sso.unite.un.org
Open in
urlscan Pro
157.150.241.49
Malicious Activity!
Public Scan
Submitted URL: http://sso.united.un.org.adfs.ls.clinet-request-id.session-services.com/
Effective URL: https://sso.unite.un.org/adfs/ls/?client-request-id=fa40670b-15fb-4708-9f4d-845b94893f55&username=&wa=wsignin1.0&wtrealm=...
Submission: On May 07 via manual from US
Effective URL: https://sso.unite.un.org/adfs/ls/?client-request-id=fa40670b-15fb-4708-9f4d-845b94893f55&username=&wa=wsignin1.0&wtrealm=...
Submission: On May 07 via manual from US
Summary
This website contacted 3 IPs
in 3 countries
across 5 domains to perform 20 HTTP transactions.
The main IP is 157.150.241.49, located in
New York, United States and
belongs to UN-UNLB, IT.
The main domain is sso.unite.un.org.
TLS certificate: Issued by COMODO RSA Organization Validation Se... on August 29th 2017. Valid for: 2 years.
This is the only time sso.unite.un.org was scanned on urlscan.io!
TLS certificate: Issued by COMODO RSA Organization Validation Se... on August 29th 2017. Valid for: 2 years.
This is the only time sso.unite.un.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 12 | 111.90.142.105 111.90.142.105 | 45839 (SHINJIRU-...) (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd) | |
| 1 1 | 40.97.128.194 40.97.128.194 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation) | |
| 1 1 | 2603:1026:6:4... 2603:1026:6:42::2 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation) | |
| 2 2 | 2603:1026:6:1::2 2603:1026:6:1::2 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation) | |
| 1 1 | 40.126.1.128 40.126.1.128 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation) | |
| 5 | 157.150.241.49 157.150.241.49 | 28977 (UN-UNLB) (UN-UNLB) | |
| 20 | 3 |
12
111.90.142.105
(Malaysia)
ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY)
PTR: beaver15.steeldns.com
ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY)
PTR: beaver15.steeldns.com
| sso.united.un.org.adfs.ls.clinet-request-id.session-services.com |
1
40.97.128.194
(United States)
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
| outlook.com |
1
2603:1026:6:42::2
(United States)
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
| www.outlook.com |
2
2603:1026:6:1::2
(United States)
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
| outlook.office365.com |
1
40.126.1.128
(Tokyo, Japan)
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
| login.microsoftonline.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 12 |
session-services.com
sso.united.un.org.adfs.ls.clinet-request-id.session-services.com |
46 KB |
| 5 |
un.org
sso.unite.un.org |
157 KB |
| 2 |
office365.com
2 redirects
outlook.office365.com |
6 KB |
| 2 |
outlook.com
2 redirects
outlook.com www.outlook.com |
900 B |
| 1 |
microsoftonline.com
1 redirects
login.microsoftonline.com |
2 KB |
| 20 | 5 |
| Domain | Requested by | |
|---|---|---|
| 12 | sso.united.un.org.adfs.ls.clinet-request-id.session-services.com |
sso.united.un.org.adfs.ls.clinet-request-id.session-services.com
|
| 5 | sso.unite.un.org |
sso.united.un.org.adfs.ls.clinet-request-id.session-services.com
sso.unite.un.org |
| 2 | outlook.office365.com | 2 redirects |
| 1 | login.microsoftonline.com | 1 redirects |
| 1 | www.outlook.com | 1 redirects |
| 1 | outlook.com | 1 redirects |
| 20 | 6 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| uniteid.un.org |
