login-microsoftonline.lkhgfghccghgh366555.com

Summary

This website contacted 2 IPs in 2 countries across 4 domains to perform 5 HTTP transactions. The main IP is 198.12.86.53, located in Alexandria, United States and belongs to AS-COLOCROSSING, US. The main domain is login-microsoftonline.lkhgfghccghgh366555.com.
TLS certificate: Issued by R3 on June 28th 2022. Valid for: 3 months.

This is the only time login-microsoftonline.lkhgfghccghgh366555.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 2	205.139.111.117 205.139.111.117	30031 (MIMECAST-) (MIMECAST-)
1 1	193.200.241.234 193.200.241.234	51167 (CONTABO) (CONTABO)
1	104.152.110.125 104.152.110.125	22611 (INMOTION) (INMOTION)
4	198.12.86.53 198.12.86.53	36352 (AS-COLOCR...) (AS-COLOCROSSING)
5	2

2 205.139.111.117 (United States) 2 redirects

ASN30031 (MIMECAST-, US)
PTR: us-api.mimecast.com

protect-us.mimecast.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.200.241.234 (Munich, Germany) 1 redirects

ASN51167 (CONTABO, DE)
PTR: ssd5.blooweb.net

z8.trqww.sceglilosconto.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.152.110.125 (United States)

ASN22611 (INMOTION, US)
PTR: mailserver.genesisbusinesssolutions.com

medicalproasia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 198.12.86.53 (Alexandria, United States)

ASN36352 (AS-COLOCROSSING, US)
PTR: 198-12-86-53-host.colocrossing.com

login-microsoftonline.lkhgfghccghgh366555.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	lkhgfghccghgh366555.com login-microsoftonline.lkhgfghccghgh366555.com	111 KB
2	mimecast.com 2 redirects protect-us.mimecast.com — Cisco Umbrella Rank: 7862	2 KB
1	medicalproasia.com medicalproasia.com	291 B
1	sceglilosconto.com 1 redirects z8.trqww.sceglilosconto.com	275 B
5	4

	Domain	Requested by
4	login-microsoftonline.lkhgfghccghgh366555.com	login-microsoftonline.lkhgfghccghgh366555.com
2	protect-us.mimecast.com	2 redirects
1	medicalproasia.com
1	z8.trqww.sceglilosconto.com	1 redirects
5	4

This site contains no links.

Subject Issuer	Validity	Valid
medicalproasia.com R3	`2022-05-13` - `2022-08-11`	3 months	crt.sh
lkhgfghccghgh366555.com R3	`2022-06-28` - `2022-09-26`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://login-microsoftonline.lkhgfghccghgh366555.com/?username=genereux.joe@dorsey.com&sso_reload=true
Frame ID: 093A0945A14AC036366D90785F95BD1C
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://login-microsoftonline.lkhgfghccghgh366555.com/?username=genereux.joe@dorsey.com Page URL
https://login-microsoftonline.lkhgfghccghgh366555.com/?username=genereux.joe@dorsey.com Page URL
https://login-microsoftonline.lkhgfghccghgh366555.com/?username=genereux.joe@dorsey.com&sso_reload=true Page URL

