urlscan.io logo urlscan.io
SecurityTrails logo

frame.office-web.net Open in urlscan Pro
172.67.132.39  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://kcg9172858d79256126a78iol79kk0a18dis.pages.dev/
Effective URL: https://frame.office-web.net/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3...
Submission: On August 07 via api from US — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 19 HTTP transactions. The main IP is 172.67.132.39, located in United States and belongs to CLOUDFLARENET, US. The main domain is frame.office-web.net.
TLS certificate: Issued by WE1 on July 31st 2024. Valid for: 3 months.
This is the only time frame.office-web.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 1 188.114.97.3 13335 (CLOUDFLAR...)
3 10 172.67.132.39 13335 (CLOUDFLAR...)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
12 2620:1ec:bdf::45 8075 (MICROSOFT...)
19 2
Apex Domain
Subdomains		 Transfer
12 msauth.net
aadcdn.msauth.net — Cisco Umbrella Rank: 2218
341 KB
11 office-web.net
frame.office-web.net
www.office-web.net
login.office-web.net
29 KB
1 pages.dev
kcg9172858d79256126a78iol79kk0a18dis.pages.dev
526 B
19 3
Domain Requested by
12 aadcdn.msauth.net frame.office-web.net
aadcdn.msauth.net
8 frame.office-web.net 3 redirects frame.office-web.net
aadcdn.msauth.net
2 login.office-web.net frame.office-web.net
aadcdn.msauth.net
1 www.office-web.net 1 redirects
1 kcg9172858d79256126a78iol79kk0a18dis.pages.dev 1 redirects
19 5

This site contains links to these domains. Also see Links.

Domain
login.office-web.net
www.microsoft.com
privacy.microsoft.com
Subject Issuer Validity Valid
office-web.net
WE1		 2024-07-31 -
2024-10-29		 3 months crt.sh
aadcdn.msauth.net
DigiCert SHA2 Secure Server CA		 2024-04-30 -
2025-04-30		 a year crt.sh

This page contains 3 frames:

Primary Page: https://frame.office-web.net/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638586398204842778.M2Y3MmY4ODEtZmNlMy00NTJiLTk0NDktODdmZjU5MjZlMjE1OTQ3NjJlNzUtNzRmNy00NjU2LTllY2EtYTQ4NTM4YmYwOTRl&ui_locales=nl-NL&mkt=nl-NL&client-request-id=4c85e518-86e8-4538-ab27-bedebca6b325&state=rwfDGsY3kEuyb0plkmBu5jd3tBkrTzVpqkQzgqMECyIUwNWjBSv_zdNTScWVcfmhm6hGjj4EO1FxH83yghjZAsTfPmZsmnhsosn71i91H_0f7PI5bWR6FI9091ru-JJQ4JtZLu9dabsO_7LV2JjkR74TFC6mt6991MtNORAzkx9aMteBQ-CVPjus9M8fNDB3DKjv3M_XV716uipNsX6guESE1Hyq3fZHcMe_Sj123Cb3WYCTXM9OxgRWdV3DYBdmm7oiHkiOv4A1SIX55zf4Ig&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0
Frame ID: 11971765CCEF65BC86BBF59BE6AA6D81
Requests: 16 HTTP requests in this frame

Frame: https://frame.office-web.net/cdn-cgi/challenge-platform/h/g/scripts/jsd/769ce3c24a3b/main.js
Frame ID: 0CAB70D4C6052377F3BE1F1136EC1093
Requests: 2 HTTP requests in this frame

Frame: https://login.office-web.net/Me.htm?v=3
Frame ID: 506612561FBE805C1163FA5F81331A1B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Aanmelden bij uw account

Page URL History Show full URLs

  1. https://kcg9172858d79256126a78iol79kk0a18dis.pages.dev/ HTTP 301
    https://frame.office-web.net/microsoft HTTP 302
    https://frame.office-web.net/ HTTP 302
    https://www.office-web.net/login HTTP 302
    https://frame.office-web.net/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&... Page URL

Page Statistics

19
Requests

95 %
HTTPS

50 %
IPv6

3
Domains

5
Subdomains

2
IPs

2
Countries

366 kB
Transfer

1217 kB
Size

16
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://kcg9172858d79256126a78iol79kk0a18dis.pages.dev/ HTTP 301
    https://frame.office-web.net/microsoft HTTP 302
    https://frame.office-web.net/ HTTP 302
    https://www.office-web.net/login HTTP 302
    https://frame.office-web.net/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638586398204842778.M2Y3MmY4ODEtZmNlMy00NTJiLTk0NDktODdmZjU5MjZlMjE1OTQ3NjJlNzUtNzRmNy00NjU2LTllY2EtYTQ4NTM4YmYwOTRl&ui_locales=nl-NL&mkt=nl-NL&client-request-id=4c85e518-86e8-4538-ab27-bedebca6b325&state=rwfDGsY3kEuyb0plkmBu5jd3tBkrTzVpqkQzgqMECyIUwNWjBSv_zdNTScWVcfmhm6hGjj4EO1FxH83yghjZAsTfPmZsmnhsosn71i91H_0f7PI5bWR6FI9091ru-JJQ4JtZLu9dabsO_7LV2JjkR74TFC6mt6991MtNORAzkx9aMteBQ-CVPjus9M8fNDB3DKjv3M_XV716uipNsX6guESE1Hyq3fZHcMe_Sj123Cb3WYCTXM9OxgRWdV3DYBdmm7oiHkiOv4A1SIX55zf4Ig&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5
  • https://frame.office-web.net/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://frame.office-web.net/cdn-cgi/challenge-platform/h/g/scripts/jsd/769ce3c24a3b/main.js

