![](/screenshots/00310302-0287-4555-b9ad-2b5e83a4ef7f.png)
congenrep.ciamlogin.com
Open in
urlscan Pro
2603:1026:3000:d0::6
Malicious Activity!
Public Scan
Effective URL: https://congenrep.ciamlogin.com/c7a7ca2a-329c-4bbc-afdb-666e11189b83/oauth2/v2.0/authorize?client_id=23528ab8-b045-484d-a479-eb6...
Submission: On May 03 via api from US — Scanned from DE
Summary
TLS certificate: Issued by Microsoft Azure RSA TLS Issuing CA 03 on March 17th 2024. Valid for: a year.
This is the only time congenrep.ciamlogin.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
17 | 76.76.21.241 76.76.21.241 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 16.182.32.137 16.182.32.137 | 16509 (AMAZON-02) (AMAZON-02) | |
1 1 | 34.192.95.244 34.192.95.244 | 14618 (AMAZON-AES) (AMAZON-AES) | |
3 | 2603:1026:300... 2603:1026:3000:d0::6 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
13 | 2620:1ec:46::45 2620:1ec:46::45 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 40.126.31.73 40.126.31.73 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 2603:1027:1:1... 2603:1027:1:158::c | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
38 | 7 |
ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com
synchrox-cdn.s3.amazonaws.com |
ASN14618 (AMAZON-AES, US)
PTR: ec2-34-192-95-244.compute-1.amazonaws.com
users.sandbox.apicgr.synchrox.com |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
congenrep.ciamlogin.com |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
autologon.microsoftazuread-sso.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
18 |
synchrox.com
1 redirects
sandbox.cgrpru.synchrox.com users.sandbox.apicgr.synchrox.com |
732 KB |
13 |
msauth.net
aadcdn.msauth.net — Cisco Umbrella Rank: 892 |
389 KB |
3 |
ciamlogin.com
congenrep.ciamlogin.com |
29 KB |
1 |
microsoftazuread-sso.com
autologon.microsoftazuread-sso.com — Cisco Umbrella Rank: 1303 |
1 KB |
1 |
live.com
login.live.com — Cisco Umbrella Rank: 80 |
|
1 |
amazonaws.com
synchrox-cdn.s3.amazonaws.com |
22 KB |
0 |
msauthimages.net
Failed
aadcdn.msauthimages.net Failed |
|
38 | 7 |
Domain | Requested by | |
---|---|---|
17 | sandbox.cgrpru.synchrox.com |
sandbox.cgrpru.synchrox.com
|
13 | aadcdn.msauth.net |
congenrep.ciamlogin.com
aadcdn.msauth.net |
3 | congenrep.ciamlogin.com |
sandbox.cgrpru.synchrox.com
aadcdn.msauth.net |
1 | autologon.microsoftazuread-sso.com | |
1 | login.live.com |
congenrep.ciamlogin.com
|
1 | users.sandbox.apicgr.synchrox.com | 1 redirects |
1 | synchrox-cdn.s3.amazonaws.com | |
0 | aadcdn.msauthimages.net Failed | |
38 | 8 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.microsoft.com |
privacy.microsoft.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sandbox.cgrpru.synchrox.com R3 |
2024-05-02 - 2024-07-31 |
3 months | crt.sh |
*.s3.amazonaws.com Amazon RSA 2048 M01 |
2023-10-10 - 2024-07-03 |
9 months | crt.sh |
*.ciamlogin.com Microsoft Azure RSA TLS Issuing CA 03 |
2024-03-17 - 2025-03-12 |
a year | crt.sh |
aadcdn.msauth.net DigiCert SHA2 Secure Server CA |
2024-04-30 - 2025-04-30 |
a year | crt.sh |
login.live.com DigiCert SHA2 Secure Server CA |
2024-02-09 - 2025-02-09 |
a year | crt.sh |
autologon.microsoftazuread-sso.com DigiCert SHA2 Secure Server CA |