Page Statistics

5
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

2
IPs

2
Countries

111 kB
Transfer

447 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://login-microsoftonline.lkhgfghccghgh366555.com/?username=genereux.joe@dorsey.com Page URL
https://login-microsoftonline.lkhgfghccghgh366555.com/?username=genereux.joe@dorsey.com Page URL
https://login-microsoftonline.lkhgfghccghgh366555.com/?username=genereux.joe@dorsey.com&sso_reload=true Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://protect-us.mimecast.com/s/I1QBCgJQWAHDNn3rsNRIFW HTTP 307
https://protect-us.mimecast.com/redirect/eNqtVm1v2zgM_iuBP9epJEuyVNwO6213e0FbbO22Xnc5BHqhUnfxSy0lXTr0vx_tdOvLNuA-zEACUxQp8iH5yF-y3nUp28sW0EAPq8_Tixae-raPsJm6ts52smXrsj26k_XgoOpSqmpAWQopCl0QSghBHbpgO5lJybjzqgktevwyu5VraFKcZXv_4EqolnBkakBxlqXeNLGuYqzaZgr1cpbtzLJ4buiopaKQyoLnurCWAOFFkMIXRClOvQXulSmNov6rFRNytCOykICPZwqEltxpxwUNXPPgJBoQBsQXtiypEKDLUqpgQVIDHARRDEZ_tRfbIGgQWtuCAAuMGGAQgqelZqwstRV63Ny3bTr51QEgzO823RaoGmI0C5jt9sEpxvKYVhaR2WZeXQ-bmNb6Zucxwrb1m-l5qh8iSwCUB-ss9aW0QThnpZfMCM4LcIVXSgZinXyMLCdlIFJgfsIapxQNoEpFrLRobxEhpRQA1ejZKMzNgzaGOyEDnsa5fIBsYQ1iGVQRDBDECngpBVpzJ5kOwf4I2V8TwH1kE3xOs91uaarmPpoUz_gJmgkNHqDpdZClc0oSyrzDijvmVFlyJdELVyV1khZ2yPohmgJTDbpkgdpgA5dOFMySUmgjbUED8wqsMDxYjb6IlsopOvhESUvc9ABNpdGYC8lcocAUBQ4nc5wDyJJTQ3_Yp78mgP-BJmfi5t8bpBJfIYkMbPOqQamrfLYnkDZszPYKjgsGmSZ79v5kXxf7lAvcY8btz87BfXp_fLBdQLbAtX3nUIy1iecoeSoUU6XmRivmdIGjpazBwpTcFyFg3xSOW-sHk8b3aGF8XTVPF6arGuc6c0t2cWUvUPn8GwFOjuFyBTFN_vzcVf1m8twkmBy1qQqVM0Mo-Sn4BqI3m53J61UDE6Z3Jowwht5SnQ7bVYNpZquYoK9lNmTrvktzIOE72kSQqq66x5rN1w58ccvSeFS75QmoTbUcdT9h8HGXb-uxJkO73tNsqwJxLIQSUo-ztYXoLpxvp79p-2SWk1fvEJQO3x8F8ANEHx_-vbLqtr3Ip4yTKZ-qcfW8jWnrk-dqGuvU5e0qTWGVX2Etcjo1tblumwjxNpEt2Eetx7spI0ShXHX4eucXV-q4GDLNfsNbixGqqKUyOA4-N4JJQ5TLjXSQcyNNbojkOc4tErgpJQKTk_F5-pMgfh8O2PJ0wn7OhhYgSGUUx4VRvERQv-qXqDlPqdub7c52r9U09ZdXV9PoYLGslm10bZPaMaVddjGtFxeX_WzXvDwm7uWhPNjo9PH0uDtjf0X38vX67O-j7uxEXFhG1v6FvnJMr2xxuDanOh5cn60PLz7hb39zWOnm46lYuvoDhWfi0rIP-x9f6I1jH8RBfbS2b588Gdpg_AyYuxzmq0jonEk5X3v8z9n8rlnn27wGvZrfNjUio3IphNCUFKxAX4vVCHQ4ujLLQmzerDdvWf7HyWmo4uFb1Du0bGvo3bZgD2cBFtsJ7_o2IV3kqzgdWMaZmMYpvfkPxpafnw HTTP 307
http://z8.trqww.sceglilosconto.com/2j.mgjqr/aHR0cHM6Ly9tZWRpY2FscHJvYXNpYS5jb20vdG9wc29ub3MvaW9sLzYvMjkvMjAyMi9nZW5lcmV1eC5qb2VAZG9yc2V5LmNvbQ== HTTP 302
https://medicalproasia.com/topsonos/iol/6/29/2022/genereux.joe@dorsey.com

