urlscan.io logo urlscan.io
SecurityTrails logo

pgn4outfacing.z5.web.core.windows.net Open in urlscan Pro
20.209.101.73  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://csdash.click/
Effective URL: https://pgn4outfacing.z5.web.core.windows.net/externaldenied.html?resume=%2Fidp%2FsxUn93DGfU%2FresumeSAML20%2Fidp%2FSSO.ping&spentity=urn%3Aam...
Submission Tags: @ecarlesi possiblethreat phishing Search All
Submission: On October 30 via api from IT — Scanned from IT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 5 domains to perform 6 HTTP transactions. The main IP is 20.209.101.73, located in United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is pgn4outfacing.z5.web.core.windows.net.
TLS certificate: Issued by Microsoft Azure RSA TLS Issuing CA 03 on April 13th 2024. Valid for: a year.
This is the only time pgn4outfacing.z5.web.core.windows.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 143.204.215.7 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 1 2600:1f14:917... 16509 (AMAZON-02)
1 1 147.79.185.43 14327 (PGE-ONLINE)
1 20.209.101.73 8075 (MICROSOFT...)
6 4
3    143.204.215.7 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-7.fra53.r.cloudfront.net
csdash.click
1    2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2600:1f14:917:5701:8172:57c4:88af:c35f (Boardman, United States)

ASN16509 (AMAZON-02, US)
csweb-dashboard.auth.us-west-2.amazoncognito.com
1    147.79.185.43 (Portland, United States)

ASN14327 (PGE-ONLINE, US)
secure.pgn.com
1    20.209.101.73 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
pgn4outfacing.z5.web.core.windows.net
Apex Domain
Subdomains		 Transfer
3 csdash.click
csdash.click
235 KB
1 windows.net
pgn4outfacing.z5.web.core.windows.net
17 KB
1 pgn.com
secure.pgn.com
777 B
1 amazoncognito.com
csweb-dashboard.auth.us-west-2.amazoncognito.com
2 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 30
1 KB
6 5
Domain Requested by
3 csdash.click csdash.click
1 pgn4outfacing.z5.web.core.windows.net csdash.click
pgn4outfacing.z5.web.core.windows.net
1 secure.pgn.com 1 redirects
1 csweb-dashboard.auth.us-west-2.amazoncognito.com 1 redirects
1 fonts.googleapis.com csdash.click
6 5

This site contains links to these domains. Also see Links.

Domain
www.portlandgeneral.com
Subject Issuer Validity Valid
*.csdash.click
Amazon RSA 2048 M02		 2024-10-30 -
2025-11-28		 a year crt.sh
upload.video.google.com
WR2		 2024-10-07 -
2024-12-30		 3 months crt.sh
*.web.core.windows.net
Microsoft Azure RSA TLS Issuing CA 03		 2024-04-13 -
2025-04-08		 a year crt.sh

This page contains 1 frames:

Primary Page: https://pgn4outfacing.z5.web.core.windows.net/externaldenied.html?resume=%2Fidp%2FsxUn93DGfU%2FresumeSAML20%2Fidp%2FSSO.ping&spentity=urn%3Aamazon%3Acognito%3Asp%3Aus-west-2_q7iI5qM0Y
Frame ID: 315049E7B61ED4B57E689A0AC6923914
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

PGE Network Connection Required - PGE

Page URL History Show full URLs

  1. https://csdash.click/ Page URL
  2. https://csweb-dashboard.auth.us-west-2.amazoncognito.com/oauth2/authorize?redirect_uri=https%3A%2F%2Fdevelopment.d1poljvrmnrspu.ampli... HTTP 302
    https://secure.pgn.com/idp/SSO.saml2?SAMLRequest=fZFda8IwFIbv9ytK7tPWaG0JtiITQdgYTB1sN5KmRw3YpOak7u... HTTP 302
    https://pgn4outfacing.z5.web.core.windows.net/externaldenied.html?resume=%2Fidp%2FsxUn93DGfU%2FresumeSAML20%2Fidp%2FSSO.pi... Page URL

