urlscan.io logo urlscan.io
SecurityTrails logo

login-microsoftonline-com.395033.xyz Open in urlscan Pro
46.21.153.236  Public Scan

Go To Rescan Add Verdict Report
URL: https://login-microsoftonline-com.395033.xyz/
Submission: On August 16 via automatic, source openphish — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 3 HTTP transactions. The main IP is 46.21.153.236, located in Los Angeles, United States and belongs to HVC-AS, US. The main domain is login-microsoftonline-com.395033.xyz.
TLS certificate: Issued by R3 on August 15th 2022. Valid for: 3 months.
This is the only time login-microsoftonline-com.395033.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 5 46.21.153.236 29802 (HVC-AS)
3 1
Apex Domain
Subdomains		 Transfer
5 395033.xyz
login-microsoftonline-com.395033.xyz
wwwofc.395033.xyz
24 KB
3 1
Domain Requested by
4 login-microsoftonline-com.395033.xyz 1 redirects login-microsoftonline-com.395033.xyz
1 wwwofc.395033.xyz 1 redirects
3 2

This site contains no links.

Subject Issuer Validity Valid
395033.xyz
R3		 2022-08-15 -
2022-11-13		 3 months crt.sh

This page contains 1 frames:

Frame: https://login-microsoftonline-com.395033.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwwwofc.395033.xyz%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwwwofc.395033.xyz%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=637962084418736609.ZTAyMTJkMjMtNGQ4Mi00MmNkLWEwMWItZjE2ZmIxZGFlYTJmOWYzOWZlYjgtN2EyMi00NjAwLTllNmMtMWNkZmJiNjA1Yjky&ui_locales=de-DE&mkt=de-DE&state=LE5jgymFn6IfQfNg-P040UCcHKTEUJ2JAH4YU7p4jS4uJeLptW9HPMjzI80tp21Xi4AUydYU805D1jsQisbUVQesh0aD5qcxkEm010htQwPENi1Xvv9xtfM5a2E1y8gt7OcogOrYBzWw81sRMcyFoqPvVqeza0_1w3p6oy69CfpV_P1CTpZu_vbgaUwUSiH1zJ42LS-NJ4ForA6ZDKFgUKamLzUpw9IKQz3K1xShv5tefH3hq2nHqWzcsHlsZNyyIn-HxrL3jNOLkkY-Kv2BlQ&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0
Frame ID: C4639A72C0BDB7B136C52B39C6B85C57
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Statistics

3
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

1
IPs

1
Countries

22 kB
Transfer

56 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://login-microsoftonline-com.395033.xyz/ HTTP 302
  • https://wwwofc.395033.xyz/login HTTP 302
  • https://login-microsoftonline-com.395033.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwwwofc.395033.xyz%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwwwofc.395033.xyz%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=637962084418736609.ZTAyMTJkMjMtNGQ4Mi00MmNkLWEwMWItZjE2ZmIxZGFlYTJmOWYzOWZlYjgtN2EyMi00NjAwLTllNmMtMWNkZmJiNjA1Yjky&ui_locales=de-DE&mkt=de-DE&state=LE5jgymFn6IfQfNg-P040UCcHKTEUJ2JAH4YU7p4jS4uJeLptW9HPMjzI80tp21Xi4AUydYU805D1jsQisbUVQesh0aD5qcxkEm010htQwPENi1Xvv9xtfM5a2E1y8gt7OcogOrYBzWw81sRMcyFoqPvVqeza0_1w3p6oy69CfpV_P1CTpZu_vbgaUwUSiH1zJ42LS-NJ4ForA6ZDKFgUKamLzUpw9IKQz3K1xShv5tefH3hq2nHqWzcsHlsZNyyIn-HxrL3jNOLkkY-Kv2BlQ&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0

3 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
login-microsoftonline-com.395033.xyz/ 		56 KB
21 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login-microsoftonline-com.395033.xyz/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.21.153.236 Los Angeles, United States, ASN29802 (HVC-AS, US),
Reverse DNS
236.153.21.46.static.swiftway.net
Software
nginx/1.21.6 /
Resource Hash
07558e301f1d48880b565ac9cd7f909d034e644e368657db2b4176a137fe777a

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-headers
*
access-control-allow-origin
*
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Tue, 16 Aug 2022 01:00:36 GMT
server
nginx/1.21.6
vary
Accept-Encoding
/
login-microsoftonline-com.395033.xyz/ 		183 B
347 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://login-microsoftonline-com.395033.xyz/
Requested by
Host: login-microsoftonline-com.395033.xyz
URL: https://login-microsoftonline-com.395033.xyz/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.21.153.236 Los Angeles, United States, ASN29802 (HVC-AS, US),
Reverse DNS
236.153.21.46.static.swiftway.net
Software
nginx/1.21.6 /
Resource Hash
cf6d0aded845249829a4022afb7c0643e8de29d6d771dff7d04900af1ca23d80

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type
application/json

Response headers

access-control-allow-origin
*
date
Tue, 16 Aug 2022 01:00:37 GMT
content-encoding
gzip
server
nginx/1.21.6
access-control-allow-headers
*
vary
Accept-Encoding
content-type
application/json
authorize
login-microsoftonline-com.395033.xyz/common/oauth2/v2.0/
Redirect Chain
  • https://login-microsoftonline-com.395033.xyz/
  • https://wwwofc.395033.xyz/login
  • https://login-microsoftonline-com.395033.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwwwofc.395033.xyz%2Flandingv2&response_type=code%...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://login-microsoftonline-com.395033.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwwwofc.395033.xyz%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwwwofc.395033.xyz%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=637962084418736609.ZTAyMTJkMjMtNGQ4Mi00MmNkLWEwMWItZjE2ZmIxZGFlYTJmOWYzOWZlYjgtN2EyMi00NjAwLTllNmMtMWNkZmJiNjA1Yjky&ui_locales=de-DE&mkt=de-DE&state=LE5jgymFn6IfQfNg-P040UCcHKTEUJ2JAH4YU7p4jS4uJeLptW9HPMjzI80tp21Xi4AUydYU805D1jsQisbUVQesh0aD5qcxkEm010htQwPENi1Xvv9xtfM5a2E1y8gt7OcogOrYBzWw81sRMcyFoqPvVqeza0_1w3p6oy69CfpV_P1CTpZu_vbgaUwUSiH1zJ42LS-NJ4ForA6ZDKFgUKamLzUpw9IKQz3K1xShv5tefH3hq2nHqWzcsHlsZNyyIn-HxrL3jNOLkkY-Kv2BlQ&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0
Requested by
Host: login-microsoftonline-com.395033.xyz
URL: https://login-microsoftonline-com.395033.xyz/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.21.153.236 Los Angeles, United States, ASN29802 (HVC-AS, US),
Reverse DNS
236.153.21.46.static.swiftway.net
Software
nginx/1.21.6 /
Resource Hash

Request headers

Referer
https://login-microsoftonline-com.395033.xyz/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-headers
*
access-control-allow-origin
*
cache-control
no-store, no-cache
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Tue, 16 Aug 2022 01:00:44 GMT
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
p3p
CP="DSP CUR OTPi IND OTRi ONL FIN"
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://72abe40e-24ae-43b0-8e44-f4d9b97699cf-a93a9571.395033.xyz/api/report?catId=GW+estsfd+ams2"}]}
server
nginx/1.21.6
vary
Accept-Encoding Accept-Encoding
x-ms-clitelem
1,50168,0,,
x-ms-ests-server
2.1.13481.9 - NEULR1 ProdSlices
x-ms-request-id
8356b780-ef6e-4b62-8c5a-965209528400

Redirect headers

access-control-allow-headers
*
access-control-allow-origin
*
content-type
text/html; charset=utf-8
date
Tue, 16 Aug 2022 01:00:42 GMT
location
https://login-microsoftonline-com.395033.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwwwofc.395033.xyz%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwwwofc.395033.xyz%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=637962084418736609.ZTAyMTJkMjMtNGQ4Mi00MmNkLWEwMWItZjE2ZmIxZGFlYTJmOWYzOWZlYjgtN2EyMi00NjAwLTllNmMtMWNkZmJiNjA1Yjky&ui_locales=de-DE&mkt=de-DE&state=LE5jgymFn6IfQfNg-P040UCcHKTEUJ2JAH4YU7p4jS4uJeLptW9HPMjzI80tp21Xi4AUydYU805D1jsQisbUVQesh0aD5qcxkEm010htQwPENi1Xvv9xtfM5a2E1y8gt7OcogOrYBzWw81sRMcyFoqPvVqeza0_1w3p6oy69CfpV_P1CTpZu_vbgaUwUSiH1zJ42LS-NJ4ForA6ZDKFgUKamLzUpw9IKQz3K1xShv5tefH3hq2nHqWzcsHlsZNyyIn-HxrL3jNOLkkY-Kv2BlQ&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0
referrer-policy
strict-origin-when-cross-origin
request-context
appId=
server
nginx/1.21.6
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
x-msedge-ref
Ref A: 71F902625FC549CDBB957F2E46D772C2 Ref B: LAX311000111035 Ref C: 2022-08-16T01:00:41Z
x-ua-compatible
IE=edge,chrome=1

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation

1 Cookies

Domain/Path Name / Value
.395033.xyz/ Name: __ptcj
Value: YTkzYTk1NzEtOWQzNi00MGVkLWI2MzctMWI5NjJlYzVmYzFkOjFlNDM4YzI4LWVlMzQtNDU1YS1hODE5LTE1YjgxODMzNjliMg==

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

login-microsoftonline-com.395033.xyz
wwwofc.395033.xyz
46.21.153.236
07558e301f1d48880b565ac9cd7f909d034e644e368657db2b4176a137fe777a
cf6d0aded845249829a4022afb7c0643e8de29d6d771dff7d04900af1ca23d80