portal.microsoft.office.login.baseplayground.nl Open in urlscan Pro
83.98.240.249 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://portal.microsoft.office.login.baseplayground.nl/
Submission: On September 30 via automatic, source certstream-suspicious (September 30th 2021, 2:58:42 pm UTC) — Scanned from DE

Summary HTTP 22 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 22 HTTP transactions. The main IP is 83.98.240.249, located in Wateringen, Netherlands and belongs to SPEEDXS-AS, NL. The main domain is portal.microsoft.office.login.baseplayground.nl.
TLS certificate: Issued by R3 on September 30th 2021. Valid for: 3 months.

This is the only time portal.microsoft.office.login.baseplayground.nl was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
11	83.98.240.249 83.98.240.249	30925 (SPEEDXS-AS) (SPEEDXS-AS)
1	40.126.31.143 40.126.31.143	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
9	152.199.23.37 152.199.23.37	15133 (EDGECAST) (EDGECAST)
1	13.107.246.44 13.107.246.44	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
22	4

11 83.98.240.249 (Wateringen, Netherlands)

ASN30925 (SPEEDXS-AS, NL)
PTR: kikken.dsl.as25232.net

portal.microsoft.office.login.baseplayground.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 40.126.31.143 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

login.live.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 152.199.23.37 (United States)

ASN15133 (EDGECAST, US)

aadcdn.msftauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.246.44 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

aadcdn.msftauthimages.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	baseplayground.nl portal.microsoft.office.login.baseplayground.nl	62 KB
9	msftauth.net aadcdn.msftauth.net	145 KB
1	msftauthimages.net aadcdn.msftauthimages.net	174 KB
1	live.com login.live.com
22	4

	Domain	Requested by
11	portal.microsoft.office.login.baseplayground.nl	portal.microsoft.office.login.baseplayground.nl aadcdn.msftauth.net
9	aadcdn.msftauth.net	portal.microsoft.office.login.baseplayground.nl
1	aadcdn.msftauthimages.net	portal.microsoft.office.login.baseplayground.nl
1	login.live.com	portal.microsoft.office.login.baseplayground.nl
22	4

This site contains links to these domains. Also see Links.

Domain
passwordreset.microsoftonline.com
www.microsoft.com
privacy.microsoft.com
login.microsoftonline.com

Subject Issuer	Validity	Valid
portal.microsoft.office.login.baseplayground.nl R3	`2021-09-30` - `2021-12-29`	3 months	crt.sh
graph.windows.net DigiCert SHA2 Secure Server CA	`2021-08-26` - `2022-08-26`	a year	crt.sh
aadcdn.msftauth.net DigiCert SHA2 Secure Server CA	`2021-05-13` - `2022-05-13`	a year	crt.sh
aadcdn.msftauthimages.net Microsoft Azure TLS Issuing CA 01	`2021-08-05` - `2022-07-31`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://portal.microsoft.office.login.baseplayground.nl/
Frame ID: 8CEF0F03E1877B3F0A04003A0DC94CC8
Requests: 22 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in to your account

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

22
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

380 kB
Transfer

696 kB
Size

2
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQIIAYWSPWzjdADF46TNpTkw5YQQbB1AQpycOP6MKzE4duK4jf2PGyeOLYTl-CN24tiJ48SNdyTGo-OJCbYyICEGdBISc6ebb_KMkEBMN5JjP7E8vacnveX96jWq0Wo10Ab6eQVroJefEDRFEgQ5Q3DMphCCmaFIG3cppOUw-LHCaMq2kif186fMT4k7MbivzbtPf-l_-9c9dOGn6Xp72WxmWdaIPS-w3YYdr5qhFTlBNN9jv0LQSwh6Xi670X15Sx3n2hRKkgzJEDRDUFRD1yTcUO3cUOcpUH3fCFBUVvXbgSaiktBNAS-Shqa0DJ5tSSudkHP9AIRuJglKavA9X-JQFKgiPlD9pSxIqbEQMUPTM6DqGNAm_qvye4DdpT72RuIkyN1_ymdenKzMdbxNn1d-LI_DNmsEBN0Bub0GWUgvpnQXEXNl5jBzi7Omo96E6k47-dQeB7ljdhMXyAiXeByLupE3wwjUQv0963CSthTW1PXycOVIO21N7KSlGvV7yWa5HLAzEtlcD8hAY6hOy2PdgyNMx72hpwz5UT-PJ27e2Yooz6Uj5UBssjZ5g7cWCLbYMMORJeOCpkj9W09E2OGNzOb7nYQBTMlm4z1N9sAW4I6NzTLJpK_Ge9WQ9EnEXGcBJeriSsDtIR44-NXKHaXRgFeA7-CR2dEZDjfcbhxQiOhyDjnCyCWPJ4ehMlp3ok04HLO6hSzGhDmhUw2xqO195eO3HL7Hfq5Uj2YVRw8VOl67UeBcrJPYC0L3bZDssSb4L_Xjldtgw_DlCfTHyYe16vnjj0oXpc8-QCuXtVr9vPQmvT6Bvj89Mnh19uWfX0EvwA_3v929_u6u9HDa1IESeIk3l7mds6QC_WAE896mqfmS2GtLxtPR7aJJCCDC7PYX7cvWsyr0rFp9qL4v8qbcVUcqK_PsDY-Z6N9V6JtHpRdn_0v1q3fO6_VdYIaxbYXu9smR7t_fLRUwVMDlAq4U8EkBnxZwtYAfFXCtgM8KuF7Aj_8F0&mkt=en&hosted=0&device_platform=Windows+10
Title: Forgot my password

