urlscan.io logo urlscan.io
SecurityTrails logo

login.microsoftonline.com.office.prod.marvell.myshn.net Open in urlscan Pro
52.52.9.238  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://outlook.office.com.office.prod.marvell.myshn.net/
Effective URL: https://login.microsoftonline.com.office.prod.marvell.myshn.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%...
Submission: On April 21 via api from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 1 domains to perform 19 HTTP transactions. The main IP is 52.52.9.238, located in San Jose, United States and belongs to AMAZON-02, US. The main domain is login.microsoftonline.com.office.prod.marvell.myshn.net.
TLS certificate: Issued by GlobalSign RSA OV SSL CA 2018 on February 24th 2022. Valid for: a year.
This is the only time login.microsoftonline.com.office.prod.marvell.myshn.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
2 6 54.183.76.102 16509 (AMAZON-02)
12 52.52.9.238 16509 (AMAZON-02)
19 3
Domain Requested by
9 aadcdn.msftauth.net.office.prod.marvell.myshn.net login.microsoftonline.com.office.prod.marvell.myshn.net
aadcdn.msftauth.net.office.prod.marvell.myshn.net
3 r4.res.office365.com.office.prod.marvell.myshn.net outlook.office365.com.office.prod.marvell.myshn.net
2 login.microsoftonline.com.office.prod.marvell.myshn.net login.microsoftonline.com.office.prod.marvell.myshn.net
2 outlook.office.com.office.prod.marvell.myshn.net 2 redirects
1 outlook.office365.com.office.prod.marvell.myshn.net aadcdn.msftauth.net.office.prod.marvell.myshn.net
1 login.live.com.office.prod.marvell.myshn.net login.microsoftonline.com.office.prod.marvell.myshn.net
19 6
Subject Issuer Validity Valid
office.prod.marvell.myshn.net
GlobalSign RSA OV SSL CA 2018		 2022-02-24 -
2023-03-28		 a year crt.sh

This page contains 2 frames:

Primary Page: https://login.microsoftonline.com.office.prod.marvell.myshn.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com.office.prod.marvell.myshn.net%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=30bf76e3-028e-a493-4055-16d4ec56893a&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=637861280906424217.137695a0-7549-4169-90c3-b70bb5d8ce2c&state=DcuxFYAwCABRos9xMEAIhHFMtLZ0fSn-dVcAYE9bKpQBt-bDWAYFmYoK-8nNLfpF6F0DlS0waDWcTnP2e6xHVsn3qO931R8&sso_reload=true
Frame ID: 6CD54A24C36004D504DB41D26C8461BE
Requests: 14 HTTP requests in this frame

Frame: https://outlook.office365.com.office.prod.marvell.myshn.net/owa/prefetch.aspx
Frame ID: 16C0E418DC59FB8D269D77C5F1FDDCF2
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Bei Outlook anmelden

Page URL History Show full URLs

  1. https://outlook.office.com.office.prod.marvell.myshn.net/ HTTP 302
    https://outlook.office.com.office.prod.marvell.myshn.net/owa/ HTTP 302
    https://login.microsoftonline.com.office.prod.marvell.myshn.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redir... Page URL
  2. https://login.microsoftonline.com.office.prod.marvell.myshn.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redir... Page URL

Page Statistics

19
Requests

84 %
HTTPS

0 %
IPv6

1
Domains

6
Subdomains

3
IPs

1
Countries

815 kB
Transfer

2800 kB
Size

18
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://outlook.office.com.office.prod.marvell.myshn.net/ HTTP 302
    https://outlook.office.com.office.prod.marvell.myshn.net/owa/ HTTP 302
    https://login.microsoftonline.com.office.prod.marvell.myshn.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com.office.prod.marvell.myshn.net%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=30bf76e3-028e-a493-4055-16d4ec56893a&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=637861280906424217.137695a0-7549-4169-90c3-b70bb5d8ce2c&state=DcuxFYAwCABRos9xMEAIhHFMtLZ0fSn-dVcAYE9bKpQBt-bDWAYFmYoK-8nNLfpF6F0DlS0waDWcTnP2e6xHVsn3qO931R8 Page URL
  2. https://login.microsoftonline.com.office.prod.marvell.myshn.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com.office.prod.marvell.myshn.net%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=30bf76e3-028e-a493-4055-16d4ec56893a&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=637861280906424217.137695a0-7549-4169-90c3-b70bb5d8ce2c&state=DcuxFYAwCABRos9xMEAIhHFMtLZ0fSn-dVcAYE9bKpQBt-bDWAYFmYoK-8nNLfpF6F0DlS0waDWcTnP2e6xHVsn3qO931R8&sso_reload=true Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://outlook.office.com.office.prod.marvell.myshn.net/ HTTP 302
  • https://outlook.office.com.office.prod.marvell.myshn.net/owa/ HTTP 302
  • https://login.microsoftonline.com.office.prod.marvell.myshn.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com.office.prod.marvell.myshn.net%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=30bf76e3-028e-a493-4055-16d4ec56893a&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=637861280906424217.137695a0-7549-4169-90c3-b70bb5d8ce2c&state=DcuxFYAwCABRos9xMEAIhHFMtLZ0fSn-dVcAYE9bKpQBt-bDWAYFmYoK-8nNLfpF6F0DlS0waDWcTnP2e6xHVsn3qO931R8

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
authorize
login.microsoftonline.com.office.prod.marvell.myshn.net/common/oauth2/
Redirect Chain
  • https://outlook.office.com.office.prod.marvell.myshn.net/
  • https://outlook.office.com.office.prod.marvell.myshn.net/owa/
  • https://login.microsoftonline.com.office.prod.marvell.myshn.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com.office.prod.marv...
150 KB
54 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.microsoftonline.com.office.prod.marvell.myshn.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com.office.prod.marvell.myshn.net%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=30bf76e3-028e-a493-4055-16d4ec56893a&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=637861280906424217.137695a0-7549-4169-90c3-b70bb5d8ce2c&state=DcuxFYAwCABRos9xMEAIhHFMtLZ0fSn-dVcAYE9bKpQBt-bDWAYFmYoK-8nNLfpF6F0DlS0waDWcTnP2e6xHVsn3qO931R8
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.52.9.238 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-52-9-238.us-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
3d69221ff7acfbf160af3ee9040a389f1e9f08e16801a1cc77be7c75293a5af2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache
Connection
keep-alive
Content-Encoding
gzip
Content-Length
54505
Content-Type
text/html; charset=utf-8
Date
Thu, 21 Apr 2022 08:54:51 GMT
Expires
-1
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Server
nginx
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Robots-Tag
none
X-SkyHigh-Version
BuildNumber=19, BuildDate=2022-01-03 10:37
X-XSS-Protection
0
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+chi"}]}
x-ms-ests-server
2.1.12621.9 - WUS2 ProdSlices
x-ms-request-id
90b0f6e1-3df3-4a94-a344-05da2628b100

Redirect headers

Alt-Svc
h3=":443",h3-29=":443"
Connection
keep-alive
Content-Length
842
Content-Type
text/html; charset=utf-8
Date
Thu, 21 Apr 2022 08:54:50 GMT
Location
https://login.microsoftonline.com.office.prod.marvell.myshn.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com.office.prod.marvell.myshn.net%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=30bf76e3-028e-a493-4055-16d4ec56893a&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=637861280906424217.137695a0-7549-4169-90c3-b70bb5d8ce2c&state=DcuxFYAwCABRos9xMEAIhHFMtLZ0fSn-dVcAYE9bKpQBt-bDWAYFmYoK-8nNLfpF6F0DlS0waDWcTnP2e6xHVsn3qO931R8
NEL
{"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
P3P
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Report-To
{"group":"NelOfficeUpload1","max_age":7200,"endpoints":[{"url":"https://exo.nel.measure.office.net/api/report?TenantId=&FrontEnd=Cafe&DestinationEndpoint=SJC"}],"include_subdomains":true}
Server
nginx
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-BEServer
DM6PR08MB5947
X-BackEnd-Begin
2022-04-21T08:54:50.642
X-BackEnd-End
2022-04-21T08:54:50.642
X-BackEndHttpStatus
302 302
X-BeSku
WCS5
X-CalculatedBETarget
DM6PR08MB5947.namprd08.PROD.OUTLOOK.COM
X-CalculatedFETarget
DM6PR14CU002.internal.outlook.com
X-Content-Type-Options
nosniff
X-DiagInfo
DM6PR08MB5947
X-FEEFZInfo
SJC
X-FEProxyInfo
BYAPR08CA0004.NAMPRD08.PROD.OUTLOOK.COM
X-FEServer
DM6PR14CA0060 BYAPR08CA0004
X-FirstHopCafeEFZ
SJC
X-IIDs
0
X-OWA-DiagnosticsInfo
1;0;0
X-Proxy-BackendServerStatus
302
X-Proxy-RoutingCorrectness
1
X-RUM-Validated
1
X-Robots-Tag
none
X-SkyHigh-Version
BuildNumber=19, BuildDate=2022-01-03 10:37
X-UA-Compatible
IE=EmulateIE7
request-id
30bf76e3-028e-a493-4055-16d4ec56893a
Primary Request authorize
login.microsoftonline.com.office.prod.marvell.myshn.net/common/oauth2/ 		196 KB
51 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.microsoftonline.com.office.prod.marvell.myshn.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com.office.prod.marvell.myshn.net%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=30bf76e3-028e-a493-4055-16d4ec56893a&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=637861280906424217.137695a0-7549-4169-90c3-b70bb5d8ce2c&state=DcuxFYAwCABRos9xMEAIhHFMtLZ0fSn-dVcAYE9bKpQBt-bDWAYFmYoK-8nNLfpF6F0DlS0waDWcTnP2e6xHVsn3qO931R8&sso_reload=true
Requested by
Host: login.microsoftonline.com.office.prod.marvell.myshn.net
URL: https://login.microsoftonline.com.office.prod.marvell.myshn.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com.office.prod.marvell.myshn.net%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=30bf76e3-028e-a493-4055-16d4ec56893a&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=637861280906424217.137695a0-7549-4169-90c3-b70bb5d8ce2c&state=DcuxFYAwCABRos9xMEAIhHFMtLZ0fSn-dVcAYE9bKpQBt-bDWAYFmYoK-8nNLfpF6F0DlS0waDWcTnP2e6xHVsn3qO931R8
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.52.9.238 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-52-9-238.us-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
eff9271bbc6e0d83be7309fe9657f3726be0431cd6a67b94058fd82f0ece3fa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://login.microsoftonline.com.office.prod.marvell.myshn.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com.office.prod.marvell.myshn.net%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=30bf76e3-028e-a493-4055-16d4ec56893a&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=637861280906424217.137695a0-7549-4169-90c3-b70bb5d8ce2c&state=DcuxFYAwCABRos9xMEAIhHFMtLZ0fSn-dVcAYE9bKpQBt-bDWAYFmYoK-8nNLfpF6F0DlS0waDWcTnP2e6xHVsn3qO931R8
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache
Connection
keep-alive
Content-Encoding
gzip
Content-Length
50081
Content-Type
text/html; charset=utf-8
Date
Thu, 21 Apr 2022 08:54:52 GMT
Expires
-1
Link
<https://aadcdn.msftauth.net.office.prod.marvell.myshn.net>; rel=preconnect; crossorigin
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Server
nginx
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-DNS-Prefetch-Control
on
X-Frame-Options
DENY
X-Robots-Tag
none
X-SkyHigh-Version
BuildNumber=19, BuildDate=2022-01-03 10:37
X-XSS-Protection
0
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+chi"}]}
x-ms-ests-server
2.1.12621.9 - WUS2 ProdSlices
x-ms-request-id
8dca2caa-b732-4a5c-8467-2f0be8d07a00
Me.htm
login.live.com.office.prod.marvell.myshn.net/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://login.live.com.office.prod.marvell.myshn.net/Me.htm?v=3
Requested by
Host: login.microsoftonline.com.office.prod.marvell.myshn.net
URL: https://login.microsoftonline.com.office.prod.marvell.myshn.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com.office.prod.marvell.myshn.net%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=30bf76e3-028e-a493-4055-16d4ec56893a&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=637861280906424217.137695a0-7549-4169-90c3-b70bb5d8ce2c&state=DcuxFYAwCABRos9xMEAIhHFMtLZ0fSn-dVcAYE9bKpQBt-bDWAYFmYoK-8nNLfpF6F0DlS0waDWcTnP2e6xHVsn3qO931R8&sso_reload=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.52.9.238 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-52-9-238.us-west-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.microsoftonline.com.office.prod.marvell.myshn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers
ConvergedLogin_PCore_cl0FpWkXjYABAABPcZEt9g2.js
aadcdn.msftauth.net.office.prod.marvell.myshn.net/shared/1.0/content/js/ 		377 KB
108 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net.office.prod.marvell.myshn.net/shared/1.0/content/js/ConvergedLogin_PCore_cl0FpWkXjYABAABPcZEt9g2.js
Requested by
Host: login.microsoftonline.com.office.prod.marvell.myshn.net
URL: https://login.microsoftonline.com.office.prod.marvell.myshn.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com.office.prod.marvell.myshn.net%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=30bf76e3-028e-a493-4055-16d4ec56893a&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=637861280906424217.137695a0-7549-4169-90c3-b70bb5d8ce2c&state=DcuxFYAwCABRos9xMEAIhHFMtLZ0fSn-dVcAYE9bKpQBt-bDWAYFmYoK-8nNLfpF6F0DlS0waDWcTnP2e6xHVsn3qO931R8&sso_reload=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.52.9.238 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-52-9-238.us-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
3fa1fa5ae0a20eda2b0262b54e2c3bfa0bb8c5262bc19f6edfe4dcc8d3b38a5e

Request headers

Referer
https://login.microsoftonline.com.office.prod.marvell.myshn.net/
Origin
https://login.microsoftonline.com.office.prod.marvell.myshn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
Date
Thu, 21 Apr 2022 08:54:53 GMT
Content-Encoding
gzip
Content-MD5
p60WlVFQK5oxQGsOfaSKIw==
Age
1754187
X-Cache
HIT
Connection
keep-alive
Content-Length
109754
x-ms-lease-status
unlocked
Last-Modified
Tue, 29 Mar 2022 23:42:30 GMT
Server
nginx
Etag
0x8DA11DDCA335CB7
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
x-ms-request-id
d8380741-601e-0097-6869-458124000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
X-SkyHigh-Version
BuildNumber=19, BuildDate=2022-01-03 10:37
Accept-Ranges
bytes
X-Robots-Tag
none
prefetch.aspx
outlook.office365.com.office.prod.marvell.myshn.net/owa/ Frame 16C0 		3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://outlook.office365.com.office.prod.marvell.myshn.net/owa/prefetch.aspx
Requested by
Host: aadcdn.msftauth.net.office.prod.marvell.myshn.net
URL: https://aadcdn.msftauth.net.office.prod.marvell.myshn.net/shared/1.0/content/js/ConvergedLogin_PCore_cl0FpWkXjYABAABPcZEt9g2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.183.76.102 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-183-76-102.us-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
66a21866f76b025863d35646310deb81c8cdf2a86081d34ce88af54b60d4b906
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://login.microsoftonline.com.office.prod.marvell.myshn.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Alt-Svc
h3=":443",h3-29=":443"
Cache-Control
private, no-store
Connection
keep-alive
Content-Encoding
gzip
Content-Length
1043
Content-Type
text/html; charset=utf-8
Date
Thu, 21 Apr 2022 08:54:54 GMT
NEL
{"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
Report-To
{"group":"NelOfficeUpload1","max_age":7200,"endpoints":[{"url":"https://exo.nel.measure.office.net/api/report?TenantId=&FrontEnd=Cafe&DestinationEndpoint=SJC"}],"include_subdomains":true}
Server
nginx
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Vary
Accept-Encoding
X-BEServer
BN8PR13MB2673
X-BackEnd-Begin
2022-04-21T08:54:54.943
X-BackEnd-End
2022-04-21T08:54:54.943
X-BackEndHttpStatus
200 200
X-BeSku
WCS5
X-CalculatedBETarget
BN8PR13MB2673.namprd13.PROD.OUTLOOK.COM
X-CalculatedFETarget
BN0PR04CU006.internal.outlook.com
X-Content-Type-Options
nosniff
X-DiagInfo
BN8PR13MB2673
X-FEEFZInfo
SJC
X-FEProxyInfo
SJ0PR13CA0142.NAMPRD13.PROD.OUTLOOK.COM
X-FEServer
BN0PR04CA0160 SJ0PR13CA0142
X-FirstHopCafeEFZ
SJC
X-IIDs
0
X-OWA-DiagnosticsInfo
1;0;0
X-OWA-Version
15.20.5206.6
X-Proxy-BackendServerStatus
200
X-Proxy-RoutingCorrectness
1
X-RUM-Validated
1
X-Robots-Tag
none
X-SkyHigh-Version
BuildNumber=19, BuildDate=2022-01-03 10:37
X-UA-Compatible
IE=EmulateIE7
request-id
30639c88-0833-4e7c-32ab-bd0533084a5d
converged.v2.login.min_zmhwgv_kbcs-aml46kcgfg2.css
aadcdn.msftauth.net.office.prod.marvell.myshn.net/ests/2.1/content/cdnbundles/ 		0
20 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net.office.prod.marvell.myshn.net/ests/2.1/content/cdnbundles/converged.v2.login.min_zmhwgv_kbcs-aml46kcgfg2.css
Requested by
Host: login.microsoftonline.com.office.prod.marvell.myshn.net
URL: https://login.microsoftonline.com.office.prod.marvell.myshn.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com.office.prod.marvell.myshn.net%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=30bf76e3-028e-a493-4055-16d4ec56893a&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=637861280906424217.137695a0-7549-4169-90c3-b70bb5d8ce2c&state=DcuxFYAwCABRos9xMEAIhHFMtLZ0fSn-dVcAYE9bKpQBt-bDWAYFmYoK-8nNLfpF6F0DlS0waDWcTnP2e6xHVsn3qO931R8&sso_reload=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.52.9.238 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-52-9-238.us-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.microsoftonline.com.office.prod.marvell.myshn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
Date
Thu, 21 Apr 2022 08:54:55 GMT
Content-Encoding
gzip
Content-MD5
gQeGSiXz86BaUj7ZBvfbVQ==
Age
10921541
X-Cache
HIT
Connection
keep-alive
Content-Length
19946
x-ms-lease-status
unlocked
Last-Modified
Wed, 15 Dec 2021 19:03:11 GMT
Server
nginx
Etag
0x8D9BFFD8A59586D
Vary
Accept-Encoding
Content-Type
text/css
Access-Control-Allow-Origin
*
x-ms-request-id
74c6bb9a-e01e-001e-2408-f2a043000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
X-SkyHigh-Version
BuildNumber=19, BuildDate=2022-01-03 10:37
Accept-Ranges
bytes
X-Robots-Tag
none
ux.converged.login.strings-de.min_cf8-p2jsqbelcphz3-i-uq2.js
aadcdn.msftauth.net.office.prod.marvell.myshn.net/ests/2.1/content/cdnbundles/ 		0
15 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net.office.prod.marvell.myshn.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-de.min_cf8-p2jsqbelcphz3-i-uq2.js
Requested by
Host: login.microsoftonline.com.office.prod.marvell.myshn.net
URL: https://login.microsoftonline.com.office.prod.marvell.myshn.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com.office.prod.marvell.myshn.net%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=30bf76e3-028e-a493-4055-16d4ec56893a&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=637861280906424217.137695a0-7549-4169-90c3-b70bb5d8ce2c&state=DcuxFYAwCABRos9xMEAIhHFMtLZ0fSn-dVcAYE9bKpQBt-bDWAYFmYoK-8nNLfpF6F0DlS0waDWcTnP2e6xHVsn3qO931R8&sso_reload=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.52.9.238 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-52-9-238.us-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.microsoftonline.com.office.prod.marvell.myshn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
Date
Thu, 21 Apr 2022 08:54:55 GMT
Content-Encoding
gzip
Content-MD5
IYEaYYfXuKnMNjDK+/0Cog==
Age
2959210
X-Cache
HIT
Connection
keep-alive
Content-Length
14345
x-ms-lease-status
unlocked
Last-Modified
Tue, 15 Mar 2022 18:16:04 GMT
Server
nginx
Etag
0x8DA06AFDE559B69
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
x-ms-request-id
d8fe8ece-301e-0050-1073-3a9d0f000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
X-SkyHigh-Version
BuildNumber=19, BuildDate=2022-01-03 10:37
Accept-Ranges
bytes
X-Robots-Tag
none
convergedlogin_pcustomizationloader_d2487269d21be1683a0b.js
aadcdn.msftauth.net.office.prod.marvell.myshn.net/shared/1.0/content/js/asyncchunk/ 		107 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net.office.prod.marvell.myshn.net/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_d2487269d21be1683a0b.js
Requested by
Host: aadcdn.msftauth.net.office.prod.marvell.myshn.net
URL: https://aadcdn.msftauth.net.office.prod.marvell.myshn.net/shared/1.0/content/js/ConvergedLogin_PCore_cl0FpWkXjYABAABPcZEt9g2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.52.9.238 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-52-9-238.us-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
659bb2277754a98b5b4dd551d8e0ce4979b507a7c61772b638902cd673c0f944

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.microsoftonline.com.office.prod.marvell.myshn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
Date
Thu, 21 Apr 2022 08:54:54 GMT
Content-Encoding
gzip
Content-MD5
Q7z26BmO+xialfkIHTi+Iw==
Age
3387831
X-Cache
HIT
Connection
keep-alive
Content-Length
31982
x-ms-lease-status
unlocked
Last-Modified
Fri, 11 Mar 2022 11:12:22 GMT
Server
nginx
Etag
0x8DA035003B53D82
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
x-ms-request-id
7c712a39-f01e-0070-218d-36e35e000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
X-SkyHigh-Version
BuildNumber=19, BuildDate=2022-01-03 10:37
Accept-Ranges
bytes
X-Robots-Tag
none
49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg
aadcdn.msftauth.net.office.prod.marvell.myshn.net/shared/1.0/content/images/appbackgrounds/ 		987 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauth.net.office.prod.marvell.myshn.net/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.52.9.238 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-52-9-238.us-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
8b34a475187302935336bf43a2bf2a4e0adb9a1e87953ea51f6fcf0ef52a4a1d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.microsoftonline.com.office.prod.marvell.myshn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
Date
Thu, 21 Apr 2022 08:54:54 GMT
Content-MD5
5YqvyYBhSpzXeWvqe16o8A==
Age
28408549
X-Cache
HIT
Connection
keep-alive
Content-Length
987
x-ms-lease-status
unlocked
Last-Modified
Fri, 27 Mar 2020 19:42:36 GMT
Server
nginx
Etag
0x8D7D287001BC861
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
x-ms-request-id
e1da410e-701e-0075-2dfd-52f6ff000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
X-SkyHigh-Version
BuildNumber=19, BuildDate=2022-01-03 10:37
Accept-Ranges
bytes
X-Robots-Tag
none
49_7916a894ebde7d29c2cc29b267f1299f.jpg
aadcdn.msftauth.net.office.prod.marvell.myshn.net/shared/1.0/content/images/appbackgrounds/ 		17 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauth.net.office.prod.marvell.myshn.net/shared/1.0/content/images/appbackgrounds/49_7916a894ebde7d29c2cc29b267f1299f.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.52.9.238 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-52-9-238.us-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
d8f5ab3e00202fd3b45be1acd95d677b137064001e171bc79b06826d98f1e1d3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.microsoftonline.com.office.prod.marvell.myshn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
Date
Thu, 21 Apr 2022 08:54:54 GMT
Content-MD5
eRaolOvefSnCzCmyZ/Epnw==
Age
21886576
X-Cache
HIT
Connection
keep-alive
Content-Length
17453
x-ms-lease-status
unlocked
Last-Modified
Fri, 27 Mar 2020 19:42:36 GMT
Server
nginx
Etag
0x8D7D2870015D3DE
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
x-ms-request-id
1896df41-201e-007b-6c4e-8e3711000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
X-SkyHigh-Version
BuildNumber=19, BuildDate=2022-01-03 10:37
Accept-Ranges
bytes
X-Robots-Tag
none
53_8b36337037cff88c3df203bb73d58e41.png
aadcdn.msftauth.net.office.prod.marvell.myshn.net/shared/1.0/content/images/applogos/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauth.net.office.prod.marvell.myshn.net/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.52.9.238 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-52-9-238.us-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e4e1e65871749d18aea150643c07e0aab2057da057c6c57ec1c3c43580e1c898

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.microsoftonline.com.office.prod.marvell.myshn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
Date
Thu, 21 Apr 2022 08:54:54 GMT
Content-MD5
izYzcDfP+Iw98gO7c9WOQQ==
Age
22089889
X-Cache
HIT
Connection
keep-alive
Content-Length
5139
x-ms-lease-status
unlocked
Last-Modified
Wed, 12 Feb 2020 03:12:17 GMT
Server
nginx
Etag
0x8D7AF695D6C58F2
Content-Type
image/png
Access-Control-Allow-Origin
*
x-ms-request-id
56c03866-901e-0066-3175-8cbab7000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
X-SkyHigh-Version
BuildNumber=19, BuildDate=2022-01-03 10:37
Accept-Ranges
bytes
X-Robots-Tag
none
microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
aadcdn.msftauth.net.office.prod.marvell.myshn.net/shared/1.0/content/images/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauth.net.office.prod.marvell.myshn.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.52.9.238 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-52-9-238.us-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.microsoftonline.com.office.prod.marvell.myshn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
Date
Thu, 21 Apr 2022 08:54:54 GMT
Content-Encoding
gzip
Content-MD5
nzaLxFgP7ZB3dfMcaybWzw==
Age
24092631
X-Cache
HIT
Connection
keep-alive
Content-Length
1435
x-ms-lease-status
unlocked
Last-Modified
Thu, 16 Jan 2020 00:32:52 GMT
Server
nginx
Etag
0x8D79A1B9F5E121A
Vary
Accept-Encoding
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
x-ms-request-id
7d2aea29-601e-003a-653e-7a35be000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
X-SkyHigh-Version
BuildNumber=19, BuildDate=2022-01-03 10:37
Accept-Ranges
bytes
X-Robots-Tag
none
signin-options_4e48046ce74f4b89d45037c90576bfac.svg
aadcdn.msftauth.net.office.prod.marvell.myshn.net/shared/1.0/content/images/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauth.net.office.prod.marvell.myshn.net/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.52.9.238 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-52-9-238.us-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.microsoftonline.com.office.prod.marvell.myshn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
Date
Thu, 21 Apr 2022 08:54:54 GMT
Content-Encoding
gzip
Content-MD5
R2FAVxfpONfnQAuxVxXbHg==
Age
27345352
X-Cache
HIT
Connection
keep-alive
Content-Length
621
x-ms-lease-status
unlocked
Last-Modified
Tue, 10 Nov 2020 03:41:05 GMT
Server
nginx
Etag
0x8D8852A740F01B9
Vary
Accept-Encoding
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
x-ms-request-id
821a0437-901e-0041-2ca9-5cdc2a000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
X-SkyHigh-Version
BuildNumber=19, BuildDate=2022-01-03 10:37
Accept-Ranges
bytes
X-Robots-Tag
none
boot.worldwide.0.mouse.js
r4.res.office365.com.office.prod.marvell.myshn.net/owa/prem/15.20.5206.6/scripts/ Frame 16C0 		648 KB
176 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r4.res.office365.com.office.prod.marvell.myshn.net/owa/prem/15.20.5206.6/scripts/boot.worldwide.0.mouse.js
Requested by
Host: outlook.office365.com.office.prod.marvell.myshn.net
URL: https://outlook.office365.com.office.prod.marvell.myshn.net/owa/prefetch.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.183.76.102 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-183-76-102.us-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
d5238dcd5576de5c01381727798f579c4722e1c0b07f544135fbe537d7ccf94f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://outlook.office365.com.office.prod.marvell.myshn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Timing-Allow-Origin
*
Date
Thu, 21 Apr 2022 08:54:55 GMT
Content-Encoding
gzip
Last-Modified
Tue, 19 Apr 2022 22:50:48 GMT
Server
nginx
Vary
Accept-Encoding
Connection
keep-alive
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Cache-Control
public,max-age=630720000, s-maxage=630720000
X-SkyHigh-Version
BuildNumber=19, BuildDate=2022-01-03 10:37
Strict-Transport-Security
max-age=31536000; includeSubDomains
Accept-Ranges
bytes
X-Robots-Tag
none
Content-Length
179692
boot.worldwide.1.mouse.js
r4.res.office365.com.office.prod.marvell.myshn.net/owa/prem/15.20.5206.6/scripts/ Frame 16C0 		644 KB
160 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r4.res.office365.com.office.prod.marvell.myshn.net/owa/prem/15.20.5206.6/scripts/boot.worldwide.1.mouse.js
Requested by
Host: outlook.office365.com.office.prod.marvell.myshn.net
URL: https://outlook.office365.com.office.prod.marvell.myshn.net/owa/prefetch.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.183.76.102 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-183-76-102.us-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
c7bcfcd2305204dd3ded9a440c9a0a67b14f8d63224ed72795b23243d90a6771
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://outlook.office365.com.office.prod.marvell.myshn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Timing-Allow-Origin
*
Date
Thu, 21 Apr 2022 08:54:57 GMT
Content-Encoding
gzip
Last-Modified
Tue, 19 Apr 2022 22:50:48 GMT
Server
nginx
Vary
Accept-Encoding
Connection
keep-alive
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Cache-Control
public,max-age=630720000, s-maxage=630720000
X-SkyHigh-Version
BuildNumber=19, BuildDate=2022-01-03 10:37
Strict-Transport-Security
max-age=31536000; includeSubDomains
Accept-Ranges
bytes
X-Robots-Tag
none
Content-Length
163086
boot.worldwide.2.mouse.js
r4.res.office365.com.office.prod.marvell.myshn.net/owa/prem/15.20.5206.6/scripts/ Frame 16C0 		647 KB
166 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r4.res.office365.com.office.prod.marvell.myshn.net/owa/prem/15.20.5206.6/scripts/boot.worldwide.2.mouse.js
Requested by
Host: outlook.office365.com.office.prod.marvell.myshn.net
URL: https://outlook.office365.com.office.prod.marvell.myshn.net/owa/prefetch.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.183.76.102 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-183-76-102.us-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
881e25aad3eafcbcef0d278419babf632f541db8b2542963dfab8dbe727a464d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://outlook.office365.com.office.prod.marvell.myshn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Timing-Allow-Origin
*
Date
Thu, 21 Apr 2022 08:54:58 GMT
Content-Encoding
gzip
Last-Modified
Tue, 19 Apr 2022 22:50:49 GMT
Server
nginx
Vary
Accept-Encoding
Connection
keep-alive
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Cache-Control
public,max-age=630720000, s-maxage=630720000
X-SkyHigh-Version
BuildNumber=19, BuildDate=2022-01-03 10:37
Strict-Transport-Security
max-age=31536000; includeSubDomains
Accept-Ranges
bytes
X-Robots-Tag
none
Content-Length
169745
converged.v2.login.min_zmhwgv_kbcs-aml46kcgfg2.css
aadcdn.msftauth.net.office.prod.marvell.myshn.net/ests/2.1/content/cdnbundles/ 		0
0
ux.converged.login.strings-de.min_cf8-p2jsqbelcphz3-i-uq2.js
aadcdn.msftauth.net.office.prod.marvell.myshn.net/ests/2.1/content/cdnbundles/ 		0
0
boot.worldwide.3.mouse.js
r4.res.office365.com.office.prod.marvell.myshn.net/owa/prem/15.20.5206.6/scripts/ Frame 16C0 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
aadcdn.msftauth.net.office.prod.marvell.myshn.net
URL
https://aadcdn.msftauth.net.office.prod.marvell.myshn.net/ests/2.1/content/cdnbundles/converged.v2.login.min_zmhwgv_kbcs-aml46kcgfg2.css
Domain
aadcdn.msftauth.net.office.prod.marvell.myshn.net
URL
https://aadcdn.msftauth.net.office.prod.marvell.myshn.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-de.min_cf8-p2jsqbelcphz3-i-uq2.js
Domain
r4.res.office365.com.office.prod.marvell.myshn.net
URL
https://r4.res.office365.com.office.prod.marvell.myshn.net/owa/prem/15.20.5206.6/scripts/boot.worldwide.3.mouse.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