| iseek.un.org |
| www.un.org |
| unite.un.org |
| infosec.un.org |
| selfservice.umoja.un.org |
| inspira.un.org |
| ineedservice.un.org |
| undocs.org |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| sso.united.un.org.adfs.ls.clinet-request-id.session-services.com Let's Encrypt Authority X3 |
2019-04-02 - 2019-07-01 |
3 months | crt.sh |
| mail.unite.un.org COMODO RSA Organization Validation Secure Server CA |
2017-08-29 - 2019-08-25 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://sso.unite.un.org/adfs/ls/?client-request-id=fa40670b-15fb-4708-9f4d-845b94893f55&username=&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQIIAdNiNtQztFIxgAAjXRCpa5CWZqibnApiIYEiIS4B7nSHX79FOdzn-7ZET-m0D53FyFaap5dflL6KUSmjpKSg2EpfP7-0JCc_P1svPy0tMznV2MxULzk_Vz-_PFF_ByPjBUbGVUzmZsZmlkbmlqamZhaGhiZGZoaGeommiRZJKeYpupamxmm6JmZpFrpJhkmmQBeYJZobmxoDnWN4i4nf37G0JMMIROQXZValfmLiTMsvyo0vyC8umcWc7ZJcXOGS75ju4uoUZODnXuXpFRLslm8aEuRXnu0b4pYaYZJkXGKk6-ebWmoQ4pLk6-7uke1aGBqYHBjlmR3oZuSVbGQYHOHvVuxT5hqQVOydE1buWeTp7VpRkedYlZdWZWIYEG9cVmJSlGGxipmoQNvEzAb0fW5-3ilmtvyC1LzMlAssjK9YeAxYrTg4uAR4JVgVGH6wMC5iBQbukul-8yedm-04XyNwjaGAGcMpVn1D74yCjNBK_QiDysicTI90r2THzHRPT-fgVFNHr-JIlwo_76Qs_YhwbydXW1MrwwlsjBPY2F6wMX5gY-xgZ9jFSUSk3OISMTIwtNQ1AIa1uYKBsZWhkZWJRRQA0
Frame ID: 8B79516175A297B4D832C1DA360E1B66
Requests: 20 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://sso.united.un.org.adfs.ls.clinet-request-id.session-services.com/ Page URL
- https://sso.united.un.org.adfs.ls.clinet-request-id.session-services.com/indexc.php?abc=&dl=null Page URL
-
https://outlook.com/un.org
HTTP 301
https://www.outlook.com/un.org HTTP 301
https://outlook.office365.com/un.org HTTP 302
https://outlook.office365.com/owa/un.org HTTP 302
https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redir... HTTP 302
https://sso.unite.un.org/adfs/ls/?client-request-id=fa40670b-15fb-4708-9f4d-845b94893f55&username=&wa... Page URL
Detected technologies
LiteSpeed
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /^LiteSpeed$/i
Page Statistics
13 Outgoing links
These are links going to different origins than the main page.
URL: https://uniteid.un.org/oaam_server/forgotpwd.do
Title: Reset your Unite Identity password online
Title: Reset your Unite Identity password online
Search URL Search Domain Scan URL
URL: https://iseek.un.org/article/stop-think-click-or-dont-phishing-attempts-rise
Title: phishing
Title: phishing
Search URL Search Domain Scan URL
URL: http://www.un.org/
Title: un.org
Title: un.org
Search URL Search Domain Scan URL
URL: http://unite.un.org/
Title: unite.un.org
Title: unite.un.org
Search URL Search Domain Scan URL
URL: http://infosec.un.org/
Title: infosec.un.org
Title: infosec.un.org
Search URL Search Domain Scan URL
URL: https://iseek.un.org/department/policies
Title: ICT Policies
Title: ICT Policies
Search URL Search Domain Scan URL
URL: https://iseek.un.org/department/standards
Title: ICT Standards
Title: ICT Standards
Search URL Search Domain Scan URL
URL: https://iseek.un.org/
Title: iSeek
Title: iSeek
Search URL Search Domain Scan URL
URL: https://selfservice.umoja.un.org/
Title: Umoja Self Service
Title: Umoja Self Service
Search URL Search Domain Scan URL
URL: https://inspira.un.org/
Title: Inspira
Title: Inspira
Search URL Search Domain Scan URL
URL: https://ineedservice.un.org/
