urlscan.io logo urlscan.io
SecurityTrails logo

login.microsft0nline.xyz Open in urlscan Pro
3.239.74.40  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://secure-web.cisco.com/11eLOZ5vdqy6CBJPtHbZTO4b8rKS2vYO1CfEI5yX28U5KRgfLQJ7frLevhCMtjtYQ8mAH0k7TXSrYrOwHeY-puAO5AcqOkqT...
Effective URL: https://login.microsft0nline.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3...
Submission: On January 27 via api from US — Scanned from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 5 domains to perform 5 HTTP transactions. The main IP is 3.239.74.40, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is login.microsft0nline.xyz.
TLS certificate: Issued by R3 on January 26th 2022. Valid for: 3 months.
This is the only time login.microsft0nline.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2a04:e4c7:fff... 36692 (OPENDNS)
1 1 66.161.21.4 16966 (SBCIDC-LS...)
1 35.221.179.163 15169 (GOOGLE)
1 40.121.63.209 8075 (MICROSOFT...)
3 5 3.239.74.40 14618 (AMAZON-AES)
5 4
1    2a04:e4c7:ffff::69 (United States)

ASN36692 (OPENDNS, US)
secure-web.cisco.com
1    66.161.21.4 (United States)

ASN16966 (SBCIDC-LSAN03, US)
PTR: zm-ft-searidge.attirv.zi11.net
email.coldwellbankerworks.com
1    35.221.179.163 (Taipei, Taiwan)

ASN15169 (GOOGLE, US)
PTR: 163.179.221.35.bc.googleusercontent.com
854.lancestmanagerprop.com
1    40.121.63.209 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
mvconstraser.com
5    3.239.74.40 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-239-74-40.compute-1.amazonaws.com
login.microsft0nline.xyz
www.microsft0nline.xyz
Apex Domain
Subdomains		 Transfer
5 microsft0nline.xyz
login.microsft0nline.xyz
www.microsft0nline.xyz
155 KB
1 mvconstraser.com
mvconstraser.com Failed
970 B
1 lancestmanagerprop.com
854.lancestmanagerprop.com
2 KB
1 coldwellbankerworks.com
email.coldwellbankerworks.com
468 B
1 cisco.com
secure-web.cisco.com — Cisco Umbrella Rank: 16177
403 B
5 5
Domain Requested by
4 login.microsft0nline.xyz 2 redirects mvconstraser.com
login.microsft0nline.xyz
1 www.microsft0nline.xyz 1 redirects
1 mvconstraser.com 854.lancestmanagerprop.com
1 854.lancestmanagerprop.com
1 email.coldwellbankerworks.com 1 redirects
1 secure-web.cisco.com 1 redirects
5 6

This site contains no links.

Subject Issuer Validity Valid
*.microsft0nline.xyz
R3		 2022-01-26 -
2022-04-26		 3 months crt.sh

This page contains 1 frames:

Frame: https://login.microsft0nline.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=637788999085975123.ODU4OTg3MzItM2U1NC00N2Q2LTk1YTMtMzk3ZDQ0ZWIwYzE0MDU5NDEyZGMtYjIzNy00YzhiLWIzMTEtZGJiYWY4ZTYzZTM2&ui_locales=en-GB&mkt=en-GB&state=woMkB6h676CXYWACOhmbfd0p8TxtebkZsrXXHse9ZPb9en6-FNWI4qjtzR1zmxaiEGbME-aZfTZt7q12hwk2JVSLBLi-g6K7o2GLqZIydmqL0GkyxGBmB4D8C7JIVjeuOPOxSTYXng4j67lLHmVt5K6GuwQcHA5J1_dfCjQrRd_S4sSDp7LPIQlhi6uQq28MvYIBEEub1CKlUtaCy6SbyPzDJV3t82brVMs949vIaBEM7u-Y62skORk89QoC4LP6CWP8wthx1-3L2fzztp1nSw&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.12.1.0&sso_reload=true
Frame ID: BCF4AB9FCEAB94A19BC334091680CEEF
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://secure-web.cisco.com/11eLOZ5vdqy6CBJPtHbZTO4b8rKS2vYO1CfEI5yX28U5KRgfLQJ7frLevhCMtjtYQ8mAH0k7TXSr... HTTP 302
    http://email.coldwellbankerworks.com/cb40/c2.php?CWBK/449803740/3101209/H/N/V/http://854.lancestmanagerprop.com/ HTTP 302
    http://854.lancestmanagerprop.com/ Page URL
  2. http://mvconstraser.com/ Page URL
  3. https://login.microsft0nline.xyz/pCGNvRiZ HTTP 302
    https://login.microsft0nline.xyz/ HTTP 302
    https://www.microsft0nline.xyz/login HTTP 302
    https://login.microsft0nline.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&... Page URL

Page Statistics

5
Requests

40 %
HTTPS

20 %
IPv6

5
Domains

6
Subdomains

4
IPs

2
Countries

154 kB
Transfer

158 kB
Size

12
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://secure-web.cisco.com/11eLOZ5vdqy6CBJPtHbZTO4b8rKS2vYO1CfEI5yX28U5KRgfLQJ7frLevhCMtjtYQ8mAH0k7TXSrYrOwHeY-puAO5AcqOkqT2y9Hg6yKDbWDC0dOosHVLa6HTwy62r_8-iuMoF3Yv45wI6BWYNAFdbFRHsWnCMhb98l2-fQ7iLUGmJyeFS4VTaz7Agh8qDP5AaPodmfjwgAjgB1_exx2uq2Bkgvw9Ohe9KIBYmxyQ_F4oIfzXi08Jb8f3N_8mQZPt0un8GNK5D5fjYoCtMWhh10xmeVsqDm81-mgl23tekEstSDfT8M2oTmH0z6YUR1gI4dleQV11TzO0B3kjqt5Dkw/http%3A%2F%2Femail.coldwellbankerworks.com%2Fcb40%2Fc2.php%3FCWBK%2F449803740%2F3101209%2FH%2FN%2FV%2Fhttp%3A%2F%2F854.lancestmanagerprop.com%2F%23%2F664950%2FaHBrZXJuQHNlbnRhcmEuY29tDQ%3D%3D%2F4293%2FaHR0cDovL212Y29uc3RyYXNlci5jb20vI2hwa2VybkBzZW50YXJhLmNvbQ0%3D%2F854 HTTP 302
    http://email.coldwellbankerworks.com/cb40/c2.php?CWBK/449803740/3101209/H/N/V/http://854.lancestmanagerprop.com/ HTTP 302
    http://854.lancestmanagerprop.com/ Page URL
  2. http://mvconstraser.com/ Page URL
  3. https://login.microsft0nline.xyz/pCGNvRiZ HTTP 302
    https://login.microsft0nline.xyz/ HTTP 302
    https://www.microsft0nline.xyz/login HTTP 302
    https://login.microsft0nline.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=637788999085975123.ODU4OTg3MzItM2U1NC00N2Q2LTk1YTMtMzk3ZDQ0ZWIwYzE0MDU5NDEyZGMtYjIzNy00YzhiLWIzMTEtZGJiYWY4ZTYzZTM2&ui_locales=en-GB&mkt=en-GB&state=woMkB6h676CXYWACOhmbfd0p8TxtebkZsrXXHse9ZPb9en6-FNWI4qjtzR1zmxaiEGbME-aZfTZt7q12hwk2JVSLBLi-g6K7o2GLqZIydmqL0GkyxGBmB4D8C7JIVjeuOPOxSTYXng4j67lLHmVt5K6GuwQcHA5J1_dfCjQrRd_S4sSDp7LPIQlhi6uQq28MvYIBEEub1CKlUtaCy6SbyPzDJV3t82brVMs949vIaBEM7u-Y62skORk89QoC4LP6CWP8wthx1-3L2fzztp1nSw&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.12.1.0 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://secure-web.cisco.com/11eLOZ5vdqy6CBJPtHbZTO4b8rKS2vYO1CfEI5yX28U5KRgfLQJ7frLevhCMtjtYQ8mAH0k7TXSrYrOwHeY-puAO5AcqOkqT2y9Hg6yKDbWDC0dOosHVLa6HTwy62r_8-iuMoF3Yv45wI6BWYNAFdbFRHsWnCMhb98l2-fQ7iLUGmJyeFS4VTaz7Agh8qDP5AaPodmfjwgAjgB1_exx2uq2Bkgvw9Ohe9KIBYmxyQ_F4oIfzXi08Jb8f3N_8mQZPt0un8GNK5D5fjYoCtMWhh10xmeVsqDm81-mgl23tekEstSDfT8M2oTmH0z6YUR1gI4dleQV11TzO0B3kjqt5Dkw/http%3A%2F%2Femail.coldwellbankerworks.com%2Fcb40%2Fc2.php%3FCWBK%2F449803740%2F3101209%2FH%2FN%2FV%2Fhttp%3A%2F%2F854.lancestmanagerprop.com%2F%23%2F664950%2FaHBrZXJuQHNlbnRhcmEuY29tDQ%3D%3D%2F4293%2FaHR0cDovL212Y29uc3RyYXNlci5jb20vI2hwa2VybkBzZW50YXJhLmNvbQ0%3D%2F854 HTTP 302
  • http://email.coldwellbankerworks.com/cb40/c2.php?CWBK/449803740/3101209/H/N/V/http://854.lancestmanagerprop.com/ HTTP 302
  • http://854.lancestmanagerprop.com/

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
854.lancestmanagerprop.com/
Redirect Chain
  • http://secure-web.cisco.com/11eLOZ5vdqy6CBJPtHbZTO4b8rKS2vYO1CfEI5yX28U5KRgfLQJ7frLevhCMtjtYQ8mAH0k7TXSrYrOwHeY-puAO5AcqOkqT2y9Hg6yKDbWDC0dOosHVLa6HTwy62r_8-iuMoF3Yv45wI6BWYNAFdbFRHsWnCMhb98l2-fQ7i...
  • http://email.coldwellbankerworks.com/cb40/c2.php?CWBK/449803740/3101209/H/N/V/http://854.lancestmanagerprop.com/
  • http://854.lancestmanagerprop.com/
7 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://854.lancestmanagerprop.com/
Protocol
HTTP/1.1
Server
35.221.179.163 Taipei, Taiwan, ASN15169 (GOOGLE, US),
Reverse DNS
163.179.221.35.bc.googleusercontent.com
Software
Apache/2.4.18 (Ubuntu) /
Resource Hash
c555e2e8df17e318335b5bc86a0733e9ab2232261f2be3e45fe14bce7483d8a7

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-GB,en;q=0.9

Response headers

Date
Thu, 27 Jan 2022 17:05:05 GMT
Server
Apache/2.4.18 (Ubuntu)
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
1845
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Thu, 27 Jan 2022 17:05:26 GMT
Server
Apache
Cache-Control
max-age=604800, public
Pragma
no-cache
Location
http://854.lancestmanagerprop.com/
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
X-Frame-Options
SAMEORIGIN
Content-Security-Policy
frame-ancestors 'self';
Referrer-Policy
no-referrer-when-downgrade
Feature-Policy
geolocation 'self';
Content-Length
0
Connection
close
Content-Type
text/html
/
mvconstraser.com/ 		0
0
/
mvconstraser.com/ 		1 KB
970 B 		Document
General
Check archive.org
Download Go to
Full URL
http://mvconstraser.com/
Requested by
Host: 854.lancestmanagerprop.com
URL: http://854.lancestmanagerprop.com/
Protocol
HTTP/1.1
Server
40.121.63.209 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
42af8c0f580efc5e6953d151d01a8e69a6a7deff6f8da1046989ad8ef619422e

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
http://854.lancestmanagerprop.com/

Response headers

Date
Thu, 27 Jan 2022 17:05:06 GMT
Server
Apache/2.4.29 (Ubuntu)
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
718
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Primary Request authorize
login.microsft0nline.xyz/common/oauth2/v2.0/
Redirect Chain
  • https://login.microsft0nline.xyz/pCGNvRiZ
  • https://login.microsft0nline.xyz/
  • https://www.microsft0nline.xyz/login
  • https://login.microsft0nline.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scop...
150 KB
151 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.microsft0nline.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=637788999085975123.ODU4OTg3MzItM2U1NC00N2Q2LTk1YTMtMzk3ZDQ0ZWIwYzE0MDU5NDEyZGMtYjIzNy00YzhiLWIzMTEtZGJiYWY4ZTYzZTM2&ui_locales=en-GB&mkt=en-GB&state=woMkB6h676CXYWACOhmbfd0p8TxtebkZsrXXHse9ZPb9en6-FNWI4qjtzR1zmxaiEGbME-aZfTZt7q12hwk2JVSLBLi-g6K7o2GLqZIydmqL0GkyxGBmB4D8C7JIVjeuOPOxSTYXng4j67lLHmVt5K6GuwQcHA5J1_dfCjQrRd_S4sSDp7LPIQlhi6uQq28MvYIBEEub1CKlUtaCy6SbyPzDJV3t82brVMs949vIaBEM7u-Y62skORk89QoC4LP6CWP8wthx1-3L2fzztp1nSw&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.12.1.0
Requested by
Host: mvconstraser.com
URL: http://mvconstraser.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.239.74.40 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-239-74-40.compute-1.amazonaws.com
Software
openresty/1.19.9.1 /
Resource Hash
dbf203bff48af473301bfe44aaabbb70c795f5c0fb2b81712a1a1c0aa281f7c6
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
http://mvconstraser.com/#hpkern@sentara.com

