urlscan.io logo urlscan.io
SecurityTrails logo

login.office.com.onmicrosophtdrive.xyz Open in urlscan Pro
162.241.29.89  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://emarketing.imprezahost.com/campaigns/sg513ed68l889/track-url/tx075hv04zd8a/9108e2fb7a4f9a0153d516daa71826c7aab01489
Effective URL: https://login.office.com.onmicrosophtdrive.xyz/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&r...
Submission: On June 10 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 11 HTTP transactions. The main IP is 162.241.29.89, located in Provo, United States and belongs to UNIFIEDLAYER-AS-1 - Unified Layer, US. The main domain is login.office.com.onmicrosophtdrive.xyz.
TLS certificate: Issued by Let's Encrypt Authority X3 on June 5th 2019. Valid for: 3 months.
This is the only time login.office.com.onmicrosophtdrive.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 1 41.203.16.156 37153 (HETZNER)
3 5 162.241.29.89 46606 (UNIFIEDLA...)
8 152.199.23.37 15133 (EDGECAST)
11 3
1    2606:4700:20::6819:2f1e (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
emarketing.imprezahost.com
1    41.203.16.156 (South Africa)

ASN37153 (HETZNER, ZA)
www.dev.eng.co.za
5    162.241.29.89 (Provo, United States)

ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
PTR: 162-241-29-89.unifiedlayer.com
login.office.com.onmicrosophtdrive.xyz
www.office.com.onmicrosophtdrive.xyz
8    152.199.23.37 (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)
aadcdn.msftauth.net
Domain Requested by
8 aadcdn.msftauth.net login.office.com.onmicrosophtdrive.xyz
aadcdn.msftauth.net
4 login.office.com.onmicrosophtdrive.xyz 2 redirects aadcdn.msftauth.net
1 www.office.com.onmicrosophtdrive.xyz 1 redirects
1 www.dev.eng.co.za 1 redirects
1 emarketing.imprezahost.com 1 redirects
0 www.office.com.onmicrosophtdrive.xyz.onmicrosophtdrive.xyz Failed aadcdn.msftauth.net
11 6

This site contains links to these domains. Also see Links.

Domain
login.live.com
www.microsoft.com
privacy.microsoft.com
Subject Issuer Validity Valid
login.office.com.onmicrosophtdrive.xyz
Let's Encrypt Authority X3		 2019-06-05 -
2019-09-03		 3 months crt.sh
aadcdn.msftauth.net
Microsoft IT TLS CA 5		 2018-11-07 -
2020-11-07		 2 years crt.sh

This page contains 2 frames:

Primary Page: https://login.office.com.onmicrosophtdrive.xyz/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3d6k21ET0ywtvXdofmkVgpnar4P27Qsbd5VzyIBlZuLFMp2IIwwwZRTROE8RFLQaDrhGSCWvG-MsWnRlCa8G_BIFTAjlSUWwQVwOyLnnaH17XRx4CZDOjEt6_L2ACMfrWu&nonce=636957735226146229.MGNiNjViODItYmQ2ZS00ODBkLWE2NjctY2FjMzkyNTlhNDRkYmI3ZmJmNWYtZTAyMy00NmEwLWI2NjktNDgxZjAxYmU5MzRl&redirect_uri=https%3a%2f%2fwww.office.com%2f&ui_locales=en-US&mkt=en-US
Frame ID: 5F739A6201BB2FF0EBED0E46F890FA1B
Requests: 10 HTTP requests in this frame

Frame: https://www.office.com.onmicrosophtdrive.xyz.onmicrosophtdrive.xyz/prefetch/prefetch
Frame ID: 7CE11293B4A4AAEC7897E33DA918908A
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://emarketing.imprezahost.com/campaigns/sg513ed68l889/track-url/tx075hv04zd8a/9108e2fb7a4f9a0153d516daa718... HTTP 301
    https://www.dev.eng.co.za/sites/default/files/config.php HTTP 302
    https://login.office.com.onmicrosophtdrive.xyz/dQeMfXtQ HTTP 302
    https://login.office.com.onmicrosophtdrive.xyz/ HTTP 302
    https://www.office.com.onmicrosophtdrive.xyz/login HTTP 302
    https://login.office.com.onmicrosophtdrive.xyz/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&respo... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • env /^ko$/i
Overall confidence: 100%
Detected patterns
  • env /^webpackJsonp$/i