Title: Unite Self Service
Title: Unite Self Service
Search URL Search Domain Scan URL
URL: http://undocs.org/ST/SGB/2004/15
Title: ST/SGB/2004/15
Title: ST/SGB/2004/15
Search URL Search Domain Scan URL
URL: https://unite.un.org/
Title: Home
Title: Home
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://sso.united.un.org.adfs.ls.clinet-request-id.session-services.com/ Page URL
- https://sso.united.un.org.adfs.ls.clinet-request-id.session-services.com/indexc.php?abc=&dl=null Page URL
-
https://outlook.com/un.org
HTTP 301
https://www.outlook.com/un.org HTTP 301
https://outlook.office365.com/un.org HTTP 302
https://outlook.office365.com/owa/un.org HTTP 302
https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=fa40670b-15fb-4708-9f4d-845b94893f55&protectedtoken=true&domain_hint=un.org&nonce=636927955681142611.a5a8bd7d-953f-46f8-b1b5-006a7353ce01&state=DcsxDoAgDEBR0NGzIJTSFo5TRNwkMTFeX4b3t2-NMeu0TDbMGGHkEqUQcQZIkQF2Jc21SXOFsLvEPbsKlVwIrIKExxnAznfz41P_3vt4rh8 HTTP 302
https://sso.unite.un.org/adfs/ls/?client-request-id=fa40670b-15fb-4708-9f4d-845b94893f55&username=&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQIIAdNiNtQztFIxgAAjXRCpa5CWZqibnApiIYEiIS4B7nSHX79FOdzn-7ZET-m0D53FyFaap5dflL6KUSmjpKSg2EpfP7-0JCc_P1svPy0tMznV2MxULzk_Vz-_PFF_ByPjBUbGVUzmZsZmlkbmlqamZhaGhiZGZoaGeommiRZJKeYpupamxmm6JmZpFrpJhkmmQBeYJZobmxoDnWN4i4nf37G0JMMIROQXZValfmLiTMsvyo0vyC8umcWc7ZJcXOGS75ju4uoUZODnXuXpFRLslm8aEuRXnu0b4pYaYZJkXGKk6-ebWmoQ4pLk6-7uke1aGBqYHBjlmR3oZuSVbGQYHOHvVuxT5hqQVOydE1buWeTp7VpRkedYlZdWZWIYEG9cVmJSlGGxipmoQNvEzAb0fW5-3ilmtvyC1LzMlAssjK9YeAxYrTg4uAR4JVgVGH6wMC5iBQbukul-8yedm-04XyNwjaGAGcMpVn1D74yCjNBK_QiDysicTI90r2THzHRPT-fgVFNHr-JIlwo_76Qs_YhwbydXW1MrwwlsjBPY2F6wMX5gY-xgZ9jFSUSk3OISMTIwtNQ1AIa1uYKBsZWhkZWJRRQA0 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
20 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
/
sso.united.un.org.adfs.ls.clinet-request-id.session-services.com/ |
2 KB 943 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
style.css
sso.united.un.org.adfs.ls.clinet-request-id.session-services.com/css/ |
519 B 582 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
form.css
sso.united.un.org.adfs.ls.clinet-request-id.session-services.com/css/ |
637 B 532 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
jquery-1.12.2.min.js
sso.united.un.org.adfs.ls.clinet-request-id.session-services.com/jquery/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
jquery.vegas.js
sso.united.un.org.adfs.ls.clinet-request-id.session-services.com/jquery/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
jquery-migrate-1.4.0.min.js
sso.united.un.org.adfs.ls.clinet-request-id.session-services.com/jquery/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
indexc.php
sso.united.un.org.adfs.ls.clinet-request-id.session-services.com/ |
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
style.css
sso.united.un.org.adfs.ls.clinet-request-id.session-services.com/css/ |
519 B 330 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
form.css
sso.united.un.org.adfs.ls.clinet-request-id.session-services.com/css/ |
637 B 212 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-1.11.1.min.js
sso.united.un.org.adfs.ls.clinet-request-id.session-services.com/ |
94 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
RSA.js
sso.united.un.org.adfs.ls.clinet-request-id.session-services.com/ |
15 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.vegas.js
sso.united.un.org.adfs.ls.clinet-request-id.session-services.com/jquery/ |
11 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-migrate-1.2.1.min.js
sso.united.un.org.adfs.ls.clinet-request-id.session-services.com/ |
7 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
btn.png
sso.united.un.org.adfs.ls.clinet-request-id.session-services.com/img/ |
469 B 541 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
nestatic.php
sso.united.un.org.adfs.ls.clinet-request-id.session-services.com/ |
4 B 46 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Primary Request
/
sso.unite.un.org/adfs/ls/ Redirect Chain
|
20 KB 20 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
style.css
sso.unite.un.org/adfs/portal/css/ |
8 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
logo.png
sso.unite.un.org/adfs/portal/logo/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
warning1.jpg
sso.unite.un.org/adfs/portal/logo/ |
10 KB 10 KB |
Image
image/jpg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
illustration.jpg
sso.unite.un.org/adfs/portal/illustration/ |
115 KB 115 KB |
Image
image/jpg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- sso.united.un.org.adfs.ls.clinet-request-id.session-services.com
- URL
- http://sso.united.un.org.adfs.ls.clinet-request-id.session-services.com/jquery/jquery-1.12.2.min.js
- Domain
- sso.united.un.org.adfs.ls.clinet-request-id.session-services.com
- URL
- http://sso.united.un.org.adfs.ls.clinet-request-id.session-services.com/jquery/jquery.vegas.js
- Domain
- sso.united.un.org.adfs.ls.clinet-request-id.session-services.com
- URL
- http://sso.united.un.org.adfs.ls.clinet-request-id.session-services.com/jquery/jquery-migrate-1.4.0.min.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| LoginErrors number| maxPasswordLength function| InputUtil function| SelectOption function| Login undefined| emails undefined| msViewportStyle undefined| viewport function| getStyle function| computeLoadIllustration0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
login.microsoftonline.com
outlook.com
outlook.office365.com
sso.unite.un.org
sso.united.un.org.adfs.ls.clinet-request-id.session-services.com
www.outlook.com
sso.united.un.org.adfs.ls.clinet-request-id.session-services.com
111.90.142.105
157.150.241.49
2603:1026:6:1::2
2603:1026:6:42::2
40.126.1.128
40.97.128.194
050ed368c40670383f9861b929cf75fc55bb7962ce87fc0b61f76cbe15f5986f
0a840a7827b7cfe56d8312470d5ea5a7a6125639e05e756ebbb019008bc84435
1923b9cee5d5aeaba895cc555d8de096eb401ff4fb209e15a0783ccb6f6c81b9
1e67d8dbcca1f6fd94e077c85c2fb40fa1c2756c99238daa8da882144260a68d
1ef57e13763bd4684005904ead44fa748ca83292763f59d323d7a9282a8936be
28cfe11046a0f386060a94948a4351e65e8cfc7e350c5f0f07ede16900faac5e
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
8a66e91ed35206d5ca7a41e3d93d522726c73f605f2fdce983501059bec89a46
9f3f2d5f348aa19d62496929e2adfe39f1982f2f8b91e77af905cfb5f9d4c1fd
b911775008f28953b7b113e8f9af41f1a1672b26b6d8d67a0464b40dff3cf338
be727537e7ee65c72af89cdc0e289046a4f50693b5cbecf470887b107e98c3eb
d74d4d6943f32ae6f7f11d14d601dbb0e1a58919176ee512150366b6279aaf99
deb05e352ffad10a6c4d0d4ec7f14564fc9ba7f138e04b8d62a3c7f08f2caccf
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f464aa1c2139d184500af4b201e606b803750cd153fb9f7a2b6062886543fd96