Page Statistics

6
Requests

83 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

4
IPs

2
Countries

253 kB
Transfer

926 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://csdash.click/ Page URL
  2. https://csweb-dashboard.auth.us-west-2.amazoncognito.com/oauth2/authorize?redirect_uri=https%3A%2F%2Fdevelopment.d1poljvrmnrspu.amplifyapp.com&response_type=code&client_id=6uma8616slvl005o4lvr83ptmr&identity_provider=csweb-dashboard-pingid&scope=email%20openid%20profile&state=4IEetw70KRjYSTIHq64BAt2qPxpL0g5i&code_challenge=-S59Wl6qKeX2uPtvORP7MYOrDlPCcnuEGzINtmamVfA&code_challenge_method=S256 HTTP 302
    https://secure.pgn.com/idp/SSO.saml2?SAMLRequest=fZFda8IwFIbv9ytK7tPWaG0JtiITQdgYTB1sN5KmRw3YpOak7uPXL1Yd88bLhPfj8Lyj8Ve9D45gURmdk14YkwC0NJXS25ysljOakXHxMEJR71nDJ63b6Vc4tIAumCCCdd73aDS2NdgF2KOSsHp9ysnOuQZ5FEn8hJJWAnelEbYKhU8IW6SfPoGyUNTix%2Fi%2BrVbOhNLUUdcUqaqxgI0PBhJMvVZp4boTr8EIsrUQNlvd2bwhWixews5Ogvk0J2sphlkC8YYmIinpQKQJFVmZUJZuUpAlyzbxSYrYwlyjE9rlhMVsQHsx7cfL3oCzhPf6YTZkHyR4u0JiJ0gem0Z%2BxpKT1mpuBCrkWtSA3Em%2BmDw%2FcS%2FljTXOSLMnxZki7wptMDO2Fu6%2B9%2FSjKrrppBy0U%2B77pvu%2BXVwXIsVJdobNL7Q5NvxviPUhVfPk8By%2Fj6L%2FVxaX5%2B30xS8%3D&RelayState=H4sIAAAAAAAAAGWRS3PaMBSF_4vWEbFlSbbZQcIrGEKBNIFOxyNbkm2QLWGLR-n0v1fpdLrp7mjud67O3PMTMNAH5w5eRWchSk9hNSOnhbcDDyBzk7y7igxy1pWZZi2HpmqKirth7ob0XLOI-rRTF-V5RGN1aaPA2Lp1AHdAaa3p-o-PXFyE0qYWje1x32h1uLR103bm3GO1UZX8wYzp5bp2PvH5q-bCSenkZrBInCxA_xsQNauUe2gjmj8hTKtlpQT4_gBKx-LZSNhr6M3Xh91mO5ueKB4OLDqtbibxClI5R-UwuCHxu6KnufhA55W9vK5X4WL32j6r1VPenEeT-2xpa1Z_lQPnOHyGQIQ6eXRyWcx33vVaFlovmpjB7S33p4dl-hLDbJyi9GNC_cF9mw5Hb-_je5EuPzpzu7-tzaqarhck5Cm6x9GEz-RLUR5xPJcNeirwWIjYZvvkaL5Iy9v1O_eRDohvnovkLcU6G-Y7HLMNpi-n9FDtSpaEyW2_ndR7PX-SRxkVN0loUqttuAq6w7BMP8Or_yvssbMte_8adwWwu25yXTSV1X87qEHfDwMPxVHgB-7MoC-Z6sQDaN2-IAhQRhGGcc4QxCziMItxBBGPKCUCR6HAbod1aJozGhHhSUgYyRwbEsiijEAUylDkGYqkh8Cv3y_A_ViFAgAA.H4sIAAAAAAAAAOOKfGvs5RYmxLojnLnL3etXiN1mmXa9bzvkdGaFJXKIdAMAK8NUTiAAAAA.3 HTTP 302
    https://pgn4outfacing.z5.web.core.windows.net/externaldenied.html?resume=%2Fidp%2FsxUn93DGfU%2FresumeSAML20%2Fidp%2FSSO.ping&spentity=urn%3Aamazon%3Acognito%3Asp%3Aus-west-2_q7iI5qM0Y Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
csdash.click/ 		964 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://csdash.click/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-7.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a667a185cb8d030dad626cec4f12bb6556744b0d3ee8166376551a6ce4de0bf8

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
8856
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=0, s-maxage=31536000
content-length
964
content-type
text/html
date
Wed, 30 Oct 2024 11:57:36 GMT
etag
"5740a5c1a2cd8b083c403287bf063d29"
last-modified
Tue, 29 Oct 2024 17:00:42 GMT
server
AmazonS3
via
1.1 b16802a1e349d80b7688070778305ae2.cloudfront.net (CloudFront)
x-amz-cf-id
-Aal-A7S0C7HwwqGbse2p6Q3ZVM3c4rLHApRvsk2QkIxT_-x-TfWhw==
x-amz-cf-pop
FRA53-C1
x-cache
Hit from cloudfront
css2
fonts.googleapis.com/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Inter:ital,wght@0,400&display=swap
Requested by
Host: csdash.click
URL: https://csdash.click/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
0c5433710aed5e054a330ac4311cec4d79ecead1d1e9ed0cd21ad593e36e458b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://csdash.click/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 30 Oct 2024 14:25:13 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 30 Oct 2024 14:25:13 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Wed, 30 Oct 2024 13:58:40 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
main.fe4751a1.js
csdash.click/static/js/ 		905 KB
233 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://csdash.click/static/js/main.fe4751a1.js
Requested by
Host: csdash.click
URL: https://csdash.click/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-7.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0d53e0b9cf2c1e33729cbfcdc5df05fcf42ba197906ba4ee921b7c15fc176eff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://csdash.click/

Response headers

cache-control
public, max-age=0, s-maxage=31536000
content-encoding
br
etag
W/"a1624671b62f8523a89cc274dbf49b46"
age
8916
via
1.1 b16802a1e349d80b7688070778305ae2.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
S2qlyTXo2gGttQ-sKHrLk6OKGr-WxjFbPV6sbE6vnw5Ndu7yi9w7-g==
date
Wed, 30 Oct 2024 11:56:36 GMT
content-type
text/javascript
last-modified
Tue, 29 Oct 2024 17:00:42 GMT
server
AmazonS3
x-amz-cf-pop
FRA53-C1
vary
Accept-Encoding
main.d0aa35e2.css
csdash.click/static/css/ 		1 KB
804 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://csdash.click/static/css/main.d0aa35e2.css
Requested by
Host: csdash.click
URL: https://csdash.click/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-7.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
bc5306e30ea77884c867f92237e936d41331a9fbc6ac867acd45da599a5e602d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://csdash.click/

Response headers

cache-control
public, max-age=0, s-maxage=31536000
content-encoding
br
etag
W/"280e63e59e7d4c35c2696ba37c1cfabd"
age
8916
via
1.1 b16802a1e349d80b7688070778305ae2.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
tTV3v2jMonL_Fe3_WfMzYDCTZL1qi73qEiTORES8wVkIzkgnIOGMag==
date
Wed, 30 Oct 2024 11:56:36 GMT
content-type
text/css
last-modified
Tue, 29 Oct 2024 17:00:42 GMT
server
AmazonS3
x-amz-cf-pop
FRA53-C1
vary
Accept-Encoding
Primary Request externaldenied.html
pgn4outfacing.z5.web.core.windows.net/
Redirect Chain
  • https://csweb-dashboard.auth.us-west-2.amazoncognito.com/oauth2/authorize?redirect_uri=https%3A%2F%2Fdevelopment.d1poljvrmnrspu.amplifyapp.com&response_type=code&client_id=6uma8616slvl005o4lvr83ptm...
  • https://secure.pgn.com/idp/SSO.saml2?SAMLRequest=fZFda8IwFIbv9ytK7tPWaG0JtiITQdgYTB1sN5KmRw3YpOak7uPXL1Yd88bLhPfj8Lyj8Ve9D45gURmdk14YkwC0NJXS25ysljOakXHxMEJR71nDJ63b6Vc4tIAumCCCdd73aDS2NdgF2KOSsHp9...
  • https://pgn4outfacing.z5.web.core.windows.net/externaldenied.html?resume=%2Fidp%2FsxUn93DGfU%2FresumeSAML20%2Fidp%2FSSO.ping&spentity=urn%3Aamazon%3Acognito%3Asp%3Aus-west-2_q7iI5qM0Y
17 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://pgn4outfacing.z5.web.core.windows.net/externaldenied.html?resume=%2Fidp%2FsxUn93DGfU%2FresumeSAML20%2Fidp%2FSSO.ping&spentity=urn%3Aamazon%3Acognito%3Asp%3Aus-west-2_q7iI5qM0Y
Requested by
Host: csdash.click
URL: https://csdash.click/static/js/main.fe4751a1.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.209.101.73 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
77b6691c9b8fad5e85d93394e7d6474c9fbdbac5be2953f7af44d803ab8cfb68