2024-02-13 - 2025-02-13 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://congenrep.ciamlogin.com/c7a7ca2a-329c-4bbc-afdb-666e11189b83/oauth2/v2.0/authorize?client_id=23528ab8-b045-484d-a479-eb6239fe4fbf&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fusers.sandbox.apicgr.synchrox.com%2Fauth%2Fazure%2Fredirect&client-request-id=540b49fb-9e93-41a3-b965-6e856bd5a10b&response_mode=form_post&response_type=code&x-client-SKU=msal.js.node&x-client-VER=2.6.3&x-client-OS=linux&x-client-CPU=x64&client_info=1&code_challenge=BlxtqZS51rlGZ3YYYdcaWqADl-EYY6zffN_jfNamRgc&code_challenge_method=S256&state=eyJjc3JmVG9rZW4iOiJjYjdjYTQ4ZC1lOTdiLTQ4OWQtYmJhNi04NGQzOGZlZTc3MTciLCJyZWRpcmVjdFRvIjoiLyJ9&sso_reload=true
Frame ID: 1769B954A84F5DB305318DCC7C3C95BB
Requests: 38 HTTP requests in this frame
Screenshot
![](/screenshots/00310302-0287-4555-b9ad-2b5e83a4ef7f.png)
Page Title
Bei Ihrem Konto anmeldenPage URL History Show full URLs
- https://sandbox.cgrpru.synchrox.com/ Page URL
-
https://users.sandbox.apicgr.synchrox.com/auth/azure/signin
HTTP 302
https://congenrep.ciamlogin.com/c7a7ca2a-329c-4bbc-afdb-666e11189b83/oauth2/v2.0/authorize?client_id=23528ab... Page URL
- https://congenrep.ciamlogin.com/c7a7ca2a-329c-4bbc-afdb-666e11189b83/oauth2/v2.0/authorize?client_id=23528ab... Page URL
Detected technologies
Detected patterns
- [^a-z]mtc.*\.js
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Title: Nutzungsbedingungen
Search URL Search Domain Scan URL
Title: Datenschutz und Cookies
Search URL Search Domain Scan URL
Title: Haftungsausschluss
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://sandbox.cgrpru.synchrox.com/ Page URL
-
https://users.sandbox.apicgr.synchrox.com/auth/azure/signin
HTTP 302
https://congenrep.ciamlogin.com/c7a7ca2a-329c-4bbc-afdb-666e11189b83/oauth2/v2.0/authorize?client_id=23528ab8-b045-484d-a479-eb6239fe4fbf&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fusers.sandbox.apicgr.synchrox.com%2Fauth%2Fazure%2Fredirect&client-request-id=540b49fb-9e93-41a3-b965-6e856bd5a10b&response_mode=form_post&response_type=code&x-client-SKU=msal.js.node&x-client-VER=2.6.3&x-client-OS=linux&x-client-CPU=x64&client_info=1&code_challenge=BlxtqZS51rlGZ3YYYdcaWqADl-EYY6zffN_jfNamRgc&code_challenge_method=S256&state=eyJjc3JmVG9rZW4iOiJjYjdjYTQ4ZC1lOTdiLTQ4OWQtYmJhNi04NGQzOGZlZTc3MTciLCJyZWRpcmVjdFRvIjoiLyJ9 Page URL
- https://congenrep.ciamlogin.com/c7a7ca2a-329c-4bbc-afdb-666e11189b83/oauth2/v2.0/authorize?client_id=23528ab8-b045-484d-a479-eb6239fe4fbf&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fusers.sandbox.apicgr.synchrox.com%2Fauth%2Fazure%2Fredirect&client-request-id=540b49fb-9e93-41a3-b965-6e856bd5a10b&response_mode=form_post&response_type=code&x-client-SKU=msal.js.node&x-client-VER=2.6.3&x-client-OS=linux&x-client-CPU=x64&client_info=1&code_challenge=BlxtqZS51rlGZ3YYYdcaWqADl-EYY6zffN_jfNamRgc&code_challenge_method=S256&state=eyJjc3JmVG9rZW4iOiJjYjdjYTQ4ZC1lOTdiLTQ4OWQtYmJhNi04NGQzOGZlZTc3MTciLCJyZWRpcmVjdFRvIjoiLyJ9&sso_reload=true Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 18- https://users.sandbox.apicgr.synchrox.com/auth/azure/signin HTTP 302
- https://congenrep.ciamlogin.com/c7a7ca2a-329c-4bbc-afdb-666e11189b83/oauth2/v2.0/authorize?client_id=23528ab8-b045-484d-a479-eb6239fe4fbf&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fusers.sandbox.apicgr.synchrox.com%2Fauth%2Fazure%2Fredirect&client-request-id=540b49fb-9e93-41a3-b965-6e856bd5a10b&response_mode=form_post&response_type=code&x-client-SKU=msal.js.node&x-client-VER=2.6.3&x-client-OS=linux&x-client-CPU=x64&client_info=1&code_challenge=BlxtqZS51rlGZ3YYYdcaWqADl-EYY6zffN_jfNamRgc&code_challenge_method=S256&state=eyJjc3JmVG9rZW4iOiJjYjdjYTQ4ZC1lOTdiLTQ4OWQtYmJhNi04NGQzOGZlZTc3MTciLCJyZWRpcmVjdFRvIjoiLyJ9
38 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
sandbox.cgrpru.synchrox.com/ |
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
13253f8a5df687a0.css
sandbox.cgrpru.synchrox.com/_next/static/css/ |
12 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
webpack-92b22e2eae2f334e.js
sandbox.cgrpru.synchrox.com/_next/static/chunks/ |
6 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fd9d1056-2905bf9068a990f0.js
sandbox.cgrpru.synchrox.com/_next/static/chunks/ |
168 KB 54 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2472-4053ccee8010c692.js
sandbox.cgrpru.synchrox.com/_next/static/chunks/ |
107 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main-app-8ed6d57d180fb331.js
sandbox.cgrpru.synchrox.com/_next/static/chunks/ |
473 B 647 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
c37d3baf-e94082d3487a805f.js
sandbox.cgrpru.synchrox.com/_next/static/chunks/ |
80 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1879-323e40c4936c0419.js
sandbox.cgrpru.synchrox.com/_next/static/chunks/ |
1 MB 352 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
4286-2a6bdf4061391715.js
sandbox.cgrpru.synchrox.com/_next/static/chunks/ |
301 KB 68 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
layout-153cd7b4cb643e2f.js
sandbox.cgrpru.synchrox.com/_next/static/chunks/app/ |
13 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
not-found-ddbea50e3f9cbf6f.js
sandbox.cgrpru.synchrox.com/_next/static/chunks/app/ |
327 B 574 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
page-7cf1eb8c99c1c1bc.js
sandbox.cgrpru.synchrox.com/_next/static/chunks/app/ |
6 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cd1c3bed700a67cf.css
sandbox.cgrpru.synchrox.com/_next/static/css/ |
10 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vertical-synchrox-logo.svg
sandbox.cgrpru.synchrox.com/assets/svg/ |
159 KB 120 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-cgr.png
synchrox-cdn.s3.amazonaws.com/ |
21 KB 22 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
sandbox.cgrpru.synchrox.com/ |
58 KB 58 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logoMicrosoft.svg
sandbox.cgrpru.synchrox.com/assets/svg/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
www.google.com
sandbox.cgrpru.synchrox.com/ |
5 KB 2 KB |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
authorize
congenrep.ciamlogin.com/c7a7ca2a-329c-4bbc-afdb-666e11189b83/oauth2/v2.0/ Redirect Chain
|
20 KB 11 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
BssoInterrupt_Core_Ggyc2EJnCaHFrI6xkBPLcg2.js
aadcdn.msauth.net/shared/1.0/content/js/ |
138 KB 49 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
authorize
congenrep.ciamlogin.com/c7a7ca2a-329c-4bbc-afdb-666e11189b83/oauth2/v2.0/ |
41 KB 17 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
favicon.ico
congenrep.ciamlogin.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css
aadcdn.msauth.net/ests/2.1/content/cdnbundles/ |
110 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ConvergedLogin_PCore_4aBF4cdky--I3Cpch7JoPw2.js
aadcdn.msauth.net/shared/1.0/content/js/ |
434 KB 119 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ux.converged.login.strings-de.min_424c1i9crqdf0lqqgcslza2.js
aadcdn.msauth.net/ests/2.1/content/cdnbundles/ |
60 KB 18 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Me.htm
login.live.com/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
oneDs_f2e0f4a029670f10d892.js
aadcdn.msauth.net/shared/1.0/content/js/ |
186 KB 60 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
convergedlogin_pcustomizationloader_8e14dcf0e3ff5580d170.js
aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/ |
219 KB 54 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon_a_eupayfgghqiai7k9sol6lg2.ico
