Report - 52.98.152.194/https:/login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=9199bf20-a13f-4107-85dc-02114787ef48&scope=outlook.office.com/.default%20openid%20profile%20offline_access&redirect_uri=https://outlook.office365.com/mail/&client-request-id=cb18e059-fd19-3713-d4ee-1098cbaba763&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=4.4.0&client_info=1&code_challenge=eVn6nc-8vTNZs-RznbWnbessRfUxw7WFPF4zW7CCoVg&code_challenge_method=S256&prompt=select_account&nonce=0196cdae-6757-7453-80d1-7f831c50e7e3&state=eyJpZCI6IjAxOTZjZGFlLTY3NTYtNzQ3Zi1hM2IwLTBjNjY4Nzc1M2QzNiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0=&claims={"access_token":{"xms

Report Overview

Visitedpublic

2025-05-14 07:26:22

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
52.98.152.194	unknown	unknown	2021-04-02	2023-11-10	7.1 kB	24 kB	52.98.152.194

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-05-14	medium	52.98.152.194	Sinkholed
2025-05-14	medium	52.98.152.194	Sinkholed
2025-05-14	medium	52.98.152.194	Sinkholed
2025-05-14	medium	52.98.152.194	Sinkholed
2025-05-14	medium	52.98.152.194	Sinkholed
2025-05-14	medium	52.98.152.194	Sinkholed

ThreatFox

No alerts detected

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	about:certerror?e=nssBadCert&u=https%3A//52.98.152.194/https%3A/login.microsoftonline.com/common/oauth2/v2.0/authorize%3Fclient_id%3D9199bf20-a13f-4107-85dc-02114787ef48%26scope%3Doutlook.office.com/.default%2520openid%2520profile%2520offline_access%26redirect_uri%3Dhttp%3A//outlook.office365.com/mail/%26client-request-id%3Dcb18e059-fd19-3713-d4ee-1098cbaba763%26response_mode%3Dfragment%26response_type%3Dcode%26x-client-SKU%3Dmsal.js.browser%26x-client-VER%3D4.4.0%26client_info%3D1%26code_challenge%3DeVn6nc-8vTNZs-RznbWnbessRfUxw7WFPF4zW7CCoVg%26code_challenge_method%3DS256%26prompt%3Dselect_account%26nonce%3D0196cdae-6757-7453-80d1-7f831c50e7e3%26state%3DeyJpZCI6IjAxOTZjZGFlLTY3NTYtNzQ3Zi1hM2IwLTBjNjY4Nzc1M2QzNiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D%26claims%3D%257B%2522access_token%2522%3A%257B%2522xms_cc%2522%3A%257B%2522values%2522%3A%255B%2522CP1%2522%255D%257D%257D%257D&c=UTF-8&d=%20	ScriptElement	111 B	2025-03-02	2025-08-02
URL about:certerror?e=nssBadCert&u=https%3A//52.98.152.194/https%3A/login.microsoftonline.com/common/oauth2/v2.0/authorize%3Fclient_id%3D9199bf20-a13f-4107-85dc-02114787ef48%26scope%3Doutlook.office.com/.default%2520openid%2520profile%2520offline_access%26redirect_uri%3Dhttp%3A//outlook.office365.com/mail/%26client-request-id%3Dcb18e059-fd19-3713-d4ee-1098cbaba763%26response_mode%3Dfragment%26response_type%3Dcode%26x-client-SKU%3Dmsal.js.browser%26x-client-VER%3D4.4.0%26client_info%3D1%26code_challenge%3DeVn6nc-8vTNZs-RznbWnbessRfUxw7WFPF4zW7CCoVg%26code_challenge_method%3DS256%26prompt%3Dselect_account%26nonce%3D0196cdae-6757-7453-80d1-7f831c50e7e3%26state%3DeyJpZCI6IjAxOTZjZGFlLTY3NTYtNzQ3Zi1hM2IwLTBjNjY4Nzc1M2QzNiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D%26claims%3D%257B%2522access_token%2522%3A%257B%2522xms_cc%2522%3A%257B%2522values%2522%3A%255B%2522CP1%2522%255D%257D%257D%257D&c=UTF-8&d=%20 IP / ASN 0.0.0.0 #0 Introduced by ScriptElement Embedded true Resource Info First Seen 2025-03-02 Last Seen 2025-08-02 Times Seen 44734 Size 111 B (111 bytes) MD5 1fc778fb81973516c7df9ee7caca05e6 SHA1 7953945d192422cc2b1d8610d1b0fa1469bb5b7f SHA256 a09c624476cbe1462a188d07d0ce0a20e258a5e9b7890f44b3c8b68a0a3b26eb Format Code Loading...

