www.doctrical.fr Open in urlscan Pro
2620:1ec:bdf::42 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.doctrical.fr/eur/7ab090d4-fa2e-4ecf-bc7c-4127b4d582ec/6ea80fa4-2851-403d-bfc6-7fac4616f661/0bbb422e-86a0-4333...
Submission: On August 11 via api (August 11th 2024, 11:46:26 am UTC) from BE — Scanned from FR

Summary HTTP 6 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 6 HTTP transactions. The main IP is 2620:1ec:bdf::42, located in United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is www.doctrical.fr.
TLS certificate: Issued by Microsoft Azure RSA TLS Issuing CA 04 on August 2nd 2024. Valid for: 6 months.

This is the only time www.doctrical.fr was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
4	2620:1ec:bdf::42 2620:1ec:bdf::42	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2606:2800:233... 2606:2800:233:1cb7:261b:1f9c:2074:3c	15133 (EDGECAST) (EDGECAST)
6	3

4 2620:1ec:bdf::42 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.doctrical.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:233:1cb7:261b:1f9c:2074:3c (United States)

ASN15133 (EDGECAST, US)

aadcdn.msftauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	doctrical.fr www.doctrical.fr	31 KB
2	msftauth.net aadcdn.msftauth.net — Cisco Umbrella Rank: 2274	2 KB
6	2

	Domain	Requested by
4	www.doctrical.fr	www.doctrical.fr
2	aadcdn.msftauth.net	www.doctrical.fr
6	2

This site contains no links.

Subject Issuer	Validity	Valid
www.attemplate.com Microsoft Azure RSA TLS Issuing CA 04	`2024-08-02` - `2025-01-29`	6 months	crt.sh
aadcdn.msftauth.net DigiCert SHA2 Secure Server CA	`2024-05-25` - `2025-05-25`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.doctrical.fr/eur/7ab090d4-fa2e-4ecf-bc7c-4127b4d582ec/6ea80fa4-2851-403d-bfc6-7fac4616f661/0bbb422e-86a0-4333-af69-adcf4a1a4d3c/oauth?id=ckpjZ28wdlR0aXJka2tqRHlGQ1ZxbWVla3YvYnBpNS9sdk9GMUNaWU1KMkFmTllVRWsxeU50SnE5TzBsNEZpM3UyN0VhNW1pdXZVMUoyb3YxQ2xCRTdoOTFDS0s4L2FITXVhZHJYREVDQnphTU9UdkNVVWRKVUZJOGc5V3BGNnhVeEpsdE1SSzVyT0tiRkhLNWxqeEpwbkNxNzJHSFVzOC9wMzlsd2NCdEFmNUFGOVgwV2lIL3ZFWHhBYUJVY05kZGgrQ01VV0t4T1VmYU9JNVZueTFNbEhCTEQ4eG0xNXNjMDNjZXp5Y0lzVkoveTQ5RFp0aFlKTll4TkdFWm1nM1BBclQ4ZW1xMno0a2lhUVg0cmI1UCt3QjNVMy9BQWhic3VVSUZXWjVUNThWc2hGYmIvK1FOUEZ6RThJZTV3VHEvWncxalZSaTdlbDd3WHZDM3B0ZGdVbHZRNnFGcFR3UW9wakV1SWx6V01uaXdCcVJWd1ZlU2tYQ09lOFh6V05xcFR3L3I1RDR2eUJ0WEp4STdSR2lDWTg4UkRRa2F2cVBWbzVpTTlha0EzTT0
Frame ID: CE7E389175B9D6AC08C0D33F89A21DF4
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Connectez-vous à votre compte

