urlscan.io logo urlscan.io
SecurityTrails logo

login.microsoftonline.com.umimaxcocom.io Open in urlscan Pro
193.36.116.24  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.allery.nh-family-law.info/
Effective URL: https://login.microsoftonline.com.umimaxcocom.io/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&r...
Submission: On September 11 via manual from IN
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 4 countries across 6 domains to perform 33 HTTP transactions. The main IP is 193.36.116.24, located in Copenhagen, Denmark and belongs to ESTNOC-AS, EE. The main domain is login.microsoftonline.com.umimaxcocom.io.
TLS certificate: Issued by Let's Encrypt Authority X3 on September 11th 2019. Valid for: 3 months.
This is the only time login.microsoftonline.com.umimaxcocom.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
2 2 185.173.224.24 19693 (CENTRILOG...)
3 5 193.36.116.24 206804 (ESTNOC-AS)
9 2620:1ec:bdf::10 8068 (MICROSOFT...)
2 23.37.48.112 16625 (AKAMAI-AS)
1 13.107.6.168 8068 (MICROSOFT...)
1 2603:1026:101::2 8075 (MICROSOFT...)
33 6
2    185.173.224.24 (Buffalo, United States)

ASN19693 (CENTRILOGIC-ASN - Centrilogic, Inc., US)
PTR: shared005.hosixy.com
www.allery.nh-family-law.info
5    193.36.116.24 (Copenhagen, Denmark)

ASN206804 (ESTNOC-AS, EE)
login.microsoftonline.com.umimaxcocom.io
www.microsoftonline.com.umimaxcocom.io
9    2620:1ec:bdf::10 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
aadcdn.msauth.net
2    23.37.48.112 (Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a23-37-48-112.deploy.static.akamaitechnologies.com
blob.officehome.msocdn.com
1    13.107.6.168 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
PTR: sharept.ms
www.odwebp.svc.ms
1    2603:1026:101::2 (Paris, France)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
outlook.office365.com
Domain Requested by
9 aadcdn.msauth.net login.microsoftonline.com.umimaxcocom.io
aadcdn.msauth.net
3 login.microsoftonline.com.umimaxcocom.io 2 redirects
2 blob.officehome.msocdn.com www.microsoftonline.com.umimaxcocom.io
2 www.microsoftonline.com.umimaxcocom.io 1 redirects aadcdn.msauth.net
2 www.allery.nh-family-law.info 2 redirects
1 outlook.office365.com www.microsoftonline.com.umimaxcocom.io
1 www.odwebp.svc.ms www.microsoftonline.com.umimaxcocom.io
33 7

This site contains links to these domains. Also see Links.

Domain
privacy.microsoft.com
login.live.com
www.microsoft.com
Subject Issuer Validity Valid
login.microsoftonline.com.umimaxcocom.io
Let's Encrypt Authority X3		 2019-09-11 -
2019-12-10		 3 months crt.sh
aadcdn.msauth.net
Microsoft IT TLS CA 4		 2018-11-07 -
2020-11-07		 2 years crt.sh
*.officehome.msocdn.com
Microsoft IT TLS CA 5		 2017-12-07 -
2019-12-07		 2 years crt.sh
svc.ms
Microsoft IT TLS CA 1		 2018-06-22 -
2020-06-22		 2 years crt.sh
outlook.com
DigiCert Cloud Services CA-1		 2018-11-15 -
2020-11-15		 2 years crt.sh

This page contains 4 frames:

Primary Page: https://login.microsoftonline.com.umimaxcocom.io/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3doimzTA0Zoaa4XcdfNYgN-lmfJOFbRwR9iQ6z8Du6FzDVT3xeKvTddP3Tro4pNie6JG2UFAomcaFSRdEdnPgWrzjjHGUqRocbKpiSnVYuJot6Eh5qbEwdquUWcYD9Xwxf&nonce=637038417941515558.YWE0NTE2Y2ItNzUxOS00NDg5LTllNmItOTliM2Y0MGNkODU5NGIzZWViNWItYjAxYi00MjYxLTljMTEtMjZmMWM4ZTgwYWFl&redirect_uri=https%3a%2f%2fwww.office.com%2f&ui_locales=en-US&mkt=en-US
Frame ID: 77D3AB2FBC57DE2D9D7E97BFEC652885
Requests: 10 HTTP requests in this frame

Frame: https://www.microsoftonline.com.umimaxcocom.io/prefetch/prefetch
Frame ID: 8EB6880C3074731A71BE739B6CB2BD19
Requests: 21 HTTP requests in this frame

Frame: https://www.odwebp.svc.ms/share
Frame ID: AA89872DCC2EC4DAE900616280D5C04E
Requests: 1 HTTP requests in this frame

Frame: https://outlook.office365.com/owa/prefetch.aspx
Frame ID: 80D7FDC7DAE4D0979195D7E1A7D22E15
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://www.allery.nh-family-law.info/ HTTP 302
    https://www.allery.nh-family-law.info/tlvk50v32rqdlek6df517sss.php?Ai8GF51568244992458f3ebf2ff36b120f6ef907ec70d2c... HTTP 302
    https://login.microsoftonline.com.umimaxcocom.io/nREYVKsP HTTP 302
    https://login.microsoftonline.com.umimaxcocom.io/ HTTP 302
    https://www.microsoftonline.com.umimaxcocom.io/login HTTP 302
    https://login.microsoftonline.com.umimaxcocom.io/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&respo... Page URL

