urlscan.io logo urlscan.io
SecurityTrails logo

accesspoint987.z22.web.core.windows.net Open in urlscan Pro
52.239.228.225  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://accesspoint987.z22.web.core.windows.net/
Submission: On January 25 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 6 domains to perform 10 HTTP transactions. The main IP is 52.239.228.225, located in San Jose, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is accesspoint987.z22.web.core.windows.net.
TLS certificate: Issued by Microsoft RSA TLS CA 02 on November 14th 2020. Valid for: a year.
This is the only time accesspoint987.z22.web.core.windows.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 52.239.228.225 8075 (MICROSOFT...)
4 8 2620:100:6021... 19679 (DROPBOX)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 40.126.31.143 8075 (MICROSOFT...)
10 5
1    52.239.228.225 (San Jose, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
accesspoint987.z22.web.core.windows.net
8    2620:100:6021:15::a27d:410f (United States)

ASN19679 (DROPBOX, US)
dl.dropbox.com
dl.dropboxusercontent.com
1    2a00:1450:4001:824::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
3    2a02:26f0:6c00:2bf::35c1 (Ascension Island)

ASN20940 (AKAMAI-ASN1, NL)
secure.aadcdn.microsoftonline-p.com
1    40.126.31.143 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
login.microsoftonline.com
Domain Requested by
4 dl.dropboxusercontent.com accesspoint987.z22.web.core.windows.net
4 dl.dropbox.com 4 redirects
3 secure.aadcdn.microsoftonline-p.com accesspoint987.z22.web.core.windows.net
1 login.microsoftonline.com accesspoint987.z22.web.core.windows.net
1 ajax.googleapis.com accesspoint987.z22.web.core.windows.net
1 accesspoint987.z22.web.core.windows.net
10 6

This site contains no links.

Subject Issuer Validity Valid
*.web.core.windows.net
Microsoft RSA TLS CA 02		 2020-11-14 -
2021-11-14		 a year crt.sh
*.dl.dropboxusercontent.com
DigiCert SHA2 High Assurance Server CA		 2020-01-30 -
2022-04-14		 2 years crt.sh
upload.video.google.com
GTS CA 1O1		 2021-01-05 -
2021-03-30		 3 months crt.sh
secure.aadcdn.microsoftonline-p.com
Microsoft RSA TLS CA 01		 2020-12-22 -
2021-12-22		 a year crt.sh
stamp2.login.microsoftonline.com
DigiCert SHA2 Secure Server CA		 2020-10-13 -
2021-10-12		 a year crt.sh

This page contains 2 frames:

Primary Page: https://accesspoint987.z22.web.core.windows.net/
Frame ID: EDBB064A1580DF03D88067A4C91E817C
Requests: 9 HTTP requests in this frame

Frame: https://login.microsoftonline.com/logout.srf?ct=1548343592&rver=64.4.6456.0&lc=1033&id=501392
Frame ID: 219B21B06C0C74705112A945A78EF6DF
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /Microsoft-HTTPAPI(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

10
Requests

100 %
HTTPS

60 %
IPv6

6
Domains

6
Subdomains

5
IPs

3
Countries

367 kB
Transfer

488 kB
Size

13
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://dl.dropbox.com/s/cb95b5gftn096qb/converged.login.min.css HTTP 302
  • https://dl.dropboxusercontent.com/s/cb95b5gftn096qb/converged.login.min.css
Request Chain 2
  • https://dl.dropbox.com/s/tdqkqott2bu1k4u/microsoft_logo.svg HTTP 302
  • https://dl.dropboxusercontent.com/s/tdqkqott2bu1k4u/microsoft_logo.svg
Request Chain 4
  • https://dl.dropbox.com/s/t045qj5vn6i1rjf/ellipsis_white.svg HTTP 302
  • https://dl.dropboxusercontent.com/s/t045qj5vn6i1rjf/ellipsis_white.svg
Request Chain 5
  • https://dl.dropbox.com/s/vphnw2144by9tg1/ellipsis_grey.svg HTTP 302
  • https://dl.dropboxusercontent.com/s/vphnw2144by9tg1/ellipsis_grey.svg

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
accesspoint987.z22.web.core.windows.net/ 		20 KB
20 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://accesspoint987.z22.web.core.windows.net/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.239.228.225 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
7249c0158ac8e3c547d2c4d16c8b2af0b08f87cb7729e516a3313a27373599bc