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/en/servicesagreement/
Title: Terms of use

Search URL Search Domain Scan URL

URL: https://privacy.microsoft.com/en/privacystatement
Title: Privacy & cookies

Search URL Search Domain Scan URL

URL: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=637686055959479466.YWM3ZTczZTgtOThhZi00NTYxLWI0MGEtODI5ZWQ1ZDA1MmY4NzYyOGEwMGQtZDFhMC00OTI3LThkNGMtZjI2ZWYwOTY2OWVh&ui_locales=en&mkt=en&state=Ul8AZi47BOzcpOwl7jX7E-IzQbd9gaCaXSFV6EXBzXcUizd_EreON-CrfCA0enfb240a0hvAdCMWkGp6KkyJdMuWp4uMkTnHFrqkkLAb5-qKL5iW96B1fAeydGXUFPfQPDSHzoVezBsI0DCtSQy4qw85R31j-2jq9PSaN3GWQMHxfI-APRNAzvuM2O2QwbUv75FOsO3dc2bwM_7JUvTZMYVn9Kwi6IYImG3cP3id3JmeStnLDQOhd3n_BY9C3ZeEoi6-IeCd5S25kD3ryPQSpBnqlPUAYa-jU4_V7tW-a6s&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.11.0.0&sso_reload=true
Title: ...

