microsoft0nline.org - urlscan.io

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 5 HTTP transactions. The main IP is 2606:4700:3034::ac43:db3e, located in United States and belongs to CLOUDFLARENET, US. The main domain is microsoft0nline.org.
TLS certificate: Issued by WE1 on November 10th 2024. Valid for: 3 months.

This is the only time microsoft0nline.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
2	2606:4700:303... 2606:4700:3034::ac43:db3e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a02:26f0:350... 2a02:26f0:3500:880::523	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
5	3

2 2606:4700:3034::ac43:db3e (United States)

ASN13335 (CLOUDFLARENET, US)

microsoft0nline.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:3500:880::523 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)

res.cloudinary.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	cloudinary.com res.cloudinary.com — Cisco Umbrella Rank: 2559	123 KB
2	microsoft0nline.org microsoft0nline.org	9 KB
5	2

	Domain	Requested by
3	res.cloudinary.com	microsoft0nline.org
2	microsoft0nline.org	microsoft0nline.org
5	2

This site contains links to these domains. Also see Links.

Domain
passwordreset.microsoftonline.com
www.microsoft.com
privacy.microsoft.com

Subject Issuer	Validity	Valid
microsoft0nline.org WE1	`2024-11-10` - `2025-02-08`	3 months	crt.sh
*.cloudinary.com Go Daddy Secure Certificate Authority - G2	`2024-12-18` - `2026-01-14`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://microsoft0nline.org/0YsCApqlP8nTYu6C?/planner/tasks/sovereign-network-grouphome/PlanViews/OtKjpJYAELPk?Type=AssignedTo&Channel=Email&CreatedTime=03012025&Exp=dnrt
Frame ID: CA6943F44DF3EF04752779F527EB47F7
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in to your account

Page Statistics

5
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

132 kB
Transfer

158 kB
Size

1
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://passwordreset.microsoftonline.com/
Title: Forgot my password

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/servicesagreement/
Title: Terms of use

Search URL Search Domain Scan URL

URL: https://privacy.microsoft.com/privacystatement
Title: Privacy & cookies

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request 0YsCApqlP8nTYu6C Show response
microsoft0nline.org/ 32 KB
8 KB 226ms
187ms Document
text/html 2606:4700:3034::ac43:db3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://microsoft0nline.org/0YsCApqlP8nTYu6C?/planner/tasks/sovereign-network-grouphome/PlanViews/OtKjpJYAELPk?Type=AssignedTo&Channel=Email&CreatedTime=03012025&Exp=dnrt

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::ac43:db3e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

350bbcd280f789a59a8848e6346c3c7bd8c6b837501a931c612e70a6f5c8602b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8fe49a821d3b3687-FRA
content-encoding: zstd
content-type: text/html
date: Tue, 07 Jan 2025 14:23:04 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referer-policy: origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j30k60vZMn%2BSFOm8Rum1zHp29EPsvVQXT7ulRYn2xtMFWOzyuS9WJXbOwm2LOvxV3SwYCj08o1KS4lifZ3gArIZpPigrfQeVK4vjMHROHaHf%2FqJP0%2BLDnYTW0PHYsiHUKpa4jDng0mpez%2F7VF3qypdes"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=TCP&rtt=10385&min_rtt=6367&rtt_var=5544&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3995&recv_bytes=2400&delivery_rate=568942&cwnd=254&unsent_bytes=0&cid=7b7316546c63ed30&ts=187&x=0"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-hox-trace-id: f77217827b435492e4439be47e09b6d6
x-xss-protection: 1; mode=block

GET
H2 200 63779552a90c3f0018b07081-sovereign.org.uk-develop.png
res.cloudinary.com/hoxhunt/image/upload/v1696577020/63779552a90c3f0018b07081/ 121 KB
121 KB 142ms
26ms Image
image/png 2a02:26f0:3500:880::523
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://res.cloudinary.com/hoxhunt/image/upload/v1696577020/63779552a90c3f0018b07081/63779552a90c3f0018b07081-sovereign.org.uk-develop.png

Requested by

Host: microsoft0nline.org
URL: https://microsoft0nline.org/0YsCApqlP8nTYu6C?/planner/tasks/sovereign-network-grouphome/PlanViews/OtKjpJYAELPk?Type=AssignedTo&Channel=Email&CreatedTime=03012025&Exp=dnrt

Protocol

H2

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:3500:880::523 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Cloudinary /

Resource Hash

260013867b8d75f941bc7a6b1fdb416b2bf1dffdf63e54f6cbfc763b066f2511

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://microsoft0nline.org/

Response headers

strict-transport-security: max-age=604800
cache-control: public, no-transform, immutable, max-age=2592000
access-control-expose-headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Robots-Tag,X-Content-Type-Options
timing-allow-origin: *
etag: "4e750e49a0d712385b7c5ad25fea4179"
x-content-type-options: nosniff
accept-ranges: bytes
access-control-allow-origin: *
server-timing: cld-akam;dur=13;start=2025-01-07T14:23:04.333Z;desc=hit-near,rtt;dur=19,content-info;desc="width=1920,height=510,bytes=123518,o=1"
content-length: 123518
date: Tue, 07 Jan 2025 14:23:04 GMT
content-type: image/png
last-modified: Fri, 06 Oct 2023 07:23:42 GMT
server: Cloudinary

GET
DATA 200
OK truncated
/ 513 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
H2 200 email-decode.min.js Show response
microsoft0nline.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 24ms
22ms Script
application/javascript 2606:4700:3034::ac43:db3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://microsoft0nline.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: microsoft0nline.org
URL: https://microsoft0nline.org/0YsCApqlP8nTYu6C?/planner/tasks/sovereign-network-grouphome/PlanViews/OtKjpJYAELPk?Type=AssignedTo&Channel=Email&CreatedTime=03012025&Exp=dnrt