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request authorize
frame.office-web.net/common/oauth2/v2.0/
Redirect Chain
  • https://kcg9172858d79256126a78iol79kk0a18dis.pages.dev/
  • https://frame.office-web.net/microsoft
  • https://frame.office-web.net/
  • https://www.office-web.net/login
  • https://frame.office-web.net/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=op...
45 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://frame.office-web.net/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638586398204842778.M2Y3MmY4ODEtZmNlMy00NTJiLTk0NDktODdmZjU5MjZlMjE1OTQ3NjJlNzUtNzRmNy00NjU2LTllY2EtYTQ4NTM4YmYwOTRl&ui_locales=nl-NL&mkt=nl-NL&client-request-id=4c85e518-86e8-4538-ab27-bedebca6b325&state=rwfDGsY3kEuyb0plkmBu5jd3tBkrTzVpqkQzgqMECyIUwNWjBSv_zdNTScWVcfmhm6hGjj4EO1FxH83yghjZAsTfPmZsmnhsosn71i91H_0f7PI5bWR6FI9091ru-JJQ4JtZLu9dabsO_7LV2JjkR74TFC6mt6991MtNORAzkx9aMteBQ-CVPjus9M8fNDB3DKjv3M_XV716uipNsX6guESE1Hyq3fZHcMe_Sj123Cb3WYCTXM9OxgRWdV3DYBdmm7oiHkiOv4A1SIX55zf4Ig&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.132.39 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c9ba4799b8eafff06299d70591c437d669edb9820b2978430fd1596cc9abbfbd

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache, no-store
cf-cache-status
DYNAMIC
cf-ray
8af8279f88c965ff-AMS
content-encoding
br
content-type
text/html; charset=utf-8
date
Wed, 07 Aug 2024 15:03:41 GMT
expires
-1
link
<https://aadcdn.msauth.net>; rel=preconnect; crossorigin,<https://aadcdn.msauth.net>; rel=dns-prefetch,<https://aadcdn.msftauth.net>; rel=dns-prefetch
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
p3p
CP="DSP CUR OTPi IND OTRi ONL FIN"
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+est"}]}
server
cloudflare
vary
Accept-Encoding
x-dns-prefetch-control
on
x-ms-clitelem
1,0,0,,
x-ms-ests-server
2.1.18621.9 - EUS ProdSlices
x-ms-request-id
05d802c7-588d-49e5-b56b-b3efb6172200
x-ms-srs
1.P

