urlscan.io logo urlscan.io
SecurityTrails logo

fs.auth.wfp.org Open in urlscan Pro
217.118.241.83  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com/indexc.php?ff=&dl=null
Effective URL: https://fs.auth.wfp.org/adfs/ls/?client-request-id=d74a2a5e-f37f-41b1-a792-a0ef4ecccf09&username=&wa=wsignin1.0&wtrealm=...
Submission: On October 24 via manual from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 5 countries across 5 domains to perform 13 HTTP transactions. The main IP is 217.118.241.83, located in Rome, Italy and belongs to ASWFP, IT. The main domain is fs.auth.wfp.org.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on April 30th 2019. Valid for: 2 years.
This is the only time fs.auth.wfp.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
9 111.90.142.105 45839 (SHINJIRU-...)
1 1 40.97.161.50 8075 (MICROSOFT...)
3 3 2603:1026:204::2 8075 (MICROSOFT...)
1 1 20.190.129.160 8075 (MICROSOFT...)
4 217.118.241.83 31144 (ASWFP)
13 2
9    111.90.142.105 (Malaysia)

ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY)
fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com
1    40.97.161.50 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
outlook.com
3    2603:1026:204::2 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
www.outlook.com
outlook.office365.com
1    20.190.129.160 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
login.microsoftonline.com
4    217.118.241.83 (Rome, Italy)

ASN31144 (ASWFP, IT)
fs.auth.wfp.org
Domain Requested by
9 fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com
4 fs.auth.wfp.org fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com
fs.auth.wfp.org
2 outlook.office365.com 2 redirects
1 login.microsoftonline.com 1 redirects
1 www.outlook.com 1 redirects
1 outlook.com 1 redirects
13 6

This site contains no links.

Subject Issuer Validity Valid
fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com
cPanel, Inc. Certification Authority		 2019-08-25 -
2019-11-23		 3 months crt.sh
*.auth.wfp.org
Sectigo RSA Domain Validation Secure Server CA		 2019-04-30 -
2021-04-29		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://fs.auth.wfp.org/adfs/ls/?client-request-id=d74a2a5e-f37f-41b1-a792-a0ef4ecccf09&username=&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQIIAdNiNtQztFIxgAAjXRCpa5CWZqibnApiIYEiIS6BOC2v6_WfNzoun7Tgvd-Z85yzGNnL0wr08ovSVzEqZZSUFBRb6evnl5bk5Odn6-WnpWUmpxqbmeol5-fq55cn6u9gZLzAyLiKydzM2NzA3NTY0MjCwMLczNTI1EIv1TTVyDQ50UzXMs3SSNckxQLIMrQw1QWqSQIqSko2MzS4xcTv71hakmEEIvKLMqtSPzFxpuUX5cYX5BeXzGLOcoksNnXNd0x3dQxyCjXXdS7390wNcEwOdPFx89X1MUlK8Ut2DUiJjCyuLE2KzA_w9nUO9c9yznV2cndzDnTJNk8pdgqv9A8PKg8zMjbzLHQOKSgtDA03CE23jCgzSU0uTMs3Ns7zi69yLF_FTFSgbWJmA3o-Nz_vFDNbfkFqXmbKBRbGVyw8BqxWHBxcAnwSrAoMP1gYF7ECA3f9PulNxowMLmualCZFpXQxnGLVz3L1SU439TU2SHGK8HPzsnAK9fR3MvEqK0gJyC0zzivxCrNIzy5IivBLNbE1tTKcwMY4gY3tBRvjBzbGDnaGXZxExMktLhEjA0NLXUMDXSMTBUMzKyMLKwPDKAA1
Frame ID: A0A072E8F83F90DDAD7C9101303A90BD
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com/indexc.php?ff=&dl=null Page URL
  2. https://outlook.com/wfp.org HTTP 301
    https://www.outlook.com/wfp.org HTTP 301
    https://outlook.office365.com/wfp.org HTTP 302
    https://outlook.office365.com/owa/wfp.org HTTP 302
    https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redir... HTTP 302
    https://fs.auth.wfp.org/adfs/ls/?client-request-id=d74a2a5e-f37f-41b1-a792-a0ef4ecccf09&username=&wa... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i
Overall confidence: 100%
Detected patterns
  • headers server /^LiteSpeed$/i