aadcdn.msauth.net/shared/1.0/content/images/ |
17 KB 17 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
convergedlogin_pfetchsessionsprogress_7c1aa7609345f99e4914.js
aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/ |
15 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif
aadcdn.msauth.net/shared/1.0/content/images/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif
aadcdn.msauth.net/shared/1.0/content/images/ |
4 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
illustration
aadcdn.msauthimages.net/dbd5a2dd-p-3yrfn33gk6zd2vp3ew4ofsfgpqabbj5ulhtgc0ss0/logintenantbranding/0/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
aadcdn.msauth.net/shared/1.0/content/images/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ssoprobe
autologon.microsoftazuread-sso.com/c7a7ca2a-329c-4bbc-afdb-666e11189b83/winauth/ |
12 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
dssostatus
congenrep.ciamlogin.com/common/instrumentation/ |
265 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
convergedlogin_pstringcustomizationhelper_ea3e62a2bdfb2b2ee8c8.js
aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/ |
111 KB 36 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg
aadcdn.msauth.net/shared/1.0/content/images/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- congenrep.ciamlogin.com
- URL
- https://congenrep.ciamlogin.com/favicon.ico
- Domain
- aadcdn.msauthimages.net
- URL
- https://aadcdn.msauthimages.net/dbd5a2dd-p-3yrfn33gk6zd2vp3ew4ofsfgpqabbj5ulhtgc0ss0/logintenantbranding/0/illustration?ts=636930303894029581
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)20 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| $Config object| $Debug object| $Do function| $Loader object| $WebWatson function| GetString function| GetErrorString function| GetUrl object| $B object| ServerData object| webpackJsonp object| ko object| PROOF object| StringRepository object| Telemetry object| telemetry_webpackJsonp boolean| __ConvergedLogin_PCore boolean| __ boolean| __convergedlogin_pcustomizationloader_8e14dcf0e3ff5580d170 boolean| __convergedlogin_pfetchsessionsprogress_7c1aa7609345f99e491418 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
users.sandbox.apicgr.synchrox.com/ | Name: connect.sid Value: s%3AftsYZCHDdE3y6DhOSl86pIZnZarp2Qe-.H7K106U11uuBbwTcRNSgGaSbcxPFxfsUgF1fd%2B6iK8Q |
|
.congenrep.ciamlogin.com/ | Name: esctx-UqEqnQCfA0 Value: AQABCQEAAADnfolhJpSnRYB1SVj-Hgd85StivVqHz68eHSDr4pwVgLlz8cMZo67VXoz-xMWTahG_YyV6NXdlN4dhozupfgH6d9ShB1TGoUmFN5KldyAM7g4yRmYra4WvFrIoxddIRMwVls8CyYxqpxYqWwL2eau6ankmJnfuTz5Nr81JQDnkDiAA |
|
congenrep.ciamlogin.com/ | Name: x-ms-gateway-slice Value: estsfd |
|
congenrep.ciamlogin.com/ | Name: stsservicecookie Value: estsfd |
|
.congenrep.ciamlogin.com/ | Name: AADSSO Value: NA|NoExtension |
|
congenrep.ciamlogin.com/ | Name: SSOCOOKIEPULLED Value: 1 |
|
congenrep.ciamlogin.com/ | Name: buid Value: 0.ASYAKsqnx5wyvEuv22ZuERibg7iKUiNFsE1IpHnrYjn-T78mAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8NfpYVnPVqJmikyjq5sxDdt5Vxjym2cOoksfWAdTVf7UALbkqPkiw2xCM1-EZNe7QB4uvpmF3UoKj6aadGzClgDbHC6iAA-UpFpZ9SZs-qPEgAA |
|
.congenrep.ciamlogin.com/ | Name: esctx Value: PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8hyrIqmPd2inJUsav4-_dtLLaFuWOnImC7c_lwETB4zQYi6_DXdVppZ9D_dCkub3m-uk6U9FIWSXg6F9AGnPI2FzqOUIDX0u-Nm9MNzChFG2iTTmdNYdDzz1U4d_An_FVUYmkqbMHxO5wv-TSP_t2ZD0V-Lk8x2JiAaPq7Q-jimUgAA |
|
.congenrep.ciamlogin.com/ | Name: esctx-ZKbevEWGPcI Value: AQABCQEAAADnfolhJpSnRYB1SVj-Hgd875jSZ3sL_F2EiKA-TyoggzHJYM3YT5JoW-qwdGUsKHbMp1-LXb4dxehPqlUdbNychtQFZXedhMR9hLVRmmwmUDyMLkSne9xoYhYVBWpm9QmthDu5bwma_8zmXikqHYusRUvPmi5ijDXy6lBFd7RlWSAA |
|
congenrep.ciamlogin.com/ | Name: fpc Value: Ah0MJ6X6A1FGhHdmm_aAIKUIoeo7AQAAABW6xt0OAAAA |
|
congenrep.ciamlogin.com/ | Name: MicrosoftApplicationsTelemetryDeviceId Value: 44d1a565-f015-4ce6-b5f3-3bdbac60c949 |
|
.congenrep.ciamlogin.com/ | Name: brcap Value: 0 |
|
.login.live.com/ | Name: uaid Value: 6cc57ca7aa9f42f8b41be48a2d355685 |
|
.login.live.com/ | Name: MSPRequ Value: id=N<=1714733846&co=1 |
|
autologon.microsoftazuread-sso.com/ | Name: fpc Value: AtGOC9duhxdOnY_M-HEkEMU |
|
autologon.microsoftazuread-sso.com/ | Name: x-ms-gateway-slice Value: estsfd |
|
autologon.microsoftazuread-sso.com/ | Name: stsservicecookie Value: estsfd |
|
congenrep.ciamlogin.com/ | Name: ai_session Value: eoEJchHJycMkrZY8wEkfzk|1714733846810|1714733846810 |
8 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=63072000 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aadcdn.msauth.net
aadcdn.msauthimages.net
autologon.microsoftazuread-sso.com
congenrep.ciamlogin.com
login.live.com
sandbox.cgrpru.synchrox.com
synchrox-cdn.s3.amazonaws.com
users.sandbox.apicgr.synchrox.com
aadcdn.msauthimages.net
congenrep.ciamlogin.com
16.182.32.137
2603:1026:3000:d0::6
2603:1027:1:158::c
2620:1ec:46::45
34.192.95.244
40.126.31.73
76.76.21.241
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
0edaaa0b12cfa0901cf1399cb24834c6f6c3395c891e2fba969846282c7f791c
2186a712c8ddf76ee682e51cd9d47e818abe75af8e396fe14c3666874bea8e66
256aedfa0d1fc4b73aba5ecb85d10bd252350cf9233768b438bd1b87a80a2b8e
2ff4cbcd0487aed65fb266fdeb3c4acd94a4a8bd047e85733ee6d4ec1d8dc521
35afb11dab6edcbc989a25fe5cf19f5d8289499232b7ec775f318d8b8a5bbf78
3eaa02adf3103108e3b7519ae0030950c3179f13620c466e7ad6d06514e38a87
474ce0790ceb18a100cebaf1ac0915a51389fcae0830c3b44bfa1e365d40b2b4
4b01a0a34ce8ed4bc8a8713be0442d49da6a756236b7b4424622ca3dee820f41
4be11c075187615adaf493d54cb7b05556e76806aed2b3b082d72952d0025be5
66b8587b2cf5d4cd9ddb63674128f9e5c98f2d3ce1524926ebf4805f6ace83e0
78358703149d461bea82b4e54865d16a3580fff7c4e7e8888d62a4aa916b55a0
788ca1aec9d2eb9b52c964f2a2a8ab09a23d57b3c45508bcb4167631e4260985
8405362eb8f09df13ae244de155b51b1577274673d9728b6c81cd0278a63c8b0
85db0e9a1dbdc286054b9dfc53b2b46fff551b79f7d089d1f7aabf0dfad93bbd
8710117641915b077154b9eae918b254b064a950ba6e100fc3090c561df83e7b
8737d721808655f37b333f08a90185699e7e8b9bdaaa15cdb63c8448b426f95d
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
9ad82de52f3930cb21d7faa7c317ef69dd4e3ba398aec6bfdc9f9de360163278
9fbb262e693bbe19b7eaf8f05ca095d1c329f7f45eba07b41852e6e7625f1244
a0bf265b1be07db5c061acfa36ddf3c521dde962740ff7d41fabb9cdb8202bb6
a46201581a7c7c667fd42787cd1e9adf2f6bf809efb7596e61a03e8dba9ada13
a78727d084e794afbef57ed720a800d445533298ba24300642251632b6406dc9
b1058103769c9effd8535b4e3562651e9e170591dd27b1df6870f950227776b6
caa82411ef29865b88c89bd157ea2543d2d4412ead8ce36248194c93f8585b6d
cd0a2b1e8dd8ae1139eadec3ea0d1c7cc5b083747c4dd8174db5ebe4f664e252
d089c8a9fc28e4e50223eb38c9409e362521be9380a37341304fbac7a4cd9e5f
d12f35509e7ebcd8af368faf23c490fda08fa0cb21171ab6b60ae2468242e500
d1d54166bb6a2cc089d2f41536c6aa665bcaf7576a89f7343f3e7797aa29b13e
d6b1be9516833899cf578ea6bdabc0078baae41ac4d94d1e07ef5a0f218fbcad
ddfb5d0d2fcf9a245158aa253352de72546486f30500d828dc2aec8a9fd5dec0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5bf44781e735a24b9c8df07d625da74848086af10c74f656d3b54496c21a6bf
fa449b79237b05bc9cdbedbb7879082ee80f1af5fb423c5e18408b0167a67505
ffd9ce3a406eaaac844656d55719927b4ae834071a7814d8cfd956fb30892d9a