login.microsoftonline.us.office.rp1.abangaritest.govshn.net
Open in
urlscan Pro
15.200.226.212
Malicious Activity!
Public Scan
Submitted URL: https://gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net/
Effective URL: https://login.microsoftonline.us.office.rp1.abangaritest.govshn.net/organizations/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=5e3c...
Submission: On April 15 via api from LU — Scanned from US
Effective URL: https://login.microsoftonline.us.office.rp1.abangaritest.govshn.net/organizations/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=5e3c...
Submission: On April 15 via api from LU — Scanned from US
Summary
This website contacted 3 IPs
in 1 countries
across 2 domains to perform 31 HTTP transactions.
The main IP is 15.200.226.212, located in
Boardman, United States and
belongs to AMAZON EXPANSION, IE.
The main domain is login.microsoftonline.us.office.rp1.abangaritest.govshn.net.
TLS certificate: Issued by GlobalSign RSA OV SSL CA 2018 on March 29th 2024. Valid for: a year.
This is the only time login.microsoftonline.us.office.rp1.abangaritest.govshn.net was scanned on urlscan.io!
TLS certificate: Issued by GlobalSign RSA OV SSL CA 2018 on March 29th 2024. Valid for: a year.
This is the only time login.microsoftonline.us.office.rp1.abangaritest.govshn.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 7 | 52.222.91.178 52.222.91.178 | 8987 (AMAZON EX...) (AMAZON EXPANSION) | |
| 23 | 15.200.226.212 15.200.226.212 | 8987 (AMAZON EX...) (AMAZON EXPANSION) | |
| 2 | 2620:1ec:bdf::40 2620:1ec:bdf::40 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
| 31 | 3 |
7
52.222.91.178
(Boardman, United States)
ASN8987 (AMAZON EXPANSION, IE)
PTR: ec2-52-222-91-178.us-gov-west-1.compute.amazonaws.com
ASN8987 (AMAZON EXPANSION, IE)
PTR: ec2-52-222-91-178.us-gov-west-1.compute.amazonaws.com
| gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net | |
| statics.gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net |
23
15.200.226.212
(Boardman, United States)
ASN8987 (AMAZON EXPANSION, IE)
PTR: ec2-15-200-226-212.us-gov-west-1.compute.amazonaws.com
ASN8987 (AMAZON EXPANSION, IE)
PTR: ec2-15-200-226-212.us-gov-west-1.compute.amazonaws.com
| login.microsoftonline.com.office.rp1.abangaritest.govshn.net | |
| login.microsoftonline.us.office.rp1.abangaritest.govshn.net | |
| aadcdn.msftauth.net.office.rp1.abangaritest.govshn.net |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 30 |
govshn.net
1 redirects
gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net statics.gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net login.microsoftonline.com.office.rp1.abangaritest.govshn.net login.microsoftonline.us.office.rp1.abangaritest.govshn.net aadcdn.msftauth.net.office.rp1.abangaritest.govshn.net |
781 KB |
| 2 |
msauth.net
aadcdn.msauth.net — Cisco Umbrella Rank: 931 |
168 KB |
| 31 | 2 |
| Domain | Requested by | |
|---|---|---|
| 16 | aadcdn.msftauth.net.office.rp1.abangaritest.govshn.net |
login.microsoftonline.us.office.rp1.abangaritest.govshn.net
aadcdn.msauth.net |
| 6 | login.microsoftonline.us.office.rp1.abangaritest.govshn.net |
statics.gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net
aadcdn.msftauth.net.office.rp1.abangaritest.govshn.net aadcdn.msauth.net |
| 4 | gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net |
