urlscan.io logo urlscan.io
SecurityTrails logo

www.microsoftonline.coiin.us Open in urlscan Pro
142.11.240.12  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://www.microsoftonline.coiin.us/
Submission: On July 03 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 4 countries across 4 domains to perform 16 HTTP transactions. The main IP is 142.11.240.12, located in Seattle, United States and belongs to HOSTWINDS - Hostwinds LLC., US. The main domain is www.microsoftonline.coiin.us.
TLS certificate: Issued by Let's Encrypt Authority X3 on July 3rd 2019. Valid for: 3 months.
This is the only time www.microsoftonline.coiin.us was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Office 365 (Online)

Domain & IP information

IP Address AS Autonomous System
1 142.11.240.12 54290 (HOSTWINDS)
3 2a01:4a0:1338... 201011 (NETZBETRI...)
1 2a01:4a0:1338... 201011 (NETZBETRI...)
1 104.109.58.40 20940 (AKAMAI-ASN1)
1 2a02:26f0:f1:... 20940 (AKAMAI-ASN1)
16 6
1    142.11.240.12 (Seattle, United States)

ASN54290 (HOSTWINDS - Hostwinds LLC., US)
PTR: hwsrv-536236.hostwindsdns.com
www.microsoftonline.coiin.us
3    2a01:4a0:1338:28::c38a:ff12 (Germany)

ASN201011 (NETZBETRIEB-GMBH, DE)
statics-uhf-eus.akamaized.net
1    2a01:4a0:1338:28::c38a:ff18 (Germany)

ASN201011 (NETZBETRIEB-GMBH, DE)
img-prod-cms-rt-microsoft-com.akamaized.net
1    104.109.58.40 (Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a104-109-58-40.deploy.static.akamaitechnologies.com
blob.officehome.msocdn.com
1    2a02:26f0:f1:18c::37 (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)
mem.gfx.ms
Domain Requested by
3 statics-uhf-eus.akamaized.net www.microsoftonline.coiin.us
1 mem.gfx.ms www.microsoftonline.coiin.us
1 img-prod-cms-rt-microsoft-com.akamaized.net www.microsoftonline.coiin.us
1 blob.officehome.msocdn.com www.microsoftonline.coiin.us
1 www.microsoftonline.coiin.us
16 5

This site contains no links.

Subject Issuer Validity Valid
login.microsoftonline.coiin.us
Let's Encrypt Authority X3		 2019-07-03 -
2019-10-01		 3 months crt.sh
a248.e.akamai.net
DigiCert ECC Secure Server CA		 2018-10-18 -
2019-10-18		 a year crt.sh
*.officehome.msocdn.com
Microsoft IT TLS CA 5		 2017-12-07 -
2019-12-07		 2 years crt.sh
mem.gfx.ms
Microsoft IT TLS CA 2		 2018-02-05 -
2020-02-05		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://www.microsoftonline.coiin.us/
Frame ID: A9ED923C1AABF9A6A4D93066164F9E2D
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Statistics

16
Requests

44 %
HTTPS

60 %
IPv6

4
Domains

5
Subdomains

6
IPs

4
Countries

313 kB
Transfer

557 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set /
www.microsoftonline.coiin.us/ 		87 KB
88 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.microsoftonline.coiin.us/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
142.11.240.12 Seattle, United States, ASN54290 (HOSTWINDS - Hostwinds LLC., US),
Reverse DNS
hwsrv-536236.hostwindsdns.com
Software
/
Resource Hash
35b17a518befe5e8dd49b17bd04afb8a156c07e52485d496b353f79c722d8202

Request headers

Host
www.microsoftonline.coiin.us
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
close
Content-Type
text/html; charset=utf-8
Date
Wed, 03 Jul 2019 01:19:25 GMT
Expires
-1
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Set-Cookie
OH.DCAffinity=OH-scu; Path=/; HttpOnly OH.SID=839005fa-a137-4fc2-a687-684f59bf12fe; Path=/; HttpOnly p.UnAuthUserCookie=2b7c1b8b-e86c-4aba-992b-c5b1994eded2; Path=/; HttpOnly OH.DCAffinity=OH-scu; Path=/; HttpOnly MUID=11A9787169A36A4626C575FF68CF6B4D; Path=/; Domain=microsoftonline.coiin.us
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Msedge-Ref
Ref A: 8C0429C59B884636A5586412BCC66F9E Ref B: SN1EDGE0919 Ref C: 2019-07-03T01:19:26Z
X-Ua-Compatible
IE=edge,chrome=1
segoeui_light.woff2
blob.officehome.msocdn.com/versionless/webfonts/ 		0
0
segoeui_regular.woff2
blob.officehome.msocdn.com/versionless/webfonts/ 		0
0
segoeui_semibold.woff2
blob.officehome.msocdn.com/versionless/webfonts/ 		0
0
segoeui_semilight.woff2
blob.officehome.msocdn.com/versionless/webfonts/ 		0
0
unauth-cb054a4daf.css
blob.officehome.msocdn.com/bundles/ 		0
0
sharedfontstyles-30d1fc43fd.css
blob.officehome.msocdn.com/bundles/ 		0
0
51-6d3a1e
statics-uhf-eus.akamaized.net/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/e9-4413b1/4e-bb306d/a9-963a11/10-aee09b/51-465167/1d-9730ee/34-521645/ 		160 KB
22 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://statics-uhf-eus.akamaized.net/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/e9-4413b1/4e-bb306d/a9-963a11/10-aee09b/51-465167/1d-9730ee/34-521645/51-6d3a1e?ver=2.0
Requested by
Host: www.microsoftonline.coiin.us
URL: https://www.microsoftonline.coiin.us/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a01:4a0:1338:28::c38a:ff12 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
3abc05cf7fcd206115a9f2871547be6a8649c34b2efc0d1f77441147a5a78bc8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Referer
https://www.microsoftonline.coiin.us/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

ms-operation-id
218bd02208f5bd459d4d0ca276ebf68e
Date
Wed, 03 Jul 2019 01:19:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-S2
2019-03-05T19:59:00
P3P
CP="CAO CONi OTR OUR DEM ONL"
X-Activity-Id
00000000-1881-4005-bfcc-53481e425970
Connection
keep-alive
MS-CV
LHuXCwQXFUGUxQdi.0
Vary
Accept-Encoding
Content-Length
21538
X-XSS-Protection
1
Last-Modified
Tue, 05 Mar 2019 19:59:00 GMT
Server
Microsoft-IIS/10.0
X-Az
{did:-, rid: -, sn: uhf-eus-prod, dt: 2019-03-05T19:51:26.9163129Z, bt: 2019-02-27T00:18:04.0000000Z}
X-S1
2019-03-05T19:59:00
Access-Control-Allow-Methods
HEAD,GET,POST,PATCH,PUT,OPTIONS
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=21235174
Timing-Allow-Origin
*
X-AppVersion
1.0.6997.542
Expires
Wed, 04 Mar 2020 19:59:00 GMT
override.css
statics-uhf-eus.akamaized.net/statics/ 		1 KB
938 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://statics-uhf-eus.akamaized.net/statics/override.css?c=7
Requested by
Host: www.microsoftonline.coiin.us
URL: https://www.microsoftonline.coiin.us/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a01:4a0:1338:28::c38a:ff12 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
0bd288d5397a69ead391875b422bf2cbdcc4f795d64aa2f780aff45768d78248

Request headers

Referer
https://www.microsoftonline.coiin.us/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Wed, 03 Jul 2019 01:19:26 GMT
Content-Encoding
gzip
Last-Modified
Tue, 05 Mar 2019 19:05:18 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag
0x8D6A19D82194196
Vary
Accept-Encoding
Content-Type
text/css
X-EdgeConnect-Cache-Status
1
x-ms-request-id
ea62f969-a01e-004f-7487-d3fc71000000
x-ms-version
2009-09-19
Connection
keep-alive
Content-Length
473
RE1Mu3b
img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
Requested by
Host: www.microsoftonline.coiin.us
URL: https://www.microsoftonline.coiin.us/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960

Request headers

Referer
https://www.microsoftonline.coiin.us/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-cms-cdninvalkey
am:RE1Mu3b
date
Wed, 03 Jul 2019 01:19:26 GMT
x-aspnet-version
4.0.30319
x-source-length
4054
x-powered-by
ASP.NET
status
200
x-activityid
07deec18-14f3-4f6a-b930-50b68634c051
content-location
https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
x-deployment
a89a5014e89c41b7b60a64d7ee950637
content-length
4054
last-modified
Sun, 30 Jun 2019 00:34:19 GMT
server
Microsoft-IIS/10.0
x-datacenter
NorthEU
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=170089
x-instance
Resizer.Web_IN_3
timing-allow-origin
*
expires
Fri, 05 Jul 2019 00:34:15 GMT
hero-still-image-desktop-89e7da971f.jpg
blob.officehome.msocdn.com/images/content/images/ 		154 KB
155 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blob.officehome.msocdn.com/images/content/images/hero-still-image-desktop-89e7da971f.jpg
Requested by
Host: www.microsoftonline.coiin.us
URL: https://www.microsoftonline.coiin.us/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.109.58.40 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a104-109-58-40.deploy.static.akamaitechnologies.com
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
d89bb86fe481803aa172b1cd9a3993fe59f23cffcc938bd2b827c9d2e0997ca4
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.microsoftonline.coiin.us/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 03 Jul 2019 01:19:44 GMT
x-content-type-options
nosniff
last-modified
Mon, 15 Apr 2019 20:45:00 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
status
200
content-type
image/jpeg
access-control-allow-origin
*
x-ms-request-id
64f61c99-a01e-00c8-7769-f5aa18000000
x-cache-start
1555538835
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
content-length
158097
access-control-expose-headers
content-length
unauth-vendor-b5e15713c1.js
blob.officehome.msocdn.com/bundles/ 		0
0
sharedscripts-3b5e8eac10.js
blob.officehome.msocdn.com/bundles/ 		0
0
unauth-49e566bfcb.js
blob.officehome.msocdn.com/bundles/ 		0
0
18-d72213
statics-uhf-eus.akamaized.net/shell/_scrf/js/themes=default/54-af9f9f/c0-247156/de-099401/e1-a50eee/e7-954872/d8-97d509/f0-251fe2/46-be1318/77-04a268/7f-652c90/63-077520/a4-34de62/75-71ddfc/db-bc01... 		125 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://statics-uhf-eus.akamaized.net/shell/_scrf/js/themes=default/54-af9f9f/c0-247156/de-099401/e1-a50eee/e7-954872/d8-97d509/f0-251fe2/46-be1318/77-04a268/7f-652c90/63-077520/a4-34de62/75-71ddfc/db-bc0148/dc-7e9864/78-4c7d22/9f-d154ca/e4-8302f6/cd-23d3b0/6d-1e7ed0/b7-cadaa7/ca-40b7b0/4e-ee3a55/3e-f5c39b/c3-6454d7/f9-7592d3/92-10345d/79-499886/7e-cda2d3/32-6dafa3/93-283c2d/e0-3c9860/91-97a04f/1f-100dea/33-abe4df/18-d72213?ver=2.0&iife=1
Requested by
Host: www.microsoftonline.coiin.us
URL: https://www.microsoftonline.coiin.us/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a01:4a0:1338:28::c38a:ff12 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
55afd02f9ca1fe1b8d3705ef8eba7c9a8e2f0ba4b8d1ab8853a2a10fae9e4ac8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Referer
https://www.microsoftonline.coiin.us/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

ms-operation-id
b44bcb90572ad2469da3f9648b8c70a5
Date
Wed, 03 Jul 2019 01:19:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-S2
2019-03-05T19:58:48
P3P
CP="CAO CONi OTR OUR DEM ONL"
X-Activity-Id
00000000-3386-469e-b30e-0684fb14e330
Connection
keep-alive
MS-CV
VcibjKmOnUqU4/Fb.0
Vary
Accept-Encoding
Content-Length
33384
X-XSS-Protection
1
Last-Modified
Tue, 05 Mar 2019 19:58:48 GMT
Server
Microsoft-IIS/10.0
X-Az
{did:-, rid: -, sn: uhf-eus-prod, dt: 2019-03-05T19:23:12.2121517Z, bt: 2019-02-27T00:18:04.0000000Z}
X-S1
2019-03-05T19:58:48
Access-Control-Allow-Methods
HEAD,GET,POST,PATCH,PUT,OPTIONS
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=21235162
Timing-Allow-Origin
*
X-AppVersion
1.0.6997.542
Expires
Wed, 04 Mar 2020 19:58:48 GMT
meversion
mem.gfx.ms/ 		25 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mem.gfx.ms/meversion?partner=office&market=en-us&uhf=1
Requested by
Host: www.microsoftonline.coiin.us
URL: https://www.microsoftonline.coiin.us/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:f1:18c::37 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
0840c7866cd2e5e9c311a75548d8aaab37655e5fdccda9303de5f2570233a6a0
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.microsoftonline.coiin.us/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 03 Jul 2019 01:19:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Vary
Accept-Encoding
Content-Type
application/javascript
Expires
Wed, 03 Jul 2019 07:33:06 GMT
Cache-Control
public, no-transform, max-age=43200
Connection
keep-alive
Content-Length
8902
X-UA-Compatible
IE=edge

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
blob.officehome.msocdn.com
URL
https://blob.officehome.msocdn.com/versionless/webfonts/segoeui_light.woff2
Domain
blob.officehome.msocdn.com
URL
https://blob.officehome.msocdn.com/versionless/webfonts/segoeui_regular.woff2
Domain
blob.officehome.msocdn.com
URL
https://blob.officehome.msocdn.com/versionless/webfonts/segoeui_semibold.woff2
Domain
blob.officehome.msocdn.com
URL
https://blob.officehome.msocdn.com/versionless/webfonts/segoeui_semilight.woff2
Domain
blob.officehome.msocdn.com
URL
https://blob.officehome.msocdn.com/bundles/unauth-cb054a4daf.css
Domain
blob.officehome.msocdn.com
URL
https://blob.officehome.msocdn.com/bundles/sharedfontstyles-30d1fc43fd.css
Domain
blob.officehome.msocdn.com
URL
https://blob.officehome.msocdn.com/bundles/unauth-vendor-b5e15713c1.js
Domain
blob.officehome.msocdn.com
URL
https://blob.officehome.msocdn.com/bundles/sharedscripts-3b5e8eac10.js
Domain
blob.officehome.msocdn.com
URL
https://blob.officehome.msocdn.com/bundles/unauth-49e566bfcb.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Office 365 (Online)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask

0 Cookies