login-microsoftonline.xn--fsqu00a.com Open in urlscan Pro Puny
login-microsoftonline.例子.com IDN
172.66.47.10 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.google.ca/url?jw5a2p=https%3A%2F%2Fwww.jacksonllc.edu&bg=0O&bg=GC&Qg=49&Qg=U8&TA=48&q=amp%2Fgp7kd9.pritika...
Effective URL:
https://login-microsoftonline.xn--fsqu00a.com/2t0covQxooCaoUOwuDW6gmirJKqS1LyLBZRT6nPMzceLjUrstjm29M10Jc7yW5KX9IRPxrvZpOhLNoENbrmh5b1HqW3fZjjv...
Submission Tags: falconsandbox
Submission: On January 09 via api (January 9th 2025, 8:21:15 pm UTC) from US — Scanned from CA

Summary HTTP 13 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 9 IPs in 3 countries across 10 domains to perform 13 HTTP transactions. The main IP is 172.66.47.10, located in United States and belongs to CLOUDFLARENET, US. The main domain is login-microsoftonline.xn--fsqu00a.com.
TLS certificate: Issued by E6 on January 7th 2025. Valid for: 3 months.

This is the only time login-microsoftonline.xn--fsqu00a.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
2 2	64.233.180.94 64.233.180.94	15169 (GOOGLE) (GOOGLE)
1 1	157.173.199.76 157.173.199.76	40021 (NL-811-40021) (NL-811-40021)
2	172.66.47.10 172.66.47.10	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.67.188.102 172.67.188.102	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42:400... 2a04:4e42:400::649	54113 (FASTLY) (FASTLY)
1	104.21.32.1 104.21.32.1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	18.160.18.121 18.160.18.121	16509 (AMAZON-02) (AMAZON-02)
1	2a04:4e42:200... 2a04:4e42:200::485	54113 (FASTLY) (FASTLY)
1	2606:2800:11f... 2606:2800:11f:1cb7:261b:1f9c:2074:3c	15133 (EDGECAST) (EDGECAST)
2	2620:1ec:bdf::40 2620:1ec:bdf::40	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
13	9

2 64.233.180.94 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: on-in-f94.1e100.net

www.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 157.173.199.76 (United Kingdom) 1 redirects

ASN40021 (NL-811-40021, US)
PTR: vmi2361534.contaboserver.net

gp7kd9.pritikaautoindustries.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.66.47.10 (United States)

ASN13335 (CLOUDFLARENET, US)

login-microsoftonline.xn--fsqu00a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.188.102 (United States)

ASN13335 (CLOUDFLARENET, US)

ts.homedeko.com.ec	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.21.32.1 (None, )

ASN13335 (CLOUDFLARENET, US)

login-microsoftonline.com.bossdesk.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.160.18.121 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-160-18-121.iad12.r.cloudfront.net

ok4static.oktacdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:11f:1cb7:261b:1f9c:2074:3c (United States)

ASN15133 (EDGECAST, US)

aadcdn.msftauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:bdf::40 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

aadcdn.msauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	oktacdn.com ok4static.oktacdn.com — Cisco Umbrella Rank: 20781	52 KB
2	msauth.net aadcdn.msauth.net — Cisco Umbrella Rank: 871	2 KB
2	xn--fsqu00a.com login-microsoftonline.xn--fsqu00a.com	2 KB
2	google.ca 2 redirects www.google.ca — Cisco Umbrella Rank: 11557	45 B
1	msftauth.net aadcdn.msftauth.net — Cisco Umbrella Rank: 876	2 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 318	18 KB
1	bossdesk.ai login-microsoftonline.com.bossdesk.ai	285 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 847	31 KB
1	homedeko.com.ec ts.homedeko.com.ec	17 KB
1	pritikaautoindustries.com 1 redirects gp7kd9.pritikaautoindustries.com	983 B
13	10

	Domain	Requested by
3	ok4static.oktacdn.com	code.jquery.com
2	aadcdn.msauth.net
2	login-microsoftonline.xn--fsqu00a.com
2	www.google.ca	2 redirects
1	aadcdn.msftauth.net
1	cdn.jsdelivr.net	code.jquery.com
1	login-microsoftonline.com.bossdesk.ai	code.jquery.com
1	code.jquery.com	login-microsoftonline.xn--fsqu00a.com
1	ts.homedeko.com.ec	login-microsoftonline.xn--fsqu00a.com
1	gp7kd9.pritikaautoindustries.com	1 redirects
13	10

This site contains links to these domains. Also see Links.