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache, no-store
cf-cache-status
DYNAMIC
cf-ray
8af8279bcb4fa000-AMS
content-type
text/html; charset=utf-8
date
Wed, 07 Aug 2024 15:03:40 GMT
location
https://frame.office-web.net/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638586398204842778.M2Y3MmY4ODEtZmNlMy00NTJiLTk0NDktODdmZjU5MjZlMjE1OTQ3NjJlNzUtNzRmNy00NjU2LTllY2EtYTQ4NTM4YmYwOTRl&ui_locales=nl-NL&mkt=nl-NL&client-request-id=4c85e518-86e8-4538-ab27-bedebca6b325&state=rwfDGsY3kEuyb0plkmBu5jd3tBkrTzVpqkQzgqMECyIUwNWjBSv_zdNTScWVcfmhm6hGjj4EO1FxH83yghjZAsTfPmZsmnhsosn71i91H_0f7PI5bWR6FI9091ru-JJQ4JtZLu9dabsO_7LV2JjkR74TFC6mt6991MtNORAzkx9aMteBQ-CVPjus9M8fNDB3DKjv3M_XV716uipNsX6guESE1Hyq3fZHcMe_Sj123Cb3WYCTXM9OxgRWdV3DYBdmm7oiHkiOv4A1SIX55zf4Ig&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T40Iuijl2CItCCTBD2yHl77UKO%2BcnkZgYsLs5i7SGpXmqCruWaWIilqGrQwlJxV05tScL%2BuURISsazrp40thpxgAVP5jkkXJ6f72e39I3pUMk9i9wiCaai6YEA8489U8MCDfjAvp4U8cuOWGlfz7pfY%3D"}],"group":"cf-nel","max_age":604800}
request-context
appId=
server
cloudflare
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
x-msedge-ref
Ref A: 5A6B35A875A84B9A81B118D866A26236 Ref B: BY3EDGE0110 Ref C: 2024-08-07T15:03:40Z
x-ua-compatible
IE=edge,chrome=1
Me.htm
login.office-web.net/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://login.office-web.net/Me.htm?v=3
Requested by
Host: frame.office-web.net
URL: https://frame.office-web.net/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638586398204842778.M2Y3MmY4ODEtZmNlMy00NTJiLTk0NDktODdmZjU5MjZlMjE1OTQ3NjJlNzUtNzRmNy00NjU2LTllY2EtYTQ4NTM4YmYwOTRl&ui_locales=nl-NL&mkt=nl-NL&client-request-id=4c85e518-86e8-4538-ab27-bedebca6b325&state=rwfDGsY3kEuyb0plkmBu5jd3tBkrTzVpqkQzgqMECyIUwNWjBSv_zdNTScWVcfmhm6hGjj4EO1FxH83yghjZAsTfPmZsmnhsosn71i91H_0f7PI5bWR6FI9091ru-JJQ4JtZLu9dabsO_7LV2JjkR74TFC6mt6991MtNORAzkx9aMteBQ-CVPjus9M8fNDB3DKjv3M_XV716uipNsX6guESE1Hyq3fZHcMe_Sj123Cb3WYCTXM9OxgRWdV3DYBdmm7oiHkiOv4A1SIX55zf4Ig&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.132.39 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://frame.office-web.net/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers
converged.v2.login.min_qzvqnltrxpy99ajspyxbgq2.css
aadcdn.msauth.net/ests/2.1/content/cdnbundles/ 		111 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_qzvqnltrxpy99ajspyxbgq2.css
Requested by
Host: frame.office-web.net
URL: https://frame.office-web.net/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638586398204842778.M2Y3MmY4ODEtZmNlMy00NTJiLTk0NDktODdmZjU5MjZlMjE1OTQ3NjJlNzUtNzRmNy00NjU2LTllY2EtYTQ4NTM4YmYwOTRl&ui_locales=nl-NL&mkt=nl-NL&client-request-id=4c85e518-86e8-4538-ab27-bedebca6b325&state=rwfDGsY3kEuyb0plkmBu5jd3tBkrTzVpqkQzgqMECyIUwNWjBSv_zdNTScWVcfmhm6hGjj4EO1FxH83yghjZAsTfPmZsmnhsosn71i91H_0f7PI5bWR6FI9091ru-JJQ4JtZLu9dabsO_7LV2JjkR74TFC6mt6991MtNORAzkx9aMteBQ-CVPjus9M8fNDB3DKjv3M_XV716uipNsX6guESE1Hyq3fZHcMe_Sj123Cb3WYCTXM9OxgRWdV3DYBdmm7oiHkiOv4A1SIX55zf4Ig&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
1f8ceb44fe7cfcf7e71dbd5122210335ca3821d697a851d2900b95af7d92d69d

Request headers

Referer
https://frame.office-web.net/
Origin
https://frame.office-web.net
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 07 Aug 2024 15:03:41 GMT
content-encoding
gzip
x-cache
TCP_HIT
x-fd-int-roxy-purgeid
0
content-length
20414
x-ms-lease-status
unlocked
last-modified
Wed, 03 Jul 2024 21:48:08 GMT
etag
0x8DC9BA9D4131BFD
x-azure-ref
20240807T150341Z-17c4bf6c47dl4t87ntknugykmc00000009zg000000004vx6
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
105b661f-301e-0015-1ad0-e3d2b6000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
ConvergedLogin_PCore_rvcgQIW8sBUbuWPuM-EIeA2.js
aadcdn.msauth.net/shared/1.0/content/js/ 		439 KB
120 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_rvcgQIW8sBUbuWPuM-EIeA2.js
Requested by
Host: frame.office-web.net
URL: https://frame.office-web.net/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638586398204842778.M2Y3MmY4ODEtZmNlMy00NTJiLTk0NDktODdmZjU5MjZlMjE1OTQ3NjJlNzUtNzRmNy00NjU2LTllY2EtYTQ4NTM4YmYwOTRl&ui_locales=nl-NL&mkt=nl-NL&client-request-id=4c85e518-86e8-4538-ab27-bedebca6b325&state=rwfDGsY3kEuyb0plkmBu5jd3tBkrTzVpqkQzgqMECyIUwNWjBSv_zdNTScWVcfmhm6hGjj4EO1FxH83yghjZAsTfPmZsmnhsosn71i91H_0f7PI5bWR6FI9091ru-JJQ4JtZLu9dabsO_7LV2JjkR74TFC6mt6991MtNORAzkx9aMteBQ-CVPjus9M8fNDB3DKjv3M_XV716uipNsX6guESE1Hyq3fZHcMe_Sj123Cb3WYCTXM9OxgRWdV3DYBdmm7oiHkiOv4A1SIX55zf4Ig&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
ad73fbcd8f7866e60affed6d0d5bbe6e317632f144bf110c9a1934ccb0e34bc4

