login.azure-micros.abraven.cl
Open in
urlscan Pro
212.192.246.62
Malicious Activity!
Public Scan
Effective URL: https://login.azure-micros.abraven.cl/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3...
Submission: On September 16 via automatic, source openphish — Scanned from CA
Summary
TLS certificate: Issued by R3 on September 15th 2022. Valid for: 3 months.
This is the only time login.azure-micros.abraven.cl was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 142.44.234.188 142.44.234.188 | 16276 (OVH) (OVH) | |
3 6 | 212.192.246.62 212.192.246.62 | 399471 (AS-SERVERION) (AS-SERVERION) | |
2 | 40.126.24.82 40.126.24.82 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
12 | 2620:1ec:bdf::40 2620:1ec:bdf::40 | 8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
18 | 4 |
ASN16276 (OVH, FR)
PTR: ip188.ip-142-44-234.net
bu5dvb.hunterdouglasgroup.co |
ASN399471 (AS-SERVERION, US)
login.azure-micros.abraven.cl | |
www.azure-micros.abraven.cl |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
msauth.net
aadcdn.msauth.net — Cisco Umbrella Rank: 1078 |
224 KB |
6 |
abraven.cl
3 redirects
login.azure-micros.abraven.cl www.azure-micros.abraven.cl |
358 KB |
2 |
live.com
login.live.com — Cisco Umbrella Rank: 81 |
2 KB |
1 |
hunterdouglasgroup.co
bu5dvb.hunterdouglasgroup.co |
488 B |
18 | 4 |
Domain | Requested by | |
---|---|---|
12 | aadcdn.msauth.net |
login.azure-micros.abraven.cl
aadcdn.msauth.net |
5 | login.azure-micros.abraven.cl |
2 redirects
bu5dvb.hunterdouglasgroup.co
login.azure-micros.abraven.cl |
2 | login.live.com |
login.azure-micros.abraven.cl
aadcdn.msauth.net |
1 | www.azure-micros.abraven.cl | 1 redirects |
1 | bu5dvb.hunterdouglasgroup.co | |
18 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.microsoft.com |
privacy.microsoft.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
bandwidththeater.com R3 |
2022-09-15 - 2022-12-14 |
3 months | crt.sh |
login.azure-micros.abraven.cl R3 |
2022-09-15 - 2022-12-14 |
3 months | crt.sh |
graph.windows.net DigiCert SHA2 Secure Server CA |
2022-06-09 - 2023-06-09 |
a year | crt.sh |
aadcdn.msauth.net DigiCert SHA2 Secure Server CA |
2022-08-23 - 2023-08-23 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://login.azure-micros.abraven.cl/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=637988885364056386.MDVlNWRkNzgtM2FkMC00NTliLWFhNWQtNDRmZWI3ZWQ4ZjVkMzRmYWY5MjUtY2U2OS00NzZiLThmNzItOTI3YmUzNzRlZWQw&ui_locales=en-CA&mkt=en-CA&state=dT_sUfqViFnxubFuOQgCPIt775jhkhFXjwNQOLBXxbEcn0wXD59tjSHXqtYKFWpC8BHGQ-BrZJHI1Nar1SG9r--yvUzrWmgR7hT9dHHw7G7utXZ2rm2xVLGYWUouXDiKfn0dJvl1DicLrtDWPIxFM3youDiQHi52RLzoEjtZmNaOvo2XSsrUxN4QgAldkEYDomTH_CALunpA-0v_Nro0-Mrl6rnYDlqcL8uPJGYVYar5Zf0oaodzamvG7ii6INf3hmug3UH5Coc_adPmuri40A&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0&sso_reload=true
Frame ID: 9E96DAA96F110EF65BFE68C3035421B0
Requests: 17 HTTP requests in this frame
Frame:
https://login.live.com/Me.htm?v=3
Frame ID: 3005B2796ABCED00B0B2F2EAF9E3D4A6
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
Sign in to your accountPage URL History Show full URLs
- https://bu5dvb.hunterdouglasgroup.co/ Page URL
-
https://login.azure-micros.abraven.cl/JoOSTcNH
HTTP 302
https://login.azure-micros.abraven.cl/ HTTP 302
https://www.azure-micros.abraven.cl/login HTTP 302
https://login.azure-micros.abraven.cl/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&... Page URL
- https://login.azure-micros.abraven.cl/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&... Page URL
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: Terms of use
Search URL Search Domain Scan URL
Title: Privacy & cookies
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://bu5dvb.hunterdouglasgroup.co/ Page URL
-
https://login.azure-micros.abraven.cl/JoOSTcNH
HTTP 302
https://login.azure-micros.abraven.cl/ HTTP 302
https://www.azure-micros.abraven.cl/login HTTP 302