Domain
passwordreset.microsoftonline.com
www.microsoft.com
privacy.microsoft.com
www.godaddy.com
sso.godaddy.com
www.okta.com

Subject Issuer	Validity	Valid
login-microsoftonline.xn--fsqu00a.com E6	`2025-01-07` - `2025-04-07`	3 months	crt.sh
ts.homedeko.com.ec WE1	`2024-12-16` - `2025-03-16`	3 months	crt.sh
*.jquery.com Sectigo ECC Domain Validation Secure Server CA	`2024-06-25` - `2025-06-25`	a year	crt.sh
bossdesk.ai WE1	`2025-01-02` - `2025-04-02`	3 months	crt.sh
*.oktacdn.com DigiCert TLS RSA SHA256 2020 CA1	`2024-12-02` - `2026-01-02`	a year	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2024 Q3	`2024-07-30` - `2025-08-31`	a year	crt.sh
aadcdn.msftauth.net DigiCert SHA2 Secure Server CA	`2024-05-25` - `2025-05-25`	a year	crt.sh
aadcdn.msauth.net DigiCert SHA2 Secure Server CA	`2024-10-29` - `2025-10-29`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://login-microsoftonline.xn--fsqu00a.com/2t0covQxooCaoUOwuDW6gmirJKqS1LyLBZRT6nPMzceLjUrstjm29M10Jc7yW5KX9IRPxrvZpOhLNoENbrmh5b1HqW3fZjjvhdDGeuNR0Lja2AT16TkZiVMNRlDJ6mn14P
Frame ID: 32F937AF203AC8AAB571ACF859C79441
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in to your account

Page URL History Show full URLs

https://www.google.ca/url?jw5a2p=https%3A%2F%2Fwww.jacksonllc.edu&bg=0O&bg=GC&Qg=49&Qg=U8&TA=48&q=... HTTP 302
https://www.google.ca/amp/gp7kd9.pritikaautoindustries.com/A/keith.foerster@vertexone.net HTTP 302
http://gp7kd9.pritikaautoindustries.com/A/keith.foerster@vertexone.net HTTP 307
https://gp7kd9.pritikaautoindustries.com/A/keith.foerster@vertexone.net HTTP 302
https://login-microsoftonline.xn--fsqu00a.com/2t0covQxooCaoUOwuDW6gmirJKqS1LyLBZRT6nPMzceLjUrstjm29M10Jc7yW5KX9IRPxrvZpOhL... Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

13
Requests

92 %
HTTPS

40 %
IPv6

10
Domains

10
Subdomains

9
IPs

3
Countries

409 kB
Transfer

1737 kB
Size

1
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQIIAYWSO2_TUABG46RNH0MpCAESUlUkBoTk5NrXj7oICT8Sp4kT14mT1BFSFL8SO341durGAzNjJ4ayMVYwwIT6D-jUGXViQkwICQkx0f4Clk8633rO-gpVgiVQAk8LWAnbfUxAghzROoMyIwqiBIMBdETgFApJSEEcYCYJ4OzO-ubLk1cfr943xLeXxrMv-StwhmxNkiSKd8vlNE1LoW07hlUyQr_sjQLTCcafEeQSQb4jyGl-2QpQkTvLxxSksZ0dQDMAhxACigYlzeXcll_1NFdJBoI5afIAaJlBSqrnaC6baG7L0_Cq28oUUlarU1msLFqqQTQzJdHUlqM5ADQzDUj9PWIgVK6_ga9lWjoQ2u5AGHhf87dkdp5M8JsJZ05m_cqv2eHMH0ZhnJwW3uQP60ToNoei01EFfOCyrhdg42goHmViTTJQUpsuaDrSiYNYbfPGHIuq9a44IElZSlpHRz0mVXuSPqaVTE77vm4e18eNiO3NzERXycjsuKZtMpYrqtzUttrjflDrs3N0UWmgaVusy9Wu74mEjqITz8d1ZsZJUtTgjuUDs88y-6jepuI-nMYeQxyLkcKiOxWhzx3UmirhdHncaxBGV-dNRbFsKuTZdlhNDZjZ8DiLWShjZKLQknY0z9p-A9SVoLOQx2qmcXIvVaeZ3ZMXcM5HI67RodEdHTYzjwQ1_ABvsJ8KxWuZfhhcFDbCyAocczuahbbjWd8KD-PEiiZWkDpeHAYvvDAww0AfLW70Xy4hP5burRY3Cw9y27knd0Fhd3V1fTN3Q3-WkHfL1y0xzBahP_rAnt_fL278_Z27WC4fjg1P163uqOZ0Nc4dE_tJJYisiOdHlBXZoEscliW2o_GHzef0LnZSRE6KxYvi7T1h2KqoHZVtCWxbwIfgZ7HweiV3vvafOv8B0&mkt=en-GB&hosted=0&device_platform=Windows+10
Title: re9;4}(}#($FzS[NM5%_$;xNQ-([pkGfset it9;4}(}#($FzS[NM5%_$;xNQ-([pkGfnow.