Request headers

Referer
https://frame.office-web.net/
Origin
https://frame.office-web.net
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 07 Aug 2024 15:03:41 GMT
content-encoding
gzip
x-cache
TCP_HIT
x-fd-int-roxy-purgeid
0
content-length
122076
x-ms-lease-status
unlocked
last-modified
Tue, 23 Jul 2024 00:06:24 GMT
etag
0x8DCAAAB4A807BCD
x-azure-ref
20240807T150341Z-17c4bf6c47dl4t87ntknugykmc00000009zg000000004vx8
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
f47e0db2-701e-0034-7ed6-e38721000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
ux.converged.login.strings-nl.min_fg752l6p1r15hza8l-a3aa2.js
aadcdn.msauth.net/ests/2.1/content/cdnbundles/ 		58 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-nl.min_fg752l6p1r15hza8l-a3aa2.js
Requested by
Host: frame.office-web.net
URL: https://frame.office-web.net/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638586398204842778.M2Y3MmY4ODEtZmNlMy00NTJiLTk0NDktODdmZjU5MjZlMjE1OTQ3NjJlNzUtNzRmNy00NjU2LTllY2EtYTQ4NTM4YmYwOTRl&ui_locales=nl-NL&mkt=nl-NL&client-request-id=4c85e518-86e8-4538-ab27-bedebca6b325&state=rwfDGsY3kEuyb0plkmBu5jd3tBkrTzVpqkQzgqMECyIUwNWjBSv_zdNTScWVcfmhm6hGjj4EO1FxH83yghjZAsTfPmZsmnhsosn71i91H_0f7PI5bWR6FI9091ru-JJQ4JtZLu9dabsO_7LV2JjkR74TFC6mt6991MtNORAzkx9aMteBQ-CVPjus9M8fNDB3DKjv3M_XV716uipNsX6guESE1Hyq3fZHcMe_Sj123Cb3WYCTXM9OxgRWdV3DYBdmm7oiHkiOv4A1SIX55zf4Ig&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
2471901f0d975b7a8a4207bb8de6efd99710d2556e82e62496989adfc86dba6e

Request headers

Referer
https://frame.office-web.net/
Origin
https://frame.office-web.net
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 07 Aug 2024 15:03:41 GMT
content-encoding
gzip
x-cache
TCP_HIT
x-fd-int-roxy-purgeid
0
content-length
16863
x-ms-lease-status
unlocked
last-modified
Tue, 09 Jul 2024 17:43:34 GMT
etag
0x8DCA03EA81D958F
x-azure-ref
20240807T150341Z-17c4bf6c47dl4t87ntknugykmc00000009zg000000004vx7
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
db835eb7-001e-005c-52d5-e3e1b1000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
75a1e6e12fef42646fb73aed412a70b8ffdc3015103c5c37e1a3aa8ef621dcff.js
frame.office-web.net/s/ 		0
413 B 		Script
General
Check archive.org
Download Go to
Full URL
https://frame.office-web.net/s/75a1e6e12fef42646fb73aed412a70b8ffdc3015103c5c37e1a3aa8ef621dcff.js
Requested by
Host: frame.office-web.net
URL: https://frame.office-web.net/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638586398204842778.M2Y3MmY4ODEtZmNlMy00NTJiLTk0NDktODdmZjU5MjZlMjE1OTQ3NjJlNzUtNzRmNy00NjU2LTllY2EtYTQ4NTM4YmYwOTRl&ui_locales=nl-NL&mkt=nl-NL&client-request-id=4c85e518-86e8-4538-ab27-bedebca6b325&state=rwfDGsY3kEuyb0plkmBu5jd3tBkrTzVpqkQzgqMECyIUwNWjBSv_zdNTScWVcfmhm6hGjj4EO1FxH83yghjZAsTfPmZsmnhsosn71i91H_0f7PI5bWR6FI9091ru-JJQ4JtZLu9dabsO_7LV2JjkR74TFC6mt6991MtNORAzkx9aMteBQ-CVPjus9M8fNDB3DKjv3M_XV716uipNsX6guESE1Hyq3fZHcMe_Sj123Cb3WYCTXM9OxgRWdV3DYBdmm7oiHkiOv4A1SIX55zf4Ig&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.132.39 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://frame.office-web.net/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638586398204842778.M2Y3MmY4ODEtZmNlMy00NTJiLTk0NDktODdmZjU5MjZlMjE1OTQ3NjJlNzUtNzRmNy00NjU2LTllY2EtYTQ4NTM4YmYwOTRl&ui_locales=nl-NL&mkt=nl-NL&client-request-id=4c85e518-86e8-4538-ab27-bedebca6b325&state=rwfDGsY3kEuyb0plkmBu5jd3tBkrTzVpqkQzgqMECyIUwNWjBSv_zdNTScWVcfmhm6hGjj4EO1FxH83yghjZAsTfPmZsmnhsosn71i91H_0f7PI5bWR6FI9091ru-JJQ4JtZLu9dabsO_7LV2JjkR74TFC6mt6991MtNORAzkx9aMteBQ-CVPjus9M8fNDB3DKjv3M_XV716uipNsX6guESE1Hyq3fZHcMe_Sj123Cb3WYCTXM9OxgRWdV3DYBdmm7oiHkiOv4A1SIX55zf4Ig&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Wed, 07 Aug 2024 15:03:42 GMT
content-encoding
br
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4ZAKyxkQK9Jna6Xcz3ZcAebtBw03EAWIxO1OybksSsXJoujPFPPf22TETnPU1RXBdVhP5kAO9jPdBiZlpJO30Hu9VxLcIvE1nuTshw4vBLIeYs05rVTjABIjA9JDcpFYVJwidc9ZuA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
no-cache, no-store
cf-ray
8af827a52f5365ff-AMS
alt-svc
h3=":443"; ma=86400
main.js
frame.office-web.net/cdn-cgi/challenge-platform/h/g/scripts/jsd/769ce3c24a3b/ Frame 0CAB
Redirect Chain
  • https://frame.office-web.net/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://frame.office-web.net/cdn-cgi/challenge-platform/h/g/scripts/jsd/769ce3c24a3b/main.js?
8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://frame.office-web.net/cdn-cgi/challenge-platform/h/g/scripts/jsd/769ce3c24a3b/main.js?
Protocol
H3
Server
172.67.132.39 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
093c969299c4b2a0f875a01f5f58fb906bc182e932129cc743922d99c7eef3fb
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Wed, 07 Aug 2024 15:03:42 GMT
content-encoding
br
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7F5G08bQiJAjI3LEYjFd0KuhQCvYFVdRFtk8Q2lBfHEQMchApORjEoiTcQk%2FWEwkwnkz7WWWQuQzYuEsCaVaUS%2BZ4%2FlE9kj8E0L8Ylt%2Fa8VWkfONAOZVHGiz%2BQGlQMTwkJDqyrLgng%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
cf-ray
8af827a89a7c65ff-AMS
alt-svc
h3=":443"; ma=86400

