stamp2.login.microsoftonline-int.com Open in urlscan Pro
2a01:111:f406:1803::10  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. http://stamp2.login.microsoftonline-int.com/login.srf Page URL
2. https://stamp2.login.microsoftonline-int.com/login.srf?bk=1557968410 Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Cookie set login.srf stamp2.login.microsoftonline-int.com/	557 B 1 KB	250ms 128ms	Document text/html	2a01:111:f406:1803::10 Microsoft Corpora...
General Check archive.org Show headers Download Go to Full URL http://stamp2.login.microsoftonline-int.com/login.srf Protocol HTTP/1.1 Server 2a01:111:f406:1803::10 , United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US), Reverse DNS Software Microsoft-IIS/8.5 / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers Host stamp2.login.microsoftonline-int.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Cache-Control no-cache Pragma no-cache Transfer-Encoding chunked Content-Type text/html; charset=utf-8 Content-Encoding gzip Expires Thu, 16 May 2019 00:59:10 GMT Vary Accept-Encoding Server Microsoft-IIS/8.5 P3P CP="DSP CUR OTPi IND OTRi ONL FIN" X-XSS-Protection 0 Strict-Transport-Security max-age=31536000 Set-Cookie orgid-request-id=0BCFC868-E91D-41FA-9D51-716C0FB839E9; expires=Thu, 16-May-2019 01:05:10 GMT;domain=login.microsoftonline-int.com;path=/;HTTPOnly= ;version=1 MSPRequ=lt=1557968410&co=1&id=N; path=/;version=1 MSPOK=$uuid-e7cde51c-0575-48e3-a01e-f61c7a122041; domain=login.microsoftonline-int.com;path=/;version=1 X-Frame-Options deny X-Content-Type-Options nosniff PPServer PPV: 30 H: CH1INTIDOALGN11 V: 0 Date Thu, 16 May 2019 01:00:10 GMT
GET H/1.1	200 OK	Primary Request Cookie set login.srf Show response stamp2.login.microsoftonline-int.com/	21 KB 6 KB	622ms 125ms	Document text/html	2a01:111:f406:1803::10 Microsoft Corpora...
General Check archive.org Show headers Download Go to Full URL https://stamp2.login.microsoftonline-int.com/login.srf?bk=1557968410 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 2a01:111:f406:1803::10 , United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US), Reverse DNS Software Microsoft-IIS/8.5 / Resource Hash 76e6ac109365cfdd071d31dec47185ed364380d26e80910927c1524b5f8d196e Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers Host stamp2.login.microsoftonline-int.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 Referer http://stamp2.login.microsoftonline-int.com/login.srf Accept-Encoding gzip, deflate, br Cookie orgid-request-id=0BCFC868-E91D-41FA-9D51-716C0FB839E9; MSPRequ=lt=1557968410&co=1&id=N; MSPOK=$uuid-e7cde51c-0575-48e3-a01e-f61c7a122041 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer http://stamp2.login.microsoftonline-int.com/login.srf Response headers Cache-Control no-cache Pragma no-cache Transfer-Encoding chunked Content-Type text/html; charset=utf-8 Content-Encoding gzip Expires Thu, 16 May 2019 00:59:10 GMT Vary Accept-Encoding Server Microsoft-IIS/8.5 P3P CP="DSP CUR OTPi IND OTRi ONL FIN" X-XSS-Protection 0 Strict-Transport-Security max-age=31536000 Set-Cookie MSPRequ=lt=1557968410&id=N&co=2; path=/;version=1 MSPOK=$uuid-e7cde51c-0575-48e3-a01e-f61c7a122041$uuid-e12345b8-c52b-4a1c-8383-c272f142af5d; domain=login.microsoftonline-int.com;path=/;version=1 X-Frame-Options deny X-Content-Type-Options nosniff PPServer PPV: 30 H: CH1INTIDOALGN11 V: 0 Date Thu, 16 May 2019 01:00:10 GMT