Search URL Search Domain Scan URL

URL: https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQIIAYWSu4vTAADGm_au1zvQO0VEEeQGBxXS5tU8Kg49m0uba5LWJO0lgyVt0jyaV9u0aTIdTo43OdwkIg4nLk4iiDffdIuLoyCIgxxOiou9v8Dlgw9-fMv321jDi2QRKkL3c3ARrtzBUKysEX0KpDQcBTEKhkANQ3AQLaM4ikCwXobQydWNrQP6258nN7_Sr3efvnn1-fzvMXDbiqJwWimV4jguBsOhPTCKg8AruZqv2775HgDOAOA7ABxlVw0flMXj7BRHCRzFSJzCcQzBYAinigrCJbzE2mqXjlSmjSgJBPEevWhKZswz7YhH5ITzOJj3VFeoWY66ZHlGhjlmyTs0xj1a8qluNbuspUijiPd4m5eqsSApy53O6Et2U6jOIgu5iGBip8av7PowmHi9MJhGR7nn2YlpRA1nFOm2WWtFCian7LSh2qbLNxGQjOtE0yL0RJtbLT1g91TIjljHpgYttGeIC7_pDQfueMF1zJDSGMVE6WqDEXFWwtvKUBLS_VQQSXjIk464GzHJqDkLU6xOmi5EJCEqzOmpk87mCYmEYrutN4ZUn9ujPTcZDagIdvpwYKhpDZwlrTFIWb3I1H1kZIug2yCEMcu0SEXq-QuC1z153JrLUoDAEYjUFTFs99vYXOt03J2eXN-btYxJzbGZVNUbEJ4ws2RB7ldHeNmtph6PonKP6gwm83A6ZQPJEbvxu1x-eaYX-Ke5y0Fo-La-HU6Coe0aZyvAj5XrhfxW4UZmO3P3GpSrFAobW5mL9nsFeLm6tEU-qDz4ufmRfvvi3q2TT4eZ09VSXVW7jiA1-qQSsIsBYcCxxPnCTuQmlkSNISTAm_N-jdEI7CFcgQ_zwGE-f5q_0qj1eFoSpSpfqz6uIT3oPA88W8t8WP-PfyeXMv8A0&mkt=en-US&hosted=0&device_platform=Windows+10
Title: Forgot my password

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/en-US/servicesagreement/
Title: Te9;4}(}#($FzS[NM5%_$;xNQ-([pkGfrms of uNjM|}lEfU+8ZU:Q.6[!sse

Search URL Search Domain Scan URL

URL: https://privacy.microsoft.com/en-US/privacystatement
Title: PriVxfMj|uypx%6*}s)Y5*)Vk$VERTyGNdGXX08N6%E*GZ7zA+&IIvacy & cookies

Search URL Search Domain Scan URL

URL: https://www.godaddy.com/
Title: GoDaddy

Search URL Search Domain Scan URL

URL: https://sso.godaddy.com/v1/account/reset?app=o365&realm=pass
Title: resetting your password

Search URL Search Domain Scan URL

URL: https://www.okta.com/?internal_link=wic_login
Title: Okta

Search URL Search Domain Scan URL

URL: https://www.okta.com/privacy
Title: Privacy Policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.google.ca/url?jw5a2p=https%3A%2F%2Fwww.jacksonllc.edu&bg=0O&bg=GC&Qg=49&Qg=U8&TA=48&q=amp%2Fgp7kd9.pritikaautoindustries.com%2FA%2Fkeith.foerster%40vertexone.net&opdg=QUc&V1M=aG4&NXE=Q3A HTTP 302
https://www.google.ca/amp/gp7kd9.pritikaautoindustries.com/A/keith.foerster@vertexone.net HTTP 302
http://gp7kd9.pritikaautoindustries.com/A/keith.foerster@vertexone.net HTTP 307
https://gp7kd9.pritikaautoindustries.com/A/keith.foerster@vertexone.net HTTP 302
https://login-microsoftonline.xn--fsqu00a.com/2t0covQxooCaoUOwuDW6gmirJKqS1LyLBZRT6nPMzceLjUrstjm29M10Jc7yW5KX9IRPxrvZpOhLNoENbrmh5b1HqW3fZjjvhdDGeuNR0Lja2AT16TkZiVMNRlDJ6mn14P Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