Page Statistics

13
Requests

100 %
HTTPS

20 %
IPv6

5
Domains

6
Subdomains

2
IPs

5
Countries

204 kB
Transfer

293 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com/indexc.php?ff=&dl=null Page URL
  2. https://outlook.com/wfp.org HTTP 301
    https://www.outlook.com/wfp.org HTTP 301
    https://outlook.office365.com/wfp.org HTTP 302
    https://outlook.office365.com/owa/wfp.org HTTP 302
    https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=0&client-request-id=d74a2a5e-f37f-41b1-a792-a0ef4ecccf09&protectedtoken=true&domain_hint=wfp.org&nonce=637075312808765258.e5e25ca6-9f92-4d86-9185-128b087bc610&state=DYs5EoAgEARBU7-CwOIePAcQDLFM-L4bdNcEPdYYsyubYoPKMCUOjCmCBGFCQDk7dsBWyOWRwV236IqCTpuqUW0Ug9Xv4ecqfo33nN_zAw HTTP 302
    https://fs.auth.wfp.org/adfs/ls/?client-request-id=d74a2a5e-f37f-41b1-a792-a0ef4ecccf09&username=&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQIIAdNiNtQztFIxgAAjXRCpa5CWZqibnApiIYEiIS6BOC2v6_WfNzoun7Tgvd-Z85yzGNnL0wr08ovSVzEqZZSUFBRb6evnl5bk5Odn6-WnpWUmpxqbmeol5-fq55cn6u9gZLzAyLiKydzM2NzA3NTY0MjCwMLczNTI1EIv1TTVyDQ50UzXMs3SSNckxQLIMrQw1QWqSQIqSko2MzS4xcTv71hakmEEIvKLMqtSPzFxpuUX5cYX5BeXzGLOcoksNnXNd0x3dQxyCjXXdS7390wNcEwOdPFx89X1MUlK8Ut2DUiJjCyuLE2KzA_w9nUO9c9yznV2cndzDnTJNk8pdgqv9A8PKg8zMjbzLHQOKSgtDA03CE23jCgzSU0uTMs3Ns7zi69yLF_FTFSgbWJmA3o-Nz_vFDNbfkFqXmbKBRbGVyw8BqxWHBxcAnwSrAoMP1gYF7ECA3f9PulNxowMLmualCZFpXQxnGLVz3L1SU439TU2SHGK8HPzsnAK9fR3MvEqK0gJyC0zzivxCrNIzy5IivBLNbE1tTKcwMY4gY3tBRvjBzbGDnaGXZxExMktLhEjA0NLXUMDXSMTBUMzKyMLKwPDKAA1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
indexc.php
fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com/ 		6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com/indexc.php?ff=&dl=null
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
111.90.142.105 , Malaysia, ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY),
Reverse DNS
Software
LiteSpeed / PHP/7.0.33
Resource Hash
2ba5bdf3c39a739c6cc6054eef1eb2494d888f57a344e4aa8bea86b693694ed6

Request headers

:method
GET
:authority
fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com
:scheme
https
:path
/indexc.php?ff=&dl=null
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
navigate
sec-fetch-user
?1
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
none
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1

Response headers

status
200
x-powered-by
PHP/7.0.33
content-type
text/html; charset=UTF-8
content-length
2051
content-encoding
br
vary
Accept-Encoding
date
Thu, 24 Oct 2019 16:27:59 GMT
server
LiteSpeed
alt-svc
quic=":443"; ma=2592000; v="35,39,43,44"
style.css
fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com/css/ 		518 B
317 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com/css/style.css
Requested by
Host: fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com
URL: https://fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com/indexc.php?ff=&dl=null
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
111.90.142.105 , Malaysia, ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
d12d548debaa3763b2fb5604a4f8bee261d352c8688cf67d598b7ed3f5ba4a61

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com/indexc.php?ff=&dl=null
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 24 Oct 2019 16:27:59 GMT
content-encoding
br
last-modified
Wed, 10 Apr 2019 04:31:00 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="35,39,43,44"
content-length
199
expires
Thu, 31 Oct 2019 16:27:59 GMT
form.css
fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com/css/ 		637 B
211 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com/css/form.css
Requested by
Host: fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com
URL: https://fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com/indexc.php?ff=&dl=null
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
111.90.142.105 , Malaysia, ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
0ef4d0547b2dbc6edb0c973c82a1ee84f48603e1fe3f2e7c179cc50537501020

