urlscan.io logo urlscan.io
SecurityTrails logo

live.teamcon.org Open in urlscan Pro
172.67.198.178  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://2ly.link/1zF8g
Effective URL: https://live.teamcon.org/login.srf?wa=wsignin1.0&rpsnv=158&ct=1724253148&rver=7.0.6738.0&wp=MBI_SSL&wreply=https%3a%2f%2f...
Submission: On August 21 via manual from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 1 countries across 4 domains to perform 11 HTTP transactions. The main IP is 172.67.198.178, located in United States and belongs to CLOUDFLARENET, US. The main domain is live.teamcon.org.
TLS certificate: Issued by WE1 on August 7th 2024. Valid for: 3 months.
This is the only time live.teamcon.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 1 35.226.132.161 396982 (GOOGLE-CL...)
2 2 2606:4700:303... 13335 (CLOUDFLAR...)
2 172.67.198.178 13335 (CLOUDFLAR...)
6 2620:1ec:29:1... 8075 (MICROSOFT...)
2 20.42.73.31 8075 (MICROSOFT...)
11 4
1    35.226.132.161 (Council Bluffs, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 161.132.226.35.bc.googleusercontent.com
2ly.link
2    2606:4700:3032::6815:3206 (United States)

ASN13335 (CLOUDFLARENET, US)
outlook.teamcon.org
2    172.67.198.178 (United States)

ASN13335 (CLOUDFLARENET, US)
live.teamcon.org
6    2620:1ec:29:1::40 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
logincdn.msauth.net
2    20.42.73.31 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
browser.events.data.microsoft.com
Apex Domain
Subdomains		 Transfer
6 msauth.net
logincdn.msauth.net — Cisco Umbrella Rank: 6694
281 KB
4 teamcon.org
outlook.teamcon.org
live.teamcon.org
17 KB
2 microsoft.com
browser.events.data.microsoft.com — Cisco Umbrella Rank: 144
760 B
1 2ly.link
2ly.link
530 B
11 4
Domain Requested by
6 logincdn.msauth.net live.teamcon.org
logincdn.msauth.net
2 browser.events.data.microsoft.com logincdn.msauth.net
2 live.teamcon.org live.teamcon.org
2 outlook.teamcon.org 2 redirects
1 2ly.link 1 redirects
11 5

This site contains no links.

Subject Issuer Validity Valid
teamcon.org
WE1		 2024-08-07 -
2024-11-05		 3 months crt.sh
identitycdn.msauth.net
Microsoft Azure RSA TLS Issuing CA 03		 2024-06-07 -
2025-06-02		 a year crt.sh
*.events.data.microsoft.com
Microsoft Azure RSA TLS Issuing CA 04		 2024-06-29 -
2025-06-24		 a year crt.sh

This page contains 1 frames:

Primary Page: https://live.teamcon.org/login.srf?wa=wsignin1.0&rpsnv=158&ct=1724253148&rver=7.0.6738.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d0f0756fe-6eae-4fd4-87a8-3e7d6fbe87a1&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
Frame ID: 07C9A5A2C9D65D9E2D68F3C999C72D1D
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign in to your Microsoft account

Page URL History Show full URLs

  1. https://2ly.link/1zF8g HTTP 302
    https://outlook.teamcon.org/onenote-new-message HTTP 302
    https://outlook.teamcon.org/owa/?nlp=1 HTTP 302
    https://live.teamcon.org/login.srf?wa=wsignin1.0&rpsnv=158&ct=1724253148&rver=7.0.6738.0&wp=MBI_SSL&w... Page URL

Page Statistics

11
Requests

91 %
HTTPS

40 %
IPv6

4
Domains

5
Subdomains

4
IPs

1
Countries

296 kB
Transfer

1035 kB
Size

16
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://2ly.link/1zF8g HTTP 302
    https://outlook.teamcon.org/onenote-new-message HTTP 302
    https://outlook.teamcon.org/owa/?nlp=1 HTTP 302
    https://live.teamcon.org/login.srf?wa=wsignin1.0&rpsnv=158&ct=1724253148&rver=7.0.6738.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d0f0756fe-6eae-4fd4-87a8-3e7d6fbe87a1&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login.srf
live.teamcon.org/
Redirect Chain
  • https://2ly.link/1zF8g
  • https://outlook.teamcon.org/onenote-new-message
  • https://outlook.teamcon.org/owa/?nlp=1
  • https://live.teamcon.org/login.srf?wa=wsignin1.0&rpsnv=158&ct=1724253148&rver=7.0.6738.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d0f0756fe-6eae-4fd4-87a8...
27 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://live.teamcon.org/login.srf?wa=wsignin1.0&rpsnv=158&ct=1724253148&rver=7.0.6738.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d0f0756fe-6eae-4fd4-87a8-3e7d6fbe87a1&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.198.178 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc6818f4bceae5300560d886c33256d230407123e50e096b77920b5a5d6f29d1

