Report - login-microsoft-online.pages.dev/

Report Overview

Submitted URL
login-microsoft-online.pages.dev/
IP
172.66.44.234
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-10 04:29:24
Access
public
Website Title
Sign in to your Microsoft account
Final URL
login-microsoft-online.pages.dev/
Tags
microsoft phishing
urlquery detections
Phishing - Microsoft

Detections

urlquery
8
Network Intrusion Detection
0
Threat Detection Systems
28

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-05-09	1.4 kB	68 kB	104.17.25.14
login-microsoft-online.pages.dev	unknown	2020-09-02	2024-03-20	2024-04-14	3.3 kB	1.3 MB	172.66.44.234
use.fontawesome.com	942	2012-10-18	2017-01-30	2024-05-09	998 B	72 kB	172.67.142.245
maxcdn.icons8.com	80847	2011-10-04	2015-06-22	2024-05-09	1.0 kB	75 kB	185.76.9.26

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-05-09	medium	login-microsoft-online.pages.dev/	Office365
2024-05-09	medium	login-microsoft-online.pages.dev/	Office365
2024-05-09	medium	login-microsoft-online.pages.dev/	Office365
2024-05-09	medium	login-microsoft-online.pages.dev/	Office365
2024-05-09	medium	login-microsoft-online.pages.dev/	Office365
2024-05-09	medium	login-microsoft-online.pages.dev/	Office365
2024-05-09	medium	login-microsoft-online.pages.dev/	Office365

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	login-microsoft-online.pages.dev	Sinkholed
2024-05-10	medium	login-microsoft-online.pages.dev	Sinkholed
2024-05-10	medium	login-microsoft-online.pages.dev	Sinkholed
2024-05-10	medium	login-microsoft-online.pages.dev	Sinkholed
2024-05-10	medium	login-microsoft-online.pages.dev	Sinkholed
2024-05-10	medium	login-microsoft-online.pages.dev	Sinkholed
2024-05-10	medium	login-microsoft-online.pages.dev	Sinkholed

ThreatFox

No alerts detected

JavaScript (5)

	URL	Size	First Seen	Last Seen
	login-microsoft-online.pages.dev/	12 kB	2024-05-10	2024-05-10
Pretty URL login-microsoft-online.pages.dev/ IP 172.66.44.234 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-10 06:25:18 Last Seen2024-05-10 06:29:24 Times Seen2 Hash e7afacbe845ffa3b521854331bdd0d00 c540e8aac0dc832301b730201e5c3ec0ed2dd3e5 5b7209a3a34126147a08cc9ab6678eb150572d8fac34d6f3b0376fabc120f281 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js	90 kB	2023-03-07	2024-05-20
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-05-20 18:45:25 Times Seen145849 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.0/js/bootstrap.bundle.min.js	81 kB	2023-03-07	2024-05-19
Pretty URL cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.0/js/bootstrap.bundle.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:22 Last Seen2024-05-19 21:14:38 Times Seen2402 Hash 7fd2f04e75bd7ab1a79d80cdd4c33085 e02a14457b25e6df2568b772feab4387c00a4934 5edf297381b409d711bc8d27676951a59e151e783412850332519c05243d1e24 Loading...

	login-microsoft-online.pages.dev/assets/js/script.min.js	5.6 kB	2024-05-10	2024-05-10
Pretty URL login-microsoft-online.pages.dev/assets/js/script.min.js IP 172.66.44.234 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 06:25:18 Last Seen2024-05-10 06:29:24 Times Seen3 Hash fe6ebbda66d0e13a307b7d4d80140d7f 4466f4e94062615bddaa54c9bc15712606614f8a 8ebb31f794aa7b9104d4f0b4dd9cceb84e3e942e0ac2bc6468462dd9280f89e5 Loading...

		Size	First Seen	Last Seen
	#1 Write - 9541e81105037d055646d8dc04f6ff2a	3.8 kB	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 06:25:18 Last Seen2024-05-10 06:29:24 Times Seen2 Hash 9541e81105037d055646d8dc04f6ff2a ffee94e77756a49a9b450adc7b7451c36046be64 f166f3e662510a57a9698fcbc88c716aaed0f9eea851fa5f01b01d23dd47060b Loading...