Page Statistics

6
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

33 kB
Transfer

45 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request oauth Show response
www.doctrical.fr/eur/7ab090d4-fa2e-4ecf-bc7c-4127b4d582ec/6ea80fa4-2851-403d-bfc6-7fac4616f661/0bbb422e-86a0-4333-af69-adcf4a1a4d3c/ 21 KB
22 KB 568ms
362ms Document
text/html 2620:1ec:bdf::42
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.doctrical.fr/eur/7ab090d4-fa2e-4ecf-bc7c-4127b4d582ec/6ea80fa4-2851-403d-bfc6-7fac4616f661/0bbb422e-86a0-4333-af69-adcf4a1a4d3c/oauth?id=ckpjZ28wdlR0aXJka2tqRHlGQ1ZxbWVla3YvYnBpNS9sdk9GMUNaWU1KMkFmTllVRWsxeU50SnE5TzBsNEZpM3UyN0VhNW1pdXZVMUoyb3YxQ2xCRTdoOTFDS0s4L2FITXVhZHJYREVDQnphTU9UdkNVVWRKVUZJOGc5V3BGNnhVeEpsdE1SSzVyT0tiRkhLNWxqeEpwbkNxNzJHSFVzOC9wMzlsd2NCdEFmNUFGOVgwV2lIL3ZFWHhBYUJVY05kZGgrQ01VV0t4T1VmYU9JNVZueTFNbEhCTEQ4eG0xNXNjMDNjZXp5Y0lzVkoveTQ5RFp0aFlKTll4TkdFWm1nM1BBclQ4ZW1xMno0a2lhUVg0cmI1UCt3QjNVMy9BQWhic3VVSUZXWjVUNThWc2hGYmIvK1FOUEZ6RThJZTV3VHEvWncxalZSaTdlbDd3WHZDM3B0ZGdVbHZRNnFGcFR3UW9wakV1SWx6V01uaXdCcVJWd1ZlU2tYQ09lOFh6V05xcFR3L3I1RDR2eUJ0WEp4STdSR2lDWTg4UkRRa2F2cVBWbzVpTTlha0EzTT0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:bdf::42 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

2d50ebe4c5cb99e3eb8200c353571a7c945a6a11eb4f295a506dff6d5f014f47

Security Headers

Name	Value
Content-Security-Policy	img-src https: data: ; style-src 'self' 'unsafe-inline'; script-src 'self'
Strict-Transport-Security	max-age=2592000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: img-src https: data: ; style-src 'self' 'unsafe-inline'; script-src 'self'
content-type: text/html; charset=utf-8
date: Sun, 11 Aug 2024 11:46:21 GMT
request-context: appId=
strict-transport-security: max-age=2592000
x-azure-ref: 20240811T114621Z-156ff4cdd48pxxqx5x28w7wkt80000000en0000000004fzx
x-cache: CONFIG_NOCACHE

GET
H2 200 Consent.css
www.doctrical.fr/Content/OAuth/ 3 KB
3 KB 625ms
624ms Stylesheet
text/css 2620:1ec:bdf::42
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.doctrical.fr/Content/OAuth/Consent.css

Requested by

Host: www.doctrical.fr
URL: https://www.doctrical.fr/eur/7ab090d4-fa2e-4ecf-bc7c-4127b4d582ec/6ea80fa4-2851-403d-bfc6-7fac4616f661/0bbb422e-86a0-4333-af69-adcf4a1a4d3c/oauth?id=ckpjZ28wdlR0aXJka2tqRHlGQ1ZxbWVla3YvYnBpNS9sdk9GMUNaWU1KMkFmTllVRWsxeU50SnE5TzBsNEZpM3UyN0VhNW1pdXZVMUoyb3YxQ2xCRTdoOTFDS0s4L2FITXVhZHJYREVDQnphTU9UdkNVVWRKVUZJOGc5V3BGNnhVeEpsdE1SSzVyT0tiRkhLNWxqeEpwbkNxNzJHSFVzOC9wMzlsd2NCdEFmNUFGOVgwV2lIL3ZFWHhBYUJVY05kZGgrQ01VV0t4T1VmYU9JNVZueTFNbEhCTEQ4eG0xNXNjMDNjZXp5Y0lzVkoveTQ5RFp0aFlKTll4TkdFWm1nM1BBclQ4ZW1xMno0a2lhUVg0cmI1UCt3QjNVMy9BQWhic3VVSUZXWjVUNThWc2hGYmIvK1FOUEZ6RThJZTV3VHEvWncxalZSaTdlbDd3WHZDM3B0ZGdVbHZRNnFGcFR3UW9wakV1SWx6V01uaXdCcVJWd1ZlU2tYQ09lOFh6V05xcFR3L3I1RDR2eUJ0WEp4STdSR2lDWTg4UkRRa2F2cVBWbzVpTTlha0EzTT0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:bdf::42 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

