urlscan.io logo urlscan.io
SecurityTrails logo

login.microsoftonline.com Open in urlscan Pro
40.126.32.76  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://69ddf58c08dd4ddb8838df6e77ce0de3.fp.measure.office.com/
Effective URL: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%...
Submission: On April 29 via api from IE — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 3 HTTP transactions. The main IP is 40.126.32.76, located in Amsterdam, Netherlands and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is login.microsoftonline.com. The Cisco Umbrella rank of the primary domain is 29.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on February 23rd 2022. Valid for: a year.
This is the only time login.microsoftonline.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2 2603:1026:207... 8075 (MICROSOFT...)
2 40.126.32.76 8075 (MICROSOFT...)
1 40.126.31.73 8075 (MICROSOFT...)
3 2
Apex Domain
Subdomains		 Transfer
2 microsoftonline.com
login.microsoftonline.com — Cisco Umbrella Rank: 29
54 KB
2 office.com
69ddf58c08dd4ddb8838df6e77ce0de3.fp.measure.office.com
3 KB
1 live.com
login.live.com — Cisco Umbrella Rank: 81
3 3
Domain Requested by
2 login.microsoftonline.com login.microsoftonline.com
2 69ddf58c08dd4ddb8838df6e77ce0de3.fp.measure.office.com 2 redirects
1 login.live.com login.microsoftonline.com
3 3

This site contains no links.

Subject Issuer Validity Valid
stamp2.login.microsoftonline.com
DigiCert SHA2 Secure Server CA		 2022-02-23 -
2023-02-23		 a year crt.sh
graph.windows.net
DigiCert SHA2 Secure Server CA		 2022-04-05 -
2023-04-05		 a year crt.sh

This page contains 1 frames:

Primary Page: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2f69ddf58c08dd4ddb8838df6e77ce0de3.fp.measure.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=af74f64c-9722-f25a-d056-11e8828cefb8&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=637868017923278208.6191cfa9-8857-4a6a-ac5e-4b4823b94a00&state=Dcs7EoAwCABRouNxMCRBPschGW0tvb4Ub7stALCnLRXKgMpQE6Om3kdX62SnNG_rCUezS5FDAmNdN_Jk62M6B1HJ96jvF_UH&sso_reload=true
Frame ID: 6F8BEECADE96F9648BE23A5831735FAD
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://69ddf58c08dd4ddb8838df6e77ce0de3.fp.measure.office.com/ HTTP 302
    https://69ddf58c08dd4ddb8838df6e77ce0de3.fp.measure.office.com/owa/ HTTP 302
    https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redir... Page URL
  2. https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redir... Page URL

Page Statistics

3
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

54 kB
Transfer

275 kB
Size

13
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://69ddf58c08dd4ddb8838df6e77ce0de3.fp.measure.office.com/ HTTP 302
    https://69ddf58c08dd4ddb8838df6e77ce0de3.fp.measure.office.com/owa/ HTTP 302
    https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2f69ddf58c08dd4ddb8838df6e77ce0de3.fp.measure.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=af74f64c-9722-f25a-d056-11e8828cefb8&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=637868017923278208.6191cfa9-8857-4a6a-ac5e-4b4823b94a00&state=Dcs7EoAwCABRouNxMCRBPschGW0tvb4Ub7stALCnLRXKgMpQE6Om3kdX62SnNG_rCUezS5FDAmNdN_Jk62M6B1HJ96jvF_UH Page URL
  2. https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2f69ddf58c08dd4ddb8838df6e77ce0de3.fp.measure.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=af74f64c-9722-f25a-d056-11e8828cefb8&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=637868017923278208.6191cfa9-8857-4a6a-ac5e-4b4823b94a00&state=Dcs7EoAwCABRouNxMCRBPschGW0tvb4Ub7stALCnLRXKgMpQE6Om3kdX62SnNG_rCUezS5FDAmNdN_Jk62M6B1HJ96jvF_UH&sso_reload=true Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://69ddf58c08dd4ddb8838df6e77ce0de3.fp.measure.office.com/ HTTP 302
  • https://69ddf58c08dd4ddb8838df6e77ce0de3.fp.measure.office.com/owa/ HTTP 302
  • https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2f69ddf58c08dd4ddb8838df6e77ce0de3.fp.measure.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=af74f64c-9722-f25a-d056-11e8828cefb8&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=637868017923278208.6191cfa9-8857-4a6a-ac5e-4b4823b94a00&state=Dcs7EoAwCABRouNxMCRBPschGW0tvb4Ub7stALCnLRXKgMpQE6Om3kdX62SnNG_rCUezS5FDAmNdN_Jk62M6B1HJ96jvF_UH