HTTP Transactions (6)

URL IP Response Size

GET 52.98.152.194/https:/login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=9199bf20-a13f-4107-85dc-02114787ef48&scope=outlook.office.com/.default%20openid%20profile%20offline_access&redirect_uri=http://outlook.office365.com/mail/&client-request-id=cb18e059-fd19-3713-d4ee-1098cbaba763&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=4.4.0&client_info=1&code_challenge=eVn6nc-8vTNZs-RznbWnbessRfUxw7WFPF4zW7CCoVg&code_challenge_method=S256&prompt=select_account&nonce=0196cdae-6757-7453-80d1-7f831c50e7e3&state=eyJpZCI6IjAxOTZjZGFlLTY3NTYtNzQ3Zi1hM2IwLTBjNjY4Nzc1M2QzNiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0=&claims=%7B%22access_token%22:%7B%22xms_cc%22:%7B%22values%22:%5B%22CP1%22%5D%7D%7D%7D

52.98.152.194

400 Bad Request

3.5 kB

URL

52.98.152.194/https:/login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=9199bf20-a13f-4107-85dc-02114787ef48&scope=outlook.office.com/.default%20openid%20profile%20offline_access&redirect_uri=http://outlook.office365.com/mail/&client-request-id=cb18e059-fd19-3713-d4ee-1098cbaba763&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=4.4.0&client_info=1&code_challenge=eVn6nc-8vTNZs-RznbWnbessRfUxw7WFPF4zW7CCoVg&code_challenge_method=S256&prompt=select_account&nonce=0196cdae-6757-7453-80d1-7f831c50e7e3&state=eyJpZCI6IjAxOTZjZGFlLTY3NTYtNzQ3Zi1hM2IwLTBjNjY4Nzc1M2QzNiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0=&claims=%7B%22access_token%22:%7B%22xms_cc%22:%7B%22values%22:%5B%22CP1%22%5D%7D%7D%7D

IP / ASN

52.98.152.194

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (379), with CRLF line terminators

First Seen2023-05-14

Last Seen2025-07-25

Times Seen193

Size3.5 kB (3490 bytes)