5 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	genereux.joe@dorsey.com medicalproasia.com/topsonos/iol/6/29/2022/ Redirect Chain https://protect-us.mimecast.com/s/I1QBCgJQWAHDNn3rsNRIFW https://protect-us.mimecast.com/redirect/eNqtVm1v2zgM_iuBP9epJEuyVNwO6213e0FbbO22Xnc5BHqhUnfxSy0lXTr0vx_tdOvLNuA-zEACUxQp8iH5yF-y3nUp28sW0EAPq8_Tixae-raPsJm6ts52smXrsj26k_XgoOpSqmpAWQopCl0QSghBHbpg... http://z8.trqww.sceglilosconto.com/2j.mgjqr/aHR0cHM6Ly9tZWRpY2FscHJvYXNpYS5jb20vdG9wc29ub3MvaW9sLzYvMjkvMjAyMi9nZW5lcmV1eC5qb2VAZG9yc2V5LmNvbQ== https://medicalproasia.com/topsonos/iol/6/29/2022/genereux.joe@dorsey.com	0 291 B	261ms 80ms	Document text/html	104.152.110.125 INMOTION
General Check archive.org Show headers Download Go to Full URL https://medicalproasia.com/topsonos/iol/6/29/2022/genereux.joe@dorsey.com Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 104.152.110.125 , United States, ASN22611 (INMOTION, US), Reverse DNS mailserver.genesisbusinesssolutions.com Software Apache / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 accept-language en-US,en;q=0.9 Response headers Connection Keep-Alive Content-Length 0 Content-Type text/html; charset=UTF-8 Date Wed, 29 Jun 2022 22:00:30 GMT Keep-Alive timeout=5, max=100 Server Apache refresh 0;url=https://login-microsoftonline.lkhgfghccghgh366555.com/?username=genereux.joe@dorsey.com Redirect headers Connection Keep-Alive Content-Length 0 Content-Type text/html; charset=UTF-8 Date Wed, 29 Jun 2022 22:00:30 GMT Keep-Alive timeout=5, max=100 Location https://medicalproasia.com/topsonos/iol/6/29/2022/genereux.joe@dorsey.com Server Apache
GET H2	200	/ Show response login-microsoftonline.lkhgfghccghgh366555.com/	72 KB 25 KB	382ms 334ms	Document text/html	198.12.86.53 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://login-microsoftonline.lkhgfghccghgh366555.com/?username=genereux.joe@dorsey.com Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.12.86.53 Alexandria, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 198-12-86-53-host.colocrossing.com Software nginx/1.21.6 / Resource Hash `7d834bcbd7c01b817b054a6d275e6a6faef0992b9e2bed4d3e0ffd42ae234d89` Request headers Referer https://medicalproasia.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 accept-language en-US,en;q=0.9 Response headers access-control-allow-headers * access-control-allow-origin * content-encoding gzip content-type text/html; charset=utf-8 date Wed, 29 Jun 2022 22:00:31 GMT server nginx/1.21.6 vary Accept-Encoding
GET H2	200	/ Show response login-microsoftonline.lkhgfghccghgh366555.com/	290 KB 84 KB	1754ms 1753ms	Document text/html	198.12.86.53 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://login-microsoftonline.lkhgfghccghgh366555.com/?username=genereux.joe@dorsey.com Requested by Host: login-microsoftonline.lkhgfghccghgh366555.com URL: https://login-microsoftonline.lkhgfghccghgh366555.com/?username=genereux.joe@dorsey.com Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.12.86.53 Alexandria, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 198-12-86-53-host.colocrossing.com Software nginx/1.21.6 / Resource Hash `4750b70078a907407e4179f33ed4ddf63019d008e48ef2953980722c57868824` Request headers Referer https://login-microsoftonline.lkhgfghccghgh366555.com/?username=genereux.joe@dorsey.com Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 accept-language en-US,en;q=0.9 Response headers access-control-allow-headers * access-control-allow-origin * cache-control no-store, no-cache content-encoding gzip content-type text/html; charset=utf-8 date Wed, 29 Jun 2022 22:00:33 GMT nel {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} p3p CP="DSP CUR OTPi IND OTRi ONL FIN" pragma no-cache referrer-policy strict-origin-when-cross-origin report-to {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity-nel-measure-office-a9d7e9b2.lkhgfghccghgh366555.com/api/report?catId=GW+estsfd+ams2"}]} server nginx/1.21.6 vary Accept-Encoding Accept-Encoding x-ms-ests-server 2.1.13081.9 - WEULR1 ProdSlices x-ms-request-id af2d4896-595a-4131-a2b9-2ce364100200
POST H2	200	reportbssotelemetry login-microsoftonline.lkhgfghccghgh366555.com/common/instrumentation/	264 B 845 B	1361ms 1360ms	Ping application/json	198.12.86.53 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://login-microsoftonline.lkhgfghccghgh366555.com/common/instrumentation/reportbssotelemetry?hpgid=6&hpgact=2101&client-request-id=20200540-a344-4e88-aaca-e3ebca6a3448&hpgrequestid=af2d4896-595a-4131-a2b9-2ce364100200 Requested by Host: login-microsoftonline.lkhgfghccghgh366555.com URL: https://login-microsoftonline.lkhgfghccghgh366555.com/?username=genereux.joe@dorsey.com Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.12.86.53 Alexandria, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 198-12-86-53-host.colocrossing.com Software nginx/1.21.6 / Resource Hash Request headers Referer https://login-microsoftonline.lkhgfghccghgh366555.com/?username=genereux.joe@dorsey.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers pragma no-cache date Wed, 29 Jun 2022 22:00:35 GMT content-encoding gzip referrer-policy strict-origin-when-cross-origin nel {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} server nginx/1.21.6 vary Accept-Encoding report-to {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity-nel-measure-office-a9d7e9b2.lkhgfghccghgh366555.com/api/report?catId=GW+estsfd+ams2"}]} p3p CP="DSP CUR OTPi IND OTRi ONL FIN" access-control-allow-origin * x-ms-request-id 626b380f-9fd6-410c-8042-2988c4f2c100 cache-control no-store, no-cache content-type application/json; charset=utf-8 access-control-allow-headers * x-ms-ests-server 2.1.13006.6 - NEULR1 ProdSlices
GET H2	200	Primary Request / login-microsoftonline.lkhgfghccghgh366555.com/	84 KB 0	2262ms 2261ms	Document text/html	198.12.86.53 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://login-microsoftonline.lkhgfghccghgh366555.com/?username=genereux.joe@dorsey.com&sso_reload=true Requested by Host: login-microsoftonline.lkhgfghccghgh366555.com URL: https://login-microsoftonline.lkhgfghccghgh366555.com/?username=genereux.joe@dorsey.com Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.12.86.53 Alexandria, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 198-12-86-53-host.colocrossing.com Software nginx/1.21.6 / Resource Hash Request headers Referer https://login-microsoftonline.lkhgfghccghgh366555.com/?username=genereux.joe@dorsey.com Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 accept-language en-US,en;q=0.9 Response headers access-control-allow-headers * access-control-allow-origin * cache-control no-store, no-cache content-encoding gzip content-type text/html; charset=utf-8 date Wed, 29 Jun 2022 22:00:36 GMT nel {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} p3p CP="DSP CUR OTPi IND OTRi ONL FIN" pragma no-cache referrer-policy strict-origin-when-cross-origin report-to {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity-nel-measure-office-a9d7e9b2.lkhgfghccghgh366555.com/api/report?catId=GW+estsfd+ams2"}]} server nginx/1.21.6 vary Accept-Encoding Accept-Encoding x-ms-ests-server 2.1.13006.6 - WUS2 ProdSlices x-ms-request-id b65fd182-4721-4bf8-9297-6f48605c0e01

