urlscan.io logo urlscan.io
SecurityTrails logo

portal.microsftfonline.com Open in urlscan Pro
13.92.180.23  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://click.email.microsftfonline.com/?mfa=YW15LnplaG5kZXJAYXNjZW50LnVzYmFuay5jb20=
Effective URL: https://portal.microsftfonline.com/changePasswd/?mfa=YW15LnplaG5kZXJAYXNjZW50LnVzYmFuay5jb20=&redirect=https://login.microsoftonlin...
Submission: On February 24 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 16 HTTP transactions. The main IP is 13.92.180.23, located in Boydton, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US. The main domain is portal.microsftfonline.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on February 22nd 2019. Valid for: 8 months.
This is the only time portal.microsftfonline.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
3 4 13.92.180.23 8075 (MICROSOFT...)
13 152.199.23.37 15133 (EDGECAST)
1 2603:1026:c06... 8075 (MICROSOFT...)
1 40.126.9.5 8075 (MICROSOFT...)
16 4
4    13.92.180.23 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
click.email.microsftfonline.com
portal.microsftfonline.com
13    152.199.23.37 (Ashburn, United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)
aadcdn.msftauth.net
1    2603:1026:c06:29::2 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
outlook.office365.com
1    40.126.9.5 (Tokyo, Japan)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
login.microsoftonline.com
Domain Requested by
13 aadcdn.msftauth.net portal.microsftfonline.com
aadcdn.msftauth.net
3 portal.microsftfonline.com 2 redirects
1 login.microsoftonline.com aadcdn.msftauth.net
1 outlook.office365.com aadcdn.msftauth.net
1 click.email.microsftfonline.com 1 redirects
16 5

This site contains links to these domains. Also see Links.

Domain
www.microsoft.com
privacy.microsoft.com
Subject Issuer Validity Valid
portal.microsftfonline.com
Sectigo RSA Domain Validation Secure Server CA		 2019-02-22 -
2019-10-16		 8 months crt.sh
aadcdn.msftauth.net
Microsoft IT TLS CA 5		 2018-11-07 -
2020-11-07		 2 years crt.sh
outlook.com
DigiCert Cloud Services CA-1		 2018-08-01 -
2020-08-01		 2 years crt.sh
stamp2.login.microsoftonline.com
Microsoft IT TLS CA 1		 2018-09-24 -
2020-09-24		 2 years crt.sh

This page contains 2 frames:

Primary Page: https://portal.microsftfonline.com/changePasswd/?mfa=YW15LnplaG5kZXJAYXNjZW50LnVzYmFuay5jb20=&redirect=https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000000-0000-ffff-1111-000000000000&redirect_uri=
Frame ID: 75364240E37E42AF671527FC3065CA81
Requests: 15 HTTP requests in this frame

Frame: https://outlook.office365.com/owa/prefetch.aspx
Frame ID: C1C986ED7501E79C11A769195221A6D8
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://click.email.microsftfonline.com/?mfa=YW15LnplaG5kZXJAYXNjZW50LnVzYmFuay5jb20= HTTP 302
    https://portal.microsftfonline.com/?mfa=YW15LnplaG5kZXJAYXNjZW50LnVzYmFuay5jb20= HTTP 302
    https://portal.microsftfonline.com/changePasswd?mfa=YW15LnplaG5kZXJAYXNjZW50LnVzYmFuay5jb20=&redirect=https://l... HTTP 301
    https://portal.microsftfonline.com/changePasswd/?mfa=YW15LnplaG5kZXJAYXNjZW50LnVzYmFuay5jb20=&redirect=https://... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /IIS(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • headers server /IIS(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • env /^ko$/i
Overall confidence: 100%
Detected patterns
  • env /^webpackJsonp$/i