MD5504ae2e068b4f2f58f27804a5db9b9ba

SHA115b9c0c456b6a113d34bb53c0df25423f6db277c

SHA256f69ec9c7d598b2859ac983ef6adb3a865e7037b097cbc06d8f32582679309483

Certificate Info

IssuerDigiCert Inc

Subjectoutlook.com

FingerprintA6:F7:EC:FB:2B:F6:31:B3:A8:4F:EB:B0:9F:FD:BB:4E:3B:0F:42:11

ValiditySat, 29 Mar 2025 00:00:00 GMT - Sat, 28 Mar 2026 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /https:/login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=9199bf20-a13f-4107-85dc-02114787ef48&scope=outlook.office.com/.default%20openid%20profile%20offline_access&redirect_uri=http://outlook.office365.com/mail/&client-request-id=cb18e059-fd19-3713-d4ee-1098cbaba763&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=4.4.0&client_info=1&code_challenge=eVn6nc-8vTNZs-RznbWnbessRfUxw7WFPF4zW7CCoVg&code_challenge_method=S256&prompt=select_account&nonce=0196cdae-6757-7453-80d1-7f831c50e7e3&state=eyJpZCI6IjAxOTZjZGFlLTY3NTYtNzQ3Zi1hM2IwLTBjNjY4Nzc1M2QzNiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0=&claims=%7B%22access_token%22:%7B%22xms_cc%22:%7B%22values%22:%5B%22CP1%22%5D%7D%7D%7D HTTP/1.1
Host: 52.98.152.194
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 400 Bad Request
cache-control: private
content-length: 3490
content-type: text/html; charset=utf-8
request-id: 290554e8-4ae2-ec3d-b53d-15a8a4df19a6
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-preferredroutingkeydiagnostics: 0
x-calculatedfetarget: FR2P281CU005.internal.outlook.com
x-calculatedbetarget: FR6P281MB4286.DEUP281.PROD.OUTLOOK.COM
x-backendhttpstatus: 400, 400
x-aspnet-version: 4.0.30319
x-rum-validated: 1
x-rum-notupdatequeriedpath: 1
x-rum-notupdatequerieddbcopy: 1
x-proxy-routingcorrectness: 1
x-proxy-backendserverstatus: 400
x-feefzinfo: HHN
ms-cv: 6FQFKeJKPey1PRWopN8Zpg.1.1
alt-svc: ":443";ma=2592000,h3-29=":443";ma=2592000
x-firsthopcafeefz: HHN
x-feproxyinfo: FR0P281CA0017.DEUP281.PROD.OUTLOOK.COM
x-powered-by: ASP.NET
x-feserver: FR2P281CA0080, FR0P281CA0017
date: Wed, 14 May 2025 07:25:51 GMT
X-Firefox-Spdy: h2

GET 52.98.152.194/favicon.ico

52.98.152.194

302 Found

7.9 kB

URL

52.98.152.194/favicon.ico

IP / ASN

52.98.152.194

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byhttps://52.98.152.194/https:/login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=9199bf20-a13f-4107-85dc-02114787ef48&scope=outlook.office.com/.default%20openid%20profile%20offline_access&redirect_uri=http://outlook.office365.com/mail/&client-request-id=cb18e059-fd19-3713-d4ee-1098cbaba763&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=4.4.0&client_info=1&code_challenge=eVn6nc-8vTNZs-RznbWnbessRfUxw7WFPF4zW7CCoVg&code_challenge_method=S256&prompt=select_account&nonce=0196cdae-6757-7453-80d1-7f831c50e7e3&state=eyJpZCI6IjAxOTZjZGFlLTY3NTYtNzQ3Zi1hM2IwLTBjNjY4Nzc1M2QzNiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0=&claims=%7B%22access_token%22:%7B%22xms_cc%22:%7B%22values%22:%5B%22CP1%22%5D%7D%7D%7D

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5608805

Size7.9 kB (7886 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerDigiCert Inc

Subjectoutlook.com

FingerprintA6:F7:EC:FB:2B:F6:31:B3:A8:4F:EB:B0:9F:FD:BB:4E:3B:0F:42:11

ValiditySat, 29 Mar 2025 00:00:00 GMT - Sat, 28 Mar 2026 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 52.98.152.194
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://52.98.152.194/https:/login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=9199bf20-a13f-4107-85dc-02114787ef48&scope=outlook.office.com/.default%20openid%20profile%20offline_access&redirect_uri=http://outlook.office365.com/mail/&client-request-id=cb18e059-fd19-3713-d4ee-1098cbaba763&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=4.4.0&client_info=1&code_challenge=eVn6nc-8vTNZs-RznbWnbessRfUxw7WFPF4zW7CCoVg&code_challenge_method=S256&prompt=select_account&nonce=0196cdae-6757-7453-80d1-7f831c50e7e3&state=eyJpZCI6IjAxOTZjZGFlLTY3NTYtNzQ3Zi1hM2IwLTBjNjY4Nzc1M2QzNiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0=&claims=%7B%22access_token%22:%7B%22xms_cc%22:%7B%22values%22:%5B%22CP1%22%5D%7D%7D%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: text/html; charset=utf-8
location: /owa/favicon.ico
server: Microsoft-IIS/10.0
request-id: 6b0d219c-1a7e-ef84-7208-159249418b14
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: ":443";ma=2592000,h3-29=":443";ma=2592000
x-feproxyinfo: FR0P281CA0017.DEUP281.PROD.OUTLOOK.COM
x-feefzinfo: HHN
ms-cv: nCENa34ahO9yCBWSSUGLFA.0
x-powered-by: ASP.NET
x-feserver: FR0P281CA0017
date: Wed, 14 May 2025 07:25:51 GMT
content-length: 133
X-Firefox-Spdy: h2