https://login.azure-micros.abraven.cl/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=637988885364056386.MDVlNWRkNzgtM2FkMC00NTliLWFhNWQtNDRmZWI3ZWQ4ZjVkMzRmYWY5MjUtY2U2OS00NzZiLThmNzItOTI3YmUzNzRlZWQw&ui_locales=en-CA&mkt=en-CA&state=dT_sUfqViFnxubFuOQgCPIt775jhkhFXjwNQOLBXxbEcn0wXD59tjSHXqtYKFWpC8BHGQ-BrZJHI1Nar1SG9r--yvUzrWmgR7hT9dHHw7G7utXZ2rm2xVLGYWUouXDiKfn0dJvl1DicLrtDWPIxFM3youDiQHi52RLzoEjtZmNaOvo2XSsrUxN4QgAldkEYDomTH_CALunpA-0v_Nro0-Mrl6rnYDlqcL8uPJGYVYar5Zf0oaodzamvG7ii6INf3hmug3UH5Coc_adPmuri40A&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0 Page URL
- https://login.azure-micros.abraven.cl/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=637988885364056386.MDVlNWRkNzgtM2FkMC00NTliLWFhNWQtNDRmZWI3ZWQ4ZjVkMzRmYWY5MjUtY2U2OS00NzZiLThmNzItOTI3YmUzNzRlZWQw&ui_locales=en-CA&mkt=en-CA&state=dT_sUfqViFnxubFuOQgCPIt775jhkhFXjwNQOLBXxbEcn0wXD59tjSHXqtYKFWpC8BHGQ-BrZJHI1Nar1SG9r--yvUzrWmgR7hT9dHHw7G7utXZ2rm2xVLGYWUouXDiKfn0dJvl1DicLrtDWPIxFM3youDiQHi52RLzoEjtZmNaOvo2XSsrUxN4QgAldkEYDomTH_CALunpA-0v_Nro0-Mrl6rnYDlqcL8uPJGYVYar5Zf0oaodzamvG7ii6INf3hmug3UH5Coc_adPmuri40A&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0&sso_reload=true Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- https://login.azure-micros.abraven.cl/JoOSTcNH HTTP 302
- https://login.azure-micros.abraven.cl/ HTTP 302
- https://www.azure-micros.abraven.cl/login HTTP 302
- https://login.azure-micros.abraven.cl/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=637988885364056386.MDVlNWRkNzgtM2FkMC00NTliLWFhNWQtNDRmZWI3ZWQ4ZjVkMzRmYWY5MjUtY2U2OS00NzZiLThmNzItOTI3YmUzNzRlZWQw&ui_locales=en-CA&mkt=en-CA&state=dT_sUfqViFnxubFuOQgCPIt775jhkhFXjwNQOLBXxbEcn0wXD59tjSHXqtYKFWpC8BHGQ-BrZJHI1Nar1SG9r--yvUzrWmgR7hT9dHHw7G7utXZ2rm2xVLGYWUouXDiKfn0dJvl1DicLrtDWPIxFM3youDiQHi52RLzoEjtZmNaOvo2XSsrUxN4QgAldkEYDomTH_CALunpA-0v_Nro0-Mrl6rnYDlqcL8uPJGYVYar5Zf0oaodzamvG7ii6INf3hmug3UH5Coc_adPmuri40A&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.16.0.0
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
bu5dvb.hunterdouglasgroup.co/ |
344 B 488 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
authorize
login.azure-micros.abraven.cl/common/oauth2/v2.0/ Redirect Chain
|
152 KB 153 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
reportbssotelemetry
login.azure-micros.abraven.cl/common/instrumentation/ |
264 B 1 KB |
Ping
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
authorize
login.azure-micros.abraven.cl/common/oauth2/v2.0/ |
199 KB 201 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Me.htm
login.live.com/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ConvergedLogin_PCore_0_7IcabufCglBKoeuaW_Lw2.js
aadcdn.msauth.net/shared/1.0/content/js/ |
383 KB 109 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
oneDs_8363475333f6d315e7ae.js
aadcdn.msauth.net/shared/1.0/content/js/ |
81 KB 27 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
converged.v2.login.min_8owwt4u-33ps0wawi7tmow2.css
aadcdn.msauth.net/ests/2.1/content/cdnbundles/ |
0 20 KB |
Other
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ux.converged.login.strings-en.min_gb7busmfhpqbcvjpyga3yw2.js
aadcdn.msauth.net/ests/2.1/content/cdnbundles/ |
0 14 KB |
Other
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
convergedlogin_pfetchsessionsprogress_49afc9cacb9cfd40c503.js
aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/ |
15 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
marching_ants_white_166de53471265253ab3a456defe6da23.gif
aadcdn.msauth.net/shared/1.0/content/images/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif
aadcdn.msauth.net/shared/1.0/content/images/ |
4 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
convergedlogin_pcustomizationloader_6b8fffaf21337fcc3970.js
aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/ |
107 KB 32 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2_bc3d32a696895f78c19df6c717586a5d.svg
aadcdn.msauth.net/shared/1.0/content/images/backgrounds/ |
2 KB 1004 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
aadcdn.msauth.net/shared/1.0/content/images/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
marching_ants_white_166de53471265253ab3a456defe6da23.gif
aadcdn.msauth.net/shared/1.0/content/images/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif
aadcdn.msauth.net/shared/1.0/content/images/ |
4 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Me.htm
login.live.com/ Frame 3005 |
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)31 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| $Config object| $Debug object| $Do function| $Loader object| $WebWatson function| GetString function| GetErrorString function| GetUrl object| $B object| ServerData object| webpackJsonp object| ko object| PROOF object| StringRepository boolean| __ConvergedLogin_PCore boolean| __ function| lp object| Telemetry object| telemetry_webpackJsonp boolean| __convergedlogin_pfetchsessionsprogress_49afc9cacb9cfd40c503 boolean| __convergedlogin_pcustomizationloader_6b8fffaf21337fcc397015 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.login.azure-micros.abraven.cl/ | Name: esctx Value: AQABAAAAAAD--DLA3VO7QrddgJg7WevrKn-cvr3tV8oF-VgKMVmxZHNdfAZ75DLnXta9jyNqM97IeHMPuQuZloLJetQ2nSTOEE8YJBYW1JuR--JFR3GPIosGTjWcT2MZQNdhfNqD5v9yWJU4KCBNCQwVosL6N7Xi4O3GWMunCFjjLN6os2UHOJ_zwzGimiPJYrBn8rRfW68gAA |
|
login.azure-micros.abraven.cl/ | Name: x-ms-gateway-slice Value: estsfd |
|
login.azure-micros.abraven.cl/ | Name: stsservicecookie Value: estsfd |
|
www.azure-micros.abraven.cl/ | Name: OH.DCAffinity Value: OH-weu |
|
www.azure-micros.abraven.cl/ | Name: OH.FLID Value: 2549461a-4a6f-48ba-882b-b8f1c6047a0a |
|
www.azure-micros.abraven.cl/ | Name: .AspNetCore.OpenIdConnect.Nonce.omDdV08Coa33Ngvhvfs_IQkVVuVvo-ac7sUJTfDJlElfGPDlegNIlUTouytUz6gpeIdPz_z0i2Xaxw3VRauJDnq5X-YJ7gaOrTzthhUAN3PHnbx26jrvZzNBU3NG8jeZ9N9II-MaRKeiaD7J0j2amlGwc7SQMkApgtKYjhu1hkMrTA9zFSDiawXJ0mtVvYpced2D-KhTykCcmnqySB-Jjla_5Fr-iaFWxZQAhsUUH0tsFl1jOnrOVZIxMHut3OvM Value: N |
|
www.azure-micros.abraven.cl/ | Name: .AspNetCore.Correlation.OpenIdConnectV2.6B8e40GRZHrHr9GdM2GQ2k4QcW1UHcbEJNmu7FipxdA Value: N |
|
.azure-micros.abraven.cl/ | Name: MUID Value: 096AB4AB73936E801C1BA68A72E86F7C |
|
.login.azure-micros.abraven.cl/ | Name: AADSSO Value: NA|NoExtension |
|
login.azure-micros.abraven.cl/ | Name: SSOCOOKIEPULLED Value: 1 |
|
login.azure-micros.abraven.cl/ | Name: buid Value: 0.AQIAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAAA.AQABAAEAAAD--DLA3VO7QrddgJg7Wevr7OLpHtw1vj6fDY6WCH3oGd0fXFQdUqikUxt8mQP_7qHH4_K64TPbsKmbjIHhnrfGVeCqI_eoZOpIlIo-151uPVQnqgN9V3D114JSgrlr138gAA |
|
login.azure-micros.abraven.cl/ | Name: fpc Value: AlD3XHUFdfJGmhFrzENH35S8Ae7AAQAAAFnItdoOAAAA |
|
.login.azure-micros.abraven.cl/ | Name: brcap Value: 0 |
|
.login.live.com/ | Name: uaid Value: 60fd77db8a734fcba28295458900fe5d |
|
.login.live.com/ | Name: MSPRequ Value: id=N<=1663291738&co=2 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aadcdn.msauth.net
bu5dvb.hunterdouglasgroup.co
login.azure-micros.abraven.cl
login.live.com
www.azure-micros.abraven.cl
142.44.234.188
212.192.246.62
2620:1ec:bdf::40
40.126.24.82
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
1d0041fb372ba08308468cd97f9074014e898e43a7c0840a58e90836c13fa4e4
3410242720de50b090d07a23aee2dad879b31d36f2615732962ec4cfa8a9d458
3893b5b3e58f85c9b7081bc49a2109ba35d69323098bed79b50d6f43c2e48a52
3988c00d3df500bf3e6af415e3a0570cb1673448e83ff54db7631a2422ea923a
4cc1914204beca4a34eac1ed055f49f42ad77f143d97271fafa00e4810383fef
797191f9b3c764c483afca443d6d771a489fcca24904dd36661bcf5bfc522a33
8737d721808655f37b333f08a90185699e7e8b9bdaaa15cdb63c8448b426f95d
a46201581a7c7c667fd42787cd1e9adf2f6bf809efb7596e61a03e8dba9ada13
c3884c02996923d5be8f0150d8e407562f87fb48d034080740d899682967bb3f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f78a659d1f272f9c0aceb7be9ee1c095a2c52e136ba712602520e7a268583b66