urlscan.io logo urlscan.io
SecurityTrails logo

mfqtotz5kcd.multi-factor0ffice.info Open in urlscan Pro
88.218.188.92  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://multifactors0ffotp.info/
Effective URL: https://mfqtotz5kcd.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2N...
Submission: On December 08 via manual from VN — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 3 countries across 10 domains to perform 15 HTTP transactions. The main IP is 88.218.188.92, located in Ukraine and belongs to THEHOST-AS, UA. The main domain is mfqtotz5kcd.multi-factor0ffice.info.
TLS certificate: Issued by R3 on December 5th 2023. Valid for: 3 months.
This is the only time mfqtotz5kcd.multi-factor0ffice.info was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 209.141.38.71 53667 (PONYNET)
1 1 173.44.37.208 8100 (ASN-QUADR...)
1 2600:3c03::f0... 63949 (AKAMAI-LI...)
6 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 2 2606:4700:10:... 13335 (CLOUDFLAR...)
1 52.216.78.68 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
4 6 88.218.188.92 56485 (THEHOST-AS)
15 8
1    209.141.38.71 (Las Vegas, United States)

ASN53667 (PONYNET, US)
PTR: parking.namesilo.com
multifactors0ffotp.info
1    173.44.37.208 (Miami, United States)

ASN8100 (ASN-QUADRANET-GLOBAL, US)
PTR: 173.44.37.208.static.quadranet.com
www.multifactors0ffotp.info
1    2600:3c03::f03c:92ff:fe92:797b (Cedar Knolls, United States)

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
sotpwinzwernet.us-east-1.linodeobjects.com
6    2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)
qr.codes
qr.io
2    2606:4700:10::6816:4bab (United States)

ASN13335 (CLOUDFLARENET, US)
whos.amung.us
widgets.amung.us
1    52.216.78.68 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com
multiplelinks-images.s3.amazonaws.com
2    2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
6    88.218.188.92 (Ukraine)

ASN56485 (THEHOST-AS, UA)
PTR: eidgrdp.theweb.place
security-0tp0ffice.info
mfqtotz5kcd.multi-factor0ffice.info
Apex Domain
Subdomains		 Transfer
5 multi-factor0ffice.info
mfqtotz5kcd.multi-factor0ffice.info
69 KB
5 qr.io
qr.io — Cisco Umbrella Rank: 162006
118 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 29
2 KB
2 amung.us
whos.amung.us — Cisco Umbrella Rank: 17707
widgets.amung.us — Cisco Umbrella Rank: 33548
662 B
2 multifactors0ffotp.info
multifactors0ffotp.info
www.multifactors0ffotp.info
431 B
1 security-0tp0ffice.info
security-0tp0ffice.info
661 B
1 gstatic.com
fonts.gstatic.com
31 KB
1 amazonaws.com
multiplelinks-images.s3.amazonaws.com
3 KB
1 qr.codes
qr.codes — Cisco Umbrella Rank: 599960
13 KB
1 linodeobjects.com
sotpwinzwernet.us-east-1.linodeobjects.com
3 KB
15 10
Domain Requested by
5 mfqtotz5kcd.multi-factor0ffice.info 3 redirects mfqtotz5kcd.multi-factor0ffice.info
5 qr.io sotpwinzwernet.us-east-1.linodeobjects.com
2 fonts.googleapis.com qr.io
1 security-0tp0ffice.info 1 redirects
1 fonts.gstatic.com fonts.googleapis.com
1 multiplelinks-images.s3.amazonaws.com sotpwinzwernet.us-east-1.linodeobjects.com
1 widgets.amung.us sotpwinzwernet.us-east-1.linodeobjects.com
1 whos.amung.us 1 redirects
1 qr.codes sotpwinzwernet.us-east-1.linodeobjects.com
1 sotpwinzwernet.us-east-1.linodeobjects.com
1 www.multifactors0ffotp.info 1 redirects
1 multifactors0ffotp.info 1 redirects
15 12

This site contains no links.

