urlscan.io logo urlscan.io
SecurityTrails logo

onmicrosoftonline.macksspaw.com Open in urlscan Pro
159.100.30.211  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://url2507.cheetahagency.com/ls/click?upn=o6XOAG1Wi1vsf1kAKjpjuYWy56xzbC-2BAkEMBOKSSiDzIucCrl6X-2FprvSHztUu3kE6RcMjAsw3CyH7jN...
Effective URL: https://onmicrosoftonline.macksspaw.com/?82tGVK=ShWu&username=gpeters@trimontrea.com&sso_reload=true
Submission: On May 22 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 5 domains to perform 7 HTTP transactions. The main IP is 159.100.30.211, located in Germany and belongs to DE-FIRSTCOLO www.first-colo.net, DE. The main domain is onmicrosoftonline.macksspaw.com.
TLS certificate: Issued by R3 on May 19th 2023. Valid for: 3 months.
This is the only time onmicrosoftonline.macksspaw.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 167.89.115.56 11377 (SENDGRID)
1 1 213.205.32.18 8612 (TISCALI-)
1 2620:0:890::100 54113 (FASTLY)
1 1 166.0.235.123 395111 (KVCNET-2009)
4 159.100.30.211 44066 (DE-FIRSTC...)
7 3
1    167.89.115.56 (Herndon, United States)

ASN11377 (SENDGRID, US)
PTR: o16789115x56.outbound-mail.sendgrid.net
url2507.cheetahagency.com
1    213.205.32.18 (Iglesias, Italy)

ASN8612 (TISCALI-, IT)
PTR: abbonati.tiscali.it
casa.tiscali.it
1    2620:0:890::100 (United States)

ASN54113 (FASTLY, US)
docu-58ea4.web.app
1    166.0.235.123 (United States)

ASN395111 (KVCNET-2009, US)
PTR: ok1050.kvchosting.com
dacewebsolutions.com
4    159.100.30.211 (Germany)

ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE)
onmicrosoftonline.macksspaw.com
Domain Requested by
4 onmicrosoftonline.macksspaw.com docu-58ea4.web.app
onmicrosoftonline.macksspaw.com
1 dacewebsolutions.com 1 redirects
1 docu-58ea4.web.app
1 casa.tiscali.it 1 redirects
1 url2507.cheetahagency.com 1 redirects
0 8c6b27f4-7e36b161.macksspaw.com Failed onmicrosoftonline.macksspaw.com
0 live.macksspaw.com Failed onmicrosoftonline.macksspaw.com
7 7

This site contains no links.

Subject Issuer Validity Valid
web.app
GTS CA 1D4		 2023-05-10 -
2023-08-08		 3 months crt.sh
macksspaw.com
R3		 2023-05-19 -
2023-08-17		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://onmicrosoftonline.macksspaw.com/?82tGVK=ShWu&username=gpeters@trimontrea.com&sso_reload=true
Frame ID: EE3BED73FD4ED6F3FFCA15FC1779842F
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://url2507.cheetahagency.com/ls/click?upn=o6XOAG1Wi1vsf1kAKjpjuYWy56xzbC-2BAkEMBOKSSiDzIucCrl6X-2FprvSHzt... HTTP 302
    https://casa.tiscali.it/promo/?u=https%3A%2F%2Fdocu-58ea4.web.app/g2vTQ3btQ3br5kZ07xtrinZ1H05ntrQ3ba... HTTP 302
    https://docu-58ea4.web.app/g2vTQ3btQ3br5kZ07xtrinZ1H05ntrQ3bad0TR3wH05nZ1?c=351757 Page URL
  2. https://dacewebsolutions.com/.ver.php?url=https://docu-58ea4.web.app/g2vTQ3btQ3br5kZ07xtrinZ1H05ntrQ3bad0... HTTP 302
    https://onmicrosoftonline.macksspaw.com/?82tGVK=ShWu&username=gpeters@trimontrea.com Page URL
  3. https://onmicrosoftonline.macksspaw.com/?82tGVK=ShWu&username=gpeters@trimontrea.com Page URL
  4. https://onmicrosoftonline.macksspaw.com/?82tGVK=ShWu&username=gpeters@trimontrea.com&sso_reload=true Page URL

