login.microsoftonline.com.office.o365rp.fcc.myshn.eu
Open in
urlscan Pro
169.50.144.178
Malicious Activity!
Public Scan
Effective URL: https://login.microsoftonline.com.office.o365rp.fcc.myshn.eu/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&redirect_uri=https%3A%2F%...
Submission: On June 10 via manual from BG
Summary
TLS certificate: Issued by GlobalSign RSA OV SSL CA 2018 on May 6th 2020. Valid for: a year.
This is the only time login.microsoftonline.com.office.o365rp.fcc.myshn.eu was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 25 | 169.50.144.178 169.50.144.178 | 36351 (SOFTLAYER) (SOFTLAYER) | |
6 | 72.247.226.78 72.247.226.78 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
28 | 2 |
ASN36351 (SOFTLAYER, US)
PTR: b2.90.32a9.ip4.static.sl-reverse.com
Domain | Requested by | |
---|---|---|
11 | aadcdn.msauth.net.office.o365rp.fcc.myshn.eu |
login.microsoftonline.com.office.o365rp.fcc.myshn.eu
aadcdn.msauth.net.office.o365rp.fcc.myshn.eu |
7 | r4.res.office365.com.office.o365rp.fcc.myshn.eu |
outlook.office365.com.office.o365rp.fcc.myshn.eu
|
6 | blobs.officehome.msocdn.com |
www.office.com.office.o365rp.fcc.myshn.eu
|
3 | login.microsoftonline.com.office.o365rp.fcc.myshn.eu | 2 redirects |
2 | www.office.com.office.o365rp.fcc.myshn.eu |
1 redirects
aadcdn.msauth.net.office.o365rp.fcc.myshn.eu
|
1 | outlook.office365.com.office.o365rp.fcc.myshn.eu |
www.office.com.office.o365rp.fcc.myshn.eu
|
1 | login.live.com.office.o365rp.fcc.myshn.eu |
login.microsoftonline.com.office.o365rp.fcc.myshn.eu
|
28 | 7 |
This site contains links to these domains. Also see Links.
Domain |
---|
privacy.microsoft.com.office.o365rp.fcc.myshn.eu |
login.live.com.office.o365rp.fcc.myshn.eu |
www.microsoft.com.office.o365rp.fcc.myshn.eu |
Subject Issuer | Validity | Valid | |
---|---|---|---|
office.o365rp.fcc.myshn.eu GlobalSign RSA OV SSL CA 2018 |
2020-05-06 - 2021-05-07 |
a year | crt.sh |
*.officehome.msocdn.com Microsoft IT TLS CA 4 |
2019-10-17 - 2021-10-17 |
2 years | crt.sh |
This page contains 3 frames:
Primary Page:
https://login.microsoftonline.com.office.o365rp.fcc.myshn.eu/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&redirect_uri=https%3A%2F%2Fwww.office.com.office.o365rp.fcc.myshn.eu%2Flanding&response_type=code%20id_token&scope=openid%20profile&response_mode=form_post&nonce=637273697740718407.MWJjMTBhMTQtYzU5Ni00MWM2LTkzNGYtMTY2YmNjYTliZjZmNDA2OWUyZmItZWRlZC00NTgxLThjYjctYTQ3MDg5Yzk1N2Q2&ui_locales=en-US&mkt=en-US&client-request-id=667ee224-8292-4dc9-98cf-db0335b4757b&state=aPAMN2KcBizTXyDEGdZ8oJUW9lyfdOisOHRUwtvhUrLqvgREaBvfe-eagZ2_5BMLwh9sLjcYKfi9kdfdQDaWK6kmJNPyuWZqaPSB90hd1t498HWADDTMRvdMSWuxtE3zfeh-Zzr2aoe0hNBsIxG3DtYkJSOvArEpiGFhZ8RdarvZEcr7NWGaTsnsHi7Sqq5rldYccMiZpEfvtG7yQHyL52s-0OOhH7phduSp57MKhK4Yf6XRunbC9cZmW3bTkFS7d6KUB4hWwXZdntHSUyO6Ng&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.5.0.0
Frame ID: 03946814E167DF54FAB532023A606900
Requests: 13 HTTP requests in this frame
Frame:
https://www.office.com.office.o365rp.fcc.myshn.eu/prefetch/prefetch
Frame ID: A80458F8A3F3D17E63D0931E263D2CBC
Requests: 7 HTTP requests in this frame
Frame:
https://outlook.office365.com.office.o365rp.fcc.myshn.eu/owa/prefetch.aspx
Frame ID: 5E4004722DB16B1C97C0D6B17EEFFA83
Requests: 8 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://login.microsoftonline.com.office.o365rp.fcc.myshn.eu/
HTTP 302
https://login.microsoftonline.com.office.o365rp.fcc.myshn.eu/ HTTP 302
https://www.office.com.office.o365rp.fcc.myshn.eu/login HTTP 302
https://login.microsoftonline.com.office.o365rp.fcc.myshn.eu/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&redir... Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Title: Learn more
Search URL Search Domain Scan URL
Title: Create one!
Search URL Search Domain Scan URL
Title: Terms of use
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://login.microsoftonline.com.office.o365rp.fcc.myshn.eu/
HTTP 302
https://login.microsoftonline.com.office.o365rp.fcc.myshn.eu/ HTTP 302
https://www.office.com.office.o365rp.fcc.myshn.eu/login HTTP 302
https://login.microsoftonline.com.office.o365rp.fcc.myshn.eu/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&redirect_uri=https%3A%2F%2Fwww.office.com.office.o365rp.fcc.myshn.eu%2Flanding&response_type=code%20id_token&scope=openid%20profile&response_mode=form_post&nonce=637273697740718407.MWJjMTBhMTQtYzU5Ni00MWM2LTkzNGYtMTY2YmNjYTliZjZmNDA2OWUyZmItZWRlZC00NTgxLThjYjctYTQ3MDg5Yzk1N2Q2&ui_locales=en-US&mkt=en-US&client-request-id=667ee224-8292-4dc9-98cf-db0335b4757b&state=aPAMN2KcBizTXyDEGdZ8oJUW9lyfdOisOHRUwtvhUrLqvgREaBvfe-eagZ2_5BMLwh9sLjcYKfi9kdfdQDaWK6kmJNPyuWZqaPSB90hd1t498HWADDTMRvdMSWuxtE3zfeh-Zzr2aoe0hNBsIxG3DtYkJSOvArEpiGFhZ8RdarvZEcr7NWGaTsnsHi7Sqq5rldYccMiZpEfvtG7yQHyL52s-0OOhH7phduSp57MKhK4Yf6XRunbC9cZmW3bTkFS7d6KUB4hWwXZdntHSUyO6Ng&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.5.0.0 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
28 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
authorize
login.microsoftonline.com.office.o365rp.fcc.myshn.eu/common/oauth2/ Redirect Chain
|
178 KB 47 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Me.htm
login.live.com.office.o365rp.fcc.myshn.eu/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ux.old.converged.login.pcore.min_-ibnqj5juncukq_nmy4xag2.js
aadcdn.msauth.net.office.o365rp.fcc.myshn.eu/ests/2.1/content/cdnbundles/ |
601 KB 153 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
prefetch
www.office.com.office.o365rp.fcc.myshn.eu/prefetch/ Frame A804 |
994 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
info_4883eb1a3cbdddf5a79e28d320cfe5a9.svg
aadcdn.msauth.net.office.o365rp.fcc.myshn.eu/ests/2.1/content/images/ |
342 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
aadcdn.msauth.net.office.o365rp.fcc.myshn.eu/ests/2.1/content/images/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ellipsis_white_5ac590ee72bfe06a7cecfd75b588ad73.svg
aadcdn.msauth.net.office.o365rp.fcc.myshn.eu/ests/2.1/content/images/ |
915 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg
aadcdn.msauth.net.office.o365rp.fcc.myshn.eu/ests/2.1/content/images/ |
915 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
converged.v2.login.min_99ypt2ae9l1eaa2j9r7rkw2.css
aadcdn.msauth.net.office.o365rp.fcc.myshn.eu/ests/2.1/content/cdnbundles/ |
0 19 KB |
Other
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ux.converged.login.strings-en.min_kfz0t237rfawgf7rfs2p9g2.js
aadcdn.msauth.net.office.o365rp.fcc.myshn.eu/ests/2.1/content/cdnbundles/ |
0 12 KB |
Other
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2_bc3d32a696895f78c19df6c717586a5d.svg
aadcdn.msauth.net.office.o365rp.fcc.myshn.eu/ests/2.1/content/images/backgrounds/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg
aadcdn.msauth.net.office.o365rp.fcc.myshn.eu/ests/2.1/content/images/ |
900 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
polyfills-bundle-88dc5e6e709bebba1bf8.js
blobs.officehome.msocdn.com/bundles/ Frame A804 |
0 20 KB |
Other
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sharedscripts-efe073ff3f.js
blobs.officehome.msocdn.com/bundles/ Frame A804 |
0 15 KB |
Other
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
staticscripts-ceda9113e9.js
blobs.officehome.msocdn.com/bundles/ Frame A804 |
0 5 KB |
Other
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app-bundle-cc4fb88209f8b161a0f9.js
blobs.officehome.msocdn.com/bundles/ Frame A804 |
0 202 KB |
Other
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app-bundle-f6b7e55b3f654e6871df.css
blobs.officehome.msocdn.com/bundles/ Frame A804 |
0 12 KB |
Other
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
header-default-desktop-652cc04392.svg
blobs.officehome.msocdn.com/images/content/images/fluent-background-sources/ Frame A804 |
0 2 KB |
Other
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
