4QyGeY7tLmJUaZ8BLk6CNBa9plgmipkDGQ1p-SRHYTZRIOl-57Bn0P4Nqp4wgAA; Path=/; HttpOnly fpc=Ass89sOLJtFAsp0lFPRQNnN9Hyj2AQAAAJVgkNQOAAAA; Path=/; HttpOnly x-ms-gateway-slice=prod; Path=/; HttpOnly stsservicecookie=ests; Path=/; HttpOnly
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Dns-Prefetch-Control
on
X-Ms-Request-Id
19480472-bedb-455c-ba8e-69c807c4d700

Redirect headers

Connection
close
Content-Type
text/html; charset=utf-8
Date
Mon, 10 Jun 2019 14:30:44 GMT
Location
https://login.office.com.onmicrosophtdrive.xyz/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3dnMt-LTrcKmgGrd4l89Mp2_LYxpVG6SVFe-XkGzeIcI9ck05GAiK7itgr0pu9dyH4GNk-YR4mizbCV4Dwms96av8sZN8entBiwgASZbNnSKg70QRO57SgCXs3LoYD4srK&nonce=636957738448070344.NTkzZDYyMjQtZDAwNC00NDZhLWE0ZWYtY2IyYzZjNDY4MDZmYzdkMjk4NjQtMTgwNS00NjMzLTg5N2EtNTEwMDFjNTg1OTkz&redirect_uri=https%3a%2f%2fwww.office.com%2f&ui_locales=en-US&mkt=en-US
Referrer-Policy
strict-origin-when-cross-origin
Set-Cookie
OH.DCAffinity=OH-scu; Path=/; HttpOnly OpenIdConnect.nonce.sEVrhs%2B8YnAv9TiTyBzpVLpWH%2BMj6tBYTLX4urPq5UQ%3D=LVBOSlN3MWRUeEtQcVhTNVdtZThYSDYtQ3c5UkFUbEZ2S2ZZYVNxOGloS01mdkJObjZmSVJycWVZbTc3VHZHMUwtTE9wV2JSS2hDbkg1ZV91enYyQk53b0VlcHBRd2VwcXRKYjk5QjFqUmxKTVcxODZFYnE3VmJiaTQ0YkhXWExWNFVvNHAzUUVsNVJTSVVOVUlieURyQndlckp3b29yV3NiVldRcmE4aVdXeGNMM1lkbVM0dzdmOF9rLWNMRm1Cbm11MzhodW1yUGRFLWE0WW5tOVNLOE1Ydm83V0d6UENEY0lZbFU5VDQ1QnU1bUNnUmtFdWV1T2psNEVia0hjUg%3D%3D; Path=/; HttpOnly OH.SID=088bfd69-04d8-4d77-acfc-4ee29fcd557d; Path=/; HttpOnly OH.DCAffinity=OH-scu; Path=/; HttpOnly OpenIdConnect.nonce.sEVrhs%2B8YnAv9TiTyBzpVLpWH%2BMj6tBYTLX4urPq5UQ%3D=LVBOSlN3MWRUeEtQcVhTNVdtZThYSDYtQ3c5UkFUbEZ2S2ZZYVNxOGloS01mdkJObjZmSVJycWVZbTc3VHZHMUwtTE9wV2JSS2hDbkg1ZV91enYyQk53b0VlcHBRd2VwcXRKYjk5QjFqUmxKTVcxODZFYnE3VmJiaTQ0YkhXWExWNFVvNHAzUUVsNVJTSVVOVUlieURyQndlckp3b29yV3NiVldRcmE4aVdXeGNMM1lkbVM0dzdmOF9rLWNMRm1Cbm11MzhodW1yUGRFLWE0WW5tOVNLOE1Ydm83V0d6UENEY0lZbFU5VDQ1QnU1bUNnUmtFdWV1T2psNEVia0hjUg%3D%3D; Path=/; HttpOnly MUID=3BF613C8802762E21DEC1EBF814B63CB; Path=/; Domain=office.com.onmicrosophtdrive.xyz
Transfer-Encoding
chunked
X-Msedge-Ref
Ref A: A819C26769B74018AC0730196DFA447D Ref B: SN1EDGE0713 Ref C: 2019-06-10T14:30:44Z
X-Ua-Compatible
IE=edge,chrome=1
converged.v2.login.min_z1htakqfwzrhpmx9_wmc6w2.css
aadcdn.msauth.net/ests/2.1/content/cdnbundles/ 		99 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_z1htakqfwzrhpmx9_wmc6w2.css
Requested by
Host: login.office.com.onmicrosophtdrive.xyz
URL: https://login.office.com.onmicrosophtdrive.xyz/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3dnMt-LTrcKmgGrd4l89Mp2_LYxpVG6SVFe-XkGzeIcI9ck05GAiK7itgr0pu9dyH4GNk-YR4mizbCV4Dwms96av8sZN8entBiwgASZbNnSKg70QRO57SgCXs3LoYD4srK&nonce=636957738448070344.NTkzZDYyMjQtZDAwNC00NDZhLWE0ZWYtY2IyYzZjNDY4MDZmYzdkMjk4NjQtMTgwNS00NjMzLTg5N2EtNTEwMDFjNTg1OTkz&redirect_uri=https%3a%2f%2fwww.office.com%2f&ui_locales=en-US&mkt=en-US
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::10 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
bbc357d53cb02e47dceb5928070a6ff8a5d3ffd4701bb3cf88eb4e4c4f111328