HTTP Transactions (14)

URL IP Response Size

cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.0/css/bootstrap.min.css

104.17.25.14

200 OK

18 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.0/css/bootstrap.min.css
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://login-microsoft-online.pages.dev/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65324)
Size
18 kB (17522 bytes)
Hash
3afe15e976734d9daac26310110c4594
4f14a09a606c99a11f8fda15564ef66f70402826
680af6669abc319f9803f0fa26d443df1b6bc29133d88a8e4bea560ffed7288c

HTTP Headers

GET /ajax/libs/twitter-bootstrap/4.5.0/css/bootstrap.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login-microsoft-online.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 04:28:56 GMT
content-type: text/css; charset=utf-8
content-length: 17522
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5ebae359-27293"
last-modified: Tue, 12 May 2020 17:56:41 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 125906
expires: Wed, 30 Apr 2025 04:28:56 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zQdU8z51AT%2FEhNTHXrJDiYEdg%2ByAG34TMuv3jdaT43g4KC8DqLhKEO66rDrSMp2yZfj2PwotVeHmLlE7a9ddPAE1O1m655rWed%2B7zZyrqi0GuYWpRllA6lHgBOsUB1SXLTeR1U6u"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 88172f727aae56b4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

104.17.25.14

200 OK

28 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://login-microsoft-online.pages.dev/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
28 kB (27958 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login-microsoft-online.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 04:28:56 GMT
content-type: application/javascript; charset=utf-8
content-length: 27958
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb09ed3-15d84"
last-modified: Mon, 04 May 2020 23:01:39 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 182457
expires: Wed, 30 Apr 2025 04:28:56 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FoRE97A3doaRneMyO5HI4kwQJ%2FO0OWVxPviyiRb39Us9XPLXjXHCk%2FiWguwER7sbsa4OWWUowjRIrWwd96J6cB6LH59YMeVMxH6Peh1Pd%2BTSH4Jzwk7F3tF6Tqjj6Di1sbDzJWo1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 88172f728abc56b4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.0/js/bootstrap.bundle.min.js

104.17.25.14

200 OK

19 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.0/js/bootstrap.bundle.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://login-microsoft-online.pages.dev/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65297)
Size
19 kB (19084 bytes)
Hash
7fd2f04e75bd7ab1a79d80cdd4c33085
e02a14457b25e6df2568b772feab4387c00a4934
5edf297381b409d711bc8d27676951a59e151e783412850332519c05243d1e24

HTTP Headers

GET /ajax/libs/twitter-bootstrap/4.5.0/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login-microsoft-online.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 04:28:56 GMT
content-type: application/javascript; charset=utf-8
content-length: 19084
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5ebae359-13cbc"
last-modified: Tue, 12 May 2020 17:56:41 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 14641
expires: Wed, 30 Apr 2025 04:28:56 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r2DXA5b43BCLqIMGgAtXwy3rRCRySUog4EguKM6PnQNsu%2FNsUVQljFpgbeMbkIYl9CQmL1IgNYQGOha7RvoMCEzPP163x1cmr1jEymzNHZM3bX5rPrkAOoRee2Nptx86LstYmww0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 88172f728ab756b4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

172.66.44.234

200 OK

1.3 MB

URL GET HTTP/3
login-microsoft-online.pages.dev/assets/img/background.png
IP
172.66.44.234:443
ASN
#13335 CLOUDFLARENET

Requested by
https://login-microsoft-online.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectlogin-microsoft-online.pages.dev
FingerprintD0:6A:66:EE:99:D0:33:DA:3D:D7:F8:3C:ED:97:56:33:A0:81:5D:D6
ValidityWed, 20 Mar 2024 13:41:13 GMT - Tue, 18 Jun 2024 13:41:12 GMT

File type
PNG image data, 3840 x 2158, 8-bit/color RGBA, non-interlaced
Size
1.3 MB (1294919 bytes)
Hash
e812c68fa007098ded6dd384b2c22fd7
c25647def1a2bc089043a1d4eba8b524f9d7edfb
24c68a968e99d841f446d6953d3eb15109b286de77fbbaf60a0577375d0d9a16

