www.microsoftonline.coiin.us
Open in
urlscan Pro
142.11.240.12
Malicious Activity!
Public Scan
Submission: On July 03 via automatic, source certstream-suspicious
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on July 3rd 2019. Valid for: 3 months.
This is the only time www.microsoftonline.coiin.us was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Office 365 (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 142.11.240.12 142.11.240.12 | 54290 (HOSTWINDS) (HOSTWINDS - Hostwinds LLC.) | |
3 | 2a01:4a0:1338... 2a01:4a0:1338:28::c38a:ff12 | 201011 (NETZBETRI...) (NETZBETRIEB-GMBH) | |
1 | 2a01:4a0:1338... 2a01:4a0:1338:28::c38a:ff18 | 201011 (NETZBETRI...) (NETZBETRIEB-GMBH) | |
1 | 104.109.58.40 104.109.58.40 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 2a02:26f0:f1:... 2a02:26f0:f1:18c::37 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
16 | 6 |
ASN54290 (HOSTWINDS - Hostwinds LLC., US)
PTR: hwsrv-536236.hostwindsdns.com
www.microsoftonline.coiin.us |
ASN201011 (NETZBETRIEB-GMBH, DE)
statics-uhf-eus.akamaized.net |
ASN201011 (NETZBETRIEB-GMBH, DE)
img-prod-cms-rt-microsoft-com.akamaized.net |
ASN20940 (AKAMAI-ASN1, US)
PTR: a104-109-58-40.deploy.static.akamaitechnologies.com
blob.officehome.msocdn.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
akamaized.net
statics-uhf-eus.akamaized.net img-prod-cms-rt-microsoft-com.akamaized.net |
61 KB |
1 |
gfx.ms
mem.gfx.ms |
9 KB |
1 |
msocdn.com
blob.officehome.msocdn.com Failed |
155 KB |
1 |
coiin.us
www.microsoftonline.coiin.us |
88 KB |
16 | 4 |
Domain | Requested by | |
---|---|---|
3 | statics-uhf-eus.akamaized.net |
www.microsoftonline.coiin.us
|
1 | mem.gfx.ms |
www.microsoftonline.coiin.us
|
1 | img-prod-cms-rt-microsoft-com.akamaized.net |
www.microsoftonline.coiin.us
|
1 | blob.officehome.msocdn.com |
www.microsoftonline.coiin.us
|
1 | www.microsoftonline.coiin.us | |
16 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
login.microsoftonline.coiin.us Let's Encrypt Authority X3 |
2019-07-03 - 2019-10-01 |
3 months | crt.sh |
a248.e.akamai.net DigiCert ECC Secure Server CA |
2018-10-18 - 2019-10-18 |
a year | crt.sh |
*.officehome.msocdn.com Microsoft IT TLS CA 5 |
2017-12-07 - 2019-12-07 |
2 years | crt.sh |
mem.gfx.ms Microsoft IT TLS CA 2 |
2018-02-05 - 2020-02-05 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.microsoftonline.coiin.us/
Frame ID: A9ED923C1AABF9A6A4D93066164F9E2D
Requests: 16 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
/
www.microsoftonline.coiin.us/ |
87 KB 88 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
segoeui_light.woff2
blob.officehome.msocdn.com/versionless/webfonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
segoeui_regular.woff2
blob.officehome.msocdn.com/versionless/webfonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
segoeui_semibold.woff2
blob.officehome.msocdn.com/versionless/webfonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
segoeui_semilight.woff2
blob.officehome.msocdn.com/versionless/webfonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
unauth-cb054a4daf.css
blob.officehome.msocdn.com/bundles/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
sharedfontstyles-30d1fc43fd.css
blob.officehome.msocdn.com/bundles/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
51-6d3a1e
statics-uhf-eus.akamaized.net/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/e9-4413b1/4e-bb306d/a9-963a11/10-aee09b/51-465167/1d-9730ee/34-521645/ |
160 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
override.css
statics-uhf-eus.akamaized.net/statics/ |
1 KB 938 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
RE1Mu3b
img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hero-still-image-desktop-89e7da971f.jpg
blob.officehome.msocdn.com/images/content/images/ |
154 KB 155 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
unauth-vendor-b5e15713c1.js
blob.officehome.msocdn.com/bundles/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
sharedscripts-3b5e8eac10.js
blob.officehome.msocdn.com/bundles/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
unauth-49e566bfcb.js
blob.officehome.msocdn.com/bundles/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
18-d72213
statics-uhf-eus.akamaized.net/shell/_scrf/js/themes=default/54-af9f9f/c0-247156/de-099401/e1-a50eee/e7-954872/d8-97d509/f0-251fe2/46-be1318/77-04a268/7f-652c90/63-077520/a4-34de62/75-71ddfc/db-bc01... |
125 KB 33 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
meversion
mem.gfx.ms/ |
25 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- blob.officehome.msocdn.com
- URL
- https://blob.officehome.msocdn.com/versionless/webfonts/segoeui_light.woff2
- Domain
- blob.officehome.msocdn.com
- URL
- https://blob.officehome.msocdn.com/versionless/webfonts/segoeui_regular.woff2
- Domain
- blob.officehome.msocdn.com
- URL
- https://blob.officehome.msocdn.com/versionless/webfonts/segoeui_semibold.woff2
- Domain
- blob.officehome.msocdn.com
- URL
- https://blob.officehome.msocdn.com/versionless/webfonts/segoeui_semilight.woff2
- Domain
- blob.officehome.msocdn.com
- URL
- https://blob.officehome.msocdn.com/bundles/unauth-cb054a4daf.css
- Domain
- blob.officehome.msocdn.com
- URL
- https://blob.officehome.msocdn.com/bundles/sharedfontstyles-30d1fc43fd.css
- Domain
- blob.officehome.msocdn.com
- URL
- https://blob.officehome.msocdn.com/bundles/unauth-vendor-b5e15713c1.js
- Domain
- blob.officehome.msocdn.com
- URL
- https://blob.officehome.msocdn.com/bundles/sharedscripts-3b5e8eac10.js
- Domain
- blob.officehome.msocdn.com
- URL
- https://blob.officehome.msocdn.com/bundles/unauth-49e566bfcb.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Office 365 (Online)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
blob.officehome.msocdn.com
img-prod-cms-rt-microsoft-com.akamaized.net
mem.gfx.ms
statics-uhf-eus.akamaized.net
www.microsoftonline.coiin.us
blob.officehome.msocdn.com
104.109.58.40
142.11.240.12
2a01:4a0:1338:28::c38a:ff12
2a01:4a0:1338:28::c38a:ff18
2a02:26f0:f1:18c::37
0840c7866cd2e5e9c311a75548d8aaab37655e5fdccda9303de5f2570233a6a0
0bd288d5397a69ead391875b422bf2cbdcc4f795d64aa2f780aff45768d78248
112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960
35b17a518befe5e8dd49b17bd04afb8a156c07e52485d496b353f79c722d8202
3abc05cf7fcd206115a9f2871547be6a8649c34b2efc0d1f77441147a5a78bc8
55afd02f9ca1fe1b8d3705ef8eba7c9a8e2f0ba4b8d1ab8853a2a10fae9e4ac8
d89bb86fe481803aa172b1cd9a3993fe59f23cffcc938bd2b827c9d2e0997ca4