Page Statistics

33
Requests

45 %
HTTPS

33 %
IPv6

6
Domains

7
Subdomains

6
IPs

4
Countries

529 kB
Transfer

1105 kB
Size

8
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.allery.nh-family-law.info/ HTTP 302
    https://www.allery.nh-family-law.info/tlvk50v32rqdlek6df517sss.php?Ai8GF51568244992458f3ebf2ff36b120f6ef907ec70d2c8458f3ebf2ff36b120f6ef907ec70d2c8458f3ebf2ff36b120f6ef907ec70d2c8458f3ebf2ff36b120f6ef907ec70d2c8458f3ebf2ff36b120f6ef907ec70d2c8&email=&error= HTTP 302
    https://login.microsoftonline.com.umimaxcocom.io/nREYVKsP HTTP 302
    https://login.microsoftonline.com.umimaxcocom.io/ HTTP 302
    https://www.microsoftonline.com.umimaxcocom.io/login HTTP 302
    https://login.microsoftonline.com.umimaxcocom.io/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3doimzTA0Zoaa4XcdfNYgN-lmfJOFbRwR9iQ6z8Du6FzDVT3xeKvTddP3Tro4pNie6JG2UFAomcaFSRdEdnPgWrzjjHGUqRocbKpiSnVYuJot6Eh5qbEwdquUWcYD9Xwxf&nonce=637038417941515558.YWE0NTE2Y2ItNzUxOS00NDg5LTllNmItOTliM2Y0MGNkODU5NGIzZWViNWItYjAxYi00MjYxLTljMTEtMjZmMWM4ZTgwYWFl&redirect_uri=https%3a%2f%2fwww.office.com%2f&ui_locales=en-US&mkt=en-US Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

33 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set authorize
login.microsoftonline.com.umimaxcocom.io/common/oauth2/
Redirect Chain
  • https://www.allery.nh-family-law.info/
  • https://www.allery.nh-family-law.info/tlvk50v32rqdlek6df517sss.php?Ai8GF51568244992458f3ebf2ff36b120f6ef907ec70d2c8458f3ebf2ff36b120f6ef907ec70d2c8458f3ebf2ff36b120f6ef907ec70d2c8458f3ebf2ff36b120f...
  • https://login.microsoftonline.com.umimaxcocom.io/nREYVKsP
  • https://login.microsoftonline.com.umimaxcocom.io/
  • https://www.microsoftonline.com.umimaxcocom.io/login
  • https://login.microsoftonline.com.umimaxcocom.io/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&stat...
33 KB
34 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.microsoftonline.com.umimaxcocom.io/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3doimzTA0Zoaa4XcdfNYgN-lmfJOFbRwR9iQ6z8Du6FzDVT3xeKvTddP3Tro4pNie6JG2UFAomcaFSRdEdnPgWrzjjHGUqRocbKpiSnVYuJot6Eh5qbEwdquUWcYD9Xwxf&nonce=637038417941515558.YWE0NTE2Y2ItNzUxOS00NDg5LTllNmItOTliM2Y0MGNkODU5NGIzZWViNWItYjAxYi00MjYxLTljMTEtMjZmMWM4ZTgwYWFl&redirect_uri=https%3a%2f%2fwww.office.com%2f&ui_locales=en-US&mkt=en-US
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.36.116.24 Copenhagen, Denmark, ASN206804 (ESTNOC-AS, EE),
Reverse DNS
Software
/
Resource Hash
01e60986a02371d3647991854b42b499a46fa620384af5dca1fbbe038e5f23a7

Request headers

Host
login.microsoftonline.com.umimaxcocom.io
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
none
Accept-Encoding
gzip, deflate, br
Cookie
RZuE=b8d48d221a682400faacfca2d1eb797109ceb96a78f39d39c6b7671d4cbef3e0; fpc=AlVc81ysHWdKjPGvL33MzC4; esctx=AQABAAAAAAAP0wLlqdLVToOpA4kwzSnx8KiiqY3ExGqZ52CpUyUozHWSMqsJF8CkdQn7WsS5dk_U5oHkLlmQ0Pit-ibbXsunKGPJNFb-jfsENIWFhXF4Z6F3iyL84GnOJMKeG6a_4XA668JTO7R1l2KcXO7d2wkq86-UL85LkEQVSi8gi3FoCEeVfCMGK9T9GZYlYIPBojogAA; x-ms-gateway-slice=prod; stsservicecookie=ests; MUID=37FE41703BF76FF81C8C4CA43A286E26
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1

Response headers

Cache-Control
no-cache, no-store
Connection
close
Content-Type
text/html; charset=utf-8
Date
Wed, 11 Sep 2019 23:36:33 GMT
Expires
-1
Link
<https://aadcdn.msauth.net>; rel=preconnect; crossorigin <https://aadcdn.msauth.net>; rel=dns-prefetch <https://aadcdn.msftauth.net>; rel=dns-prefetch
P3p
CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Set-Cookie
buid=AQABAAEAAAAP0wLlqdLVToOpA4kwzSnxz84irXvcx1Oz3seUOzeKHuFTVUaNoRx6hLdV8jfHbI0W3X7EEb3XxvZVeayRkv4zLJMqFarZv8Ww2zuSsJ8cmyH5jWYIQIMaMQO3zq4I27EgAA; Path=/; HttpOnly fpc=AlVc81ysHWdKjPGvL33MzC59Hyj2AQAAAAF8C9UOAAAA; Path=/; HttpOnly x-ms-gateway-slice=prod; Path=/; HttpOnly stsservicecookie=ests; Path=/; HttpOnly
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Dns-Prefetch-Control
on
X-Ms-Ests-Server
2.1.9338.16 - AMS1 ProdSlices
X-Ms-Request-Id
544de75b-56ea-4032-8f96-eb0ac9b51c00