Request headers

Host
accesspoint987.z22.web.core.windows.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Length
20370
Content-Type
text/html
Content-MD5
6I3Cl+8lTi+N3/xQpwdgQQ==
Last-Modified
Mon, 25 Jan 2021 09:35:41 GMT
Accept-Ranges
bytes
ETag
"0x8D8C11494B91838"
Server
Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id
b27de232-101e-0038-0359-f3f7a9000000
x-ms-version
2018-03-28
Date
Mon, 25 Jan 2021 20:37:13 GMT
converged.login.min.css
dl.dropboxusercontent.com/s/cb95b5gftn096qb/
Redirect Chain
  • https://dl.dropbox.com/s/cb95b5gftn096qb/converged.login.min.css
  • https://dl.dropboxusercontent.com/s/cb95b5gftn096qb/converged.login.min.css
86 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://dl.dropboxusercontent.com/s/cb95b5gftn096qb/converged.login.min.css
Requested by
Host: accesspoint987.z22.web.core.windows.net
URL: https://accesspoint987.z22.web.core.windows.net/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:100:6021:15::a27d:410f , United States, ASN19679 (DROPBOX, US),
Reverse DNS
Software
envoy /
Resource Hash
a8e954fc9668172a94b5e7d74efca982d6abd6891d0457e3d859c99018087fff
Security Headers
Name Value
Content-Security-Policy report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://accesspoint987.z22.web.core.windows.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
public
date
Mon, 25 Jan 2021 20:37:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
envoy
x-server-response-time
635
vary
Accept-Encoding
content-type
text/css; charset=utf-8
x-dropbox-request-id
350f7f352e1b4ecaa5dfb2fef7e00911
content-disposition
inline; filename="converged.login.min.css"; filename*=UTF-8''converged.login.min.css
cache-control
max-age=60
content-security-policy
report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
x-robots-tag
noindex, nofollow, noimageindex, noindex, nofollow, noimageindex

Redirect headers

pragma
no-cache
date
Mon, 25 Jan 2021 20:37:13 GMT
server
envoy
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type
text/html; charset=utf-8
location
https://dl.dropboxusercontent.com/s/cb95b5gftn096qb/converged.login.min.css
cache-control
no-cache
content-security-policy
sandbox
x-robots-tag
noindex, nofollow, noimageindex, noindex, nofollow, noimageindex
x-dropbox-request-id
41d2a35510f142e29694a27c02247e55
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.2.1/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
Requested by
Host: accesspoint987.z22.web.core.windows.net
URL: https://accesspoint987.z22.web.core.windows.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://accesspoint987.z22.web.core.windows.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 25 Jan 2021 16:21:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
15354
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30306
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 25 Jan 2022 16:21:19 GMT
microsoft_logo.svg
dl.dropboxusercontent.com/s/tdqkqott2bu1k4u/
Redirect Chain
  • https://dl.dropbox.com/s/tdqkqott2bu1k4u/microsoft_logo.svg
  • https://dl.dropboxusercontent.com/s/tdqkqott2bu1k4u/microsoft_logo.svg
4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dl.dropboxusercontent.com/s/tdqkqott2bu1k4u/microsoft_logo.svg
Requested by
Host: accesspoint987.z22.web.core.windows.net
URL: https://accesspoint987.z22.web.core.windows.net/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:100:6021:15::a27d:410f , United States, ASN19679 (DROPBOX, US),
Reverse DNS
Software
envoy /
Resource Hash
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
Security Headers
Name Value
Content-Security-Policy sandbox, report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy sandbox
X-Content-Type-Options nosniff

Request headers

Referer
https://accesspoint987.z22.web.core.windows.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 25 Jan 2021 20:37:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-dropbox-request-id
68d9f571f7b64cb289172d676c2b9614
content-disposition
attachment; filename=microsoft_logo.svg
vary
Accept-Encoding
pragma
public
server
envoy
x-server-response-time
495
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type
image/svg+xml
cache-control
max-age=60
content-security-policy
sandbox, report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
x-robots-tag
noindex, nofollow, noimageindex, noindex, nofollow, noimageindex
x-webkit-csp
sandbox
x-content-security-policy
sandbox