Page Statistics

16
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

5
Subdomains

4
IPs

2
Countries

485 kB
Transfer

976 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://click.email.microsftfonline.com/?mfa=YW15LnplaG5kZXJAYXNjZW50LnVzYmFuay5jb20= HTTP 302
    https://portal.microsftfonline.com/?mfa=YW15LnplaG5kZXJAYXNjZW50LnVzYmFuay5jb20= HTTP 302
    https://portal.microsftfonline.com/changePasswd?mfa=YW15LnplaG5kZXJAYXNjZW50LnVzYmFuay5jb20=&redirect=https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000000-0000-ffff-1111-000000000000&redirect_uri= HTTP 301
    https://portal.microsftfonline.com/changePasswd/?mfa=YW15LnplaG5kZXJAYXNjZW50LnVzYmFuay5jb20=&redirect=https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000000-0000-ffff-1111-000000000000&redirect_uri= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
portal.microsftfonline.com/changePasswd/
Redirect Chain
  • https://click.email.microsftfonline.com/?mfa=YW15LnplaG5kZXJAYXNjZW50LnVzYmFuay5jb20=
  • https://portal.microsftfonline.com/?mfa=YW15LnplaG5kZXJAYXNjZW50LnVzYmFuay5jb20=
  • https://portal.microsftfonline.com/changePasswd?mfa=YW15LnplaG5kZXJAYXNjZW50LnVzYmFuay5jb20=&redirect=https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000000-0000-ffff-1111-000...
  • https://portal.microsftfonline.com/changePasswd/?mfa=YW15LnplaG5kZXJAYXNjZW50LnVzYmFuay5jb20=&redirect=https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000000-0000-ffff-1111-00...
29 KB
29 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://portal.microsftfonline.com/changePasswd/?mfa=YW15LnplaG5kZXJAYXNjZW50LnVzYmFuay5jb20=&redirect=https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000000-0000-ffff-1111-000000000000&redirect_uri=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.92.180.23 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / PHP/7.2.7
Resource Hash
41888df51903f1a9ebceb7d9d6494a1e46a4de3c5d67b3c22e102c64a9c898f6

Request headers

:method
GET
:authority
portal.microsftfonline.com
:scheme
https
:path
/changePasswd/?mfa=YW15LnplaG5kZXJAYXNjZW50LnVzYmFuay5jb20=&redirect=https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000000-0000-ffff-1111-000000000000&redirect_uri=
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding
gzip, deflate, br
cookie
PHPSESSID=dvn8gte4pfqni6ddd3midi3vr5
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status
200
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
content-type
text/html;charset=utf-8
expires
Thu, 19 Nov 1981 08:52:00 GMT
server
Microsoft-IIS/10.0
x-powered-by
PHP/7.2.7
date
Sun, 24 Feb 2019 14:48:43 GMT
content-length
29783

Redirect headers

status
301
content-type
text/html; charset=UTF-8
location
https://portal.microsftfonline.com/changePasswd/?mfa=YW15LnplaG5kZXJAYXNjZW50LnVzYmFuay5jb20=&redirect=https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000000-0000-ffff-1111-000000000000&redirect_uri=
server
Microsoft-IIS/10.0
date
Sun, 24 Feb 2019 14:48:43 GMT
content-length
352
converged.v2.login.min_xu7km3oxm4bwp2b-mqyozg2.css
aadcdn.msftauth.net/ests/2.1.8623.11/content/cdnbundles/ 		100 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1.8623.11/content/cdnbundles/converged.v2.login.min_xu7km3oxm4bwp2b-mqyozg2.css
Requested by
Host: portal.microsftfonline.com
URL: https://portal.microsftfonline.com/changePasswd/?mfa=YW15LnplaG5kZXJAYXNjZW50LnVzYmFuay5jb20=&redirect=https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000000-0000-ffff-1111-000000000000&redirect_uri=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (frc/8F6C) /
Resource Hash
6013f9292bbf154cd978a519e9ba6d501c57c50118e1535a374b0e6473fec91c

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://portal.microsftfonline.com/changePasswd/?mfa=YW15LnplaG5kZXJAYXNjZW50LnVzYmFuay5jb20=&redirect=https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000000-0000-ffff-1111-000000000000&redirect_uri=
Origin
https://portal.microsftfonline.com

