stamp2.login.microsoftonline-int.com
Open in
urlscan Pro
2a01:111:f406:1803::10
Malicious Activity!
Public Scan
Effective URL: https://stamp2.login.microsoftonline-int.com/login.srf?bk=1557968410
Submission: On May 16 via manual from US
Summary
TLS certificate: Issued by Microsoft IT TLS CA 2 on February 1st 2018. Valid for: 2 years.
This is the only time stamp2.login.microsoftonline-int.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Office 365 (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 2a01:111:f406... 2a01:111:f406:1803::10 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation) | |
8 | 2a02:26f0:6c0... 2a02:26f0:6c00:283::35c1 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
10 | 2 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
stamp2.login.microsoftonline-int.com |
ASN20940 (AKAMAI-ASN1, US)
secure.aadcdn.microsoftonline-p.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
microsoftonline-p.com
secure.aadcdn.microsoftonline-p.com |
280 KB |
2 |
microsoftonline-int.com
stamp2.login.microsoftonline-int.com |
7 KB |
10 | 2 |
Domain | Requested by | |
---|---|---|
8 | secure.aadcdn.microsoftonline-p.com |
stamp2.login.microsoftonline-int.com
|
2 | stamp2.login.microsoftonline-int.com | |
10 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
login.microsoftonline-int.com Microsoft IT TLS CA 2 |
2018-02-01 - 2020-02-01 |
2 years | crt.sh |
secure.aadcdn.microsoftonline-p.com Microsoft IT TLS CA 1 |
2017-08-15 - 2019-08-15 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://stamp2.login.microsoftonline-int.com/login.srf?bk=1557968410
Frame ID: B1475CEC2D6BF343B8BB446659DABD32
Requests: 10 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://stamp2.login.microsoftonline-int.com/login.srf Page URL
- https://stamp2.login.microsoftonline-int.com/login.srf?bk=1557968410 Page URL
Detected technologies
Windows Server (Operating Systems) ExpandDetected patterns
- headers server /IIS(?:\/([\d.]+))?/i
IIS (Web Servers) Expand
Detected patterns
- headers server /IIS(?:\/([\d.]+))?/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://stamp2.login.microsoftonline-int.com/login.srf Page URL
- https://stamp2.login.microsoftonline-int.com/login.srf?bk=1557968410 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Cookie set
login.srf
stamp2.login.microsoftonline-int.com/ |
557 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
Cookie set
login.srf
stamp2.login.microsoftonline-int.com/ |
21 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.ltr.css
secure.aadcdn.microsoftonline-p.com/aad/20.200.20150/css/ |
27 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.11.2.min.js
secure.aadcdn.microsoftonline-p.com/aad/20.200.20150/js/ |
94 KB 33 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-migrate-1.2.1.min.js
secure.aadcdn.microsoftonline-p.com/aad/20.200.20150/js/ |
7 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
aad.login.js
secure.aadcdn.microsoftonline-p.com/aad/20.200.20150/js/ |
126 KB 28 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.easing.1.3.js
secure.aadcdn.microsoftonline-p.com/aad/20.200.20150/js/ |
9 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
AD_Glyph_Footer_30x30.png
secure.aadcdn.microsoftonline-p.com/aad/20.200.20150/images/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
secure.aadcdn.microsoftonline-p.com/aadbranding/1.0.1/aadlogin/Office365/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
illustration.jpg
secure.aadcdn.microsoftonline-p.com/aadbranding/1.0.1/aadlogin/Office365/ |
199 KB 199 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Office 365 (Online)40 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask undefined| msViewportStyle function| $ function| jQuery object| ErrorCodes object| Constants object| Context object| Background object| Logo object| Instrument object| User object| tenant_info function| pageOnReady object| Util object| PostType object| LoginOption object| Post function| origHide function| origShow function| origAddClass function| origRemoveClass object| Support object| users object| Tiles object| HIP object| EmailDiscovery object| ProofUp object| StrongAuthCheck object| ThirdPartyCookieStates object| TenantBranding object| MSLogin object| jQuery111206703814743759826 object| HIP_MODE object| MSStrongAuth object| MSLogout object| body string| alt_logo_image string| alt_background_image3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.login.microsoftonline-int.com/ | Name: MSPOK Value: $uuid-e7cde51c-0575-48e3-a01e-f61c7a122041$uuid-e12345b8-c52b-4a1c-8383-c272f142af5d |
|
stamp2.login.microsoftonline-int.com/ | Name: MSPRequ Value: lt=1557968410&id=N&co=2 |
|
.login.microsoftonline-int.com/ | Name: orgid-request-id Value: 0BCFC868-E91D-41FA-9D51-716C0FB839E9 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000 |
X-Content-Type-Options | nosniff |
X-Frame-Options | deny |
X-Xss-Protection | 0 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
secure.aadcdn.microsoftonline-p.com
stamp2.login.microsoftonline-int.com
2a01:111:f406:1803::10
2a02:26f0:6c00:283::35c1
0764cd74693cbf231ec1841cea80d3308cb39892dacdf906044ad6c0622cada2
76e6ac109365cfdd071d31dec47185ed364380d26e80910927c1524b5f8d196e
7e50e406688bd898803f653058d14ca384734cb9b39ba900bc5e2734b59c073b
a271a3f9e3cae897ced669d6652699e947928ef095e56384c4f9dd04bbb942ec
b3c4fd39a0c96930c595c60d3bd41ed0fb032380017fb367db5e7c4c9cf0bf52
c4d24f6b27cc7ceea56fbec786bb1f486fdad9a1f998f760f76d1f44671e105c
e9f76a23a17184eec1ee54b5fa9d25ae90439b9f8edf31391ee19332010fb698
f902d8b3484872d0bb6fdb71084823e6363905e3f0ebaeeafa6cb373acd28350
fc5c3d7d2b298a42ec44dad2d8cd227b734db966b4afa68c0254a497e805f603