Subject Issuer Validity Valid
us-east-1.linodeobjects.com
R3		 2023-10-11 -
2024-01-09		 3 months crt.sh
qr.codes
GTS CA 1P5		 2023-10-19 -
2024-01-17		 3 months crt.sh
qr.io
GTS CA 1P5		 2023-12-06 -
2024-03-05		 3 months crt.sh
*.s3.amazonaws.com
Amazon RSA 2048 M01		 2023-10-10 -
2024-07-03		 9 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
multi-factor0ffice.info
R3		 2023-12-05 -
2024-03-04		 3 months crt.sh

This page contains 1 frames:

Frame: https://mfqtotz5kcd.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MDgwMDM3YTItNTNkZC1mZjhmLTNiYTctYTZlNjlmMjU2ZDVhJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODM3NjA4MTQ4NDg2Mjg3Mi5lN2E1ZjJiNi1kODRmLTQwM2EtYTA4Yi02NTFjNDliYmYyMjImc3RhdGU9RGN1eEZZQXdDQUJSb3M5eE1JUWc0RGhCVFd2cC1sTDg2NjRBd0pxV1ZDZ0RwdDI3S1hrVEYxZDI0XzJ4Y1V3T3hkdGxvbEFmT01nRDlXaVhuQkdUbVV1LVczMl9VWDg=&sso_reload=true
Frame ID: FA950F91B9F3ABB7D1135046E8872760
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://multifactors0ffotp.info/ HTTP 301
    http://www.multifactors0ffotp.info/ HTTP 301
    https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html Page URL
  2. https://security-0tp0ffice.info/?sdqgbkbe HTTP 302
    https://mfqtotz5kcd.multi-factor0ffice.info/?sign=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL21mcXRvdHo1a... HTTP 302
    https://mfqtotz5kcd.multi-factor0ffice.info/ HTTP 301
    https://mfqtotz5kcd.multi-factor0ffice.info/owa/ HTTP 302
    https://mfqtotz5kcd.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

15
Requests

87 %
HTTPS

56 %
IPv6

10
Domains

12
Subdomains

8
IPs

3
Countries

230 kB
Transfer

949 kB
Size

11
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://multifactors0ffotp.info/ HTTP 301
    http://www.multifactors0ffotp.info/ HTTP 301
    https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html Page URL
  2. https://security-0tp0ffice.info/?sdqgbkbe HTTP 302
    https://mfqtotz5kcd.multi-factor0ffice.info/?sign=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL21mcXRvdHo1a2NkLm11bHRpLWZhY3RvcjBmZmljZS5pbmZvIiwiZG9tYWluIjoibWZxdG90ejVrY2QubXVsdGktZmFjdG9yMGZmaWNlLmluZm8iLCJrZXkiOiJXbEd2b3JOdk1sU2wiLCJxcmMiOm51bGwsImlhdCI6MTcwMjAxMTM0NywiZXhwIjoxNzAyMDExNDY3fQ.ELh0nNan0mEDJVXBRMPK_7T-9M29XI-PKSvBFQ5uEPw HTTP 302
    https://mfqtotz5kcd.multi-factor0ffice.info/ HTTP 301
    https://mfqtotz5kcd.multi-factor0ffice.info/owa/ HTTP 302
    https://mfqtotz5kcd.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MDgwMDM3YTItNTNkZC1mZjhmLTNiYTctYTZlNjlmMjU2ZDVhJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODM3NjA4MTQ4NDg2Mjg3Mi5lN2E1ZjJiNi1kODRmLTQwM2EtYTA4Yi02NTFjNDliYmYyMjImc3RhdGU9RGN1eEZZQXdDQUJSb3M5eE1JUWc0RGhCVFd2cC1sTDg2NjRBd0pxV1ZDZ0RwdDI3S1hrVEYxZDI0XzJ4Y1V3T3hkdGxvbEFmT01nRDlXaVhuQkdUbVV1LVczMl9VWDg= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://multifactors0ffotp.info/ HTTP 301
  • http://www.multifactors0ffotp.info/ HTTP 301
  • https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html
Request Chain 7
  • https://whos.amung.us/swidget/qriostats.png HTTP 307
  • https://widgets.amung.us/small/05/593.png