GET H/1.1	200 OK	login.ltr.css secure.aadcdn.microsoftonline-p.com/aad/20.200.20150/css/	27 KB 5 KB	64ms 6ms	Stylesheet text/css	2a02:26f0:6c00:283::35c1 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://secure.aadcdn.microsoftonline-p.com/aad/20.200.20150/css/login.ltr.css Requested by Host: stamp2.login.microsoftonline-int.com URL: https://stamp2.login.microsoftonline-int.com/login.srf?bk=1557968410 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:6c00:283::35c1 , Ascension Island, ASN20940 (AKAMAI-ASN1, US), Reverse DNS Software / Resource Hash f902d8b3484872d0bb6fdb71084823e6363905e3f0ebaeeafa6cb373acd28350 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer https://stamp2.login.microsoftonline-int.com/login.srf?bk=1557968410 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 16 May 2019 01:00:10 GMT Content-Encoding gzip Last-Modified Mon, 01 Jun 2015 21:51:32 GMT Vary Accept-Encoding Strict-Transport-Security max-age=31536000 Content-Type text/css Access-Control-Allow-Origin * Access-Control-Expose-Headers x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type Cache-Control public, max-age=387606 Connection keep-alive Content-Length 4712
GET H/1.1	200 OK	jquery-1.11.2.min.js Show response secure.aadcdn.microsoftonline-p.com/aad/20.200.20150/js/	94 KB 33 KB	66ms 7ms	Script application/x-javascript	2a02:26f0:6c00:283::35c1 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://secure.aadcdn.microsoftonline-p.com/aad/20.200.20150/js/jquery-1.11.2.min.js Requested by Host: stamp2.login.microsoftonline-int.com URL: https://stamp2.login.microsoftonline-int.com/login.srf?bk=1557968410 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:6c00:283::35c1 , Ascension Island, ASN20940 (AKAMAI-ASN1, US), Reverse DNS Software / Resource Hash a271a3f9e3cae897ced669d6652699e947928ef095e56384c4f9dd04bbb942ec Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer https://stamp2.login.microsoftonline-int.com/login.srf?bk=1557968410 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 16 May 2019 01:00:10 GMT Content-Encoding gzip Last-Modified Mon, 01 Jun 2015 21:52:50 GMT Vary Accept-Encoding Strict-Transport-Security max-age=31536000 Content-Type application/x-javascript Access-Control-Allow-Origin * Access-Control-Expose-Headers x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type Cache-Control public, max-age=387606 Connection keep-alive Content-Length 33332
GET H/1.1	200 OK	jquery-migrate-1.2.1.min.js Show response secure.aadcdn.microsoftonline-p.com/aad/20.200.20150/js/	7 KB 3 KB	64ms 6ms	Script application/x-javascript	2a02:26f0:6c00:283::35c1 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://secure.aadcdn.microsoftonline-p.com/aad/20.200.20150/js/jquery-migrate-1.2.1.min.js Requested by Host: stamp2.login.microsoftonline-int.com URL: https://stamp2.login.microsoftonline-int.com/login.srf?bk=1557968410 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:6c00:283::35c1 , Ascension Island, ASN20940 (AKAMAI-ASN1, US), Reverse DNS Software / Resource Hash c4d24f6b27cc7ceea56fbec786bb1f486fdad9a1f998f760f76d1f44671e105c Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer https://stamp2.login.microsoftonline-int.com/login.srf?bk=1557968410 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 16 May 2019 01:00:10 GMT Content-Encoding gzip Last-Modified Mon, 01 Jun 2015 21:52:50 GMT Vary Accept-Encoding Strict-Transport-Security max-age=31536000 Content-Type application/x-javascript Access-Control-Allow-Origin * Access-Control-Expose-Headers x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type Cache-Control public, max-age=387606 Connection keep-alive Content-Length 3068