Redirect headers

date
Wed, 07 Aug 2024 15:03:42 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9H5Dzm55r1%2BDLE0thbap9%2F6sCj1AGoNdLPhrbp9PA8t6SrZosYAfeYPHyjsbysvzk1bokQi0BVjFZO8aA2CrR4O67ixvOar%2Btj%2FmKRF5%2BhtURVq0pLXCCmYLXRvuBxDL4z2LMGLsAg%3D%3D"}],"group":"cf-nel","max_age":604800}
location
/cdn-cgi/challenge-platform/h/g/scripts/jsd/769ce3c24a3b/main.js?
access-control-allow-origin
*
cache-control
max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
cf-ray
8af827a83a0065ff-AMS
alt-svc
h3=":443"; ma=86400
content-length
0
convergedlogin_pcustomizationloader_6c7dc46bb93924417b57.js
aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/ 		397 KB
114 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_6c7dc46bb93924417b57.js
Requested by
Host: aadcdn.msauth.net
URL: https://aadcdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_rvcgQIW8sBUbuWPuM-EIeA2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
1ec87632ee58734951aa02813ef07ad377126a39a16f063c181519b98ffffc07

Request headers

Referer
https://frame.office-web.net/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 07 Aug 2024 15:03:42 GMT
content-encoding
gzip
x-cache
TCP_HIT
x-fd-int-roxy-purgeid
0
content-length
116351
x-ms-lease-status
unlocked
last-modified
Thu, 20 Jun 2024 02:13:44 GMT
etag
0x8DC90CE9C53BCDF
x-azure-ref
20240807T150342Z-167f4bf999889rksd7c2qm5m2s00000001eg00000000guma
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
c2f21bb9-b01e-0066-18d2-e7fbc9000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
favicon_a_eupayfgghqiai7k9sol6lg2.ico
aadcdn.msauth.net/shared/1.0/content/images/ 		17 KB
17 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

Request headers

Referer
https://frame.office-web.net/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 07 Aug 2024 15:03:42 GMT
x-cache
TCP_HIT
x-fd-int-roxy-purgeid
0
content-length
17174
x-ms-lease-status
unlocked
last-modified
Sun, 18 Oct 2020 03:02:03 GMT
etag
0x8D8731230C851A6
x-azure-ref
20240807T150342Z-167f4bf999889rksd7c2qm5m2s00000001eg00000000gum9
content-type
image/x-icon
access-control-allow-origin
*
x-ms-request-id
7d882c7e-f01e-006f-67eb-e7c9a5000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
8af8279f88c965ff
frame.office-web.net/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 0CAB 		0
687 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://frame.office-web.net/cdn-cgi/challenge-platform/h/g/jsd/r/8af8279f88c965ff
Requested by
Host: frame.office-web.net
URL: https://frame.office-web.net/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.132.39 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 07 Aug 2024 15:03:42 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g3mywyrlQILIld3LMQ2CQCriR0L6t9oxkypSg4YXqpOtVmony3du%2FUQ4t7VmfEFfYAQ3tcrph6hUlSPGui7UY0GOKlbkIcp9bwlD4DxXkBeZjrvJNoKpaEJXHZ%2BGslVr4dieNnBXRg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
8af827a96b3665ff-AMS
alt-svc
h3=":443"; ma=86400
content-length
0
convergedlogin_pfetchsessionsprogress_758d4d3367a37038a3b2.js
aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/ 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_758d4d3367a37038a3b2.js
Requested by
Host: aadcdn.msauth.net
URL: https://aadcdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_rvcgQIW8sBUbuWPuM-EIeA2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
8d31dbc6089dc6195b1945b85a7225a01dcf031bd8cbc3df86029022fe64a5e5

