login.mircosoftonllne.com Open in urlscan Pro
182.23.145.138  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response login.mircosoftonllne.com/	4 KB 2 KB	184ms 7ms	Document text/html	182.23.145.138 PACIFICINTERNET-A...
General Check archive.org Show headers Download Go to Full URL https://login.mircosoftonllne.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 182.23.145.138 Singapore, Singapore, ASN4628 (PACIFICINTERNET-AS-AP Pacific Internet Pte Ltd, SG), Reverse DNS riskclipper-en.i-mxms.com Software Microsoft-IIS/8.5 / ASP.NET Resource Hash ba6e4a8a079237eab5d35af3b3af4d2563d53a072127210b7a4a93cdfd5c76d3 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Frame-Options DENY Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 accept-language zh-SG,zh;q=0.9 Response headers Accept-Ranges bytes Content-Encoding gzip Content-Length 1198 Content-Type text/html Date Fri, 27 Oct 2023 10:25:13 GMT ETag "80501681296da1:0" Last-Modified Tue, 24 Oct 2023 03:23:49 GMT Server Microsoft-IIS/8.5 Strict-Transport-Security max-age=31536000; includeSubDomains Vary Accept-Encoding X-Frame-Options DENY X-Powered-By ASP.NET
GET H/1.1	200 OK	app.css login.mircosoftonllne.com/assets/	5 KB 6 KB	20ms 18ms	Stylesheet text/css	182.23.145.138 PACIFICINTERNET-A...
General Check archive.org Show headers Download Go to Full URL https://login.mircosoftonllne.com/assets/app.css Requested by Host: login.mircosoftonllne.com URL: https://login.mircosoftonllne.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 182.23.145.138 Singapore, Singapore, ASN4628 (PACIFICINTERNET-AS-AP Pacific Internet Pte Ltd, SG), Reverse DNS riskclipper-en.i-mxms.com Software Microsoft-IIS/8.5 / ASP.NET Resource Hash 197c76c1a2269a85ae84d0b33d64e0381d0cca1f4651f81a2a15476c9f3919f9 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Frame-Options DENY Request headers accept-language zh-SG,zh;q=0.9 Referer https://login.mircosoftonllne.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers Strict-Transport-Security max-age=31536000; includeSubDomains Date Fri, 27 Oct 2023 10:25:13 GMT Last-Modified Tue, 24 Oct 2023 03:23:49 GMT Server Microsoft-IIS/8.5 ETag "73e55f81296da1:0" X-Powered-By ASP.NET X-Frame-Options DENY Content-Type text/css Accept-Ranges bytes Content-Length 5418
GET H2	200	jquery.min.js Show response ajax.googleapis.com/ajax/libs/jquery/3.7.1/	85 KB 30 KB	17ms 4ms	Script text/javascript	2404:6800:4003:c05::5f GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js Requested by Host: login.mircosoftonllne.com URL: https://login.mircosoftonllne.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4003:c05::5f Singapore, Singapore, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language zh-SG,zh;q=0.9 Referer https://login.mircosoftonllne.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers date Fri, 27 Oct 2023 04:59:18 GMT content-encoding gzip x-content-type-options nosniff age 19554 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 30462 x-xss-protection 0 last-modified Tue, 12 Sep 2023 02:38:22 GMT server sffe cross-origin-opener-policy same-origin; report-to="hosted-libraries-pushers" vary Accept-Encoding report-to {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=2592000 accept-ranges bytes timing-allow-origin * expires Sat, 26 Oct 2024 04:59:18 GMT
GET H/1.1	200 OK	CustomScripts.js Show response login.mircosoftonllne.com/	2 KB 2 KB	34ms 23ms	Script application/javascript	182.23.145.138 PACIFICINTERNET-A...