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
otep.html
sotpwinzwernet.us-east-1.linodeobjects.com/
Redirect Chain
  • http://multifactors0ffotp.info/
  • http://www.multifactors0ffotp.info/
  • https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html
3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:3c03::f03c:92ff:fe92:797b Cedar Knolls, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS
Software
/
Resource Hash
542274ce779f6dabfb7a9104e127f1b450b56795db59458574c4f4c36d46c5eb

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Length
3112
Content-Type
text/html
Date
Fri, 08 Dec 2023 04:55:45 GMT
ETag
"fc4a993e599ccea59b1fe685c38e79b5"
Last-Modified
Wed, 06 Dec 2023 16:18:44 GMT
x-amz-request-id
tx000001c2b0d982c675620-006572a1d1-4e39b68a-default
x-rgw-object-type
Normal

Redirect headers

Connection
keep-alive
Content-Length
178
Content-Type
text/html
Date
Fri, 08 Dec 2023 04:34:45 GMT
Location
https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html
Server
nginx
all.css
qr.codes/fontawesome-free-5.15.4-web/css/ 		72 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://qr.codes/fontawesome-free-5.15.4-web/css/all.css
Requested by
Host: sotpwinzwernet.us-east-1.linodeobjects.com
URL: https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0cb8cc3fee4275e182236ab19c3aae55274f43aa0ffde9c0510d8d59fcf8e5dc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sotpwinzwernet.us-east-1.linodeobjects.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Fri, 08 Dec 2023 04:55:45 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Fri, 02 Sep 2022 15:54:29 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eeOC9Zh8csMYiYcgiMPt5L9gQGoOGpnOSKLl5Db9JNBzfE22FZlCZppiQIrCM9LGKiyTCVGjyFX%2Bvw15j%2ByMaP2j1axz59y19UpGRMlB8KPo9dqLnN2YDsPbT%2Bkc2qAAfDPHORMlMw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
83226affcef62c56-FRA
alt-svc
h3=":443"; ma=86400
prism.css
qr.io/node_modules/prismjs/themes/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://qr.io/node_modules/prismjs/themes/prism.css
Requested by
Host: sotpwinzwernet.us-east-1.linodeobjects.com
URL: https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
565dbff14754261a039640abf421099afefb922ba1e32c4c17b80fd4e61ee840

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sotpwinzwernet.us-east-1.linodeobjects.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Fri, 08 Dec 2023 04:55:45 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Sat, 12 Sep 2020 18:43:17 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5jZssTApk7uI%2FrxFz0MToNj9oj6q3WgTAZKQ84P%2BDCpS8SuwLQJUyn2cpB4I3MRrWub7ZhZQqYQZ%2FUy9%2B39ZfATphypGXXK3s8C7DIFV9hLZrBbFhku3r2jmnZyL2jwHi9Xv8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
83226aff7bdc1965-FRA
alt-svc
h3=":443"; ma=86400
jqvmap.min.css
qr.io/node_modules/jqvmap/dist/ 		613 B
716 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://qr.io/node_modules/jqvmap/dist/jqvmap.min.css
Requested by
Host: sotpwinzwernet.us-east-1.linodeobjects.com
URL: https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
32d26b3f38f5adcf544dcb92bd5ef604d67ac7300a28f7f8b072ae0e9f555a3c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sotpwinzwernet.us-east-1.linodeobjects.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Fri, 08 Dec 2023 04:55:45 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 12 Sep 2020 18:43:10 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
70
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oIWWqn69lAnz7LkwDv9xAIGEi9I%2FDpdKYTfktGKY4inHiT7rOHE3KmWn95o7ewxG2tBAhwIwyg8b%2BtXPVWo%2BPFj5Ooow0T4Q5knDZoIUCzELYWDSXohLjwMgx0rEWI3Hp8Gtjg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
83226aff7bdd1965-FRA
alt-svc
h3=":443"; ma=86400
leaf.css
qr.io/css/ 		559 KB
75 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://qr.io/css/leaf.css
Requested by
Host: sotpwinzwernet.us-east-1.linodeobjects.com
URL: https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c25d5aea4b2c07449b8444cc969f070c795fb6ad1bdac11a6b7d16a932174ade

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sotpwinzwernet.us-east-1.linodeobjects.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Fri, 08 Dec 2023 04:55:45 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 08 Nov 2023 12:07:50 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
1184
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FzTHT3mhFPJG%2FSpc8aTnlYccgDA3Svp%2FWtYa%2FcJ9ZL%2FqBaWTRChm%2F6CvUtjZgHVj5Dub5O4dPiHIl3%2BF2DPDEuUuRTG8WbFAw2hPe5BpiVD0CEtiUm1nZ2fYYprgPhPUiftxVw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
83226aff7bdb1965-FRA
alt-svc
h3=":443"; ma=86400
vue@2.6.14.js
qr.io/vue-scripts/ 		92 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qr.io/vue-scripts/vue@2.6.14.js
Requested by
Host: sotpwinzwernet.us-east-1.linodeobjects.com
URL: https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9174c425c445377df4562ad9165ea08fdf9433a808296d7de5f619791df10e17

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sotpwinzwernet.us-east-1.linodeobjects.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Fri, 08 Dec 2023 04:55:45 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 07 Feb 2022 12:51:02 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
1184
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RtZ%2B%2BFmYWTtEXhjxtpblSqJJ4L1ZOYE8yublgEfMAVV%2Fx0S%2FnpGq4L2Z7thRt5HC9iBSQkyZfjZtKL8VdCWuEZEcFITDXXYijqq5ENEZoKTzRH7wXQfgVYttTfAsC%2FnfFsdJBg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
83226aff7bde1965-FRA
alt-svc
h3=":443"; ma=86400
axios.min.js
qr.io/vue-scripts/ 		18 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qr.io/vue-scripts/axios.min.js
Requested by
Host: sotpwinzwernet.us-east-1.linodeobjects.com
URL: https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b00828aa594968071f062841833553f98541845061e2d1c3144da47acce5940d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sotpwinzwernet.us-east-1.linodeobjects.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Fri, 08 Dec 2023 04:55:45 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 07 Feb 2022 12:51:01 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
1184
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WKBU%2F6fqLezPPU5jRJED6y2GYVg2%2B4qbFVzmM2U2f3rAzyI275WsJSSBDcjn1GWW0Lqm7vSdiul2OGTlUVvHjEZY1AcuH3tSxc1KSLRP58%2FEq7tDOT1SNE9uY05sOHRyeKZFIA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
83226aff7bdf1965-FRA
alt-svc
h3=":443"; ma=86400
593.png
widgets.amung.us/small/05/
Redirect Chain
  • https://whos.amung.us/swidget/qriostats.png
  • https://widgets.amung.us/small/05/593.png
321 B
491 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://widgets.amung.us/small/05/593.png
Requested by
Host: sotpwinzwernet.us-east-1.linodeobjects.com
URL: https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html
Protocol
H2
Server
2606:4700:10::6816:4bab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
79471495556a5d1422dccd247a36261f6781bd71119bd074a5d1caa61e0cf553

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sotpwinzwernet.us-east-1.linodeobjects.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Fri, 08 Dec 2023 04:55:45 GMT
cf-cache-status
HIT
last-modified
Sun, 13 Jun 2010 09:48:29 GMT
server
cloudflare
age
2328714
etag
"4c14a96d-141"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
83226b003f343603-FRA
content-length
321
expires
Sun, 12 Nov 2023 06:03:51 GMT

Redirect headers

location
https://widgets.amung.us/small/05/593.png
date
Fri, 08 Dec 2023 04:55:45 GMT
cache-control
no-cache, no-store, must-revalidate
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
83226aff6e913603-FRA
content-type
text/html; charset=UTF-8
1b81205565c64bfd340dff5aeef6dfc7.png
multiplelinks-images.s3.amazonaws.com/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://multiplelinks-images.s3.amazonaws.com/1b81205565c64bfd340dff5aeef6dfc7.png
Requested by
Host: sotpwinzwernet.us-east-1.linodeobjects.com
URL: https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.78.68 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
147c66a293f5c689f5f3026425116ae2dc07f9278c3d6bb8ce1224f02a851825

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sotpwinzwernet.us-east-1.linodeobjects.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date
Fri, 08 Dec 2023 04:55:47 GMT
Last-Modified
Sat, 15 Jul 2023 12:23:52 GMT
Server
AmazonS3
x-amz-request-id
S7H15SHMRAZZY97C
ETag
"3d8348f9d44e874159cbda81629c2dce"
x-amz-server-side-encryption
AES256
Content-Type
image/png
Accept-Ranges
bytes
Content-Length
2382
x-amz-id-2
KPOGIX7Xr4ei7xU914gExKZtQhsO0mYWn61heC5iJAmSMVtLltjDzu1mx23nK3mTOF+jsxZj1E8=
css
fonts.googleapis.com/ 		11 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Nunito+Sans:300,400,600,700,800&display=swap
Requested by
Host: qr.io
URL: https://qr.io/css/leaf.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
1d5389c7f119dc4c74da821a932f6530191de67aa19a9274a134c0b2155f42b4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://qr.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 08 Dec 2023 04:55:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 08 Dec 2023 03:42:26 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 08 Dec 2023 04:55:45 GMT
css
fonts.googleapis.com/ 		2 KB
502 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Sanchez:400,400i&display=swap
Requested by
Host: qr.io
URL: https://qr.io/css/leaf.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e8b48701e04d2913c042952823f5b437b3bd6c25e66e7ddff1b7e9374ce218f9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://qr.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 08 Dec 2023 04:55:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 08 Dec 2023 04:55:45 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 08 Dec 2023 04:55:45 GMT
pe0TMImSLYBIv1o4X1M8ce2xCx3yop4tQpF_MeTm0lfGWVpNn64CL7U8upHZIbMV51Q42ptCp7t1R-s.woff2
fonts.gstatic.com/s/nunitosans/v15/ 		30 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/nunitosans/v15/pe0TMImSLYBIv1o4X1M8ce2xCx3yop4tQpF_MeTm0lfGWVpNn64CL7U8upHZIbMV51Q42ptCp7t1R-s.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Nunito+Sans:300,400,600,700,800&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1393acc632c160def86b45c2521c8ee742b7e6239d0d90fb95f51d55cf48b9c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://sotpwinzwernet.us-east-1.linodeobjects.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Fri, 01 Dec 2023 21:00:30 GMT
x-content-type-options
nosniff
age
546916
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31052
x-xss-protection
0
last-modified
Thu, 27 Apr 2023 00:27:41 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 30 Nov 2024 21:00:30 GMT
Primary Request redirect.cgi
mfqtotz5kcd.multi-factor0ffice.info/
Redirect Chain
  • https://security-0tp0ffice.info/?sdqgbkbe
  • https://mfqtotz5kcd.multi-factor0ffice.info/?sign=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL21mcXRvdHo1a2NkLm11bHRpLWZhY3RvcjBmZmljZS5pbmZvIiwiZG9tYWluIjoibWZxdG90ejVrY2QubXVsdGktZm...
  • https://mfqtotz5kcd.multi-factor0ffice.info/
  • https://mfqtotz5kcd.multi-factor0ffice.info/owa/
  • https://mfqtotz5kcd.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAw...
21 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://mfqtotz5kcd.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MDgwMDM3YTItNTNkZC1mZjhmLTNiYTctYTZlNjlmMjU2ZDVhJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODM3NjA4MTQ4NDg2Mjg3Mi5lN2E1ZjJiNi1kODRmLTQwM2EtYTA4Yi02NTFjNDliYmYyMjImc3RhdGU9RGN1eEZZQXdDQUJSb3M5eE1JUWc0RGhCVFd2cC1sTDg2NjRBd0pxV1ZDZ0RwdDI3S1hrVEYxZDI0XzJ4Y1V3T3hkdGxvbEFmT01nRDlXaVhuQkdUbVV1LVczMl9VWDg=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
88.218.188.92 , Ukraine, ASN56485 (THEHOST-AS, UA),
Reverse DNS
eidgrdp.theweb.place
Software
/
Resource Hash
2cfa2871ff81d5d47fec3009a2f06bb471d6752f1aa87342f74b8584c2731d75
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache
Connection
close
Content-Encoding
gzip
Content-Security-Policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Content-Type
text/html; charset=utf-8
Date
Fri, 08 Dec 2023 04:55:48 GMT
Expires
-1
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma
no-cache
Referer
https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=080037a2-53dd-ff8f-3ba7-a6e69f256d5a&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638376081484862872.e7a5f2b6-d84f-403a-a08b-651c49bbf222&state=DcuxFYAwCABRos9xMIQg4DhBTWvp-lL8664AwJqWVCgDpt27KXkTF1d24_2xcUwOxdtlolAfOMgD9WiXnBGTmUu-W32_UX8
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
content-length
21383
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+SEC"}]}
x-ms-ests-server
2.1.16919.4 - WEULR1 ProdSlices
x-ms-request-id
2e1f05e2-e592-4cb0-9426-7f5678a30300