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
OpenPhish	phishing	Office365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/img/background.png HTTP/1.1
Host: login-microsoft-online.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login-microsoft-online.pages.dev/assets/css/styles.min.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 04:28:56 GMT
content-type: image/png
content-length: 1294919
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "865850cb4df89b8b6d4ccdb6b3bb58d9"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oBcG3kHOUOZ%2BClAxLw92qMKb0r3PjUfBkUF%2FwDKDw%2FgySPAQ%2F5WR6J1YpOyMYSHOfUnKnzO5cEERgpKrzjbgtzj9OfCn0dni%2BrDs4h41u0z7f5p3uI%2FEv%2F1Av5zC%2FLl5l4VqCBaoC%2FwE%2FRJjaMthHhaToA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88172f7429b00b45-OSL
alt-svc: h3=":443"; ma=86400

use.fontawesome.com/releases/v5.12.0/webfonts/fa-regular-400.woff2

172.67.142.245

200 OK

14 kB

URL GET HTTP/2
use.fontawesome.com/releases/v5.12.0/webfonts/fa-regular-400.woff2
IP
172.67.142.245:443
ASN
#13335 CLOUDFLARENET

Requested by
https://login-microsoft-online.pages.dev/
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 13576, version 330.-16253
Size
14 kB (13576 bytes)
Hash
9efb86976bd53e159166c12365f61e25
830f8653e5f4a5331ac0b47c5701f65fe9f1bb32
86e496b536b26ba60cdb68df9dd9143b19a63b65e30e373b0321833aab1295d6

HTTP Headers

GET /releases/v5.12.0/webfonts/fa-regular-400.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://login-microsoft-online.pages.dev
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 04:28:56 GMT
content-type: font/woff2
content-length: 13576
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "9efb86976bd53e159166c12365f61e25"
last-modified: Fri, 22 Sep 2023 01:45:05 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 15465
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gx%2FgSxEze1e5NRfGGXpxG3hhdKphI9sYsIE9O%2F5q5Npo%2F2E77Dm3PZ7hoiqeo8ZadVJPNk%2Fs6cU1rTTA3ga%2B0fVouUoWSGGQq%2FOlf8yOWzjplvxX80tuKGrcI8xyBMoJHfM4KvHR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88172f74cf5fb51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

maxcdn.icons8.com/fonts/line-awesome/1.1/fonts/line-awesome.woff2?v=1.1.

185.76.9.26

200 OK

45 kB

URL GET HTTP/2
maxcdn.icons8.com/fonts/line-awesome/1.1/fonts/line-awesome.woff2?v=1.1.
IP
185.76.9.26:443
ASN
#60068 Datacamp Limited

Requested by
https://login-microsoft-online.pages.dev/
Certificate
IssuerLet's Encrypt
Subject1220595937.rsc.cdn77.org
Fingerprint2E:82:38:27:C2:FE:73:2D:3E:E1:E4:EE:34:1B:18:C3:25:F7:EA:F3
ValidityWed, 06 Mar 2024 18:32:30 GMT - Tue, 04 Jun 2024 18:32:29 GMT

File type
Web Open Font Format (Version 2), TrueType, length 45108, version 1.0
Size
45 kB (45108 bytes)
Hash
452a5b42cb4819f09d35bcf6cbdb24c1
4344bf7fdb2b5e538fb4859df945fc1a21d2a83c
063a952901506e6cbcc2abdd1995ea387e4ae9138993f5517834a75faee165d0

HTTP Headers

GET /fonts/line-awesome/1.1/fonts/line-awesome.woff2?v=1.1. HTTP/1.1
Host: maxcdn.icons8.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://login-microsoft-online.pages.dev
DNT: 1
Connection: keep-alive
Referer: https://maxcdn.icons8.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 04:28:56 GMT
content-type: font/woff2
content-length: 45108
x-amz-id-2: tne9Dfpc7MOkp8LF1CoMnvV0g0cpwlcYcyTQi8tna76YPj07D2B9vlM3s8Qee8hyi3MflRswV1c=
x-amz-request-id: GH1VX01H3Z92CJZS
last-modified: Mon, 06 Jun 2022 09:58:53 GMT
etag: "452a5b42cb4819f09d35bcf6cbdb24c1"
x-amz-meta-mtime: 1654507811.164297687
server: CDN77-Turbo
access-control-allow-origin: *
x-77-nzt: EQwBuUwJFAH39xsCAA
x-77-nzt-ray: af5856307601066288a23d669fd4d82a
x-accel-expires: @1716213805
x-accel-date: 1715177105
x-cache: HIT
x-age: 138231
x-77-pop: stockholmSE
x-77-cache: HIT
x-77-age: 138231
accept-ranges: bytes
X-Firefox-Spdy: h2