Request headers

Referer
https://frame.office-web.net/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 07 Aug 2024 15:03:42 GMT
content-encoding
gzip
x-cache
TCP_HIT
x-fd-int-roxy-purgeid
4554691
content-length
5531
x-ms-lease-status
unlocked
last-modified
Thu, 20 Jun 2024 02:13:44 GMT
etag
0x8DC90CE9C8E6126
x-azure-ref
20240807T150342Z-167f4bf999889rksd7c2qm5m2s00000001eg00000000gunr
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
aca5dd45-301e-002d-6ec9-e77025000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif
aadcdn.msauth.net/shared/1.0/content/images/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msauth.net/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
a46201581a7c7c667fd42787cd1e9adf2f6bf809efb7596e61a03e8dba9ada13

Request headers

Referer
https://frame.office-web.net/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 07 Aug 2024 15:03:42 GMT
x-cache
TCP_HIT
x-fd-int-roxy-purgeid
4554691
content-length
2672
x-ms-lease-status
unlocked
last-modified
Wed, 24 May 2023 10:11:47 GMT
etag
0x8DB5C3F48EC4154
x-azure-ref
20240807T150342Z-167f4bf999889rksd7c2qm5m2s00000001eg00000000guns
content-type
image/gif
access-control-allow-origin
*
x-ms-request-id
e6a20043-001e-0036-58c6-e74e26000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif
aadcdn.msauth.net/shared/1.0/content/images/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msauth.net/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
8737d721808655f37b333f08a90185699e7e8b9bdaaa15cdb63c8448b426f95d

Request headers

Referer
https://frame.office-web.net/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 07 Aug 2024 15:03:42 GMT
x-cache
TCP_HIT
x-fd-int-roxy-purgeid
0
content-length
3620
x-ms-lease-status
unlocked
last-modified
Wed, 24 May 2023 10:11:48 GMT
etag
0x8DB5C3F4904824B
x-azure-ref
20240807T150342Z-167f4bf999889rksd7c2qm5m2s00000001eg00000000gunt
content-type
image/gif
access-control-allow-origin
*
x-ms-request-id
3e170620-801e-000f-48d2-e7c285000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg
aadcdn.msauth.net/shared/1.0/content/images/backgrounds/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68

Request headers

Referer
https://frame.office-web.net/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 07 Aug 2024 15:03:42 GMT
content-encoding
gzip
x-cache
TCP_HIT
x-fd-int-roxy-purgeid
0
content-length
673
x-ms-lease-status
unlocked
last-modified
Wed, 24 May 2023 10:11:46 GMT
etag
0x8DB5C3F47E260FD
x-azure-ref
20240807T150342Z-167f4bf999889rksd7c2qm5m2s00000001eg00000000gup8
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
bed221e9-a01e-0010-67d2-e7063e000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
aadcdn.msauth.net/shared/1.0/content/images/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

Referer
https://frame.office-web.net/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 07 Aug 2024 15:03:42 GMT
content-encoding
gzip
x-cache
TCP_HIT
x-fd-int-roxy-purgeid
0
content-length
1435
x-ms-lease-status
unlocked
last-modified
Wed, 24 May 2023 10:11:48 GMT
etag
0x8DB5C3F4911527F
x-azure-ref
20240807T150342Z-167f4bf999889rksd7c2qm5m2s00000001eg00000000gup9
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
d95af976-901e-0046-7eeb-e7f7d1000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
Me.htm
login.office-web.net/ Frame 5066 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.office-web.net/Me.htm?v=3
Requested by
Host: aadcdn.msauth.net
URL: https://aadcdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_rvcgQIW8sBUbuWPuM-EIeA2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.132.39 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
969142108f1ee022640457d01b4daa30581f7bcbd669145ab6aa563e9d497da9

