URL: http://stamp2.login.microsoftonline-int.com/login.srf
Submission: On May 16 via manual from US

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 10 HTTP transactions.
The main IP is 2a01:111:f406:1803::10, located in United Kingdom and belongs to MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US. The main domain is stamp2.login.microsoftonline-int.com.
This is the first time this domain was scanned on urlscan.io!
Phishing detected — Impersonating Office 365 (Online)

Domain & IP information

IP Address AS Autonomous System
2 2a01:111:f406... 8075 (MICROSOFT...)
8 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
10 2
Domain
Subdomains
Transfer
8 microsoftonline-p.com
280 KB
2 microsoftonline-int.com
7 KB
10 2
Domain Requested by
8 secure.aadcdn.microsoftonline-p.com stamp2.login.microsoftonline-int.com
2 stamp2.login.microsoftonline-int.com
10 2

This site contains links to these domains. Also see Links.

Domain
Subject / Issuer Validity Valid
login.microsoftonline-int.com
Microsoft IT TLS CA 2
2018-02-01 -
2020-02-01
2 years
secure.aadcdn.microsoftonline-p.com
Microsoft IT TLS CA 1
2017-08-15 -
2019-08-15
2 years

Screenshot


Detected technologies

Web
Overall confidence: 100%
Detected patterns
  • script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
  • script /jquery.*\.js/i
  • env /^jQuery$/i

Web
Overall confidence: 100%
Detected patterns
  • headers server /IIS(?:\/([\d.]+))?/i

Web
Overall confidence: 100%
Detected patterns
  • headers server /IIS(?:\/([\d.]+))?/i


Stats

0
Requests

0
Ad-blocked

0
Malicious

0 %
HTTPS

0 %
IPv6

0
Domains

0
Subdomains

0
IPs

0
Countries

0 kB
Transfer

0 kB
Size

0
Cookies

10 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Cookie set login.srf
557 B
1 KB
Document
General
Full URL
http://stamp2.login.microsoftonline-int.com/login.srf
Protocol
HTTP/1.1
Server
2a01:111:f406:1803::10 , United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

Host
stamp2.login.microsoftonline-int.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Cache-Control
no-cache
Pragma
no-cache
Transfer-Encoding
chunked
Content-Type
text/html; charset=utf-8
Content-Encoding
gzip
Expires
Thu, 16 May 2019 00:59:10 GMT
Vary
Accept-Encoding
Server
Microsoft-IIS/8.5
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
X-XSS-Protection
0
Strict-Transport-Security
max-age=31536000
Set-Cookie
orgid-request-id=0BCFC868-E91D-41FA-9D51-716C0FB839E9; expires=Thu, 16-May-2019 01:05:10 GMT;domain=login.microsoftonline-int.com;path=/;HTTPOnly= ;version=1 MSPRequ=lt=1557968410&co=1&id=N; path=/;version=1 MSPOK=$uuid-e7cde51c-0575-48e3-a01e-f61c7a122041; domain=login.microsoftonline-int.com;path=/;version=1
X-Frame-Options
deny
X-Content-Type-Options
nosniff
PPServer
PPV: 30 H: CH1INTIDOALGN11 V: 0
Date
Thu, 16 May 2019 01:00:10 GMT
Cookie set login.srf?bk=1557968410
21 KB
6 KB
Document
General
Full URL
https://stamp2.login.microsoftonline-int.com/login.srf?bk=1557968410
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
2a01:111:f406:1803::10 , United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
76e6ac109365cfdd071d31dec47185ed364380d26e80910927c1524b5f8d196e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

Host
stamp2.login.microsoftonline-int.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer
http://stamp2.login.microsoftonline-int.com/login.srf
Accept-Encoding
gzip, deflate, br
Cookie
orgid-request-id=0BCFC868-E91D-41FA-9D51-716C0FB839E9; MSPRequ=lt=1557968410&co=1&id=N; MSPOK=$uuid-e7cde51c-0575-48e3-a01e-f61c7a122041
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
http://stamp2.login.microsoftonline-int.com/login.srf