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://login.office.com.onmicrosophtdrive.xyz/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3dnMt-LTrcKmgGrd4l89Mp2_LYxpVG6SVFe-XkGzeIcI9ck05GAiK7itgr0pu9dyH4GNk-YR4mizbCV4Dwms96av8sZN8entBiwgASZbNnSKg70QRO57SgCXs3LoYD4srK&nonce=636957738448070344.NTkzZDYyMjQtZDAwNC00NDZhLWE0ZWYtY2IyYzZjNDY4MDZmYzdkMjk4NjQtMTgwNS00NjMzLTg5N2EtNTEwMDFjNTg1OTkz&redirect_uri=https%3a%2f%2fwww.office.com%2f&ui_locales=en-US&mkt=en-US
Origin
https://login.office.com.onmicrosophtdrive.xyz

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 10 Jun 2019 14:30:45 GMT
content-encoding
gzip
x-azure-ref-originshield
0U+f8XAAAAADQMVpLc57bQqQrh0rUDo9GQU1TRURHRTA0MDkAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-md5
whcd84i9hBldgXcC4B+QZQ==
status
200
content-length
18716
x-ms-lease-status
unlocked
last-modified
Mon, 13 May 2019 22:56:47 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D6D7F647566C25
x-azure-ref
0lWn+XAAAAADyMHkCUMKyQ6Qt5pi7BXIlVklFRURHRTAyMTcAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
dd7e9d81-d01e-0052-6ab2-1e0244000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
ux.converged.login.pcore.min_qsib_xcszy_tpu0gidz6sq2.js
aadcdn.msauth.net/ests/2.1/content/cdnbundles/ 		553 KB
144 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.login.pcore.min_qsib_xcszy_tpu0gidz6sq2.js
Requested by
Host: login.office.com.onmicrosophtdrive.xyz
URL: https://login.office.com.onmicrosophtdrive.xyz/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3dnMt-LTrcKmgGrd4l89Mp2_LYxpVG6SVFe-XkGzeIcI9ck05GAiK7itgr0pu9dyH4GNk-YR4mizbCV4Dwms96av8sZN8entBiwgASZbNnSKg70QRO57SgCXs3LoYD4srK&nonce=636957738448070344.NTkzZDYyMjQtZDAwNC00NDZhLWE0ZWYtY2IyYzZjNDY4MDZmYzdkMjk4NjQtMTgwNS00NjMzLTg5N2EtNTEwMDFjNTg1OTkz&redirect_uri=https%3a%2f%2fwww.office.com%2f&ui_locales=en-US&mkt=en-US
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::10 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
c8c35cc0013c75828170dd5753df338b0667ce37a2dca2a5d32a44b582efba50

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://login.office.com.onmicrosophtdrive.xyz/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3dnMt-LTrcKmgGrd4l89Mp2_LYxpVG6SVFe-XkGzeIcI9ck05GAiK7itgr0pu9dyH4GNk-YR4mizbCV4Dwms96av8sZN8entBiwgASZbNnSKg70QRO57SgCXs3LoYD4srK&nonce=636957738448070344.NTkzZDYyMjQtZDAwNC00NDZhLWE0ZWYtY2IyYzZjNDY4MDZmYzdkMjk4NjQtMTgwNS00NjMzLTg5N2EtNTEwMDFjNTg1OTkz&redirect_uri=https%3a%2f%2fwww.office.com%2f&ui_locales=en-US&mkt=en-US
Origin
https://login.office.com.onmicrosophtdrive.xyz