200

Primary Request 2t0covQxooCaoUOwuDW6gmirJKqS1LyLBZRT6nPMzceLjUrstjm29M10Jc7yW5KX9IRPxrvZpOhLNoENbrmh5b1HqW3fZjjvhdDGeuNR0Lja2AT16TkZiVMNRlDJ6mn14P Show response
login-microsoftonline.xn--fsqu00a.com/
Redirect Chain

https://www.google.ca/url?jw5a2p=https%3A%2F%2Fwww.jacksonllc.edu&bg=0O&bg=GC&Qg=49&Qg=U8&TA=48&q=amp%2Fgp7kd9.pritikaautoindustries.com%2FA%2Fkeith.foerster%40vertexone.net&opdg=QUc&V1M=aG4&NXE=Q3A
https://www.google.ca/amp/gp7kd9.pritikaautoindustries.com/A/keith.foerster@vertexone.net
http://gp7kd9.pritikaautoindustries.com/A/keith.foerster@vertexone.net
https://gp7kd9.pritikaautoindustries.com/A/keith.foerster@vertexone.net
https://login-microsoftonline.xn--fsqu00a.com/2t0covQxooCaoUOwuDW6gmirJKqS1LyLBZRT6nPMzceLjUrstjm29M10Jc7yW5KX9IRPxrvZpOhLNoENbrmh5b1HqW3fZjjvhdDGeuNR0Lja2AT16TkZiVMNRlDJ6mn14P

873 B
1 KB

122ms
80ms

Document
text/html

172.66.47.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://login-microsoftonline.xn--fsqu00a.com/2t0covQxooCaoUOwuDW6gmirJKqS1LyLBZRT6nPMzceLjUrstjm29M10Jc7yW5KX9IRPxrvZpOhLNoENbrmh5b1HqW3fZjjvhdDGeuNR0Lja2AT16TkZiVMNRlDJ6mn14P

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.47.10 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

80227223f8dfd7f572ebb8f628b54aa0cd4ff5b4fea5061b9973b0bfb09ee246

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=0, must-revalidate
cf-ray: 8ff721d4a964a1ec-YYZ
content-encoding: br
content-type: text/html; charset=utf-8
date: Thu, 09 Jan 2025 20:21:10 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority: u=0,i
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KDCY8hLlrXRrQl4mVbRw2xseX%2FhDcTOSZVFNfpKq%2F9F%2F67b05p3aqzzZwefTEzuG2zdQHY7LjzZu9srh3gD9Vq6NidRPZgVAjgL3sS1tbBI76Z22W8MZjec6qnrACKoZ1ayRlmh3y2TXmqrC6ObHRQe6pCuEIG1f"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=QUIC&rtt=23062&min_rtt=22839&rtt_var=5099&sent=11&recv=9&lost=0&retrans=0&sent_bytes=4036&recv_bytes=4691&delivery_rate=25676&cwnd=12000&unsent_bytes=0&cid=56f6c1974484027b&ts=88&x=1" cfExtPri cfHdrFlush;dur=0
vary: Accept-Encoding
x-content-type-options: nosniff

Redirect headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 1617
Content-Type: text/html; charset=utf-8
Date: Thu, 09 Jan 2025 20:21:10 GMT
Expires: 0
Location: https://login-microsoftonline.%E4%BE%8B%E5%AD%90.com/2t0covQxooCaoUOwuDW6gmirJKqS1LyLBZRT6nPMzceLjUrstjm29M10Jc7yW5KX9IRPxrvZpOhLNoENbrmh5b1HqW3fZjjvhdDGeuNR0Lja2AT16TkZiVMNRlDJ6mn14P#C0Y0JnVxanNkdDBENCYxMyYxMyZCMSZDNCY6MyY5MyZpdGJJb3BqdWJkcE1ob2p0VmVicG1mczEzJkU0JjEzJmVicG1vcC94cGVvangxMyYxMyYxMyYxMyZCMSZFOCYxMyYxMyYxMyYxMyZCMSZDNCYzMyZ1Zm8vZm9weWZ1c2Z3QXNmdXRzZnBnL2l1amZsMzMmMTMmRTQmMTMmaXRiaS9vcGp1YmRwbS94cGVvangxMyYxMyYxMyYxMyYxMyYxMyZCMSZDOCYxMyZGNCZFNCYxMyY6MyY5MyYxMyZFNCYxMyZpdGJJb3BqdWJkcE1ob2p0VmVicG1mczEzJnV0b3BkMTMmMTMmMTMmMTMmQjEmRjQmMzMmdXFqc2R0YndiazMzJkU0JmhvYm0xMyZ1cWpzZHRENCYxMyZCMSZGNCZ1cWpzZHQwRDQmMTMmRjQmMzMmdGsveWZlb2owZGYvbnBkL3BsZmVmbnBpL3R1MDBCNCZ0cXV1aTMzJkU0JmRzdDEzJnVxanNkdEQ0Jgs
Pragma: no-cache
Server: gunicorn

GET
H3 200 index.js Show response
ts.homedeko.com.ec/ 135 KB
17 KB 176ms
51ms Script
text/javascript 172.67.188.102
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ts.homedeko.com.ec/index.js

Requested by

Host: login-microsoftonline.xn--fsqu00a.com
URL: https://login-microsoftonline.xn--fsqu00a.com/2t0covQxooCaoUOwuDW6gmirJKqS1LyLBZRT6nPMzceLjUrstjm29M10Jc7yW5KX9IRPxrvZpOhLNoENbrmh5b1HqW3fZjjvhdDGeuNR0Lja2AT16TkZiVMNRlDJ6mn14P

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.188.102 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0053c421ea4a2bdd5a72a2109784f8b657bfeb8c8826e5d8d2949b0d578be5ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"
Referer: https://login-microsoftonline.xn--fsqu00a.com/

Response headers

content-encoding: br
etag: W/"3aefb2234652260b528ef42a994f545d"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LPuyuSr8UVqcEgkdK0VBzTY3eYa4COtT9hpN9%2B3QbJ52l9jCQLh1TnfhX6xmH1hN4%2BXft7zu7%2BbxPEn9zL6%2Bo9922itFEHBQV8WgeoyaqoFC7Fr5YvTyfeIinmuIQqoy9eFB0hQ%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=23234&min_rtt=22927&rtt_var=5081&sent=12&recv=9&lost=0&retrans=0&sent_bytes=4140&recv_bytes=4430&delivery_rate=25384&cwnd=12000&unsent_bytes=0&cid=a4999472f05c585b&ts=62&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 09 Jan 2025 20:21:10 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
priority: u=1,i=?0
cache-control: public, max-age=0, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8ff721d64ee0ac75-YYZ
access-control-allow-origin: *
server: cloudflare

GET
H2 200 jquery-3.6.1.min.js Show response
code.jquery.com/ 88 KB
31 KB 103ms
17ms Script
application/javascript 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.1.min.js
Requested by: Host: login-microsoftonline.xn--fsqu00a.com
URL: https://login-microsoftonline.xn--fsqu00a.com/2t0covQxooCaoUOwuDW6gmirJKqS1LyLBZRT6nPMzceLjUrstjm29M10Jc7yW5KX9IRPxrvZpOhLNoENbrmh5b1HqW3fZjjvhdDGeuNR0Lja2AT16TkZiVMNRlDJ6mn14P
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://login-microsoftonline.xn--fsqu00a.com/

Response headers

content-encoding: gzip
etag: W/"28feccc0-15e40"
age: 2636523
x-cache: HIT, HIT
date: Thu, 09 Jan 2025 20:21:10 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
x-cache-hits: 31810, 32134
x-served-by: cache-lga21975-LGA, cache-yul1970037-YUL
vary: Accept-Encoding
cache-control: public, max-age=31536000, stale-while-revalidate=604800
x-timer: S1736454071.947038,VS0,VE0
cross-origin-resource-policy: cross-origin
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 30957
server: nginx

GET
H3 200 p5Qw9X8rN3.php Show response
login-microsoftonline.com.bossdesk.ai/6d87afe9-22ac-4b55-a6ab-a461dbafb118/ 1 MB
285 KB 1490ms
1228ms XHR
text/html 104.21.32.1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://login-microsoftonline.com.bossdesk.ai/6d87afe9-22ac-4b55-a6ab-a461dbafb118/p5Qw9X8rN3.php
Requested by: Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.6.1.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.32.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 383859d885d602c7b07632b1dde0ebca11802565e515d25d26a9f9ab49306ebb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: */*
Referer: https://login-microsoftonline.xn--fsqu00a.com/

Response headers

content-encoding: zstd
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SGbMrsZFrhw4OKhXTbijagJAu4KlU7qIRtnw8uBZa3443dqkyp%2BXrNNI%2BZQWQqGBp2uw4pFJIyjkR6SzJi%2BIc%2BZjmeQjRKnhVyoRMmCwlnUegEwVUl8fYKrOpNKtExXsPBHqV%2FifkYcE77kPRB6I0%2F1t%2FzndwGf6"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET, POST, OPTIONS
expires: Thu, 19 Nov 1981 08:52:00 GMT
alt-svc: h3=":443"; ma=86400
date: Thu, 09 Jan 2025 20:21:12 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Content-Type
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
cf-ray: 8ff721d95cafac3f-YYZ
access-control-allow-origin: *
server: cloudflare