Request headers

Referer
https://frame.office-web.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache, no-store
cf-cache-status
DYNAMIC
cf-ray
8af827acde6465ff-AMS
content-encoding
br
content-type
text/html; charset=utf-8
date
Wed, 07 Aug 2024 15:03:43 GMT
expires
Sat, 05 Aug 2034 15:03:43 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
p3p
CP="DSP CUR OTPi IND OTRi ONL FIN"
ppserver
PPV: 30 H: BL02EPF0001D7F9 V: 0
referrer-policy
strict-origin-when-cross-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GzLCnNEhCkd3wMFDVRMijXGLRsAw6i94vMnV1%2BrYZ1BLHeahwO7ojIrh7JQxkZsvPjCrm9yC8Uv2CJtSiXRnZ226i1Nh29Q7Hz5l9gJfLV6CXLKF01WtbfFAcutubMUj8XSCgkfmng%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-ms-request-id
b2cce2d6-57ad-4ea2-84e6-0968d33fe380
x-ms-route-info
C520_BL2
reportstaticmecontroltelemetry
frame.office-web.net/common/instrumentation/ 		265 B
912 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://frame.office-web.net/common/instrumentation/reportstaticmecontroltelemetry?hpgid=1104&hpgact=1800&client-request-id=4c85e518-86e8-4538-ab27-bedebca6b325&hpgrequestid=05d802c7-588d-49e5-b56b-b3efb6172200
Requested by
Host: aadcdn.msauth.net
URL: https://aadcdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_rvcgQIW8sBUbuWPuM-EIeA2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.132.39 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
93f3c15d374e1eb7f4db947af866c0acc289e50065e4799fac44cd0fedb71b1d

Request headers

Referer
https://frame.office-web.net/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638586398204842778.M2Y3MmY4ODEtZmNlMy00NTJiLTk0NDktODdmZjU5MjZlMjE1OTQ3NjJlNzUtNzRmNy00NjU2LTllY2EtYTQ4NTM4YmYwOTRl&ui_locales=nl-NL&mkt=nl-NL&client-request-id=4c85e518-86e8-4538-ab27-bedebca6b325&state=rwfDGsY3kEuyb0plkmBu5jd3tBkrTzVpqkQzgqMECyIUwNWjBSv_zdNTScWVcfmhm6hGjj4EO1FxH83yghjZAsTfPmZsmnhsosn71i91H_0f7PI5bWR6FI9091ru-JJQ4JtZLu9dabsO_7LV2JjkR74TFC6mt6991MtNORAzkx9aMteBQ-CVPjus9M8fNDB3DKjv3M_XV716uipNsX6guESE1Hyq3fZHcMe_Sj123Cb3WYCTXM9OxgRWdV3DYBdmm7oiHkiOv4A1SIX55zf4Ig&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 07 Aug 2024 15:03:44 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
p3p
CP="DSP CUR OTPi IND OTRi ONL FIN"
alt-svc
h3=":443"; ma=86400
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
x-ms-srs
1.P
server
cloudflare
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+est"}]}
content-type
application/json; charset=utf-8
x-ms-request-id
161b6a67-7119-4f5e-bbfa-5e8b6d554600
cache-control
no-cache, no-store
cf-ray
8af827b13a0465ff-AMS
x-ms-ests-server
2.1.18621.9 - WUS3 ProdSlices
expires
-1
convergedlogin_pstringcustomizationhelper_92013fd9f2f609d397ae.js
aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/ 		111 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_92013fd9f2f609d397ae.js
Requested by
Host: aadcdn.msauth.net
URL: https://aadcdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_rvcgQIW8sBUbuWPuM-EIeA2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
bab311bf22661b153353a159f0ec931dbcb79f950fa37daf9d0ff180cbf45deb

Request headers

Referer
https://frame.office-web.net/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 07 Aug 2024 15:03:43 GMT
content-encoding
gzip
x-cache
TCP_HIT
x-fd-int-roxy-purgeid
0
content-length
35167
x-ms-lease-status
unlocked
last-modified
Thu, 20 Jun 2024 02:13:45 GMT
etag
0x8DC90CE9CFCD37E
x-azure-ref
20240807T150343Z-167f4bf999889rksd7c2qm5m2s00000001eg00000000gutg
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
1c7b16d8-701e-003c-69d2-e7ea91000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg
aadcdn.msauth.net/shared/1.0/content/images/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msauth.net/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93

Request headers

Referer
https://frame.office-web.net/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 07 Aug 2024 15:03:43 GMT
content-encoding
gzip
x-cache
TCP_HIT
x-fd-int-roxy-purgeid
0
content-length
621
x-ms-lease-status
unlocked
last-modified
Wed, 24 May 2023 10:11:49 GMT
etag
0x8DB5C3F49ED96E0
x-azure-ref
20240807T150343Z-167f4bf999889rksd7c2qm5m2s00000001eg00000000guth
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
8f5eec9f-301e-003d-07b2-e7b54d000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| $Config object| $Debug object| $Do function| $Loader object| $WebWatson function| GetString function| GetErrorString function| GetUrl object| $B object| ServerData object| webpackJsonp object| ko object| PROOF object| StringRepository object| Telemetry object| telemetry_webpackJsonp boolean| __ConvergedLogin_PCore boolean| __ boolean| __convergedlogin_pcustomizationloader_6c7dc46bb93924417b57 boolean| __convergedlogin_pfetchsessionsprogress_758d4d3367a37038a3b2 boolean| __convergedlogin_pstringcustomizationhelper_92013fd9f2f609d397ae