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::ac43:db3e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://microsoft0nline.org/0YsCApqlP8nTYu6C?/planner/tasks/sovereign-network-grouphome/PlanViews/OtKjpJYAELPk?Type=AssignedTo&Channel=Email&CreatedTime=03012025&Exp=dnrt

Response headers

x-frame-options: DENY
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control: max-age=172800, public
content-encoding: gzip
etag: W/"675fc4cd-4d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zoRslsAOFv2HPRGJUdQkwwpfnTTYV5denDYot5Kthyb%2BLyal0VpRsqzY5wvfb3O3SBspt9%2B4FSuTevNxw7rnYun%2BxPxVO7W7QcATnQ9IqBqJi%2Bogo0WZqfskQcjUhbTqV71D%2FDitCGOYZhBIFwEzniCh"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
cf-ray: 8fe49a835e4f3687-FRA
expires: Thu, 09 Jan 2025 14:23:04 GMT
date: Tue, 07 Jan 2025 14:23:04 GMT
content-type: application/javascript
last-modified: Mon, 16 Dec 2024 06:12:29 GMT
server: cloudflare
vary: Accept-Encoding

GET
H2 200 o365-login.svg
res.cloudinary.com/hoxhunt/image/upload/v1610021365/questTemplates/ 2 KB
1 KB 135ms
21ms Image
image/svg+xml 2a02:26f0:3500:880::523
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://res.cloudinary.com/hoxhunt/image/upload/v1610021365/questTemplates/o365-login.svg

Requested by

Host: microsoft0nline.org
URL: https://microsoft0nline.org/0YsCApqlP8nTYu6C?/planner/tasks/sovereign-network-grouphome/PlanViews/OtKjpJYAELPk?Type=AssignedTo&Channel=Email&CreatedTime=03012025&Exp=dnrt

Protocol

H2

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:3500:880::523 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Cloudinary /

Resource Hash

8d940f7bcb965acf06d4af5bebf736b5fb367e95d2dbe4b5501b507c9ffedafc

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://microsoft0nline.org/

Response headers

access-control-expose-headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Robots-Tag,X-Content-Type-Options
content-encoding: br
etag: W/"7b9cd36b6c313a5f0a04136c1468fc0d"
x-content-type-options: nosniff
server-timing: cld-akam;dur=13;start=2025-01-07T14:23:04.329Z;desc=hit-near,rtt;dur=19,content-info;desc="width=1920,height=1080"
date: Tue, 07 Jan 2025 14:23:04 GMT
content-type: image/svg+xml
content-disposition: attachment; filename="o365-login.svg"
vary: Accept-Encoding
last-modified: Thu, 07 Jan 2021 12:09:29 GMT
strict-transport-security: max-age=604800
cache-control: private, no-transform, immutable, max-age=2592000
timing-allow-origin: *
accept-ranges: bytes
access-control-allow-origin: *
content-length: 644
server: Cloudinary

GET
H2 200 MS-favicon.ico
res.cloudinary.com/hoxhunt/image/upload/w_20/v1610537217/questTemplates/ 2 KB
615 B 22ms
22ms Other
image/x-icon 2a02:26f0:3500:880::523
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL

https://res.cloudinary.com/hoxhunt/image/upload/w_20/v1610537217/questTemplates/MS-favicon.ico

Protocol

H2

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:3500:880::523 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Cloudinary /

Resource Hash

764f5521d00c3a03021c8b51e29117d4c6a730cbbbb4aa1d813338cf4af1ddbb

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://microsoft0nline.org/

Response headers

access-control-expose-headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Robots-Tag,X-Content-Type-Options
content-encoding: gzip
etag: W/"f604e6210d358dbb195f7977007cce05"
x-content-type-options: nosniff
server-timing: cld-akam;dur=13;start=2025-01-07T14:23:04.393Z;desc=hit-near,rtt;dur=7,content-info;desc="width=20,height=20,owidth=1200,oheight=1200,obytes=13432"
date: Tue, 07 Jan 2025 14:23:04 GMT
content-type: image/x-icon
last-modified: Thu, 27 Jan 2022 07:33:29 GMT
vary: Accept-Encoding
strict-transport-security: max-age=604800
cache-control: public, no-transform, immutable, max-age=2592000
timing-allow-origin: *
accept-ranges: bytes
access-control-allow-origin: *
content-length: 128
server: Cloudinary

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| failOnClick function| failOnType function| failOnPaste

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			microsoft0nline.org/quest/attachment/	1969-12-31 23:59:59	Name: INGRESSCOOKIE Value: 1736259785.086.1032.788002\|112633931b9d22736a011431493af478

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

microsoft0nline.org
res.cloudinary.com
2606:4700:3034::ac43:db3e
2a02:26f0:3500:880::523
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
260013867b8d75f941bc7a6b1fdb416b2bf1dffdf63e54f6cbfc763b066f2511
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
350bbcd280f789a59a8848e6346c3c7bd8c6b837501a931c612e70a6f5c8602b
764f5521d00c3a03021c8b51e29117d4c6a730cbbbb4aa1d813338cf4af1ddbb
8d940f7bcb965acf06d4af5bebf736b5fb367e95d2dbe4b5501b507c9ffedafc

microsoft0nline.org Open in urlscan Pro 2606:4700:3034::ac43:db3e Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

5 Requests

100 %HTTPS

100 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

132 kBTransfer

158 kBSize

1 Cookies

3 Outgoing links

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

1 Cookies

Security Headers

Indicators

microsoft0nline.org Open in urlscan Pro
2606:4700:3034::ac43:db3e Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

132 kB
Transfer

158 kB
Size

1
Cookies

5 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!