serviceagreementprograms.com
Open in
urlscan Pro
3.27.162.33
Malicious Activity!
Public Scan
Submission: On June 01 via automatic, source openphish — Scanned from AU
Summary
TLS certificate: Issued by R3 on May 30th 2023. Valid for: 3 months.
This is the only time serviceagreementprograms.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
13 | 3.27.162.33 3.27.162.33 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 40.126.16.167 40.126.16.167 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
7 | 13.107.237.59 13.107.237.59 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 152.199.40.61 152.199.40.61 | 15133 (EDGECAST) (EDGECAST) | |
22 | 4 |
ASN16509 (AMAZON-02, US)
PTR: ec2-3-27-162-33.ap-southeast-2.compute.amazonaws.com
serviceagreementprograms.com |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
login.live.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
serviceagreementprograms.com
serviceagreementprograms.com |
148 KB |
7 |
msauth.net
aadcdn.msauth.net — Cisco Umbrella Rank: 1345 |
117 KB |
1 |
msauthimages.net
aadcdn.msauthimages.net — Cisco Umbrella Rank: 4741 |
129 KB |
1 |
live.com
login.live.com — Cisco Umbrella Rank: 91 |
|
22 | 4 |
Domain | Requested by | |
---|---|---|
13 | serviceagreementprograms.com |
serviceagreementprograms.com
aadcdn.msauth.net |
7 | aadcdn.msauth.net |
serviceagreementprograms.com
|
1 | aadcdn.msauthimages.net |
serviceagreementprograms.com
|
1 | login.live.com |
serviceagreementprograms.com
|
22 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
passwordreset.microsoftonline.com |
www.microsoft.com |
privacy.microsoft.com |
login.microsoftonline.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
serviceagreementprograms.com R3 |
2023-05-30 - 2023-08-28 |
3 months | crt.sh |
login.live.com DigiCert SHA2 Secure Server CA |
2023-04-03 - 2024-04-03 |
a year | crt.sh |
aadcdn.msauth.net DigiCert SHA2 Secure Server CA |
2023-04-28 - 2024-04-28 |
a year | crt.sh |
aadcdn.msauthimages.net Microsoft Azure TLS Issuing CA 02 |
2023-03-08 - 2024-03-02 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://serviceagreementprograms.com/?rid=wJcAa5c
Frame ID: 53C69E74CE38246517577E48E017235F
Requests: 22 HTTP requests in this frame
4 Outgoing links
These are links going to different origins than the main page.
Title: Forgotten my password
Search URL Search Domain Scan URL
Title: Terms of use
Search URL Search Domain Scan URL
Title: Privacy & cookies
Search URL Search Domain Scan URL
Title: ...
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
22 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
serviceagreementprograms.com/ |
239 KB 60 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Me.htm
login.live.com/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ConvergedLogin_PCore_s9lCYGipHOEtFkYXVZWDhg2.js
serviceagreementprograms.com/static/48ecc55c-f742-4363-9503-f7caa997b46d/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
convergedlogin_pcustomizationloader_6b58ad253a0d39d0e283.js
serviceagreementprograms.com/static/48ecc55c-f742-4363-9503-f7caa997b46d/ |
107 KB 32 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
convergedlogin_pfetchsessionsprogress_02d6d4e9622aa130a29d.js
serviceagreementprograms.com/static/48ecc55c-f742-4363-9503-f7caa997b46d/ |
15 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
convergedlogin_pstringcustomizationhelper_9877123961886facadfe.js
serviceagreementprograms.com/static/48ecc55c-f742-4363-9503-f7caa997b46d/ |
111 KB 35 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
convergedlogin_ppassword_fa267993751df2ebedba.js
serviceagreementprograms.com/static/48ecc55c-f742-4363-9503-f7caa997b46d/ |
24 KB 7 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bannerlogo.png
serviceagreementprograms.com/static/48ecc55c-f742-4363-9503-f7caa997b46d/ |
8 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
serviceagreementprograms.com/static/48ecc55c-f742-4363-9503-f7caa997b46d/ |
513 B 554 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ConvergedLogin_PCore_s9lCYGipHOEtFkYXVZWDhg2.js
serviceagreementprograms.com/static/48ecc55c-f742-4363-9503-f7caa997b46d/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js
aadcdn.msauth.net/ests/2.1/content/cdnbundles/ |
117 KB 40 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
converged.v2.login.min_jhbu09ckrizehfz_kojdnq2.css
aadcdn.msauth.net/ests/2.1/content/cdnbundles/ |
0 20 KB |
Other
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ux.converged.login.strings-en-gb.min_oqrgeeq7ksxvv_lfrvwrbq2.js
aadcdn.msauth.net/ests/2.1/content/cdnbundles/ |
0 14 KB |
Other
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
illustration
aadcdn.msauthimages.net/81d6b03a-ou9pioet6wcmbicegiafdp1pmyqrpvvdcivlay3zhyi/logintenantbranding/0/ |
129 KB 129 KB |
Image
image/* |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ConvergedLogin_PCore_s9lCYGipHOEtFkYXVZWDhg2.js
serviceagreementprograms.com/static/48ecc55c-f742-4363-9503-f7caa997b46d/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
frameworksupport.min_oadrnc13magb009k4d20lg2.js
aadcdn.msauth.net/ests/2.1/content/cdnbundles/ |
12 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
watson.min_q5ptmu8aniymd4ftuqdkda2.js
aadcdn.msauth.net/ests/2.1/content/cdnbundles/ |
9 KB 4 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
watson
serviceagreementprograms.com/common/handlers/ |
19 B 66 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
watson
serviceagreementprograms.com/common/handlers/ |
19 B 43 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
watson
serviceagreementprograms.com/common/handlers/ |
19 B 43 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
converged.v2.login.min_jhbu09ckrizehfz_kojdnq2.css
aadcdn.msauth.net/ests/2.1/content/cdnbundles/ |
0 20 KB |
Other
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ux.converged.login.strings-en-gb.min_oqrgeeq7ksxvv_lfrvwrbq2.js
aadcdn.msauth.net/ests/2.1/content/cdnbundles/ |
0 14 KB |
Other
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)24 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| onbeforetoggle object| onscrollend object| $Config object| $Debug object| $Do function| $Loader object| $WebWatson function| GetString function| GetErrorString function| GetUrl object| $B object| ServerData object| StringRepository object| PROOF boolean| __ object| webpackJsonp boolean| __convergedlogin_pcustomizationloader_6b58ad253a0d39d0e283 boolean| __convergedlogin_pfetchsessionsprogress_02d6d4e9622aa130a29d boolean| __convergedlogin_pstringcustomizationhelper_9877123961886facadfe boolean| __convergedlogin_ppassword_fa267993751df2ebedba function| $ function| jQuery object| $Api2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.login.live.com/ | Name: uaid Value: ce0dd559a5044a588926708fdfc6c179 |
|
.login.live.com/ | Name: MSPRequ Value: id=N<=1685647414&co=1 |
9 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aadcdn.msauth.net
aadcdn.msauthimages.net
login.live.com
serviceagreementprograms.com
13.107.237.59
152.199.40.61
3.27.162.33
40.126.16.167
0a00576cadae87e861392dd608fef4ddc4bd2eb52451e94013265bdb2d98c09b
174b35b592e6a4baeb40f3b6d06c9690b95dd6d264d1dc6ec6049f675094cd57
2bbb8ab7bb14d51665509c16a5e2b13735d84a71be1e7f98fb0281d4d317abe9
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
40d1711754bf2820218ca654a9b1d8ccad7eb0786366bbe94124e2178849e7b0
441bfa485fb0eb8ad2be7001209868b57c41769cae9512a774419f5882c093e6
b16e15764b8bc06c5c3f9f19bc8b99fa48e7894aa5a6ccdad65da49bbf564793
c8cef105fcaf7cbf3f8682c861045505c24d41cf6686c20c1c03e14031a3db69
d105df41fc2ac5fc8959647605e62c36916128452667ed3dd94328a4f8cf494f
df2aa8537c1992c94846a0ffffaa9031d430d9d0210b9e396ec059aff62627e0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e95f29bbdab01a255f4bfb4f5a1450b70dbba9a713e4501efffe25ee70b2bd76
f0a9b9122a7bc55d4b22d96f71c7b05302852344dd606c11edf925043285f9da