GET H/1.1	200 OK	aad.login.js Show response secure.aadcdn.microsoftonline-p.com/aad/20.200.20150/js/	126 KB 28 KB	65ms 7ms	Script application/x-javascript	2a02:26f0:6c00:283::35c1 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://secure.aadcdn.microsoftonline-p.com/aad/20.200.20150/js/aad.login.js Requested by Host: stamp2.login.microsoftonline-int.com URL: https://stamp2.login.microsoftonline-int.com/login.srf?bk=1557968410 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:6c00:283::35c1 , Ascension Island, ASN20940 (AKAMAI-ASN1, US), Reverse DNS Software / Resource Hash 0764cd74693cbf231ec1841cea80d3308cb39892dacdf906044ad6c0622cada2 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer https://stamp2.login.microsoftonline-int.com/login.srf?bk=1557968410 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 16 May 2019 01:00:10 GMT Content-Encoding gzip Last-Modified Mon, 01 Jun 2015 21:52:49 GMT Vary Accept-Encoding Strict-Transport-Security max-age=31536000 Content-Type application/x-javascript Access-Control-Allow-Origin * Access-Control-Expose-Headers x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type Cache-Control public, max-age=387606 Connection keep-alive Content-Length 28486
GET H/1.1	200 OK	jquery.easing.1.3.js Show response secure.aadcdn.microsoftonline-p.com/aad/20.200.20150/js/	9 KB 3 KB	65ms 7ms	Script application/x-javascript	2a02:26f0:6c00:283::35c1 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://secure.aadcdn.microsoftonline-p.com/aad/20.200.20150/js/jquery.easing.1.3.js Requested by Host: stamp2.login.microsoftonline-int.com URL: https://stamp2.login.microsoftonline-int.com/login.srf?bk=1557968410 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:6c00:283::35c1 , Ascension Island, ASN20940 (AKAMAI-ASN1, US), Reverse DNS Software / Resource Hash e9f76a23a17184eec1ee54b5fa9d25ae90439b9f8edf31391ee19332010fb698 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer https://stamp2.login.microsoftonline-int.com/login.srf?bk=1557968410 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 16 May 2019 01:00:10 GMT Content-Encoding gzip Last-Modified Mon, 01 Jun 2015 21:52:50 GMT Vary Accept-Encoding Strict-Transport-Security max-age=31536000 Content-Type application/x-javascript Access-Control-Allow-Origin * Access-Control-Expose-Headers x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type Cache-Control public, max-age=387606 Connection keep-alive Content-Length 2264
GET H/1.1	200 OK	AD_Glyph_Footer_30x30.png secure.aadcdn.microsoftonline-p.com/aad/20.200.20150/images/	4 KB 4 KB	64ms 6ms	Image image/png	2a02:26f0:6c00:283::35c1 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://secure.aadcdn.microsoftonline-p.com/aad/20.200.20150/images/AD_Glyph_Footer_30x30.png Requested by Host: stamp2.login.microsoftonline-int.com URL: https://stamp2.login.microsoftonline-int.com/login.srf?bk=1557968410 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:6c00:283::35c1 , Ascension Island, ASN20940 (AKAMAI-ASN1, US), Reverse DNS Software / Resource Hash b3c4fd39a0c96930c595c60d3bd41ed0fb032380017fb367db5e7c4c9cf0bf52 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer https://stamp2.login.microsoftonline-int.com/login.srf?bk=1557968410 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 16 May 2019 01:00:10 GMT Last-Modified Mon, 01 Jun 2015 21:52:29 GMT Strict-Transport-Security max-age=31536000 Content-Type image/png Access-Control-Allow-Origin * Access-Control-Expose-Headers x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type Cache-Control public, max-age=387606 Connection keep-alive Content-Length 3863
GET H/1.1	200 OK	logo.png secure.aadcdn.microsoftonline-p.com/aadbranding/1.0.1/aadlogin/Office365/	4 KB 5 KB	6ms 6ms	Image image/png	2a02:26f0:6c00:283::35c1 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://secure.aadcdn.microsoftonline-p.com/aadbranding/1.0.1/aadlogin/Office365/logo.png Requested by Host: stamp2.login.microsoftonline-int.com URL: https://stamp2.login.microsoftonline-int.com/login.srf?bk=1557968410 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:6c00:283::35c1 , Ascension Island, ASN20940 (AKAMAI-ASN1, US), Reverse DNS Software / Resource Hash fc5c3d7d2b298a42ec44dad2d8cd227b734db966b4afa68c0254a497e805f603 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer https://stamp2.login.microsoftonline-int.com/login.srf?bk=1557968410 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 16 May 2019 01:00:10 GMT Last-Modified Fri, 23 Aug 2013 05:49:53 GMT Strict-Transport-Security max-age=31536000 Content-Type image/png Access-Control-Allow-Origin * Access-Control-Expose-Headers x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type Cache-Control public, max-age=387109 Connection keep-alive Content-Length 4585
