login.viewnsecdocnow.pro
Open in
urlscan Pro
188.114.96.3
Malicious Activity!
Public Scan
Effective URL: https://login.viewnsecdocnow.pro/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3...
Submission Tags: falconsandbox
Submission: On June 25 via api from US — Scanned from DE
Summary
TLS certificate: Issued by WE1 on June 24th 2024. Valid for: 3 months.
This is the only time login.viewnsecdocnow.pro was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2606:4700:440... 2606:4700:4400::ac40:99b7 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 2a00:1450:400... 2a00:1450:4001:81d::200a | 15169 (GOOGLE) (GOOGLE) | |
26 | 18.154.63.39 18.154.63.39 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 2606:4700::68... 2606:4700::6812:80d8 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 2 | 2a06:98c1:312... 2a06:98c1:3121::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 1 | 188.114.97.3 188.114.97.3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 188.114.96.3 188.114.96.3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:827::2003 | 15169 (GOOGLE) (GOOGLE) | |
12 | 2606:2800:233... 2606:2800:233:1cb7:261b:1f9c:2074:3c | 15133 (EDGECAST) (EDGECAST) | |
50 | 8 |
ASN16509 (AMAZON-02, US)
PTR: server-18-154-63-39.dus51.r.cloudfront.net
landing-pages-cdn.app-us1.com |
ASN13335 (CLOUDFLARENET, US)
diffuser-cdn.app-us1.com | |
prism.app-us1.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
28 |
app-us1.com
landing-pages-cdn.app-us1.com — Cisco Umbrella Rank: 507404 diffuser-cdn.app-us1.com — Cisco Umbrella Rank: 10615 prism.app-us1.com — Cisco Umbrella Rank: 10731 |
223 KB |
12 |
msftauth.net
aadcdn.msftauth.net — Cisco Umbrella Rank: 1065 |
350 KB |
6 |
viewnsecdocnow.pro
3 redirects
login.viewnsecdocnow.pro www.viewnsecdocnow.pro ywnjb.viewnsecdocnow.pro Failed |
30 KB |
3 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 83 |
4 KB |
1 |
gstatic.com
fonts.gstatic.com |
48 KB |
1 |
ac-page.com
purestars.ac-page.com |
11 KB |
50 | 6 |
Domain | Requested by | |
---|---|---|
26 | landing-pages-cdn.app-us1.com |
purestars.ac-page.com
|
12 | aadcdn.msftauth.net |
login.viewnsecdocnow.pro
aadcdn.msftauth.net |
5 | login.viewnsecdocnow.pro |
2 redirects
purestars.ac-page.com
aadcdn.msftauth.net |
3 | fonts.googleapis.com |
purestars.ac-page.com
|
1 | prism.app-us1.com |
diffuser-cdn.app-us1.com
|
1 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | www.viewnsecdocnow.pro | 1 redirects |
1 | diffuser-cdn.app-us1.com |
purestars.ac-page.com
|
1 | purestars.ac-page.com | |
0 | ywnjb.viewnsecdocnow.pro Failed |
login.viewnsecdocnow.pro
aadcdn.msftauth.net |
50 | 10 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.microsoft.com |
privacy.microsoft.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.ac-page.com E1 |
2024-05-25 - 2024-08-23 |
3 months | crt.sh |
upload.video.google.com WR2 |
2024-06-03 - 2024-08-26 |
3 months | crt.sh |
*.app-us1.com Amazon RSA 2048 M02 |
2023-11-04 - 2024-12-01 |
a year | crt.sh |
diffuser-cdn.app-us1.com E1 |
2024-05-28 - 2024-08-26 |
3 months | crt.sh |
viewnsecdocnow.pro WE1 |
2024-06-24 - 2024-09-22 |
3 months | crt.sh |
*.gstatic.com WR2 |
2024-06-03 - 2024-08-26 |
3 months | crt.sh |
prism.app-us1.com E1 |
2024-05-17 - 2024-08-15 |
3 months | crt.sh |
aadcdn.msftauth.net DigiCert SHA2 Secure Server CA |
2024-05-25 - 2025-05-25 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://login.viewnsecdocnow.pro/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638548746779038779.YTdhMWE1YTYtZWVlMy00ODMxLWFmYjAtMDExOWZmMGQxOWMwNzZkN2MxOGEtZWFlMC00NmIyLWIyYzktZGI5MWVhYmZlMDMw&ui_locales=de-DE&mkt=de-DE&client-request-id=69f7eeb7-3aba-49d4-ac09-69d66e8c5469&state=dJuLnAbbSBfodD7UXaFbkWp7rfiiUaYNLKi_2Do5YgsHb0Js0FUg6q-xvlz8TzrJUbRSV9_cNbesmsf-g_AIFLR2ZmSjuf4uNJ2BXki8Fh4m41Dok4SLRYKtt6J3OxuTZZkwbj6KAN7v-F0Jb_-dkK_jepfmycjOF3DGr-aQLHMQHZjtQsZr4nH4EHJzMDWMspYzui8FrtyHcELvRyGLpT083qWTaN5a58N5Z4BdIyX-Y1dO3nb7w0whOgJZ5WOWnxLXHQ42khle4WmXerYkpA&x-client-SKU=ID_NET8_0&x-client-ver=7.3.1.0&sso_reload=true
Frame ID: 8DF3CC3B52F40DB8FB02C5717465839D
Requests: 49 HTTP requests in this frame
Frame:
https://ywnjb.viewnsecdocnow.pro/Me.htm?v=3
Frame ID: 355F9C40126089832340CF1ECB173FA6
Requests: 3 HTTP requests in this frame
Screenshot
Page Title
Bei Ihrem Konto anmeldenPage URL History Show full URLs
- https://purestars.ac-page.com/xxhsggdfjjdhgws Page URL
-
https://login.viewnsecdocnow.pro/QvDIOvnx
HTTP 302
https://login.viewnsecdocnow.pro/ HTTP 302
https://www.viewnsecdocnow.pro/login HTTP 302
https://login.viewnsecdocnow.pro/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&... Page URL
- https://login.viewnsecdocnow.pro/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&... Page URL
Detected technologies
Paths.js (JavaScript Graphics) ExpandDetected patterns
- paths(?:\.min)?\.js
Bootstrap (Web Frameworks) Expand
Detected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
AngularJS (JavaScript Frameworks) Expand
Detected patterns
- \bangular.{0,32}\.js
GSAP (JavaScript frameworks) Expand
Detected patterns
- TweenMax(?:\.min)?\.js
Lodash (JavaScript Libraries) Expand
Detected patterns
- lodash.*\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Title: Nutzungsbedingungen
Search URL Search Domain Scan URL
Title: Datenschutz und Cookies
Search URL Search Domain Scan URL
Title: Haftungsausschluss
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://purestars.ac-page.com/xxhsggdfjjdhgws Page URL
-
https://login.viewnsecdocnow.pro/QvDIOvnx
HTTP 302
https://login.viewnsecdocnow.pro/ HTTP 302
https://www.viewnsecdocnow.pro/login HTTP 302
https://login.viewnsecdocnow.pro/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638548746779038779.YTdhMWE1YTYtZWVlMy00ODMxLWFmYjAtMDExOWZmMGQxOWMwNzZkN2MxOGEtZWFlMC00NmIyLWIyYzktZGI5MWVhYmZlMDMw&ui_locales=de-DE&mkt=de-DE&client-request-id=69f7eeb7-3aba-49d4-ac09-69d66e8c5469&state=dJuLnAbbSBfodD7UXaFbkWp7rfiiUaYNLKi_2Do5YgsHb0Js0FUg6q-xvlz8TzrJUbRSV9_cNbesmsf-g_AIFLR2ZmSjuf4uNJ2BXki8Fh4m41Dok4SLRYKtt6J3OxuTZZkwbj6KAN7v-F0Jb_-dkK_jepfmycjOF3DGr-aQLHMQHZjtQsZr4nH4EHJzMDWMspYzui8FrtyHcELvRyGLpT083qWTaN5a58N5Z4BdIyX-Y1dO3nb7w0whOgJZ5WOWnxLXHQ42khle4WmXerYkpA&x-client-SKU=ID_NET8_0&x-client-ver=7.3.1.0 Page URL
- https://login.viewnsecdocnow.pro/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638548746779038779.YTdhMWE1YTYtZWVlMy00ODMxLWFmYjAtMDExOWZmMGQxOWMwNzZkN2MxOGEtZWFlMC00NmIyLWIyYzktZGI5MWVhYmZlMDMw&ui_locales=de-DE&mkt=de-DE&client-request-id=69f7eeb7-3aba-49d4-ac09-69d66e8c5469&state=dJuLnAbbSBfodD7UXaFbkWp7rfiiUaYNLKi_2Do5YgsHb0Js0FUg6q-xvlz8TzrJUbRSV9_cNbesmsf-g_AIFLR2ZmSjuf4uNJ2BXki8Fh4m41Dok4SLRYKtt6J3OxuTZZkwbj6KAN7v-F0Jb_-dkK_jepfmycjOF3DGr-aQLHMQHZjtQsZr4nH4EHJzMDWMspYzui8FrtyHcELvRyGLpT083qWTaN5a58N5Z4BdIyX-Y1dO3nb7w0whOgJZ5WOWnxLXHQ42khle4WmXerYkpA&x-client-SKU=ID_NET8_0&x-client-ver=7.3.1.0&sso_reload=true Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 31- https://login.viewnsecdocnow.pro/QvDIOvnx HTTP 302
- https://login.viewnsecdocnow.pro/ HTTP 302
- https://www.viewnsecdocnow.pro/login HTTP 302
- https://login.viewnsecdocnow.pro/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638548746779038779.YTdhMWE1YTYtZWVlMy00ODMxLWFmYjAtMDExOWZmMGQxOWMwNzZkN2MxOGEtZWFlMC00NmIyLWIyYzktZGI5MWVhYmZlMDMw&ui_locales=de-DE&mkt=de-DE&client-request-id=69f7eeb7-3aba-49d4-ac09-69d66e8c5469&state=dJuLnAbbSBfodD7UXaFbkWp7rfiiUaYNLKi_2Do5YgsHb0Js0FUg6q-xvlz8TzrJUbRSV9_cNbesmsf-g_AIFLR2ZmSjuf4uNJ2BXki8Fh4m41Dok4SLRYKtt6J3OxuTZZkwbj6KAN7v-F0Jb_-dkK_jepfmycjOF3DGr-aQLHMQHZjtQsZr4nH4EHJzMDWMspYzui8FrtyHcELvRyGLpT083qWTaN5a58N5Z4BdIyX-Y1dO3nb7w0whOgJZ5WOWnxLXHQ42khle4WmXerYkpA&x-client-SKU=ID_NET8_0&x-client-ver=7.3.1.0
50 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
xxhsggdfjjdhgws
purestars.ac-page.com/ |
47 KB 11 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
2 KB 687 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
27 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
13 KB 1008 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
landing-pages-cdn.app-us1.com/vendor/jquery/dist/ |
88 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lodash.min.js
landing-pages-cdn.app-us1.com/vendor/lodash/ |
71 KB 26 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lz-string.min.js
landing-pages-cdn.app-us1.com/vendor/lz-string/libs/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
angular.min.js
landing-pages-cdn.app-us1.com/vendor/angular/ |
174 KB 61 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
URI.min.js
landing-pages-cdn.app-us1.com/vendor/urijs/src/ |
47 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
angular-cookies.min.js
landing-pages-cdn.app-us1.com/vendor/angular-cookies/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
angular-animate.min.js
landing-pages-cdn.app-us1.com/vendor/angular-animate/ |
26 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ngStorage.min.js
landing-pages-cdn.app-us1.com/vendor/ngstorage/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
TweenMax.min.js
landing-pages-cdn.app-us1.com/vendor/gsap/src/minified/ |
113 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
core.js
landing-pages-cdn.app-us1.com/core/ |
107 B 502 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
services.js
landing-pages-cdn.app-us1.com/core/services/ |
20 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
services.modal.js
landing-pages-cdn.app-us1.com/core/services/ |
4 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
services.paths.js
landing-pages-cdn.app-us1.com/core/services/ |
786 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
directives.js
landing-pages-cdn.app-us1.com/core/directives/ |
34 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
directives.countdown.js
landing-pages-cdn.app-us1.com/core/directives/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
directives.parallax.js
landing-pages-cdn.app-us1.com/core/directives/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
directives.scratch.js
landing-pages-cdn.app-us1.com/core/directives/ |
12 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
directives.background-video.js
landing-pages-cdn.app-us1.com/core/directives/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
filters.js
landing-pages-cdn.app-us1.com/core/filters/ |
33 B 426 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
animations.js
landing-pages-cdn.app-us1.com/core/animations/ |
36 B 430 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
landing-pages-cdn.app-us1.com/analytics/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.js
landing-pages-cdn.app-us1.com/app/ |
217 B 612 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.controllers.js
landing-pages-cdn.app-us1.com/app/ |
183 B 579 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.config.js
landing-pages-cdn.app-us1.com/app/ |
210 B 604 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.templates.js
landing-pages-cdn.app-us1.com/app/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.js
landing-pages-cdn.app-us1.com/app/ |
41 B 435 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
diffuser.js
diffuser-cdn.app-us1.com/diffuser/ |
41 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
authorize
login.viewnsecdocnow.pro/common/oauth2/v2.0/ Redirect Chain
|
21 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ |
47 KB 48 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
prism.app-us1.com/ |
0 312 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
BssoInterrupt_Core_sw-M8KkV3_nBot-G1ImRcw2.js
aadcdn.msftauth.net/shared/1.0/content/js/ |
138 KB 49 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Primary Request
authorize
login.viewnsecdocnow.pro/common/oauth2/v2.0/ |
45 KB 17 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
login.viewnsecdocnow.pro/ |
0 535 B |
Other
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Me.htm
ywnjb.viewnsecdocnow.pro/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
converged.v2.login.min_mc5ac6ol0l4d2iaqspstyg2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ |
111 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ConvergedLogin_PCore_HynxqeZdtbyHDb4R-n7Odg2.js
aadcdn.msftauth.net/shared/1.0/content/js/ |
437 KB 119 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ux.converged.login.strings-de.min_t2egxy3e-i7icwo0cfhacq2.js
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ |
61 KB 17 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
oneDs_f2e0f4a029670f10d892.js
aadcdn.msftauth.net/shared/1.0/content/js/ |
186 KB 60 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
convergedlogin_pcustomizationloader_8e14dcf0e3ff5580d170.js
aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/ |
219 KB 53 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon_a_eupayfgghqiai7k9sol6lg2.ico
aadcdn.msftauth.net/shared/1.0/content/images/ |
17 KB 17 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
convergedlogin_pfetchsessionsprogress_0b5ca5d48eeaf75b0528.js
aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/ |
15 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif
aadcdn.msftauth.net/shared/1.0/content/images/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif
aadcdn.msftauth.net/shared/1.0/content/images/ |
4 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg
aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/ |
2 KB 837 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
aadcdn.msftauth.net/shared/1.0/content/images/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Me.htm
ywnjb.viewnsecdocnow.pro/ Frame 355F |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 355F |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 355F |
5 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- ywnjb.viewnsecdocnow.pro
- URL
- https://ywnjb.viewnsecdocnow.pro/Me.htm?v=3
- Domain
- ywnjb.viewnsecdocnow.pro
- URL
- https://ywnjb.viewnsecdocnow.pro/Me.htm?v=3
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)24 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 undefined| event object| fence object| sharedStorage object| $Config object| $Debug object| $Do function| $Loader object| $WebWatson function| GetString function| GetErrorString function| GetUrl object| $B object| ServerData object| webpackJsonp object| ko object| PROOF object| StringRepository object| Telemetry object| telemetry_webpackJsonp boolean| __ConvergedLogin_PCore boolean| __ boolean| __convergedlogin_pcustomizationloader_8e14dcf0e3ff5580d170 boolean| __convergedlogin_pfetchsessionsprogress_0b5ca5d48eeaf75b052819 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.ac-page.com/ | Name: __cfruid Value: 4f9daacd959f044453bada3583e2c64e2c090d56-1719277875 |
|
prism.app-us1.com/ | Name: prism_92624174 Value: b0e4011c-7aed-4f5c-be8d-ad0c623b3448 |
|
.viewnsecdocnow.pro/ | Name: tRXB Value: 212f3e4b86251513224bd3c9ed62d068c9854b8011d71e28ef0d6f378b345db0 |
|
login.viewnsecdocnow.pro/ | Name: x-ms-gateway-slice Value: estsfd |
|
login.viewnsecdocnow.pro/ | Name: stsservicecookie Value: estsfd |
|
www.viewnsecdocnow.pro/ | Name: OH.DCAffinity Value: OH-wus |
|
www.viewnsecdocnow.pro/ | Name: OH.FLID Value: 2bf9dcfa-8c2d-4158-9cca-e80fba9b87fa |
|
www.viewnsecdocnow.pro/ | Name: .AspNetCore.OpenIdConnect.Nonce.8YzoVA_nkhBXPCUH4ZRx0RIgaqWWfaMTrTQ-xxJocEIie4keDNq5tLGRp1Oxe1fWe_mFF7_U-NPaOBIJ-6W779HDmE1u7KOYYAmzaZyehKawiMHb3LZYo2lFjFS_otWaJDS1cwVV7JD48C3dUlSWDajEGiop1YVPTXUTzrgaIpYgQAHinMNuDgxUyWKDQK9CNqyv-zt5aq3wnzsWfRzX2aJd9Z_wJd3BZIORSCskVYszXiieynwz-Iu-aFEX8kJG Value: N |
|
www.viewnsecdocnow.pro/ | Name: .AspNetCore.Correlation.KEBsDnPxLcHAukQ91eNkV9sF1Mc06EYlhRpnCAHsnKA Value: N |
|
.viewnsecdocnow.pro/ | Name: MUID Value: 168828174B9367C310513CBE4ADF660C |
|
.login.viewnsecdocnow.pro/ | Name: esctx-J3gHdVqI3sU Value: AQABCQEAAAApTwJmzXqdR4BN2miheQMYugDfp2nuLPNJts9Pds3VVlg5gbKBf5o4HAEgFt_7Is36gPjwzWK79pdnWH25euw-cmGfEbcoDAVcRIkmDOEE3WnTQt1t6en6sfbtcKZHbfWAsLVB8GGZ0oqRuNeQtHPvEVHJuSWgB6mkiv8w8SFNbCAA |
|
.login.viewnsecdocnow.pro/ | Name: AADSSO Value: NA|NoExtension |
|
login.viewnsecdocnow.pro/ | Name: SSOCOOKIEPULLED Value: 1 |
|
login.viewnsecdocnow.pro/ | Name: buid Value: 0.AVoAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYuJFlGd4bTlzQ9_X47WyjafUoR8zffLXG1dJ0rm9T-xwJ3Z3C0v4uEdRb39zRBy2j2xxC8RdnA8eV97XcRk-VqnOB20eqgLKo79PDSgKSTmYgAA |
|
.login.viewnsecdocnow.pro/ | Name: esctx Value: PAQABBwEAAAApTwJmzXqdR4BN2miheQMY_aQn4hYoo47pij2jC9fBVyBLJb2b90LBiOTDQPZxmWD6Li5GguYiXCM3spgyUA7LHXgx7btbKzLQmLaGUJ0ftHEDaNVLemxv_FMVd6iGtHO_n19x-bGJp3xxvCqoALETCQSkxKTHo8IOx2RT9kb8lnFtveReYvHETiuG7_ntu5UgAA |
|
.login.viewnsecdocnow.pro/ | Name: esctx-W6Tj25TiZU Value: AQABCQEAAAApTwJmzXqdR4BN2miheQMYF_6gUkuKS1NXorbN3GHopX6Z3O2nVdTq__8TmmGGDioaFCt_hW1_cJEzkjDEHABe5vxtKPAZoTKf-6crp2Kye_HdKwDjuXRUmKF9Dpf27xIHk-Ws4OJn3nPD0-T7y466ZoBPPC8-pKRwo5TNm9XlAiAA |
|
login.viewnsecdocnow.pro/ | Name: fpc Value: AlRI_7AvHpZGhg_E9Lkz1xG8Ae7AAQAAADcQDN4OAAAA |
|
login.viewnsecdocnow.pro/ | Name: MicrosoftApplicationsTelemetryDeviceId Value: 93511184-4db0-4251-99aa-45c81198ccf6 |
|
.login.viewnsecdocnow.pro/ | Name: brcap Value: 0 |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aadcdn.msftauth.net
diffuser-cdn.app-us1.com
fonts.googleapis.com
fonts.gstatic.com
landing-pages-cdn.app-us1.com
login.viewnsecdocnow.pro
prism.app-us1.com
purestars.ac-page.com
www.viewnsecdocnow.pro
ywnjb.viewnsecdocnow.pro
ywnjb.viewnsecdocnow.pro
18.154.63.39
188.114.96.3
188.114.97.3
2606:2800:233:1cb7:261b:1f9c:2074:3c
2606:4700:4400::ac40:99b7
2606:4700::6812:80d8
2a00:1450:4001:81d::200a
2a00:1450:4001:827::2003
2a06:98c1:3121::3
04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
04e2853193cb2766a21222cbe47e5d76e8e778b700b9dedb12a8a8e805e019b9
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
23804c857c0f312172654571928d8945eb9585b94f6d4be9c59a37eae054c0fd
39b715d1182468688af4ed263098873e8e65bf3dd938ab51ac8fae81d8f04d3d
474ce0790ceb18a100cebaf1ac0915a51389fcae0830c3b44bfa1e365d40b2b4
53b07b98c76b0d23c1fa945f7b9b396a187e066b083c94015fd461fbf4e099e4
8405362eb8f09df13ae244de155b51b1577274673d9728b6c81cd0278a63c8b0
8737d721808655f37b333f08a90185699e7e8b9bdaaa15cdb63c8448b426f95d
88ae81949d2a30a87f03bb65424966f8d7e43ca03a4a6162788d999e68a7da1c
8b81b6dbb9af6502d78abe8a85d135861848e0597989901da42c62ecb841a07d
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
a46201581a7c7c667fd42787cd1e9adf2f6bf809efb7596e61a03e8dba9ada13
c46260ae991cf2ec707635ef9e2e7f3424d53d30f4801c880de14c1f9e03fa84
e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2