General Check archive.org Show headers Download Go to Full URL https://login.mircosoftonllne.com/CustomScripts.js Requested by Host: login.mircosoftonllne.com URL: https://login.mircosoftonllne.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 182.23.145.138 Singapore, Singapore, ASN4628 (PACIFICINTERNET-AS-AP Pacific Internet Pte Ltd, SG), Reverse DNS riskclipper-en.i-mxms.com Software Microsoft-IIS/8.5 / ASP.NET Resource Hash 12565f86c0fe101c668c7754473d7a1cb0b4072708bcde7b46055e5f5148cc55 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Frame-Options DENY Request headers accept-language zh-SG,zh;q=0.9 Referer https://login.mircosoftonllne.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers Strict-Transport-Security max-age=31536000; includeSubDomains Date Fri, 27 Oct 2023 10:25:13 GMT Last-Modified Fri, 27 Oct 2023 07:17:16 GMT Server Microsoft-IIS/8.5 ETag "928f449da58da1:0" X-Powered-By ASP.NET X-Frame-Options DENY Content-Type application/javascript Accept-Ranges bytes Content-Length 2161
GET H/1.1	200 OK	logo.png login.mircosoftonllne.com/assets/	1 KB 2 KB	27ms 16ms	Image image/png	182.23.145.138 PACIFICINTERNET-A...
General Check archive.org Show headers Download Go to Show image Full URL https://login.mircosoftonllne.com/assets/logo.png Requested by Host: login.mircosoftonllne.com URL: https://login.mircosoftonllne.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 182.23.145.138 Singapore, Singapore, ASN4628 (PACIFICINTERNET-AS-AP Pacific Internet Pte Ltd, SG), Reverse DNS riskclipper-en.i-mxms.com Software Microsoft-IIS/8.5 / ASP.NET Resource Hash 8702292cbc365e9f0488143e2b309b85efe09c61fd2e0a2e21c53735a309313c Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Frame-Options DENY Request headers accept-language zh-SG,zh;q=0.9 Referer https://login.mircosoftonllne.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers Strict-Transport-Security max-age=31536000; includeSubDomains Date Fri, 27 Oct 2023 10:25:13 GMT Last-Modified Tue, 24 Oct 2023 03:23:49 GMT Server Microsoft-IIS/8.5 ETag "f7d08a81296da1:0" X-Powered-By ASP.NET X-Frame-Options DENY Content-Type image/png Accept-Ranges bytes Content-Length 1400
GET H/1.1	200 OK	question.png login.mircosoftonllne.com/assets/	412 B 745 B	18ms 6ms	Image image/png	182.23.145.138 PACIFICINTERNET-A...
General Check archive.org Show headers Download Go to Show image Full URL https://login.mircosoftonllne.com/assets/question.png Requested by Host: login.mircosoftonllne.com URL: https://login.mircosoftonllne.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 182.23.145.138 Singapore, Singapore, ASN4628 (PACIFICINTERNET-AS-AP Pacific Internet Pte Ltd, SG), Reverse DNS riskclipper-en.i-mxms.com Software Microsoft-IIS/8.5 / ASP.NET Resource Hash e8d06c0a072a671e5843de9a12f4cd826ca5e17bbeb4c57ee9c410ee878998e8 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Frame-Options DENY Request headers accept-language zh-SG,zh;q=0.9 Referer https://login.mircosoftonllne.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers Strict-Transport-Security max-age=31536000; includeSubDomains Date Fri, 27 Oct 2023 10:25:13 GMT Last-Modified Tue, 24 Oct 2023 03:23:49 GMT Server Microsoft-IIS/8.5 ETag "ba599481296da1:0" X-Powered-By ASP.NET X-Frame-Options DENY Content-Type image/png Accept-Ranges bytes Content-Length 412
GET H/1.1	200 OK	key.png login.mircosoftonllne.com/assets/	727 B 1 KB	8ms 8ms	Image image/png	182.23.145.138 PACIFICINTERNET-A...
General Check archive.org Show headers Download Go to Show image Full URL https://login.mircosoftonllne.com/assets/key.png Requested by Host: login.mircosoftonllne.com URL: https://login.mircosoftonllne.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 182.23.145.138 Singapore, Singapore, ASN4628 (PACIFICINTERNET-AS-AP Pacific Internet Pte Ltd, SG), Reverse DNS riskclipper-en.i-mxms.com Software Microsoft-IIS/8.5 / ASP.NET Resource Hash 40ecb8832f6a9a8aaa0cc6e1287e867a4fca38433d091d86c6cab1f28fbab652 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Frame-Options DENY Request headers accept-language zh-SG,zh;q=0.9 Referer https://login.mircosoftonllne.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers Strict-Transport-Security max-age=31536000; includeSubDomains Date Fri, 27 Oct 2023 10:25:13 GMT Last-Modified Tue, 24 Oct 2023 03:23:49 GMT Server Microsoft-IIS/8.5 ETag "2dc8681296da1:0" X-Powered-By ASP.NET X-Frame-Options DENY Content-Type image/png Accept-Ranges bytes Content-Length 727
GET H/1.1	200 OK	back.png login.mircosoftonllne.com/assets/	231 B 564 B	6ms 6ms	Image image/png	182.23.145.138 PACIFICINTERNET-A...
General Check archive.org Show headers Download Go to Show image Full URL https://login.mircosoftonllne.com/assets/back.png Requested by Host: login.mircosoftonllne.com URL: https://login.mircosoftonllne.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 182.23.145.138 Singapore, Singapore, ASN4628 (PACIFICINTERNET-AS-AP Pacific Internet Pte Ltd, SG), Reverse DNS riskclipper-en.i-mxms.com Software Microsoft-IIS/8.5 / ASP.NET Resource Hash 70e32b2db3f079bb0295a85a0db15ed9e5926294dd947938d6cfa595f5ab18b4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Frame-Options DENY Request headers accept-language zh-SG,zh;q=0.9 Referer https://login.mircosoftonllne.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers Strict-Transport-Security max-age=31536000; includeSubDomains Date Fri, 27 Oct 2023 10:25:13 GMT Last-Modified Tue, 24 Oct 2023 03:23:49 GMT Server Microsoft-IIS/8.5 ETag "be346e81296da1:0" X-Powered-By ASP.NET X-Frame-Options DENY Content-Type image/png Accept-Ranges bytes Content-Length 231
GET H/1.1	200 OK	app.js Show response login.mircosoftonllne.com/assets/	4 KB 4 KB	19ms 18ms	Script application/javascript	182.23.145.138 PACIFICINTERNET-A...
General Check archive.org Show headers Download Go to Full URL https://login.mircosoftonllne.com/assets/app.js Requested by Host: login.mircosoftonllne.com URL: https://login.mircosoftonllne.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 182.23.145.138 Singapore, Singapore, ASN4628 (PACIFICINTERNET-AS-AP Pacific Internet Pte Ltd, SG), Reverse DNS riskclipper-en.i-mxms.com Software Microsoft-IIS/8.5 / ASP.NET Resource Hash c216028bb884c8afe7be694463b2f90345c8c223107d06c1bb27b5aeacd9085a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Frame-Options DENY Request headers accept-language zh-SG,zh;q=0.9 Referer https://login.mircosoftonllne.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers Strict-Transport-Security max-age=31536000; includeSubDomains Date Fri, 27 Oct 2023 10:25:13 GMT Last-Modified Tue, 24 Oct 2023 03:23:49 GMT Server Microsoft-IIS/8.5 ETag "79d36b81296da1:0" X-Powered-By ASP.NET X-Frame-Options DENY Content-Type application/javascript Accept-Ranges bytes Content-Length 3601

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| $ function| jQuery object| commonval function| signinclick function| passwordpress function| YesNo function| updateStatus function| updatepasswordStatus boolean| pwdVal

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
login.mircosoftonllne.com
182.23.145.138
2404:6800:4003:c05::5f
12565f86c0fe101c668c7754473d7a1cb0b4072708bcde7b46055e5f5148cc55
197c76c1a2269a85ae84d0b33d64e0381d0cca1f4651f81a2a15476c9f3919f9
40ecb8832f6a9a8aaa0cc6e1287e867a4fca38433d091d86c6cab1f28fbab652
70e32b2db3f079bb0295a85a0db15ed9e5926294dd947938d6cfa595f5ab18b4
8702292cbc365e9f0488143e2b309b85efe09c61fd2e0a2e21c53735a309313c
ba6e4a8a079237eab5d35af3b3af4d2563d53a072127210b7a4a93cdfd5c76d3
c216028bb884c8afe7be694463b2f90345c8c223107d06c1bb27b5aeacd9085a
e8d06c0a072a671e5843de9a12f4cd826ca5e17bbeb4c57ee9c410ee878998e8
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a