login.microsoftonline.us
Open in
urlscan Pro
20.140.232.133
Public Scan
Effective URL: https://login.microsoftonline.us/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%...
Submission: On February 02 via automatic, source openphish — Scanned from US
Summary
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on January 11th 2022. Valid for: a year.
This is the only time login.microsoftonline.us was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 13.72.27.219 13.72.27.219 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
3 | 23.55.243.84 23.55.243.84 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
2 4 | 40.66.16.2 40.66.16.2 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
15 | 20.140.56.68 20.140.56.68 | 8070 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 20.140.95.0 20.140.95.0 | 8070 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 20.140.232.133 20.140.232.133 | () () | |
25 | 7 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
outlook.office365.us.mcas-gov.us |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-55-243-84.deploy.static.akamaitechnologies.com
mcasproxy.azureedge.net |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
outlook.office365.us |
ASN8070 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
res-gcch.cdn.office.net |
ASN8070 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
tb.pipe.aria.microsoft.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
office.net
res-gcch.cdn.office.net — Cisco Umbrella Rank: 180322 |
310 KB |
4 |
office365.us
2 redirects
outlook.office365.us — Cisco Umbrella Rank: 15481 |
140 KB |
3 |
azureedge.net
mcasproxy.azureedge.net — Cisco Umbrella Rank: 70880 |
44 KB |
1 |
microsoftonline.us
login.microsoftonline.us |
54 KB |
1 |
microsoft.com
tb.pipe.aria.microsoft.com — Cisco Umbrella Rank: 17314 |
406 B |
1 |
mcas-gov.us
outlook.office365.us.mcas-gov.us |
948 B |
25 | 6 |
Domain | Requested by | |
---|---|---|
15 | res-gcch.cdn.office.net |
outlook.office365.us
|
4 | outlook.office365.us |
2 redirects
outlook.office365.us
|
3 | mcasproxy.azureedge.net |
outlook.office365.us.mcas-gov.us
mcasproxy.azureedge.net |
1 | login.microsoftonline.us |
outlook.office365.us
login.microsoftonline.us |
1 | tb.pipe.aria.microsoft.com |
outlook.office365.us
|
1 | outlook.office365.us.mcas-gov.us | |
25 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.mcas-gov.us DigiCert SHA2 Secure Server CA |
2021-05-24 - 2022-05-24 |
a year | crt.sh |
*.azureedge.net Microsoft RSA TLS CA 01 |
2021-10-28 - 2022-10-28 |
a year | crt.sh |
office365.us DigiCert Cloud Services CA-1 |
2021-11-01 - 2022-10-31 |
a year | crt.sh |
res-gcch.cdn.office.net DigiCert SHA2 Secure Server CA |
2021-10-25 - 2022-10-25 |
a year | crt.sh |
*.pipe.aria.microsoft.com Microsoft Azure TLS Issuing CA 02 |
2021-12-13 - 2022-12-08 |
a year | crt.sh |
login.microsoftonline.us DigiCert SHA2 Secure Server CA |
2022-01-11 - 2023-01-11 |
a year | crt.sh |
This page contains 2 frames:
Frame:
https://login.microsoftonline.us/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.us%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&msaredir=0&client-request-id=77b5f2c7-e78e-8ec0-d8f7-32697f90a053&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=637793605617774903.b788573f-fd31-4c54-8ba1-4336304d75ae&state=DYvRboMgAEV1-5e9uaKIyEOzpIvMGLUpA3S-odhlU6tRMtNv28-Vh3PvyU2u6zjOs-XJ4gIbDo4gxgRGAEU-xjgkAL62OI4RhlfvqqHvhR0KvbhV1iCMIAg1Rqp37fffPcy7OrxtRpn-6L-svf5Z-87w-ahSBrq0iPI7-dM129qArPlEpmYafxteBOUn8rs7MV_VuOWwHNsbW_SHNHZbmndyuki6XoSmBSBJVY_nVoidUzYoudSyZmdGs5nfhr1MfMO4LGSSLRXPaC-QEbVuigGtfNInIWiuUrnJCeyZEPeMf9tOgnx_AA&sso_reload=true
Frame ID: 1E1826114DFA5F66BA7D7B03B01604DF
Requests: 23 HTTP requests in this frame
Frame:
https://mcasproxy.azureedge.net/proxyweb/1.9.17/html/session-context-restore.html?action=store&contextData=https%3A%2F%2Foutlook.office365.us%2Fmail%2Fsentitems%2Fid%2FAAQkAGE3ODYyNmE0LTdiZWUtNDRhNy04MmE5LTBiY2EyNmQwY2NkNgAQAKhulVm0%25E2%2580%25A6
Frame ID: 45A7DC1A3A5090C2AC48E07F28838B42
Requests: 2 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://outlook.office365.us.mcas-gov.us/mail/sentitems/id/AAQkAGE3ODYyNmE0LTdiZWUtNDRhNy04MmE5LTBiY2EyNmQwY2NkNgAQAK... Page URL
- https://outlook.office365.us/mail/sentitems/id/AAQkAGE3ODYyNmE0LTdiZWUtNDRhNy04MmE5LTBiY2EyNmQwY2NkNgAQAK... Page URL
-
https://outlook.office365.us/mail/sentitems/id/AAQkAGE3ODYyNmE0LTdiZWUtNDRhNy04MmE5LTBiY2EyNmQwY2NkNgAQAK...
HTTP 302
https://outlook.office365.us/owa/?state=1&redirectTo=aHR0cHM6Ly9vdXRsb29rLm9mZmljZTM2NS51cy9tYWlsL3NlbnRp... HTTP 302
https://login.microsoftonline.us/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redir... Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://outlook.office365.us.mcas-gov.us/mail/sentitems/id/AAQkAGE3ODYyNmE0LTdiZWUtNDRhNy04MmE5LTBiY2EyNmQwY2NkNgAQAKhulVm0%E2%80%A6 Page URL
- https://outlook.office365.us/mail/sentitems/id/AAQkAGE3ODYyNmE0LTdiZWUtNDRhNy04MmE5LTBiY2EyNmQwY2NkNgAQAKhulVm0%E2%80%A6 Page URL
-
https://outlook.office365.us/mail/sentitems/id/AAQkAGE3ODYyNmE0LTdiZWUtNDRhNy04MmE5LTBiY2EyNmQwY2NkNgAQAKhulVm0%E2%80%A6/?authRedirect=true&state=0
HTTP 302
https://outlook.office365.us/owa/?state=1&redirectTo=aHR0cHM6Ly9vdXRsb29rLm9mZmljZTM2NS51cy9tYWlsL3NlbnRpdGVtcy9pZC9BQVFrQUdFM09EWXlObUUwTFRkaVpXVXRORFJoTnkwNE1tRTVMVEJpWTJFeU5tUXdZMk5rTmdBUUFLaHVsVm0wJUUyJTgwJUE2Lw HTTP 302
https://login.microsoftonline.us/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.us%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&msaredir=0&client-request-id=77b5f2c7-e78e-8ec0-d8f7-32697f90a053&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=637793605617774903.b788573f-fd31-4c54-8ba1-4336304d75ae&state=DYvRboMgAEV1-5e9uaKIyEOzpIvMGLUpA3S-odhlU6tRMtNv28-Vh3PvyU2u6zjOs-XJ4gIbDo4gxgRGAEU-xjgkAL62OI4RhlfvqqHvhR0KvbhV1iCMIAg1Rqp37fffPcy7OrxtRpn-6L-svf5Z-87w-ahSBrq0iPI7-dM129qArPlEpmYafxteBOUn8rs7MV_VuOWwHNsbW_SHNHZbmndyuki6XoSmBSBJVY_nVoidUzYoudSyZmdGs5nfhr1MfMO4LGSSLRXPaC-QEbVuigGtfNInIWiuUrnJCeyZEPeMf9tOgnx_AA Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
25 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
AAQkAGE3ODYyNmE0LTdiZWUtNDRhNy04MmE5LTBiY2EyNmQwY2NkNgAQAKhulVm0%E2%80%A6
outlook.office365.us.mcas-gov.us/mail/sentitems/id/ |
1 KB 948 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
session-context-store-helper.min.js
mcasproxy.azureedge.net/proxyweb/1.9.17/js/ |
5 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
session-context-restore.html
mcasproxy.azureedge.net/proxyweb/1.9.17/html/ Frame 45A7 |
281 B 730 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
session-context-restore.min.js
mcasproxy.azureedge.net/proxyweb/1.9.17/js/ Frame 45A7 |
37 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
AAQkAGE3ODYyNmE0LTdiZWUtNDRhNy04MmE5LTBiY2EyNmQwY2NkNgAQAKhulVm0%E2%80%A6
outlook.office365.us/mail/sentitems/id/ |
270 KB 133 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
owa.5.js
res-gcch.cdn.office.net/owamail/20220103004.14/scripts/ |
57 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
owa.8.js
res-gcch.cdn.office.net/owamail/20220103004.14/scripts/ |
39 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
owa.9.js
res-gcch.cdn.office.net/owamail/20220103004.14/scripts/ |
125 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
owa.12.js
res-gcch.cdn.office.net/owamail/20220103004.14/scripts/ |
8 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
owa.SharedBoot.js
res-gcch.cdn.office.net/owamail/20220103004.14/scripts/ |
749 KB 201 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
owa.1.js
res-gcch.cdn.office.net/owamail/20220103004.14/scripts/ |
74 KB 19 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
owa.2.js
res-gcch.cdn.office.net/owamail/20220103004.14/scripts/ |
18 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
owa.3.js
res-gcch.cdn.office.net/owamail/20220103004.14/scripts/ |
25 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
owa.4.js
res-gcch.cdn.office.net/owamail/20220103004.14/scripts/ |
12 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
owa.MailBoot.js
res-gcch.cdn.office.net/owamail/20220103004.14/scripts/ |
1 MB 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
owa.vendors~OfflineResolvers~ResolversWeb.js
res-gcch.cdn.office.net/owamail/20220103004.14/scripts/ |
16 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
owa.ResolversWeb.js
res-gcch.cdn.office.net/owamail/20220103004.14/scripts/ |
21 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
owa.LocalStateResolvers.js
res-gcch.cdn.office.net/owamail/20220103004.14/scripts/ |
313 B 508 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
owa.287.js
res-gcch.cdn.office.net/owamail/20220103004.14/scripts/ |
529 KB 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
owa.LegacyAppBar.js
res-gcch.cdn.office.net/owamail/20220103004.14/scripts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
startupdata.ashx
outlook.office365.us/owa/ |
0 0 |
Fetch
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics-ping.js
res-gcch.cdn.office.net/owamail/20220103004.14/resources/ |
34 B 228 B |
Fetch
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
/
tb.pipe.aria.microsoft.com/Collector/3.0/ |
0 406 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
authorize
login.microsoftonline.us/common/oauth2/ Redirect Chain
|
149 KB 54 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
authorize
login.microsoftonline.us/common/oauth2/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- res-gcch.cdn.office.net
- URL
- https://res-gcch.cdn.office.net/owamail/20220103004.14/scripts/owa.LegacyAppBar.js
- Domain
- login.microsoftonline.us
- URL
- https://login.microsoftonline.us/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.us%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&msaredir=0&client-request-id=77b5f2c7-e78e-8ec0-d8f7-32697f90a053&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=637793605617774903.b788573f-fd31-4c54-8ba1-4336304d75ae&state=DYvRboMgAEV1-5e9uaKIyEOzpIvMGLUpA3S-odhlU6tRMtNv28-Vh3PvyU2u6zjOs-XJ4gIbDo4gxgRGAEU-xjgkAL62OI4RhlfvqqHvhR0KvbhV1iCMIAg1Rqp37fffPcy7OrxtRpn-6L-svf5Z-87w-ahSBrq0iPI7-dM129qArPlEpmYafxteBOUn8rs7MV_VuOWwHNsbW_SHNHZbmndyuki6XoSmBSBJVY_nVoidUzYoudSyZmdGs5nfhr1MfMO4LGSSLRXPaC-QEbVuigGtfNInIWiuUrnJCeyZEPeMf9tOgnx_AA&sso_reload=true
Verdicts & Comments Add Verdict or Comment
0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
outlook.office365.us/ | Name: ClientId Value: 336F86257B50474C93B915F9206ADD6F |
|
outlook.office365.us/ | Name: OIDC Value: 1 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
login.microsoftonline.us
mcasproxy.azureedge.net
outlook.office365.us
outlook.office365.us.mcas-gov.us
res-gcch.cdn.office.net
tb.pipe.aria.microsoft.com
login.microsoftonline.us
res-gcch.cdn.office.net
13.72.27.219
20.140.232.133
20.140.56.68
20.140.95.0
23.55.243.84
40.66.16.2
01fe5156109bd8c681f1bfbff02ecc9b24570768d8aa0be0d1ba79b4ed168f59
12e39ef1da89a847314d4724f52999b5ac04f4a7593cb92fda6f7b0863018904
22dbb7c5ab305632b0f67de1adc5923064ba1b944adb4e86a4efacce77ebb0ca
2bbd16574d6cbf36b22e285ad2143ead41c067c68cfe34e83540f5c9b19489b9
4482c1b4a9538430490c1ccfef0ea7417fdd6b5e1dde22e18add0d37b904806c
5400a3f2d8ddedc8f1208719b54b5aae8a5e48ca3e21ab5a888322552e36eb25
82b693071821973c972f160995ddfed1ddc35d6cbef6a03bc757cf534ed735c1
8e1c02d48009a6c12ab87597e00bc2bf4fbe33fe97d748ae1e9f9b03ba06d488
90bd08957ca89f4c5bc791de68529fe8c6f1896cc6b2f483a78f7837d3b1d47a
9836d645c58fb22221b9f587bc8e85716cda0f38bb5d467e9f2bdee3fed51549
98fce231adea179dfb0df568f5e103f77c2ba8b0ed31d608a58cbb8cf751d83d
d185159b6a77cd02ed536f44197af7913ecfd6fd264b113eac65fce9a97482f5
d593eab937ae208334c866b7afc56b0703787c857dae8bb562aefbbd3ca15ee6
e288c06b73b02257bc1913098b6f5fae11fcaa593ce63ab8b876ab213c2a6d1d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef6b116f5d682673f7e8ebbfa0027176ccb482caea43b4077cc34f0748d7bc4b