GET 52.98.152.194/owa/favicon.ico

52.98.152.194

200 OK

7.9 kB

URL

52.98.152.194/owa/favicon.ico

IP / ASN

52.98.152.194

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Resource Info

File typeMS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel

First Seen2023-04-05

Last Seen2025-08-01

Times Seen2186

Size7.9 kB (7886 bytes)

MD5ac16fa7fc862073b02acd1187fc6def4

SHA1f2b9a6255f6293000f30eee272abdd372a14e9d3

SHA256e35d94b76894d6eca96ff5b1a12d94dfe73485ef3c52cb5b4395be8ffac1cb45

Certificate Info

IssuerDigiCert Inc

Subjectoutlook.com

FingerprintA6:F7:EC:FB:2B:F6:31:B3:A8:4F:EB:B0:9F:FD:BB:4E:3B:0F:42:11

ValiditySat, 29 Mar 2025 00:00:00 GMT - Sat, 28 Mar 2026 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /owa/favicon.ico HTTP/1.1
Host: 52.98.152.194
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://52.98.152.194/https:/login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=9199bf20-a13f-4107-85dc-02114787ef48&scope=outlook.office.com/.default%20openid%20profile%20offline_access&redirect_uri=http://outlook.office365.com/mail/&client-request-id=cb18e059-fd19-3713-d4ee-1098cbaba763&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=4.4.0&client_info=1&code_challenge=eVn6nc-8vTNZs-RznbWnbessRfUxw7WFPF4zW7CCoVg&code_challenge_method=S256&prompt=select_account&nonce=0196cdae-6757-7453-80d1-7f831c50e7e3&state=eyJpZCI6IjAxOTZjZGFlLTY3NTYtNzQ3Zi1hM2IwLTBjNjY4Nzc1M2QzNiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0=&claims=%7B%22access_token%22:%7B%22xms_cc%22:%7B%22values%22:%5B%22CP1%22%5D%7D%7D%7D
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: public,max-age=2592000
content-length: 7886
content-type: image/x-icon
last-modified: Mon, 12 May 2025 09:08:50 GMT
accept-ranges: bytes
etag: "0bda6791dc3db1:0"
request-id: 7c164de1-fbf4-936c-54fb-91b8b77c3e61
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-calculatedfetarget: BE1P281CU027.internal.outlook.com
set-cookie: ClientId=7655879DAA084D60A6BA8D2BFACB1B87; expires=Thu, 14-May-2026 07:25:52 GMT; path=/;SameSite=None; secure
ClientId=7655879DAA084D60A6BA8D2BFACB1B87; expires=Thu, 14-May-2026 07:25:52 GMT; path=/;SameSite=None; secure
OIDC=1; expires=Fri, 14-Nov-2025 07:25:52 GMT; path=/;SameSite=None; secure; HttpOnly
x-calculatedbetarget: BE2P281MB4654.DEUP281.PROD.OUTLOOK.COM
x-backendhttpstatus: 200, 200
x-rum-validated: 1
x-rum-notupdatequeriedpath: 1
x-rum-notupdatequerieddbcopy: 1
x-content-type-options: nosniff
x-backend-begin: 2025-05-14T07:25:52.230
x-backend-end: 2025-05-14T07:25:52.230
x-ua-compatible: IE=EmulateIE7
x-responseorigin: OwaAppPool
x-proxy-routingcorrectness: 1
x-proxy-backendserverstatus: 200
x-feefzinfo: HHN
report-to: {"group":"NelOfficeUpload1","max_age":7200,"endpoints":[{"url":"https://exo.nel.measure.office.net/api/report?TenantId=&FrontEnd=Cafe&DestinationEndpoint=HHN&RemoteIP=91.90.42.0&Environment=MT"}],"include_subdomains":true}
nel: {"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
alt-svc: ":443";ma=2592000,h3-29=":443";ma=2592000
x-firsthopcafeefz: HHN
x-feproxyinfo: FR0P281CA0017.DEUP281.PROD.OUTLOOK.COM
x-feserver: BE1P281CA0368, FR0P281CA0017
date: Wed, 14 May 2025 07:25:51 GMT
X-Firefox-Spdy: h2