1 redirects
statics.gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net
|
| 3 | statics.gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net |
gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net
|
| 2 | aadcdn.msauth.net |
login.microsoftonline.us.office.rp1.abangaritest.govshn.net
|
| 1 | login.microsoftonline.com.office.rp1.abangaritest.govshn.net |
statics.gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net
|
| 31 | 6 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| login.live.com |
| www.microsoft.com.office.rp1.abangaritest.govshn.net |
| privacy.microsoft.com.office.rp1.abangaritest.govshn.net |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| office.rp1.abangaritest.govshn.net GlobalSign RSA OV SSL CA 2018 |
2024-03-29 - 2025-04-30 |
a year | crt.sh |
| aadcdn.msauth.net DigiCert SHA2 Secure Server CA |
2024-01-29 - 2025-01-29 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://login.microsoftonline.us.office.rp1.abangaritest.govshn.net/organizations/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=5e3ce6c0-2b1f-4285-8d4b-75ee78787346&redirect_uri=https%3A%2F%2Fgov.teams.microsoft.us.office.rp1.abangaritest.govshn.net%2Fgo&state=eyJpZCI6ImZiNWEyZTJiLTNjMDktNGJkMC05MDUxLTUzN2U3ZTRlNGEyNyIsInRzIjoxNzEzMTYzMTczLCJtZXRob2QiOiJyZWRpcmVjdEludGVyYWN0aW9uIn0%3D&nonce=f24d35f4-dea5-430e-b741-2695e3a07a59&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.3.4&client-request-id=3b95628b-4135-468a-a8dc-ae24b237be02&response_mode=fragment&sso_reload=true
Frame ID: E2CFE375A5370F09B821B01EFD7DB199
Requests: 31 HTTP requests in this frame
Screenshot
Page Title
Sign in to your accountPage URL History Show full URLs
- https://gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net/ Page URL
- https://login.microsoftonline.us.office.rp1.abangaritest.govshn.net/organizations/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20pr... Page URL
- https://login.microsoftonline.us.office.rp1.abangaritest.govshn.net/organizations/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20pr... Page URL
Detected technologies
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
URL: https://login.live.com/oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=94e4bbd9-686f-441c-8c5b-c5a489265a2b&response_mode=form_post&redirect_uri=https%3a%2f%2flogin.microsoftonline.us.office.rp1.abangaritest.govshn.net%2fcommon%2ffederation%2foauth2&state=rQQIARAAhZE9b9NgAIT9xkmaRmobFQl1DFIG1GLHcew4DWQIcRrsxA5N81UvyLFfp86HndjOhy3YEV26IKoulTqhDggVBsSAWFg6lQ0hfgCq1AqYOhJ-ATrdDc90ugsHEngSp9ZREicyMRomFZhSCIxsJzSMItM0llapNsbQEDLpuZJUyloNR_bbL-_TuRdbr3-8iZ0xn3xHYPFJX59AXDEHp-DOnuMM7Uw83jEnuAPlgY0PdMUybVNz8LE9xx8AuADgJwCnvphGUmqS1ihMhTKNUUkCYm2GSmBkanNeRyYYmd787lup5MbOHvkvTEv34B9fSLPkzgAazhH6FLr8UMpzKW4g6WKz4Eo1Xi_XxK7A9hyxyPeEPEELbH1WrtU9kawnpVq1LxYLruhyNmdUPa5rzkSv4Am13bkVr5znHalVNdvktl7ReVdqVofKoNFVC_2xWmy4u02RkJubY84gsmfokml1ZEP3ZEc3DfscXTaH0NDV6NAyNb0Pv6Hgwg8u_bdDIIKu-aPI3VUCzYRC4QiyhkSRGz84Ccw3_epex579flA8zk7eHa8r4DwQJyQtURIa5kwoeSxbZ3u5NDcdqdtevD4yvI1caZeVmcduemunkyUziYNg8CB46zy4IOzkyji_8ysIni8gHxf__8dhGHxeQm6WD7-83786eXX96HLlnkdNc9aUzSf4rmVvP-T6rFKhmqmRx3HcRosQ0y2bUd3utFHvZd9GkL81&estsfed=1&uaid=3b95628b4135468aa8dcae24b237be02&signup=1&lw=1&fl=easi2&fci=5e3ce6c0-2b1f-4285-8d4b-75ee78787346
Title: Create one!
Title: Create one!
Search URL Search Domain Scan URL
URL: https://www.microsoft.com.office.rp1.abangaritest.govshn.net/en-US/servicesagreement/
Title: Terms of use
Title: Terms of use
Search URL Search Domain Scan URL
URL: https://privacy.microsoft.com.office.rp1.abangaritest.govshn.net/en-US/privacystatement
Title: Privacy & cookies
Title: Privacy & cookies
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net/ Page URL
- https://login.microsoftonline.us.office.rp1.abangaritest.govshn.net/organizations/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=5e3ce6c0-2b1f-4285-8d4b-75ee78787346&redirect_uri=https%3A%2F%2Fgov.teams.microsoft.us.office.rp1.abangaritest.govshn.net%2Fgo&state=eyJpZCI6ImZiNWEyZTJiLTNjMDktNGJkMC05MDUxLTUzN2U3ZTRlNGEyNyIsInRzIjoxNzEzMTYzMTczLCJtZXRob2QiOiJyZWRpcmVjdEludGVyYWN0aW9uIn0%3D&nonce=f24d35f4-dea5-430e-b741-2695e3a07a59&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.3.4&client-request-id=3b95628b-4135-468a-a8dc-ae24b237be02&response_mode=fragment Page URL
- https://login.microsoftonline.us.office.rp1.abangaritest.govshn.net/organizations/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=5e3ce6c0-2b1f-4285-8d4b-75ee78787346&redirect_uri=https%3A%2F%2Fgov.teams.microsoft.us.office.rp1.abangaritest.govshn.net%2Fgo&state=eyJpZCI6ImZiNWEyZTJiLTNjMDktNGJkMC05MDUxLTUzN2U3ZTRlNGEyNyIsInRzIjoxNzEzMTYzMTczLCJtZXRob2QiOiJyZWRpcmVjdEludGVyYWN0aW9uIn0%3D&nonce=f24d35f4-dea5-430e-b741-2695e3a07a59&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.3.4&client-request-id=3b95628b-4135-468a-a8dc-ae24b237be02&response_mode=fragment&sso_reload=true Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 6- https://gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net/favicon.ico HTTP 302
- https://statics.gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net/hashed/favicon/prod/favicon-f1722d9.ico
31 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
/
gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net/ |
6 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
teams_enterprise_m1.js
statics.gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net/authstrapjs/auth-js/ |
201 KB 202 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
authstrap_m1_v3.js
statics.gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net/authstrapjs/auth-js/ |
75 KB 76 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
mark
gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net/auth/ |
0 680 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
mark
gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net/auth/ |
0 811 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
instance
login.microsoftonline.com.office.rp1.abangaritest.govshn.net/common//discovery/ |
1 KB 3 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
favicon-f1722d9.ico
statics.gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net/hashed/favicon/prod/ Redirect Chain
|
89 KB 90 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
openid-configuration
login.microsoftonline.us.office.rp1.abangaritest.govshn.net/organizations/v2.0/.well-known/ |
2 KB 3 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
authorize
login.microsoftonline.us.office.rp1.abangaritest.govshn.net/organizations/oauth2/v2.0/ |
20 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
BssoInterrupt_Core_3b4rnVNi70Sso4_c42_ImQ2.js
aadcdn.msftauth.net.office.rp1.abangaritest.govshn.net/shared/1.0/content/js/ |
138 KB 49 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
BssoInterrupt_Core_3b4rnVNi70Sso4_c42_ImQ2.js
aadcdn.msauth.net/shared/1.0/content/js/ |
138 KB 49 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js
aadcdn.msftauth.net.office.rp1.abangaritest.govshn.net/ests/2.1/content/cdnbundles/ |
117 KB 40 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
frameworksupport.min_oadrnc13magb009k4d20lg2.js
aadcdn.msftauth.net.office.rp1.abangaritest.govshn.net/ests/2.1/content/cdnbundles/ |
12 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
watson.min_q5ptmu8aniymd4ftuqdkda2.js
aadcdn.msftauth.net.office.rp1.abangaritest.govshn.net/ests/2.1/content/cdnbundles/ |
9 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H/1.1 |
watson
login.microsoftonline.us.office.rp1.abangaritest.govshn.net/common/handlers/ |
265 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
favicon.ico
login.microsoftonline.us.office.rp1.abangaritest.govshn.net/ |
0 624 B |
Other
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Primary Request
authorize
login.microsoftonline.us.office.rp1.abangaritest.govshn.net/organizations/oauth2/v2.0/ |
42 KB 16 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css
aadcdn.msftauth.net.office.rp1.abangaritest.govshn.net/ests/2.1/content/cdnbundles/ |
110 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ConvergedLogin_PCore_xtPRDEy3EhlAdpju-Ah7qw2.js
aadcdn.msftauth.net.office.rp1.abangaritest.govshn.net/shared/1.0/content/js/ |
434 KB 119 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ux.converged.login.strings-en.min_pxjdzrjcwtmbr-ntjn_f8q2.js
aadcdn.msftauth.net.office.rp1.abangaritest.govshn.net/ests/2.1/content/cdnbundles/ |
54 KB 16 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ConvergedLogin_PCore_xtPRDEy3EhlAdpju-Ah7qw2.js
aadcdn.msauth.net/shared/1.0/content/js/ |
434 KB 119 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js
aadcdn.msftauth.net.office.rp1.abangaritest.govshn.net/ests/2.1/content/cdnbundles/ |
117 KB 0 |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
frameworksupport.min_oadrnc13magb009k4d20lg2.js
aadcdn.msftauth.net.office.rp1.abangaritest.govshn.net/ests/2.1/content/cdnbundles/ |
12 KB 0 |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
watson.min_q5ptmu8aniymd4ftuqdkda2.js
aadcdn.msftauth.net.office.rp1.abangaritest.govshn.net/ests/2.1/content/cdnbundles/ |
9 KB 0 |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
convergedlogin_pcustomizationloader_7f0a8c2a247460fad87f.js
aadcdn.msftauth.net.office.rp1.abangaritest.govshn.net/shared/1.0/content/js/asyncchunk/ |
219 KB 54 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H/1.1 |
watson
login.microsoftonline.us.office.rp1.abangaritest.govshn.net/common/handlers/ |
265 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
favicon_a_eupayfgghqiai7k9sol6lg2.ico
aadcdn.msftauth.net.office.rp1.abangaritest.govshn.net/shared/1.0/content/images/ |
17 KB 18 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg
aadcdn.msftauth.net.office.rp1.abangaritest.govshn.net/shared/1.0/content/images/backgrounds/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
aadcdn.msftauth.net.office.rp1.abangaritest.govshn.net/shared/1.0/content/images/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
convergedlogin_pstringcustomizationhelper_eb638da25d4055fbbb57.js
aadcdn.msftauth.net.office.rp1.abangaritest.govshn.net/shared/1.0/content/js/asyncchunk/ |
111 KB 36 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg
aadcdn.msftauth.net.office.rp1.abangaritest.govshn.net/shared/1.0/content/images/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)23 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| $Config object| $Debug object| $Do function| $Loader object| $WebWatson function| GetString function| GetErrorString function| GetUrl object| $B object| ServerData object| StringRepository object| PROOF boolean| __ object| webpackJsonp object| ko object| Telemetry object| telemetry_webpackJsonp boolean| __ConvergedLogin_PCore function| $ function| jQuery object| $Api boolean| __convergedlogin_pcustomizationloader_7f0a8c2a247460fad87f boolean| __convergedlogin_pstringcustomizationhelper_eb638da25d4055fbbb5712 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net/ | Name: TSAUTHCOOKIE Value: |
|
| .office.rp1.abangaritest.govshn.net/ | Name: SHN-VH-session Value: fba2ac62-905d-46b3-b3a7-9ae9873ef1ad|1713164973493 |
|
| .login.microsoftonline.us.office.rp1.abangaritest.govshn.net/ | Name: esctx-3Bq8tV3zPeA Value: AQABCQEAAgAJNbHDhorQQLZUPCWPjAJJi4xKRBLu_De1GPPc0xELaqQ73OxiGKh1rA5ktA48PLJ1dLnXqwQUyH2gl2qLDfC9zNhzFRfs_NN0aBVAw7pjRnxmXkWyExJsqtHguDdtUgpQK6322ctHSy72mhZ4GGWcHdD7bYCPkX9WgCcNUjJvMiAA |
|
| login.microsoftonline.us.office.rp1.abangaritest.govshn.net/ | Name: x-ms-gateway-slice Value: estsfd |
|
| login.microsoftonline.us.office.rp1.abangaritest.govshn.net/ | Name: stsservicecookie Value: estsfd |
|
| .login.microsoftonline.us.office.rp1.abangaritest.govshn.net/ | Name: AADSSO Value: NA|NoExtension |
|
| login.microsoftonline.us.office.rp1.abangaritest.govshn.net/ | Name: SSOCOOKIEPULLED Value: 1 |
|
| login.microsoftonline.us.office.rp1.abangaritest.govshn.net/ | Name: buid Value: 0.CwUAMe_N-B6jSkuT5F9XHpElWsDmPF4fK4VCjUt17nh4c0YBAAA.AQABGgEAAgAJNbHDhorQQLZUPCWPjAJJRRJGB2c3zpBfk6WH_WUpunSAlA96ufSAnTXKHgaEmCu5L__VrZ_rdtAfZnpQIZoaTOSWQWCbz9zizIas0F7m4OZQswvx6G7XUPvl7gvJ6D0gAA |
|
| .login.microsoftonline.us.office.rp1.abangaritest.govshn.net/ | Name: esctx Value: PAQABBwEAAgAJNbHDhorQQLZUPCWPjAJJYzOGcVw2NJ_NReYa1R7eKpAjFg4xKTL3d1I_yG7rXI-myLWGqs7p5YRcoOF4WZFXZ2Rws4vHwh5w-MlHWGHXKhCcVozo-Wa3ye31hBTBmP6QD_GkHkYCIkzvs5_AuORgIPuvVhT5vZprpyuI6CAO9J7_dq4kS9PhQlbtmSrWsOQgAA |
|
| .login.microsoftonline.us.office.rp1.abangaritest.govshn.net/ | Name: esctx-mWlcOnkFE Value: AQABCQEAAgAJNbHDhorQQLZUPCWPjAJJ0HyiP5uCYSsYXbhAzHjnSflJwGk4TFYRH3Tdc1B1QtE7d4qPBQ_kJGTzhrbef77wG0jmctNGLAuAEkcHyNigkWsEmUEH4lUYkZ_o5gWDnMnB0MutUrcbzUSd-Is34OlWTRaZl2FXovSCgu41rSwaiyAA |
|
| login.microsoftonline.us.office.rp1.abangaritest.govshn.net/ | Name: fpc Value: Alhzgms5G5BMiuU-oUuMTex81bJ8AQAAAKfCrt0OAAAA |
|
| .login.microsoftonline.us.office.rp1.abangaritest.govshn.net/ | Name: brcap Value: 0 |
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| Content-Security-Policy | block-all-mixed-content ; base-uri 'self'; child-src 'self'; connect-src 'self' blob: data: https: ws://localhost:* wss://*.gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net wss://127.0.0.1:9001 wss://127.0.0.1:9002 wss://view-localhost:*; default-src statics.gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net; font-src data: amp.azure.net fonts.gstatic.com res-1.cdn.office.net.office.rp1.abangaritest.govshn.net spoprod-a.akamaihd.net static2.sharepointonline.com.office.rp1.abangaritest.govshn.net statics.gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net; form-action *.gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net *.osi.office365.us.office.rp1.abangaritest.govshn.net *.sharepoint.us.office.rp1.abangaritest.govshn.net www.odwebp.svc.ms; frame-ancestors 'self' login.microsoftonline.us.office.rp1.abangaritest.govshn.net; frame-src blob: data: https: mailto: ms-appx-web: ms-excel: ms-powerpoint: ms-visio: ms-whiteboard-preview: ms-word: msteams: onenote: pdf: sip: sips:; img-src 'self' blob: data: https:; manifest-src 'self'; media-src 'self' blob: data: skypevideo: *.giphy.com *.gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net; object-src 'none'; script-src 'nonce-C0PaJTpYW5A27wgdoy9n2Q==' 'report-sample' 'self' 'unsafe-eval' accounts.google.com/gsi/client apis.google.com az725175.vo.msecnd.net gateway.zscalergov.net powerpoint.cdn.office365.us.office.rp1.abangaritest.govshn.net res-1.cdn.office.net.office.rp1.abangaritest.govshn.net res-gcch.cdn.office.net.office.rp1.abangaritest.govshn.net statics.gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net web.vortex.data.microsoft.com; style-src 'self' 'unsafe-inline' statics.gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net; worker-src 'self' blob:; report-uri https://csp.office365.us.office.rp1.abangaritest.govshn.net/report/teams-web-r4-gcch?v=unknown&env=gcchigh; trusted-types 'allow-duplicates' @1js/lpc-common-web#webpack @1js/lpc-teams-bootstrapper#webpack @1js/midgard-bootstrapper#webpack @1js/midgard-trusted-types adaptivecards#deprecatedExportedFunctionPolicy adaptivecards#markdownPassthroughPolicy adaptivecards#restoreContentsPolicy dompurify gapi#gapi goog#html; |
| Strict-Transport-Security | max-age=2592000 |
| X-Content-Type-Options | nosniff |
| X-Frame-Options | SAMEORIGIN |
| X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aadcdn.msauth.net
aadcdn.msftauth.net.office.rp1.abangaritest.govshn.net
gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net
login.microsoftonline.com.office.rp1.abangaritest.govshn.net
login.microsoftonline.us.office.rp1.abangaritest.govshn.net
statics.gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net
15.200.226.212
2620:1ec:bdf::40
52.222.91.178
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
33cea1c907e3d621eafe2bd781df9eee3a2a96e7ce8375b01e103d0533db8c09
441bfa485fb0eb8ad2be7001209868b57c41769cae9512a774419f5882c093e6
4b01a0a34ce8ed4bc8a8713be0442d49da6a756236b7b4424622ca3dee820f41
5dbabebc69d99504b18eee323319544381d727e66a95516c3c52414edcec9a6a
7530b843a86f3155ce07cda787a40da87052664b09c22f3d4db5e9238664dbe0
7bed7bd903bf117213d750623e1b317ba09e11069377d59229223be712680c1c
86c1b218b0a913d648d9e2e1ccac11c8e4ee235835f9142e07863de0b7ce7dca
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
9999abac881a2fe7f96052f31feb1360f9b8c0f1d88d8ccfd7344ee3a23b399b
ad1bcae91cf5243aaa837b250c5fc74328c4680818eab740a26d3c72d7e5601e
b03b4330f98959141b8df710b332bef9850024eec9f69db3755e296e7af6dc24
c8cef105fcaf7cbf3f8682c861045505c24d41cf6686c20c1c03e14031a3db69
cbae4733b4d9f16f9d11a7b4be947a7f98fecbca0e4d74c9c52a56fa2f42042e
df2aa8537c1992c94846a0ffffaa9031d430d9d0210b9e396ec059aff62627e0
df2e852c347ecf82f70a0c8a4b91713fbb0914d58f2cbab01316bfe646abee7c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6a1717cce4a1e21e87b622823d2c4986c963cd37d1f5452deb6686cd30dd8de
f142a844212962c2d1a2ce2ed38b74d60063b52fbf92bac48fa3c8979e2e6052
f76c464631da0535cd4669c03be3a08f9d4ba74520f1c4c0d4fc91c1cefda027
fa1d97aefa6355e8b8e1d6fb58d3843b9dc2ca132c487fecdc15d01c5f00b762