Redirect headers

Connection
close
Content-Type
text/html; charset=utf-8
Date
Wed, 11 Sep 2019 23:36:33 GMT
Location
https://login.microsoftonline.com.umimaxcocom.io/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3doimzTA0Zoaa4XcdfNYgN-lmfJOFbRwR9iQ6z8Du6FzDVT3xeKvTddP3Tro4pNie6JG2UFAomcaFSRdEdnPgWrzjjHGUqRocbKpiSnVYuJot6Eh5qbEwdquUWcYD9Xwxf&nonce=637038417941515558.YWE0NTE2Y2ItNzUxOS00NDg5LTllNmItOTliM2Y0MGNkODU5NGIzZWViNWItYjAxYi00MjYxLTljMTEtMjZmMWM4ZTgwYWFl&redirect_uri=https%3a%2f%2fwww.office.com%2f&ui_locales=en-US&mkt=en-US
Referrer-Policy
strict-origin-when-cross-origin
Set-Cookie
OH.DCAffinity=OH-weu; Path=/; HttpOnly OpenIdConnect.nonce.W46MoFCrObQ5BdWJ5AOcBmpmskJM0CganndPnLogob0%3D=ay04UWY3WXNmX1V4TkJxZXZwZWxLRFFiaHlJRjBNeElDT1kxYW1TbDYwcTliODdRdUdDTHVVSE8xRUdJR29VMnhlaFpRSDRxRG5RSmVqRDh0TEVEWndfSWxSaHNkbzRlTHZjN1d5UTZZX2did2owcEtyT3NsaWVvZGp2N3MyaUFvZXZ2NGVzVktsbVc1ZUtYRWllWEd2Z3pzYWFrdkp3YWFmZF9ueG5qUHNncVpBNTd6NHhmRFljMDhWT05wb0FjTlRhNXZfOWMxbFVBaVVfTlkwcHd5RUJsbEstak9LYmNWWWsydERqcGZqUjZxQ0NLaTRUeHcxWUk5TXVpR1BOaA%3D%3D; Path=/; HttpOnly OH.SID=56d365a9-09f0-4956-8769-5ee4da1009b8; Path=/; HttpOnly OH.DCAffinity=OH-weu; Path=/; HttpOnly OpenIdConnect.nonce.W46MoFCrObQ5BdWJ5AOcBmpmskJM0CganndPnLogob0%3D=ay04UWY3WXNmX1V4TkJxZXZwZWxLRFFiaHlJRjBNeElDT1kxYW1TbDYwcTliODdRdUdDTHVVSE8xRUdJR29VMnhlaFpRSDRxRG5RSmVqRDh0TEVEWndfSWxSaHNkbzRlTHZjN1d5UTZZX2did2owcEtyT3NsaWVvZGp2N3MyaUFvZXZ2NGVzVktsbVc1ZUtYRWllWEd2Z3pzYWFrdkp3YWFmZF9ueG5qUHNncVpBNTd6NHhmRFljMDhWT05wb0FjTlRhNXZfOWMxbFVBaVVfTlkwcHd5RUJsbEstak9LYmNWWWsydERqcGZqUjZxQ0NLaTRUeHcxWUk5TXVpR1BOaA%3D%3D; Path=/; HttpOnly MUID=37FE41703BF76FF81C8C4CA43A286E26; Path=/; Domain=microsoftonline.com.umimaxcocom.io
Transfer-Encoding
chunked
X-Msedge-Ref
Ref A: 0152413DB507470E993A28E8ECF38C1D Ref B: HEL01EDGE0820 Ref C: 2019-09-11T23:36:34Z
X-Ua-Compatible
IE=edge,chrome=1
converged.v2.login.min_mbqre5pw01euigudkiymsa2.css
aadcdn.msauth.net/ests/2.1/content/cdnbundles/ 		99 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_mbqre5pw01euigudkiymsa2.css
Requested by
Host: login.microsoftonline.com.umimaxcocom.io
URL: https://login.microsoftonline.com.umimaxcocom.io/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3doimzTA0Zoaa4XcdfNYgN-lmfJOFbRwR9iQ6z8Du6FzDVT3xeKvTddP3Tro4pNie6JG2UFAomcaFSRdEdnPgWrzjjHGUqRocbKpiSnVYuJot6Eh5qbEwdquUWcYD9Xwxf&nonce=637038417941515558.YWE0NTE2Y2ItNzUxOS00NDg5LTllNmItOTliM2Y0MGNkODU5NGIzZWViNWItYjAxYi00MjYxLTljMTEtMjZmMWM4ZTgwYWFl&redirect_uri=https%3a%2f%2fwww.office.com%2f&ui_locales=en-US&mkt=en-US
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::10 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
ea073d6416a1c80db854b3d255c4984331bb66512a8357a48c1a1f61a0c5258a