Response headers

Server
openresty/1.19.9.1
Date
Thu, 27 Jan 2022 17:05:09 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Cache-Control
no-store, no-cache
Expires
-1
Nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
P3p
CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Report-To
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+wst"}]}
Vary
Accept-Encoding
X-Ms-Clitelem
1,50168,0,,
X-Ms-Ests-Server
2.1.12381.20 - SCUS ProdSlices
X-Ms-Request-Id
94ca8dbd-6752-498b-bcc1-9c6721597900
Strict-Transport-Security
max-age=15768000

Redirect headers

Server
openresty/1.19.9.1
Date
Thu, 27 Jan 2022 17:05:08 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Content-Encoding
gzip
Location
https://login.microsft0nline.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=637788999085975123.ODU4OTg3MzItM2U1NC00N2Q2LTk1YTMtMzk3ZDQ0ZWIwYzE0MDU5NDEyZGMtYjIzNy00YzhiLWIzMTEtZGJiYWY4ZTYzZTM2&ui_locales=en-GB&mkt=en-GB&state=woMkB6h676CXYWACOhmbfd0p8TxtebkZsrXXHse9ZPb9en6-FNWI4qjtzR1zmxaiEGbME-aZfTZt7q12hwk2JVSLBLi-g6K7o2GLqZIydmqL0GkyxGBmB4D8C7JIVjeuOPOxSTYXng4j67lLHmVt5K6GuwQcHA5J1_dfCjQrRd_S4sSDp7LPIQlhi6uQq28MvYIBEEub1CKlUtaCy6SbyPzDJV3t82brVMs949vIaBEM7u-Y62skORk89QoC4LP6CWP8wthx1-3L2fzztp1nSw&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.12.1.0
Referrer-Policy
strict-origin-when-cross-origin
Vary
Accept-Encoding
X-Cache
CONFIG_NOCACHE
X-Msedge-Ref
Ref A: 3E3A1C33C08D4F4D865D8D12E5DCB966 Ref B: EWR311000103039 Ref C: 2022-01-27T17:05:08Z
X-Ua-Compatible
IE=edge,chrome=1
Strict-Transport-Security
max-age=15768000
authorize
login.microsft0nline.xyz/common/oauth2/v2.0/ 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://login.microsft0nline.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=637788999085975123.ODU4OTg3MzItM2U1NC00N2Q2LTk1YTMtMzk3ZDQ0ZWIwYzE0MDU5NDEyZGMtYjIzNy00YzhiLWIzMTEtZGJiYWY4ZTYzZTM2&ui_locales=en-GB&mkt=en-GB&state=woMkB6h676CXYWACOhmbfd0p8TxtebkZsrXXHse9ZPb9en6-FNWI4qjtzR1zmxaiEGbME-aZfTZt7q12hwk2JVSLBLi-g6K7o2GLqZIydmqL0GkyxGBmB4D8C7JIVjeuOPOxSTYXng4j67lLHmVt5K6GuwQcHA5J1_dfCjQrRd_S4sSDp7LPIQlhi6uQq28MvYIBEEub1CKlUtaCy6SbyPzDJV3t82brVMs949vIaBEM7u-Y62skORk89QoC4LP6CWP8wthx1-3L2fzztp1nSw&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.12.1.0&sso_reload=true
Requested by
Host: login.microsft0nline.xyz
URL: https://login.microsft0nline.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=637788999085975123.ODU4OTg3MzItM2U1NC00N2Q2LTk1YTMtMzk3ZDQ0ZWIwYzE0MDU5NDEyZGMtYjIzNy00YzhiLWIzMTEtZGJiYWY4ZTYzZTM2&ui_locales=en-GB&mkt=en-GB&state=woMkB6h676CXYWACOhmbfd0p8TxtebkZsrXXHse9ZPb9en6-FNWI4qjtzR1zmxaiEGbME-aZfTZt7q12hwk2JVSLBLi-g6K7o2GLqZIydmqL0GkyxGBmB4D8C7JIVjeuOPOxSTYXng4j67lLHmVt5K6GuwQcHA5J1_dfCjQrRd_S4sSDp7LPIQlhi6uQq28MvYIBEEub1CKlUtaCy6SbyPzDJV3t82brVMs949vIaBEM7u-Y62skORk89QoC4LP6CWP8wthx1-3L2fzztp1nSw&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.12.1.0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.239.74.40 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-239-74-40.compute-1.amazonaws.com
Software
openresty/1.19.9.1 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://login.microsft0nline.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=637788999085975123.ODU4OTg3MzItM2U1NC00N2Q2LTk1YTMtMzk3ZDQ0ZWIwYzE0MDU5NDEyZGMtYjIzNy00YzhiLWIzMTEtZGJiYWY4ZTYzZTM2&ui_locales=en-GB&mkt=en-GB&state=woMkB6h676CXYWACOhmbfd0p8TxtebkZsrXXHse9ZPb9en6-FNWI4qjtzR1zmxaiEGbME-aZfTZt7q12hwk2JVSLBLi-g6K7o2GLqZIydmqL0GkyxGBmB4D8C7JIVjeuOPOxSTYXng4j67lLHmVt5K6GuwQcHA5J1_dfCjQrRd_S4sSDp7LPIQlhi6uQq28MvYIBEEub1CKlUtaCy6SbyPzDJV3t82brVMs949vIaBEM7u-Y62skORk89QoC4LP6CWP8wthx1-3L2fzztp1nSw&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.12.1.0

Response headers

Server
openresty/1.19.9.1
Date
Thu, 27 Jan 2022 17:05:10 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Cache-Control
no-store, no-cache
Expires
-1
Link
<https://aadcdn.msauth.net>; rel=preconnect; crossorigin <https://aadcdn.msauth.net>; rel=dns-prefetch <https://aadcdn.msftauth.net>; rel=dns-prefetch
Nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
P3p
CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Report-To
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+wst"}]}
Vary
Accept-Encoding
X-Dns-Prefetch-Control
on
X-Ms-Clitelem
1,0,0,,
X-Ms-Ests-Server
2.1.12381.20 - SCUS ProdSlices
X-Ms-Request-Id
393f66e7-562b-4123-96e4-71f89c987000
Strict-Transport-Security
max-age=15768000

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
mvconstraser.com
URL
http://mvconstraser.com/

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

12 Cookies

Domain/Path Name / Value
.microsft0nline.xyz/ Name: pJgo
Value: c0e9e172781e39a4dc657c65e69972ac026da6e06cf928d73e7686d742cdab5f
login.microsft0nline.xyz/ Name: fpc
Value: AiyGMDFAUBdImELdgbkcnSA
.login.microsft0nline.xyz/ Name: esctx
Value: AQABAAAAAAD--DLA3VO7QrddgJg7Wevres3XaVtZtcBVGOmxmJdnoKs9wlt4teLS7aXs0nhknf56QbeVwP8-rAMak3IZRIICBHfeEoDIfEaLPReEqf7odl_TVEozF8efJL2jaGodaGVc2IOEFrEXRlUu2toCH0QDEi-zmVLbKpC02dfyeDnRF1ZSzcV0cb6V6-Jqs_04f4sgAA
login.microsft0nline.xyz/ Name: x-ms-gateway-slice
Value: estsfd
login.microsft0nline.xyz/ Name: stsservicecookie
Value: estsfd
www.microsft0nline.xyz/ Name: OH.DCAffinity
Value: OH-eus
www.microsft0nline.xyz/ Name: OH.FLID
Value: d36ab48c-ec74-4d99-a472-6d49fb5dbfe0
www.microsft0nline.xyz/ Name: .AspNetCore.OpenIdConnect.Nonce.nW8HeDEc5hg2s5UQgOv0b-oCEbfOLs5tOX5pjbylKoQPjeisocoMAcmh_qTe-FX43K0GXgBJA16ifYQIx1AvQE0C_G1CDG3aymmzn8Ls8RyR7D5Q8OAOFNYnYW32VKpVpLTpw1nDJU7jqyW80RsYqhaL6JvtAUqw5jrYKvDhz_bnCVoaDlixjk7Z-eTdwalgRgKuMLssuiCulACjybQraEFoCoSolm2v0ixc70k9uMe8VZSFg4V6knnf0-ImNbLx
Value: N
www.microsft0nline.xyz/ Name: .AspNetCore.Correlation.OpenIdConnectV2.Zsmz1AbHP1M2TbQrVax54qwiUWndprmgSz06rSGJPC8
Value: N
.microsft0nline.xyz/ Name: MUID
Value: 3BFA12388C5F6D2D0A9C03018DD56C5C
.login.microsft0nline.xyz/ Name: AADSSO
Value: NA|NoExtension
login.microsft0nline.xyz/ Name: SSOCOOKIEPULLED
Value: 1