3 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
authorize
login.microsoftonline.com/common/oauth2/
Redirect Chain
  • https://69ddf58c08dd4ddb8838df6e77ce0de3.fp.measure.office.com/
  • https://69ddf58c08dd4ddb8838df6e77ce0de3.fp.measure.office.com/owa/
  • https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2f69ddf58c08dd4ddb8838df6e77ce0de3.fp.measure.office.com%2fowa%2f&r...
150 KB
54 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2f69ddf58c08dd4ddb8838df6e77ce0de3.fp.measure.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=af74f64c-9722-f25a-d056-11e8828cefb8&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=637868017923278208.6191cfa9-8857-4a6a-ac5e-4b4823b94a00&state=Dcs7EoAwCABRouNxMCRBPschGW0tvb4Ub7stALCnLRXKgMpQE6Om3kdX62SnNG_rCUezS5FDAmNdN_Jk62M6B1HJ96jvF_UH
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.126.32.76 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

Cache-Control
no-store, no-cache
Content-Encoding
gzip
Content-Length
54592
Content-Type
text/html; charset=utf-8
Date
Fri, 29 Apr 2022 04:03:12 GMT
Expires
-1
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-XSS-Protection
0
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+ams2"}]}
x-ms-ests-server
2.1.12651.9 - WEULR1 ProdSlices
x-ms-request-id
67e6613d-7017-454c-801a-3bc063be0d00

Redirect headers

alt-svc
h3=":443",h3-29=":443"
content-length
819
content-type
text/html; charset=utf-8
date
Fri, 29 Apr 2022 04:03:11 GMT
location
https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2f69ddf58c08dd4ddb8838df6e77ce0de3.fp.measure.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=af74f64c-9722-f25a-d056-11e8828cefb8&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=637868017923278208.6191cfa9-8857-4a6a-ac5e-4b4823b94a00&state=Dcs7EoAwCABRouNxMCRBPschGW0tvb4Ub7stALCnLRXKgMpQE6Om3kdX62SnNG_rCUezS5FDAmNdN_Jk62M6B1HJ96jvF_UH
nel
{"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
p3p
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
report-to
{"group":"NelOfficeUpload1","max_age":7200,"endpoints":[{"url":"https://exo.nel.measure.office.net/api/report?TenantId=&FrontEnd=Cafe&DestinationEndpoint=AMS"}],"include_subdomains":true}
request-id
af74f64c-9722-f25a-d056-11e8828cefb8
server
Microsoft-IIS/10.0
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-backend-begin
2022-04-29T04:03:12.327
x-backend-end
2022-04-29T04:03:12.327
x-backendhttpstatus
302 302
x-beserver
DB6PR0802MB2584
x-besku
Gen9
x-calculatedbetarget
DB6PR0802MB2584.eurprd08.PROD.OUTLOOK.COM
x-calculatedfetarget
DU2PR04CU009.internal.outlook.com
x-content-type-options
nosniff
x-diaginfo
DB6PR0802MB2584
x-feefzinfo
AMS
x-feproxyinfo
AM0PR08CA0015.EURPRD08.PROD.OUTLOOK.COM
x-feserver
DU2PR04CA0262 AM0PR08CA0015
x-firsthopcafeefz
AMS
x-iids
0
x-owa-diagnosticsinfo
1;0;0
x-proxy-backendserverstatus
302
x-proxy-routingcorrectness
1
x-rum-validated
1
x-ua-compatible
IE=EmulateIE7
Primary Request authorize
login.microsoftonline.com/common/oauth2/ 		125 KB
0 		Document
General
Check archive.org
Download Go to
Full URL
https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2f69ddf58c08dd4ddb8838df6e77ce0de3.fp.measure.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=af74f64c-9722-f25a-d056-11e8828cefb8&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=637868017923278208.6191cfa9-8857-4a6a-ac5e-4b4823b94a00&state=Dcs7EoAwCABRouNxMCRBPschGW0tvb4Ub7stALCnLRXKgMpQE6Om3kdX62SnNG_rCUezS5FDAmNdN_Jk62M6B1HJ96jvF_UH&sso_reload=true
Requested by
Host: login.microsoftonline.com
URL: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2f69ddf58c08dd4ddb8838df6e77ce0de3.fp.measure.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=af74f64c-9722-f25a-d056-11e8828cefb8&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=637868017923278208.6191cfa9-8857-4a6a-ac5e-4b4823b94a00&state=Dcs7EoAwCABRouNxMCRBPschGW0tvb4Ub7stALCnLRXKgMpQE6Om3kdX62SnNG_rCUezS5FDAmNdN_Jk62M6B1HJ96jvF_UH
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.126.32.76 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2f69ddf58c08dd4ddb8838df6e77ce0de3.fp.measure.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=af74f64c-9722-f25a-d056-11e8828cefb8&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=637868017923278208.6191cfa9-8857-4a6a-ac5e-4b4823b94a00&state=Dcs7EoAwCABRouNxMCRBPschGW0tvb4Ub7stALCnLRXKgMpQE6Om3kdX62SnNG_rCUezS5FDAmNdN_Jk62M6B1HJ96jvF_UH
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