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache, no-store
cf-cache-status
DYNAMIC
cf-ray
8b6b8fc4fe9cda47-MIA
content-encoding
zstd
content-type
text/html; charset=utf-8
date
Wed, 21 Aug 2024 15:12:29 GMT
expires
Wed, 21 Aug 2024 15:11:29 GMT
link
<https://logincdn.msauth.net>; rel=preconnect; crossorigin <https://acctcdn.msauth.net>; rel=preconnect; crossorigin <https://acctcdn.msftauth.net>; rel=preconnect; crossorigin <https://acctcdn.msauth.net/>; rel=dns-prefetch <https://acctcdn.msftauth.net/>; rel=dns-prefetch <https://acctcdnmsftuswe2.azureedge.net/>; rel=dns-prefetch <https://acctcdnvzeuno.azureedge.net/>; rel=dns-prefetch <https://logincdn.msauth.net/>; rel=dns-prefetch <https://logincdn.msftauth.net/>; rel=dns-prefetch <https://lgincdnvzeuno.azureedge.net/>; rel=dns-prefetch <https://lgincdnmsftuswe2.azureedge.net/>; rel=dns-prefetch
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
p3p
CP="DSP CUR OTPi IND OTRi ONL FIN"
ppserver
PPV: 30 H: PH1PEPF00011CC9 V: 0
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FWEj2b7y8q3igQV9emekbHhjc9jplo3Ae1IeHJgcbRkukzhkz%2Bmh6%2Fk4n8YUQw3g16L2HjjLfX1OHfNV3GNmchKfpek%2F4JekA%2FmGscUaPnEsE10aD18INIQ2HimuepIVJ1tJ"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-dns-prefetch-control
on
x-ms-request-id
f79d927f-6f7f-47d1-bc15-d9319db58167
x-ms-route-info
C503_BAY

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache, no-store
cf-cache-status
DYNAMIC
cf-ray
8b6b8fc168fc09f6-MIA
content-type
text/html; charset=utf-8
date
Wed, 21 Aug 2024 15:12:28 GMT
location
https://live.teamcon.org/login.srf?wa=wsignin1.0&rpsnv=158&ct=1724253148&rver=7.0.6738.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d0f0756fe-6eae-4fd4-87a8-3e7d6fbe87a1&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
nel
{"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
p3p
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
report-to
{"group":"NelOfficeUpload1","max_age":7200,"endpoints":[{"url":"https://exo.nel.measure.office.net/api/report?TenantId=&FrontEnd=Cafe&DestinationEndpoint=SAT&RemoteIP=66.29.155.0&Environment=MT"}],"include_subdomains":true}
request-id
62fd1a9f-7933-f9fa-3b80-a0ba3151f850
server
cloudflare
x-backend-begin
2024-08-21T15:12:28.613
x-backend-end
2024-08-21T15:12:28.613
x-backendhttpstatus
302 302
x-beserver
MW4PR11MB6887
x-besku
WCS7
x-calculatedbetarget
MW4PR11MB6887.namprd11.PROD.OUTLOOK.COM
x-calculatedfetarget
MW4PR03CU011.internal.outlook.com
x-diaginfo
MW4PR11MB6887
x-feefzinfo
SAT
x-feproxyinfo
SA0PR11CA0163.NAMPRD11.PROD.OUTLOOK.COM
x-feserver
MW4PR03CA0309 SA0PR11CA0163
x-firsthopcafeefz
SAT
x-owa-diagnosticsinfo
5;0;0;
x-proxy-backendserverstatus
302
x-proxy-routingcorrectness
1
x-rum-notupdatequerieddbcopy
1
x-rum-notupdatequeriedpath
1
x-rum-validated
1
x-ua-compatible
IE=EmulateIE7
login_en_PsHkSfDyHWs5hQL06IoSqQ2.js
logincdn.msauth.net/shared/5/js/ 		895 KB
227 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://logincdn.msauth.net/shared/5/js/login_en_PsHkSfDyHWs5hQL06IoSqQ2.js
Requested by
Host: live.teamcon.org
URL: https://live.teamcon.org/login.srf?wa=wsignin1.0&rpsnv=158&ct=1724253148&rver=7.0.6738.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d0f0756fe-6eae-4fd4-87a8-3e7d6fbe87a1&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:29:1::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
321743f3419b95cef5bbfe9bc132dfafe2bf5ac22de3e7d19a71caf2c87a65dc