Request headers

Sec-Fetch-Mode
cors
Referer
https://login.microsoftonline.com.umimaxcocom.io/
Origin
https://login.microsoftonline.com.umimaxcocom.io
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 11 Sep 2019 23:36:34 GMT
content-encoding
gzip
x-azure-ref-originshield
0pqZ2XQAAAABPAY/HWG7MT4zqCvyPcTfYQU1TRURHRTA1MjIAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-md5
xJKtSYbttmVAbDLC1zk6Bw==
x-cache
TCP_HIT
status
200
content-length
18662
x-ms-lease-status
unlocked
last-modified
Wed, 21 Aug 2019 20:49:36 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D72679143905C7
x-azure-ref
0AoV5XQAAAADxaXx2O51CSZ6FkHVQuLkZVklFRURHRTAyMjAAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
6cd933d4-f01e-0028-36dd-66fe51000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
ux.converged.login.pcore.min_q6j9gbg8znquecfrupl4ra2.js
aadcdn.msauth.net/ests/2.1/content/cdnbundles/ 		579 KB
149 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.login.pcore.min_q6j9gbg8znquecfrupl4ra2.js
Requested by
Host: login.microsoftonline.com.umimaxcocom.io
URL: https://login.microsoftonline.com.umimaxcocom.io/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3doimzTA0Zoaa4XcdfNYgN-lmfJOFbRwR9iQ6z8Du6FzDVT3xeKvTddP3Tro4pNie6JG2UFAomcaFSRdEdnPgWrzjjHGUqRocbKpiSnVYuJot6Eh5qbEwdquUWcYD9Xwxf&nonce=637038417941515558.YWE0NTE2Y2ItNzUxOS00NDg5LTllNmItOTliM2Y0MGNkODU5NGIzZWViNWItYjAxYi00MjYxLTljMTEtMjZmMWM4ZTgwYWFl&redirect_uri=https%3a%2f%2fwww.office.com%2f&ui_locales=en-US&mkt=en-US
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::10 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
79025870b0aa91a963fa5a9a357cb5ea9c8ebbd99a6807e267a7d468711f5f7c

Request headers

Sec-Fetch-Mode
cors
Referer
https://login.microsoftonline.com.umimaxcocom.io/
Origin
https://login.microsoftonline.com.umimaxcocom.io
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 11 Sep 2019 23:36:34 GMT
content-encoding
gzip
x-azure-ref-originshield
0YMd3XQAAAAAmf4s14/KsQ4JuEfZFdeFYQU1TRURHRTA0MTYAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-md5
4cu/IH4LJRd2O4IGl+qFDg==
x-cache
TCP_HIT
status
200
content-length
152617
x-ms-lease-status
unlocked
last-modified
Wed, 21 Aug 2019 16:40:53 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D7265654EED72F
x-azure-ref
0AoV5XQAAAAAsbD0hyglKSbs6cidB8UC7VklFRURHRTAyMjAAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
704eed52-c01e-004b-23ed-66c175000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
ux.converged.login.strings-en.min_78gr_8do2p6oiy1mrxc0gq2.js
aadcdn.msauth.net/ests/2.1/content/cdnbundles/ 		32 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_78gr_8do2p6oiy1mrxc0gq2.js
Requested by
Host: login.microsoftonline.com.umimaxcocom.io
URL: https://login.microsoftonline.com.umimaxcocom.io/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3doimzTA0Zoaa4XcdfNYgN-lmfJOFbRwR9iQ6z8Du6FzDVT3xeKvTddP3Tro4pNie6JG2UFAomcaFSRdEdnPgWrzjjHGUqRocbKpiSnVYuJot6Eh5qbEwdquUWcYD9Xwxf&nonce=637038417941515558.YWE0NTE2Y2ItNzUxOS00NDg5LTllNmItOTliM2Y0MGNkODU5NGIzZWViNWItYjAxYi00MjYxLTljMTEtMjZmMWM4ZTgwYWFl&redirect_uri=https%3a%2f%2fwww.office.com%2f&ui_locales=en-US&mkt=en-US
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::10 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
20528f89739742686d5def52e8b9278fece565aea67f5ffb61cb7b6a27418e7d

Request headers

Sec-Fetch-Mode
cors
Referer
https://login.microsoftonline.com.umimaxcocom.io/
Origin
https://login.microsoftonline.com.umimaxcocom.io
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 11 Sep 2019 23:36:34 GMT
content-encoding
gzip
x-azure-ref-originshield
0dZp2XQAAAAD2PjnaNNdvQoz4twTSmw6DQU1TRURHRTA2MTQAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-md5
iVA98dPdt5ic+Z+jnrCkzg==
x-cache
TCP_HIT
status
200
content-length
10321
x-ms-lease-status
unlocked
last-modified
Mon, 19 Aug 2019 20:44:42 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D724E60FE359E9
x-azure-ref
0AoV5XQAAAAAPzCT4ixgbT5S6b2H9JG/4VklFRURHRTAyMjAAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
a0d82d5c-601e-0005-50e1-66b079000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
Cookie set prefetch
www.microsoftonline.com.umimaxcocom.io/prefetch/ Frame 8EB6 		3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.microsoftonline.com.umimaxcocom.io/prefetch/prefetch
Requested by
Host: aadcdn.msauth.net
URL: https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.login.pcore.min_q6j9gbg8znquecfrupl4ra2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.36.116.24 Copenhagen, Denmark, ASN206804 (ESTNOC-AS, EE),
Reverse DNS
Software
/
Resource Hash
498ce9dca78108c0e5ce4a60058ce5f04dc735737b30905e07b516e59c1f50e0