Redirect headers

Alt-Svc
h3=":443",h3-29=":443"
Connection
close
Content-Security-Policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Content-Type
text/html; charset=utf-8
Date
Fri, 08 Dec 2023 04:55:48 GMT
Location
https://mfqtotz5kcd.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MDgwMDM3YTItNTNkZC1mZjhmLTNiYTctYTZlNjlmMjU2ZDVhJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODM3NjA4MTQ4NDg2Mjg3Mi5lN2E1ZjJiNi1kODRmLTQwM2EtYTA4Yi02NTFjNDliYmYyMjImc3RhdGU9RGN1eEZZQXdDQUJSb3M5eE1JUWc0RGhCVFd2cC1sTDg2NjRBd0pxV1ZDZ0RwdDI3S1hrVEYxZDI0XzJ4Y1V3T3hkdGxvbEFmT01nRDlXaVhuQkdUbVV1LVczMl9VWDg=
NEL
{"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
P3P
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Report-To
{"group":"NelOfficeUpload1","max_age":7200,"endpoints":[{"url":"https://exo.nel.measure.office.net/api/report?TenantId=&FrontEnd=Cafe&DestinationEndpoint=FRA&RemoteIP=88.218.188.0"}],"include_subdomains":true}
Server
Microsoft-IIS/10.0
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-BEServer
BEZP281MB2884
X-BackEnd-Begin
2023-12-08T04:55:48.486
X-BackEnd-End
2023-12-08T04:55:48.486
X-BackEndHttpStatus
302, 302
X-BeSku
WCS7
X-CalculatedBETarget
BEZP281MB2884.DEUP281.PROD.OUTLOOK.COM
X-CalculatedFETarget
BE1P281CU023.internal.outlook.com
X-DiagInfo
BEZP281MB2884
X-FEEFZInfo
FRA
X-FEProxyInfo
FR4P281CA0413.DEUP281.PROD.OUTLOOK.COM
X-FEServer
BE1P281CA0288, FR4P281CA0413
X-FirstHopCafeEFZ
FRA
X-IIDs
0
X-OWA-DiagnosticsInfo
1;0;0
X-Proxy-BackendServerStatus
302
X-Proxy-RoutingCorrectness
1
X-RUM-NotUpdateQueriedDbCopy
1
X-RUM-NotUpdateQueriedPath
1
X-RUM-Validated
1
X-UA-Compatible
IE=EmulateIE7
content-length
1302
request-id
080037a2-53dd-ff8f-3ba7-a6e69f256d5a
BssoInterrupt_Core_G8nbIKerNCoHF1cUBcOz7w2.js
mfqtotz5kcd.multi-factor0ffice.info/aadcdn.msauth.net/~/shared/1.0/content/js/ 		136 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mfqtotz5kcd.multi-factor0ffice.info/aadcdn.msauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_G8nbIKerNCoHF1cUBcOz7w2.js
Requested by
Host: mfqtotz5kcd.multi-factor0ffice.info
URL: https://mfqtotz5kcd.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MDgwMDM3YTItNTNkZC1mZjhmLTNiYTctYTZlNjlmMjU2ZDVhJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODM3NjA4MTQ4NDg2Mjg3Mi5lN2E1ZjJiNi1kODRmLTQwM2EtYTA4Yi02NTFjNDliYmYyMjImc3RhdGU9RGN1eEZZQXdDQUJSb3M5eE1JUWc0RGhCVFd2cC1sTDg2NjRBd0pxV1ZDZ0RwdDI3S1hrVEYxZDI0XzJ4Y1V3T3hkdGxvbEFmT01nRDlXaVhuQkdUbVV1LVczMl9VWDg=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
88.218.188.92 , Ukraine, ASN56485 (THEHOST-AS, UA),
Reverse DNS
eidgrdp.theweb.place
Software
/
Resource Hash
1318f652fb498bf205eb678ca228e1943479d2464bcdf1b0f7507b1cd430358d
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mfqtotz5kcd.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MDgwMDM3YTItNTNkZC1mZjhmLTNiYTctYTZlNjlmMjU2ZDVhJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODM3NjA4MTQ4NDg2Mjg3Mi5lN2E1ZjJiNi1kODRmLTQwM2EtYTA4Yi02NTFjNDliYmYyMjImc3RhdGU9RGN1eEZZQXdDQUJSb3M5eE1JUWc0RGhCVFd2cC1sTDg2NjRBd0pxV1ZDZ0RwdDI3S1hrVEYxZDI0XzJ4Y1V3T3hkdGxvbEFmT01nRDlXaVhuQkdUbVV1LVczMl9VWDg=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
Date
Fri, 08 Dec 2023 04:55:49 GMT
Content-Encoding
gzip
Content-Security-Policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
X-Cache
TCP_HIT
Connection
close
content-length
139143
x-ms-lease-status
unlocked
Last-Modified
Wed, 15 Nov 2023 23:33:21 GMT
ETag
0x8DBE633416D4CEF
x-azure-ref
20231208T045549Z-8yss07tq1954ra1vtqczxugm1g00000000a000000000vkht
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
x-ms-request-id
d919ee10-601e-006d-0264-29aa4a000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
Accept-Ranges
bytes
truncated
/ 		341 B
0 		Script
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
90682803943448f3acffc81014c87fdd71f30d8cf97335fcea451fac1e568221

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type
text/javascript
redirect.cgi
mfqtotz5kcd.multi-factor0ffice.info/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
mfqtotz5kcd.multi-factor0ffice.info
URL
https://mfqtotz5kcd.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MDgwMDM3YTItNTNkZC1mZjhmLTNiYTctYTZlNjlmMjU2ZDVhJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODM3NjA4MTQ4NDg2Mjg3Mi5lN2E1ZjJiNi1kODRmLTQwM2EtYTA4Yi02NTFjNDliYmYyMjImc3RhdGU9RGN1eEZZQXdDQUJSb3M5eE1JUWc0RGhCVFd2cC1sTDg2NjRBd0pxV1ZDZ0RwdDI3S1hrVEYxZDI0XzJ4Y1V3T3hkdGxvbEFmT01nRDlXaVhuQkdUbVV1LVczMl9VWDg=&sso_reload=true

Verdicts & Comments Add Verdict or Comment

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| c object| $Config object| $Debug object| $Do function| $Loader object| $WebWatson function| GetString function| GetErrorString function| GetUrl object| $B object| ServerData

11 Cookies

Domain/Path Name / Value
security-0tp0ffice.info/ Name: qPdM
Value: WlGvorNvMlSl
security-0tp0ffice.info/ Name: qPdM.sig
Value: GXZmjqU9p7D50SCO-I5Kj9GmOp4
mfqtotz5kcd.multi-factor0ffice.info/ Name: qPdM
Value: WlGvorNvMlSl
mfqtotz5kcd.multi-factor0ffice.info/ Name: qPdM.sig
Value: GXZmjqU9p7D50SCO-I5Kj9GmOp4
mfqtotz5kcd.multi-factor0ffice.info/ Name: ClientId
Value: F9A8C3C8E130483A8129620AE6475D65
mfqtotz5kcd.multi-factor0ffice.info/ Name: OIDC
Value: 1
mfqtotz5kcd.multi-factor0ffice.info/ Name: OpenIdConnect.nonce.v3.z99GheVs7i3F-Dm9f-Kw-SdYvYa8tFoWpzWgy8AxyBE
Value: 638376081484862872.e7a5f2b6-d84f-403a-a08b-651c49bbf222
mfqtotz5kcd.multi-factor0ffice.info/ Name: X-OWA-RedirectHistory
Value: ArLym14BmNUC8qn32wg
mfqtotz5kcd.multi-factor0ffice.info/ Name: fpc
Value: AptrKNNkYk5Aj6NSzU_zU9o
mfqtotz5kcd.multi-factor0ffice.info/ Name: x-ms-gateway-slice
Value: estsfd
mfqtotz5kcd.multi-factor0ffice.info/ Name: stsservicecookie
Value: estsfd

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
mfqtotz5kcd.multi-factor0ffice.info
multifactors0ffotp.info
multiplelinks-images.s3.amazonaws.com
qr.codes
qr.io
security-0tp0ffice.info
sotpwinzwernet.us-east-1.linodeobjects.com
whos.amung.us
widgets.amung.us
www.multifactors0ffotp.info
mfqtotz5kcd.multi-factor0ffice.info
173.44.37.208
209.141.38.71
2600:3c03::f03c:92ff:fe92:797b
2606:4700:10::6816:4bab
2a00:1450:4001:813::2003
2a00:1450:4001:82a::200a
2a06:98c1:3120::3
52.216.78.68
88.218.188.92
0cb8cc3fee4275e182236ab19c3aae55274f43aa0ffde9c0510d8d59fcf8e5dc
1318f652fb498bf205eb678ca228e1943479d2464bcdf1b0f7507b1cd430358d
1393acc632c160def86b45c2521c8ee742b7e6239d0d90fb95f51d55cf48b9c3
147c66a293f5c689f5f3026425116ae2dc07f9278c3d6bb8ce1224f02a851825
1d5389c7f119dc4c74da821a932f6530191de67aa19a9274a134c0b2155f42b4
2cfa2871ff81d5d47fec3009a2f06bb471d6752f1aa87342f74b8584c2731d75
32d26b3f38f5adcf544dcb92bd5ef604d67ac7300a28f7f8b072ae0e9f555a3c
542274ce779f6dabfb7a9104e127f1b450b56795db59458574c4f4c36d46c5eb
565dbff14754261a039640abf421099afefb922ba1e32c4c17b80fd4e61ee840
79471495556a5d1422dccd247a36261f6781bd71119bd074a5d1caa61e0cf553
90682803943448f3acffc81014c87fdd71f30d8cf97335fcea451fac1e568221
9174c425c445377df4562ad9165ea08fdf9433a808296d7de5f619791df10e17
b00828aa594968071f062841833553f98541845061e2d1c3144da47acce5940d
c25d5aea4b2c07449b8444cc969f070c795fb6ad1bdac11a6b7d16a932174ade
e8b48701e04d2913c042952823f5b437b3bd6c25e66e7ddff1b7e9374ce218f9