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 10 Jun 2019 14:30:45 GMT
content-encoding
gzip
x-azure-ref-originshield
0wmT7XAAAAACXCYLWOpkbT6m2gGr2iVbhQU1TRURHRTA1MTcAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-md5
mA5E76sf2qQWkf9sa5WhuQ==
status
200
content-length
147076
x-ms-lease-status
unlocked
last-modified
Thu, 16 May 2019 02:11:30 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D6D9A3CF6B5418
x-azure-ref
0lWn+XAAAAAAxTKEGU2nAQrmJWV0Lg+gqVklFRURHRTAyMTcAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
c6dc4240-901e-0056-59ee-1aae4c000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
ux.converged.login.strings-en.min_ll9-c1j1nju3y_dxmtyxnq2.js
aadcdn.msauth.net/ests/2.1/content/cdnbundles/ 		32 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_ll9-c1j1nju3y_dxmtyxnq2.js
Requested by
Host: login.office.com.onmicrosophtdrive.xyz
URL: https://login.office.com.onmicrosophtdrive.xyz/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3dnMt-LTrcKmgGrd4l89Mp2_LYxpVG6SVFe-XkGzeIcI9ck05GAiK7itgr0pu9dyH4GNk-YR4mizbCV4Dwms96av8sZN8entBiwgASZbNnSKg70QRO57SgCXs3LoYD4srK&nonce=636957738448070344.NTkzZDYyMjQtZDAwNC00NDZhLWE0ZWYtY2IyYzZjNDY4MDZmYzdkMjk4NjQtMTgwNS00NjMzLTg5N2EtNTEwMDFjNTg1OTkz&redirect_uri=https%3a%2f%2fwww.office.com%2f&ui_locales=en-US&mkt=en-US
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::10 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
b2ee81ba8d9bd95224eb0d68942999c0cec24826221526bd6758361cddae8648

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://login.office.com.onmicrosophtdrive.xyz/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3dnMt-LTrcKmgGrd4l89Mp2_LYxpVG6SVFe-XkGzeIcI9ck05GAiK7itgr0pu9dyH4GNk-YR4mizbCV4Dwms96av8sZN8entBiwgASZbNnSKg70QRO57SgCXs3LoYD4srK&nonce=636957738448070344.NTkzZDYyMjQtZDAwNC00NDZhLWE0ZWYtY2IyYzZjNDY4MDZmYzdkMjk4NjQtMTgwNS00NjMzLTg5N2EtNTEwMDFjNTg1OTkz&redirect_uri=https%3a%2f%2fwww.office.com%2f&ui_locales=en-US&mkt=en-US
Origin
https://login.office.com.onmicrosophtdrive.xyz

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 10 Jun 2019 14:30:45 GMT
content-encoding
gzip
x-azure-ref-originshield
03Qz9XAAAAAA7fMnW8V6RTI7m2DcJiiNDQU1TRURHRTA2MjIAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-md5
y/Y9zz+BKktXNn8fy7Of1Q==
status
200
content-length
10250
x-ms-lease-status
unlocked
last-modified
Thu, 16 May 2019 02:11:32 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D6D9A3D0C927D5
x-azure-ref
0lWn+XAAAAABoqfJmfkZ9Q7vMG8HNhNiWVklFRURHRTAyMTcAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
cc0326a1-201e-0079-4328-1ab660000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
prefetch
www.office.com.onmicrosophtdrive.xyz.onmicrosophtdrive.xyz/prefetch/ Frame 7779 		0
0
microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
aadcdn.msauth.net/ests/2.1/content/images/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msauth.net/ests/2.1/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::10 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