Page Statistics

7
Requests

71 %
HTTPS

20 %
IPv6

5
Domains

7
Subdomains

3
IPs

3
Countries

427 kB
Transfer

1317 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://url2507.cheetahagency.com/ls/click?upn=o6XOAG1Wi1vsf1kAKjpjuYWy56xzbC-2BAkEMBOKSSiDzIucCrl6X-2FprvSHztUu3kE6RcMjAsw3CyH7jNheT9boOh8wmi-2BQyWUsV0XY82aEAS-2FSG-2Fn3vX4VGbBRO4tksOJvnCsBZ-2BNhuZo0IUD2PMZNDXKpzT1xTA7kfBrLUcSmgRG55Kk3VGYoIjn5FKG-2BLJv9EuP_9jj1jQUG1eZCvPmbT8HJA1npF89dkC4U1oL7hsVImiOWwZNsCkQ53Ol0Nb4aaWOsTPDOHSxTRtPvPTv1emK50QuUhuWaV-2FxWcguboZUII-2BOKxRs0PZ5j7r1YCdxoSJewWwnNrnYCTnWMJ7XRSwlAoldGzX8g-2B9JznVkBMX7QAt-2BBAd-2BrkYML27WknudgKfAkl06ni0uf-2BqNQfC5N5dX79g-3D-3D HTTP 302
    https://casa.tiscali.it/promo/?u=https%3A%2F%2Fdocu-58ea4.web.app/g2vTQ3btQ3br5kZ07xtrinZ1H05ntrQ3bad0TR3wH05nZ1&c=351757 HTTP 302
    https://docu-58ea4.web.app/g2vTQ3btQ3br5kZ07xtrinZ1H05ntrQ3bad0TR3wH05nZ1?c=351757 Page URL
  2. https://dacewebsolutions.com/.ver.php?url=https://docu-58ea4.web.app/g2vTQ3btQ3br5kZ07xtrinZ1H05ntrQ3bad0TR3wH05nZ1?c=351757 HTTP 302
    https://onmicrosoftonline.macksspaw.com/?82tGVK=ShWu&username=gpeters@trimontrea.com Page URL
  3. https://onmicrosoftonline.macksspaw.com/?82tGVK=ShWu&username=gpeters@trimontrea.com Page URL
  4. https://onmicrosoftonline.macksspaw.com/?82tGVK=ShWu&username=gpeters@trimontrea.com&sso_reload=true Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://url2507.cheetahagency.com/ls/click?upn=o6XOAG1Wi1vsf1kAKjpjuYWy56xzbC-2BAkEMBOKSSiDzIucCrl6X-2FprvSHztUu3kE6RcMjAsw3CyH7jNheT9boOh8wmi-2BQyWUsV0XY82aEAS-2FSG-2Fn3vX4VGbBRO4tksOJvnCsBZ-2BNhuZo0IUD2PMZNDXKpzT1xTA7kfBrLUcSmgRG55Kk3VGYoIjn5FKG-2BLJv9EuP_9jj1jQUG1eZCvPmbT8HJA1npF89dkC4U1oL7hsVImiOWwZNsCkQ53Ol0Nb4aaWOsTPDOHSxTRtPvPTv1emK50QuUhuWaV-2FxWcguboZUII-2BOKxRs0PZ5j7r1YCdxoSJewWwnNrnYCTnWMJ7XRSwlAoldGzX8g-2B9JznVkBMX7QAt-2BBAd-2BrkYML27WknudgKfAkl06ni0uf-2BqNQfC5N5dX79g-3D-3D HTTP 302
  • https://casa.tiscali.it/promo/?u=https%3A%2F%2Fdocu-58ea4.web.app/g2vTQ3btQ3br5kZ07xtrinZ1H05ntrQ3bad0TR3wH05nZ1&c=351757 HTTP 302
  • https://docu-58ea4.web.app/g2vTQ3btQ3br5kZ07xtrinZ1H05ntrQ3bad0TR3wH05nZ1?c=351757
Request Chain 1
  • https://dacewebsolutions.com/.ver.php?url=https://docu-58ea4.web.app/g2vTQ3btQ3br5kZ07xtrinZ1H05ntrQ3bad0TR3wH05nZ1?c=351757 HTTP 302
  • https://onmicrosoftonline.macksspaw.com/?82tGVK=ShWu&username=gpeters@trimontrea.com