GET 52.98.152.194/https:/login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=9199bf20-a13f-4107-85dc-02114787ef48&scope=outlook.office.com/.default%20openid%20profile%20offline_access&redirect_uri=https://outlook.office365.com/mail/&client-request-id=cb18e059-fd19-3713-d4ee-1098cbaba763&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=4.4.0&client_info=1&code_challenge=eVn6nc-8vTNZs-RznbWnbessRfUxw7WFPF4zW7CCoVg&code_challenge_method=S256&prompt=select_account&nonce=0196cdae-6757-7453-80d1-7f831c50e7e3&state=eyJpZCI6IjAxOTZjZGFlLTY3NTYtNzQ3Zi1hM2IwLTBjNjY4Nzc1M2QzNiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0=&claims={%22access_token%22:{%22xms_cc%22:{%22values%22:[%22CP1%22]}}}

0.0.0.0

0 B

URL

IP / ASN

0.0.0.0

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5608805

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /https:/login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=9199bf20-a13f-4107-85dc-02114787ef48&scope=outlook.office.com/.default%20openid%20profile%20offline_access&redirect_uri=https://outlook.office365.com/mail/&client-request-id=cb18e059-fd19-3713-d4ee-1098cbaba763&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=4.4.0&client_info=1&code_challenge=eVn6nc-8vTNZs-RznbWnbessRfUxw7WFPF4zW7CCoVg&code_challenge_method=S256&prompt=select_account&nonce=0196cdae-6757-7453-80d1-7f831c50e7e3&state=eyJpZCI6IjAxOTZjZGFlLTY3NTYtNzQ3Zi1hM2IwLTBjNjY4Nzc1M2QzNiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0=&claims={%22access_token%22:{%22xms_cc%22:{%22values%22:[%22CP1%22]}}} HTTP/1.1
Host: 52.98.152.194
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET 52.98.152.194/https:/login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=9199bf20-a13f-4107-85dc-02114787ef48&scope=outlook.office.com/.default%20openid%20profile%20offline_access&redirect_uri=http://outlook.office365.com/mail/&client-request-id=cb18e059-fd19-3713-d4ee-1098cbaba763&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=4.4.0&client_info=1&code_challenge=eVn6nc-8vTNZs-RznbWnbessRfUxw7WFPF4zW7CCoVg&code_challenge_method=S256&prompt=select_account&nonce=0196cdae-6757-7453-80d1-7f831c50e7e3&state=eyJpZCI6IjAxOTZjZGFlLTY3NTYtNzQ3Zi1hM2IwLTBjNjY4Nzc1M2QzNiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0=&claims={%22access_token%22:{%22xms_cc%22:{%22values%22:[%22CP1%22]}}}

52.98.152.194

301 Moved Permanently

0 B

URL

52.98.152.194/https:/login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=9199bf20-a13f-4107-85dc-02114787ef48&scope=outlook.office.com/.default%20openid%20profile%20offline_access&redirect_uri=http://outlook.office365.com/mail/&client-request-id=cb18e059-fd19-3713-d4ee-1098cbaba763&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=4.4.0&client_info=1&code_challenge=eVn6nc-8vTNZs-RznbWnbessRfUxw7WFPF4zW7CCoVg&code_challenge_method=S256&prompt=select_account&nonce=0196cdae-6757-7453-80d1-7f831c50e7e3&state=eyJpZCI6IjAxOTZjZGFlLTY3NTYtNzQ3Zi1hM2IwLTBjNjY4Nzc1M2QzNiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0=&claims={%22access_token%22:{%22xms_cc%22:{%22values%22:[%22CP1%22]}}}