16 Cookies

Domain/Path Name / Value
.office-web.net/ Name: 0fbf-b661
Value: 75a1e6e12fef42646fb73aed412a70b8ffdc3015103c5c37e1a3aa8ef621dcff
frame.office-web.net/ Name: x-ms-gateway-slice
Value: estsfd
frame.office-web.net/ Name: stsservicecookie
Value: estsfd
www.office-web.net/ Name: OH.DCAffinity
Value: OH-wus
www.office-web.net/ Name: OH.FLID
Value: 0e54ab3b-95ca-4fb5-85dd-5e1db508772a
www.office-web.net/ Name: .AspNetCore.OpenIdConnect.Nonce.6W6ShYDL2sGZfkslRACavSrbz0NDvUC5t-SfhCpFfcGi8jJKRrt8aK-jMg3FPiNsL0LjjmoSUTWEkNG08hIhPBQ2iK1RK6OeQV6_Oos0nQHshm2RrHf19uCS1kzic3w7IEu7KF-HQnAw6ReZdZ2BZ3mK5DVmbPRp_j-FSi3-ltYoNJ4yTt0z-s-cUQWCsBNUGhy7oEI3GJiBWcX-eFyUR7dkGFd-yEJP_VyByU88AMq1imf7PYIisDCvLC7DwKAa
Value: N
www.office-web.net/ Name: .AspNetCore.Correlation.-KlkwI5GOp_MuhxVQxoSuh1XDJv31dmSSCLPvxr-8jE
Value: N
.office-web.net/ Name: MUID
Value: 0D5DF538780764DD1A89E1EC794B65A5
frame.office-web.net/ Name: buid
Value: 0.AQcAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYl6RV1BjxIkezKd-_UiHx7vFs0xmchF1dPG6r1rkqrnUxzYIR3EmbZGeT52q9HitvRs1OSQWkuwGQjV0K0lbzg0xLVWUk2dmKEpv_hz7-xqIgAA
.frame.office-web.net/ Name: esctx
Value: PAQABBwEAAAApTwJmzXqdR4BN2miheQMYVDylWlsB2I7S78WBWJ50Nq5s3ImsXXothorvRyBR1esFHoFCqy_pVAP8cYRNBFKO78IaIbgqpQZDUurp5ugYIvnhsOwmyABDAGFOjKseW4EhJ0TX1lRZV_KyQvTm3OmJTBIA-eLv85ClIsDSevNDBbhCLiu3dbKUxenr3ChVXY0gAA
.frame.office-web.net/ Name: esctx-cKp7O4GKlt8
Value: AQABCQEAAAApTwJmzXqdR4BN2miheQMYWXYAwv9sGEc6ouO6eGdJE79_IkgXjUs7KGW0unExJh7tWB1iYdLoocuzAt6ZxZB9shhW_n9a3KZoHGdRcgRWoT1ihF_Iey6kFNx7tkJGHf9AJ_8PGDdW_yVwn9u7GvmMewoLFu_roxCCutGKJWWSyyAA
frame.office-web.net/ Name: fpc
Value: ArElo8evCPpLgIQ9y3Lr0Q28Ae7AAQAAAMyDRd4OAAAA
.frame.office-web.net/ Name: brcap
Value: 0
.office-web.net/ Name: cf_clearance
Value: uAIBcqQwKtEHQ1nOeCKFzWE7FImlJK4ZkkyLFwnHzGQ-1723043022-1.0.1.1-4v1jZ8tZLUGt2H1hZqthEqS1VGv4Bwnt5lc4OZejRHVnxR0ebySyRAhDv7kbE4PJSVxh66w2M49wHzR54Vggig
.login.office-web.net/ Name: uaid
Value: 88592aaf1741472ca43929ea51c0ff07
.login.office-web.net/ Name: MSPRequ
Value: id=N&lt=1723043023&co=2

1 Console Messages

Source Level URL
Text
recommendation verbose URL: https://frame.office-web.net/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638586398204842778.M2Y3MmY4ODEtZmNlMy00NTJiLTk0NDktODdmZjU5MjZlMjE1OTQ3NjJlNzUtNzRmNy00NjU2LTllY2EtYTQ4NTM4YmYwOTRl&ui_locales=nl-NL&mkt=nl-NL&client-request-id=4c85e518-86e8-4538-ab27-bedebca6b325&state=rwfDGsY3kEuyb0plkmBu5jd3tBkrTzVpqkQzgqMECyIUwNWjBSv_zdNTScWVcfmhm6hGjj4EO1FxH83yghjZAsTfPmZsmnhsosn71i91H_0f7PI5bWR6FI9091ru-JJQ4JtZLu9dabsO_7LV2JjkR74TFC6mt6991MtNORAzkx9aMteBQ-CVPjus9M8fNDB3DKjv3M_XV716uipNsX6guESE1Hyq3fZHcMe_Sj123Cb3WYCTXM9OxgRWdV3DYBdmm7oiHkiOv4A1SIX55zf4Ig&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o