Request headers

Referer
https://csdash.click/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Accept-Ranges
bytes
Content-Length
17016
Content-MD5
Ndh8JbxhonB09+jOgDXNgQ==
Content-Type
text/html
Date
Wed, 30 Oct 2024 14:25:15 GMT
ETag
"0x8DCE269CDDAC402"
Last-Modified
Tue, 01 Oct 2024 22:38:43 GMT
Server
Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id
c9540d8d-f01e-004e-48d7-2a3c43000000
x-ms-version
2018-03-28

Redirect headers

Cache-Control
no-cache, no-store
Content-Length
0
Content-Type
text/html;charset=utf-8
Date
Wed, 30 Oct 2024 14:25:15 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Location
https://pgn4outfacing.z5.web.core.windows.net/externaldenied.html?resume=%2Fidp%2FsxUn93DGfU%2FresumeSAML20%2Fidp%2FSSO.ping&spentity=urn%3Aamazon%3Acognito%3Asp%3Aus-west-2_q7iI5qM0Y
Pragma
no-cache
Referrer-Policy
origin
Strict-Transport-Security
max-age=31536000
X-Frame-Options
SAMEORIGIN
pgelogo.png
pgn4outfacing.z5.web.core.windows.net/common_files/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
pgn4outfacing.z5.web.core.windows.net
URL
https://pgn4outfacing.z5.web.core.windows.net/common_files/pgelogo.png

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Domain/Path Name / Value
csweb-dashboard.auth.us-west-2.amazoncognito.com/ Name: XSRF-TOKEN
Value: af0b8bf8-f79e-47dd-998e-59c368784e7f
csweb-dashboard.auth.us-west-2.amazoncognito.com/ Name: csrf-state
Value: NgKY0wwhgooMn9a-Txc1HjN_J9-bF_2_XG61AzT_BEUWFzg_NXspxzURpPiHRM57d_2z98GdIfJghk49Kfn2Cg4Fee9tbZLkpQftdrRWd12o351pDgLU_4obBcY49aS46Jq_jiYhaL7LxZTGmZoKCfkf8gxf56LmlT7P3sjBh_A
csweb-dashboard.auth.us-west-2.amazoncognito.com/ Name: csrf-state-legacy
Value: NgKY0wwhgooMn9a-Txc1HjN_J9-bF_2_XG61AzT_BEUWFzg_NXspxzURpPiHRM57d_2z98GdIfJghk49Kfn2Cg4Fee9tbZLkpQftdrRWd12o351pDgLU_4obBcY49aS46Jq_jiYhaL7LxZTGmZoKCfkf8gxf56LmlT7P3sjBh_A
secure.pgn.com/ Name: PF
Value: 4pSbH7XrLASzrs4SwjrsVJiAmfwwlTkP0UvRmRWyNAK6
secure.pgn.com/ Name: TS011cc068
Value: 012740c723cfb475fbb127fa95d6dc34a7beb72290d3f663c90540b48ea88c9943137d154ef3fecd2096fdfa87ea8d998fd196c1fb1a0650e2d1a4f1dc5c2b209540efafc0