Request headers

Host
www.microsoftonline.com.umimaxcocom.io
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
nested-navigate
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
same-site
Referer
https://login.microsoftonline.com.umimaxcocom.io/
Accept-Encoding
gzip, deflate, br
Cookie
RZuE=b8d48d221a682400faacfca2d1eb797109ceb96a78f39d39c6b7671d4cbef3e0; OH.DCAffinity=OH-weu; OpenIdConnect.nonce.W46MoFCrObQ5BdWJ5AOcBmpmskJM0CganndPnLogob0%3D=ay04UWY3WXNmX1V4TkJxZXZwZWxLRFFiaHlJRjBNeElDT1kxYW1TbDYwcTliODdRdUdDTHVVSE8xRUdJR29VMnhlaFpRSDRxRG5RSmVqRDh0TEVEWndfSWxSaHNkbzRlTHZjN1d5UTZZX2did2owcEtyT3NsaWVvZGp2N3MyaUFvZXZ2NGVzVktsbVc1ZUtYRWllWEd2Z3pzYWFrdkp3YWFmZF9ueG5qUHNncVpBNTd6NHhmRFljMDhWT05wb0FjTlRhNXZfOWMxbFVBaVVfTlkwcHd5RUJsbEstak9LYmNWWWsydERqcGZqUjZxQ0NLaTRUeHcxWUk5TXVpR1BOaA%3D%3D; OH.SID=56d365a9-09f0-4956-8769-5ee4da1009b8; MUID=37FE41703BF76FF81C8C4CA43A286E26
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
nested-navigate
Referer
https://login.microsoftonline.com.umimaxcocom.io/

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
close
Content-Type
text/html; charset=utf-8
Date
Wed, 11 Sep 2019 23:36:34 GMT
Expires
-1
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Set-Cookie
p.UnAuthUserCookie=dd1cbcde-4fee-4033-975a-6bdd152ea134; Path=/; HttpOnly
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Msedge-Ref
Ref A: 200A74856B9F4BFB9C0A0D4E250F9216 Ref B: HEL01EDGE0820 Ref C: 2019-09-11T23:36:34Z
X-Ua-Compatible
IE=edge,chrome=1
info_4883eb1a3cbdddf5a79e28d320cfe5a9.svg
aadcdn.msauth.net/ests/2.1/content/images/ 		342 B
872 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msauth.net/ests/2.1/content/images/info_4883eb1a3cbdddf5a79e28d320cfe5a9.svg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::10 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
f3368544a6266f0fee3c4437a8144887bbad1de97be20a578c07946a8ed41b4f

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://login.microsoftonline.com.umimaxcocom.io/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 11 Sep 2019 23:36:34 GMT
content-encoding
gzip
x-azure-ref-originshield
0irR2XQAAAADaLmmcVdbCSZjHi/LtXl0PQU1TRURHRTA0MTYAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-md5
chjoZgHXPBuEohZPGnBrBQ==
x-cache
TCP_HIT
status
200
content-length
207
x-ms-lease-status
unlocked
last-modified
Fri, 02 Nov 2018 20:25:27 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D64101538A0E42
x-azure-ref
0AoV5XQAAAAACuGTcCMbiQpXfg+28KkWeVklFRURHRTAxMDcAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
d17e25c4-f01e-0014-28cb-662b59000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=604800
x-ms-version
2009-09-19
microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
aadcdn.msauth.net/ests/2.1/content/images/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msauth.net/ests/2.1/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::10 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://login.microsoftonline.com.umimaxcocom.io/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 11 Sep 2019 23:36:34 GMT
content-encoding
gzip
x-azure-ref-originshield
07Kd2XQAAAACtxc/lM7zyR5OGMxwyiZ0HQU1TRURHRTA2MTIAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-md5
nzaLxFgP7ZB3dfMcaybWzw==
x-cache
TCP_HIT
status
200
content-length
1435
x-ms-lease-status
unlocked
last-modified
Fri, 02 Nov 2018 20:25:31 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D64101560D5E58
x-azure-ref
0AoV5XQAAAACLaFtz1+xOR4+E6LLjIKgHVklFRURHRTAxMDcAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
b493f98d-701e-0048-7bd2-66bc73000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=604800
x-ms-version
2009-09-19
ellipsis_white_5ac590ee72bfe06a7cecfd75b588ad73.svg
aadcdn.msauth.net/ests/2.1/content/images/ 		915 B
557 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msauth.net/ests/2.1/content/images/ellipsis_white_5ac590ee72bfe06a7cecfd75b588ad73.svg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::10 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://login.microsoftonline.com.umimaxcocom.io/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 11 Sep 2019 23:36:34 GMT
content-encoding
gzip
x-azure-ref-originshield
0Ipl2XQAAAAB+fYKHLvjgToG6Qh3vBxEHQU1TRURHRTA0MTkAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-md5
HMwsHhNXdtrfirQDkzcqMA==
x-cache
TCP_HIT
status
200
content-length
263
x-ms-lease-status
unlocked
last-modified
Fri, 02 Nov 2018 20:25:24 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D64101521A1ED5
x-azure-ref
0AoV5XQAAAAAAvNbDre8HTaNHgoO5OfxAVklFRURHRTAxMDcAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
37cd3abf-901e-0012-5ac8-66d155000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=604800
x-ms-version
2009-09-19
ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg
aadcdn.msauth.net/ests/2.1/content/images/ 		915 B
559 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msauth.net/ests/2.1/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::10 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://login.microsoftonline.com.umimaxcocom.io/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 11 Sep 2019 23:36:34 GMT
content-encoding
gzip
x-azure-ref-originshield
0obh2XQAAAAAeiBR1UX7pTZUgOE6JadDHQU1TRURHRTA1MjIAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-md5
/a3y/mpA+HRaVAiPACrsog==
x-cache
TCP_HIT
status
200
content-length
263
x-ms-lease-status
unlocked
last-modified
Fri, 02 Nov 2018 20:25:23 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D641015168A4FB
x-azure-ref
0AoV5XQAAAADzJmEWUPOdRJ1/SFvs3ER5VklFRURHRTAxMDcAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
3a9b0566-f01e-0014-33d0-662b59000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=604800
x-ms-version
2009-09-19
0-small_138bcee624fa04ef9b75e86211a9fe0d.jpg
aadcdn.msauth.net/ests/2.1/content/images/backgrounds/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msauth.net/ests/2.1/content/images/backgrounds/0-small_138bcee624fa04ef9b75e86211a9fe0d.jpg
Requested by
Host: aadcdn.msauth.net
URL: https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.login.pcore.min_q6j9gbg8znquecfrupl4ra2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::10 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
f89e908280791803bbf1f33b596ff4a2179b355a8e15ad02ebaa2b1da11127ea