Page Statistics

11
Requests

91 %
HTTPS

25 %
IPv6

4
Domains

6
Subdomains

3
IPs

2
Countries

490 kB
Transfer

1002 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://emarketing.imprezahost.com/campaigns/sg513ed68l889/track-url/tx075hv04zd8a/9108e2fb7a4f9a0153d516daa71826c7aab01489 HTTP 301
    https://www.dev.eng.co.za/sites/default/files/config.php HTTP 302
    https://login.office.com.onmicrosophtdrive.xyz/dQeMfXtQ HTTP 302
    https://login.office.com.onmicrosophtdrive.xyz/ HTTP 302
    https://www.office.com.onmicrosophtdrive.xyz/login HTTP 302
    https://login.office.com.onmicrosophtdrive.xyz/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3d6k21ET0ywtvXdofmkVgpnar4P27Qsbd5VzyIBlZuLFMp2IIwwwZRTROE8RFLQaDrhGSCWvG-MsWnRlCa8G_BIFTAjlSUWwQVwOyLnnaH17XRx4CZDOjEt6_L2ACMfrWu&nonce=636957735226146229.MGNiNjViODItYmQ2ZS00ODBkLWE2NjctY2FjMzkyNTlhNDRkYmI3ZmJmNWYtZTAyMy00NmEwLWI2NjktNDgxZjAxYmU5MzRl&redirect_uri=https%3a%2f%2fwww.office.com%2f&ui_locales=en-US&mkt=en-US Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set authorize
login.office.com.onmicrosophtdrive.xyz/common/oauth2/
Redirect Chain
  • https://emarketing.imprezahost.com/campaigns/sg513ed68l889/track-url/tx075hv04zd8a/9108e2fb7a4f9a0153d516daa71826c7aab01489
  • https://www.dev.eng.co.za/sites/default/files/config.php
  • https://login.office.com.onmicrosophtdrive.xyz/dQeMfXtQ
  • https://login.office.com.onmicrosophtdrive.xyz/
  • https://www.office.com.onmicrosophtdrive.xyz/login
  • https://login.office.com.onmicrosophtdrive.xyz/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=...
32 KB
33 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.office.com.onmicrosophtdrive.xyz/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3d6k21ET0ywtvXdofmkVgpnar4P27Qsbd5VzyIBlZuLFMp2IIwwwZRTROE8RFLQaDrhGSCWvG-MsWnRlCa8G_BIFTAjlSUWwQVwOyLnnaH17XRx4CZDOjEt6_L2ACMfrWu&nonce=636957735226146229.MGNiNjViODItYmQ2ZS00ODBkLWE2NjctY2FjMzkyNTlhNDRkYmI3ZmJmNWYtZTAyMy00NmEwLWI2NjktNDgxZjAxYmU5MzRl&redirect_uri=https%3a%2f%2fwww.office.com%2f&ui_locales=en-US&mkt=en-US
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
162.241.29.89 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS
162-241-29-89.unifiedlayer.com
Software
/
Resource Hash
3bd365bb4995a7bff9aa998a5233f3cc1217bdb27d4e32650d3c6a8fd70280fe