Cache-Control
no-store, no-cache
Content-Encoding
gzip
Content-Length
49814
Content-Type
text/html; charset=utf-8
Date
Fri, 29 Apr 2022 04:03:12 GMT
Expires
-1
Link
<https://aadcdn.msftauth.net>; rel=preconnect; crossorigin <https://aadcdn.msftauth.net>; rel=dns-prefetch <https://aadcdn.msauth.net>; rel=dns-prefetch
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-DNS-Prefetch-Control
on
X-Frame-Options
DENY
X-XSS-Protection
0
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+ams2"}]}
x-ms-ests-server
2.1.12651.7 - NEULR1 ProdSlices
x-ms-request-id
8a28038b-d353-43ee-a011-5c2255357b02
Me.htm
login.live.com/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://login.live.com/Me.htm?v=3
Requested by
Host: login.microsoftonline.com
URL: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2f69ddf58c08dd4ddb8838df6e77ce0de3.fp.measure.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=af74f64c-9722-f25a-d056-11e8828cefb8&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=637868017923278208.6191cfa9-8857-4a6a-ac5e-4b4823b94a00&state=Dcs7EoAwCABRouNxMCRBPschGW0tvb4Ub7stALCnLRXKgMpQE6Om3kdX62SnNG_rCUezS5FDAmNdN_Jk62M6B1HJ96jvF_UH&sso_reload=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.126.31.73 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://login.microsoftonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails object| $Config object| $Debug object| $Do function| $Loader object| $WebWatson function| GetString function| GetErrorString function| GetUrl object| $B object| ServerData

13 Cookies

Domain/Path Name / Value
69ddf58c08dd4ddb8838df6e77ce0de3.fp.measure.office.com/ Name: ClientId
Value: AEB91C29722C4410A031DB7D7E12122F
69ddf58c08dd4ddb8838df6e77ce0de3.fp.measure.office.com/ Name: OIDC
Value: 1
69ddf58c08dd4ddb8838df6e77ce0de3.fp.measure.office.com/ Name: OpenIdConnect.nonce.v3.At3c8euHps4ot2_1AUpRNnOruVFV7tWVM5g9OQ-PLik
Value: 637868017923278208.6191cfa9-8857-4a6a-ac5e-4b4823b94a00
69ddf58c08dd4ddb8838df6e77ce0de3.fp.measure.office.com/ Name: X-OWA-RedirectHistory
Value: ArLym14BgEXmLZUp2gg
login.microsoftonline.com/ Name: x-ms-gateway-slice
Value: estsfd
login.microsoftonline.com/ Name: stsservicecookie
Value: estsfd
.login.microsoftonline.com/ Name: AADSSO
Value: NA|NoExtension
login.microsoftonline.com/ Name: SSOCOOKIEPULLED
Value: 1
login.microsoftonline.com/ Name: buid
Value: 0.AUsAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABAAEAAAD--DLA3VO7QrddgJg7Wevr3Qx3QutSYobvh2vPA6IXQjTzPCMPvxeU44FAMBPZSxn1Ifydouo1u5jAl2ttN94O-Yu3Z6VRbZD7nUeCm74MiPvZZqVAu3PSZrn_EVzONJYgAA
login.microsoftonline.com/ Name: fpc
Value: Agr0piCBHClHmTAAoXkEWP-erOTJAQAAAIBa_dkOAAAA
.login.microsoftonline.com/ Name: esctx
Value: AQABAAAAAAD--DLA3VO7QrddgJg7WevrlkbMFy25LnkJ5XyxhwawWmt9nRFR781ab69FQOlzJ0q3_bOK-kGiCKsttOR3pUyjPLBQL63QrN0o0lhSbDLmzynjAkKWUgw_aKlVyyzJ5cpWQDf8yBf5yrIgN9slH8wRR412mIkfascUr5wPDU3IQxCy3HstRT0kwNG4g6U3CJ8gAA
.login.live.com/ Name: uaid
Value: 5f85a3f83a3d4f8e9ab60f20e2bf3dfb
.login.live.com/ Name: MSPRequ
Value: id=N&lt=1651204994&co=1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

69ddf58c08dd4ddb8838df6e77ce0de3.fp.measure.office.com
login.live.com
login.microsoftonline.com
2603:1026:207:cd::2
40.126.31.73
40.126.32.76