microsoftonline.lhji.xyz
Open in
urlscan Pro
31.44.4.32
Public Scan
Effective URL: https://microsoftonline.lhji.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3...
Submission: On January 13 via manual from SG — Scanned from DE
Summary
TLS certificate: Issued by R3 on January 6th 2022. Valid for: 3 months.
This is the only time microsoftonline.lhji.xyz was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 18.208.60.216 18.208.60.216 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:2b | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
2 | 78.111.84.94 78.111.84.94 | 208951 (AS-ITGLOB...) (AS-ITGLOBALCOM ITGLOBAL.COM) | |
2 5 | 31.44.4.32 31.44.4.32 | 208951 (AS-ITGLOB...) (AS-ITGLOBALCOM ITGLOBAL.COM) | |
9 | 5 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-18-208-60-216.compute-1.amazonaws.com
userpromailnew.herokuapp.com |
ASN208951 (AS-ITGLOBALCOM ITGLOBAL.COM, NL)
PTR: emiratesfly.org.uk
www.lhji.xyz | |
microsoftonline.lhji.xyz | |
sbkjs5ukji8rfo2.lhji.xyz |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
lhji.xyz
2 redirects
www.lhji.xyz microsoftonline.lhji.xyz sbkjs5ukji8rfo2.lhji.xyz |
146 KB |
2 |
dealxpro.xyz
gw2.dealxpro.xyz |
29 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 541 |
32 KB |
1 |
herokuapp.com
userpromailnew.herokuapp.com |
879 B |
9 | 4 |
Domain | Requested by | |
---|---|---|
2 | microsoftonline.lhji.xyz |
1 redirects
www.lhji.xyz
microsoftonline.lhji.xyz |
2 | www.lhji.xyz |
www.lhji.xyz
|
2 | gw2.dealxpro.xyz |
userpromailnew.herokuapp.com
gw2.dealxpro.xyz |
1 | sbkjs5ukji8rfo2.lhji.xyz | 1 redirects |
1 | code.jquery.com |
userpromailnew.herokuapp.com
|
1 | userpromailnew.herokuapp.com | |
9 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.herokuapp.com Amazon |
2021-06-01 - 2022-06-30 |
a year | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2021-07-14 - 2022-08-14 |
a year | crt.sh |
dealxpro.xyz R3 |
2021-12-23 - 2022-03-23 |
3 months | crt.sh |
lhji.xyz R3 |
2022-01-06 - 2022-04-06 |
3 months | crt.sh |
This page contains 1 frames:
Frame:
https://microsoftonline.lhji.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fsbkjs5ukji8rfo2.lhji.xyz%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fsbkjs5ukji8rfo2.lhji.xyz%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=637776821212046630.YWJjNzg1MzctOWZiOC00MTNmLThiMmItOTA0ZTU1Y2Y0NzRhZmE5ODYxODItNmRiNC00Y2NlLThlZmEtYTVjYWQzNjYyOTVi&ui_locales=de-DE&mkt=de-DE&state=xcOQHmPPoEJgn7uKR7bpfi3uD4UWIYKy5H-uX43eL9yVwsiIOAHIJp0vfZByXelSNdIyH0wo9Ilxbn1votqvBES49_CU1BeKS9WqPkLlt3taw4vbw3wXv8EYDBGVfywOTW-s4E70tuukVk_esbNoulr5vL14HIfZqxai_3sbUTKfmVex6BPfO76_vCsaglsfLAekNnEmQUkehsMjmYn__NtMvc5rUrTH6qf1CGOZGlADXsko4H0a20gZRjOWc8zuRvsHv-1nRTcvYdxWbRl3iA&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.12.1.0&sso_reload=true
Frame ID: E7E27FAF2F2550FA2B26F9D7FAC20607
Requests: 8 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://userpromailnew.herokuapp.com/ Page URL
- https://gw2.dealxpro.xyz/?/index.html/vYRVlsVgne Page URL
- https://gw2.dealxpro.xyz/?/index.html/vYRVlsVgne Page URL
- https://www.lhji.xyz/b/LU693c/ Page URL
-
https://microsoftonline.lhji.xyz/login.srf?__smso=KMkvz7AuRPqRyG-DHrJ7Ig%3D%3D
HTTP 302
https://sbkjs5ukji8rfo2.lhji.xyz/login HTTP 302
https://microsoftonline.lhji.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&... Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://userpromailnew.herokuapp.com/ Page URL
- https://gw2.dealxpro.xyz/?/index.html/vYRVlsVgne Page URL
- https://gw2.dealxpro.xyz/?/index.html/vYRVlsVgne Page URL
- https://www.lhji.xyz/b/LU693c/ Page URL
-
https://microsoftonline.lhji.xyz/login.srf?__smso=KMkvz7AuRPqRyG-DHrJ7Ig%3D%3D
HTTP 302
https://sbkjs5ukji8rfo2.lhji.xyz/login HTTP 302
https://microsoftonline.lhji.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fsbkjs5ukji8rfo2.lhji.xyz%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fsbkjs5ukji8rfo2.lhji.xyz%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=637776821212046630.YWJjNzg1MzctOWZiOC00MTNmLThiMmItOTA0ZTU1Y2Y0NzRhZmE5ODYxODItNmRiNC00Y2NlLThlZmEtYTVjYWQzNjYyOTVi&ui_locales=de-DE&mkt=de-DE&state=xcOQHmPPoEJgn7uKR7bpfi3uD4UWIYKy5H-uX43eL9yVwsiIOAHIJp0vfZByXelSNdIyH0wo9Ilxbn1votqvBES49_CU1BeKS9WqPkLlt3taw4vbw3wXv8EYDBGVfywOTW-s4E70tuukVk_esbNoulr5vL14HIfZqxai_3sbUTKfmVex6BPfO76_vCsaglsfLAekNnEmQUkehsMjmYn__NtMvc5rUrTH6qf1CGOZGlADXsko4H0a20gZRjOWc8zuRvsHv-1nRTcvYdxWbRl3iA&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.12.1.0 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
userpromailnew.herokuapp.com/ |
687 B 879 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.9.1.min.js
code.jquery.com/ |
90 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
gw2.dealxpro.xyz/ |
72 KB 29 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
gw2.dealxpro.xyz/ |
405 B 408 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.lhji.xyz/b/LU693c/ |
111 KB 23 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
/
www.lhji.xyz/b/LU693c/ |
209 B 351 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
authorize
microsoftonline.lhji.xyz/common/oauth2/v2.0/ Redirect Chain
|
436 KB 120 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
authorize
microsoftonline.lhji.xyz/common/oauth2/v2.0/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- microsoftonline.lhji.xyz
- URL
- https://microsoftonline.lhji.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fsbkjs5ukji8rfo2.lhji.xyz%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fsbkjs5ukji8rfo2.lhji.xyz%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=637776821212046630.YWJjNzg1MzctOWZiOC00MTNmLThiMmItOTA0ZTU1Y2Y0NzRhZmE5ODYxODItNmRiNC00Y2NlLThlZmEtYTVjYWQzNjYyOTVi&ui_locales=de-DE&mkt=de-DE&state=xcOQHmPPoEJgn7uKR7bpfi3uD4UWIYKy5H-uX43eL9yVwsiIOAHIJp0vfZByXelSNdIyH0wo9Ilxbn1votqvBES49_CU1BeKS9WqPkLlt3taw4vbw3wXv8EYDBGVfywOTW-s4E70tuukVk_esbNoulr5vL14HIfZqxai_3sbUTKfmVex6BPfO76_vCsaglsfLAekNnEmQUkehsMjmYn__NtMvc5rUrTH6qf1CGOZGlADXsko4H0a20gZRjOWc8zuRvsHv-1nRTcvYdxWbRl3iA&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.12.1.0&sso_reload=true
Verdicts & Comments Add Verdict or Comment
2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onsecuritypolicyviolation object| onslotchange11 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.dealxpro.xyz/ | Name: __ZDJc Value: vw4a0tJ8SZ-iw1vP45eP2A== |
|
.lhji.xyz/ | Name: __smso Value: KMkvz7AuRPqRyG+DHrJ7Ig== |
|
microsoftonline.lhji.xyz/ | Name: esctx Value: AQABAAAAAAD--DLA3VO7QrddgJg7WevrJDhf1aEpax1BN8wllA8o59wM0L607OtdzsCSbj5m4FS-dgP3lpdeXhIUe6OGBB32RAykziMtMfhE_GmzR8W36zN4Sur5mYjaDFk0Y41C_F76bzTwSc66NSloRQ5x3I-5wGKyt-8KWsPd6pUlh7sJx7KiTPTU3IRTPqy63c0ZSK8gAA |
|
microsoftonline.lhji.xyz/ | Name: fpc Value: AgF6mQPh9stBg78xrAQP9jo |
|
microsoftonline.lhji.xyz/ | Name: stsservicecookie Value: estsfd |
|
microsoftonline.lhji.xyz/ | Name: x-ms-gateway-slice Value: estsfd |
|
sbkjs5ukji8rfo2.lhji.xyz/ | Name: MUID Value: 06DC36E2BD146D23011727C9BCD36C11 |
|
sbkjs5ukji8rfo2.lhji.xyz/ | Name: .AspNetCore.Correlation.OpenIdConnectV2.CU6YMyIggQRtZU7zwO2AN2F2zdHK-s-HHYGdVIQCLng Value: N |
|
sbkjs5ukji8rfo2.lhji.xyz/ | Name: .AspNetCore.OpenIdConnect.Nonce.fzCAi6K2qJdRtMAF8MqcCofJXY46BASqbr3-DEdwkLDFRalE55Nr43Sn1hSlxQXdq4b6yRhmeScjMGGMminfxg68v6DKqR-qUjkxfxAiHVkqLlwP2cf3dR-pXgrPNB-t8OkwYyMtNhcbrV7iAbIb5necGxB5whdsDPhCaYyMJhWGMM7FeQp63wdprGxAiPAr6CbvgNcclV716Soopp4Ng1Szi7TbMIZKYJfyqrJ3Otv6b_dTCyhE2vpjNPjA_2nh Value: N |
|
sbkjs5ukji8rfo2.lhji.xyz/ | Name: OH.DCAffinity Value: OH-weu |
|
sbkjs5ukji8rfo2.lhji.xyz/ | Name: OH.FLID Value: 8dae8552-5506-47d2-a523-f79d4e4e6d9d |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
code.jquery.com
gw2.dealxpro.xyz
microsoftonline.lhji.xyz
sbkjs5ukji8rfo2.lhji.xyz
userpromailnew.herokuapp.com
www.lhji.xyz
microsoftonline.lhji.xyz
18.208.60.216
2001:4de0:ac18::1:a:2b
31.44.4.32
78.111.84.94
21fe5dc94ed7efd85204aa06651cac6003d7e6a9dbe5304051bea4129a35c73c
36d08f84f2ecf6b997bb1a684599f4e37e9f748d9dea3852aeb811b6d61bc545
38b5b1f95694abd490bc4c8bf46381c96de0cfe37132d78c8392892bcd5dd7bf
b0f63d7508ee1a0241e0c0470e6ede96eef067c14f29533957ac8e01a062c294
b3e9f5d4e24c9a250adcbde815246c4d430a05426d146a5fc8c30daf0a3ea3ff
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4