urlscan.io logo urlscan.io
SecurityTrails logo

login-microsoft-online-servicesmessagecenter.murl.website Open in urlscan Pro
107.175.35.71  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://secure-web.cisco.com/15O3QxjhHYOYPum3hSVzmReW5sIjQjxwDPtRT25QrO1so8WTYfLOxXcsfx5lJUPRfzmJZ4J3xS2X4JlMmOJvy8HueMLnyDfJ...
Effective URL: https://login-microsoft-online-servicesmessagecenter.murl.website/common/
Submission: On January 02 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 4 countries across 8 domains to perform 12 HTTP transactions. The main IP is 107.175.35.71, located in Buffalo, United States and belongs to AS-COLOCROSSING - ColoCrossing, US. The main domain is login-microsoft-online-servicesmessagecenter.murl.website.
TLS certificate: Issued by Let's Encrypt Authority X3 on November 19th 2019. Valid for: 3 months.
This is the only time login-microsoft-online-servicesmessagecenter.murl.website was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 1 2620:101:2005... 16417 (IRONPORT-...)
2 51.79.140.104 16276 (OVH)
2 6 107.175.35.71 36352 (AS-COLOCR...)
1 2001:4de0:ac1... 20446 (HIGHWINDS3)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 143.204.214.9 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
12 7
1    2620:101:2005:11f0::1001 (United States)

ASN16417 (IRONPORT-SYSTEMS-INC - Cisco Systems Ironport Division, US)
secure-web.cisco.com
2    51.79.140.104 (Canada)

ASN16276 (OVH, FR)
PTR: ip-51-79-140.eu
micro-812.ga
6    107.175.35.71 (Buffalo, United States)

ASN36352 (AS-COLOCROSSING - ColoCrossing, US)
PTR: 107-175-35-71-host.colocrossing.com
login-microsoft-online-servicesmessagecenter.murl.website
1    2001:4de0:ac19::1:b:2a (Netherlands)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
maxcdn.bootstrapcdn.com
1    2a00:1450:4001:800::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
ajax.googleapis.com
2    2a00:1450:4001:820::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
www.google.com
1    143.204.214.9 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-214-9.fra53.r.cloudfront.net
logo.clearbit.com
1    2a00:1450:4001:81f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
www.gstatic.com
Domain Requested by
6 login-microsoft-online-servicesmessagecenter.murl.website 2 redirects login-microsoft-online-servicesmessagecenter.murl.website
2 www.google.com login-microsoft-online-servicesmessagecenter.murl.website
www.gstatic.com
2 micro-812.ga micro-812.ga
1 www.gstatic.com www.google.com
1 logo.clearbit.com login-microsoft-online-servicesmessagecenter.murl.website
1 ajax.googleapis.com login-microsoft-online-servicesmessagecenter.murl.website
1 maxcdn.bootstrapcdn.com login-microsoft-online-servicesmessagecenter.murl.website
1 secure-web.cisco.com 1 redirects
12 8

This site contains links to these domains. Also see Links.

