live.teamvibes.org
Open in
urlscan Pro
45.83.123.245
Malicious Activity!
Public Scan
Effective URL: https://live.teamvibes.org/login.srf?wa=wsignin1.0&rpsnv=157&ct=1722856942&rver=7.0.6738.0&wp=MBI_SSL&wreply=https%3a%2f%2f...
Submission: On August 05 via manual from GB — Scanned from GB
Summary
TLS certificate: Issued by E5 on July 22nd 2024. Valid for: 3 months.
This is the only time live.teamvibes.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 35.226.132.161 35.226.132.161 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
2 4 | 45.83.123.245 45.83.123.245 | 200313 (INTERNET-IT) (INTERNET-IT) | |
6 | 2620:1ec:29:1... 2620:1ec:29:1::72 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
2 | 20.42.65.89 20.42.65.89 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
11 | 4 |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 161.132.226.35.bc.googleusercontent.com
2ly.link |
ASN200313 (INTERNET-IT, VG)
PTR: teamvibes.org
outlook.teamvibes.org | |
live.teamvibes.org |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
browser.events.data.microsoft.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
msauth.net
logincdn.msauth.net — Cisco Umbrella Rank: 6694 |
283 KB |
4 |
teamvibes.org
2 redirects
outlook.teamvibes.org live.teamvibes.org |
34 KB |
2 |
microsoft.com
browser.events.data.microsoft.com — Cisco Umbrella Rank: 144 |
761 B |
1 |
2ly.link
1 redirects
2ly.link |
514 B |
11 | 4 |
Domain | Requested by | |
---|---|---|
6 | logincdn.msauth.net |
live.teamvibes.org
logincdn.msauth.net |
2 | browser.events.data.microsoft.com |
logincdn.msauth.net
|
2 | live.teamvibes.org |
live.teamvibes.org
|
2 | outlook.teamvibes.org | 2 redirects |
1 | 2ly.link | 1 redirects |
11 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
live.teamvibes.org E5 |
2024-07-22 - 2024-10-20 |
3 months | crt.sh |
identitycdn.msauth.net Microsoft Azure RSA TLS Issuing CA 03 |
2024-06-07 - 2025-06-02 |
a year | crt.sh |
*.events.data.microsoft.com Microsoft Azure RSA TLS Issuing CA 07 |
2024-03-31 - 2025-03-26 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://live.teamvibes.org/login.srf?wa=wsignin1.0&rpsnv=157&ct=1722856942&rver=7.0.6738.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d8e01dfd1-e69d-6cfa-45aa-71d194693235&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
Frame ID: B12AA0308F9F4045527EFD1FFC8E7529
Requests: 10 HTTP requests in this frame
Screenshot
Page Title
Sign in to your Microsoft accountPage URL History Show full URLs
-
https://2ly.link/1z7wC
HTTP 302
https://outlook.teamvibes.org/messages HTTP 302
https://outlook.teamvibes.org/owa/?nlp=1 HTTP 302
https://live.teamvibes.org/login.srf?wa=wsignin1.0&rpsnv=157&ct=1722856942&rver=7.0.6738.0&wp=MBI_SSL&w... Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://2ly.link/1z7wC
HTTP 302
https://outlook.teamvibes.org/messages HTTP 302
https://outlook.teamvibes.org/owa/?nlp=1 HTTP 302
https://live.teamvibes.org/login.srf?wa=wsignin1.0&rpsnv=157&ct=1722856942&rver=7.0.6738.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d8e01dfd1-e69d-6cfa-45aa-71d194693235&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
login.srf
live.teamvibes.org/ Redirect Chain
|
27 KB 29 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login_en-gb_z-uBFBC5mIQaWo8OI-Kcog2.js
logincdn.msauth.net/shared/5/js/ |
906 KB 229 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
3aebbdafc809ccea95d4f2bf89103b71cd8b7088464da235f37441b5109b199a.js
live.teamvibes.org/s/ |
796 B 947 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
oneds-analytics-js_c176266d237b7f729fc3_en-gb.js
logincdn.msauth.net/shared/5/chunks/ |
89 KB 33 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microsoft_logo_ee5c8d9fb6248c938fd0.svg
logincdn.msauth.net/shared/5/images/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2_bc3d32a696895f78c19d.svg
logincdn.msauth.net/shared/5/images/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
3aebbdafc809ccea95d4f2bf89103b71cd8b7088464da235f37441b5109b199a
live.teamvibes.org/s/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
logincdn.msauth.net/16.000.30293.2/images/ |
17 KB 17 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
signin_options_4e48046ce74f4b89d450.svg
logincdn.msauth.net/shared/5/images/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
/
browser.events.data.microsoft.com/OneCollector/1.0/ |
153 B 761 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
/
browser.events.data.microsoft.com/OneCollector/1.0/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- live.teamvibes.org
- URL
- https://live.teamvibes.org/s/3aebbdafc809ccea95d4f2bf89103b71cd8b7088464da235f37441b5109b199a
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| PROOF object| ServerData function| $Loader object| g_dtFirstByte function| SRSRetry object| webpackChunk_msidentity_sisu_msa function| clearImmediate function| setImmediate object| regeneratorRuntime function| getRedirect object| __dynProto$Gbl16 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.teamvibes.org/ | Name: adfd-f50b Value: 3aebbdafc809ccea95d4f2bf89103b71cd8b7088464da235f37441b5109b199a |
|
outlook.teamvibes.org/ | Name: ClientId Value: AE0612587E054A40B2B8D30BA1C78E25 |
|
.teamvibes.org/ | Name: logonLatency Value: LGN01=638584537424352722 |
|
outlook.teamvibes.org/ | Name: exchangecookie Value: e2fbaf6db9d348688e7be8b2784c7cad |
|
outlook.teamvibes.org/ | Name: RpsCsrfState.1NAT0Ej_jmK1sZF2p21Jk2gpwKSkGU4Rq1oqLnwbIyw Value: 8e01dfd1-e69d-6cfa-45aa-71d194693235 |
|
outlook.teamvibes.org/ | Name: X-OWA-RedirectHistory Value: AhR7n8MBObg-4EC13Ag |
|
.live.teamvibes.org/ | Name: uaid Value: 7fbb077847d24ab7ac9ca83da3979637 |
|
.live.teamvibes.org/ | Name: MSPRequ Value: id=292841<=1722856942&co=1 |
|
.live.teamvibes.org/ | Name: MSCC Value: 45.83.123.245-NL |
|
.live.teamvibes.org/ | Name: MSPOK Value: $uuid-c92e53b6-6bec-41f3-b1a3-c2b6b744d28b |
|
.live.teamvibes.org/ | Name: OParams Value: 11O.Dsiq*T6omoJAIra0G9cXr2JtPp!BhIgCyYyClZ7QRGOJgW6h7QwE6RSLUwSbPwKZz7XMcowPDQ56PfT3dqEgKZ!ArkFm*QCaKTaUaHYkahnTHMencULS3xGmuj0wIE7EtKbf5S9MXTDuWU45FPiVB99!iNbVzQxPLYAaG5fRzA9UOX6SMzscC95JZIjjkxM8sp2TWIg3NssHyvPIfHw0qiEDTGwNSOHGlkWSQKd2a*j2I4A14tRcp1NQM5Wvd39DHHiMwdHfjzllpRnUZr2h4!ZZ0FbaWv528rSpX*gGvzqn0PSN5Z5k!jYu0FTnrheya8bLhQNPTUTfy!l3yEIdB74qTHGx*pWofLYfTCBCBvsA8CkjwIhKzjpzbP5mQqoNwdPU!EHm0ogyv!lYR*NxrZeIyqpQpAFaul1K44CGRdpL |
|
live.teamvibes.org/ | Name: MicrosoftApplicationsTelemetryDeviceId Value: 9b5b358e-919f-432e-a264-756850bdc8fe |
|
live.teamvibes.org/ | Name: ai_session Value: 3A51k9NM65gZVyx4S3kiVX|1722856943951|1722856943951 |
|
.microsoft.com/ | Name: MC1 Value: GUID=20088e0e959a48e996c8d9728eff3ed9&HASH=2008&LV=202408&V=4&LU=1722856947514 |
|
.microsoft.com/ | Name: MS0 Value: b5c30bf1d0ae4077a49c069d79fda018 |
|
live.teamvibes.org/ | Name: MSFPC Value: GUID=20088e0e959a48e996c8d9728eff3ed9&HASH=2008&LV=202408&V=4&LU=1722856947514 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
2ly.link
browser.events.data.microsoft.com
live.teamvibes.org
logincdn.msauth.net
outlook.teamvibes.org
live.teamvibes.org
20.42.65.89
2620:1ec:29:1::72
35.226.132.161
45.83.123.245
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
3b6bc5c8cbe41e920aa3c65d3028c6e336919605c058f3c57a63bb1b57634b0d
5a9af6e809994d66001711db34bdc4c56de0cf415840cf68fceed14553baeb0f
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
a32c99bb90ee1cd8c3d4f2ac3df6d85c4869b6cad2f1618ae7f48de23d800985
cf30989945dba9c1e5753f67d92d41d7790f0874e6a565920ddf87d71735a92d
d5e4ea88b2dfa6cb21007f3ae8de1b93c1d8c9507a26f324eda0f1a7deb81934