80d33446899027d1b7c07dae011fb56f7aeec69d6acbd92694012a503a1b14ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Referer: https://www.doctrical.fr/eur/7ab090d4-fa2e-4ecf-bc7c-4127b4d582ec/6ea80fa4-2851-403d-bfc6-7fac4616f661/0bbb422e-86a0-4333-af69-adcf4a1a4d3c/oauth?id=ckpjZ28wdlR0aXJka2tqRHlGQ1ZxbWVla3YvYnBpNS9sdk9GMUNaWU1KMkFmTllVRWsxeU50SnE5TzBsNEZpM3UyN0VhNW1pdXZVMUoyb3YxQ2xCRTdoOTFDS0s4L2FITXVhZHJYREVDQnphTU9UdkNVVWRKVUZJOGc5V3BGNnhVeEpsdE1SSzVyT0tiRkhLNWxqeEpwbkNxNzJHSFVzOC9wMzlsd2NCdEFmNUFGOVgwV2lIL3ZFWHhBYUJVY05kZGgrQ01VV0t4T1VmYU9JNVZueTFNbEhCTEQ4eG0xNXNjMDNjZXp5Y0lzVkoveTQ5RFp0aFlKTll4TkdFWm1nM1BBclQ4ZW1xMno0a2lhUVg0cmI1UCt3QjNVMy9BQWhic3VVSUZXWjVUNThWc2hGYmIvK1FOUEZ6RThJZTV3VHEvWncxalZSaTdlbDd3WHZDM3B0ZGdVbHZRNnFGcFR3UW9wakV1SWx6V01uaXdCcVJWd1ZlU2tYQ09lOFh6V05xcFR3L3I1RDR2eUJ0WEp4STdSR2lDWTg4UkRRa2F2cVBWbzVpTTlha0EzTT0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 11:46:22 GMT
strict-transport-security: max-age=2592000
last-modified: Wed, 07 Aug 2024 11:44:25 GMT
etag: "1dae8bf26e839b5"
x-azure-ref: 20240811T114621Z-156ff4cdd48pxxqx5x28w7wkt80000000en0000000004g02
x-cache: CONFIG_NOCACHE
content-type: text/css
accept-ranges: bytes
content-length: 2869
request-context: appId=

GET
H2 200 microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
aadcdn.msftauth.net/shared/1.0/content/images/ 4 KB
2 KB 127ms
21ms Image
image/svg+xml 2606:2800:233:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
Requested by: Host: www.doctrical.fr
URL: https://www.doctrical.fr/eur/7ab090d4-fa2e-4ecf-bc7c-4127b4d582ec/6ea80fa4-2851-403d-bfc6-7fac4616f661/0bbb422e-86a0-4333-af69-adcf4a1a4d3c/oauth?id=ckpjZ28wdlR0aXJka2tqRHlGQ1ZxbWVla3YvYnBpNS9sdk9GMUNaWU1KMkFmTllVRWsxeU50SnE5TzBsNEZpM3UyN0VhNW1pdXZVMUoyb3YxQ2xCRTdoOTFDS0s4L2FITXVhZHJYREVDQnphTU9UdkNVVWRKVUZJOGc5V3BGNnhVeEpsdE1SSzVyT0tiRkhLNWxqeEpwbkNxNzJHSFVzOC9wMzlsd2NCdEFmNUFGOVgwV2lIL3ZFWHhBYUJVY05kZGgrQ01VV0t4T1VmYU9JNVZueTFNbEhCTEQ4eG0xNXNjMDNjZXp5Y0lzVkoveTQ5RFp0aFlKTll4TkdFWm1nM1BBclQ4ZW1xMno0a2lhUVg0cmI1UCt3QjNVMy9BQWhic3VVSUZXWjVUNThWc2hGYmIvK1FOUEZ6RThJZTV3VHEvWncxalZSaTdlbDd3WHZDM3B0ZGdVbHZRNnFGcFR3UW9wakV1SWx6V01uaXdCcVJWd1ZlU2tYQ09lOFh6V05xcFR3L3I1RDR2eUJ0WEp4STdSR2lDWTg4UkRRa2F2cVBWbzVpTTlha0EzTT0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (paa/6F20) /
Resource Hash: 04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

Referer: https://www.doctrical.fr/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Sun, 11 Aug 2024 11:46:21 GMT
content-encoding: gzip
content-md5: nzaLxFgP7ZB3dfMcaybWzw==
age: 12039644
x-cache: HIT
content-length: 1435
x-ms-lease-status: unlocked
last-modified: Thu, 16 Jan 2020 00:32:52 GMT
server: ECAcc (paa/6F20)
etag: 0x8D79A1B9F5E121A
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: ac2708d9-801e-0093-6c64-7ec057000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
accept-ranges: bytes