Domain
go.microsoft.com
account.microsoft.com
privacy.microsoft.com
Subject Issuer Validity Valid
micro-812.ga
cPanel, Inc. Certification Authority		 2019-12-28 -
2020-03-27		 3 months crt.sh
login-microsoft-online-servicesmessagecenter.murl.website
Let's Encrypt Authority X3		 2019-11-19 -
2020-02-17		 3 months crt.sh
*.bootstrapcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2019-09-14 -
2020-10-13		 a year crt.sh
*.storage.googleapis.com
GTS CA 1O1		 2019-12-03 -
2020-02-25		 3 months crt.sh
www.google.com
GTS CA 1O1		 2019-12-03 -
2020-02-25		 3 months crt.sh
clearbit.com
Amazon		 2019-06-18 -
2020-07-18		 a year crt.sh
*.google.com
GTS CA 1O1		 2019-12-03 -
2020-02-25		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://login-microsoft-online-servicesmessagecenter.murl.website/common/
Frame ID: 85DD824CC558451443683928E6BB804F
Requests: 11 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LewSLcUAAAAAOutqIR6jD9aJeTwNx_fNP3c4sX_&co=aHR0cHM6Ly9sb2dpbi1taWNyb3NvZnQtb25saW5lLXNlcnZpY2VzbWVzc2FnZWNlbnRlci5tdXJsLndlYnNpdGU6NDQz&hl=en&v=mhgGrlTs_PbFQOW4ejlxlxZn&size=invisible&cb=f684ogrnooxp
Frame ID: 890C3F2A20C9A1D5DC7613282BDEF36B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://secure-web.cisco.com/15O3QxjhHYOYPum3hSVzmReW5sIjQjxwDPtRT25QrO1so8WTYfLOxXcsfx5lJUPRfzmJZ4J3xS2X... HTTP 302
    https://micro-812.ga/?e=anderson.goncalves@laureate.net Page URL
  2. https://login-microsoft-online-servicesmessagecenter.murl.website/?e=anderson.goncalves@laureate.net HTTP 302
    https://login-microsoft-online-servicesmessagecenter.murl.website/common HTTP 301
    https://login-microsoft-online-servicesmessagecenter.murl.website/common/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /\/recaptcha\/api\.js/i

Page Statistics

12
Requests

100 %
HTTPS

63 %
IPv6

8
Domains

8
Subdomains

7
IPs

4
Countries

447 kB
Transfer

801 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://secure-web.cisco.com/15O3QxjhHYOYPum3hSVzmReW5sIjQjxwDPtRT25QrO1so8WTYfLOxXcsfx5lJUPRfzmJZ4J3xS2X4JlMmOJvy8HueMLnyDfJJV4Esa5HlAeU_Up6iFjglDB4Lo7Vra71vIz-bJdmEDxMlRfHipgOSbI1eK_cX2gzoTlWf-p8jGhE_mZGgE4DrxO9ScINLWbbgVsBNo5gbvQY0W9IXt6P5emydHxmF6zie7Q4cwmTU_0pLhRyiho02hHXwZ9AILrcc_eWfBrK8wlgW9uCXFlLOJAEZ6htACMJeoRARH--v-Gj6YEXpDuBhxnjbcRmcJ0rp/https%3A%2F%2Fmicro-812.ga%3Fe%3Danderson.goncalves%40laureate.net HTTP 302
    https://micro-812.ga/?e=anderson.goncalves@laureate.net Page URL
  2. https://login-microsoft-online-servicesmessagecenter.murl.website/?e=anderson.goncalves@laureate.net HTTP 302
    https://login-microsoft-online-servicesmessagecenter.murl.website/common HTTP 301
    https://login-microsoft-online-servicesmessagecenter.murl.website/common/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://secure-web.cisco.com/15O3QxjhHYOYPum3hSVzmReW5sIjQjxwDPtRT25QrO1so8WTYfLOxXcsfx5lJUPRfzmJZ4J3xS2X4JlMmOJvy8HueMLnyDfJJV4Esa5HlAeU_Up6iFjglDB4Lo7Vra71vIz-bJdmEDxMlRfHipgOSbI1eK_cX2gzoTlWf-p8jGhE_mZGgE4DrxO9ScINLWbbgVsBNo5gbvQY0W9IXt6P5emydHxmF6zie7Q4cwmTU_0pLhRyiho02hHXwZ9AILrcc_eWfBrK8wlgW9uCXFlLOJAEZ6htACMJeoRARH--v-Gj6YEXpDuBhxnjbcRmcJ0rp/https%3A%2F%2Fmicro-812.ga%3Fe%3Danderson.goncalves%40laureate.net HTTP 302
  • https://micro-812.ga/?e=anderson.goncalves@laureate.net