prefetch.aspx
outlook.office365.com.office.o365rp.fcc.myshn.eu/owa/ Frame 5E40 |
3 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
boot.worldwide.0.mouse.js
r4.res.office365.com.office.o365rp.fcc.myshn.eu/owa/prem/16.3736.0.2744114/scripts/ Frame 5E40 |
648 KB 176 KB |
Stylesheet
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
boot.worldwide.1.mouse.js
r4.res.office365.com.office.o365rp.fcc.myshn.eu/owa/prem/16.3736.0.2744114/scripts/ Frame 5E40 |
644 KB 160 KB |
Stylesheet
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
boot.worldwide.2.mouse.js
r4.res.office365.com.office.o365rp.fcc.myshn.eu/owa/prem/16.3736.0.2744114/scripts/ Frame 5E40 |
647 KB 167 KB |
Stylesheet
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
boot.worldwide.3.mouse.js
r4.res.office365.com.office.o365rp.fcc.myshn.eu/owa/prem/16.3736.0.2744114/scripts/ Frame 5E40 |
646 KB 143 KB |
Stylesheet
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sprite1.mouse.png
r4.res.office365.com.office.o365rp.fcc.myshn.eu/owa/prem/16.3736.0.2744114/resources/images/0/ Frame 5E40 |
16 KB 17 KB |
Stylesheet
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sprite1.mouse.css
r4.res.office365.com.office.o365rp.fcc.myshn.eu/owa/prem/16.3736.0.2744114/resources/images/0/ Frame 5E40 |
7 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
boot.worldwide.mouse.css
r4.res.office365.com.office.o365rp.fcc.myshn.eu/owa/prem/16.3736.0.2744114/resources/styles/0/ Frame 5E40 |
227 KB 44 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
converged.v2.login.min_99ypt2ae9l1eaa2j9r7rkw2.css
aadcdn.msauth.net.office.o365rp.fcc.myshn.eu/ests/2.1/content/cdnbundles/ |
99 KB 19 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ux.converged.login.strings-en.min_kfz0t237rfawgf7rfs2p9g2.js
aadcdn.msauth.net.office.o365rp.fcc.myshn.eu/ests/2.1/content/cdnbundles/ |
37 KB 12 KB |
Fetch
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)18 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate object| $Config object| $Debug object| $Do function| $Loader object| $WebWatson function| GetString function| GetErrorString function| GetUrl object| $B object| ServerData function| webpackJsonp object| ko object| PROOF object| StringRepository boolean| __OldConvergedLogin_PCore boolean| __1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.login.microsoftonline.com.office.o365rp.fcc.myshn.eu/ | Name: brcap Value: 0 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000; includeSubDomains |
X-Content-Type-Options | nosniff |
X-Frame-Options | DENY |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aadcdn.msauth.net.office.o365rp.fcc.myshn.eu
blobs.officehome.msocdn.com
login.live.com.office.o365rp.fcc.myshn.eu
login.microsoftonline.com.office.o365rp.fcc.myshn.eu
outlook.office365.com.office.o365rp.fcc.myshn.eu
r4.res.office365.com.office.o365rp.fcc.myshn.eu
www.office.com.office.o365rp.fcc.myshn.eu
169.50.144.178
72.247.226.78
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6
1e18b48acaf5ae5dac83e6215b360dc402e7aee95f270f4025a849ce06241736
2c2b061cd54cb6cdcaca96d03c97cad37505c993387d5c4083455f6bf90dbf42
2c8d7452cec941a942d7edeed6ac7ccbf64492685c815611989a707a5b049101
30bc3ba126e91f95d7480a073785a1d477006db381f181da67d29644674ba142
380d891e98ee91ba59419511450ede451424c677186923b3004fc01e2b8c8f39
461f87e55bba34c4d9248d1b45685ea832eba56c15ebf6cccf75d49f1547b502
5eaffc74e96abe92a9106cef65ada5d3ed28d3ef7ab0823955f3f5f68cacdccd
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea
61d7ccc5d2c41bf86be6cefb0063405067849ba64e9f219f60596ef09a54a942
8dfade63d9153799d2f8a254edcff8718388ea8d65b5a0daf340fe0fb302270e
936c14309f915998e764a67e65e77b9aea4b774360b71bd3f583db90555583d0
968d3f29171b0c97399611fbcd07bc81db0253fd91ec36dc456d08bb94b9bac7
99190cfe65f919edb8071d84eee7096ec27561bc9b9fa396e55e0eb5e2cd0194
bbfff7106afc7f0d9aca3a907959447452cd23b1a8e164860d3f559bea98cf9b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f3368544a6266f0fee3c4437a8144887bbad1de97be20a578c07946a8ed41b4f
f7a69792014508de4eea9088a1c3645fb7b91e2214da2719307c89d5cd2f4921