Response headers

Cache-Control
no-cache
Pragma
no-cache
Transfer-Encoding
chunked
Content-Type
text/html; charset=utf-8
Content-Encoding
gzip
Expires
Thu, 16 May 2019 00:59:10 GMT
Vary
Accept-Encoding
Server
Microsoft-IIS/8.5
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
X-XSS-Protection
0
Strict-Transport-Security
max-age=31536000
Set-Cookie
MSPRequ=lt=1557968410&id=N&co=2; path=/;version=1 MSPOK=$uuid-e7cde51c-0575-48e3-a01e-f61c7a122041$uuid-e12345b8-c52b-4a1c-8383-c272f142af5d; domain=login.microsoftonline-int.com;path=/;version=1
X-Frame-Options
deny
X-Content-Type-Options
nosniff
PPServer
PPV: 30 H: CH1INTIDOALGN11 V: 0
Date
Thu, 16 May 2019 01:00:10 GMT
login.ltr.css
secure.aadcdn.microsoftonline-p.com/aad/20.200.20150/css
27 KB
5 KB
Stylesheet
General
Full URL
https://secure.aadcdn.microsoftonline-p.com/aad/20.200.20150/css/login.ltr.css
Requested by
Host: stamp2.login.microsoftonline-int.com
URL: https://stamp2.login.microsoftonline-int.com/login.srf?bk=1557968410
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:283::35c1 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
f902d8b3484872d0bb6fdb71084823e6363905e3f0ebaeeafa6cb373acd28350
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://stamp2.login.microsoftonline-int.com/login.srf?bk=1557968410
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 16 May 2019 01:00:10 GMT
Content-Encoding
gzip
Last-Modified
Mon, 01 Jun 2015 21:51:32 GMT
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000
Content-Type
text/css
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
Cache-Control
public, max-age=387606
Connection
keep-alive
Content-Length
4712
jquery-1.11.2.min.js
secure.aadcdn.microsoftonline-p.com/aad/20.200.20150/js
94 KB
33 KB
Script
General
Full URL
https://secure.aadcdn.microsoftonline-p.com/aad/20.200.20150/js/jquery-1.11.2.min.js
Requested by
Host: stamp2.login.microsoftonline-int.com
URL: https://stamp2.login.microsoftonline-int.com/login.srf?bk=1557968410
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:283::35c1 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
a271a3f9e3cae897ced669d6652699e947928ef095e56384c4f9dd04bbb942ec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://stamp2.login.microsoftonline-int.com/login.srf?bk=1557968410
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 16 May 2019 01:00:10 GMT
Content-Encoding
gzip
Last-Modified
Mon, 01 Jun 2015 21:52:50 GMT
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
Cache-Control
public, max-age=387606
Connection
keep-alive
Content-Length
33332
Verified jquery-migrate-1.2.1.min.js
secure.aadcdn.microsoftonline-p.com/aad/20.200.20150/js
7 KB
3 KB
Script
General
Full URL
https://secure.aadcdn.microsoftonline-p.com/aad/20.200.20150/js/jquery-migrate-1.2.1.min.js
Requested by
Host: stamp2.login.microsoftonline-int.com
URL: https://stamp2.login.microsoftonline-int.com/login.srf?bk=1557968410
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:283::35c1 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
c4d24f6b27cc7ceea56fbec786bb1f486fdad9a1f998f760f76d1f44671e105c
Verified resource
jquery-migrate/1.2.1/jquery-migrate.min.js at cdnjs.com, project jquery-migrate
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://stamp2.login.microsoftonline-int.com/login.srf?bk=1557968410
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 16 May 2019 01:00:10 GMT
Content-Encoding
gzip
Last-Modified
Mon, 01 Jun 2015 21:52:50 GMT
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
Cache-Control
public, max-age=387606
Connection
keep-alive
Content-Length
3068
aad.login.js
secure.aadcdn.microsoftonline-p.com/aad/20.200.20150/js
126 KB
28 KB
Script
General
Full URL
https://secure.aadcdn.microsoftonline-p.com/aad/20.200.20150/js/aad.login.js
Requested by
Host: stamp2.login.microsoftonline-int.com
URL: https://stamp2.login.microsoftonline-int.com/login.srf?bk=1557968410
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:283::35c1 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
0764cd74693cbf231ec1841cea80d3308cb39892dacdf906044ad6c0622cada2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://stamp2.login.microsoftonline-int.com/login.srf?bk=1557968410
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 16 May 2019 01:00:10 GMT
Content-Encoding
gzip
Last-Modified
Mon, 01 Jun 2015 21:52:49 GMT
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
Cache-Control
public, max-age=387606
Connection
keep-alive
Content-Length
28486
jquery.easing.1.3.js
secure.aadcdn.microsoftonline-p.com/aad/20.200.20150/js
9 KB
3 KB
Script
General
Full URL
https://secure.aadcdn.microsoftonline-p.com/aad/20.200.20150/js/jquery.easing.1.3.js
Requested by
Host: stamp2.login.microsoftonline-int.com