Response headers

x-ms-blob-type
BlockBlob
date
Sun, 24 Feb 2019 14:48:44 GMT
content-encoding
gzip
content-md5
xI6nFIlAZcVgw+oZ8mpIWA==
x-cache
HIT
status
200
content-length
18788
x-ms-lease-status
unlocked
last-modified
Fri, 15 Feb 2019 04:20:12 GMT
server
ECAcc (frc/8F6C)
etag
0x8D692FCE0DB2107
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
1bad5bca-401e-0009-6f82-c507a7000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
oldconvergedlogin_pcore.min_yefyg4ao9leehd50pscldg2.js
aadcdn.msftauth.net/ests/2.1.8623.11/content/cdnbundles/ 		523 KB
136 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1.8623.11/content/cdnbundles/oldconvergedlogin_pcore.min_yefyg4ao9leehd50pscldg2.js
Requested by
Host: portal.microsftfonline.com
URL: https://portal.microsftfonline.com/changePasswd/?mfa=YW15LnplaG5kZXJAYXNjZW50LnVzYmFuay5jb20=&redirect=https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000000-0000-ffff-1111-000000000000&redirect_uri=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (frc/8FDF) /
Resource Hash
b5f99b245058617bbddd8fcaf7a5077024724d8d6b14d9cb8445d275d1e5f89d

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://portal.microsftfonline.com/changePasswd/?mfa=YW15LnplaG5kZXJAYXNjZW50LnVzYmFuay5jb20=&redirect=https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000000-0000-ffff-1111-000000000000&redirect_uri=
Origin
https://portal.microsftfonline.com

Response headers

x-ms-blob-type
BlockBlob
date
Sun, 24 Feb 2019 14:48:44 GMT
content-encoding
gzip
content-md5
C3BSHBI6fT85QlRAZO789Q==
x-cache
HIT
status
200
content-length
138952
x-ms-lease-status
unlocked
last-modified
Fri, 15 Feb 2019 04:26:37 GMT
server
ECAcc (frc/8FDF)
etag
0x8D692FDC672F77D
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
60197381-401e-0085-2583-c53361000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
convergedloginpaginatedstrings-en.min_qcimdnv7oqpmsvmoshvu6g2.js
aadcdn.msftauth.net/ests/2.1.8623.11/content/cdnbundles/ 		31 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1.8623.11/content/cdnbundles/convergedloginpaginatedstrings-en.min_qcimdnv7oqpmsvmoshvu6g2.js
Requested by
Host: portal.microsftfonline.com
URL: https://portal.microsftfonline.com/changePasswd/?mfa=YW15LnplaG5kZXJAYXNjZW50LnVzYmFuay5jb20=&redirect=https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000000-0000-ffff-1111-000000000000&redirect_uri=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (frc/8F66) /
Resource Hash
8ad42bd10bc0181858c249af95b551b3ab17bfe592af25c9349864dbd04a01ae

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://portal.microsftfonline.com/changePasswd/?mfa=YW15LnplaG5kZXJAYXNjZW50LnVzYmFuay5jb20=&redirect=https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000000-0000-ffff-1111-000000000000&redirect_uri=
Origin
https://portal.microsftfonline.com

Response headers

x-ms-blob-type
BlockBlob
date
Sun, 24 Feb 2019 14:48:44 GMT
content-encoding
gzip
content-md5
ymVs0J9qbsbaNM/zSxcW1g==
x-cache
HIT
status
200
content-length
9932
x-ms-lease-status
unlocked
last-modified
Fri, 15 Feb 2019 04:23:19 GMT
server
ECAcc (frc/8F66)
etag
0x8D692FD503CB6A4
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
c1e4ad55-501e-0046-0f83-c5c4e6000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
0-small_138bcee624fa04ef9b75e86211a9fe0d.jpg
aadcdn.msftauth.net/ests/2.1.8623.11/content/images/backgrounds/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauth.net/ests/2.1.8623.11/content/images/backgrounds/0-small_138bcee624fa04ef9b75e86211a9fe0d.jpg
Requested by
Host: aadcdn.msftauth.net
URL: https://aadcdn.msftauth.net/ests/2.1.8623.11/content/cdnbundles/oldconvergedlogin_pcore.min_yefyg4ao9leehd50pscldg2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (frc/8FE0) /
Resource Hash
f89e908280791803bbf1f33b596ff4a2179b355a8e15ad02ebaa2b1da11127ea