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://login.microsoftonline.com.umimaxcocom.io/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 11 Sep 2019 23:36:34 GMT
x-azure-ref-originshield
0SZl2XQAAAADrjDyAlNYJTJ3x5MsDm7qXQU1TRURHRTA1MTUAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-md5
E4vO5iT6BO+bdehiEan+DQ==
x-cache
TCP_HIT
status
200
content-length
3006
x-ms-lease-status
unlocked
last-modified
Fri, 02 Nov 2018 20:26:29 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D6410178AD3FAD
x-azure-ref
0AoV5XQAAAAAzKSDnmgS1RKweu/Qe+CE9VklFRURHRTAxMDcAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-type
image/jpeg
access-control-allow-origin
*
x-ms-request-id
7e215c4a-e01e-0059-5cdd-662753000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=604800
x-ms-version
2009-09-19
0_a5dbd4393ff6a725c7e62b61df7e72f0.jpg
aadcdn.msauth.net/ests/2.1/content/images/backgrounds/ 		277 KB
277 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msauth.net/ests/2.1/content/images/backgrounds/0_a5dbd4393ff6a725c7e62b61df7e72f0.jpg
Requested by
Host: aadcdn.msauth.net
URL: https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.login.pcore.min_q6j9gbg8znquecfrupl4ra2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::10 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://login.microsoftonline.com.umimaxcocom.io/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 11 Sep 2019 23:36:34 GMT
x-azure-ref-originshield
0xp92XQAAAABHrZGDs9aLRoxDNIfiNu2xQU1TRURHRTA1MTIAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-md5
pdvUOT/2pyXH5ith335y8A==
x-cache
TCP_HIT
status
200
content-length
283351
x-ms-lease-status
unlocked
last-modified
Fri, 02 Nov 2018 20:26:29 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D6410178E329F6
x-azure-ref
0AoV5XQAAAAB/sQ4zoMOdToYSbmUkp6xPVklFRURHRTAxMDcAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-type
image/jpeg
access-control-allow-origin
*
x-ms-request-id
477a6e5a-801e-005f-11d6-66dd5f000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=604800
x-ms-version
2009-09-19
sharedfontstyles-30d1fc43fd.css
blob.officehome.msocdn.com/bundles/ Frame 8EB6 		1 KB
628 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blob.officehome.msocdn.com/bundles/sharedfontstyles-30d1fc43fd.css
Requested by
Host: www.microsoftonline.com.umimaxcocom.io
URL: https://www.microsoftonline.com.umimaxcocom.io/prefetch/prefetch
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.37.48.112 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-37-48-112.deploy.static.akamaitechnologies.com
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
4d9481536dbf3b0823d5254b666466873a2f577f1222a19aec88cd6157781f2c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
cors
Referer
https://www.microsoftonline.com.umimaxcocom.io/
Origin
https://www.microsoftonline.com.umimaxcocom.io
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Sep 2019 23:36:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-cdn
537401
status
200
x-cache-start
1567707594, 1567707594
content-length
266
last-modified
Thu, 05 Sep 2019 10:56:16 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
7dfc79df-a01e-002d-1216-64b8ef000000
access-control-expose-headers
content-length
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
staticstyles-ee3a7e6b1a.css
blob.officehome.msocdn.com/bundles/ Frame 8EB6 		73 KB
28 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blob.officehome.msocdn.com/bundles/staticstyles-ee3a7e6b1a.css
Requested by
Host: www.microsoftonline.com.umimaxcocom.io
URL: https://www.microsoftonline.com.umimaxcocom.io/prefetch/prefetch
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.37.48.112 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-37-48-112.deploy.static.akamaitechnologies.com
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
f404cf13282ff06fe13ce978baa3f20a1599c093e947bf0c190e633fb1251068
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
cors
Referer
https://www.microsoftonline.com.umimaxcocom.io/
Origin
https://www.microsoftonline.com.umimaxcocom.io
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Sep 2019 23:36:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-cdn
99951
status
200
x-cache-start
1568145044, 1568145078
content-length
28383
last-modified
Mon, 09 Sep 2019 19:24:35 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
56e75802-e01e-0107-4b11-688bff000000
access-control-expose-headers
content-length
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
polyfills-bundle-9d4fa01e5693fe3fde73.js
blob.officehome.msocdn.com/bundles/ Frame 8EB6 		0
0
sharedscripts-da52675f88.js
blob.officehome.msocdn.com/bundles/ Frame 8EB6 		0
0
staticscripts-66b633621a.js
blob.officehome.msocdn.com/bundles/ Frame 8EB6 		0
0
app-bundle-162342fbab9487e8aa70.js
blob.officehome.msocdn.com/bundles/ Frame 8EB6 		0
0
app-bundle-1825464d463449947e48.css
blob.officehome.msocdn.com/bundles/ Frame 8EB6 		0
0
react-bundle-d445f934e39f68e33051.js
blob.officehome.msocdn.com/bundles/ Frame 8EB6 		0
0
vendor-bundle-2776f2ace6ddaff88940.js
blob.officehome.msocdn.com/bundles/ Frame 8EB6 		0
0
favicon-word-cf3b70d2be.ico
blob.officehome.msocdn.com/images/content/images/favicons/ Frame 8EB6 		0
0
favicon-excel-4a1b502024.ico
blob.officehome.msocdn.com/images/content/images/favicons/ Frame 8EB6 		0
0
favicon-powerpoint-c43401e5bd.ico
blob.officehome.msocdn.com/images/content/images/favicons/ Frame 8EB6 		0
0
favicon-sway-234c04e8a7.ico
blob.officehome.msocdn.com/images/content/images/favicons/ Frame 8EB6 		0
0
header-default-desktop-652cc04392.svg
blob.officehome.msocdn.com/images/content/images/fluent-background-sources/ Frame 8EB6 		0
0
document-sprite-f8cd18cf2a.png
blob.officehome.msocdn.com/images/content/images/ Frame 8EB6 		0
0
zero-docs-sprite-14795e957f.png
blob.officehome.msocdn.com/images/content/images/ Frame 8EB6 		0
0
share
www.odwebp.svc.ms/ Frame AA89 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.odwebp.svc.ms/share
Requested by
Host: www.microsoftonline.com.umimaxcocom.io
URL: https://www.microsoftonline.com.umimaxcocom.io/prefetch/prefetch
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.107.6.168 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
sharept.ms
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

:method
GET
:authority
www.odwebp.svc.ms
:scheme
https
:path
/share
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
nested-navigate
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
referer
https://www.microsoftonline.com.umimaxcocom.io/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
nested-navigate
Referer
https://www.microsoftonline.com.umimaxcocom.io/

Response headers

status
200
cache-control
private, max-age=86400
content-length
94909
content-type
text/html; charset=utf-8
expires
Thu, 12 Sep 2019 23:36:35 GMT
last-modified
Wed, 11 Sep 2019 23:36:35 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-odweb-correlationid
7fcf082b-b324-4491-a451-e98da09c49ee
x-msnserver
RD281878A1A4E7
x-odwebserver
northeurope0-ODWebp
x-msedge-ref
Ref A: 86D797C69EB74B6A944F362A8AB6EB60 Ref B: AMS04EDGE0214 Ref C: 2019-09-11T23:36:35Z
date
Wed, 11 Sep 2019 23:36:34 GMT
wordtheme.min.css
blob.officehome.msocdn.com/versionless/startpages/ Frame 8EB6 		0
0
exceltheme.min.css
blob.officehome.msocdn.com/versionless/startpages/ Frame 8EB6 		0
0
powerpointtheme.min.css
blob.officehome.msocdn.com/versionless/startpages/ Frame 8EB6 		0
0
swaytheme.min.css
blob.officehome.msocdn.com/versionless/startpages/ Frame 8EB6 		0
0
Cookie set prefetch.aspx
outlook.office365.com/owa/ Frame 80D7 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://outlook.office365.com/owa/prefetch.aspx
Requested by
Host: www.microsoftonline.com.umimaxcocom.io
URL: https://www.microsoftonline.com.umimaxcocom.io/prefetch/prefetch
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2603:1026:101::2 Paris, France, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Host
outlook.office365.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
nested-navigate
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
cross-site
Referer
https://www.microsoftonline.com.umimaxcocom.io/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
nested-navigate
Referer
https://www.microsoftonline.com.umimaxcocom.io/

Response headers

Cache-Control
private, no-store
Content-Length
1241
Content-Type
text/html; charset=utf-8
Content-Encoding
gzip
Vary
Accept-Encoding
Server
Microsoft-IIS/10.0
request-id
067f3728-eec8-4a94-9586-2d7694df4684
X-CalculatedFETarget
MRXP264CU001.internal.outlook.com
X-BackEndHttpStatus
200 200
Set-Cookie
ClientId=175F575EA5514D0DAF0985F9F079EAF4; expires=Fri, 11-Sep-2020 23:36:35 GMT; path=/; secure ClientId=175F575EA5514D0DAF0985F9F079EAF4; expires=Fri, 11-Sep-2020 23:36:35 GMT; path=/; secure OIDC=1; expires=Wed, 11-Mar-2020 23:36:35 GMT; path=/; secure; HttpOnly OWAPF=v:16.3249.4.2709468&l:mouse; path=/
X-FEProxyInfo
MRXP264CA0003.FRAP264.PROD.OUTLOOK.COM
X-CalculatedBETarget
MRXP264MB0391.FRAP264.PROD.OUTLOOK.COM
X-RUM-Validated
1
X-Content-Type-Options
nosniff
X-BeSku
WCS5
X-OWA-Version
15.20.2241.20
X-OWA-DiagnosticsInfo
1;0;0
X-BackEnd-Begin
2019-09-11T23:36:35.161
X-BackEnd-End
2019-09-11T23:36:35.164
X-DiagInfo
MRXP264MB0391
X-BEServer
MRXP264MB0391
X-UA-Compatible
IE=EmulateIE7
Strict-Transport-Security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Proxy-BackendServerStatus
200
X-FEServer
MRXP264CA0003 PR2P264CA0019
Date
Wed, 11 Sep 2019 23:36:34 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
blob.officehome.msocdn.com
URL
https://blob.officehome.msocdn.com/bundles/polyfills-bundle-9d4fa01e5693fe3fde73.js
Domain
blob.officehome.msocdn.com
URL
https://blob.officehome.msocdn.com/bundles/sharedscripts-da52675f88.js
Domain
blob.officehome.msocdn.com
URL
https://blob.officehome.msocdn.com/bundles/staticscripts-66b633621a.js
Domain
blob.officehome.msocdn.com
URL
https://blob.officehome.msocdn.com/bundles/app-bundle-162342fbab9487e8aa70.js
Domain
blob.officehome.msocdn.com
URL
https://blob.officehome.msocdn.com/bundles/app-bundle-1825464d463449947e48.css
Domain
blob.officehome.msocdn.com
URL
https://blob.officehome.msocdn.com/bundles/react-bundle-d445f934e39f68e33051.js
Domain
blob.officehome.msocdn.com
URL
https://blob.officehome.msocdn.com/bundles/vendor-bundle-2776f2ace6ddaff88940.js
Domain
blob.officehome.msocdn.com
URL
https://blob.officehome.msocdn.com/images/content/images/favicons/favicon-word-cf3b70d2be.ico
Domain
blob.officehome.msocdn.com
URL
https://blob.officehome.msocdn.com/images/content/images/favicons/favicon-excel-4a1b502024.ico
Domain
blob.officehome.msocdn.com
URL
https://blob.officehome.msocdn.com/images/content/images/favicons/favicon-powerpoint-c43401e5bd.ico
Domain
blob.officehome.msocdn.com
URL
https://blob.officehome.msocdn.com/images/content/images/favicons/favicon-sway-234c04e8a7.ico
Domain
blob.officehome.msocdn.com
URL
https://blob.officehome.msocdn.com/images/content/images/fluent-background-sources/header-default-desktop-652cc04392.svg
Domain
blob.officehome.msocdn.com
URL
https://blob.officehome.msocdn.com/images/content/images/document-sprite-f8cd18cf2a.png
Domain
blob.officehome.msocdn.com
URL
https://blob.officehome.msocdn.com/images/content/images/zero-docs-sprite-14795e957f.png
Domain
blob.officehome.msocdn.com
URL
https://blob.officehome.msocdn.com/versionless/startpages/wordtheme.min.css
Domain
blob.officehome.msocdn.com
URL
https://blob.officehome.msocdn.com/versionless/startpages/exceltheme.min.css
Domain
blob.officehome.msocdn.com
URL
https://blob.officehome.msocdn.com/versionless/startpages/powerpointtheme.min.css
Domain
blob.officehome.msocdn.com
URL
https://blob.officehome.msocdn.com/versionless/startpages/swaytheme.min.css

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| $Config object| $Debug object| $Do function| $Loader object| $WebWatson function| GetString function| GetErrorString function| GetUrl object| $B object| ServerData function| webpackJsonp object| ko object| PROOF object| StringRepository boolean| __ConvergedLogin_PCore boolean| __

8 Cookies

Domain/Path Name / Value
login.microsoftonline.com.umimaxcocom.io/ Name: fpc
Value: AlVc81ysHWdKjPGvL33MzC59Hyj2AQAAAAF8C9UOAAAA
login.microsoftonline.com.umimaxcocom.io/ Name: buid
Value: AQABAAEAAAAP0wLlqdLVToOpA4kwzSnxz84irXvcx1Oz3seUOzeKHuFTVUaNoRx6hLdV8jfHbI0W3X7EEb3XxvZVeayRkv4zLJMqFarZv8Ww2zuSsJ8cmyH5jWYIQIMaMQO3zq4I27EgAA
.microsoftonline.com.umimaxcocom.io/ Name: MUID
Value: 37FE41703BF76FF81C8C4CA43A286E26
.microsoftonline.com.umimaxcocom.io/ Name: RZuE
Value: b8d48d221a682400faacfca2d1eb797109ceb96a78f39d39c6b7671d4cbef3e0
login.microsoftonline.com.umimaxcocom.io/ Name: stsservicecookie
Value: ests
login.microsoftonline.com.umimaxcocom.io/ Name: x-ms-gateway-slice
Value: prod
.login.microsoftonline.com.umimaxcocom.io/ Name: esctx
Value: AQABAAAAAAAP0wLlqdLVToOpA4kwzSnx8KiiqY3ExGqZ52CpUyUozHWSMqsJF8CkdQn7WsS5dk_U5oHkLlmQ0Pit-ibbXsunKGPJNFb-jfsENIWFhXF4Z6F3iyL84GnOJMKeG6a_4XA668JTO7R1l2KcXO7d2wkq86-UL85LkEQVSi8gi3FoCEeVfCMGK9T9GZYlYIPBojogAA
login.microsoftonline.com.umimaxcocom.io/common/oauth2 Name: CkTst
Value: G1568244994780