URL: https://stamp2.login.microsoftonline-int.com/login.srf?bk=1557968410
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:283::35c1 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
e9f76a23a17184eec1ee54b5fa9d25ae90439b9f8edf31391ee19332010fb698
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://stamp2.login.microsoftonline-int.com/login.srf?bk=1557968410
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 16 May 2019 01:00:10 GMT
Content-Encoding
gzip
Last-Modified
Mon, 01 Jun 2015 21:52:50 GMT
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
Cache-Control
public, max-age=387606
Connection
keep-alive
Content-Length
2264
AD_Glyph_Footer_30x30.png
secure.aadcdn.microsoftonline-p.com/aad/20.200.20150/images
4 KB
4 KB
Image
General
Full URL
https://secure.aadcdn.microsoftonline-p.com/aad/20.200.20150/images/AD_Glyph_Footer_30x30.png
Requested by
Host: stamp2.login.microsoftonline-int.com
URL: https://stamp2.login.microsoftonline-int.com/login.srf?bk=1557968410
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:283::35c1 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
b3c4fd39a0c96930c595c60d3bd41ed0fb032380017fb367db5e7c4c9cf0bf52
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://stamp2.login.microsoftonline-int.com/login.srf?bk=1557968410
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 16 May 2019 01:00:10 GMT
Last-Modified
Mon, 01 Jun 2015 21:52:29 GMT
Strict-Transport-Security
max-age=31536000
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
Cache-Control
public, max-age=387606
Connection
keep-alive
Content-Length
3863
logo.png
secure.aadcdn.microsoftonline-p.com/aadbranding/1.0.1/aadlogin/Office365
4 KB
5 KB
Image
General
Full URL
https://secure.aadcdn.microsoftonline-p.com/aadbranding/1.0.1/aadlogin/Office365/logo.png
Requested by
Host: stamp2.login.microsoftonline-int.com
URL: https://stamp2.login.microsoftonline-int.com/login.srf?bk=1557968410
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:283::35c1 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
fc5c3d7d2b298a42ec44dad2d8cd227b734db966b4afa68c0254a497e805f603
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://stamp2.login.microsoftonline-int.com/login.srf?bk=1557968410
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 16 May 2019 01:00:10 GMT
Last-Modified
Fri, 23 Aug 2013 05:49:53 GMT
Strict-Transport-Security
max-age=31536000
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
Cache-Control
public, max-age=387109
Connection
keep-alive
Content-Length
4585
illustration.jpg
secure.aadcdn.microsoftonline-p.com/aadbranding/1.0.1/aadlogin/Office365
199 KB
199 KB
Image
General
Full URL
https://secure.aadcdn.microsoftonline-p.com/aadbranding/1.0.1/aadlogin/Office365/illustration.jpg
Requested by
Host: stamp2.login.microsoftonline-int.com
URL: https://stamp2.login.microsoftonline-int.com/login.srf?bk=1557968410
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:283::35c1 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
7e50e406688bd898803f653058d14ca384734cb9b39ba900bc5e2734b59c073b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://stamp2.login.microsoftonline-int.com/login.srf?bk=1557968410
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 16 May 2019 01:00:10 GMT
Last-Modified
Fri, 23 Aug 2013 05:49:52 GMT
Strict-Transport-Security
max-age=31536000
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
Cache-Control
public, max-age=147551
Connection
keep-alive
Content-Length
203294

Redirect requests

There were HTTP redirects (301, 302) for the following requests:

40 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask undefined| msViewportStyle function| $ function| jQuery object| ErrorCodes object| Constants object| Context object| Background object| Logo object| Instrument object| User object| tenant_info function| pageOnReady object| Util object| PostType object| LoginOption object| Post function| origHide function| origShow function| origAddClass function| origRemoveClass object| Support object| users object| Tiles object| HIP object| EmailDiscovery object| ProofUp object| StrongAuthCheck object| ThirdPartyCookieStates object| TenantBranding object| MSLogin object| jQuery111206703814743759826 object| HIP_MODE object| MSStrongAuth object| MSLogout object| body string| alt_logo_image string| alt_background_image

3 Cookies

Domain/Path Name / Value
.login.microsoftonline-int.com/ Name: MSPOK
Value: $uuid-e7cde51c-0575-48e3-a01e-f61c7a122041$uuid-e12345b8-c52b-4a1c-8383-c272f142af5d
stamp2.login.microsoftonline-int.com/ Name: MSPRequ
Value: lt=1557968410&id=N&co=2
.login.microsoftonline-int.com/ Name: orgid-request-id
Value: 0BCFC868-E91D-41FA-9D51-716C0FB839E9

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0