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.lkhgfghccghgh366555.com/	1970-01-20 12:54:36	Name: __bjTp Value: YTlkN2U5YjItMmRmNi00MTBmLThkZDgtYWZmNzM3ZGM2NDBjOjMzYWUyNzZjLTQ0MjAtNGU3NS1iYTdkLThiYTUzZDU3ZGM3Mw==
.login-microsoftonline.lkhgfghccghgh366555.com/	1969-12-31 23:59:59	Name: AADSSO Value: NA\|NoExtension
login-microsoftonline.lkhgfghccghgh366555.com/	1970-01-20 04:09:00	Name: SSOCOOKIEPULLED Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

login-microsoftonline.lkhgfghccghgh366555.com
medicalproasia.com
protect-us.mimecast.com
z8.trqww.sceglilosconto.com
104.152.110.125
193.200.241.234
198.12.86.53
205.139.111.117
4750b70078a907407e4179f33ed4ddf63019d008e48ef2953980722c57868824
7d834bcbd7c01b817b054a6d275e6a6faef0992b9e2bed4d3e0ffd42ae234d89

login-microsoftonline.lkhgfghccghgh366555.com Open in urlscan Pro 198.12.86.53 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

5 Requests

100 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

2 IPs

2 Countries

111 kBTransfer

447 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

3 Cookies

Indicators

login-microsoftonline.lkhgfghccghgh366555.com Open in urlscan Pro
198.12.86.53 Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

2
IPs

2
Countries

111 kB
Transfer

447 kB
Size

3
Cookies

5 HTTP transactions
0 data transactions