GET
H3 200 favicon.ico
login-microsoftonline.xn--fsqu00a.com/ 873 B
1 KB 76ms
75ms Other
text/html 172.66.47.10
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://login-microsoftonline.xn--fsqu00a.com/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.47.10 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

80227223f8dfd7f572ebb8f628b54aa0cd4ff5b4fea5061b9973b0bfb09ee246

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://login-microsoftonline.xn--fsqu00a.com/2t0covQxooCaoUOwuDW6gmirJKqS1LyLBZRT6nPMzceLjUrstjm29M10Jc7yW5KX9IRPxrvZpOhLNoENbrmh5b1HqW3fZjjvhdDGeuNR0Lja2AT16TkZiVMNRlDJ6mn14P

Response headers

cache-control: public, max-age=0, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Dp67GMAQ8LrqHC%2Bhj8qZ1yxm80ih85SKIoXRLPWr7G98vY5OMPAvElkFvJDyJ%2FPfGKCY0PKxYf1gzlHBgdqc8gsSea1XvdUSzYIl0JWDSZ3Rz%2FbawyrFLcyP%2F%2B8uRRJyMnq6w3cY%2FW7PaYiEkAO%2FSXAPeEujEfyO"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8ff721d7bc9da1ec-YYZ
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=23029&min_rtt=22839&rtt_var=2921&sent=13&recv=12&lost=0&retrans=0&sent_bytes=5185&recv_bytes=5257&delivery_rate=24088&cwnd=12000&unsent_bytes=0&cid=56f6c1974484027b&ts=574&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 09 Jan 2025 20:21:11 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
server: cloudflare
priority: u=1,i

GET
H2 200 okta-sign-in.min.css
ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/ 218 KB
37 KB 150ms
35ms Stylesheet
text/css 18.160.18.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css

Requested by

Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.6.1.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.160.18.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-160-18-121.iad12.r.cloudfront.net

Software

nginx /

Resource Hash

0e47f4d2af98bfe77921113c8aaf0c53614f88ff14ff819be6612538611ed3d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://login-microsoftonline.xn--fsqu00a.com/

Response headers

content-encoding: gzip
etag: W/"0329c939fca7c78756b94fbcd95e322b"
age: 1190567
expires: Sat, 27 Dec 2025 01:38:26 GMT
x-cache: Hit from cloudfront
x-amz-cf-id: jpKaKCyOJ5nBC5_voWgl13lx6oA1Hf8OVzE4FIV_k3DYV9vPx-9z4g==
date: Fri, 27 Dec 2024 01:38:26 GMT
content-type: text/css
last-modified: Tue, 14 May 2024 21:48:24 GMT
vary: Accept-Encoding
strict-transport-security: max-age=315360000; includeSubDomains
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
via: 1.1 f9c59ce0e830fcb72cbcdb26622739f0.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-meta-sha1sum: 7b5499b46660a0348cc2b22cae927dcc3fda8b20
x-amz-cf-pop: IAD12-P4
server: nginx

GET
H2 200 loginpage-theme.e0d37a504604ef874bad26435d62011f.css
ok4static.oktacdn.com/assets/loginpage/css/ 10 KB
3 KB 144ms
30ms Stylesheet
text/css 18.160.18.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css

Requested by

Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.6.1.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.160.18.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-160-18-121.iad12.r.cloudfront.net

Software

nginx /

Resource Hash

c39ff65e2a102e644eb0bf2e31d2bad3d18f7afb25b3b9ba7a4d46263a711179

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://login-microsoftonline.xn--fsqu00a.com/

Response headers

content-encoding: gzip
etag: W/"e0d37a504604ef874bad26435d62011f"
age: 869538
expires: Tue, 30 Dec 2025 18:48:55 GMT
x-cache: Hit from cloudfront
x-amz-cf-id: h0m5p9W1Qpo4kzBIU48ou9RFkSDXc_Sid0sxH_tO3uCVxOf3SGtpBQ==
date: Mon, 30 Dec 2024 18:48:55 GMT
content-type: text/css
last-modified: Thu, 14 Mar 2024 00:03:58 GMT
vary: Accept-Encoding
strict-transport-security: max-age=315360000; includeSubDomains
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
via: 1.1 f9c59ce0e830fcb72cbcdb26622739f0.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-meta-sha1sum: 4301f0d2b729ae22adece657d79eccaa25f429b1
x-amz-cf-pop: IAD12-P4
server: nginx