Redirect headers

pragma
no-cache
date
Mon, 25 Jan 2021 20:37:13 GMT
server
envoy
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type
text/html; charset=utf-8
location
https://dl.dropboxusercontent.com/s/tdqkqott2bu1k4u/microsoft_logo.svg
cache-control
no-cache
content-security-policy
sandbox
x-robots-tag
noindex, nofollow, noimageindex, noindex, nofollow, noimageindex
x-dropbox-request-id
8e3a3a1d109a4821820a561c9006c07e
picker_account_aad.svg
secure.aadcdn.microsoftonline-p.com/ests/2.1.7135.7/content/images/ 		756 B
772 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.aadcdn.microsoftonline-p.com/ests/2.1.7135.7/content/images/picker_account_aad.svg?x=9de70d1c5191d1852a0d5aac28b44a6c
Requested by
Host: accesspoint987.z22.web.core.windows.net
URL: https://accesspoint987.z22.web.core.windows.net/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:2bf::35c1 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
5d3357bd875b7335ace42e8ee3a64578e4253bed1a4e279109de403eedae3a69
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://accesspoint987.z22.web.core.windows.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 25 Jan 2021 20:37:14 GMT
Content-Encoding
gzip
Last-Modified
Sat, 18 May 2019 13:53:04 GMT
Content-MD5
Sm6wIsHj8wthIZkm/aQWhA==
Vary
Accept-Encoding
Connection
keep-alive
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=351335
Strict-Transport-Security
max-age=31536000
Content-Length
394
ellipsis_white.svg
dl.dropboxusercontent.com/s/t045qj5vn6i1rjf/
Redirect Chain
  • https://dl.dropbox.com/s/t045qj5vn6i1rjf/ellipsis_white.svg
  • https://dl.dropboxusercontent.com/s/t045qj5vn6i1rjf/ellipsis_white.svg
915 B
380 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dl.dropboxusercontent.com/s/t045qj5vn6i1rjf/ellipsis_white.svg
Requested by
Host: accesspoint987.z22.web.core.windows.net
URL: https://accesspoint987.z22.web.core.windows.net/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:100:6021:15::a27d:410f , United States, ASN19679 (DROPBOX, US),
Reverse DNS
Software
envoy /
Resource Hash
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea
Security Headers
Name Value
Content-Security-Policy sandbox, report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy sandbox
X-Content-Type-Options nosniff

Request headers

Referer
https://accesspoint987.z22.web.core.windows.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 25 Jan 2021 20:37:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-dropbox-request-id
f550f4a79dd9474ca617a528654b4d26
content-disposition
attachment; filename=ellipsis_white.svg
vary
Accept-Encoding
pragma
public
server
envoy
x-server-response-time
620
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type
image/svg+xml
cache-control
max-age=60
content-security-policy
sandbox, report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
x-robots-tag
noindex, nofollow, noimageindex, noindex, nofollow, noimageindex
x-webkit-csp
sandbox
x-content-security-policy
sandbox

Redirect headers

pragma
no-cache
date
Mon, 25 Jan 2021 20:37:14 GMT
server
envoy
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type
text/html; charset=utf-8
location
https://dl.dropboxusercontent.com/s/t045qj5vn6i1rjf/ellipsis_white.svg
cache-control
no-cache
content-security-policy
sandbox
x-robots-tag
noindex, nofollow, noimageindex, noindex, nofollow, noimageindex
x-dropbox-request-id
0045450085f941b49f4e5f88c37495d2
ellipsis_grey.svg
dl.dropboxusercontent.com/s/vphnw2144by9tg1/
Redirect Chain
  • https://dl.dropbox.com/s/vphnw2144by9tg1/ellipsis_grey.svg
  • https://dl.dropboxusercontent.com/s/vphnw2144by9tg1/ellipsis_grey.svg
915 B
403 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dl.dropboxusercontent.com/s/vphnw2144by9tg1/ellipsis_grey.svg
Requested by
Host: accesspoint987.z22.web.core.windows.net
URL: https://accesspoint987.z22.web.core.windows.net/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:100:6021:15::a27d:410f , United States, ASN19679 (DROPBOX, US),
Reverse DNS
Software
envoy /
Resource Hash
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6
Security Headers
Name Value
Content-Security-Policy sandbox, report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy sandbox
X-Content-Type-Options nosniff

Request headers

Referer
https://accesspoint987.z22.web.core.windows.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 25 Jan 2021 20:37:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-dropbox-request-id
845425c5edbe4d9dbfbecc558ebaaed6
content-disposition
attachment; filename=ellipsis_grey.svg
vary
Accept-Encoding
pragma
public
server
envoy
x-server-response-time
536
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type
image/svg+xml
cache-control
max-age=60
content-security-policy
sandbox, report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
x-robots-tag
noindex, nofollow, noimageindex, noindex, nofollow, noimageindex
x-webkit-csp
sandbox
x-content-security-policy
sandbox

Redirect headers

pragma
no-cache
date
Mon, 25 Jan 2021 20:37:14 GMT
server
envoy
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type
text/html; charset=utf-8
location
https://dl.dropboxusercontent.com/s/vphnw2144by9tg1/ellipsis_grey.svg
cache-control
no-cache
content-security-policy
sandbox
x-robots-tag
noindex, nofollow, noimageindex, noindex, nofollow, noimageindex
x-dropbox-request-id
23a9d1404fc846d39787282f06b21a9d
Cookie set logout.srf
login.microsoftonline.com/ Frame 219B 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://login.microsoftonline.com/logout.srf?ct=1548343592&rver=64.4.6456.0&lc=1033&id=501392
Requested by
Host: accesspoint987.z22.web.core.windows.net
URL: https://accesspoint987.z22.web.core.windows.net/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.126.31.143 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Host
login.microsoftonline.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://accesspoint987.z22.web.core.windows.net/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://accesspoint987.z22.web.core.windows.net/

Response headers

Cache-Control
no-store, no-cache
Pragma
no-cache
Content-Length
120094
Content-Type
text/html; charset=utf-8
Content-Encoding
gzip
Expires
-1
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Link
<https://aadcdn.msftauth.net>; rel=preconnect; crossorigin <https://aadcdn.msftauth.net>; rel=dns-prefetch <https://aadcdn.msauth.net>; rel=dns-prefetch
X-DNS-Prefetch-Control
on
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id
c2ceaf0c-4f14-40d3-b84b-17c6a2660200
x-ms-ests-server
2.1.11444.8 - WEULR1 ProdSlices
Set-Cookie
SignInStateCookie=CAQABAAIAAABeStGSRwwnTq2vHplZ9KL4Xueseg7UleIkDfe1LXSrRsFyOwTezzbjSV5uq7AB9vGOXgh1ovQ9c1FXSvOSq0H3uJ91iHwVn6QXcrlPix1-jSAA; path=/; secure; HttpOnly; SameSite=None ESTSSSOTILES=1; expires=Sat, 25-Jan-2031 20:37:14 GMT; path=/; secure; SameSite=None AADSSOTILES=1; expires=Sat, 25-Jan-2031 20:37:14 GMT; path=/; secure; HttpOnly; SameSite=None ESTSAUTHPERSISTENT=AgABAAQAAABeStGSRwwnTq2vHplZ9KL4AQDs_wMA9P_VfOO5Mcg_KKAhmVWoNzqJ1HqmUv7_lBDp6SDEHE4Z6mEWuLSDlAz7J-vLT6I_sHtDpPRmcakKKw; domain=.login.microsoftonline.com; expires=Sun, 25-Apr-2021 20:37:14 GMT; path=/; secure; HttpOnly; SameSite=None ESTSAUTH=AgABAAQAAABeStGSRwwnTq2vHplZ9KL4AQDs_wMA9P9pGDUA82reW_VgeeV5o8uANvyjK7As-KhwRupvOT3d5_lQRw1WdHWRtZD3PkRODvFyU5VvQGyhjw; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None ESTSAUTHLIGHT=+; path=/; secure; SameSite=None ch=2tIpeUS1aJ0Hdzito40OHmsFZOY1VD8swds09BVJgws; domain=.login.microsoftonline.com; expires=Sun, 25-Apr-2021 20:37:14 GMT; path=/; secure; SameSite=None ESTSSC=00; path=/; secure; HttpOnly; SameSite=None buid=AQABAAEAAABeStGSRwwnTq2vHplZ9KL45y3KsMtWwH4YugeuriwK73BJh8T6xtD3zEhv5TaKshNCQwdMA_m7CUazt2Py21OSbMXSRN6gfnphr4_BX5B3AWRZ2WkrRHa23FVybwTxdJcgAA; expires=Wed, 24-Feb-2021 20:37:14 GMT; path=/; secure; HttpOnly; SameSite=None fpc=Al1AeODhpr5Lm6rJmuDwUdc; expires=Wed, 24-Feb-2021 20:37:14 GMT; path=/; secure; HttpOnly; SameSite=None esctx=AQABAAAAAABeStGSRwwnTq2vHplZ9KL40r-T6WtsoVSvdbz4eL0S9r3ZKulkCi78fGyVXNAlQ4MJY2ghtCq6xAmZvdwVEIG1K3T6NlQbAerwXe5yIZjYyW4QikYTulu-C8DybkJoFtsyCCoS47g8v7aM14cAKAVvSlFgZzjxVqfXJYlhRAJn9xjgHi8rnmLZYbEPfkQvPEIgAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly stsservicecookie=estsfd; path=/; secure; samesite=none; httponly
Referrer-Policy
strict-origin-when-cross-origin
Date
Mon, 25 Jan 2021 20:37:14 GMT
0-small.jpg
secure.aadcdn.microsoftonline-p.com/ests/2.1.7135.7/content/images/backgrounds/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.aadcdn.microsoftonline-p.com/ests/2.1.7135.7/content/images/backgrounds/0-small.jpg?x=12f4b8b543125cc986c79cd85320812f
Requested by
Host: accesspoint987.z22.web.core.windows.net
URL: https://accesspoint987.z22.web.core.windows.net/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:2bf::35c1 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
c13db279143e1845ee4aaee5afedc5bd75e9f7d50024b63883b45332c4960b3b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://accesspoint987.z22.web.core.windows.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 25 Jan 2021 20:37:14 GMT
Last-Modified
Sat, 18 May 2019 13:53:42 GMT
Content-MD5
EvS4tUMSXMmGx5zYUyCBLw==
Strict-Transport-Security
max-age=31536000
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=604800
Connection
keep-alive
Content-Length
1029
0.jpg
secure.aadcdn.microsoftonline-p.com/ests/2.1.7135.7/content/images/backgrounds/ 		291 KB
291 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.aadcdn.microsoftonline-p.com/ests/2.1.7135.7/content/images/backgrounds/0.jpg?x=f5a9a9531b8f4bcc86eabb19472d15d5
Requested by
Host: accesspoint987.z22.web.core.windows.net
URL: https://accesspoint987.z22.web.core.windows.net/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:2bf::35c1 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
62faab60433070e2ea52c235f0f18db228759f2a08bb6f9e5711630df8321214
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://accesspoint987.z22.web.core.windows.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 25 Jan 2021 20:37:14 GMT
Last-Modified
Sat, 18 May 2019 13:53:40 GMT
Content-MD5
9ampUxuPS8yG6rsZRy0V1Q==
Strict-Transport-Security
max-age=31536000
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=604800
Connection
keep-alive
Content-Length
298105