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com/indexc.php?ff=&dl=null
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 24 Oct 2019 16:27:59 GMT
content-encoding
br
last-modified
Wed, 10 Apr 2019 04:30:58 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="35,39,43,44"
content-length
145
expires
Thu, 31 Oct 2019 16:27:59 GMT
jquery-1.11.1.min.js
fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com/ 		94 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com/jquery-1.11.1.min.js
Requested by
Host: fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com
URL: https://fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com/indexc.php?ff=&dl=null
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
111.90.142.105 , Malaysia, ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com/indexc.php?ff=&dl=null
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 24 Oct 2019 16:27:59 GMT
content-encoding
br
last-modified
Wed, 10 Apr 2019 04:30:46 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="35,39,43,44"
content-length
32330
expires
Thu, 31 Oct 2019 16:27:59 GMT
RSA.js
fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com/ 		15 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com/RSA.js
Requested by
Host: fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com
URL: https://fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com/indexc.php?ff=&dl=null
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
111.90.142.105 , Malaysia, ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
be727537e7ee65c72af89cdc0e289046a4f50693b5cbecf470887b107e98c3eb

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com/indexc.php?ff=&dl=null
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 24 Oct 2019 16:27:59 GMT
content-encoding
br
last-modified
Wed, 10 Apr 2019 04:30:49 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="35,39,43,44"
content-length
4092
expires
Thu, 31 Oct 2019 16:27:59 GMT
jquery.vegas.js
fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com/jquery/ 		11 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com/jquery/jquery.vegas.js
Requested by
Host: fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com
URL: https://fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com/indexc.php?ff=&dl=null
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
111.90.142.105 , Malaysia, ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
050ed368c40670383f9861b929cf75fc55bb7962ce87fc0b61f76cbe15f5986f

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com/indexc.php?ff=&dl=null
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 24 Oct 2019 16:27:59 GMT
content-encoding
br
last-modified
Wed, 10 Apr 2019 04:32:02 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="35,39,43,44"
content-length
2226
expires
Thu, 31 Oct 2019 16:27:59 GMT
jquery-migrate-1.2.1.min.js
fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com/jquery-migrate-1.2.1.min.js
Requested by
Host: fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com
URL: https://fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com/indexc.php?ff=&dl=null
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
111.90.142.105 , Malaysia, ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
1e67d8dbcca1f6fd94e077c85c2fb40fa1c2756c99238daa8da882144260a68d

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com/indexc.php?ff=&dl=null
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 24 Oct 2019 16:27:59 GMT
content-encoding
br
last-modified
Wed, 10 Apr 2019 04:30:43 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="35,39,43,44"
content-length
2876
expires
Thu, 31 Oct 2019 16:27:59 GMT
btn.png
fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com/img/ 		469 B
541 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com/img/btn.png
Requested by
Host: fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com
URL: https://fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com/indexc.php?ff=&dl=null
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
111.90.142.105 , Malaysia, ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
0a840a7827b7cfe56d8312470d5ea5a7a6125639e05e756ebbb019008bc84435

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com/indexc.php?ff=&dl=null
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 24 Oct 2019 16:27:59 GMT
last-modified
Wed, 10 Apr 2019 04:31:25 GMT
server
LiteSpeed
content-type
image/png
status
200
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="35,39,43,44"
content-length
469
expires
Thu, 31 Oct 2019 16:27:59 GMT
nestatic.php
fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com/ 		1 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com/nestatic.php?id=
Requested by
Host: fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com
URL: https://fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com/indexc.php?ff=&dl=null
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
111.90.142.105 , Malaysia, ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY),
Reverse DNS
Software
LiteSpeed / PHP/7.0.33
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com/indexc.php?ff=&dl=null
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 24 Oct 2019 16:27:59 GMT
content-encoding
br
server
LiteSpeed
x-powered-by
PHP/7.0.33
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
status
200
alt-svc
quic=":443"; ma=2592000; v="35,39,43,44"
content-length
5
Primary Request /
fs.auth.wfp.org/adfs/ls/
Redirect Chain
  • https://outlook.com/wfp.org
  • https://www.outlook.com/wfp.org
  • https://outlook.office365.com/wfp.org
  • https://outlook.office365.com/owa/wfp.org
  • https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-0...
  • https://fs.auth.wfp.org/adfs/ls/?client-request-id=d74a2a5e-f37f-41b1-a792-a0ef4ecccf09&username=&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQII...
18 KB
18 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://fs.auth.wfp.org/adfs/ls/?client-request-id=d74a2a5e-f37f-41b1-a792-a0ef4ecccf09&username=&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQIIAdNiNtQztFIxgAAjXRCpa5CWZqibnApiIYEiIS6BOC2v6_WfNzoun7Tgvd-Z85yzGNnL0wr08ovSVzEqZZSUFBRb6evnl5bk5Odn6-WnpWUmpxqbmeol5-fq55cn6u9gZLzAyLiKydzM2NzA3NTY0MjCwMLczNTI1EIv1TTVyDQ50UzXMs3SSNckxQLIMrQw1QWqSQIqSko2MzS4xcTv71hakmEEIvKLMqtSPzFxpuUX5cYX5BeXzGLOcoksNnXNd0x3dQxyCjXXdS7390wNcEwOdPFx89X1MUlK8Ut2DUiJjCyuLE2KzA_w9nUO9c9yznV2cndzDnTJNk8pdgqv9A8PKg8zMjbzLHQOKSgtDA03CE23jCgzSU0uTMs3Ns7zi69yLF_FTFSgbWJmA3o-Nz_vFDNbfkFqXmbKBRbGVyw8BqxWHBxcAnwSrAoMP1gYF7ECA3f9PulNxowMLmualCZFpXQxnGLVz3L1SU439TU2SHGK8HPzsnAK9fR3MvEqK0gJyC0zzivxCrNIzy5IivBLNbE1tTKcwMY4gY3tBRvjBzbGDnaGXZxExMktLhEjA0NLXUMDXSMTBUMzKyMLKwPDKAA1
Requested by
Host: fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com
URL: https://fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com/indexc.php?ff=&dl=null
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.118.241.83 Rome, Italy, ASN31144 (ASWFP, IT),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
30777a64b4694975b61c8c795cd1bee08fb072f370f4306690cde7ecf6ceb1b5
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Host
fs.auth.wfp.org
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
cross-site
Referer
https://fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Referer
https://fs.auth.wfp.org.adfs.ls.client-request-id.session-services.com/

Response headers

Cache-Control
no-cache,no-store
Pragma
no-cache
Content-Length
18281
Content-Type
text/html; charset=utf-8
Expires
-1
Server
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
X-Frame-Options
DENY
Date
Thu, 24 Oct 2019 16:28:00 GMT

Redirect headers

Cache-Control
no-cache, no-store
Pragma
no-cache
Content-Type
text/html; charset=utf-8
Content-Encoding
gzip
Expires
-1
Location
https://fs.auth.wfp.org/adfs/ls/?client-request-id=d74a2a5e-f37f-41b1-a792-a0ef4ecccf09&username=&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQIIAdNiNtQztFIxgAAjXRCpa5CWZqibnApiIYEiIS6BOC2v6_WfNzoun7Tgvd-Z85yzGNnL0wr08ovSVzEqZZSUFBRb6evnl5bk5Odn6-WnpWUmpxqbmeol5-fq55cn6u9gZLzAyLiKydzM2NzA3NTY0MjCwMLczNTI1EIv1TTVyDQ50UzXMs3SSNckxQLIMrQw1QWqSQIqSko2MzS4xcTv71hakmEEIvKLMqtSPzFxpuUX5cYX5BeXzGLOcoksNnXNd0x3dQxyCjXXdS7390wNcEwOdPFx89X1MUlK8Ut2DUiJjCyuLE2KzA_w9nUO9c9yznV2cndzDnTJNk8pdgqv9A8PKg8zMjbzLHQOKSgtDA03CE23jCgzSU0uTMs3Ns7zi69yLF_FTFSgbWJmA3o-Nz_vFDNbfkFqXmbKBRbGVyw8BqxWHBxcAnwSrAoMP1gYF7ECA3f9PulNxowMLmualCZFpXQxnGLVz3L1SU439TU2SHGK8HPzsnAK9fR3MvEqK0gJyC0zzivxCrNIzy5IivBLNbE1tTKcwMY4gY3tBRvjBzbGDnaGXZxExMktLhEjA0NLXUMDXSMTBUMzKyMLKwPDKAA1
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
x-ms-request-id
b21bbeaf-0133-4400-ac82-22925a648a00
x-ms-ests-server
2.1.9557.16 - DUB2 ProdSlices
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
Set-Cookie
buid=AQABAAEAAACQN9QBRU3jT6bcBQLZNUj7lsdsm1c2wMLLkE0pcaR-6ImOZqMmUIKuP-QL9qmW5ISO5_OioGGDmk58nBb2y9eSdq3rAFXHQXXxShFSge7UtWQ_AIOb_B1jZmPdrA2eNXQgAA; expires=Sat, 23-Nov-2019 16:28:01 GMT; path=/; secure; HttpOnly; SameSite=None fpc=AnUU_gRippxMob77hDxX0Ug-NjKRAQAAABDIQ9UOAAAA; expires=Sat, 23-Nov-2019 16:28:01 GMT; path=/; secure; HttpOnly; SameSite=None esctx=AQABAAAAAACQN9QBRU3jT6bcBQLZNUj7AKMBhnMpSBD-GsAIdLVMacwhfn7yYdj9tM5JcAywKKjLj_gmrpwokEn-ERDqZQj6U2pMZ-s1aspewksHmBpzsz0Wo62ZS42Ifoo8-zExj6gXXSmqg-0X91vBO5Fna4InNWT-yJd0GFFUV2d248aoRZOZ7UomvtRKwdLCu0fAvAggAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None cltm=CgAQABoAIgQIDBAF; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None x-ms-gateway-slice=prod; path=/; SameSite=None; secure; HttpOnly stsservicecookie=ests; path=/; SameSite=None; secure; HttpOnly
Referrer-Policy
strict-origin-when-cross-origin
Date
Thu, 24 Oct 2019 16:28:00 GMT
Content-Length
757
style.css
fs.auth.wfp.org/adfs/portal/css/ 		8 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fs.auth.wfp.org/adfs/portal/css/style.css?id=0A13280A86E7DFA6949BD016EA848912FCAFC05E88CBEDF538AC325B27041205
Requested by
Host: fs.auth.wfp.org
URL: https://fs.auth.wfp.org/adfs/ls/?client-request-id=d74a2a5e-f37f-41b1-a792-a0ef4ecccf09&username=&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQIIAdNiNtQztFIxgAAjXRCpa5CWZqibnApiIYEiIS6BOC2v6_WfNzoun7Tgvd-Z85yzGNnL0wr08ovSVzEqZZSUFBRb6evnl5bk5Odn6-WnpWUmpxqbmeol5-fq55cn6u9gZLzAyLiKydzM2NzA3NTY0MjCwMLczNTI1EIv1TTVyDQ50UzXMs3SSNckxQLIMrQw1QWqSQIqSko2MzS4xcTv71hakmEEIvKLMqtSPzFxpuUX5cYX5BeXzGLOcoksNnXNd0x3dQxyCjXXdS7390wNcEwOdPFx89X1MUlK8Ut2DUiJjCyuLE2KzA_w9nUO9c9yznV2cndzDnTJNk8pdgqv9A8PKg8zMjbzLHQOKSgtDA03CE23jCgzSU0uTMs3Ns7zi69yLF_FTFSgbWJmA3o-Nz_vFDNbfkFqXmbKBRbGVyw8BqxWHBxcAnwSrAoMP1gYF7ECA3f9PulNxowMLmualCZFpXQxnGLVz3L1SU439TU2SHGK8HPzsnAK9fR3MvEqK0gJyC0zzivxCrNIzy5IivBLNbE1tTKcwMY4gY3tBRvjBzbGDnaGXZxExMktLhEjA0NLXUMDXSMTBUMzKyMLKwPDKAA1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.118.241.83 Rome, Italy, ASN31144 (ASWFP, IT),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
0a13280a86e7dfa6949bd016ea848912fcafc05e88cbedf538ac325b27041205

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://fs.auth.wfp.org/adfs/ls/?client-request-id=d74a2a5e-f37f-41b1-a792-a0ef4ecccf09&username=&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQIIAdNiNtQztFIxgAAjXRCpa5CWZqibnApiIYEiIS6BOC2v6_WfNzoun7Tgvd-Z85yzGNnL0wr08ovSVzEqZZSUFBRb6evnl5bk5Odn6-WnpWUmpxqbmeol5-fq55cn6u9gZLzAyLiKydzM2NzA3NTY0MjCwMLczNTI1EIv1TTVyDQ50UzXMs3SSNckxQLIMrQw1QWqSQIqSko2MzS4xcTv71hakmEEIvKLMqtSPzFxpuUX5cYX5BeXzGLOcoksNnXNd0x3dQxyCjXXdS7390wNcEwOdPFx89X1MUlK8Ut2DUiJjCyuLE2KzA_w9nUO9c9yznV2cndzDnTJNk8pdgqv9A8PKg8zMjbzLHQOKSgtDA03CE23jCgzSU0uTMs3Ns7zi69yLF_FTFSgbWJmA3o-Nz_vFDNbfkFqXmbKBRbGVyw8BqxWHBxcAnwSrAoMP1gYF7ECA3f9PulNxowMLmualCZFpXQxnGLVz3L1SU439TU2SHGK8HPzsnAK9fR3MvEqK0gJyC0zzivxCrNIzy5IivBLNbE1tTKcwMY4gY3tBRvjBzbGDnaGXZxExMktLhEjA0NLXUMDXSMTBUMzKyMLKwPDKAA1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 24 Oct 2019 16:28:00 GMT
Expires
Sat, 23 Nov 2019 17:28:01 GMT
Server
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
ETag
0A13280A86E7DFA6949BD016EA848912FCAFC05E88CBEDF538AC325B27041205
Content-Length
8144
Content-Type
text/css
logo.png
fs.auth.wfp.org/adfs/portal/logo/ 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fs.auth.wfp.org/adfs/portal/logo/logo.png?id=09FDDF64273FF36D9D05D6F8055FFF98AFDF114453C7EACE4B3ABE886B01789A
Requested by
Host: fs.auth.wfp.org
URL: https://fs.auth.wfp.org/adfs/ls/?client-request-id=d74a2a5e-f37f-41b1-a792-a0ef4ecccf09&username=&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQIIAdNiNtQztFIxgAAjXRCpa5CWZqibnApiIYEiIS6BOC2v6_WfNzoun7Tgvd-Z85yzGNnL0wr08ovSVzEqZZSUFBRb6evnl5bk5Odn6-WnpWUmpxqbmeol5-fq55cn6u9gZLzAyLiKydzM2NzA3NTY0MjCwMLczNTI1EIv1TTVyDQ50UzXMs3SSNckxQLIMrQw1QWqSQIqSko2MzS4xcTv71hakmEEIvKLMqtSPzFxpuUX5cYX5BeXzGLOcoksNnXNd0x3dQxyCjXXdS7390wNcEwOdPFx89X1MUlK8Ut2DUiJjCyuLE2KzA_w9nUO9c9yznV2cndzDnTJNk8pdgqv9A8PKg8zMjbzLHQOKSgtDA03CE23jCgzSU0uTMs3Ns7zi69yLF_FTFSgbWJmA3o-Nz_vFDNbfkFqXmbKBRbGVyw8BqxWHBxcAnwSrAoMP1gYF7ECA3f9PulNxowMLmualCZFpXQxnGLVz3L1SU439TU2SHGK8HPzsnAK9fR3MvEqK0gJyC0zzivxCrNIzy5IivBLNbE1tTKcwMY4gY3tBRvjBzbGDnaGXZxExMktLhEjA0NLXUMDXSMTBUMzKyMLKwPDKAA1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.118.241.83 Rome, Italy, ASN31144 (ASWFP, IT),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
09fddf64273ff36d9d05d6f8055fff98afdf114453c7eace4b3abe886b01789a

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://fs.auth.wfp.org/adfs/ls/?client-request-id=d74a2a5e-f37f-41b1-a792-a0ef4ecccf09&username=&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQIIAdNiNtQztFIxgAAjXRCpa5CWZqibnApiIYEiIS6BOC2v6_WfNzoun7Tgvd-Z85yzGNnL0wr08ovSVzEqZZSUFBRb6evnl5bk5Odn6-WnpWUmpxqbmeol5-fq55cn6u9gZLzAyLiKydzM2NzA3NTY0MjCwMLczNTI1EIv1TTVyDQ50UzXMs3SSNckxQLIMrQw1QWqSQIqSko2MzS4xcTv71hakmEEIvKLMqtSPzFxpuUX5cYX5BeXzGLOcoksNnXNd0x3dQxyCjXXdS7390wNcEwOdPFx89X1MUlK8Ut2DUiJjCyuLE2KzA_w9nUO9c9yznV2cndzDnTJNk8pdgqv9A8PKg8zMjbzLHQOKSgtDA03CE23jCgzSU0uTMs3Ns7zi69yLF_FTFSgbWJmA3o-Nz_vFDNbfkFqXmbKBRbGVyw8BqxWHBxcAnwSrAoMP1gYF7ECA3f9PulNxowMLmualCZFpXQxnGLVz3L1SU439TU2SHGK8HPzsnAK9fR3MvEqK0gJyC0zzivxCrNIzy5IivBLNbE1tTKcwMY4gY3tBRvjBzbGDnaGXZxExMktLhEjA0NLXUMDXSMTBUMzKyMLKwPDKAA1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 24 Oct 2019 16:28:01 GMT
Expires
Sat, 23 Nov 2019 17:28:01 GMT
Server
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
ETag
09FDDF64273FF36D9D05D6F8055FFF98AFDF114453C7EACE4B3ABE886B01789A
Content-Length
20028
Content-Type
image/png
illustration.png
fs.auth.wfp.org/adfs/portal/illustration/ 		114 KB
114 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fs.auth.wfp.org/adfs/portal/illustration/illustration.png?id=183128A3C941EDE3D9199FA37D6AA90E0A7DFE101B37D10B4FEDA0CF35E11AFD
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.118.241.83 Rome, Italy, ASN31144 (ASWFP, IT),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
183128a3c941ede3d9199fa37d6aa90e0a7dfe101b37d10b4feda0cf35e11afd

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://fs.auth.wfp.org/adfs/ls/?client-request-id=d74a2a5e-f37f-41b1-a792-a0ef4ecccf09&username=&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQIIAdNiNtQztFIxgAAjXRCpa5CWZqibnApiIYEiIS6BOC2v6_WfNzoun7Tgvd-Z85yzGNnL0wr08ovSVzEqZZSUFBRb6evnl5bk5Odn6-WnpWUmpxqbmeol5-fq55cn6u9gZLzAyLiKydzM2NzA3NTY0MjCwMLczNTI1EIv1TTVyDQ50UzXMs3SSNckxQLIMrQw1QWqSQIqSko2MzS4xcTv71hakmEEIvKLMqtSPzFxpuUX5cYX5BeXzGLOcoksNnXNd0x3dQxyCjXXdS7390wNcEwOdPFx89X1MUlK8Ut2DUiJjCyuLE2KzA_w9nUO9c9yznV2cndzDnTJNk8pdgqv9A8PKg8zMjbzLHQOKSgtDA03CE23jCgzSU0uTMs3Ns7zi69yLF_FTFSgbWJmA3o-Nz_vFDNbfkFqXmbKBRbGVyw8BqxWHBxcAnwSrAoMP1gYF7ECA3f9PulNxowMLmualCZFpXQxnGLVz3L1SU439TU2SHGK8HPzsnAK9fR3MvEqK0gJyC0zzivxCrNIzy5IivBLNbE1tTKcwMY4gY3tBRvjBzbGDnaGXZxExMktLhEjA0NLXUMDXSMTBUMzKyMLKwPDKAA1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 24 Oct 2019 16:28:01 GMT
Expires
Sat, 23 Nov 2019 17:28:01 GMT
Server
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
ETag
183128A3C941EDE3D9199FA37D6AA90E0A7DFE101B37D10B4FEDA0CF35E11AFD
Content-Length
116699
Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| LoginErrors number| maxPasswordLength function| InputUtil function| SelectOption function| Login undefined| emails undefined| msViewportStyle undefined| viewport function| getStyle function| computeLoadIllustration function| SetIllustrationImage

0 Cookies