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response portal.microsoft.office.login.baseplayground.nl/	224 KB 50 KB	64ms 30ms	Document text/html	83.98.240.249 SPEEDXS-AS
General Check archive.org Show headers Download Go to Full URL https://portal.microsoft.office.login.baseplayground.nl/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 83.98.240.249 Wateringen, Netherlands, ASN30925 (SPEEDXS-AS, NL), Reverse DNS kikken.dsl.as25232.net Software nginx / PHP/7.4.23 PleskLin Resource Hash `b6c0f85ddc6d3b2b3eac6034af2794303bc27ba3646f787af3fc92aa3cfaba9e` Request headers :method GET :authority portal.microsoft.office.login.baseplayground.nl :scheme https :path / pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 accept-language de-DE,de;q=0.9 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers server nginx date Thu, 30 Sep 2021 14:58:37 GMT content-type text/html; charset=UTF-8 x-powered-by PHP/7.4.23 PleskLin content-encoding br
GET H/1.1	200 OK	Me.htm login.live.com/	0 0	272ms 137ms	Other text/html	40.126.31.143 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://login.live.com/Me.htm?v=3 Requested by Host: portal.microsoft.office.login.baseplayground.nl URL: https://portal.microsoft.office.login.baseplayground.nl/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 40.126.31.143 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash Request headers Accept-Language de-DE,de;q=0.9 Referer https://portal.microsoft.office.login.baseplayground.nl/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers
GET H2	404	ConvergedLogin_PCore_I521IOYX4o7sg2DM4l7ufQ2.js.download portal.microsoft.office.login.baseplayground.nl/Sign%20in%20to%20your%20account_files/	0 0	17ms 17ms	Script text/html	83.98.240.249 SPEEDXS-AS
General Check archive.org Show headers Download Go to Full URL https://portal.microsoft.office.login.baseplayground.nl/Sign%20in%20to%20your%20account_files/ConvergedLogin_PCore_I521IOYX4o7sg2DM4l7ufQ2.js.download Requested by Host: portal.microsoft.office.login.baseplayground.nl URL: https://portal.microsoft.office.login.baseplayground.nl/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 83.98.240.249 Wateringen, Netherlands, ASN30925 (SPEEDXS-AS, NL), Reverse DNS kikken.dsl.as25232.net Software nginx / Resource Hash Request headers :path /Sign%20in%20to%20your%20account_files/ConvergedLogin_PCore_I521IOYX4o7sg2DM4l7ufQ2.js.download pragma no-cache origin https://portal.microsoft.office.login.baseplayground.nl accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 sec-fetch-mode cors accept / cache-control no-cache sec-fetch-dest script :authority portal.microsoft.office.login.baseplayground.nl referer https://portal.microsoft.office.login.baseplayground.nl/ :scheme https sec-fetch-site same-origin :method GET Referer https://portal.microsoft.office.login.baseplayground.nl/ Origin https://portal.microsoft.office.login.baseplayground.nl Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 14:58:37 GMT content-encoding br last-modified Fri, 20 Aug 2021 09:48:22 GMT server nginx etag W/"328-5c9fa91704244" content-type text/html
GET H2	404	convergedlogin_pfetchsessionsprogress_2cd859f4f4e27b66fc72.js.download portal.microsoft.office.login.baseplayground.nl/Sign%20in%20to%20your%20account_files/	0 0	16ms 16ms	Script text/html	83.98.240.249 SPEEDXS-AS
General Check archive.org Show headers Download Go to Full URL https://portal.microsoft.office.login.baseplayground.nl/Sign%20in%20to%20your%20account_files/convergedlogin_pfetchsessionsprogress_2cd859f4f4e27b66fc72.js.download Requested by Host: portal.microsoft.office.login.baseplayground.nl URL: https://portal.microsoft.office.login.baseplayground.nl/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 83.98.240.249 Wateringen, Netherlands, ASN30925 (SPEEDXS-AS, NL), Reverse DNS kikken.dsl.as25232.net Software nginx / Resource Hash Request headers :path /Sign%20in%20to%20your%20account_files/convergedlogin_pfetchsessionsprogress_2cd859f4f4e27b66fc72.js.download pragma no-cache accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 sec-fetch-mode no-cors accept / cache-control no-cache sec-fetch-dest script :authority portal.microsoft.office.login.baseplayground.nl referer https://portal.microsoft.office.login.baseplayground.nl/ :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://portal.microsoft.office.login.baseplayground.nl/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 14:58:37 GMT content-encoding br last-modified Fri, 20 Aug 2021 09:48:22 GMT server nginx etag W/"328-5c9fa91704244" content-type text/html
GET H2	404	convergedlogin_ppassword_070e6eecba68bd206381.js.download portal.microsoft.office.login.baseplayground.nl/Sign%20in%20to%20your%20account_files/	0 0	17ms 17ms	Script text/html	83.98.240.249 SPEEDXS-AS
General Check archive.org Show headers Download Go to Full URL https://portal.microsoft.office.login.baseplayground.nl/Sign%20in%20to%20your%20account_files/convergedlogin_ppassword_070e6eecba68bd206381.js.download Requested by Host: portal.microsoft.office.login.baseplayground.nl URL: https://portal.microsoft.office.login.baseplayground.nl/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 83.98.240.249 Wateringen, Netherlands, ASN30925 (SPEEDXS-AS, NL), Reverse DNS kikken.dsl.as25232.net Software nginx / Resource Hash Request headers :path /Sign%20in%20to%20your%20account_files/convergedlogin_ppassword_070e6eecba68bd206381.js.download pragma no-cache accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 sec-fetch-mode no-cors accept / cache-control no-cache sec-fetch-dest script :authority portal.microsoft.office.login.baseplayground.nl referer https://portal.microsoft.office.login.baseplayground.nl/ :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://portal.microsoft.office.login.baseplayground.nl/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 14:58:37 GMT content-encoding br last-modified Fri, 20 Aug 2021 09:48:22 GMT server nginx etag W/"328-5c9fa91704244" content-type text/html
GET H2	200	bannerlogo portal.microsoft.office.login.baseplayground.nl/Sign%20in%20to%20your%20account_files/	10 KB 10 KB	18ms 17ms	Image image/jpeg	83.98.240.249 SPEEDXS-AS