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
g2vTQ3btQ3br5kZ07xtrinZ1H05ntrQ3bad0TR3wH05nZ1
docu-58ea4.web.app/
Redirect Chain
  • http://url2507.cheetahagency.com/ls/click?upn=o6XOAG1Wi1vsf1kAKjpjuYWy56xzbC-2BAkEMBOKSSiDzIucCrl6X-2FprvSHztUu3kE6RcMjAsw3CyH7jNheT9boOh8wmi-2BQyWUsV0XY82aEAS-2FSG-2Fn3vX4VGbBRO4tksOJvnCsBZ-2BNhuZ...
  • https://casa.tiscali.it/promo/?u=https%3A%2F%2Fdocu-58ea4.web.app/g2vTQ3btQ3br5kZ07xtrinZ1H05ntrQ3bad0TR3wH05nZ1&c=351757
  • https://docu-58ea4.web.app/g2vTQ3btQ3br5kZ07xtrinZ1H05ntrQ3bad0TR3wH05nZ1?c=351757
445 B
634 B 		Document
General
Check archive.org
Download Go to
Full URL
https://docu-58ea4.web.app/g2vTQ3btQ3br5kZ07xtrinZ1H05ntrQ3bad0TR3wH05nZ1?c=351757
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control
max-age=3600
content-encoding
gzip
content-length
264
content-type
text/html; charset=utf-8
date
Mon, 22 May 2023 21:12:39 GMT
etag
"5d33e49304f86d5d16f1ee92b979dd7e87b1c31c56a2557687924a601ee1f114"
last-modified
Mon, 22 May 2023 14:20:02 GMT
strict-transport-security
max-age=31556926; includeSubDomains; preload
vary
x-fh-requested-host, accept-encoding
x-cache
MISS
x-cache-hits
0
x-served-by
cache-fra-eddf8230058-FRA
x-timer
S1684789959.470220,VS0,VE143

Redirect headers

Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
20
Content-Type
text/html; charset=UTF-8
Date
Mon, 22 May 2023 21:12:39 GMT
Keep-Alive
timeout=3, max=100
Location
https://docu-58ea4.web.app/g2vTQ3btQ3br5kZ07xtrinZ1H05ntrQ3bad0TR3wH05nZ1?c=351757
Server
Apache
Vary
Accept-Encoding
/
onmicrosoftonline.macksspaw.com/
Redirect Chain
  • https://dacewebsolutions.com/.ver.php?url=https://docu-58ea4.web.app/g2vTQ3btQ3br5kZ07xtrinZ1H05ntrQ3bad0TR3wH05nZ1?c=351757
  • https://onmicrosoftonline.macksspaw.com/?82tGVK=ShWu&username=gpeters@trimontrea.com
351 KB
118 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://onmicrosoftonline.macksspaw.com/?82tGVK=ShWu&username=gpeters@trimontrea.com
Requested by
Host: docu-58ea4.web.app
URL: https://docu-58ea4.web.app/g2vTQ3btQ3br5kZ07xtrinZ1H05ntrQ3bad0TR3wH05nZ1?c=351757
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
159.100.30.211 , Germany, ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE),
Reverse DNS
Software
nginx /
Resource Hash
580d32425d9c46947cf17c3e4c448b67f01db1af6599825687f4f4648221f602
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://docu-58ea4.web.app/g2vTQ3btQ3br5kZ07xtrinZ1H05ntrQ3bad0TR3wH05nZ1?c=351757
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=utf-8
date
Mon, 22 May 2023 21:12:40 GMT
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding

Redirect headers

Connection
Keep-Alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Mon, 22 May 2023 21:12:40 GMT
Keep-Alive
timeout=5, max=100
Location
https://onmicrosoftonline.macksspaw.com?82tGVK=ShWu&username=gpeters@trimontrea.com#/common/oauth2/authorize?client_id=0.52527769958846-0ff1-0.98098325635352&auth=1-0.71259675440965
Server
Apache
Transfer-Encoding
chunked
Vary
Accept-Encoding
/
onmicrosoftonline.macksspaw.com/ 		200 B
341 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://onmicrosoftonline.macksspaw.com/?82tGVK=ShWu&username=gpeters@trimontrea.com
Requested by
Host: onmicrosoftonline.macksspaw.com
URL: https://onmicrosoftonline.macksspaw.com/?82tGVK=ShWu&username=gpeters@trimontrea.com
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
159.100.30.211 , Germany, ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE),
Reverse DNS
Software
nginx /
Resource Hash
25fd92e5ea8d49f9a7b096c8a32b00062f8bb97080ce4d333053a345e322890a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 22 May 2023 21:12:40 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
vary
Accept-Encoding
content-type
application/json
/
onmicrosoftonline.macksspaw.com/ 		457 KB
156 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://onmicrosoftonline.macksspaw.com/?82tGVK=ShWu&username=gpeters@trimontrea.com
Requested by
Host: onmicrosoftonline.macksspaw.com
URL: https://onmicrosoftonline.macksspaw.com/?82tGVK=ShWu&username=gpeters@trimontrea.com
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
159.100.30.211 , Germany, ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://onmicrosoftonline.macksspaw.com/?82tGVK=ShWu&username=gpeters@trimontrea.com
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-headers
*
access-control-allow-origin
*
cache-control
no-store, no-cache
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Mon, 22 May 2023 21:12:43 GMT
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
p3p
CP="DSP CUR OTPi IND OTRi ONL FIN"
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://ace1a042-7e36b161.macksspaw.com/api/report?catId=GW+estsfd+dub2"}]}
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding Accept-Encoding
x-ms-ests-server
2.1.15427.11 - WEULR1 ProdSlices
x-ms-request-id
19ffb626-aade-4d6f-9c7e-c5cd4e101200
Primary Request /
onmicrosoftonline.macksspaw.com/ 		508 KB
153 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://onmicrosoftonline.macksspaw.com/?82tGVK=ShWu&username=gpeters@trimontrea.com&sso_reload=true
Requested by
Host: onmicrosoftonline.macksspaw.com
URL: https://onmicrosoftonline.macksspaw.com/?82tGVK=ShWu&username=gpeters@trimontrea.com
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
159.100.30.211 , Germany, ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE),
Reverse DNS
Software
nginx /
Resource Hash
9b658c434a6f4c3d5fecb0b097c1d70167e8fea868048a7307622a47c8b75a22
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://onmicrosoftonline.macksspaw.com/?82tGVK=ShWu&username=gpeters@trimontrea.com
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-headers
*
access-control-allow-origin
*
cache-control
no-store, no-cache
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Mon, 22 May 2023 21:12:45 GMT
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
p3p
CP="DSP CUR OTPi IND OTRi ONL FIN"
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://ace1a042-7e36b161.macksspaw.com/api/report?catId=GW+estsfd+dub2"}]}
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding Accept-Encoding
x-ms-ests-server
2.1.15427.11 - WEULR2 ProdSlices
x-ms-request-id
0474b972-b7db-46f8-a934-34fd3e5a0100
Me.htm
live.macksspaw.com/ 		0
0
ConvergedLogin_PCore_s9lCYGipHOEtFkYXVZWDhg2.js
8c6b27f4-7e36b161.macksspaw.com/shared/1.0/content/js/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
live.macksspaw.com
URL
https://live.macksspaw.com/Me.htm?v=3
Domain
8c6b27f4-7e36b161.macksspaw.com
URL
https://8c6b27f4-7e36b161.macksspaw.com/shared/1.0/content/js/ConvergedLogin_PCore_s9lCYGipHOEtFkYXVZWDhg2.js

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

1 Cookies

Domain/Path Name / Value
.macksspaw.com/ Name: aA4CSQ
Value: N2UzNmIxNjEtY2NkNC00MWQ0LTkxZDEtMDZiYWFjYjBkN2U4OjhhNDUzYTMxLTliMGQtNDE3OC1hZjljLWMxNDNkYTQ0ZmZmMQ==

1 Console Messages

Source Level URL
Text
network error URL: https://docu-58ea4.web.app/g2vTQ3btQ3br5kZ07xtrinZ1H05ntrQ3bad0TR3wH05nZ1?c=351757
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload