login.microsoftonline.com.office.ujjivanrp.usfb.myshn.net
Open in
urlscan Pro
3.7.26.82
Malicious Activity!
Public Scan
Effective URL: https://login.microsoftonline.com.office.ujjivanrp.usfb.myshn.net/organizations/oauth2/v2.0/authorize?redirect_uri=https%3A%2F%2Fintune.microsoft.com.office.ujjiv...
Submission: On January 31 via api from JP — Scanned from JP
Summary
TLS certificate: Issued by GlobalSign RSA OV SSL CA 2018 on January 31st 2023. Valid for: a year.
This is the only time login.microsoftonline.com.office.ujjivanrp.usfb.myshn.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 9 | 3.7.26.82 3.7.26.82 | 16509 (AMAZON-02) (AMAZON-02) | |
3 | 65.0.112.2 65.0.112.2 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 13.127.252.30 13.127.252.30 | () () | |
14 | 4 |
ASN16509 (AMAZON-02, US)
PTR: ec2-3-7-26-82.ap-south-1.compute.amazonaws.com
ASN16509 (AMAZON-02, US)
PTR: ec2-65-0-112-2.ap-south-1.compute.amazonaws.com
intune.microsoft.com.office.ujjivanrp.usfb.myshn.net |
Domain | Requested by | |
---|---|---|
5 | aadcdn.msauth.net.office.ujjivanrp.usfb.myshn.net |
login.microsoftonline.com.office.ujjivanrp.usfb.myshn.net
aadcdn.msauth.net.office.ujjivanrp.usfb.myshn.net |
3 | intune.microsoft.com.office.ujjivanrp.usfb.myshn.net |
intune.microsoft.com.office.ujjivanrp.usfb.myshn.net
|
2 | login.microsoftonline.com.office.ujjivanrp.usfb.myshn.net |
intune.microsoft.com.office.ujjivanrp.usfb.myshn.net
login.microsoftonline.com.office.ujjivanrp.usfb.myshn.net |
1 | portal.azure.com.office.ujjivanrp.usfb.myshn.net |
aadcdn.msauth.net.office.ujjivanrp.usfb.myshn.net
|
1 | login.live.com.office.ujjivanrp.usfb.myshn.net |
login.microsoftonline.com.office.ujjivanrp.usfb.myshn.net
|
1 | manage.microsoft.com.office.ujjivanrp.usfb.myshn.net | 1 redirects |
14 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
office.ujjivanrp.usfb.myshn.net GlobalSign RSA OV SSL CA 2018 |
2023-01-31 - 2024-03-03 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://login.microsoftonline.com.office.ujjivanrp.usfb.myshn.net/organizations/oauth2/v2.0/authorize?redirect_uri=https%3A%2F%2Fintune.microsoft.com.office.ujjivanrp.usfb.myshn.net%2Fsignin%2Findex%2F&response_type=code%20id_token&scope=https%3A%2F%2Fmanagement.core.windows.net%2F%2Fuser_impersonation%20openid%20email%20profile&state=OpenIdConnect.AuthenticationProperties%3DzqP38th4_gmt9gSyXjJAD6EK2ilWcUTV-x9noIQ-OymXLeaOGiJeDhugoiOHkTdgEZRBxS9pYm94DtcXglA7q0j1y7uoU1Q03IoNVsvpN_vwla_cxw5RAJYAJeiAAdECS6loyf0nVmAFg0SjBJWBhMJn20k0E9Ju-6mG7sU0hdo5pUhYgpawq-5rdKpqt71hwIV1CQYrTFlz2senF7foDHJukXD-nMSlRsbiams5jHmx57iBvP-82c6HNzdJdZmlR4Kxly-6mKfDCTjx28ixH2GY99MxuELzjswzgR0xr2YVOCXUztX5HW1STsijM6h57LIoY97k3rQnjOfe4gFi8X-otbfBKv95gqTngn4kNU8S1una8KYlcKvLLPQ3tay-QRLAGey2e8FBiOj9i6rSxQ&response_mode=form_post&nonce=638107453436255302.NzMzODBjOWEtN2IxOC00NDdkLTlhYzYtOWVmMmIzMTc4NTJkNzI3ZGQ0Y2EtYjY5Mi00N2U5LThjNzEtZmRmMTM2ZDBlYTJh&client_id=c44b4083-3bb0-49c1-b47d-974e53cbdf3c&site_id=501430&client-request-id=f8563609-f532-49dd-816e-4d5a6d1ccb50&x-client-SKU=ID_NET472&x-client-ver=6.22.1.0&sso_reload=true
Frame ID: 554595C4A69F35451DC5F540C87DBA3A
Requests: 13 HTTP requests in this frame
Frame:
https://portal.azure.com.office.ujjivanrp.usfb.myshn.net/cobrand/
