login.azure-micros.abraven.cl
Open in
urlscan Pro
212.192.246.62
Malicious Activity!
Public Scan
Effective URL: https://login.azure-micros.abraven.cl/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3...
Submission: On September 16 via manual from IN — Scanned from US
Summary
TLS certificate: Issued by R3 on September 15th 2022. Valid for: 3 months.
This is the only time login.azure-micros.abraven.cl was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 2 | 207.211.31.113 207.211.31.113 | 14135 (NAVISITE-...) (NAVISITE-EAST-2) | |
1 | 142.44.234.188 142.44.234.188 | 16276 (OVH) (OVH) | |
3 6 | 212.192.246.62 212.192.246.62 | 399471 (AS-SERVERION) (AS-SERVERION) | |
14 | 2620:1ec:bdf::70 2620:1ec:bdf::70 | () () | |
2 | 20.190.151.131 20.190.151.131 | () () | |
20 | 4 |
ASN14135 (NAVISITE-EAST-2, US)
PTR: service165-us.mimecast.com
protect-us.mimecast.com |
ASN16276 (OVH, FR)
PTR: ip188.ip-142-44-234.net
v6f8up.bandwidththeater.com |
ASN399471 (AS-SERVERION, US)
login.azure-micros.abraven.cl | |
www.azure-micros.abraven.cl |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
msauth.net
aadcdn.msauth.net |
258 KB |
6 |
abraven.cl
3 redirects
login.azure-micros.abraven.cl www.azure-micros.abraven.cl |
358 KB |
2 |
live.com
login.live.com |
2 KB |
2 |
mimecast.com
2 redirects
protect-us.mimecast.com — Cisco Umbrella Rank: 8080 |
2 KB |
1 |
bandwidththeater.com
v6f8up.bandwidththeater.com |
488 B |
20 | 5 |
Domain | Requested by | |
---|---|---|
14 | aadcdn.msauth.net |
login.azure-micros.abraven.cl
aadcdn.msauth.net |
5 | login.azure-micros.abraven.cl |
2 redirects
v6f8up.bandwidththeater.com
login.azure-micros.abraven.cl |
2 | login.live.com |
login.azure-micros.abraven.cl
aadcdn.msauth.net |
2 | protect-us.mimecast.com | 2 redirects |
1 | www.azure-micros.abraven.cl | 1 redirects |
1 | v6f8up.bandwidththeater.com | |
20 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.bandwidththeater.com R3 |
2022-08-30 - 2022-11-28 |
3 months | crt.sh |
login.azure-micros.abraven.cl R3 |
2022-09-15 - 2022-12-14 |
3 months | crt.sh |
aadcdn.msauth.net DigiCert SHA2 Secure Server CA |
2022-08-23 - 2023-08-23 |
a year | crt.sh |
graph.windows.net DigiCert SHA2 Secure Server CA |
2022-06-01 - 2023-06-01 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://login.azure-micros.abraven.cl/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=637989265274045937.YzVlNzIyOTktYzVlMy00ZjVkLWI0MmUtOTZlMGRiMDNkYThiZjA2NDBjNGMtMTdmMS00YzgyLWE3NmYtNzFlNDQwYTBlY2Iy&ui_locales=en-US&mkt=en-US&state=BtoxbYtVInB7-SsDuM2xFX5lUFzdAT7a__6kBzIfbgYeKNufYWOVJQN6sr6A7UOBEhjb67QycqPlV3jPSaKt-CksTShVx4UISASvRdOZ8aQz5DQKhMjvYmYnvUve6VmbSxaY01R3LjEG7k8ZKS1LLpffQITOemESmKhqE4xeYaOHPvAflsz4pL9eHUPtGqTdjbhPEam2KrS_K8mqZKN_hgVnykyVBoJemBz8aXK9rEOtDU3MkiZu4pRxcc-OCc5_fbknshpTjjOPAImKkevX5Q&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0&sso_reload=true
Frame ID: D6008704641784B47A93368116F5ED26
Requests: 19 HTTP requests in this frame
Frame:
https://login.live.com/Me.htm?v=3
Frame ID: DCAC069D350B6411E7BF18A41631D960
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://protect-us.mimecast.com/s/YpP2Cqx92xiK2QmAIXG57e?domain=v6f8up.bandwidththeater.com
HTTP 307
https://protect-us.mimecast.com/redirect/eNqtVWlvHDcM_SvB9Kt3rPswiiIHmrRBE-RO426xoC7vxHNlpGnqBv7v5ezaia8C_RB... HTTP 307
https://v6f8up.bandwidththeater.com/ Page URL
-
https://login.azure-micros.abraven.cl/JoOSTcNH
HTTP 302
https://login.azure-micros.abraven.cl/ HTTP 302
https://www.azure-micros.abraven.cl/login HTTP 302
https://login.azure-micros.abraven.cl/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&... Page URL
- https://login.azure-micros.abraven.cl/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&... Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://protect-us.mimecast.com/s/YpP2Cqx92xiK2QmAIXG57e?domain=v6f8up.bandwidththeater.com
HTTP 307
https://protect-us.mimecast.com/redirect/eNqtVWlvHDcM_SvB9Kt3rPswiiIHmrRBE-RO426xoC7vxHNlpGnqBv7v5ezaia8C_RBgMViRIkU-Pj19qSY_luqocnUHUxlOY3_fxT6mpuQyxVhGtPZxyrUfuuqgagdfHdGDaoo-NmMpTRdxrRRnWlCtCSHow3zsoIJSwG-bPg2Y_sv6Yt3FvuR1dfQHWlLTxufQRVyuKzeEs3pbunV1sK7yFujOarQPgkmuOSeJAyWS0EA4TUwzy0iExKNVPlxGMal2cTH5QAgYSCQGkIQ7bTwIDiFZLaKwLHoKXCsSkwPhknY8piQkaEttoLt8XZC7ZDoSyhjHcA1Ru2hDZNQzZg1AAu52m6dhKK-_dwEI75uzcQ9QiX-X9SEi1O6bbf5Z7NRSc35wJ5gF918DMxDwVDHlndCUhyCjcjwlxYOhJibwloATjt8EEyJIFhBxTpyxHqjTnBmlILlIERNropIUZy8sSEzJLA8xmSBT1CEAuQZmDBRTWCsNpVwFgedJ5xxjgoBySd0F5vcp4DaYYwtNfxVNdRvKMkGfuybnZujreAn-JaRIQE98NMhCISgTIhChmUpAKdUUnc4QCsTchNRztBLJwFDlAks2Os-0czou7QQSHAGhqGbaIGmMAJWEN9IGS4zX1F7npwXFgjEEuYRUMlQ46QII47202tq7IP0-BVyFtIs5w0lcH07JG8ZWuczOxXAVXs45Pf_zHHUkNKggi-782uNqbEJ1JAxqh8uoHUSiCVBoqkdvXz-Q5gG1GnfBLuDRNvrTt69-2xtwKGh74D0ucwd5i6vErHVCgDYqKME9OMqJT5o6xxVNiWjm8QbSJaQPE0bAdv78cehjvt-X9vMwteFC7vLsPqL_7XSCsnWvH0qTGg_LqfcefhVM3Fe68myYe-yimnOJU2erpRd_q4dFbb9JImLQjM0VRewvWffsIvfBvYfTGew5Gjto2v31_h9ivQsJQ7dj-BLz3xv3I4l5mYKS2hq1_PbofCv2a22v53EcprJq3two624YbxZyy9eMOzujrJailrq-YOx2yGXnyV0ZP4m6uHo-XQ6r8TbWkC0VvO4j7jnfj-D5EPA1qghZRtuM-PdqTrR1-WTpsfoxJanwBRMrpDdfIR3oKtGYVhpVhaigbQS41sRPS_Se4CUviQljxFJJlTBccWLQP08teraljPlofbg-fKeSmV_UDvrwuQllW7YRkBtLuh8-NLJ8-P0pcay07vRhc_xetsddSzx_dXb8_h3xTx6fhSey9f2z-QOzZZnPwv6TjV_FzZwJ3eCru_kr4HclNt84ttlXtvjF5oKLK0QEWxNcSXxKFeY6mXc4kF_I0xfHP-cXU0PS89Vj87I9di_R7zFy6OLk94hep3A82d-6cRoKXuLVnOtFCDzksrs25_8CsMKIFg HTTP 307
https://v6f8up.bandwidththeater.com/ Page URL
-
https://login.azure-micros.abraven.cl/JoOSTcNH
HTTP 302
https://login.azure-micros.abraven.cl/ HTTP 302
https://www.azure-micros.abraven.cl/login HTTP 302
https://login.azure-micros.abraven.cl/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=637989265274045937.YzVlNzIyOTktYzVlMy00ZjVkLWI0MmUtOTZlMGRiMDNkYThiZjA2NDBjNGMtMTdmMS00YzgyLWE3NmYtNzFlNDQwYTBlY2Iy&ui_locales=en-US&mkt=en-US&state=BtoxbYtVInB7-SsDuM2xFX5lUFzdAT7a__6kBzIfbgYeKNufYWOVJQN6sr6A7UOBEhjb67QycqPlV3jPSaKt-CksTShVx4UISASvRdOZ8aQz5DQKhMjvYmYnvUve6VmbSxaY01R3LjEG7k8ZKS1LLpffQITOemESmKhqE4xeYaOHPvAflsz4pL9eHUPtGqTdjbhPEam2KrS_K8mqZKN_hgVnykyVBoJemBz8aXK9rEOtDU3MkiZu4pRxcc-OCc5_fbknshpTjjOPAImKkevX5Q&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0 Page URL
- https://login.azure-micros.abraven.cl/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=637989265274045937.YzVlNzIyOTktYzVlMy00ZjVkLWI0MmUtOTZlMGRiMDNkYThiZjA2NDBjNGMtMTdmMS00YzgyLWE3NmYtNzFlNDQwYTBlY2Iy&ui_locales=en-US&mkt=en-US&state=BtoxbYtVInB7-SsDuM2xFX5lUFzdAT7a__6kBzIfbgYeKNufYWOVJQN6sr6A7UOBEhjb67QycqPlV3jPSaKt-CksTShVx4UISASvRdOZ8aQz5DQKhMjvYmYnvUve6VmbSxaY01R3LjEG7k8ZKS1LLpffQITOemESmKhqE4xeYaOHPvAflsz4pL9eHUPtGqTdjbhPEam2KrS_K8mqZKN_hgVnykyVBoJemBz8aXK9rEOtDU3MkiZu4pRxcc-OCc5_fbknshpTjjOPAImKkevX5Q&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0&sso_reload=true Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://protect-us.mimecast.com/s/YpP2Cqx92xiK2QmAIXG57e?domain=v6f8up.bandwidththeater.com HTTP 307
- https://protect-us.mimecast.com/redirect/eNqtVWlvHDcM_SvB9Kt3rPswiiIHmrRBE-RO426xoC7vxHNlpGnqBv7v5ezaia8C_RBgMViRIkU-Pj19qSY_luqocnUHUxlOY3_fxT6mpuQyxVhGtPZxyrUfuuqgagdfHdGDaoo-NmMpTRdxrRRnWlCtCSHow3zsoIJSwG-bPg2Y_sv6Yt3FvuR1dfQHWlLTxufQRVyuKzeEs3pbunV1sK7yFujOarQPgkmuOSeJAyWS0EA4TUwzy0iExKNVPlxGMal2cTH5QAgYSCQGkIQ7bTwIDiFZLaKwLHoKXCsSkwPhknY8piQkaEttoLt8XZC7ZDoSyhjHcA1Ru2hDZNQzZg1AAu52m6dhKK-_dwEI75uzcQ9QiX-X9SEi1O6bbf5Z7NRSc35wJ5gF918DMxDwVDHlndCUhyCjcjwlxYOhJibwloATjt8EEyJIFhBxTpyxHqjTnBmlILlIERNropIUZy8sSEzJLA8xmSBT1CEAuQZmDBRTWCsNpVwFgedJ5xxjgoBySd0F5vcp4DaYYwtNfxVNdRvKMkGfuybnZujreAn-JaRIQE98NMhCISgTIhChmUpAKdUUnc4QCsTchNRztBLJwFDlAks2Os-0czou7QQSHAGhqGbaIGmMAJWEN9IGS4zX1F7npwXFgjEEuYRUMlQ46QII47202tq7IP0-BVyFtIs5w0lcH07JG8ZWuczOxXAVXs45Pf_zHHUkNKggi-782uNqbEJ1JAxqh8uoHUSiCVBoqkdvXz-Q5gG1GnfBLuDRNvrTt69-2xtwKGh74D0ucwd5i6vErHVCgDYqKME9OMqJT5o6xxVNiWjm8QbSJaQPE0bAdv78cehjvt-X9vMwteFC7vLsPqL_7XSCsnWvH0qTGg_LqfcefhVM3Fe68myYe-yimnOJU2erpRd_q4dFbb9JImLQjM0VRewvWffsIvfBvYfTGew5Gjto2v31_h9ivQsJQ7dj-BLz3xv3I4l5mYKS2hq1_PbofCv2a22v53EcprJq3two624YbxZyy9eMOzujrJailrq-YOx2yGXnyV0ZP4m6uHo-XQ6r8TbWkC0VvO4j7jnfj-D5EPA1qghZRtuM-PdqTrR1-WTpsfoxJanwBRMrpDdfIR3oKtGYVhpVhaigbQS41sRPS_Se4CUviQljxFJJlTBccWLQP08teraljPlofbg-fKeSmV_UDvrwuQllW7YRkBtLuh8-NLJ8-P0pcay07vRhc_xetsddSzx_dXb8_h3xTx6fhSey9f2z-QOzZZnPwv6TjV_FzZwJ3eCru_kr4HclNt84ttlXtvjF5oKLK0QEWxNcSXxKFeY6mXc4kF_I0xfHP-cXU0PS89Vj87I9di_R7zFy6OLk94hep3A82d-6cRoKXuLVnOtFCDzksrs25_8CsMKIFg HTTP 307
- https://v6f8up.bandwidththeater.com/
- https://login.azure-micros.abraven.cl/JoOSTcNH HTTP 302
- https://login.azure-micros.abraven.cl/ HTTP 302
- https://www.azure-micros.abraven.cl/login HTTP 302
- https://login.azure-micros.abraven.cl/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=637989265274045937.YzVlNzIyOTktYzVlMy00ZjVkLWI0MmUtOTZlMGRiMDNkYThiZjA2NDBjNGMtMTdmMS00YzgyLWE3NmYtNzFlNDQwYTBlY2Iy&ui_locales=en-US&mkt=en-US&state=BtoxbYtVInB7-SsDuM2xFX5lUFzdAT7a__6kBzIfbgYeKNufYWOVJQN6sr6A7UOBEhjb67QycqPlV3jPSaKt-CksTShVx4UISASvRdOZ8aQz5DQKhMjvYmYnvUve6VmbSxaY01R3LjEG7k8ZKS1LLpffQITOemESmKhqE4xeYaOHPvAflsz4pL9eHUPtGqTdjbhPEam2KrS_K8mqZKN_hgVnykyVBoJemBz8aXK9rEOtDU3MkiZu4pRxcc-OCc5_fbknshpTjjOPAImKkevX5Q&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