GET
H2 200 axios.min.js Show response
cdn.jsdelivr.net/npm/axios/dist/ 53 KB
18 KB 61ms
17ms Script
application/javascript 2a04:4e42:200::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js

Requested by

Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.6.1.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:200::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

9cf48244581d6cb6486d6702f7372292284faef2489a3be419ac1bc70606be72

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://login-microsoftonline.xn--fsqu00a.com/

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"d322-jO32YHmnvWmO/sus6Gyfc4bMqU4"
age: 27453
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Thu, 09 Jan 2025 20:21:13 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-fra-etou8220107-FRA, cache-yul1970037-YUL
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 18369
x-jsd-version: 1.7.9

GET
H2 200 microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
aadcdn.msftauth.net/shared/1.0/content/images/ 4 KB
2 KB 152ms
27ms Image
image/svg+xml 2606:2800:11f:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:11f:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (nyd/D104) /
Resource Hash: 04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://login-microsoftonline.xn--fsqu00a.com/

Response headers

content-md5: nzaLxFgP7ZB3dfMcaybWzw==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-lease-status: unlocked
etag: 0x8D79A1B9F5E121A
age: 25090736
x-ms-version: 2009-09-19
x-cache: HIT
date: Thu, 09 Jan 2025 20:21:13 GMT
content-type: image/svg+xml
last-modified: Thu, 16 Jan 2020 00:32:52 GMT
vary: Accept-Encoding
cache-control: public, max-age=31536000
x-ms-request-id: 6a92840e-701e-00d0-12a1-7e6e40000000
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1435
x-ms-blob-type: BlockBlob
server: ECAcc (nyd/D104)

GET
H2 200 arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
aadcdn.msauth.net/shared/1.0/content/images/ 513 B
832 B 222ms
29ms Image
image/svg+xml 2620:1ec:bdf::40
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aadcdn.msauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:bdf::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://login-microsoftonline.xn--fsqu00a.com/

Response headers

x-cache-info: L1_T2
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8D79B8371B97A82
x-ms-lease-status: unlocked
x-fd-int-roxy-purgeid: 0
x-cache: TCP_HIT
date: Thu, 09 Jan 2025 20:21:13 GMT
content-type: image/svg+xml
last-modified: Fri, 17 Jan 2020 19:28:34 GMT
cache-control: public, max-age=31536000
x-ms-request-id: 953959b0-c01e-005b-6ab7-62fa6d000000
accept-ranges: bytes
access-control-allow-origin: *
content-length: 276
x-azure-ref: 20250109T202113Z-17c6648f788tfnz9hC1YMQpbdc0000000xu000000000wbn1
x-ms-blob-type: BlockBlob

GET
H2 200 signin-options_4e48046ce74f4b89d45037c90576bfac.svg
aadcdn.msauth.net/shared/1.0/content/images/ 2 KB
1 KB 220ms
27ms Image
image/svg+xml 2620:1ec:bdf::40
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aadcdn.msauth.net/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:bdf::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://login-microsoftonline.xn--fsqu00a.com/

Response headers

access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8D8852A7FA6B761
x-ms-lease-status: unlocked
x-fd-int-roxy-purgeid: 0
x-cache: TCP_HIT
date: Thu, 09 Jan 2025 20:21:13 GMT
content-type: image/svg+xml
last-modified: Tue, 10 Nov 2020 03:41:24 GMT
cache-control: public, max-age=31536000
x-ms-request-id: ef38d37e-501e-0076-3dee-5f491e000000
accept-ranges: bytes
access-control-allow-origin: *
content-length: 621
x-azure-ref: 20250109T202113Z-17c6648f788tfnz9hC1YMQpbdc0000000xu000000000wbn0
x-ms-blob-type: BlockBlob

GET
DATA 200
OK truncated
/ 69 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: df6dbab5251e56b405e48aaf57d3cd4188f073ffba71131fa6cd26e6742923ae

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
H2 200 gfsh9pi7jcWKJKMAs1t7
ok4static.oktacdn.com/fs/bcg/4/ 11 KB
11 KB 172ms
63ms Image
image/png 18.160.18.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.160.18.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-160-18-121.iad12.r.cloudfront.net

Software

nginx /

Resource Hash

877ae491d9aac5c6ef82a8430f9f652ace8a0dbc7294bd112aad49bd593769d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://login-microsoftonline.xn--fsqu00a.com/