General Check archive.org Show headers Download Go to Show image Full URL https://portal.microsoft.office.login.baseplayground.nl/Sign%20in%20to%20your%20account_files/bannerlogo Requested by Host: portal.microsoft.office.login.baseplayground.nl URL: https://portal.microsoft.office.login.baseplayground.nl/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 83.98.240.249 Wateringen, Netherlands, ASN30925 (SPEEDXS-AS, NL), Reverse DNS kikken.dsl.as25232.net Software nginx / PleskLin Resource Hash `d9eebf05879aee218de6cbc5932cfe920ed7f8f4d89808cd16fd218445acbbda` Request headers :path /Sign%20in%20to%20your%20account_files/bannerlogo pragma no-cache accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 cache-control* no-cache sec-fetch-dest image :authority portal.microsoft.office.login.baseplayground.nl referer https://portal.microsoft.office.login.baseplayground.nl/ :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://portal.microsoft.office.login.baseplayground.nl/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 14:58:37 GMT last-modified Thu, 30 Sep 2021 14:48:07 GMT server nginx x-powered-by PleskLin etag "6155ce27-2630" content-type image/jpeg accept-ranges bytes content-length 9776
GET H2	200	arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg portal.microsoft.office.login.baseplayground.nl/Sign%20in%20to%20your%20account_files/	513 B 686 B	18ms 17ms	Image image/svg+xml	83.98.240.249 SPEEDXS-AS
General Check archive.org Show headers Download Go to Show image Full URL https://portal.microsoft.office.login.baseplayground.nl/Sign%20in%20to%20your%20account_files/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg Requested by Host: portal.microsoft.office.login.baseplayground.nl URL: https://portal.microsoft.office.login.baseplayground.nl/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 83.98.240.249 Wateringen, Netherlands, ASN30925 (SPEEDXS-AS, NL), Reverse DNS kikken.dsl.as25232.net Software nginx / PleskLin Resource Hash `34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58` Request headers :path /Sign%20in%20to%20your%20account_files/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg pragma no-cache accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 cache-control* no-cache sec-fetch-dest image :authority portal.microsoft.office.login.baseplayground.nl referer https://portal.microsoft.office.login.baseplayground.nl/ :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://portal.microsoft.office.login.baseplayground.nl/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 14:58:37 GMT etag "201-5cd3788e38726" last-modified Thu, 30 Sep 2021 14:48:07 GMT server nginx x-powered-by PleskLin content-type image/svg+xml x-accel-version 0.01 accept-ranges bytes content-length 513
GET H2	404	ConvergedLogin_PCore_I521IOYX4o7sg2DM4l7ufQ2.js.download portal.microsoft.office.login.baseplayground.nl/Sign%20in%20to%20your%20account_files/	0 0	18ms 17ms	Script text/html	83.98.240.249 SPEEDXS-AS
General Check archive.org Show headers Download Go to Full URL https://portal.microsoft.office.login.baseplayground.nl/Sign%20in%20to%20your%20account_files/ConvergedLogin_PCore_I521IOYX4o7sg2DM4l7ufQ2.js.download Requested by Host: portal.microsoft.office.login.baseplayground.nl URL: https://portal.microsoft.office.login.baseplayground.nl/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 83.98.240.249 Wateringen, Netherlands, ASN30925 (SPEEDXS-AS, NL), Reverse DNS kikken.dsl.as25232.net Software nginx / Resource Hash Request headers :path /Sign%20in%20to%20your%20account_files/ConvergedLogin_PCore_I521IOYX4o7sg2DM4l7ufQ2.js.download pragma no-cache origin https://portal.microsoft.office.login.baseplayground.nl accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 sec-fetch-mode cors accept / cache-control no-cache sec-fetch-dest script :authority portal.microsoft.office.login.baseplayground.nl referer https://portal.microsoft.office.login.baseplayground.nl/ :scheme https sec-fetch-site same-origin :method GET Referer https://portal.microsoft.office.login.baseplayground.nl/ Origin https://portal.microsoft.office.login.baseplayground.nl Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 14:58:37 GMT content-encoding br last-modified Fri, 20 Aug 2021 09:48:22 GMT server nginx etag W/"328-5c9fa91704244" content-type text/html
GET H2	200	watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js Show response aadcdn.msftauth.net/ests/2.1/content/cdnbundles/	117 KB 40 KB	33ms 12ms	Script application/x-javascript	152.199.23.37 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js Requested by Host: portal.microsoft.office.login.baseplayground.nl URL: https://portal.microsoft.office.login.baseplayground.nl/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.199.23.37 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (frc/8F2C) / Resource Hash `df2aa8537c1992c94846a0ffffaa9031d430d9d0210b9e396ec059aff62627e0` Request headers Referer https://portal.microsoft.office.login.baseplayground.nl/ Origin https://portal.microsoft.office.login.baseplayground.nl Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Thu, 30 Sep 2021 14:58:37 GMT content-encoding gzip content-md5 HWW92uTq7vx3y5z+zFZbXQ== age 3412932 x-cache HIT content-length 40454 x-ms-lease-status unlocked last-modified Fri, 26 Feb 2021 06:18:37 GMT server ECAcc (frc/8F2C) etag 0x8D8DA1E5A71125A vary Accept-Encoding content-type application/x-javascript access-control-allow-origin * x-ms-request-id 85852b0a-b01e-009a-2201-97b3aa000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 accept-ranges bytes
GET H2	200	converged.v2.login.min_lgjnfq3xbrj5zvj5ionvww2.css aadcdn.msftauth.net/ests/2.1/content/cdnbundles/	0 20 KB	28ms 7ms	Other text/css	152.199.23.37 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_lgjnfq3xbrj5zvj5ionvww2.css Requested by Host: portal.microsoft.office.login.baseplayground.nl URL: https://portal.microsoft.office.login.baseplayground.nl/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.199.23.37 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (frc/8F5C) / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept-Language de-DE,de;q=0.9 Referer https://portal.microsoft.office.login.baseplayground.nl/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Thu, 30 Sep 2021 14:58:37 GMT content-encoding gzip content-md5 mU+G3bfjPvbbh+JW3ypW1g== age 10094073 x-cache HIT content-length 19835 x-ms-lease-status unlocked last-modified Fri, 04 Jun 2021 23:47:30 GMT server ECAcc (frc/8F5C) etag 0x8D927B31E2905FD vary Accept-Encoding content-type text/css access-control-allow-origin * x-ms-request-id dfcee648-001e-002a-393d-5a8a96000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 accept-ranges bytes
GET H2	200	ux.converged.login.strings-en.min_adqtkgeasdv5me2-b1wumg2.js aadcdn.msftauth.net/ests/2.1/content/cdnbundles/	0 12 KB	30ms 9ms	Other application/x-javascript	152.199.23.37 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_adqtkgeasdv5me2-b1wumg2.js Requested by Host: portal.microsoft.office.login.baseplayground.nl URL: https://portal.microsoft.office.login.baseplayground.nl/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.199.23.37 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (frc/8FB5) / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept-Language de-DE,de;q=0.9 Referer https://portal.microsoft.office.login.baseplayground.nl/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Thu, 30 Sep 2021 14:58:37 GMT content-encoding gzip content-md5 bS3q7+8qQMGFLJ5yDFtTWA== age 2460873 x-cache HIT content-length 12538 x-ms-lease-status unlocked last-modified Wed, 01 Sep 2021 17:30:54 GMT server ECAcc (frc/8FB5) etag 0x8D96D6E408D13B9 vary Accept-Encoding content-type application/x-javascript access-control-allow-origin * x-ms-request-id fa43c4fe-401e-000f-1ba9-9fe166000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 accept-ranges bytes
GET H2	200	illustration aadcdn.msftauthimages.net/c1c6b6c8-dot4oyjhl27uyhvbbpw8wzioacl0qmtfybixdojw8um/logintenantbranding/0/	173 KB 174 KB	290ms 184ms	Image image/*	13.107.246.44 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://aadcdn.msftauthimages.net/c1c6b6c8-dot4oyjhl27uyhvbbpw8wzioacl0qmtfybixdojw8um/logintenantbranding/0/illustration?ts=637575346163732744 Requested by Host: portal.microsoft.office.login.baseplayground.nl URL: https://portal.microsoft.office.login.baseplayground.nl/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 13.107.246.44 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash `e1003a5f1b91aac3730fc04d7bb56e5e38696b30cecc29f575fb26c033338063` Request headers Accept-Language de-DE,de;q=0.9 Referer https://portal.microsoft.office.login.baseplayground.nl/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob date Thu, 30 Sep 2021 14:58:36 GMT last-modified Tue, 25 May 2021 10:16:56 GMT server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 content-md5 EwY3Y2fga183OBSXnDZb1w== etag 0x8D91F6639C4E3E9 x-azure-ref 0ndBVYQAAAACrqvzzumlzS5dXfiZ8J7rlUFJHMDFFREdFMDYyMQA1OTY2NTcxNS00MjZhLTRmMWMtYTA1OS1kNWRmZDQwYWU2Yjk= x-cache TCP_REMOTE_HIT content-type image/* x-ms-request-id b7cb6ea5-f01e-0051-3dff-b5c620000000 cache-control public, max-age=86400 x-ms-version 2009-09-19 x-azure-ref-originshield 0ndBVYQAAAABSPgu05ueEQKn7y8anZ7hdTE9OMjFFREdFMDIwNwA1OTY2NTcxNS00MjZhLTRmMWMtYTA1OS1kNWRmZDQwYWU2Yjk= content-length 177112
GET H2	404	ConvergedLogin_PCore_I521IOYX4o7sg2DM4l7ufQ2.js.download portal.microsoft.office.login.baseplayground.nl/Sign%20in%20to%20your%20account_files/	0 0	18ms 16ms	Script text/html	83.98.240.249 SPEEDXS-AS
General Check archive.org Show headers Download Go to Full URL https://portal.microsoft.office.login.baseplayground.nl/Sign%20in%20to%20your%20account_files/ConvergedLogin_PCore_I521IOYX4o7sg2DM4l7ufQ2.js.download Requested by Host: portal.microsoft.office.login.baseplayground.nl URL: https://portal.microsoft.office.login.baseplayground.nl/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 83.98.240.249 Wateringen, Netherlands, ASN30925 (SPEEDXS-AS, NL), Reverse DNS kikken.dsl.as25232.net Software nginx / Resource Hash Request headers :path /Sign%20in%20to%20your%20account_files/ConvergedLogin_PCore_I521IOYX4o7sg2DM4l7ufQ2.js.download pragma no-cache origin https://portal.microsoft.office.login.baseplayground.nl accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 sec-fetch-mode cors accept / cache-control no-cache sec-fetch-dest script :authority portal.microsoft.office.login.baseplayground.nl referer https://portal.microsoft.office.login.baseplayground.nl/ :scheme https sec-fetch-site same-origin :method GET Referer https://portal.microsoft.office.login.baseplayground.nl/ Origin https://portal.microsoft.office.login.baseplayground.nl Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 30 Sep 2021 14:58:37 GMT content-encoding br last-modified Fri, 20 Aug 2021 09:48:22 GMT server nginx etag W/"328-5c9fa91704244" content-type text/html
GET H2	200	frameworksupport.min_oadrnc13magb009k4d20lg2.js Show response aadcdn.msftauth.net/ests/2.1/content/cdnbundles/	12 KB 5 KB	7ms 7ms	Script application/x-javascript	152.199.23.37 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/frameworksupport.min_oadrnc13magb009k4d20lg2.js Requested by Host: portal.microsoft.office.login.baseplayground.nl URL: https://portal.microsoft.office.login.baseplayground.nl/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.199.23.37 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (frc/8FA2) / Resource Hash `c8cef105fcaf7cbf3f8682c861045505c24d41cf6686c20c1c03e14031a3db69` Request headers Referer https://portal.microsoft.office.login.baseplayground.nl/ Origin https://portal.microsoft.office.login.baseplayground.nl Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Thu, 30 Sep 2021 14:58:37 GMT content-encoding gzip content-md5 A8dgUeRfi6/VknMbox6Cuw== age 29402377 x-cache HIT content-length 4880 x-ms-lease-status unlocked last-modified Thu, 22 Oct 2020 20:43:24 GMT server ECAcc (frc/8FA2) etag 0x8D876CB1F3EA0D9 vary Accept-Encoding content-type application/x-javascript access-control-allow-origin * x-ms-request-id d0950f04-601e-003a-20a1-aa35be000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 accept-ranges bytes
GET H2	200	watson.min_ybdb1ixzkv-fkor2mu6q6w2.js Show response aadcdn.msftauth.net/ests/2.1/content/cdnbundles/	9 KB 4 KB	9ms 9ms	Script application/x-javascript	152.199.23.37 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/watson.min_ybdb1ixzkv-fkor2mu6q6w2.js Requested by Host: portal.microsoft.office.login.baseplayground.nl URL: https://portal.microsoft.office.login.baseplayground.nl/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.199.23.37 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (frc/8E8A) / Resource Hash `58eacd6958675b2640b9efb0344cace3298b5d60a4b2b6bb5654b7ebf15891a2` Request headers Referer https://portal.microsoft.office.login.baseplayground.nl/ Origin https://portal.microsoft.office.login.baseplayground.nl Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Thu, 30 Sep 2021 14:58:37 GMT content-encoding gzip content-md5 0amdmc4DC3wTGNS/ckG9zw== age 5144331 x-cache HIT content-length 3871 x-ms-lease-status unlocked last-modified Thu, 22 Oct 2020 20:49:15 GMT server ECAcc (frc/8E8A) etag 0x8D876CBF0105F18 vary Accept-Encoding content-type application/x-javascript access-control-allow-origin * x-ms-request-id 7f7ea0ef-301e-0099-4842-8740ca000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 accept-ranges bytes
POST H2	404	watson Show response portal.microsoft.office.login.baseplayground.nl/common/handlers/	808 B 501 B	17ms 17ms	XHR text/html	83.98.240.249 SPEEDXS-AS
General Check archive.org Show headers Download Go to Full URL https://portal.microsoft.office.login.baseplayground.nl/common/handlers/watson Requested by Host: aadcdn.msftauth.net URL: https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 83.98.240.249 Wateringen, Netherlands, ASN30925 (SPEEDXS-AS, NL), Reverse DNS kikken.dsl.as25232.net Software nginx / Resource Hash `b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187` Request headers sec-fetch-mode cors origin https://portal.microsoft.office.login.baseplayground.nl accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 client-request-id 72af392b-5665-435a-855f-9225b44891ef canary AQABAAAAAAD--DLA3VO7QrddgJg7WevrkTvPZVG6MVEPiB6rdVru5qK0HJxd03oX-7KJu8we6UdyrsX9X4lpuOcPCA_zfwfrk1jSYSDA2p_Lb8rX8bQljKCzMH1p_Si64kgPiIDRdHNLSpCFBEodMsuwFNGdHTvxpt9kEsZbc7dYQ8rky_u1bygc5C7LOeTk6l8JA3PXgO41MMZHT3ve7SjZSrR-jEmFbNuLgJK4tHkwdP9Z0RHj9iAA sec-fetch-dest empty x-requested-with XMLHttpRequest content-length 6439 hpgact 1800 :path /common/handlers/watson pragma no-cache user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 content-type application/json; charset=UTF-8 hpgid 1104 accept application/json cache-control no-cache :authority portal.microsoft.office.login.baseplayground.nl referer https://portal.microsoft.office.login.baseplayground.nl/ :scheme https sec-fetch-site same-origin :method POST Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 client-request-id 72af392b-5665-435a-855f-9225b44891ef canary AQABAAAAAAD--DLA3VO7QrddgJg7WevrkTvPZVG6MVEPiB6rdVru5qK0HJxd03oX-7KJu8we6UdyrsX9X4lpuOcPCA_zfwfrk1jSYSDA2p_Lb8rX8bQljKCzMH1p_Si64kgPiIDRdHNLSpCFBEodMsuwFNGdHTvxpt9kEsZbc7dYQ8rky_u1bygc5C7LOeTk6l8JA3PXgO41MMZHT3ve7SjZSrR-jEmFbNuLgJK4tHkwdP9Z0RHj9iAA Content-Type application/json; charset=UTF-8 hpgid 1104 Accept application/json Referer https://portal.microsoft.office.login.baseplayground.nl/ X-Requested-With XMLHttpRequest hpgact 1800 Response headers date Thu, 30 Sep 2021 14:58:37 GMT content-encoding br last-modified Fri, 20 Aug 2021 09:48:22 GMT server nginx etag W/"328-5c9fa91704244" content-type text/html
POST H2	404	watson Show response portal.microsoft.office.login.baseplayground.nl/common/handlers/	808 B 501 B	29ms 29ms	XHR text/html	83.98.240.249 SPEEDXS-AS
General Check archive.org Show headers Download Go to Full URL https://portal.microsoft.office.login.baseplayground.nl/common/handlers/watson Requested by Host: aadcdn.msftauth.net URL: https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 83.98.240.249 Wateringen, Netherlands, ASN30925 (SPEEDXS-AS, NL), Reverse DNS kikken.dsl.as25232.net Software nginx / Resource Hash `b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187` Request headers sec-fetch-mode cors origin https://portal.microsoft.office.login.baseplayground.nl accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 client-request-id 72af392b-5665-435a-855f-9225b44891ef canary AQABAAAAAAD--DLA3VO7QrddgJg7WevrkTvPZVG6MVEPiB6rdVru5qK0HJxd03oX-7KJu8we6UdyrsX9X4lpuOcPCA_zfwfrk1jSYSDA2p_Lb8rX8bQljKCzMH1p_Si64kgPiIDRdHNLSpCFBEodMsuwFNGdHTvxpt9kEsZbc7dYQ8rky_u1bygc5C7LOeTk6l8JA3PXgO41MMZHT3ve7SjZSrR-jEmFbNuLgJK4tHkwdP9Z0RHj9iAA sec-fetch-dest empty x-requested-with XMLHttpRequest content-length 6509 hpgact 1800 :path /common/handlers/watson pragma no-cache user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 content-type application/json; charset=UTF-8 hpgid 1104 accept application/json cache-control no-cache :authority portal.microsoft.office.login.baseplayground.nl referer https://portal.microsoft.office.login.baseplayground.nl/ :scheme https sec-fetch-site same-origin :method POST Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 client-request-id 72af392b-5665-435a-855f-9225b44891ef canary AQABAAAAAAD--DLA3VO7QrddgJg7WevrkTvPZVG6MVEPiB6rdVru5qK0HJxd03oX-7KJu8we6UdyrsX9X4lpuOcPCA_zfwfrk1jSYSDA2p_Lb8rX8bQljKCzMH1p_Si64kgPiIDRdHNLSpCFBEodMsuwFNGdHTvxpt9kEsZbc7dYQ8rky_u1bygc5C7LOeTk6l8JA3PXgO41MMZHT3ve7SjZSrR-jEmFbNuLgJK4tHkwdP9Z0RHj9iAA Content-Type application/json; charset=UTF-8 hpgid 1104 Accept application/json Referer https://portal.microsoft.office.login.baseplayground.nl/ X-Requested-With XMLHttpRequest hpgact 1800 Response headers date Thu, 30 Sep 2021 14:58:37 GMT content-encoding br last-modified Fri, 20 Aug 2021 09:48:22 GMT server nginx etag W/"328-5c9fa91704244" content-type text/html
POST H2	404	watson Show response portal.microsoft.office.login.baseplayground.nl/common/handlers/	808 B 501 B	27ms 27ms	XHR text/html	83.98.240.249 SPEEDXS-AS
General Check archive.org Show headers Download Go to Full URL https://portal.microsoft.office.login.baseplayground.nl/common/handlers/watson Requested by Host: aadcdn.msftauth.net URL: https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 83.98.240.249 Wateringen, Netherlands, ASN30925 (SPEEDXS-AS, NL), Reverse DNS kikken.dsl.as25232.net Software nginx / Resource Hash `b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187` Request headers sec-fetch-mode cors origin https://portal.microsoft.office.login.baseplayground.nl accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 client-request-id 72af392b-5665-435a-855f-9225b44891ef canary AQABAAAAAAD--DLA3VO7QrddgJg7WevrkTvPZVG6MVEPiB6rdVru5qK0HJxd03oX-7KJu8we6UdyrsX9X4lpuOcPCA_zfwfrk1jSYSDA2p_Lb8rX8bQljKCzMH1p_Si64kgPiIDRdHNLSpCFBEodMsuwFNGdHTvxpt9kEsZbc7dYQ8rky_u1bygc5C7LOeTk6l8JA3PXgO41MMZHT3ve7SjZSrR-jEmFbNuLgJK4tHkwdP9Z0RHj9iAA sec-fetch-dest empty x-requested-with XMLHttpRequest content-length 6483 hpgact 1800 :path /common/handlers/watson pragma no-cache user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 content-type application/json; charset=UTF-8 hpgid 1104 accept application/json cache-control no-cache :authority portal.microsoft.office.login.baseplayground.nl referer https://portal.microsoft.office.login.baseplayground.nl/ :scheme https sec-fetch-site same-origin :method POST Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 client-request-id 72af392b-5665-435a-855f-9225b44891ef canary AQABAAAAAAD--DLA3VO7QrddgJg7WevrkTvPZVG6MVEPiB6rdVru5qK0HJxd03oX-7KJu8we6UdyrsX9X4lpuOcPCA_zfwfrk1jSYSDA2p_Lb8rX8bQljKCzMH1p_Si64kgPiIDRdHNLSpCFBEodMsuwFNGdHTvxpt9kEsZbc7dYQ8rky_u1bygc5C7LOeTk6l8JA3PXgO41MMZHT3ve7SjZSrR-jEmFbNuLgJK4tHkwdP9Z0RHj9iAA Content-Type application/json; charset=UTF-8 hpgid 1104 Accept application/json Referer https://portal.microsoft.office.login.baseplayground.nl/ X-Requested-With XMLHttpRequest hpgact 1800 Response headers date Thu, 30 Sep 2021 14:58:37 GMT content-encoding br last-modified Fri, 20 Aug 2021 09:48:22 GMT server nginx etag W/"328-5c9fa91704244" content-type text/html
GET H2	200	converged.v2.login.min_lgjnfq3xbrj5zvj5ionvww2.css aadcdn.msftauth.net/ests/2.1/content/cdnbundles/	0 19 KB	8ms 7ms	Other text/css	152.199.23.37 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_lgjnfq3xbrj5zvj5ionvww2.css Requested by Host: portal.microsoft.office.login.baseplayground.nl URL: https://portal.microsoft.office.login.baseplayground.nl/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.199.23.37 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (frc/8F5C) / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept-Language de-DE,de;q=0.9 Referer https://portal.microsoft.office.login.baseplayground.nl/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Thu, 30 Sep 2021 14:58:37 GMT content-encoding gzip content-md5 mU+G3bfjPvbbh+JW3ypW1g== age 10094073 x-cache HIT content-length 19835 x-ms-lease-status unlocked last-modified Fri, 04 Jun 2021 23:47:30 GMT server ECAcc (frc/8F5C) etag 0x8D927B31E2905FD vary Accept-Encoding content-type text/css access-control-allow-origin * x-ms-request-id dfcee648-001e-002a-393d-5a8a96000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 accept-ranges bytes
GET H2	200	ux.converged.login.strings-en.min_adqtkgeasdv5me2-b1wumg2.js aadcdn.msftauth.net/ests/2.1/content/cdnbundles/	0 12 KB	9ms 8ms	Other application/x-javascript	152.199.23.37 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_adqtkgeasdv5me2-b1wumg2.js Requested by Host: portal.microsoft.office.login.baseplayground.nl URL: https://portal.microsoft.office.login.baseplayground.nl/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.199.23.37 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (frc/8FB5) / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept-Language de-DE,de;q=0.9 Referer https://portal.microsoft.office.login.baseplayground.nl/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Thu, 30 Sep 2021 14:58:37 GMT content-encoding gzip content-md5 bS3q7+8qQMGFLJ5yDFtTWA== age 2460873 x-cache HIT content-length 12538 x-ms-lease-status unlocked last-modified Wed, 01 Sep 2021 17:30:54 GMT server ECAcc (frc/8FB5) etag 0x8D96D6E408D13B9 vary Accept-Encoding content-type application/x-javascript access-control-allow-origin * x-ms-request-id fa43c4fe-401e-000f-1ba9-9fe166000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 accept-ranges bytes
GET H2	200	converged.v2.login.min_lgjnfq3xbrj5zvj5ionvww2.css Show response aadcdn.msftauth.net/ests/2.1/content/cdnbundles/	107 KB 20 KB	10ms 9ms	Fetch text/css	152.199.23.37 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_lgjnfq3xbrj5zvj5ionvww2.css Requested by Host: portal.microsoft.office.login.baseplayground.nl URL: https://portal.microsoft.office.login.baseplayground.nl/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.199.23.37 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (frc/8F5C) / Resource Hash `2d13d6356908f5099f72df819e22e5872031ae37a264b32be7d509571d14912f` Request headers Accept-Language de-DE,de;q=0.9 Referer https://portal.microsoft.office.login.baseplayground.nl/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Thu, 30 Sep 2021 14:58:42 GMT content-encoding gzip content-md5 mU+G3bfjPvbbh+JW3ypW1g== age 10094078 x-cache HIT content-length 19835 x-ms-lease-status unlocked last-modified Fri, 04 Jun 2021 23:47:30 GMT server ECAcc (frc/8F5C) etag 0x8D927B31E2905FD vary Accept-Encoding content-type text/css access-control-allow-origin * x-ms-request-id dfcee648-001e-002a-393d-5a8a96000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 accept-ranges bytes
GET H2	200	ux.converged.login.strings-en.min_adqtkgeasdv5me2-b1wumg2.js Show response aadcdn.msftauth.net/ests/2.1/content/cdnbundles/	42 KB 12 KB	7ms 7ms	Fetch application/x-javascript	152.199.23.37 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_adqtkgeasdv5me2-b1wumg2.js Requested by Host: portal.microsoft.office.login.baseplayground.nl URL: https://portal.microsoft.office.login.baseplayground.nl/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.199.23.37 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (frc/8FB5) / Resource Hash `d9f0683db09d698d9c3c9b6ebeebcc9fb57a7b6c915986b859894ca1970ab4d3` Request headers Accept-Language de-DE,de;q=0.9 Referer https://portal.microsoft.office.login.baseplayground.nl/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Thu, 30 Sep 2021 14:58:42 GMT content-encoding gzip content-md5 bS3q7+8qQMGFLJ5yDFtTWA== age 2460878 x-cache HIT content-length 12538 x-ms-lease-status unlocked last-modified Wed, 01 Sep 2021 17:30:54 GMT server ECAcc (frc/8FB5) etag 0x8D96D6E408D13B9 vary Accept-Encoding content-type application/x-javascript access-control-allow-origin * x-ms-request-id fa43c4fe-401e-000f-1ba9-9fe166000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 accept-ranges bytes

