indicatorurl
login.microsoftonline.com/common/oauth2/deviceauth
- First seen
- 2026-05-13
- Last seen
- 2026-05-13
- Sightings
- 1
Posts referencing this indicator
- Social Engineering Leveled Up. Has Your Security Program?
Legitimate Microsoft device code authentication URL abused in the EvilTokens phishing campaign to bypass MFA.