Request headers

Referer
https://portal.microsftfonline.com/changePasswd/?mfa=YW15LnplaG5kZXJAYXNjZW50LnVzYmFuay5jb20=&redirect=https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000000-0000-ffff-1111-000000000000&redirect_uri=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sun, 24 Feb 2019 14:48:44 GMT
content-md5
E4vO5iT6BO+bdehiEan+DQ==
x-cache
HIT
status
200
content-length
3006
x-ms-lease-status
unlocked
last-modified
Fri, 15 Feb 2019 04:30:06 GMT
server
ECAcc (frc/8FE0)
etag
0x8D692FE4352FB3F
content-type
image/jpeg
access-control-allow-origin
*
x-ms-request-id
1caa07ae-e01e-005d-5682-c5af81000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
0_a5dbd4393ff6a725c7e62b61df7e72f0.jpg
aadcdn.msftauth.net/ests/2.1.8623.11/content/images/backgrounds/ 		277 KB
277 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauth.net/ests/2.1.8623.11/content/images/backgrounds/0_a5dbd4393ff6a725c7e62b61df7e72f0.jpg
Requested by
Host: aadcdn.msftauth.net
URL: https://aadcdn.msftauth.net/ests/2.1.8623.11/content/cdnbundles/oldconvergedlogin_pcore.min_yefyg4ao9leehd50pscldg2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (frc/8EA1) /
Resource Hash
211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb

Request headers

Referer
https://portal.microsftfonline.com/changePasswd/?mfa=YW15LnplaG5kZXJAYXNjZW50LnVzYmFuay5jb20=&redirect=https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000000-0000-ffff-1111-000000000000&redirect_uri=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sun, 24 Feb 2019 14:48:44 GMT
content-md5
pdvUOT/2pyXH5ith335y8A==
x-cache
HIT
status
200
content-length
283351
x-ms-lease-status
unlocked
last-modified
Fri, 15 Feb 2019 04:30:07 GMT
server
ECAcc (frc/8EA1)
etag
0x8D692FE4398EA81
content-type
image/jpeg
access-control-allow-origin
*
x-ms-request-id
8e58d7ba-201e-005a-0682-c5b74d000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
Cookie set prefetch.aspx
outlook.office365.com/owa/ Frame C1C9 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://outlook.office365.com/owa/prefetch.aspx
Requested by
Host: aadcdn.msftauth.net
URL: https://aadcdn.msftauth.net/ests/2.1.8623.11/content/cdnbundles/oldconvergedlogin_pcore.min_yefyg4ao9leehd50pscldg2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2603:1026:c06:29::2 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Host
outlook.office365.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
https://portal.microsftfonline.com/changePasswd/?mfa=YW15LnplaG5kZXJAYXNjZW50LnVzYmFuay5jb20=&redirect=https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000000-0000-ffff-1111-000000000000&redirect_uri=
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://portal.microsftfonline.com/changePasswd/?mfa=YW15LnplaG5kZXJAYXNjZW50LnVzYmFuay5jb20=&redirect=https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000000-0000-ffff-1111-000000000000&redirect_uri=