Request headers

Host
login.office.com.onmicrosophtdrive.xyz
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate, br
Cookie
MUID=06F887471275602332168A30131961C9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Cache-Control
no-cache, no-store
Connection
close
Content-Type
text/html; charset=utf-8
Date
Mon, 10 Jun 2019 14:25:23 GMT
Expires
-1
Link
<https://aadcdn.msftauth.net>; rel=preconnect; crossorigin <https://aadcdn.msftauth.net>; rel=dns-prefetch <https://aadcdn.msauth.net>; rel=dns-prefetch
P3p
CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma
no-cache
Set-Cookie
buid=AQABAAEAAADCoMpjJXrxTq9VG9te-7FXxGnTjC73vkFP4uWZf6GHeL0GrwF5ydXdtCWsSBDyYWj32J6eYjU2aTSfAMCmkDmySL98G2MSVVrQ3EnSsPNG8TkDRc-bgtk52s15r29vKgQgAA; Path=/; HttpOnly fpc=AsM6CCk7_gFNjoDS3uiulrh9Hyj2AQAAAFJfkNQOAAAA; Path=/; HttpOnly esctx=AQABAAAAAADCoMpjJXrxTq9VG9te-7FXUwPIViYkKqeELjayfk-Vhc3ueD5mRW2zZE8o_w_oNi6uD68pLqMVT95088XG6lNXjXC--VqHh3_i24XDDuUkRBssjCTK4GyO5DQi2YLG8OUubQhAZh9A1Jm5ca8WAUiyma87rFYWgMp9EBBzjmrK9Vv4xYyAZPiQ2Z6Pproc8LwgAA; Path=/; Domain=login.office.com.onmicrosophtdrive.xyz; HttpOnly x-ms-gateway-slice=prod; Path=/; HttpOnly stsservicecookie=ests; Path=/; HttpOnly
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Dns-Prefetch-Control
on
X-Ms-Request-Id
fc4687e8-5625-4392-87a1-c36d53b21701

Redirect headers

Connection
close
Content-Type
text/html; charset=utf-8
Date
Mon, 10 Jun 2019 14:25:22 GMT
Location
https://login.office.com.onmicrosophtdrive.xyz/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3d6k21ET0ywtvXdofmkVgpnar4P27Qsbd5VzyIBlZuLFMp2IIwwwZRTROE8RFLQaDrhGSCWvG-MsWnRlCa8G_BIFTAjlSUWwQVwOyLnnaH17XRx4CZDOjEt6_L2ACMfrWu&nonce=636957735226146229.MGNiNjViODItYmQ2ZS00ODBkLWE2NjctY2FjMzkyNTlhNDRkYmI3ZmJmNWYtZTAyMy00NmEwLWI2NjktNDgxZjAxYmU5MzRl&redirect_uri=https%3a%2f%2fwww.office.com%2f&ui_locales=en-US&mkt=en-US
Referrer-Policy
strict-origin-when-cross-origin
Set-Cookie
OH.DCAffinity=OH-scu; Path=/; HttpOnly OpenIdConnect.nonce.Pt6lH5m4gsd26UmsfOZe0I35aiTt%2FmUPYYI2nT23z44%3D=UVNfLVBjSzRJZ2FXaklLWXZMamdfWDVvbGszek1sTkMtZHl3TGJYcHlXNzBWRHdQRFZkVkNpS0h1UWtxVS04Y2gzNVU5dlMzSkxyNldTNnM5UE5TYTA2d1plSzhyZG1RREVoTnZTOXVYNHdaZGRmY19MOG8xd1pjUXVXcXJRSjJrUGNMVXFLcmllNTVUTm1wMW1EckwxVzhuMEpHZzVqR295WFFYLVVRZ1JCemlfdWc3clN0c0I2dmRpaXF5NHhCVEh1QVBxaThQSEtvTWt5ZURkOUVmSjh6R1N5TXpCelNYUS1Pd3diclhsYXMyRHpZcEZfYk1RTENRZG4wU1FHVg%3D%3D; Path=/; HttpOnly OH.SID=283e51cd-ae8c-4346-8264-7d4cefd1e89c; Path=/; HttpOnly OH.DCAffinity=OH-scu; Path=/; HttpOnly OpenIdConnect.nonce.Pt6lH5m4gsd26UmsfOZe0I35aiTt%2FmUPYYI2nT23z44%3D=UVNfLVBjSzRJZ2FXaklLWXZMamdfWDVvbGszek1sTkMtZHl3TGJYcHlXNzBWRHdQRFZkVkNpS0h1UWtxVS04Y2gzNVU5dlMzSkxyNldTNnM5UE5TYTA2d1plSzhyZG1RREVoTnZTOXVYNHdaZGRmY19MOG8xd1pjUXVXcXJRSjJrUGNMVXFLcmllNTVUTm1wMW1EckwxVzhuMEpHZzVqR295WFFYLVVRZ1JCemlfdWc3clN0c0I2dmRpaXF5NHhCVEh1QVBxaThQSEtvTWt5ZURkOUVmSjh6R1N5TXpCelNYUS1Pd3diclhsYXMyRHpZcEZfYk1RTENRZG4wU1FHVg%3D%3D; Path=/; HttpOnly MUID=06F887471275602332168A30131961C9; Path=/; Domain=office.com.onmicrosophtdrive.xyz
Transfer-Encoding
chunked
X-Msedge-Ref
Ref A: AF8E25494CC34C909CD8BA69E16872F3 Ref B: SN1EDGE1012 Ref C: 2019-06-10T14:25:22Z
X-Ua-Compatible
IE=edge,chrome=1
converged.v2.login.min_z1htakqfwzrhpmx9_wmc6w2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 		99 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_z1htakqfwzrhpmx9_wmc6w2.css
Requested by
Host: login.office.com.onmicrosophtdrive.xyz
URL: https://login.office.com.onmicrosophtdrive.xyz/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3d6k21ET0ywtvXdofmkVgpnar4P27Qsbd5VzyIBlZuLFMp2IIwwwZRTROE8RFLQaDrhGSCWvG-MsWnRlCa8G_BIFTAjlSUWwQVwOyLnnaH17XRx4CZDOjEt6_L2ACMfrWu&nonce=636957735226146229.MGNiNjViODItYmQ2ZS00ODBkLWE2NjctY2FjMzkyNTlhNDRkYmI3ZmJmNWYtZTAyMy00NmEwLWI2NjktNDgxZjAxYmU5MzRl&redirect_uri=https%3a%2f%2fwww.office.com%2f&ui_locales=en-US&mkt=en-US
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (frc/8F20) /
Resource Hash
bbc357d53cb02e47dceb5928070a6ff8a5d3ffd4701bb3cf88eb4e4c4f111328