172.66.44.234

200 OK

979 B

URL GET HTTP/3
login-microsoft-online.pages.dev/assets/img/favicon%20180.svg
IP
172.66.44.234:443
ASN
#13335 CLOUDFLARENET

Requested by
https://login-microsoft-online.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectlogin-microsoft-online.pages.dev
FingerprintD0:6A:66:EE:99:D0:33:DA:3D:D7:F8:3C:ED:97:56:33:A0:81:5D:D6
ValidityWed, 20 Mar 2024 13:41:13 GMT - Tue, 18 Jun 2024 13:41:12 GMT

File type
SVG Scalable Vector Graphics image
Size
979 B (979 bytes)
Hash
168b13b3cf2c41516f89fe8e5015b131
92dc37e85763f289a01d49ac89d058ee1ab1c830
39994499e7fa659d03833b300c4e967a82846a6c71b33dc30907c15a15649005

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
OpenPhish	phishing	Office365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/img/favicon%20180.svg HTTP/1.1
Host: login-microsoft-online.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login-microsoft-online.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 04:28:56 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"691a86d9d6489d648998fb5cc67a73e6"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6J%2F6nC7MNhg%2BM4GByVkQtPZrp4hOdFh%2BcRp8KJCv6AVSahrwffjSTwirN9RPjGrzQJkjcXHG9RU4qZLV0yQpLPqfnJIa8fDF%2F%2BcOhsLQq41YZLOYUTsDSaHYCIJHbmEMz3ciuvgkfkJ8HKtNOo5t%2FWlRbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88172f76aa1b0b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

use.fontawesome.com/releases/v5.12.0/css/all.css

172.67.142.245

200 OK

57 kB

URL GET HTTP/2
use.fontawesome.com/releases/v5.12.0/css/all.css
IP
172.67.142.245:443
ASN
#13335 CLOUDFLARENET

Requested by
https://login-microsoft-online.pages.dev/
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
ASCII text, with very long lines (56994)
Size
57 kB (57180 bytes)
Hash
500d1a92f875b1d96d37a3a3f8f0438c
703603273f5d5d52eb456d6385e1a68294fbd568
c9b46437d7418e1712daaad6d73fa17c2c6afb5681770c90339c25428415b7fd

HTTP Headers

GET /releases/v5.12.0/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login-microsoft-online.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 04:28:56 GMT
content-type: text/css
cache-control: max-age=31556926
etag: W/"500d1a92f875b1d96d37a3a3f8f0438c"
last-modified: Fri, 22 Sep 2023 01:45:03 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 812988
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PgYVLzYU2%2FkNwGvF2wK%2F7SjELw5QsIzmF8Osx52DSyawdiXjrsYoE0WoeARqMbYSSO64SrTWSg0oXXJPRd7b%2F8h%2FjiPi73gbSVDcLU8rji8%2FNqh6Wx0%2FR5sFHHzmk7VWkBAnnasy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88172f737bb2b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

maxcdn.icons8.com/fonts/line-awesome/1.1/css/line-awesome.min.css

185.76.9.26

200 OK

28 kB

URL GET HTTP/2
maxcdn.icons8.com/fonts/line-awesome/1.1/css/line-awesome.min.css
IP
185.76.9.26:443
ASN
#60068 Datacamp Limited

Requested by
https://login-microsoft-online.pages.dev/
Certificate
IssuerLet's Encrypt
Subject1220595937.rsc.cdn77.org
Fingerprint2E:82:38:27:C2:FE:73:2D:3E:E1:E4:EE:34:1B:18:C3:25:F7:EA:F3
ValidityWed, 06 Mar 2024 18:32:30 GMT - Tue, 04 Jun 2024 18:32:29 GMT

File type
ASCII text, with very long lines (27557)
Size
28 kB (28101 bytes)
Hash
4334c8c70998d81bde3e6765828811a6
de27d3920885be830eba8b77ff1c3b320afc5b98
1e8638f605575bd335d49efa95e165adf7ef06dda8e367661ac2517a0a3a96b4