Response headers

Cache-Control
private, no-store
Content-Length
1241
Content-Type
text/html; charset=utf-8
Content-Encoding
gzip
Vary
Accept-Encoding
Server
Microsoft-IIS/10.0
request-id
779fa3ff-560e-40b4-897c-9ca709f8fa2e
X-CalculatedFETarget
CWXP265CU001.internal.outlook.com
X-BackEndHttpStatus
200 200
Set-Cookie
ClientId=8C9F9AE9A5D448CDA96D2B39F5A4B97C; expires=Mon, 24-Feb-2020 14:48:44 GMT; path=/; secure ClientId=8C9F9AE9A5D448CDA96D2B39F5A4B97C; expires=Mon, 24-Feb-2020 14:48:44 GMT; path=/; secure OIDC=1; expires=Sat, 24-Aug-2019 14:48:44 GMT; path=/; secure; HttpOnly OWAPF=v:16.2873.2.2664436&l:mouse; path=/
X-FEProxyInfo
CWXP265CA0021.GBRP265.PROD.OUTLOOK.COM
X-CalculatedBETarget
CWLP265MB0497.GBRP265.PROD.OUTLOOK.COM
X-RUM-Validated
1
X-Content-Type-Options
nosniff
X-BeSku
WCS5
X-OWA-Version
15.20.1643.21
X-OWA-DiagnosticsInfo
1;0;0
X-BackEnd-Begin
2019-02-24T14:48:44.776
X-BackEnd-End
2019-02-24T14:48:44.778
X-DiagInfo
CWLP265MB0497
X-BEServer
CWLP265MB0497
X-UA-Compatible
IE=EmulateIE7
Strict-Transport-Security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-FEServer
CWXP265CA0021 LO2P265CA0402
Date
Sun, 24 Feb 2019 14:48:43 GMT
microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
aadcdn.msftauth.net/ests/2.1.8623.11/content/images/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauth.net/ests/2.1.8623.11/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (frc/8F2F) /
Resource Hash
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

Referer
https://portal.microsftfonline.com/changePasswd/?mfa=YW15LnplaG5kZXJAYXNjZW50LnVzYmFuay5jb20=&redirect=https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000000-0000-ffff-1111-000000000000&redirect_uri=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sun, 24 Feb 2019 14:48:44 GMT
content-encoding
gzip
content-md5
nzaLxFgP7ZB3dfMcaybWzw==
x-cache
HIT
status
200
content-length
1435
x-ms-lease-status
unlocked
last-modified
Fri, 15 Feb 2019 04:28:33 GMT
server
ECAcc (frc/8F2F)
etag
0x8D692FE0B8C9519
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
b20416e8-701e-0017-0b82-c57961000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
picker_account_aad_9de70d1c5191d1852a0d5aac28b44a6c.svg
aadcdn.msftauth.net/ests/2.1.8623.11/content/images/ 		756 B
515 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauth.net/ests/2.1.8623.11/content/images/picker_account_aad_9de70d1c5191d1852a0d5aac28b44a6c.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (frc/8FD3) /
Resource Hash
5d3357bd875b7335ace42e8ee3a64578e4253bed1a4e279109de403eedae3a69

Request headers

Referer
https://portal.microsftfonline.com/changePasswd/?mfa=YW15LnplaG5kZXJAYXNjZW50LnVzYmFuay5jb20=&redirect=https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000000-0000-ffff-1111-000000000000&redirect_uri=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sun, 24 Feb 2019 14:48:44 GMT
content-encoding
gzip
content-md5
Sm6wIsHj8wthIZkm/aQWhA==
x-cache
HIT
status
200
content-length
394
x-ms-lease-status
unlocked
last-modified
Fri, 15 Feb 2019 04:28:41 GMT
server
ECAcc (frc/8FD3)
etag
0x8D692FE1057A4AE
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
83c49e07-101e-0020-678e-c5a0d4000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
picker_more_7568a43cf440757c55d2e7f51557ae1f.svg
aadcdn.msftauth.net/ests/2.1.8623.11/content/images/ 		899 B
401 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauth.net/ests/2.1.8623.11/content/images/picker_more_7568a43cf440757c55d2e7f51557ae1f.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (frc/8FDD) /
Resource Hash
b7fcd37eaafe3f08647ed072d5289eadfff6c660a26cdef31532b3fcfb4a0bb2