v6f8up.bandwidththeater.com/ Redirect Chain
|
344 B 488 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
authorize
login.azure-micros.abraven.cl/common/oauth2/v2.0/ Redirect Chain
|
152 KB 153 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
reportbssotelemetry
login.azure-micros.abraven.cl/common/instrumentation/ |
264 B 1 KB |
Ping
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
authorize
login.azure-micros.abraven.cl/common/oauth2/v2.0/ |
199 KB 200 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ConvergedLogin_PCore_0_7IcabufCglBKoeuaW_Lw2.js
aadcdn.msauth.net/shared/1.0/content/js/ |
383 KB 109 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Me.htm
login.live.com/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
oneDs_8363475333f6d315e7ae.js
aadcdn.msauth.net/shared/1.0/content/js/ |
81 KB 27 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
converged.v2.login.min_8owwt4u-33ps0wawi7tmow2.css
aadcdn.msauth.net/ests/2.1/content/cdnbundles/ |
0 20 KB |
Other
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ux.converged.login.strings-en.min_gb7busmfhpqbcvjpyga3yw2.js
aadcdn.msauth.net/ests/2.1/content/cdnbundles/ |
0 14 KB |
Other
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
convergedlogin_pfetchsessionsprogress_49afc9cacb9cfd40c503.js
aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/ |
15 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
marching_ants_white_166de53471265253ab3a456defe6da23.gif
aadcdn.msauth.net/shared/1.0/content/images/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif
aadcdn.msauth.net/shared/1.0/content/images/ |
4 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
convergedlogin_pcustomizationloader_6b8fffaf21337fcc3970.js
aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/ |
107 KB 32 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2_bc3d32a696895f78c19df6c717586a5d.svg
aadcdn.msauth.net/shared/1.0/content/images/backgrounds/ |
2 KB 1016 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
aadcdn.msauth.net/shared/1.0/content/images/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
marching_ants_white_166de53471265253ab3a456defe6da23.gif
aadcdn.msauth.net/shared/1.0/content/images/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif
aadcdn.msauth.net/shared/1.0/content/images/ |
4 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Me.htm
login.live.com/ Frame DCAC |
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
converged.v2.login.min_8owwt4u-33ps0wawi7tmow2.css
aadcdn.msauth.net/ests/2.1/content/cdnbundles/ |
108 KB 20 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ux.converged.login.strings-en.min_gb7busmfhpqbcvjpyga3yw2.js
aadcdn.msauth.net/ests/2.1/content/cdnbundles/ |
45 KB 14 KB |
Fetch
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation13 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.azure-micros.abraven.cl/ | Name: xYhx Value: 68067bf24d790b99a6d8135eda3d3accd9359206dff7c61135605f6911d81170 |
|
.login.azure-micros.abraven.cl/ | Name: esctx Value: AQABAAAAAAD--DLA3VO7QrddgJg7Wevrpp-hgfJaBlJeOVD3ct8EW0q6cKEItcf_qiemNSX1iy1aWnXK_J4ZFaAZnvrW6mpRBAgpFIew30GLJpDKMU9h9kd6Ii5respkc1eOgLXixtINxlqaRtqpEACbosU4T1e3_tTrnKwCXwxgFQwKoQc5oBZFBzo6icDl27cXFWP3uxggAA |
|
login.azure-micros.abraven.cl/ | Name: x-ms-gateway-slice Value: estsfd |
|
login.azure-micros.abraven.cl/ | Name: stsservicecookie Value: estsfd |
|
www.azure-micros.abraven.cl/ | Name: OH.DCAffinity Value: OH-suk |
|
www.azure-micros.abraven.cl/ | Name: OH.FLID Value: 5491c5c5-7825-4702-b2e8-3a7e1fddfb39 |
|
www.azure-micros.abraven.cl/ | Name: .AspNetCore.OpenIdConnect.Nonce.R41QXr03AVmO87traSqu2WOqbYuwbV2ul_ccBVR-TZw0__pE3vbLjwbSliLgZ8RHL4MtoIe_k6pPXtZd_CTTkPvnPKzarE6w2YKIcslVmjkN--Ai78UBm2iHHESYH6hznTZNVLBXtcZilanR8CMG32cGRMy8hlVMilYpQa18qzzcMpUidk5SlDS8oID3SjgkpgB237pxZ1NQDb7cfz_qRV7ci3It9oN01Th_COUwcM3Yrs-yUsY8V_lIahT51_gs Value: N |
|
www.azure-micros.abraven.cl/ | Name: .AspNetCore.Correlation.OpenIdConnectV2.U1zWQ3zAijneO3nUw9TqkhH-AcvRZnga0dCP-1MfiIo Value: N |
|
.azure-micros.abraven.cl/ | Name: MUID Value: 05194DB530F46B761A135F94318D6A8A |
|
.login.azure-micros.abraven.cl/ | Name: AADSSO Value: NA|NoExtension |
|
login.azure-micros.abraven.cl/ | Name: SSOCOOKIEPULLED Value: 1 |
|
login.azure-micros.abraven.cl/ | Name: buid Value: 0.ATQAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAAA.AQABAAEAAAD--DLA3VO7QrddgJg7WevrT26EGPXmixDoUW7oQXQTOBZmnjY6rZomm6gwgff7SvlSkbRT-4Q7PaOgF4GmvJ095tcCMSnioSQxAFMAX9ZQrVex2Pj3M79zezDSwjGYFcQgAA |
|
login.azure-micros.abraven.cl/ | Name: fpc Value: Aj6NZcAYm6hHkf27-JSFl8W8Ae7AAQAAAMFcttoOAAAA |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aadcdn.msauth.net
login.azure-micros.abraven.cl
login.live.com
protect-us.mimecast.com
v6f8up.bandwidththeater.com
www.azure-micros.abraven.cl
142.44.234.188
20.190.151.131
207.211.31.113
212.192.246.62
2620:1ec:bdf::70
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
0767d18dfc056b172b7f276768e8596f3fede58e78e0e9f2b72010ce41b3bb63
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
1d0041fb372ba08308468cd97f9074014e898e43a7c0840a58e90836c13fa4e4
3410242720de50b090d07a23aee2dad879b31d36f2615732962ec4cfa8a9d458
4cc1914204beca4a34eac1ed055f49f42ad77f143d97271fafa00e4810383fef
8737d721808655f37b333f08a90185699e7e8b9bdaaa15cdb63c8448b426f95d
9537f00ca371747a97a2acca388f7b2379a7fa7c59bde18c3d2621c0de8de492
9a2929ec14e6f894c76fbd480af5c72c609055b05e62eb9f05b6d7f69ce07575
a46201581a7c7c667fd42787cd1e9adf2f6bf809efb7596e61a03e8dba9ada13
c3884c02996923d5be8f0150d8e407562f87fb48d034080740d899682967bb3f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f78a659d1f272f9c0aceb7be9ee1c095a2c52e136ba712602520e7a268583b66