Request headers

Referer
https://live.teamcon.org/
Origin
https://live.teamcon.org
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 21 Aug 2024 15:12:29 GMT
content-encoding
gzip
x-cache
TCP_HIT
x-fd-int-roxy-purgeid
0
content-length
231482
x-ms-lease-status
unlocked
last-modified
Thu, 15 Aug 2024 18:28:38 GMT
etag
0x8DCBD5814B46B36
x-azure-ref
20240821T151229Z-r197bfdf7f7p27wtdapp019rgc00000004w0000000000yhz
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
22a19e2e-101e-005b-4b04-f0c5c0000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
6f1e395f54c0e3c8303d4e68c6876642ec1a284b731b141c5b01b313a8131f08.js
live.teamcon.org/s/ 		796 B
880 B 		Script
General
Check archive.org
Download Go to
Full URL
https://live.teamcon.org/s/6f1e395f54c0e3c8303d4e68c6876642ec1a284b731b141c5b01b313a8131f08.js
Requested by
Host: live.teamcon.org
URL: https://live.teamcon.org/login.srf?wa=wsignin1.0&rpsnv=158&ct=1724253148&rver=7.0.6738.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d0f0756fe-6eae-4fd4-87a8-3e7d6fbe87a1&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.198.178 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6dfdc26fc330a1099cd254d2755d832a59569d659934d4f39ca7b81daac20c6c

Request headers

Referer
https://live.teamcon.org/login.srf?wa=wsignin1.0&rpsnv=158&ct=1724253148&rver=7.0.6738.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d0f0756fe-6eae-4fd4-87a8-3e7d6fbe87a1&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Wed, 21 Aug 2024 15:12:29 GMT
content-encoding
zstd
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=64nmsYOLKZ7fcvzKXPSzaMsiZw11EhaTZwgrOnWofMzCpy6ezUagHQZ0coaFkJy6jD5vd5SvwAMuENbthboUQqTCEROcCT7ahAhN1GkSb9GakAzwK86OzQWN6%2BheNYsxcbUM"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
no-cache, no-store
cf-ray
8b6b8fc87aa2da47-MIA
alt-svc
h3=":443"; ma=86400
oneds-analytics-js_077217740c853b5d4fe8.js
logincdn.msauth.net/shared/5/chunks/ 		89 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://logincdn.msauth.net/shared/5/chunks/oneds-analytics-js_077217740c853b5d4fe8.js
Requested by
Host: logincdn.msauth.net
URL: https://logincdn.msauth.net/shared/5/js/login_en_PsHkSfDyHWs5hQL06IoSqQ2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:29:1::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
eb327424aa27d47e4499187303774f8f22557359db3c6bb583e033e07dd0b337

Request headers

Referer
https://live.teamcon.org/
Origin
https://live.teamcon.org
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 21 Aug 2024 15:12:30 GMT
content-encoding
gzip
x-cache
TCP_HIT
x-fd-int-roxy-purgeid
0
content-length
32811
x-ms-lease-status
unlocked
last-modified
Fri, 09 Aug 2024 21:16:17 GMT
etag
0x8DCB8B881BE95D6
x-azure-ref
20240821T151230Z-r197bfdf7f7p27wtdapp019rgc00000004w0000000000yke
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
0861cac1-301e-0012-7274-f0b886000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
microsoft_logo_ee5c8d9fb6248c938fd0.svg
logincdn.msauth.net/shared/5/images/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://logincdn.msauth.net/shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg
Requested by
Host: live.teamcon.org
URL: https://live.teamcon.org/login.srf?wa=wsignin1.0&rpsnv=158&ct=1724253148&rver=7.0.6738.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d0f0756fe-6eae-4fd4-87a8-3e7d6fbe87a1&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:29:1::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

Referer
https://live.teamcon.org/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 21 Aug 2024 15:12:30 GMT
content-encoding
gzip
x-cache
TCP_HIT
x-fd-int-roxy-purgeid
0
content-length
1435
x-ms-lease-status
unlocked
last-modified
Tue, 27 Jun 2023 15:44:25 GMT
etag
0x8DB772562988611
x-azure-ref
20240821T151230Z-r197bfdf7f7h4n5rdvwz2z4h8w00000005d000000000byf5
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
5cf2ea5d-c01e-0058-7cb3-ee24a4000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
2_bc3d32a696895f78c19d.svg
logincdn.msauth.net/shared/5/images/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://logincdn.msauth.net/shared/5/images/2_bc3d32a696895f78c19d.svg
Requested by
Host: live.teamcon.org
URL: https://live.teamcon.org/login.srf?wa=wsignin1.0&rpsnv=158&ct=1724253148&rver=7.0.6738.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d0f0756fe-6eae-4fd4-87a8-3e7d6fbe87a1&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:29:1::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68

Request headers

Referer
https://live.teamcon.org/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 21 Aug 2024 15:12:30 GMT
content-encoding
gzip
x-cache
TCP_HIT
x-fd-int-roxy-purgeid
0
content-length
673
x-ms-lease-status
unlocked
last-modified
Tue, 27 Jun 2023 15:44:22 GMT
etag
0x8DB7725611C3E0C
x-azure-ref
20240821T151230Z-r197bfdf7f7h4n5rdvwz2z4h8w00000005d000000000byf6
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
0561edb5-501e-0076-6f12-ef491e000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
6f1e395f54c0e3c8303d4e68c6876642ec1a284b731b141c5b01b313a8131f08
live.teamcon.org/s/ 		0
0
favicon.ico
logincdn.msauth.net/16.000.30324.2/images/ 		17 KB
17 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://logincdn.msauth.net/16.000.30324.2/images/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:29:1::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

Request headers

Referer
https://live.teamcon.org/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 21 Aug 2024 15:12:30 GMT
x-cache
TCP_HIT
x-fd-int-roxy-purgeid
0
content-length
17174
x-ms-lease-status
unlocked
last-modified
Fri, 09 Aug 2024 03:29:51 GMT
etag
0x8DCB82387204042
x-azure-ref
20240821T151230Z-r197bfdf7f7h4n5rdvwz2z4h8w00000005d000000000byfc
content-type
image/x-icon
access-control-allow-origin
*
x-ms-request-id
81e8c9b4-301e-003e-39fa-ee6b84000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=604800
x-ms-version
2009-09-19
accept-ranges
bytes
signin_options_4e48046ce74f4b89d450.svg
logincdn.msauth.net/shared/5/images/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://logincdn.msauth.net/shared/5/images/signin_options_4e48046ce74f4b89d450.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:29:1::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93

Request headers

Referer
https://live.teamcon.org/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 21 Aug 2024 15:12:30 GMT
content-encoding
gzip
x-cache
TCP_HIT
x-fd-int-roxy-purgeid
67912908
content-length
621
x-ms-lease-status
unlocked
last-modified
Tue, 27 Jun 2023 15:44:30 GMT
etag
0x8DB772565B93440
x-azure-ref
20240821T151230Z-r197bfdf7f7h4n5rdvwz2z4h8w00000005d000000000byg3
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
696afc69-801e-0038-7564-f16796000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
/
browser.events.data.microsoft.com/OneCollector/1.0/ 		153 B
760 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
Requested by
Host: logincdn.msauth.net
URL: https://logincdn.msauth.net/shared/5/chunks/oneds-analytics-js_077217740c853b5d4fe8.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.42.73.31 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
3a84e3f6bae236354ffaab3487d13628c9fa8f51b67864bf325e06a686effa2e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

upload-time
1724253152628
client-version
1DS-Web-JS-3.2.15
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
time-delta-to-apply-millis
use-collector-delta
content-type
application/x-json-stream
cache-control
no-cache, no-store
Referer
https://live.teamcon.org/
apikey
69adc3c768bd4dc08c19416121249fcc-66f1668a-797b-4249-95e3-6c6651768c28-7293
Client-Id
NO_AUTH

Response headers

strict-transport-security
max-age=31536000
date
Wed, 21 Aug 2024 15:12:32 GMT
server
Microsoft-HTTPAPI/2.0
time-delta-millis
683
access-control-allow-methods
POST
p3p
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
content-type
application/json
access-control-allow-origin
https://live.teamcon.org
access-control-expose-headers
time-delta-millis
access-control-allow-credentials
true
access-control-allow-headers
P3P,Set-Cookie,time-delta-millis
content-length
153
/
browser.events.data.microsoft.com/OneCollector/1.0/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.42.73.31 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
apikey,cache-control,client-id,client-version,content-type,time-delta-to-apply-millis,upload-time
Access-Control-Request-Method
POST
Origin
https://live.teamcon.org
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
AuthMsaDeviceTicket,AuthXToken,Content-Encoding,Content-Type,Cache-Control,Client-Id,SDK-Name,sdk-version,apikey,x-apikey,client-version,upload-time,time-delta-to-apply-millis,client-time-epoch-millis,persistence-mode,reliability-mode,NoResponseBody
access-control-allow-origin
https://live.teamcon.org
access-control-max-age
3600
cache-control
public, 3600
content-length
0
date
Wed, 21 Aug 2024 15:12:32 GMT
server
Microsoft-HTTPAPI/2.0
strict-transport-security
max-age=31536000

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
live.teamcon.org
URL
https://live.teamcon.org/s/6f1e395f54c0e3c8303d4e68c6876642ec1a284b731b141c5b01b313a8131f08

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| PROOF object| ServerData function| $Loader object| g_dtFirstByte function| SRSRetry object| webpackChunk_msidentity_sisu_msa function| clearImmediate function| setImmediate object| regeneratorRuntime function| getRedirect object| __dynProto$Gbl

16 Cookies

Domain/Path Name / Value
.teamcon.org/ Name: bc36-b9f9
Value: 6f1e395f54c0e3c8303d4e68c6876642ec1a284b731b141c5b01b313a8131f08
outlook.teamcon.org/ Name: ClientId
Value: 23E1647B057C4E5FBB9AA45C2F069500
.teamcon.org/ Name: logonLatency
Value: LGN01=638598499486136990
outlook.teamcon.org/ Name: exchangecookie
Value: 8295206d0d65492ca920e388a6530fae
outlook.teamcon.org/ Name: RpsCsrfState.m7PAv7ue46kONUDmI87czM31zal1HOv9pSO86yD0dEc
Value: 0f0756fe-6eae-4fd4-87a8-3e7d6fbe87a1
outlook.teamcon.org/ Name: X-OWA-RedirectHistory
Value: AhR7n8MBnvr3q_PB3Ag
.live.teamcon.org/ Name: uaid
Value: a0101beaa7c048f1b681fcc338a119da
.live.teamcon.org/ Name: MSPRequ
Value: id=292841&lt=1724253149&co=1
.live.teamcon.org/ Name: MSCC
Value: 66.29.155.66-US
.live.teamcon.org/ Name: MSPOK
Value: $uuid-6f873774-d7c8-4a5c-a15d-f033b703ce1a
.live.teamcon.org/ Name: OParams
Value: 11O.DjasQ*!E0iNiBUO!zn!8ORaHZY5GMxjkRs0lqWXIvWYKGdIICDheOqpqMTTfUp680ZmXFW5TKJcNzN4*r1sBT5wTsVS*ozh13D5bnT*zUQJGbz5sdJBVrgBHdke1dmI03zRfv3Ijp7Bax3Gj3MQV*xJDxPZd2bOl1VnFh8SxeNewcWuGnoY9aMv1U4OuVW75BPiGdES*KfaH!UGst8F1qPGfvv06IAQwmZnIKOOJ900uuAp4ZrxM4GrDe9jcIE2an1YUsQ4gcx7PeP9j*GEZGM!0yjojgMlZUwuMc7JA36!onJ5fhSzdR0GSqmx4p7FrIolIO!cLdZrQJRXgHIdgMtjCgJ4fia7Wnnd*fXKjIhYTiAagNSJP6MaSz4sHCYJPL62if95LPVYsMw4lHLl6FHHTN20bd*Sd3JxKBnivOA30
live.teamcon.org/ Name: MicrosoftApplicationsTelemetryDeviceId
Value: a6a8511a-8070-4c6d-9eb5-7e0af1da08d7
live.teamcon.org/ Name: ai_session
Value: xsTpIncEIak46ERPBYhMRV|1724253150622|1724253150622
.microsoft.com/ Name: MC1
Value: GUID=8578d69cb3d645a68411a20fe3002786&HASH=8578&LV=202408&V=4&LU=1724253153311
.microsoft.com/ Name: MS0
Value: 20743047807349078111da825b5eac87
live.teamcon.org/ Name: MSFPC
Value: GUID=8578d69cb3d645a68411a20fe3002786&HASH=8578&LV=202408&V=4&LU=1724253153311