GET
H2 200 chevron_closed_31e954033877625e65f365d6c05762f0.svg
aadcdn.msftauth.net/shared/1.0/content/images/ 188 B
647 B 126ms
21ms Image
image/svg+xml 2606:2800:233:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aadcdn.msftauth.net/shared/1.0/content/images/chevron_closed_31e954033877625e65f365d6c05762f0.svg
Requested by: Host: www.doctrical.fr
URL: https://www.doctrical.fr/eur/7ab090d4-fa2e-4ecf-bc7c-4127b4d582ec/6ea80fa4-2851-403d-bfc6-7fac4616f661/0bbb422e-86a0-4333-af69-adcf4a1a4d3c/oauth?id=ckpjZ28wdlR0aXJka2tqRHlGQ1ZxbWVla3YvYnBpNS9sdk9GMUNaWU1KMkFmTllVRWsxeU50SnE5TzBsNEZpM3UyN0VhNW1pdXZVMUoyb3YxQ2xCRTdoOTFDS0s4L2FITXVhZHJYREVDQnphTU9UdkNVVWRKVUZJOGc5V3BGNnhVeEpsdE1SSzVyT0tiRkhLNWxqeEpwbkNxNzJHSFVzOC9wMzlsd2NCdEFmNUFGOVgwV2lIL3ZFWHhBYUJVY05kZGgrQ01VV0t4T1VmYU9JNVZueTFNbEhCTEQ4eG0xNXNjMDNjZXp5Y0lzVkoveTQ5RFp0aFlKTll4TkdFWm1nM1BBclQ4ZW1xMno0a2lhUVg0cmI1UCt3QjNVMy9BQWhic3VVSUZXWjVUNThWc2hGYmIvK1FOUEZ6RThJZTV3VHEvWncxalZSaTdlbDd3WHZDM3B0ZGdVbHZRNnFGcFR3UW9wakV1SWx6V01uaXdCcVJWd1ZlU2tYQ09lOFh6V05xcFR3L3I1RDR2eUJ0WEp4STdSR2lDWTg4UkRRa2F2cVBWbzVpTTlha0EzTT0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (paa/6F51) /
Resource Hash: 7b635e83e36842b4dfefb600f4cdf2874617736578f448fc12fcf1f448a638d1

Request headers

Referer: https://www.doctrical.fr/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Sun, 11 Aug 2024 11:46:21 GMT
content-encoding: gzip
content-md5: dIPLujNB6F61jh3T+4rdyg==
age: 11990100
x-cache: HIT
content-length: 171
x-ms-lease-status: unlocked
last-modified: Thu, 16 Jan 2020 00:32:46 GMT
server: ECAcc (paa/6F51)
etag: 0x8D79A1B9BBDC35C
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 95efa234-301e-00c4-19d7-7e726a000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
accept-ranges: bytes

GET
H2 200 Consent.js Show response
www.doctrical.fr/Content/OAuth/ 2 KB
2 KB 611ms
611ms Script
application/javascript 2620:1ec:bdf::42
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.doctrical.fr/Content/OAuth/Consent.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:bdf::42 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

774b06feb7c905a041a39367cd6d848f1dae2f084402b2c373276cc4fa8eb79b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Referer: https://www.doctrical.fr/eur/7ab090d4-fa2e-4ecf-bc7c-4127b4d582ec/6ea80fa4-2851-403d-bfc6-7fac4616f661/0bbb422e-86a0-4333-af69-adcf4a1a4d3c/oauth?id=ckpjZ28wdlR0aXJka2tqRHlGQ1ZxbWVla3YvYnBpNS9sdk9GMUNaWU1KMkFmTllVRWsxeU50SnE5TzBsNEZpM3UyN0VhNW1pdXZVMUoyb3YxQ2xCRTdoOTFDS0s4L2FITXVhZHJYREVDQnphTU9UdkNVVWRKVUZJOGc5V3BGNnhVeEpsdE1SSzVyT0tiRkhLNWxqeEpwbkNxNzJHSFVzOC9wMzlsd2NCdEFmNUFGOVgwV2lIL3ZFWHhBYUJVY05kZGgrQ01VV0t4T1VmYU9JNVZueTFNbEhCTEQ4eG0xNXNjMDNjZXp5Y0lzVkoveTQ5RFp0aFlKTll4TkdFWm1nM1BBclQ4ZW1xMno0a2lhUVg0cmI1UCt3QjNVMy9BQWhic3VVSUZXWjVUNThWc2hGYmIvK1FOUEZ6RThJZTV3VHEvWncxalZSaTdlbDd3WHZDM3B0ZGdVbHZRNnFGcFR3UW9wakV1SWx6V01uaXdCcVJWd1ZlU2tYQ09lOFh6V05xcFR3L3I1RDR2eUJ0WEp4STdSR2lDWTg4UkRRa2F2cVBWbzVpTTlha0EzTT0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 11:46:22 GMT
strict-transport-security: max-age=2592000
last-modified: Wed, 07 Aug 2024 11:44:25 GMT
etag: "1dae8bf26e8341b"
x-azure-ref: 20240811T114621Z-156ff4cdd48pxxqx5x28w7wkt80000000en0000000004g04
x-cache: CONFIG_NOCACHE
content-type: application/javascript
accept-ranges: bytes
content-length: 1691
request-context: appId=