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
micro-812.ga/
Redirect Chain
  • https://secure-web.cisco.com/15O3QxjhHYOYPum3hSVzmReW5sIjQjxwDPtRT25QrO1so8WTYfLOxXcsfx5lJUPRfzmJZ4J3xS2X4JlMmOJvy8HueMLnyDfJJV4Esa5HlAeU_Up6iFjglDB4Lo7Vra71vIz-bJdmEDxMlRfHipgOSbI1eK_cX2gzoTlWf-p8...
  • https://micro-812.ga/?e=anderson.goncalves@laureate.net
3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://micro-812.ga/?e=anderson.goncalves@laureate.net
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
51.79.140.104 , Canada, ASN16276 (OVH, FR),
Reverse DNS
ip-51-79-140.eu
Software
Apache /
Resource Hash
e06c373bf81cffc434da70074e487bf979f71b4f20b899c4b73df7c825eb61d8

Request headers

Host
micro-812.ga
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-User
?1
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-User
?1

Response headers

Date
Thu, 02 Jan 2020 22:12:56 GMT
Server
Apache
refresh
5; url=https://login-microsoft-online-servicesmessagecenter.murl.website?e=anderson.goncalves@laureate.net
Content-Length
2784
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8

Redirect headers

Server
nginx/1.16.1
Date
Thu, 02 Jan 2020 22:12:56 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
X-Harpe-Token
Location
https://micro-812.ga?e=anderson.goncalves@laureate.net
X-Harpe-Verdict
harpe_allow
auto.js
micro-812.ga/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://micro-812.ga/auto.js
Requested by
Host: micro-812.ga
URL: https://micro-812.ga/?e=anderson.goncalves@laureate.net
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
51.79.140.104 , Canada, ASN16276 (OVH, FR),
Reverse DNS
ip-51-79-140.eu
Software
Apache /
Resource Hash

Request headers

Referer
https://micro-812.ga/?e=anderson.goncalves@laureate.net
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 02 Jan 2020 22:12:56 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
Primary Request /
login-microsoft-online-servicesmessagecenter.murl.website/common/
Redirect Chain
  • https://login-microsoft-online-servicesmessagecenter.murl.website/?e=anderson.goncalves@laureate.net
  • https://login-microsoft-online-servicesmessagecenter.murl.website/common
  • https://login-microsoft-online-servicesmessagecenter.murl.website/common/
17 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login-microsoft-online-servicesmessagecenter.murl.website/common/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.175.35.71 Buffalo, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US),
Reverse DNS
107-175-35-71-host.colocrossing.com
Software
nginx /
Resource Hash
301b9f0f15ae1c55d12355c2665b7852fb7cd91915c57c7bc1acdebe119cbf18

Request headers

Host
login-microsoft-online-servicesmessagecenter.murl.website
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Referer
https://micro-812.ga/?e=anderson.goncalves@laureate.net
Accept-Encoding
gzip, deflate, br
Cookie
PHPSESSID=2j6cdbd5fon2li9k4pppqemlr6
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://micro-812.ga/?e=anderson.goncalves@laureate.net

Response headers

Server
nginx
Date
Thu, 02 Jan 2020 22:13:02 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
6208
Connection
keep-alive
Keep-Alive
timeout=60
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Vary
Accept-Encoding
Content-Encoding
gzip

Redirect headers

Server
nginx
Date
Thu, 02 Jan 2020 22:13:02 GMT
Content-Type
text/html; charset=iso-8859-1
Content-Length
281
Connection
keep-alive
Keep-Alive
timeout=60
Location
https://login-microsoft-online-servicesmessagecenter.murl.website/common/
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.4.0/css/ 		119 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/3.4.0/css/bootstrap.min.css
Requested by
Host: login-microsoft-online-servicesmessagecenter.murl.website
URL: https://login-microsoft-online-servicesmessagecenter.murl.website/common/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:2a , Netherlands, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
Software
/
Resource Hash
1f429f4e2829515fb4ff9b67d875c2d023f08610e15a049ac0976715dd02182a