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://login.office.com.onmicrosophtdrive.xyz/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3d6k21ET0ywtvXdofmkVgpnar4P27Qsbd5VzyIBlZuLFMp2IIwwwZRTROE8RFLQaDrhGSCWvG-MsWnRlCa8G_BIFTAjlSUWwQVwOyLnnaH17XRx4CZDOjEt6_L2ACMfrWu&nonce=636957735226146229.MGNiNjViODItYmQ2ZS00ODBkLWE2NjctY2FjMzkyNTlhNDRkYmI3ZmJmNWYtZTAyMy00NmEwLWI2NjktNDgxZjAxYmU5MzRl&redirect_uri=https%3a%2f%2fwww.office.com%2f&ui_locales=en-US&mkt=en-US
Origin
https://login.office.com.onmicrosophtdrive.xyz

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 10 Jun 2019 14:25:23 GMT
content-encoding
gzip
content-md5
whcd84i9hBldgXcC4B+QZQ==
x-cache
HIT
status
200
content-length
18716
x-ms-lease-status
unlocked
last-modified
Mon, 13 May 2019 22:58:45 GMT
server
ECAcc (frc/8F20)
etag
0x8D6D7F68DA8BBE7
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
5b890e19-701e-0011-5102-0c9fa0000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
ux.converged.login.pcore.min_qsib_xcszy_tpu0gidz6sq2.js
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 		553 KB
144 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.pcore.min_qsib_xcszy_tpu0gidz6sq2.js
Requested by
Host: login.office.com.onmicrosophtdrive.xyz
URL: https://login.office.com.onmicrosophtdrive.xyz/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3d6k21ET0ywtvXdofmkVgpnar4P27Qsbd5VzyIBlZuLFMp2IIwwwZRTROE8RFLQaDrhGSCWvG-MsWnRlCa8G_BIFTAjlSUWwQVwOyLnnaH17XRx4CZDOjEt6_L2ACMfrWu&nonce=636957735226146229.MGNiNjViODItYmQ2ZS00ODBkLWE2NjctY2FjMzkyNTlhNDRkYmI3ZmJmNWYtZTAyMy00NmEwLWI2NjktNDgxZjAxYmU5MzRl&redirect_uri=https%3a%2f%2fwww.office.com%2f&ui_locales=en-US&mkt=en-US
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (frc/8F1E) /
Resource Hash
c8c35cc0013c75828170dd5753df338b0667ce37a2dca2a5d32a44b582efba50

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://login.office.com.onmicrosophtdrive.xyz/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3d6k21ET0ywtvXdofmkVgpnar4P27Qsbd5VzyIBlZuLFMp2IIwwwZRTROE8RFLQaDrhGSCWvG-MsWnRlCa8G_BIFTAjlSUWwQVwOyLnnaH17XRx4CZDOjEt6_L2ACMfrWu&nonce=636957735226146229.MGNiNjViODItYmQ2ZS00ODBkLWE2NjctY2FjMzkyNTlhNDRkYmI3ZmJmNWYtZTAyMy00NmEwLWI2NjktNDgxZjAxYmU5MzRl&redirect_uri=https%3a%2f%2fwww.office.com%2f&ui_locales=en-US&mkt=en-US
Origin
https://login.office.com.onmicrosophtdrive.xyz

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 10 Jun 2019 14:25:23 GMT
content-encoding
gzip
content-md5
mA5E76sf2qQWkf9sa5WhuQ==
x-cache
HIT
status
200
content-length
147076
x-ms-lease-status
unlocked
last-modified
Thu, 16 May 2019 02:12:41 GMT
server
ECAcc (frc/8F1E)
etag
0x8D6D9A3F9FE083F
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
1597578c-c01e-000c-6d02-0c1206000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
ux.converged.login.strings-en.min_ll9-c1j1nju3y_dxmtyxnq2.js
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_ll9-c1j1nju3y_dxmtyxnq2.js
Requested by
Host: login.office.com.onmicrosophtdrive.xyz
URL: https://login.office.com.onmicrosophtdrive.xyz/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3d6k21ET0ywtvXdofmkVgpnar4P27Qsbd5VzyIBlZuLFMp2IIwwwZRTROE8RFLQaDrhGSCWvG-MsWnRlCa8G_BIFTAjlSUWwQVwOyLnnaH17XRx4CZDOjEt6_L2ACMfrWu&nonce=636957735226146229.MGNiNjViODItYmQ2ZS00ODBkLWE2NjctY2FjMzkyNTlhNDRkYmI3ZmJmNWYtZTAyMy00NmEwLWI2NjktNDgxZjAxYmU5MzRl&redirect_uri=https%3a%2f%2fwww.office.com%2f&ui_locales=en-US&mkt=en-US
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (frc/8F87) /
Resource Hash
b2ee81ba8d9bd95224eb0d68942999c0cec24826221526bd6758361cddae8648

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://login.office.com.onmicrosophtdrive.xyz/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3d6k21ET0ywtvXdofmkVgpnar4P27Qsbd5VzyIBlZuLFMp2IIwwwZRTROE8RFLQaDrhGSCWvG-MsWnRlCa8G_BIFTAjlSUWwQVwOyLnnaH17XRx4CZDOjEt6_L2ACMfrWu&nonce=636957735226146229.MGNiNjViODItYmQ2ZS00ODBkLWE2NjctY2FjMzkyNTlhNDRkYmI3ZmJmNWYtZTAyMy00NmEwLWI2NjktNDgxZjAxYmU5MzRl&redirect_uri=https%3a%2f%2fwww.office.com%2f&ui_locales=en-US&mkt=en-US
Origin
https://login.office.com.onmicrosophtdrive.xyz

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 10 Jun 2019 14:25:23 GMT
content-encoding
gzip
content-md5
y/Y9zz+BKktXNn8fy7Of1Q==
x-cache
HIT
status
200
content-length
10250
x-ms-lease-status
unlocked
last-modified
Thu, 16 May 2019 02:12:44 GMT
server
ECAcc (frc/8F87)
etag
0x8D6D9A3FBAC4789
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
5c02de1e-901e-0004-0b26-143529000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
prefetch
www.office.com.onmicrosophtdrive.xyz.onmicrosophtdrive.xyz/prefetch/ Frame 7CE1 		0
0
microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
aadcdn.msftauth.net/ests/2.1/content/images/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (frc/8F3A) /
Resource Hash
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

Referer
https://login.office.com.onmicrosophtdrive.xyz/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3d6k21ET0ywtvXdofmkVgpnar4P27Qsbd5VzyIBlZuLFMp2IIwwwZRTROE8RFLQaDrhGSCWvG-MsWnRlCa8G_BIFTAjlSUWwQVwOyLnnaH17XRx4CZDOjEt6_L2ACMfrWu&nonce=636957735226146229.MGNiNjViODItYmQ2ZS00ODBkLWE2NjctY2FjMzkyNTlhNDRkYmI3ZmJmNWYtZTAyMy00NmEwLWI2NjktNDgxZjAxYmU5MzRl&redirect_uri=https%3a%2f%2fwww.office.com%2f&ui_locales=en-US&mkt=en-US
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 10 Jun 2019 14:25:24 GMT
content-encoding
gzip
content-md5
nzaLxFgP7ZB3dfMcaybWzw==
x-cache
HIT
status
200
content-length
1435
x-ms-lease-status
unlocked
last-modified
Fri, 02 Nov 2018 20:25:22 GMT
server
ECAcc (frc/8F3A)
etag
0x8D64101507E84BD
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
da2f3b9d-f01e-0033-55fa-1dec9c000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=604800
x-ms-version
2009-09-19
accept-ranges
bytes
ellipsis_white_5ac590ee72bfe06a7cecfd75b588ad73.svg
aadcdn.msftauth.net/ests/2.1/content/images/ 		915 B
430 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_white_5ac590ee72bfe06a7cecfd75b588ad73.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (frc/8F5C) /
Resource Hash
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea

Request headers

Referer
https://login.office.com.onmicrosophtdrive.xyz/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3d6k21ET0ywtvXdofmkVgpnar4P27Qsbd5VzyIBlZuLFMp2IIwwwZRTROE8RFLQaDrhGSCWvG-MsWnRlCa8G_BIFTAjlSUWwQVwOyLnnaH17XRx4CZDOjEt6_L2ACMfrWu&nonce=636957735226146229.MGNiNjViODItYmQ2ZS00ODBkLWE2NjctY2FjMzkyNTlhNDRkYmI3ZmJmNWYtZTAyMy00NmEwLWI2NjktNDgxZjAxYmU5MzRl&redirect_uri=https%3a%2f%2fwww.office.com%2f&ui_locales=en-US&mkt=en-US
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 10 Jun 2019 14:25:24 GMT
content-encoding
gzip
content-md5
HMwsHhNXdtrfirQDkzcqMA==
x-cache
HIT
status
200
content-length
263
x-ms-lease-status
unlocked
last-modified
Fri, 02 Nov 2018 20:25:15 GMT
server
ECAcc (frc/8F5C)
etag
0x8D641014CC1CD9F
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
21fa96a0-601e-005e-6952-1d5ce1000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=604800
x-ms-version
2009-09-19
accept-ranges
bytes
ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg
aadcdn.msftauth.net/ests/2.1/content/images/ 		915 B
646 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (frc/8F60) /
Resource Hash
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6

Request headers

Referer
https://login.office.com.onmicrosophtdrive.xyz/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3d6k21ET0ywtvXdofmkVgpnar4P27Qsbd5VzyIBlZuLFMp2IIwwwZRTROE8RFLQaDrhGSCWvG-MsWnRlCa8G_BIFTAjlSUWwQVwOyLnnaH17XRx4CZDOjEt6_L2ACMfrWu&nonce=636957735226146229.MGNiNjViODItYmQ2ZS00ODBkLWE2NjctY2FjMzkyNTlhNDRkYmI3ZmJmNWYtZTAyMy00NmEwLWI2NjktNDgxZjAxYmU5MzRl&redirect_uri=https%3a%2f%2fwww.office.com%2f&ui_locales=en-US&mkt=en-US
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 10 Jun 2019 14:25:30 GMT
content-encoding
gzip
content-md5
/a3y/mpA+HRaVAiPACrsog==
x-cache
HIT
status
200
content-length
263
x-ms-lease-status
unlocked
last-modified
Fri, 02 Nov 2018 20:25:14 GMT
server
ECAcc (frc/8F60)
etag
0x8D641014C1EFD89
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
f366910d-e01e-005d-3652-1daf81000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=604800
x-ms-version
2009-09-19
accept-ranges
bytes
0-small_138bcee624fa04ef9b75e86211a9fe0d.jpg
aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/0-small_138bcee624fa04ef9b75e86211a9fe0d.jpg
Requested by
Host: aadcdn.msftauth.net
URL: https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.pcore.min_qsib_xcszy_tpu0gidz6sq2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (frc/8EA0) /
Resource Hash
f89e908280791803bbf1f33b596ff4a2179b355a8e15ad02ebaa2b1da11127ea