24 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails object| $Config object| $Debug object| $Do function| $Loader object| $WebWatson function| GetString function| GetErrorString function| GetUrl object| $B object| ServerData object| webpackJsonp object| ko object| PROOF object| StringRepository boolean| __ConvergedLogin_PCore boolean| __ object| Telemetry object| telemetry_webpackJsonp boolean| __convergedlogin_pcustomizationloader_d2487269d21be1683a0b

18 Cookies

Domain/Path Name / Value
outlook.office.com.office.prod.marvell.myshn.net/ Name: ClientId
Value: 5BE90CD104B0436E9EB8EFD73A7F9ABF
outlook.office.com.office.prod.marvell.myshn.net/ Name: OIDC
Value: 1
outlook.office.com.office.prod.marvell.myshn.net/ Name: OpenIdConnect.nonce.v3.Z2MoUeeygOig5eOzuYhF0j3ybGrMvByioqJJJ9xE5Fs
Value: 637861280906424217.137695a0-7549-4169-90c3-b70bb5d8ce2c
outlook.office.com.office.prod.marvell.myshn.net/ Name: X-OWA-RedirectHistory
Value: ArLym14BmS9nmHQj2gg
login.microsoftonline.com.office.prod.marvell.myshn.net/ Name: x-ms-gateway-slice
Value: estsfd
login.microsoftonline.com.office.prod.marvell.myshn.net/ Name: stsservicecookie
Value: estsfd
.login.microsoftonline.com.office.prod.marvell.myshn.net/ Name: AADSSO
Value: NA|NoExtension
login.microsoftonline.com.office.prod.marvell.myshn.net/ Name: SSOCOOKIEPULLED
Value: 1
login.microsoftonline.com.office.prod.marvell.myshn.net/ Name: buid
Value: 0.AQ0AMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABAAEAAAD--DLA3VO7QrddgJg7WevrIrgNbX5-KgceQrTtIodHlHgzS3HZu_okxhiQ0BF7V4MR9vuhFQkoKiFg3idLjj_1UoOngoa3CmpTESNmcMP2nqEJDGQ2kT77t7xD6b_q4hIgAA
login.microsoftonline.com.office.prod.marvell.myshn.net/ Name: fpc
Value: AgqKN5jGasBHlcRff9NgVDKerOTJAQAAANsS89kOAAAA
.login.microsoftonline.com.office.prod.marvell.myshn.net/ Name: esctx
Value: AQABAAAAAAD--DLA3VO7QrddgJg7WevrIklwsI2ybU_FdH9DNjAsUIAZ9GtlXl9IvFau-wTIsOakvqLCP8WGI9s5vkLVo2eGrFvjbhFbvL5rJwmX68OCitfxqOQbCWWjDuaQktFAS_B9NX599fjONh7IqukOSJXAogo9-c9Fp8hZOvt86TZVcj5bZqam3e9J_4PounGQ0OAgAA
.office.prod.marvell.myshn.net/ Name: SHN-VH-session
Value: e78cccd9-3c1a-4eae-ba62-f40ad3ba9c2a|1650533092182
.login.live.com.office.prod.marvell.myshn.net/ Name: uaid
Value: fc48dd8d0dc84292ac724c84a215320a
.login.live.com.office.prod.marvell.myshn.net/ Name: MSPRequ
Value: id=N&lt=1650531293&co=1
.login.microsoftonline.com.office.prod.marvell.myshn.net/ Name: brcap
Value: 0
outlook.office365.com.office.prod.marvell.myshn.net/ Name: ClientId
Value: 2B08446B091C4255888E1C851AC0DC29
outlook.office365.com.office.prod.marvell.myshn.net/ Name: OIDC
Value: 1
outlook.office365.com.office.prod.marvell.myshn.net/ Name: OWAPF
Value: p:11&v:15.20.5206.6&l:mouse&

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aadcdn.msftauth.net.office.prod.marvell.myshn.net
login.live.com.office.prod.marvell.myshn.net
login.microsoftonline.com.office.prod.marvell.myshn.net
outlook.office.com.office.prod.marvell.myshn.net
outlook.office365.com.office.prod.marvell.myshn.net
r4.res.office365.com.office.prod.marvell.myshn.net
aadcdn.msftauth.net.office.prod.marvell.myshn.net
r4.res.office365.com.office.prod.marvell.myshn.net
52.52.9.238
54.183.76.102
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
3d69221ff7acfbf160af3ee9040a389f1e9f08e16801a1cc77be7c75293a5af2
3fa1fa5ae0a20eda2b0262b54e2c3bfa0bb8c5262bc19f6edfe4dcc8d3b38a5e
659bb2277754a98b5b4dd551d8e0ce4979b507a7c61772b638902cd673c0f944
66a21866f76b025863d35646310deb81c8cdf2a86081d34ce88af54b60d4b906
881e25aad3eafcbcef0d278419babf632f541db8b2542963dfab8dbe727a464d
8b34a475187302935336bf43a2bf2a4e0adb9a1e87953ea51f6fcf0ef52a4a1d
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93
c7bcfcd2305204dd3ded9a440c9a0a67b14f8d63224ed72795b23243d90a6771
d5238dcd5576de5c01381727798f579c4722e1c0b07f544135fbe537d7ccf94f
d8f5ab3e00202fd3b45be1acd95d677b137064001e171bc79b06826d98f1e1d3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4e1e65871749d18aea150643c07e0aab2057da057c6c57ec1c3c43580e1c898
eff9271bbc6e0d83be7309fe9657f3726be0431cd6a67b94058fd82f0ece3fa4