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.login.live.com/	1969-12-31 23:59:59	Name: uaid Value: 11ae91d554ba48bcb292916024d66b1c
			.login.live.com/	1969-12-31 23:59:59	Name: MSPRequ Value: id=N&lt=1633013917&co=1

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://portal.microsoft.office.login.baseplayground.nl/Sign%20in%20to%20your%20account_files/ConvergedLogin_PCore_I521IOYX4o7sg2DM4l7ufQ2.js.download Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://portal.microsoft.office.login.baseplayground.nl/Sign%20in%20to%20your%20account_files/convergedlogin_pfetchsessionsprogress_2cd859f4f4e27b66fc72.js.download Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://portal.microsoft.office.login.baseplayground.nl/Sign%20in%20to%20your%20account_files/convergedlogin_ppassword_070e6eecba68bd206381.js.download Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://portal.microsoft.office.login.baseplayground.nl/Sign%20in%20to%20your%20account_files/ConvergedLogin_PCore_I521IOYX4o7sg2DM4l7ufQ2.js.download Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://portal.microsoft.office.login.baseplayground.nl/Sign%20in%20to%20your%20account_files/ConvergedLogin_PCore_I521IOYX4o7sg2DM4l7ufQ2.js.download Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://portal.microsoft.office.login.baseplayground.nl/common/handlers/watson Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://portal.microsoft.office.login.baseplayground.nl/common/handlers/watson Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://portal.microsoft.office.login.baseplayground.nl/common/handlers/watson Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aadcdn.msftauth.net
aadcdn.msftauthimages.net
login.live.com
portal.microsoft.office.login.baseplayground.nl
13.107.246.44
152.199.23.37
40.126.31.143
83.98.240.249
2d13d6356908f5099f72df819e22e5872031ae37a264b32be7d509571d14912f
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
58eacd6958675b2640b9efb0344cace3298b5d60a4b2b6bb5654b7ebf15891a2
b6c0f85ddc6d3b2b3eac6034af2794303bc27ba3646f787af3fc92aa3cfaba9e
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187
c8cef105fcaf7cbf3f8682c861045505c24d41cf6686c20c1c03e14031a3db69
d9eebf05879aee218de6cbc5932cfe920ed7f8f4d89808cd16fd218445acbbda
d9f0683db09d698d9c3c9b6ebeebcc9fb57a7b6c915986b859894ca1970ab4d3
df2aa8537c1992c94846a0ffffaa9031d430d9d0210b9e396ec059aff62627e0
e1003a5f1b91aac3730fc04d7bb56e5e38696b30cecc29f575fb26c033338063
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

portal.microsoft.office.login.baseplayground.nl Open in urlscan Pro 83.98.240.249 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

22 Requests

100 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

4 IPs

3 Countries

380 kBTransfer

696 kBSize

2 Cookies

4 Outgoing links

Redirected requests

22 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

18 JavaScript Global Variables

2 Cookies

8 Console Messages

Indicators

portal.microsoft.office.login.baseplayground.nl Open in urlscan Pro
83.98.240.249 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

22
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

380 kB
Transfer

696 kB
Size

2
Cookies

22 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!