Request headers

Referer
https://login.office.com.onmicrosophtdrive.xyz/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3d6k21ET0ywtvXdofmkVgpnar4P27Qsbd5VzyIBlZuLFMp2IIwwwZRTROE8RFLQaDrhGSCWvG-MsWnRlCa8G_BIFTAjlSUWwQVwOyLnnaH17XRx4CZDOjEt6_L2ACMfrWu&nonce=636957735226146229.MGNiNjViODItYmQ2ZS00ODBkLWE2NjctY2FjMzkyNTlhNDRkYmI3ZmJmNWYtZTAyMy00NmEwLWI2NjktNDgxZjAxYmU5MzRl&redirect_uri=https%3a%2f%2fwww.office.com%2f&ui_locales=en-US&mkt=en-US
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 10 Jun 2019 14:24:57 GMT
content-md5
E4vO5iT6BO+bdehiEan+DQ==
x-cache
HIT
status
200
content-length
3006
x-ms-lease-status
unlocked
last-modified
Fri, 02 Nov 2018 20:26:15 GMT
server
ECAcc (frc/8EA0)
etag
0x8D64101700C3AB4
content-type
image/jpeg
access-control-allow-origin
*
x-ms-request-id
2ac558b8-201e-0093-7153-1d6a88000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=604800
x-ms-version
2009-09-19
accept-ranges
bytes
0_a5dbd4393ff6a725c7e62b61df7e72f0.jpg
aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/ 		277 KB
277 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/0_a5dbd4393ff6a725c7e62b61df7e72f0.jpg
Requested by
Host: aadcdn.msftauth.net
URL: https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.pcore.min_qsib_xcszy_tpu0gidz6sq2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (frc/8F10) /
Resource Hash
211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb

Request headers

Referer
https://login.office.com.onmicrosophtdrive.xyz/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3d6k21ET0ywtvXdofmkVgpnar4P27Qsbd5VzyIBlZuLFMp2IIwwwZRTROE8RFLQaDrhGSCWvG-MsWnRlCa8G_BIFTAjlSUWwQVwOyLnnaH17XRx4CZDOjEt6_L2ACMfrWu&nonce=636957735226146229.MGNiNjViODItYmQ2ZS00ODBkLWE2NjctY2FjMzkyNTlhNDRkYmI3ZmJmNWYtZTAyMy00NmEwLWI2NjktNDgxZjAxYmU5MzRl&redirect_uri=https%3a%2f%2fwww.office.com%2f&ui_locales=en-US&mkt=en-US
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 10 Jun 2019 14:25:24 GMT
content-md5
pdvUOT/2pyXH5ith335y8A==
x-cache
HIT
status
200
content-length
283351
x-ms-lease-status
unlocked
last-modified
Fri, 02 Nov 2018 20:26:15 GMT
server
ECAcc (frc/8F10)
etag
0x8D64101702F5B97
content-type
image/jpeg
access-control-allow-origin
*
x-ms-request-id
33c8253b-e01e-007c-4e31-1e2fdd000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=604800
x-ms-version
2009-09-19
accept-ranges
bytes
reportpageload
login.office.com.onmicrosophtdrive.xyz/common/instrumentation/ 		264 B
950 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://login.office.com.onmicrosophtdrive.xyz/common/instrumentation/reportpageload?mkt=en-US
Requested by
Host: aadcdn.msftauth.net
URL: https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.pcore.min_qsib_xcszy_tpu0gidz6sq2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
162.241.29.89 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS
162-241-29-89.unifiedlayer.com
Software
/
Resource Hash
5d7cccb04c07e6fee3b2dda8ab08c0b7e73ff09b3202e1e49e0e15a2c06c48e4