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery function| validateEmail function| sendmails

13 Cookies

Domain/Path Name / Value
login.microsoftonline.com/ Name: stsservicecookie
Value: estsfd
login.microsoftonline.com/ Name: x-ms-gateway-slice
Value: estsfd
login.microsoftonline.com/ Name: buid
Value: AQABAAEAAABeStGSRwwnTq2vHplZ9KL45y3KsMtWwH4YugeuriwK73BJh8T6xtD3zEhv5TaKshNCQwdMA_m7CUazt2Py21OSbMXSRN6gfnphr4_BX5B3AWRZ2WkrRHa23FVybwTxdJcgAA
login.microsoftonline.com/ Name: AADSSOTILES
Value: 1
login.microsoftonline.com/ Name: ESTSSC
Value: 00
.login.microsoftonline.com/ Name: ch
Value: 2tIpeUS1aJ0Hdzito40OHmsFZOY1VD8swds09BVJgws
login.microsoftonline.com/ Name: ESTSAUTHLIGHT
Value: +
.login.microsoftonline.com/ Name: ESTSAUTH
Value: AgABAAQAAABeStGSRwwnTq2vHplZ9KL4AQDs_wMA9P9pGDUA82reW_VgeeV5o8uANvyjK7As-KhwRupvOT3d5_lQRw1WdHWRtZD3PkRODvFyU5VvQGyhjw
.login.microsoftonline.com/ Name: ESTSAUTHPERSISTENT
Value: AgABAAQAAABeStGSRwwnTq2vHplZ9KL4AQDs_wMA9P_VfOO5Mcg_KKAhmVWoNzqJ1HqmUv7_lBDp6SDEHE4Z6mEWuLSDlAz7J-vLT6I_sHtDpPRmcakKKw
.login.microsoftonline.com/ Name: esctx
Value: AQABAAAAAABeStGSRwwnTq2vHplZ9KL40r-T6WtsoVSvdbz4eL0S9r3ZKulkCi78fGyVXNAlQ4MJY2ghtCq6xAmZvdwVEIG1K3T6NlQbAerwXe5yIZjYyW4QikYTulu-C8DybkJoFtsyCCoS47g8v7aM14cAKAVvSlFgZzjxVqfXJYlhRAJn9xjgHi8rnmLZYbEPfkQvPEIgAA
login.microsoftonline.com/ Name: fpc
Value: Al1AeODhpr5Lm6rJmuDwUdc
login.microsoftonline.com/ Name: ESTSSSOTILES
Value: 1
login.microsoftonline.com/ Name: SignInStateCookie
Value: CAQABAAIAAABeStGSRwwnTq2vHplZ9KL4Xueseg7UleIkDfe1LXSrRsFyOwTezzbjSV5uq7AB9vGOXgh1ovQ9c1FXSvOSq0H3uJ91iHwVn6QXcrlPix1-jSAA