Request headers

Referer
https://login-microsoft-online-servicesmessagecenter.murl.website/common/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 02 Jan 2020 22:13:02 GMT
content-encoding
gzip
last-modified
Fri, 14 Dec 2018 05:14:43 GMT
access-control-allow-origin
*
etag
"1544764483"
vary
Accept-Encoding
x-cache
HIT
content-type
text/css; charset=utf-8
status
200
cache-control
public, max-age=31536000
x-hello-human
Say hello back! @getBootstrapCDN on Twitter
accept-ranges
bytes
timing-allow-origin
*
content-length
19736
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.4.1/ 		86 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
Requested by
Host: login-microsoft-online-servicesmessagecenter.murl.website
URL: https://login-microsoft-online-servicesmessagecenter.murl.website/common/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://login-microsoft-online-servicesmessagecenter.murl.website/common/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 20 Nov 2019 19:20:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3725561
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
30774
x-xss-protection
0
last-modified
Mon, 13 May 2019 14:37:17 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 19 Nov 2020 19:20:21 GMT
bootstrap.min.js
login-microsoft-online-servicesmessagecenter.murl.website/common/ 		37 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://login-microsoft-online-servicesmessagecenter.murl.website/common/bootstrap.min.js
Requested by
Host: login-microsoft-online-servicesmessagecenter.murl.website
URL: https://login-microsoft-online-servicesmessagecenter.murl.website/common/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.175.35.71 Buffalo, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US),
Reverse DNS
107-175-35-71-host.colocrossing.com
Software
nginx /
Resource Hash
90afd3a8f28e6a028d99465c8e0ba91f1d489e1b479f8926ecfdddc14c06a5fe

Request headers

Referer
https://login-microsoft-online-servicesmessagecenter.murl.website/common/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 02 Jan 2020 22:13:02 GMT
Content-Encoding
gzip
Last-Modified
Tue, 19 Nov 2019 08:22:54 GMT
Server
nginx
ETag
W/"5dd3a65e-92e8"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=315360000
Transfer-Encoding
chunked
Connection
keep-alive
Keep-Alive
timeout=60
Expires
Thu, 31 Dec 2037 23:55:55 GMT
api.js
www.google.com/recaptcha/ 		763 B
588 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?render=6LewSLcUAAAAAOutqIR6jD9aJeTwNx_fNP3c4sX_
Requested by
Host: login-microsoft-online-servicesmessagecenter.murl.website
URL: https://login-microsoft-online-servicesmessagecenter.murl.website/common/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
GSE /
Resource Hash
b836e88b41125a66a25d76af678e8d2fa4edcc301374a0c8614933cc9d7e3e7e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://login-microsoft-online-servicesmessagecenter.murl.website/common/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 02 Jan 2020 22:13:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
status
200
cache-control
private, max-age=300
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
495
x-xss-protection
1; mode=block
expires
Thu, 02 Jan 2020 22:13:02 GMT
download.png
login-microsoft-online-servicesmessagecenter.murl.website/common/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://login-microsoft-online-servicesmessagecenter.murl.website/common/download.png
Requested by
Host: login-microsoft-online-servicesmessagecenter.murl.website
URL: https://login-microsoft-online-servicesmessagecenter.murl.website/common/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.175.35.71 Buffalo, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US),
Reverse DNS
107-175-35-71-host.colocrossing.com
Software
nginx /
Resource Hash
61eeee1140f4d6f9b14b0d4657d3022a332fac366e258ac12e941e6f996c4f60

Request headers

Referer
https://login-microsoft-online-servicesmessagecenter.murl.website/common/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 02 Jan 2020 22:13:03 GMT
Last-Modified
Tue, 19 Nov 2019 13:01:40 GMT
Server
nginx
ETag
"5dd3e7b4-1868"
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=60
Content-Length
6248
Expires
Thu, 31 Dec 2037 23:55:55 GMT
laureate.net
logo.clearbit.com/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://logo.clearbit.com/laureate.net
Requested by
Host: login-microsoft-online-servicesmessagecenter.murl.website
URL: https://login-microsoft-online-servicesmessagecenter.murl.website/common/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.9 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-9.fra53.r.cloudfront.net
Software
envoy /
Resource Hash
76bbeb9cd1053161b9248031aeb6532e950d56bd75ea0c293050b8a86b5dd5a8