HTTP Headers

GET /fonts/line-awesome/1.1/css/line-awesome.min.css HTTP/1.1
Host: maxcdn.icons8.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login-microsoft-online.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 04:28:56 GMT
content-type: text/css; charset=utf-8
x-amz-id-2: n12pniSGO2oXIlyBlS5WX0szppUwvLonX5N5nOd7pjMz6gaSIEj8mO8Gl22GGhcaV8XfatKzymo=
x-amz-request-id: 22E18N767CJ1P6MA
last-modified: Mon, 06 Jun 2022 09:58:54 GMT
etag: W/"4334c8c70998d81bde3e6765828811a6"
x-amz-meta-mtime: 1654507817.389231056
server: CDN77-Turbo
access-control-allow-origin: *
x-77-nzt: EQwBuUwJFAH3gIYKAA
x-77-nzt-ray: af585630a0198d5e88a23d664f48260c
x-accel-expires: @1715650508
x-accel-date: 1714625544
x-cache: HIT
x-age: 689792
x-77-pop: stockholmSE
x-77-cache: HIT
x-77-age: 689792
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

172.66.44.234

200 OK

3.0 kB

URL GET HTTP/3
login-microsoft-online.pages.dev/assets/css/styles.min.css
IP
172.66.44.234:443
ASN
#13335 CLOUDFLARENET

Requested by
https://login-microsoft-online.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectlogin-microsoft-online.pages.dev
FingerprintD0:6A:66:EE:99:D0:33:DA:3D:D7:F8:3C:ED:97:56:33:A0:81:5D:D6
ValidityWed, 20 Mar 2024 13:41:13 GMT - Tue, 18 Jun 2024 13:41:12 GMT

File type
ASCII text, with very long lines (3216), with no line terminators
Size
3.0 kB (3027 bytes)
Hash
e13c25b73fb079cdab22b66868172686
6eb69ede7344a996164d917129812856605c2ca8
1b4da430ebe4e72bea435a53cd442d4918a411ba15fcd25cc5fe401a5e11a5ed

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
OpenPhish	phishing	Office365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/styles.min.css HTTP/1.1
Host: login-microsoft-online.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login-microsoft-online.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 04:28:56 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"46ed1b806347a3f48cbfd07447398857"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zRBYSyDjc6RZo2vhqQPOmAdY2gEUT1Ad4M9C9c4Hd9fQ7Ht%2Fwu5mzyv%2FkxN9zCQZasvD8xHRFtck656JPF1OaIa4651S0PYV%2FbfJ18Zuj%2FSZBIDYz%2FppgoXvY7MgCdEnStni%2BlPYF163zpoE04zdA3oxqg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88172f7249530b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

172.66.44.234

200 OK

12 kB

URL User Request GET HTTP/2
login-microsoft-online.pages.dev/
IP
172.66.44.234:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectlogin-microsoft-online.pages.dev
FingerprintD0:6A:66:EE:99:D0:33:DA:3D:D7:F8:3C:ED:97:56:33:A0:81:5D:D6
ValidityWed, 20 Mar 2024 13:41:13 GMT - Tue, 18 Jun 2024 13:41:12 GMT

File type
HTML document, ASCII text, with very long lines (11545)
Size
12 kB (11546 bytes)
Hash
746ade550b2f9d88367478d51fc540ae
e0c539a74cd5ca13e97f3f8d73089409d650993a
3cc99121e7e4a87ae838b37c6a9d245ae40ee5200116346088f6ba7576266fed

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
OpenPhish	phishing	Office365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: login-microsoft-online.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 04:28:55 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"6810751028146dabfeb1de5dae6a227c"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i4FEidJJS5of4mY7HgZTCbDg0TUhsY8zlU0S0HvjItavC6GJSpb3WV8wbZvrpNDdfUWvrq%2BWjAyrt0gWTTzShkVXdQaQL5LS49K83bNWyZr8bWSdsdl6ghkTTZqVMsnlLAZjzEn7A6yTf4G5as3vuUzMYg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88172f706f691bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

172.66.44.234

200 OK

3.7 kB

URL GET HTTP/3
login-microsoft-online.pages.dev/assets/img/microsoft_logo.svg
IP
172.66.44.234:443
ASN
#13335 CLOUDFLARENET

Requested by
https://login-microsoft-online.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectlogin-microsoft-online.pages.dev
FingerprintD0:6A:66:EE:99:D0:33:DA:3D:D7:F8:3C:ED:97:56:33:A0:81:5D:D6
ValidityWed, 20 Mar 2024 13:41:13 GMT - Tue, 18 Jun 2024 13:41:12 GMT