GET
DATA 200
OK truncated
/ 9 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 707e5d4e624538d0b0fec799e9f36ea58c092dea5a132d941825aa843be910f9

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d0ba57a5768efbfa574cc497f87c9a73daf190b4802bc1aa6ab01eefd25fa5f0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 500 favicon.ico
www.doctrical.fr/ 4 KB
4 KB 168ms
168ms Other
text/html 2620:1ec:bdf::42
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.doctrical.fr/favicon.ico

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:bdf::42 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

c14468cdc2213365958a15b100e91d5b1722efed31f0eb898d838eb7114316fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Referer: https://www.doctrical.fr/eur/7ab090d4-fa2e-4ecf-bc7c-4127b4d582ec/6ea80fa4-2851-403d-bfc6-7fac4616f661/0bbb422e-86a0-4333-af69-adcf4a1a4d3c/oauth?id=ckpjZ28wdlR0aXJka2tqRHlGQ1ZxbWVla3YvYnBpNS9sdk9GMUNaWU1KMkFmTllVRWsxeU50SnE5TzBsNEZpM3UyN0VhNW1pdXZVMUoyb3YxQ2xCRTdoOTFDS0s4L2FITXVhZHJYREVDQnphTU9UdkNVVWRKVUZJOGc5V3BGNnhVeEpsdE1SSzVyT0tiRkhLNWxqeEpwbkNxNzJHSFVzOC9wMzlsd2NCdEFmNUFGOVgwV2lIL3ZFWHhBYUJVY05kZGgrQ01VV0t4T1VmYU9JNVZueTFNbEhCTEQ4eG0xNXNjMDNjZXp5Y0lzVkoveTQ5RFp0aFlKTll4TkdFWm1nM1BBclQ4ZW1xMno0a2lhUVg0cmI1UCt3QjNVMy9BQWhic3VVSUZXWjVUNThWc2hGYmIvK1FOUEZ6RThJZTV3VHEvWncxalZSaTdlbDd3WHZDM3B0ZGdVbHZRNnFGcFR3UW9wakV1SWx6V01uaXdCcVJWd1ZlU2tYQ09lOFh6V05xcFR3L3I1RDR2eUJ0WEp4STdSR2lDWTg4UkRRa2F2cVBWbzVpTTlha0EzTT0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-type: text/html; charset=utf-8
date: Sun, 11 Aug 2024 11:46:22 GMT
strict-transport-security: max-age=2592000
x-azure-ref: 20240811T114622Z-156ff4cdd48pxxqx5x28w7wkt80000000en0000000004g0k
x-cache: CONFIG_NOCACHE
request-context: appId=

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.doctrical.fr/favicon.ico Message: Failed to load resource: the server responded with a status of 500 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	img-src https: data: ; style-src 'self' 'unsafe-inline'; script-src 'self'
Strict-Transport-Security	max-age=2592000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aadcdn.msftauth.net
www.doctrical.fr
2606:2800:233:1cb7:261b:1f9c:2074:3c
2620:1ec:bdf::42
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
2d50ebe4c5cb99e3eb8200c353571a7c945a6a11eb4f295a506dff6d5f014f47
707e5d4e624538d0b0fec799e9f36ea58c092dea5a132d941825aa843be910f9
774b06feb7c905a041a39367cd6d848f1dae2f084402b2c373276cc4fa8eb79b
7b635e83e36842b4dfefb600f4cdf2874617736578f448fc12fcf1f448a638d1
80d33446899027d1b7c07dae011fb56f7aeec69d6acbd92694012a503a1b14ea
c14468cdc2213365958a15b100e91d5b1722efed31f0eb898d838eb7114316fe
d0ba57a5768efbfa574cc497f87c9a73daf190b4802bc1aa6ab01eefd25fa5f0

www.doctrical.fr Open in urlscan Pro 2620:1ec:bdf::42 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

6 Requests

100 %HTTPS

100 %IPv6

2 Domains

2 Subdomains

3 IPs

1 Countries

33 kBTransfer

45 kBSize

0 Cookies

0 Outgoing links

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

0 Cookies

1 Console Messages

Security Headers

Indicators

www.doctrical.fr Open in urlscan Pro
2620:1ec:bdf::42 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

33 kB
Transfer

45 kB
Size

0
Cookies

6 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!