Request headers

hpgrequestid
fc4687e8-5625-4392-87a1-c36d53b21701
Origin
https://login.office.com.onmicrosophtdrive.xyz
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
client-request-id
c7c6f73e-6cd7-4c84-9052-846b6b1c1de7
canary
AQABAAAAAADCoMpjJXrxTq9VG9te-7FX9pBVuwaqwx1rvMeqakDLW1sVv92U1aPS09yF1nhFxNaRc9dfpuEEme6qr4lR_UZllfSdO1FYTeAuXhM4Z-GoO1iuzk2hxHZIB4PVwAFIi6YfcWmn9EtMVfXzHN5wVmVLO-eKx7bjnjZiG77lhH_dPGwGIlHcO0ekbTIu0RwT75VDVqY3aEVzngN5jH2EEMjNluKucCzFjL4yqvQfE3NzYSAA
Content-type
application/json; charset=UTF-8
hpgid
1104
Accept
application/json
Referer
https://login.office.com.onmicrosophtdrive.xyz/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3d6k21ET0ywtvXdofmkVgpnar4P27Qsbd5VzyIBlZuLFMp2IIwwwZRTROE8RFLQaDrhGSCWvG-MsWnRlCa8G_BIFTAjlSUWwQVwOyLnnaH17XRx4CZDOjEt6_L2ACMfrWu&nonce=636957735226146229.MGNiNjViODItYmQ2ZS00ODBkLWE2NjctY2FjMzkyNTlhNDRkYmI3ZmJmNWYtZTAyMy00NmEwLWI2NjktNDgxZjAxYmU5MzRl&redirect_uri=https%3a%2f%2fwww.office.com%2f&ui_locales=en-US&mkt=en-US
hpgact
1800

Response headers

Pragma
no-cache
Date
Mon, 10 Jun 2019 14:25:24 GMT
Client-Request-Id
c7c6f73e-6cd7-4c84-9052-846b6b1c1de7
Access-Control-Allow-Methods
POST, OPTIONS
P3p
CP="DSP CUR OTPi IND OTRi ONL FIN"
Access-Control-Allow-Origin
*
X-Ms-Request-Id
1a139ba5-9c97-42a7-9c38-09543e45fb00
Cache-Control
no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
close
Content-Type
application/json; charset=utf-8
Transfer-Encoding
chunked
Expires
-1

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.office.com.onmicrosophtdrive.xyz.onmicrosophtdrive.xyz
URL
https://www.office.com.onmicrosophtdrive.xyz.onmicrosophtdrive.xyz/prefetch/prefetch

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask object| $Config object| $Debug object| $Do function| $Loader object| $WebWatson function| GetString function| GetErrorString function| GetUrl object| $B object| ServerData function| webpackJsonp object| ko object| PROOF object| StringRepository boolean| __ConvergedLogin_PCore boolean| __

7 Cookies

Domain/Path Name / Value
login.office.com.onmicrosophtdrive.xyz/ Name: stsservicecookie
Value: ests
.login.office.com.onmicrosophtdrive.xyz/ Name: esctx
Value: AQABAAAAAADCoMpjJXrxTq9VG9te-7FXUwPIViYkKqeELjayfk-Vhc3ueD5mRW2zZE8o_w_oNi6uD68pLqMVT95088XG6lNXjXC--VqHh3_i24XDDuUkRBssjCTK4GyO5DQi2YLG8OUubQhAZh9A1Jm5ca8WAUiyma87rFYWgMp9EBBzjmrK9Vv4xYyAZPiQ2Z6Pproc8LwgAA
login.office.com.onmicrosophtdrive.xyz/ Name: buid
Value: AQABAAEAAADCoMpjJXrxTq9VG9te-7FXxGnTjC73vkFP4uWZf6GHeL0GrwF5ydXdtCWsSBDyYWj32J6eYjU2aTSfAMCmkDmySL98G2MSVVrQ3EnSsPNG8TkDRc-bgtk52s15r29vKgQgAA
login.office.com.onmicrosophtdrive.xyz/ Name: x-ms-gateway-slice
Value: prod
login.office.com.onmicrosophtdrive.xyz/ Name: fpc
Value: AsM6CCk7_gFNjoDS3uiulrh9Hyj2AQAAAFJfkNQOAAAA
.office.com.onmicrosophtdrive.xyz/ Name: MUID
Value: 06F887471275602332168A30131961C9
login.office.com.onmicrosophtdrive.xyz/common/oauth2 Name: CkTst
Value: G1560176723900