Frame ID: 86A25722C397BE27DE8B082179BFACE9
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
Sign in to Microsoft AzurePage URL History Show full URLs
-
https://manage.microsoft.com.office.ujjivanrp.usfb.myshn.net/
HTTP 302
https://intune.microsoft.com.office.ujjivanrp.usfb.myshn.net/ Page URL
- https://login.microsoftonline.com.office.ujjivanrp.usfb.myshn.net/organizations/oauth2/v2.0/authorize?redirect_uri=https%3A%2F%2Fintune.micros... Page URL
- https://login.microsoftonline.com.office.ujjivanrp.usfb.myshn.net/organizations/oauth2/v2.0/authorize?redirect_uri=https%3A%2F%2Fintune.micros... Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://manage.microsoft.com.office.ujjivanrp.usfb.myshn.net/
HTTP 302
https://intune.microsoft.com.office.ujjivanrp.usfb.myshn.net/ Page URL
- https://login.microsoftonline.com.office.ujjivanrp.usfb.myshn.net/organizations/oauth2/v2.0/authorize?redirect_uri=https%3A%2F%2Fintune.microsoft.com.office.ujjivanrp.usfb.myshn.net%2Fsignin%2Findex%2F&response_type=code%20id_token&scope=https%3A%2F%2Fmanagement.core.windows.net%2F%2Fuser_impersonation%20openid%20email%20profile&state=OpenIdConnect.AuthenticationProperties%3DzqP38th4_gmt9gSyXjJAD6EK2ilWcUTV-x9noIQ-OymXLeaOGiJeDhugoiOHkTdgEZRBxS9pYm94DtcXglA7q0j1y7uoU1Q03IoNVsvpN_vwla_cxw5RAJYAJeiAAdECS6loyf0nVmAFg0SjBJWBhMJn20k0E9Ju-6mG7sU0hdo5pUhYgpawq-5rdKpqt71hwIV1CQYrTFlz2senF7foDHJukXD-nMSlRsbiams5jHmx57iBvP-82c6HNzdJdZmlR4Kxly-6mKfDCTjx28ixH2GY99MxuELzjswzgR0xr2YVOCXUztX5HW1STsijM6h57LIoY97k3rQnjOfe4gFi8X-otbfBKv95gqTngn4kNU8S1una8KYlcKvLLPQ3tay-QRLAGey2e8FBiOj9i6rSxQ&response_mode=form_post&nonce=638107453436255302.NzMzODBjOWEtN2IxOC00NDdkLTlhYzYtOWVmMmIzMTc4NTJkNzI3ZGQ0Y2EtYjY5Mi00N2U5LThjNzEtZmRmMTM2ZDBlYTJh&client_id=c44b4083-3bb0-49c1-b47d-974e53cbdf3c&site_id=501430&client-request-id=f8563609-f532-49dd-816e-4d5a6d1ccb50&x-client-SKU=ID_NET472&x-client-ver=6.22.1.0 Page URL
- https://login.microsoftonline.com.office.ujjivanrp.usfb.myshn.net/organizations/oauth2/v2.0/authorize?redirect_uri=https%3A%2F%2Fintune.microsoft.com.office.ujjivanrp.usfb.myshn.net%2Fsignin%2Findex%2F&response_type=code%20id_token&scope=https%3A%2F%2Fmanagement.core.windows.net%2F%2Fuser_impersonation%20openid%20email%20profile&state=OpenIdConnect.AuthenticationProperties%3DzqP38th4_gmt9gSyXjJAD6EK2ilWcUTV-x9noIQ-OymXLeaOGiJeDhugoiOHkTdgEZRBxS9pYm94DtcXglA7q0j1y7uoU1Q03IoNVsvpN_vwla_cxw5RAJYAJeiAAdECS6loyf0nVmAFg0SjBJWBhMJn20k0E9Ju-6mG7sU0hdo5pUhYgpawq-5rdKpqt71hwIV1CQYrTFlz2senF7foDHJukXD-nMSlRsbiams5jHmx57iBvP-82c6HNzdJdZmlR4Kxly-6mKfDCTjx28ixH2GY99MxuELzjswzgR0xr2YVOCXUztX5HW1STsijM6h57LIoY97k3rQnjOfe4gFi8X-otbfBKv95gqTngn4kNU8S1una8KYlcKvLLPQ3tay-QRLAGey2e8FBiOj9i6rSxQ&response_mode=form_post&nonce=638107453436255302.NzMzODBjOWEtN2IxOC00NDdkLTlhYzYtOWVmMmIzMTc4NTJkNzI3ZGQ0Y2EtYjY5Mi00N2U5LThjNzEtZmRmMTM2ZDBlYTJh&client_id=c44b4083-3bb0-49c1-b47d-974e53cbdf3c&site_id=501430&client-request-id=f8563609-f532-49dd-816e-4d5a6d1ccb50&x-client-SKU=ID_NET472&x-client-ver=6.22.1.0&sso_reload=true Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://manage.microsoft.com.office.ujjivanrp.usfb.myshn.net/ HTTP 302
- https://intune.microsoft.com.office.ujjivanrp.usfb.myshn.net/
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
intune.microsoft.com.office.ujjivanrp.usfb.myshn.net/ Redirect Chain
|
40 KB 17 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
intune.microsoft.com.office.ujjivanrp.usfb.myshn.net/signin/idpRedirect.js/ |
25 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
intune.microsoft.com.office.ujjivanrp.usfb.myshn.net/ |
56 KB 19 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
authorize
login.microsoftonline.com.office.ujjivanrp.usfb.myshn.net/organizations/oauth2/v2.0/ |
152 KB 55 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
authorize
login.microsoftonline.com.office.ujjivanrp.usfb.myshn.net/organizations/oauth2/v2.0/ |
206 KB 52 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Me.htm
login.live.com.office.ujjivanrp.usfb.myshn.net/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ConvergedLogin_PCore_NnFX4S8X6vb-OgGnD82WNA2.js
aadcdn.msauth.net.office.ujjivanrp.usfb.myshn.net/shared/1.0/content/js/ |
393 KB 111 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
convergedlogin_pcustomizationloader_f3782014f3739160dbfd.js
aadcdn.msauth.net.office.ujjivanrp.usfb.myshn.net/shared/1.0/content/js/asyncchunk/ |
107 KB 32 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
portal.azure.com.office.ujjivanrp.usfb.myshn.net/cobrand/ Frame 86A2 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
converged.v2.login.min_8owwt4u-33ps0wawi7tmow2.css
aadcdn.msauth.net.office.ujjivanrp.usfb.myshn.net/ests/2.1/content/cdnbundles/ |
0 21 KB |
Other
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ux.converged.login.strings-en.min_drcggiwi0cystfohuwx04a2.js
aadcdn.msauth.net.office.ujjivanrp.usfb.myshn.net/ests/2.1/content/cdnbundles/ |
0 15 KB |
Other
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
17_37e4ecbf38b26bf96a8e1265dd15375b.png
aadcdn.msauth.net.office.ujjivanrp.usfb.myshn.net/shared/1.0/content/images/applogos/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
aadcdn.msauth.net.office.ujjivanrp.usfb.myshn.net/shared/1.0/content/images/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
convergedlogin_pstringcustomizationhelper_44ba818dfa55d8749503.js
aadcdn.msauth.net.office.ujjivanrp.usfb.myshn.net/shared/1.0/content/js/asyncchunk/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- aadcdn.msauth.net.office.ujjivanrp.usfb.myshn.net
- URL
- https://aadcdn.msauth.net.office.ujjivanrp.usfb.myshn.net/shared/1.0/content/images/applogos/17_37e4ecbf38b26bf96a8e1265dd15375b.png
- Domain
- aadcdn.msauth.net.office.ujjivanrp.usfb.myshn.net
- URL
- https://aadcdn.msauth.net.office.ujjivanrp.usfb.myshn.net/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_44ba818dfa55d8749503.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)20 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| oncontentvisibilityautostatechange object| $Config object| $Debug object| $Do function| $Loader object| $WebWatson function| GetString function| GetErrorString function| GetUrl object| $B object| ServerData object| webpackJsonp object| ko object| PROOF object| StringRepository object| Telemetry object| telemetry_webpackJsonp boolean| __ConvergedLogin_PCore boolean| __13 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.intune.microsoft.com.office.ujjivanrp.usfb.myshn.net/ | Name: browserId Value: f8563609-f532-49dd-816e-4d5a6d1ccb50 |
|
intune.microsoft.com.office.ujjivanrp.usfb.myshn.net/ | Name: OpenIdConnect.nonce.VMMsoD1VPCZnwBrgdTpgqHNkhX4GL7vyPe495TY34LU%3D Value: V2dZRzgyUjBsNVNZejlhZnZpei10TXFCcjRLaXJTdHNzT1dReEtXZzZTcFRrMVhmX2lEYU9hUzdpazEzQ0NvZkl3alF2QXNKSEVwRVlHYjNiaEhTS0xza3hlVkhMcHVhVDdMTzA1SWoxTkxvbU1tenV4ZFdsZm5FVFpVbkdlSG95S0xpM3pxYTh4T1ZPa3NsTDJiTmU1UHFmQkdwa3QzVFlkbGw1QjFMMFdSemFMYUNyRU0zTGNLeFAyZlo5MGhEM1VpNldwUzJQYlpQdi1nc0xUbUpaNzlla2MwcnVWY05ya2xPUi1xZ2RsS213c2hBWEdVMlNpcVF1ZHhLeHRTUzNMeHowWTZjNmcxUFh3QjBBVzU3RWc%3D |
|
.office.ujjivanrp.usfb.myshn.net/ | Name: SHN-VH-session Value: 05c42208-d83d-47f8-8d63-fca876b77c5b|1675150343744 |
|
login.microsoftonline.com.office.ujjivanrp.usfb.myshn.net/ | Name: x-ms-gateway-slice Value: estsfd |
|
login.microsoftonline.com.office.ujjivanrp.usfb.myshn.net/ | Name: stsservicecookie Value: estsfd |
|
.login.microsoftonline.com.office.ujjivanrp.usfb.myshn.net/ | Name: AADSSO Value: NA|NoExtension |
|
login.microsoftonline.com.office.ujjivanrp.usfb.myshn.net/ | Name: SSOCOOKIEPULLED Value: 1 |
|
login.microsoftonline.com.office.ujjivanrp.usfb.myshn.net/ | Name: buid Value: 0.AT0AMe_N-B6jSkuT5F9XHpElWoNAS8SwO8FJtH2XTlPL3zwBAAA.AQABAAEAAAD--DLA3VO7QrddgJg7Wevr5et0E0hCT6pkPnbaxir-zowVgTyszZ7ZkbKtXHQVcIKpnBWph5WIUlKMoPZf-rG1jCTDefFO4JMsJM2tH8d7eJhsoiw9VePJat4nIqxYvecgAA |
|
login.microsoftonline.com.office.ujjivanrp.usfb.myshn.net/ | Name: fpc Value: Aud2CTQXowtNiZgKbTqJjnY9igOXAQAAAAC0atsOAAAA |
|
.login.microsoftonline.com.office.ujjivanrp.usfb.myshn.net/ | Name: esctx Value: PAQABAAEAAAD--DLA3VO7QrddgJg7WevriXMEzN9sGtJZNQKWJmF8w8flHMGTzZusKeL39Jupt9L7Z8SfmJs-6aCzPNa4LR6sx5eIcZAdsD2DgdGTFa5CqVKMa_oapkl2a_qVDyX_2pfcrBbRSoczsVxoSYDtRrFjvQxTX4RspmUqiJPSES8_4O6e7aiqJ8R_w_kmnMkpUgogAA |
|
.login.live.com.office.ujjivanrp.usfb.myshn.net/ | Name: uaid Value: 0b8ad9b2443f4f17a7603b73727ba455 |
|
.login.live.com.office.ujjivanrp.usfb.myshn.net/ | Name: MSPRequ Value: id=N<=1675148546&co=1 |
|
.login.microsoftonline.com.office.ujjivanrp.usfb.myshn.net/ | Name: brcap Value: 0 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | frame-ancestors 'self' |
Strict-Transport-Security | max-age=31536000; includeSubDomains |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aadcdn.msauth.net.office.ujjivanrp.usfb.myshn.net
intune.microsoft.com.office.ujjivanrp.usfb.myshn.net
login.live.com.office.ujjivanrp.usfb.myshn.net
login.microsoftonline.com.office.ujjivanrp.usfb.myshn.net
manage.microsoft.com.office.ujjivanrp.usfb.myshn.net
portal.azure.com.office.ujjivanrp.usfb.myshn.net
aadcdn.msauth.net.office.ujjivanrp.usfb.myshn.net
13.127.252.30
3.7.26.82
65.0.112.2
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
0e2ef54a0f3644ed15e5b535dd3a30b94ba2cbf05631efc41039ae793c8b0efe
223cf65813e8c5eb1eb36d431ec94f243a3cb442bad827e079d5ac688586990e
597efbb0332f5f71d70c94556c3f251f54d7366c32e5dd0358ed320d0312994f
6c2d64fa1f6851da17fde9943a498d5204b6e745c64583e783d9571afcd37336
a3b625584ab5bf4af98814aef62bae8d4573492dc679944c4e3a098da02a6992
b5132f2a8a6ae084032741b95deec650ce91a71bea16e77c9d20e2da76f047d6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855