Request headers

Referer
https://login-microsoft-online-servicesmessagecenter.murl.website/common/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 18 Dec 2019 10:31:19 GMT
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
server
envoy
x-amz-cf-pop
FRA53-C1
x-cache
Hit from cloudfront
content-type
image/png
status
200
cache-control
public, max-age=2592000
access-control-allow-origin
*
x-amz-cf-id
Ed1K9-AfuNDec2iU_nIc77XyH5SKn5GwZvaHIZRmD8ev7lBOjd74Dg==
recaptcha__en.js
www.gstatic.com/recaptcha/releases/mhgGrlTs_PbFQOW4ejlxlxZn/ 		254 KB
91 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/mhgGrlTs_PbFQOW4ejlxlxZn/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6LewSLcUAAAAAOutqIR6jD9aJeTwNx_fNP3c4sX_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
c2cca14e4dbf2994f90b91ef01ec4d6eb6b560b429d028317d624d9b5f4bdcb0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://login-microsoft-online-servicesmessagecenter.murl.website/common/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 09 Dec 2019 17:50:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 09 Dec 2019 05:03:14 GMT
server
sffe
age
2089368
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=31536000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
92878
x-xss-protection
0
expires
Tue, 08 Dec 2020 17:50:15 GMT
bg.jpg
login-microsoft-online-servicesmessagecenter.murl.website/common/ 		277 KB
277 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://login-microsoft-online-servicesmessagecenter.murl.website/common/bg.jpg
Requested by
Host: login-microsoft-online-servicesmessagecenter.murl.website
URL: https://login-microsoft-online-servicesmessagecenter.murl.website/common/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.175.35.71 Buffalo, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US),
Reverse DNS
107-175-35-71-host.colocrossing.com
Software
nginx /
Resource Hash
211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb

Request headers

Referer
https://login-microsoft-online-servicesmessagecenter.murl.website/common/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 02 Jan 2020 22:13:03 GMT
Last-Modified
Tue, 19 Nov 2019 08:22:54 GMT
Server
nginx
ETag
"5dd3a65e-452d7"
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=60
Content-Length
283351
Expires
Thu, 31 Dec 2037 23:55:55 GMT
anchor
www.google.com/recaptcha/api2/ Frame 890C 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LewSLcUAAAAAOutqIR6jD9aJeTwNx_fNP3c4sX_&co=aHR0cHM6Ly9sb2dpbi1taWNyb3NvZnQtb25saW5lLXNlcnZpY2VzbWVzc2FnZWNlbnRlci5tdXJsLndlYnNpdGU6NDQz&hl=en&v=mhgGrlTs_PbFQOW4ejlxlxZn&size=invisible&cb=f684ogrnooxp
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/mhgGrlTs_PbFQOW4ejlxlxZn/recaptcha__en.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-Nbxkvg0olGSlmwHyZrtctQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/anchor?ar=1&k=6LewSLcUAAAAAOutqIR6jD9aJeTwNx_fNP3c4sX_&co=aHR0cHM6Ly9sb2dpbi1taWNyb3NvZnQtb25saW5lLXNlcnZpY2VzbWVzc2FnZWNlbnRlci5tdXJsLndlYnNpdGU6NDQz&hl=en&v=mhgGrlTs_PbFQOW4ejlxlxZn&size=invisible&cb=f684ogrnooxp
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://login-microsoft-online-servicesmessagecenter.murl.website/common/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://login-microsoft-online-servicesmessagecenter.murl.website/common/

Response headers

status
200
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Thu, 02 Jan 2020 22:13:03 GMT
content-security-policy
script-src 'report-sample' 'nonce-Nbxkvg0olGSlmwHyZrtctQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
8619
server
GSE
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| $ function| jQuery object| ___grecaptcha_cfg object| grecaptcha boolean| __google_recaptcha_client object| recaptcha object| closure_lm_172642

0 Cookies