File type
SVG Scalable Vector Graphics image
Size
3.7 kB (3651 bytes)
Hash
d633a913e6f3b1f45774b9874dfc85e0
5ba1344048578062c93cfddfdf8458477eaca476
c1fbfbd9a81fc4d9c9539a65bdfb4c6738926b8d4681b0346706196413e92714

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
OpenPhish	phishing	Office365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/img/microsoft_logo.svg HTTP/1.1
Host: login-microsoft-online.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login-microsoft-online.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 04:28:56 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"b4d7a556445aa167d4959571a81c93db"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aJ7LVR3DNR7Q1Mdm7P3hNUzJqiCbmoOuRqswtvEZ0psbmLJtGNnmo%2BbYMdBkgRsB4lcg0v1M26uwCQPLMxmQwUIOr7ZoIxtV3GcVmcP4IfrkMEmi46TMwRhmd19SoM05X4wiyOORDxnJcfUQbFCNGQY5vQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88172f7259560b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

172.66.44.234

200 OK

5.6 kB

URL GET HTTP/3
login-microsoft-online.pages.dev/assets/js/script.min.js
IP
172.66.44.234:443
ASN
#13335 CLOUDFLARENET

Requested by
https://login-microsoft-online.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectlogin-microsoft-online.pages.dev
FingerprintD0:6A:66:EE:99:D0:33:DA:3D:D7:F8:3C:ED:97:56:33:A0:81:5D:D6
ValidityWed, 20 Mar 2024 13:41:13 GMT - Tue, 18 Jun 2024 13:41:12 GMT

File type
JavaScript source, ASCII text, with very long lines (5674), with no line terminators
Size
5.6 kB (5628 bytes)
Hash
4f1d000066c90cce9c67e45d89563a4c
53673819bf55c61626165949bf2213c4bd2c4e6a
d84fe6c079ea8bdb3fceb0f9724a80953384f969dbb212671c4c7363109d7032

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
OpenPhish	phishing	Office365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/js/script.min.js HTTP/1.1
Host: login-microsoft-online.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login-microsoft-online.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 04:28:56 GMT
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"c964eaeb14f86336f4e22828db007cb5"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eUj5sA46zXVn%2BaKQgxv2OF5rdTZA9QoN1pbYQvSshul0cNWnIdeb3DgQ32SsLMejauYQMFoSqnrnaEW450D%2FP%2Bx8Cwkhjbau6f2FlDxpB0rQEDxBg%2BvFhqAMCw1ByHNmIIg%2F6hmhfIzBx1BHAqP%2BEAs%2Biw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88172f7259580b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

172.66.44.234

200 OK

979 B

URL GET HTTP/3
login-microsoft-online.pages.dev/assets/img/favicon%20180.svg
IP
172.66.44.234:443
ASN
#13335 CLOUDFLARENET

Requested by
https://login-microsoft-online.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectlogin-microsoft-online.pages.dev
FingerprintD0:6A:66:EE:99:D0:33:DA:3D:D7:F8:3C:ED:97:56:33:A0:81:5D:D6
ValidityWed, 20 Mar 2024 13:41:13 GMT - Tue, 18 Jun 2024 13:41:12 GMT

File type
SVG Scalable Vector Graphics image
Size
979 B (979 bytes)
Hash
168b13b3cf2c41516f89fe8e5015b131
92dc37e85763f289a01d49ac89d058ee1ab1c830
39994499e7fa659d03833b300c4e967a82846a6c71b33dc30907c15a15649005

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
OpenPhish	phishing	Office365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/img/favicon%20180.svg HTTP/1.1
Host: login-microsoft-online.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login-microsoft-online.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 04:28:56 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"691a86d9d6489d648998fb5cc67a73e6"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=usPvunHhPG%2FyiYVztjKIfcNVQ%2FHcmmYkQ5NpdLy81hfOX5aRWNEdECyWpMBTTl%2ByD2NZoB5nvl4zfoLYFNwKUFpSRJH%2FlevRvzGdlnE9djscWasXzE03ecsvOPDVQ0De4Qi%2BcEcT1Z1SP5svorHBOs7dIA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88172f76ba1d0b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (14)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate