adfs.grenkeleasing.com
Open in
urlscan Pro
217.25.134.20
Public Scan
Effective URL: https://adfs.grenkeleasing.com/adfs/ls/?login_hint=frandt%40grenke.de&client-request-id=48a69cd0-45c6-48eb-8edb-dda179482c6f&us...
Submission Tags: falconsandbox
Submission: On October 12 via api from US — Scanned from DE
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on August 7th 2020. Valid for: 2 years.
This is the only time adfs.grenkeleasing.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 80.78.23.65 80.78.23.65 | 39287 (ABSTRACT) (ABSTRACT) | |
1 4 | 91.134.26.60 91.134.26.60 | 16276 (OVH) (OVH) | |
4 | 217.25.134.20 217.25.134.20 | 21234 (GRENKE-SE...) (GRENKE-SERVICE-AG) | |
8 | 3 |
ASN39287 (ABSTRACT, FI)
PTR: 504e1741.host.njalla.net
9557833j.employeesalaryincrease.com |
ASN16276 (OVH, FR)
PTR: v2.home2homesales.com
www.conductingcode.xyz | |
microsoftonline.conductingcode.xyz |
ASN21234 (GRENKE-SERVICE-AG, DE)
PTR: adfs.grenkeleasing.com
adfs.grenkeleasing.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
grenkeleasing.com
adfs.grenkeleasing.com |
537 KB |
4 |
conductingcode.xyz
1 redirects
www.conductingcode.xyz microsoftonline.conductingcode.xyz |
145 KB |
2 |
employeesalaryincrease.com
1 redirects
9557833j.employeesalaryincrease.com |
29 KB |
8 | 3 |
Domain | Requested by | |
---|---|---|
4 | adfs.grenkeleasing.com |
microsoftonline.conductingcode.xyz
adfs.grenkeleasing.com |
2 | microsoftonline.conductingcode.xyz |
1 redirects
www.conductingcode.xyz
|
2 | www.conductingcode.xyz |
9557833j.employeesalaryincrease.com
www.conductingcode.xyz |
2 | 9557833j.employeesalaryincrease.com | 1 redirects |
8 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
badss01.grenkeleasing.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
employeesalaryincrease.com R3 |
2021-10-11 - 2022-01-09 |
3 months | crt.sh |
conductingcode.xyz R3 |
2021-10-08 - 2022-01-06 |
3 months | crt.sh |
adfs.grenkeleasing.com Sectigo RSA Domain Validation Secure Server CA |
2020-08-07 - 2022-11-05 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://adfs.grenkeleasing.com/adfs/ls/?login_hint=frandt%40grenke.de&client-request-id=48a69cd0-45c6-48eb-8edb-dda179482c6f&username=frandt%40grenke.de&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQIIAeNisNLJKCkpKLbS1y_ILypJzNHLzUwuyi_OTyvJz8vJzEvVS87P1csvSs9MAbGKhLgELsxZ5nHM9bVH3-27Cys9dPJXMSoTNkL_AiPjC0bGSUwCaUWJeSklDulFqXnZqXopqbeYBP2L0j1TwovdUlNSixJLMvPzHjFjKLvAIvCKhceA2YqDg0uAQYJBgeEHC-MiVqB7hKWv5ew9W-O3Ml6qXWa5AeMpVn1HDy9P0xS3sIKcwNLEDP2Qct-sQEOfFN_EZB9Po-zUjMTgCO-gsir34oByW3MrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EWl4iRgZGhrqGBrqGRgoGFlaGRlYFF1AFehgd8jA_4mB7wMT_gY3nAx_qAj-0BH_sDPo4HfJwP-Lge8HEDAA2
Frame ID: A28C16DEF606224784F9114B71764F35
Requests: 8 HTTP requests in this frame
Screenshot
Page Title
AnmeldenPage URL History Show full URLs
- https://9557833j.employeesalaryincrease.com/?username=frandt%40grenke.de Page URL
-
https://9557833j.employeesalaryincrease.com/?username=frandt%40grenke.de
HTTP 302
https://www.conductingcode.xyz/b/3321344/?username=frandt%40grenke.de Page URL
- https://microsoftonline.conductingcode.xyz/login.srf?__smso=4dAp-zGESb6RPFEmGfkilA%3D%3D&username=frandt%40grenke.de Page URL
-
https://microsoftonline.conductingcode.xyz/login.srf?__smso=4dAp-zGESb6RPFEmGfkilA%3D%3D&username=frandt%40grenke.de&ss...
HTTP 302
https://adfs.grenkeleasing.com/adfs/ls/?login_hint=frandt%40grenke.de&client-request-id=48a69cd0-45c6-48eb-... Page URL
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Help
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://9557833j.employeesalaryincrease.com/?username=frandt%40grenke.de Page URL
-
https://9557833j.employeesalaryincrease.com/?username=frandt%40grenke.de
HTTP 302
https://www.conductingcode.xyz/b/3321344/?username=frandt%40grenke.de Page URL
- https://microsoftonline.conductingcode.xyz/login.srf?__smso=4dAp-zGESb6RPFEmGfkilA%3D%3D&username=frandt%40grenke.de Page URL
-
https://microsoftonline.conductingcode.xyz/login.srf?__smso=4dAp-zGESb6RPFEmGfkilA%3D%3D&username=frandt%40grenke.de&sso_reload=true
HTTP 302
https://adfs.grenkeleasing.com/adfs/ls/?login_hint=frandt%40grenke.de&client-request-id=48a69cd0-45c6-48eb-8edb-dda179482c6f&username=frandt%40grenke.de&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQIIAeNisNLJKCkpKLbS1y_ILypJzNHLzUwuyi_OTyvJz8vJzEvVS87P1csvSs9MAbGKhLgELsxZ5nHM9bVH3-27Cys9dPJXMSoTNkL_AiPjC0bGSUwCaUWJeSklDulFqXnZqXopqbeYBP2L0j1TwovdUlNSixJLMvPzHjFjKLvAIvCKhceA2YqDg0uAQYJBgeEHC-MiVqB7hKWv5ew9W-O3Ml6qXWa5AeMpVn1HDy9P0xS3sIKcwNLEDP2Qct-sQEOfFN_EZB9Po-zUjMTgCO-gsir34oByW3MrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EWl4iRgZGhrqGBrqGRgoGFlaGRlYFF1AFehgd8jA_4mB7wMT_gY3nAx_qAj-0BH_sDPo4HfJwP-Lge8HEDAA2 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- https://9557833j.employeesalaryincrease.com/?username=frandt%40grenke.de HTTP 302
- https://www.conductingcode.xyz/b/3321344/?username=frandt%40grenke.de
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
9557833j.employeesalaryincrease.com/ |
72 KB 29 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.conductingcode.xyz/b/3321344/ Redirect Chain
|
111 KB 24 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
/
www.conductingcode.xyz/b/3321344/ |
271 B 404 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login.srf
microsoftonline.conductingcode.xyz/ |
435 KB 119 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
adfs.grenkeleasing.com/adfs/ls/ Redirect Chain
|
23 KB 24 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
adfs.grenkeleasing.com/adfs/portal/css/ |
8 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
adfs.grenkeleasing.com/adfs/portal/logo/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
illustration.jpg
adfs.grenkeleasing.com/adfs/portal/illustration/ |
499 KB 500 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
12 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect boolean| originAgentCluster function| LoginErrors number| maxPasswordLength function| InputUtil function| SelectOption function| Login undefined| emails undefined| msViewportStyle undefined| viewport function| getStyle function| computeLoadIllustration10 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.employeesalaryincrease.com/ | Name: __Jqa2 Value: GeNMCm0rRM6q9zpgSIlQAA== |
|
.conductingcode.xyz/ | Name: __smso Value: 4dAp+zGESb6RPFEmGfkilA== |
|
microsoftonline.conductingcode.xyz/ | Name: stsservicecookie Value: estsfd |
|
microsoftonline.conductingcode.xyz/ | Name: x-ms-gateway-slice Value: estsfd |
|
.microsoftonline.conductingcode.xyz/ | Name: AADSSO Value: NA|NoExtension |
|
microsoftonline.conductingcode.xyz/ | Name: SSOCOOKIEPULLED Value: 1 |
|
microsoftonline.conductingcode.xyz/ | Name: ESTSWCTXFLOWTOKEN Value: AQABAAEAAAD--DLA3VO7QrddgJg7Wevrs_o_7BzG_v21zQkrpUzgn24Jy1tZBY3ySndtvIl3zRfwvBHPD6ez8lICQoOx9IIXbT1NZeM-ekTEZPDJ6UmgKqdN82xM7sz6fBLHnTvwSEnHtIAJUp3CXMY4nDURqQ0pf_yPiEbSyhqKf-pqnRhFXVGwBlZ7Fu5HYR2MVB_bM-0DTJSl4HlhZWaOFUGM683qdbjss8sB1SHJf4DEe8_VCSYMGsyHU9LBk8uNV_mGoLJjszDBfPqKZXrhIhuoCLc8v_xiMPBzx6HV2xwG6P8krdYNvkYcEDn-LpS1BFVw2EeAPvnYrbA_0rY21NT8IZfpT8IhityQDxYuJhZoTLDPyMrLcg70-ud5oKsWuVardaUqPNAnB-TIFcVsfZ5rudme2HBNqPGDhVBVe7tY1ZF14b5hwzASoxvRgY1YVhuxs_iGEO6Mq64nU8Xg5pCLr5y0TSNjZrzeAwdabPXLkBe80w_ermBHQ3mU50tuJ3nYpIEgAA |
|
microsoftonline.conductingcode.xyz/ | Name: esctx Value: AQABAAAAAAD--DLA3VO7QrddgJg7WevrNbR_lxgvIXOdJ1bKN2Hy6-6MuWGb6OsCooMp2e_wK2APXgNCFA84Pa3_y5uW6WRePa7SiKD59D1m7JvTnJ4h_L9yc1QA_DTCD63ZRtoAsU6u70KsNQW6JfucnpS4pIO1z6tZ8_ca9-ZCTz3fumbVzED-GLlFzeRbFFiEKeSvmdkgAA |
|
microsoftonline.conductingcode.xyz/ | Name: buid Value: 0.AYIAqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAA.AQABAAEAAAD--DLA3VO7QrddgJg7Wevrx1w3RJoMrRhc5On1ajH4OK8CtXQxLu6BKIXxsebbdborxkbqmXU2kYUwOv7Pkxe9eYoLEJrqBEwixgksN8ZIF6Cjxv2OMZaI7IYqrTO_jc0gAA |
|
microsoftonline.conductingcode.xyz/ | Name: fpc Value: Ap0rmDtRydNNqBrZWbzwAnq4vjNwAQAAAFc699gOAAAA |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000; includeSubDomains |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
9557833j.employeesalaryincrease.com
adfs.grenkeleasing.com
microsoftonline.conductingcode.xyz
www.conductingcode.xyz
217.25.134.20
80.78.23.65
91.134.26.60
30981c59a5ba3115b88dd4f00ca5a3b1dd7318ab00b300d9f69fe611b67452e2
61f21cfe0efbb14629452263ed94f0e8541ff51633ecabbe7ba262e85504f640
764e45866de55c8bab786c08fd150769ab1a2bb9ca380cf100f5ca2c890f9886
7dbc8b54d6bac72edc3beadb3a24c5f7c8e4de0cda8128eab5d8dd7558c3fadf
ae11c000f1e7951d204d09d5eaa592a8b5285c40d046303214d88ed70bce2fdb
eeea32ebefcb30fcdaecb75f05374dd6601281a157d6a633a952edd48ad82c7b
f08972c5b5bfc9b7057310051dd88810e4e006272e43d7ffe7cd001ca6a37102