IP / ASN

52.98.152.194

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5608805

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /https:/login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=9199bf20-a13f-4107-85dc-02114787ef48&scope=outlook.office.com/.default%20openid%20profile%20offline_access&redirect_uri=http://outlook.office365.com/mail/&client-request-id=cb18e059-fd19-3713-d4ee-1098cbaba763&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=4.4.0&client_info=1&code_challenge=eVn6nc-8vTNZs-RznbWnbessRfUxw7WFPF4zW7CCoVg&code_challenge_method=S256&prompt=select_account&nonce=0196cdae-6757-7453-80d1-7f831c50e7e3&state=eyJpZCI6IjAxOTZjZGFlLTY3NTYtNzQ3Zi1hM2IwLTBjNjY4Nzc1M2QzNiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0=&claims={%22access_token%22:{%22xms_cc%22:{%22values%22:[%22CP1%22]}}} HTTP/1.1
Host: 52.98.152.194
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache
Pragma: no-cache
Location: https://52.98.152.194/https:/login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=9199bf20-a13f-4107-85dc-02114787ef48&scope=outlook.office.com/.default%20openid%20profile%20offline_access&redirect_uri=http://outlook.office365.com/mail/&client-request-id=cb18e059-fd19-3713-d4ee-1098cbaba763&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=4.4.0&client_info=1&code_challenge=eVn6nc-8vTNZs-RznbWnbessRfUxw7WFPF4zW7CCoVg&code_challenge_method=S256&prompt=select_account&nonce=0196cdae-6757-7453-80d1-7f831c50e7e3&state=eyJpZCI6IjAxOTZjZGFlLTY3NTYtNzQ3Zi1hM2IwLTBjNjY4Nzc1M2QzNiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0=&claims=%7B%22access_token%22:%7B%22xms_cc%22:%7B%22values%22:%5B%22CP1%22%5D%7D%7D%7D
Server: Microsoft-IIS/10.0
request-id: 3ad7c1e9-3875-315a-a7f1-eeb1d44fca8b
X-RequestId: 5d7d190a-a9a6-4ee0-9d45-292d634e42bb
X-FEProxyInfo: FR0P281CA0012.DEUP281.PROD.OUTLOOK.COM
X-FEEFZInfo: HHN
MS-CV: 6cHXOnU4WjGn8e6x1E/Kiw.0
X-Powered-By: ASP.NET
X-FEServer: FR0P281CA0012, FR0P281CA0012
Date: Wed, 14 May 2025 07:25:49 GMT
Connection: close
Content-Length: 0

0.0.0.0

0 B

URL

52.98.152.194/https:/login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=9199bf20-a13f-4107-85dc-02114787ef48&scope=outlook.office.com/.default%20openid%20profile%20offline_access&redirect_uri=http://outlook.office365.com/mail/&client-request-id=cb18e059-fd19-3713-d4ee-1098cbaba763&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=4.4.0&client_info=1&code_challenge=eVn6nc-8vTNZs-RznbWnbessRfUxw7WFPF4zW7CCoVg&code_challenge_method=S256&prompt=select_account&nonce=0196cdae-6757-7453-80d1-7f831c50e7e3&state=eyJpZCI6IjAxOTZjZGFlLTY3NTYtNzQ3Zi1hM2IwLTBjNjY4Nzc1M2QzNiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0=&claims=%7B%22access_token%22:%7B%22xms_cc%22:%7B%22values%22:%5B%22CP1%22%5D%7D%7D%7D

IP / ASN

0.0.0.0

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5608805

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /https:/login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=9199bf20-a13f-4107-85dc-02114787ef48&scope=outlook.office.com/.default%20openid%20profile%20offline_access&redirect_uri=http://outlook.office365.com/mail/&client-request-id=cb18e059-fd19-3713-d4ee-1098cbaba763&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=4.4.0&client_info=1&code_challenge=eVn6nc-8vTNZs-RznbWnbessRfUxw7WFPF4zW7CCoVg&code_challenge_method=S256&prompt=select_account&nonce=0196cdae-6757-7453-80d1-7f831c50e7e3&state=eyJpZCI6IjAxOTZjZGFlLTY3NTYtNzQ3Zi1hM2IwLTBjNjY4Nzc1M2QzNiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0=&claims=%7B%22access_token%22:%7B%22xms_cc%22:%7B%22values%22:%5B%22CP1%22%5D%7D%7D%7D HTTP/1.1
Host: 52.98.152.194
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache