login.microsoftontine.com

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 7 HTTP transactions. The main IP is 31.3.109.189, located in Gouda, Netherlands and belongs to TUXIS, NL. The main domain is login.microsoftontine.com.
TLS certificate: Issued by R3 on April 12th 2022. Valid for: 3 months.

This is the only time login.microsoftontine.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	31.3.109.189 31.3.109.189	197731 (TUXIS) (TUXIS)
3	152.199.23.37 152.199.23.37	15133 (EDGECAST) (EDGECAST)
2	2620:1ec:29::45 2620:1ec:29::45	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	20.190.160.75 20.190.160.75	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
7	4

1 31.3.109.189 (Gouda, Netherlands)

ASN197731 (TUXIS, NL)

login.microsoftontine.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 152.199.23.37 (United States)

ASN15133 (EDGECAST, US)

aadcdn.msftauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:29::45 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

aadcdn.msftauthimages.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.190.160.75 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

login.live.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	msftauth.net aadcdn.msftauth.net — Cisco Umbrella Rank: 1455	54 KB
2	msftauthimages.net aadcdn.msftauthimages.net — Cisco Umbrella Rank: 4232	82 KB
1	live.com login.live.com — Cisco Umbrella Rank: 85
1	microsoftontine.com login.microsoftontine.com	6 KB
7	4

	Domain	Requested by
3	aadcdn.msftauth.net	login.microsoftontine.com
2	aadcdn.msftauthimages.net	login.microsoftontine.com
1	login.live.com	login.microsoftontine.com
1	login.microsoftontine.com
7	4

This site contains links to these domains. Also see Links.

Domain
login.microsoftonline.com
www.microsoft.com
privacy.microsoft.com

Subject Issuer	Validity	Valid
login.microsoftontine.com R3	`2022-04-12` - `2022-07-11`	3 months	crt.sh
aadcdn.msftauth.net DigiCert SHA2 Secure Server CA	`2022-04-01` - `2023-04-01`	a year	crt.sh
aadcdn.msftauthimages.net Microsoft Azure TLS Issuing CA 06	`2022-01-20` - `2023-01-15`	a year	crt.sh
graph.windows.net DigiCert SHA2 Secure Server CA	`2022-04-07` - `2023-04-07`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://login.microsoftontine.com/?rid=3fYbQuv
Frame ID: 3047A1AE4A363A8342BB4D8F273EC0DE
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Aanmelden bij uw account

Page Statistics

7
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

141 kB
Transfer

215 kB
Size

2
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://login.microsoftonline.com/fb571074-850c-4444-b482-daf6de9f124f/oauth2/authorize?client_id=00000003-0000-0ff1-ce00-000000000000&response_mode=form_post&protectedtoken=true&response_type=code%20id_token&resource=00000003-0000-0ff1-ce00-000000000000&scope=openid&nonce=96EE4CC28A297004EC5508C5B3A1D5679C5D2D0EA85B305E-AED564E246C0D1F333852342BA41231DDFCF33D7E6D8854EBF266ACF6A85F1AC&redirect_uri=https%3A%2F%2Finergyasbv-my.sharepoint.com%2F_forms%2F
Title: Hebt u geen toegang tot het account?

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/nl-NL/servicesagreement/
Title: Gebruiksvoorwaarden

Search URL Search Domain Scan URL

URL: https://privacy.microsoft.com/nl-NL/privacystatement
Title: Privacy en cookies

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response login.microsoftontine.com/	26 KB 6 KB	402ms 53ms	Document text/html	31.3.109.189 TUXIS
General Check archive.org Show headers Download Go to Full URL https://login.microsoftontine.com/?rid=3fYbQuv Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 31.3.109.189 Gouda, Netherlands, ASN197731 (TUXIS, NL), Reverse DNS Software nginx/1.14.2 / Resource Hash `ef9c5470c901fe2de7e2b24a65077cf46569e976cda6f5f498349649bf7b0af9` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=utf-8 Date Thu, 14 Apr 2022 11:58:15 GMT Server nginx/1.14.2 Transfer-Encoding chunked Vary Accept-Encoding X-Server gophish
GET H2	200	converged.v2.login.min_zmhwgv_kbcs-aml46kcgfg2.css aadcdn.msftauth.net/ests/2.1/content/cdnbundles/	108 KB 20 KB	57ms 14ms	Stylesheet text/css	152.199.23.37 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_zmhwgv_kbcs-aml46kcgfg2.css Requested by Host: login.microsoftontine.com URL: https://login.microsoftontine.com/?rid=3fYbQuv Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.199.23.37 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (ama/8A97) / Resource Hash `0b110c35df6ba7923eb2b80869f047fe3102e2f41ddc767627cb977f44e2ae75` Request headers Referer https://login.microsoftontine.com/ Origin https://login.microsoftontine.com accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Thu, 14 Apr 2022 11:58:15 GMT content-encoding gzip content-md5 gQeGSiXz86BaUj7ZBvfbVQ== age 10321899 x-cache HIT content-length 19946 x-ms-lease-status unlocked last-modified Wed, 15 Dec 2021 19:03:11 GMT server ECAcc (ama/8A97) etag 0x8D9BFFD8A59586D vary Accept-Encoding content-type text/css access-control-allow-origin * x-ms-request-id 28aff972-a01e-003d-5c16-f22d72000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 accept-ranges bytes
GET H2	200	bannerlogo aadcdn.msftauthimages.net/c1c6b6c8-u9rf1iql0ubg7iiom0sunwggpishifvhxxwcfkxphwq/logintenantbranding/0/	9 KB 9 KB	137ms 26ms	Image image/*	2620:1ec:29::45 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://aadcdn.msftauthimages.net/c1c6b6c8-u9rf1iql0ubg7iiom0sunwggpishifvhxxwcfkxphwq/logintenantbranding/0/bannerlogo?ts=636790139844079824 Requested by Host: login.microsoftontine.com URL: https://login.microsoftontine.com/?rid=3fYbQuv Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:29::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash `cc5760f24de5cca097eff3c0c2431f651975a0d5ad3b96e6281997fc7ba51cf2` Request headers accept-language nl-NL,nl;q=0.9 Referer https://login.microsoftontine.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob date Thu, 14 Apr 2022 11:58:15 GMT last-modified Wed, 28 Nov 2018 14:59:44 GMT server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 content-md5 xv91c9zO7tCDp5l71LO4Xg== etag 0x8D6554222385821 x-azure-ref 0VwxYYgAAAADVTkAVvFYcSrielCZxzqQlTE9OMjFFREdFMDIyMQA1OTY2NTcxNS00MjZhLTRmMWMtYTA1OS1kNWRmZDQwYWU2Yjk= x-cache TCP_HIT content-type image/* x-ms-request-id e69b8e9f-b01e-006f-02ae-4f515f000000 cache-control public, max-age=86400 x-ms-version 2009-09-19 content-length 9229
GET H/1.1	200 OK	Me.htm login.live.com/	0 0	151ms 101ms	Other text/html	20.190.160.75 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://login.live.com/Me.htm?v=3 Requested by Host: login.microsoftontine.com URL: https://login.microsoftontine.com/?rid=3fYbQuv Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 20.190.160.75 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash Request headers accept-language nl-NL,nl;q=0.9 Referer https://login.microsoftontine.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers
GET H2	200	converged.v2.login.min_zmhwgv_kbcs-aml46kcgfg2.css aadcdn.msftauth.net/ests/2.1/content/cdnbundles/	0 20 KB	59ms 17ms	Other text/css	152.199.23.37 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_zmhwgv_kbcs-aml46kcgfg2.css Requested by Host: login.microsoftontine.com URL: https://login.microsoftontine.com/?rid=3fYbQuv Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.199.23.37 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (ama/8A97) / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language nl-NL,nl;q=0.9 Referer https://login.microsoftontine.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Thu, 14 Apr 2022 11:58:15 GMT content-encoding gzip content-md5 gQeGSiXz86BaUj7ZBvfbVQ== age 10321899 x-cache HIT content-length 19946 x-ms-lease-status unlocked last-modified Wed, 15 Dec 2021 19:03:11 GMT server ECAcc (ama/8A97) etag 0x8D9BFFD8A59586D vary Accept-Encoding content-type text/css access-control-allow-origin * x-ms-request-id 28aff972-a01e-003d-5c16-f22d72000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 accept-ranges bytes
GET H2	200	ux.converged.login.strings-nl.min_xaerh61fwxplmef_x6vkvw2.js aadcdn.msftauth.net/ests/2.1/content/cdnbundles/	0 14 KB	56ms 15ms	Other application/x-javascript	152.199.23.37 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-nl.min_xaerh61fwxplmef_x6vkvw2.js Requested by Host: login.microsoftontine.com URL: https://login.microsoftontine.com/?rid=3fYbQuv Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.199.23.37 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (ama/8B47) / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language nl-NL,nl;q=0.9 Referer https://login.microsoftontine.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Thu, 14 Apr 2022 11:58:15 GMT content-encoding gzip content-md5 Hr7jZT8XJzy9QNmTMT+KYg== age 2510624 x-cache HIT content-length 13782 x-ms-lease-status unlocked last-modified Tue, 15 Mar 2022 18:16:10 GMT server ECAcc (ama/8B47) etag 0x8DA06AFE21D74A7 vary Accept-Encoding content-type application/x-javascript access-control-allow-origin * x-ms-request-id 843b4850-801e-006c-7221-3990f5000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 accept-ranges bytes
GET H2	200	illustration aadcdn.msftauthimages.net/c1c6b6c8-u9rf1iql0ubg7iiom0sunwggpishifvhxxwcfkxphwq/logintenantbranding/0/	72 KB 72 KB	95ms 46ms	Image image/*	2620:1ec:29::45 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://aadcdn.msftauthimages.net/c1c6b6c8-u9rf1iql0ubg7iiom0sunwggpishifvhxxwcfkxphwq/logintenantbranding/0/illustration?ts=637813762209891892 Requested by Host: login.microsoftontine.com URL: https://login.microsoftontine.com/?rid=3fYbQuv Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:29::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash `24df38c507e61289d01e8677f71f46812ad98b10f2787fa616d4252fb1b25640` Request headers accept-language nl-NL,nl;q=0.9 Referer https://login.microsoftontine.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob date Thu, 14 Apr 2022 11:58:15 GMT last-modified Fri, 25 Feb 2022 08:57:01 GMT server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 content-md5 gIIpDOzR0VPe/CphRBOMFw== etag 0x8D9F83CC967EFFB x-azure-ref 0VwxYYgAAAACgBACnZYQZT4Ue0kvUSTqqTE9OMjFFREdFMDIyMQA1OTY2NTcxNS00MjZhLTRmMWMtYTA1OS1kNWRmZDQwYWU2Yjk= x-cache TCP_HIT content-type image/* x-ms-request-id 9f8129db-001e-0037-53ee-4f8900000000 cache-control public, max-age=86400 x-ms-version 2009-09-19 content-length 73837