GET H/1.1	200 OK	illustration.jpg secure.aadcdn.microsoftonline-p.com/aadbranding/1.0.1/aadlogin/Office365/	199 KB 199 KB	7ms 7ms	Image image/jpeg	2a02:26f0:6c00:283::35c1 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://secure.aadcdn.microsoftonline-p.com/aadbranding/1.0.1/aadlogin/Office365/illustration.jpg Requested by Host: stamp2.login.microsoftonline-int.com URL: https://stamp2.login.microsoftonline-int.com/login.srf?bk=1557968410 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:6c00:283::35c1 , Ascension Island, ASN20940 (AKAMAI-ASN1, US), Reverse DNS Software / Resource Hash 7e50e406688bd898803f653058d14ca384734cb9b39ba900bc5e2734b59c073b Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer https://stamp2.login.microsoftonline-int.com/login.srf?bk=1557968410 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 16 May 2019 01:00:10 GMT Last-Modified Fri, 23 Aug 2013 05:49:52 GMT Strict-Transport-Security max-age=31536000 Content-Type image/jpeg Access-Control-Allow-Origin * Access-Control-Expose-Headers x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type Cache-Control public, max-age=147551 Connection keep-alive Content-Length 203294

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Office 365 (Online)

40 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask undefined| msViewportStyle function| $ function| jQuery object| ErrorCodes object| Constants object| Context object| Background object| Logo object| Instrument object| User object| tenant_info function| pageOnReady object| Util object| PostType object| LoginOption object| Post function| origHide function| origShow function| origAddClass function| origRemoveClass object| Support object| users object| Tiles object| HIP object| EmailDiscovery object| ProofUp object| StrongAuthCheck object| ThirdPartyCookieStates object| TenantBranding object| MSLogin object| jQuery111206703814743759826 object| HIP_MODE object| MSStrongAuth object| MSLogout object| body string| alt_logo_image string| alt_background_image

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.login.microsoftonline-int.com/	1969-12-31 23:59:59	Name: MSPOK Value: $uuid-e7cde51c-0575-48e3-a01e-f61c7a122041$uuid-e12345b8-c52b-4a1c-8383-c272f142af5d
			stamp2.login.microsoftonline-int.com/	1969-12-31 23:59:59	Name: MSPRequ Value: lt=1557968410&id=N&co=2
			.login.microsoftonline-int.com/	1970-01-19 00:46:08	Name: orgid-request-id Value: 0BCFC868-E91D-41FA-9D51-716C0FB839E9

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

secure.aadcdn.microsoftonline-p.com
stamp2.login.microsoftonline-int.com
2a01:111:f406:1803::10
2a02:26f0:6c00:283::35c1
0764cd74693cbf231ec1841cea80d3308cb39892dacdf906044ad6c0622cada2
76e6ac109365cfdd071d31dec47185ed364380d26e80910927c1524b5f8d196e
7e50e406688bd898803f653058d14ca384734cb9b39ba900bc5e2734b59c073b
a271a3f9e3cae897ced669d6652699e947928ef095e56384c4f9dd04bbb942ec
b3c4fd39a0c96930c595c60d3bd41ed0fb032380017fb367db5e7c4c9cf0bf52
c4d24f6b27cc7ceea56fbec786bb1f486fdad9a1f998f760f76d1f44671e105c
e9f76a23a17184eec1ee54b5fa9d25ae90439b9f8edf31391ee19332010fb698
f902d8b3484872d0bb6fdb71084823e6363905e3f0ebaeeafa6cb373acd28350
fc5c3d7d2b298a42ec44dad2d8cd227b734db966b4afa68c0254a497e805f603