Request headers

Referer
https://portal.microsftfonline.com/changePasswd/?mfa=YW15LnplaG5kZXJAYXNjZW50LnVzYmFuay5jb20=&redirect=https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000000-0000-ffff-1111-000000000000&redirect_uri=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sun, 24 Feb 2019 14:48:44 GMT
content-encoding
gzip
content-md5
K28EA/F25txr6jQahXym+g==
x-cache
HIT
status
200
content-length
257
x-ms-lease-status
unlocked
last-modified
Fri, 15 Feb 2019 04:28:44 GMT
server
ECAcc (frc/8FDD)
etag
0x8D692FE1247C03E
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
b9c0e51f-801e-0008-538e-c5f9aa000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
marching_ants_white_166de53471265253ab3a456defe6da23.gif
aadcdn.msftauth.net/ests/2.1.8623.11/content/images/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauth.net/ests/2.1.8623.11/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (frc/8F0A) /
Resource Hash
a46201581a7c7c667fd42787cd1e9adf2f6bf809efb7596e61a03e8dba9ada13

Request headers

Referer
https://portal.microsftfonline.com/changePasswd/?mfa=YW15LnplaG5kZXJAYXNjZW50LnVzYmFuay5jb20=&redirect=https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000000-0000-ffff-1111-000000000000&redirect_uri=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sun, 24 Feb 2019 14:48:44 GMT
content-md5
Fm3lNHEmUlOrOkVt7+baIw==
x-cache
HIT
status
200
content-length
2672
x-ms-lease-status
unlocked
last-modified
Fri, 15 Feb 2019 04:28:30 GMT
server
ECAcc (frc/8F0A)
etag
0x8D692FE09FCFA6A
content-type
image/gif
access-control-allow-origin
*
x-ms-request-id
54e16130-101e-0044-2d83-c5c98b000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif
aadcdn.msftauth.net/ests/2.1.8623.11/content/images/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauth.net/ests/2.1.8623.11/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (frc/8FED) /
Resource Hash
8737d721808655f37b333f08a90185699e7e8b9bdaaa15cdb63c8448b426f95d

Request headers

Referer
https://portal.microsftfonline.com/changePasswd/?mfa=YW15LnplaG5kZXJAYXNjZW50LnVzYmFuay5jb20=&redirect=https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000000-0000-ffff-1111-000000000000&redirect_uri=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sun, 24 Feb 2019 14:48:44 GMT
content-md5
tUCo5RgDcZLjLE/li/Lbqw==
x-cache
HIT
status
200
content-length
3620
x-ms-lease-status
unlocked
last-modified
Fri, 15 Feb 2019 04:28:30 GMT
server
ECAcc (frc/8FED)
etag
0x8D692FE09D2393C
content-type
image/gif
access-control-allow-origin
*
x-ms-request-id
f633265d-101e-0026-8083-c54615000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
picker_account_add_56e73414003cdb676008ff7857343074.svg
aadcdn.msftauth.net/ests/2.1.8623.11/content/images/ 		222 B
326 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauth.net/ests/2.1.8623.11/content/images/picker_account_add_56e73414003cdb676008ff7857343074.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (frc/8F58) /
Resource Hash
749f85621d92a5b31b2a377a8c385a36d48a83327dad9a8a8da93cd831b8c9a2

Request headers

Referer
https://portal.microsftfonline.com/changePasswd/?mfa=YW15LnplaG5kZXJAYXNjZW50LnVzYmFuay5jb20=&redirect=https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000000-0000-ffff-1111-000000000000&redirect_uri=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sun, 24 Feb 2019 14:48:44 GMT
content-encoding
gzip
content-md5
ykuOnMaTo0vw2Gx/ZceiPg==
x-cache
HIT
status
200
content-length
184
x-ms-lease-status
unlocked
last-modified
Fri, 15 Feb 2019 04:28:41 GMT
server
ECAcc (frc/8F58)
etag
0x8D692FE10B95E54
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
1c15b9a9-901e-0004-2b8e-c53529000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
ellipsis_white_5ac590ee72bfe06a7cecfd75b588ad73.svg
aadcdn.msftauth.net/ests/2.1.8623.11/content/images/ 		915 B
407 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauth.net/ests/2.1.8623.11/content/images/ellipsis_white_5ac590ee72bfe06a7cecfd75b588ad73.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (frc/8F36) /
Resource Hash
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea

Request headers

Referer
https://portal.microsftfonline.com/changePasswd/?mfa=YW15LnplaG5kZXJAYXNjZW50LnVzYmFuay5jb20=&redirect=https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000000-0000-ffff-1111-000000000000&redirect_uri=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sun, 24 Feb 2019 14:48:44 GMT
content-encoding
gzip
content-md5
HMwsHhNXdtrfirQDkzcqMA==
x-cache
HIT
status
200
content-length
263
x-ms-lease-status
unlocked
last-modified
Fri, 15 Feb 2019 04:28:23 GMT
server
ECAcc (frc/8F36)
etag
0x8D692FE05D637B8
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
847a5cae-901e-0066-3f82-c5bab7000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg
aadcdn.msftauth.net/ests/2.1.8623.11/content/images/ 		915 B
405 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauth.net/ests/2.1.8623.11/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (frc/8F51) /
Resource Hash
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6

Request headers

Referer
https://portal.microsftfonline.com/changePasswd/?mfa=YW15LnplaG5kZXJAYXNjZW50LnVzYmFuay5jb20=&redirect=https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000000-0000-ffff-1111-000000000000&redirect_uri=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sun, 24 Feb 2019 14:48:44 GMT
content-encoding
gzip
content-md5
/a3y/mpA+HRaVAiPACrsog==
x-cache
HIT
status
200
content-length
263
x-ms-lease-status
unlocked
last-modified
Fri, 15 Feb 2019 04:28:22 GMT
server
ECAcc (frc/8F51)
etag
0x8D692FE052D564F
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
31cc8ff0-301e-0056-1382-c57bce000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
reportbssotelemetry
login.microsoftonline.com/common/instrumentation/ 		0
905 B 		Other
General
Check archive.org
Download Go to
Full URL
https://login.microsoftonline.com/common/instrumentation/reportbssotelemetry?hpgid=1104&hpgact=1800&client-request-id=15dee1c8-553e-4559-8959-960cd449fbac&hpgrequestid=116ef7d9-9713-42ae-adfb-23f36b343d00
Requested by
Host: aadcdn.msftauth.net
URL: https://aadcdn.msftauth.net/ests/2.1.8623.11/content/cdnbundles/oldconvergedlogin_pcore.min_yefyg4ao9leehd50pscldg2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.126.9.5 Tokyo, Japan, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://portal.microsftfonline.com/changePasswd/?mfa=YW15LnplaG5kZXJAYXNjZW50LnVzYmFuay5jb20=&redirect=https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000000-0000-ffff-1111-000000000000&redirect_uri=
Origin
https://portal.microsftfonline.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask object| $Config object| $Debug object| $Do function| $Loader object| $WebWatson function| GetString function| GetErrorString function| GetUrl object| $B object| ServerData function| webpackJsonp object| ko object| PROOF object| StringRepository boolean| __OldConvergedLogin_PCore boolean| __ object| mydate

3 Cookies

Domain/Path Name / Value
portal.microsftfonline.com/ Name: PHPSESSID
Value: dvn8gte4pfqni6ddd3midi3vr5
portal.microsftfonline.com/ Name: localdate
Value: Sun Feb 24 2019 14:48:44 GMT+0000 (Coordinated Universal Time)
portal.microsftfonline.com/changePasswd Name: CkTst
Value: G1551019724454

1 Console Messages

Source Level URL
Text
console-api info URL: https://aadcdn.msftauth.net/ests/2.1.8623.11/content/cdnbundles/oldconvergedlogin_pcore.min_yefyg4ao9leehd50pscldg2.js(Line 22)
Message:
BSSO Telemetry: {"result":"Error","error":"bssoNotSupported","type":"TBAuthTelemetry","data":{"BSSO.info":"not-supported"},"traces":["BrowserSSO Initialized","window.navigator.msLaunchUri is not available for _pullBrowserSsoCookie"]}