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.login.live.com/	1969-12-31 23:59:59	Name: uaid Value: 6c5b41fdff8a46b3bb147b1dcbbca690
			.login.live.com/	1969-12-31 23:59:59	Name: MSPRequ Value: id=N&lt=1649937495&co=1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aadcdn.msftauth.net
aadcdn.msftauthimages.net
login.live.com
login.microsoftontine.com
152.199.23.37
20.190.160.75
2620:1ec:29::45
31.3.109.189
0b110c35df6ba7923eb2b80869f047fe3102e2f41ddc767627cb977f44e2ae75
24df38c507e61289d01e8677f71f46812ad98b10f2787fa616d4252fb1b25640
cc5760f24de5cca097eff3c0c2431f651975a0d5ad3b96e6281997fc7ba51cf2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef9c5470c901fe2de7e2b24a65077cf46569e976cda6f5f498349649bf7b0af9

login.microsoftontine.com Open in urlscan Pro 31.3.109.189 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

7 Requests

100 %HTTPS

25 %IPv6

4 Domains

4 Subdomains

4 IPs

2 Countries

141 kBTransfer

215 kBSize

2 Cookies

3 Outgoing links

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

2 Cookies

Indicators

login.microsoftontine.com Open in urlscan Pro
31.3.109.189 Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

141 kB
Transfer

215 kB
Size

2
Cookies

7 HTTP transactions
0 data transactions