Referer
https://login.office.com.onmicrosophtdrive.xyz/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3dnMt-LTrcKmgGrd4l89Mp2_LYxpVG6SVFe-XkGzeIcI9ck05GAiK7itgr0pu9dyH4GNk-YR4mizbCV4Dwms96av8sZN8entBiwgASZbNnSKg70QRO57SgCXs3LoYD4srK&nonce=636957738448070344.NTkzZDYyMjQtZDAwNC00NDZhLWE0ZWYtY2IyYzZjNDY4MDZmYzdkMjk4NjQtMTgwNS00NjMzLTg5N2EtNTEwMDFjNTg1OTkz&redirect_uri=https%3a%2f%2fwww.office.com%2f&ui_locales=en-US&mkt=en-US
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 10 Jun 2019 14:30:45 GMT
content-encoding
gzip
x-azure-ref-originshield
0ZhL8XAAAAAAZ1MgNeOJGQ6ASQSidrELbQU1TRURHRTA1MTcAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-md5
nzaLxFgP7ZB3dfMcaybWzw==
status
200
content-length
1435
x-ms-lease-status
unlocked
last-modified
Fri, 02 Nov 2018 20:25:31 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D64101560D5E58
x-azure-ref
0lmn+XAAAAAAnPCV5QzqhSLjWOedf7inlVklFRURHRTAxMTYAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
79051a22-401e-0043-54d2-1a9964000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=604800
x-ms-version
2009-09-19
ellipsis_white_5ac590ee72bfe06a7cecfd75b588ad73.svg
aadcdn.msauth.net/ests/2.1/content/images/ 		915 B
561 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msauth.net/ests/2.1/content/images/ellipsis_white_5ac590ee72bfe06a7cecfd75b588ad73.svg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::10 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea

Request headers

Referer
https://login.office.com.onmicrosophtdrive.xyz/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3dnMt-LTrcKmgGrd4l89Mp2_LYxpVG6SVFe-XkGzeIcI9ck05GAiK7itgr0pu9dyH4GNk-YR4mizbCV4Dwms96av8sZN8entBiwgASZbNnSKg70QRO57SgCXs3LoYD4srK&nonce=636957738448070344.NTkzZDYyMjQtZDAwNC00NDZhLWE0ZWYtY2IyYzZjNDY4MDZmYzdkMjk4NjQtMTgwNS00NjMzLTg5N2EtNTEwMDFjNTg1OTkz&redirect_uri=https%3a%2f%2fwww.office.com%2f&ui_locales=en-US&mkt=en-US
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 10 Jun 2019 14:30:45 GMT
content-encoding
gzip
x-azure-ref-originshield
0AyT7XAAAAABgl5UiEyMeRoZvVsHHU7QFQU1TRURHRTA2MjEAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-md5
HMwsHhNXdtrfirQDkzcqMA==
status
200
content-length
263
x-ms-lease-status
unlocked
last-modified
Fri, 02 Nov 2018 20:25:24 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D64101521A1ED5
x-azure-ref
0lmn+XAAAAADIMo6EZucIRIZaVZNXzUsoVklFRURHRTAxMTYAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
e587d67c-601e-006d-4f21-1aaa4a000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=604800
x-ms-version
2009-09-19
ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg
aadcdn.msauth.net/ests/2.1/content/images/ 		915 B
556 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msauth.net/ests/2.1/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::10 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6

Request headers

Referer
https://login.office.com.onmicrosophtdrive.xyz/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3dnMt-LTrcKmgGrd4l89Mp2_LYxpVG6SVFe-XkGzeIcI9ck05GAiK7itgr0pu9dyH4GNk-YR4mizbCV4Dwms96av8sZN8entBiwgASZbNnSKg70QRO57SgCXs3LoYD4srK&nonce=636957738448070344.NTkzZDYyMjQtZDAwNC00NDZhLWE0ZWYtY2IyYzZjNDY4MDZmYzdkMjk4NjQtMTgwNS00NjMzLTg5N2EtNTEwMDFjNTg1OTkz&redirect_uri=https%3a%2f%2fwww.office.com%2f&ui_locales=en-US&mkt=en-US
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 10 Jun 2019 14:30:45 GMT
content-encoding
gzip
x-azure-ref-originshield
0OVn+XAAAAAAr6Qe19K5aSbwm8hj+HvcVQU1TRURHRTA0MTcAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-md5
/a3y/mpA+HRaVAiPACrsog==
status
200
content-length
263
x-ms-lease-status
unlocked
last-modified
Fri, 02 Nov 2018 20:25:23 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D641015168A4FB
x-azure-ref
0lmn+XAAAAAD6uH1ZfBKUQL3nScRdhzARVklFRURHRTAxMTYAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
73110893-e01e-0031-7d1b-1a3d60000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=604800
x-ms-version
2009-09-19
0-small_138bcee624fa04ef9b75e86211a9fe0d.jpg
aadcdn.msauth.net/ests/2.1/content/images/backgrounds/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msauth.net/ests/2.1/content/images/backgrounds/0-small_138bcee624fa04ef9b75e86211a9fe0d.jpg
Requested by
Host: aadcdn.msauth.net
URL: https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.login.pcore.min_qsib_xcszy_tpu0gidz6sq2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::10 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
f89e908280791803bbf1f33b596ff4a2179b355a8e15ad02ebaa2b1da11127ea

Request headers

Referer
https://login.office.com.onmicrosophtdrive.xyz/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3dnMt-LTrcKmgGrd4l89Mp2_LYxpVG6SVFe-XkGzeIcI9ck05GAiK7itgr0pu9dyH4GNk-YR4mizbCV4Dwms96av8sZN8entBiwgASZbNnSKg70QRO57SgCXs3LoYD4srK&nonce=636957738448070344.NTkzZDYyMjQtZDAwNC00NDZhLWE0ZWYtY2IyYzZjNDY4MDZmYzdkMjk4NjQtMTgwNS00NjMzLTg5N2EtNTEwMDFjNTg1OTkz&redirect_uri=https%3a%2f%2fwww.office.com%2f&ui_locales=en-US&mkt=en-US
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 10 Jun 2019 14:30:45 GMT
x-azure-ref-originshield
0hV3+XAAAAAAfLXAlerUnT6c/peq2OZ7OQU1TRURHRTA0MjEAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-md5
E4vO5iT6BO+bdehiEan+DQ==
status
200
content-length
3006
x-ms-lease-status
unlocked
last-modified
Fri, 02 Nov 2018 20:26:29 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D6410178AD3FAD
x-azure-ref
0lmn+XAAAAADse9nQz010ToLZfBX4Pi7YVklFRURHRTAxMTYAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-type
image/jpeg
access-control-allow-origin
*
x-ms-request-id
c03493f7-001e-0003-5824-1b4a75000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=604800
x-ms-version
2009-09-19
0_a5dbd4393ff6a725c7e62b61df7e72f0.jpg
aadcdn.msauth.net/ests/2.1/content/images/backgrounds/ 		277 KB
277 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msauth.net/ests/2.1/content/images/backgrounds/0_a5dbd4393ff6a725c7e62b61df7e72f0.jpg
Requested by
Host: aadcdn.msauth.net
URL: https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.login.pcore.min_qsib_xcszy_tpu0gidz6sq2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::10 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb

Request headers

Referer
https://login.office.com.onmicrosophtdrive.xyz/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3dnMt-LTrcKmgGrd4l89Mp2_LYxpVG6SVFe-XkGzeIcI9ck05GAiK7itgr0pu9dyH4GNk-YR4mizbCV4Dwms96av8sZN8entBiwgASZbNnSKg70QRO57SgCXs3LoYD4srK&nonce=636957738448070344.NTkzZDYyMjQtZDAwNC00NDZhLWE0ZWYtY2IyYzZjNDY4MDZmYzdkMjk4NjQtMTgwNS00NjMzLTg5N2EtNTEwMDFjNTg1OTkz&redirect_uri=https%3a%2f%2fwww.office.com%2f&ui_locales=en-US&mkt=en-US
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 10 Jun 2019 14:30:45 GMT
x-azure-ref-originshield
0wEH+XAAAAAD73Xj35xyeQpmM1sl2LBYpQU1TRURHRTA1MTUAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-md5
pdvUOT/2pyXH5ith335y8A==
status
200
content-length
283351
x-ms-lease-status
unlocked
last-modified
Fri, 02 Nov 2018 20:26:29 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D6410178E329F6
x-azure-ref
0lmn+XAAAAABlZAsZY0ihT614CDUt6NfPVklFRURHRTAxMTYAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-type
image/jpeg
access-control-allow-origin
*
x-ms-request-id
a25cc255-c01e-000f-1821-1abe6c000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=604800
x-ms-version
2009-09-19

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.office.com.onmicrosophtdrive.xyz.onmicrosophtdrive.xyz
URL
https://www.office.com.onmicrosophtdrive.xyz.onmicrosophtdrive.xyz/prefetch/prefetch

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask object| $Config object| $Debug object| $Do function| $Loader object| $WebWatson function| GetString function| GetErrorString function| GetUrl object| $B object| ServerData function| webpackJsonp object| ko object| PROOF object| StringRepository boolean| __ConvergedLogin_PCore boolean| __

1 Cookies

Domain/Path Name / Value
login.office.com.onmicrosophtdrive.xyz/common/oauth2 Name: CkTst
Value: G1560177045995