Response headers

etag: "12bdacc832185d0367ecc23fd24c86ce"
age: 1253467
expires: Fri, 26 Dec 2025 08:10:06 GMT
x-cache: Hit from cloudfront
x-amz-cf-id: ftKJxTHeFyfPz5mbyfA3rb9LpQ3DjcGObGttYsQgKqvG0CC_TbXD9A==
date: Fri, 27 Dec 2024 01:05:05 GMT
content-type: image/png
last-modified: Tue, 23 Feb 2021 04:20:08 GMT
strict-transport-security: max-age=315360000; includeSubDomains
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
via: 1.1 f9c59ce0e830fcb72cbcdb26622739f0.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 10796
x-amz-cf-pop: IAD12-P4
server: nginx

POST khL9kO2fV1.php
login-microsoftonline.com.bossdesk.ai/6d87afe9-22ac-4b55-a6ab-a461dbafb118/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: login-microsoftonline.com.bossdesk.ai
URL: https://login-microsoftonline.com.bossdesk.ai/6d87afe9-22ac-4b55-a6ab-a461dbafb118/khL9kO2fV1.php

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.google.ca/	1970-01-21 06:44:25	Name: NID Value: 520=Wdax76-J9dReCM5W5MvsdrwCUvXjXrcHBlAsATFA2L7pC76kPy_b3uwIZm3mcq-FfBrUHuZOYMJEgNoxLtHN-Zr9yDJz-PmsCnmgRlSaKM3GnxH8JuKqiwHa9jmFy1D0CFVrYoVMB57uXBCo_an2-CmmdKde5ZrDK22KI_iz2p9LNEuEQ0SgH1HLXB6Mtb6w

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://login-microsoftonline.xn--fsqu00a.com/2t0covQxooCaoUOwuDW6gmirJKqS1LyLBZRT6nPMzceLjUrstjm29M10Jc7yW5KX9IRPxrvZpOhLNoENbrmh5b1HqW3fZjjvhdDGeuNR0Lja2AT16TkZiVMNRlDJ6mn14P(Line 37) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ts.homedeko.com.ec/index.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://login-microsoftonline.xn--fsqu00a.com/2t0covQxooCaoUOwuDW6gmirJKqS1LyLBZRT6nPMzceLjUrstjm29M10Jc7yW5KX9IRPxrvZpOhLNoENbrmh5b1HqW3fZjjvhdDGeuNR0Lja2AT16TkZiVMNRlDJ6mn14P(Line 37) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ts.homedeko.com.ec/index.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
recommendation	warning	URL: https://login-microsoftonline.xn--fsqu00a.com/2t0covQxooCaoUOwuDW6gmirJKqS1LyLBZRT6nPMzceLjUrstjm29M10Jc7yW5KX9IRPxrvZpOhLNoENbrmh5b1HqW3fZjjvhdDGeuNR0Lja2AT16TkZiVMNRlDJ6mn14P#keith.foerster@vertexone.net Message: [DOM] Found 4 elements with non-unique id #i0118: (More info: https://goo.gl/9p2vKq) %o %o %o %o
recommendation	warning	URL: https://login-microsoftonline.xn--fsqu00a.com/2t0covQxooCaoUOwuDW6gmirJKqS1LyLBZRT6nPMzceLjUrstjm29M10Jc7yW5KX9IRPxrvZpOhLNoENbrmh5b1HqW3fZjjvhdDGeuNR0Lja2AT16TkZiVMNRlDJ6mn14P#keith.foerster@vertexone.net Message: [DOM] Found 4 elements with non-unique id #i011e: (More info: https://goo.gl/9p2vKq) %o %o %o %o
recommendation	warning	URL: https://login-microsoftonline.xn--fsqu00a.com/2t0covQxooCaoUOwuDW6gmirJKqS1LyLBZRT6nPMzceLjUrstjm29M10Jc7yW5KX9IRPxrvZpOhLNoENbrmh5b1HqW3fZjjvhdDGeuNR0Lja2AT16TkZiVMNRlDJ6mn14P#keith.foerster@vertexone.net Message: [DOM] Found 4 elements with non-unique id #i0281: (More info: https://goo.gl/9p2vKq) %o %o %o %o
recommendation	warning	URL: https://login-microsoftonline.xn--fsqu00a.com/2t0covQxooCaoUOwuDW6gmirJKqS1LyLBZRT6nPMzceLjUrstjm29M10Jc7yW5KX9IRPxrvZpOhLNoENbrmh5b1HqW3fZjjvhdDGeuNR0Lja2AT16TkZiVMNRlDJ6mn14P#keith.foerster@vertexone.net Message: [DOM] Found 4 elements with non-unique id #idSIButton9: (More info: https://goo.gl/9p2vKq) %o %o %o %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aadcdn.msauth.net
aadcdn.msftauth.net
cdn.jsdelivr.net
code.jquery.com
gp7kd9.pritikaautoindustries.com
login-microsoftonline.com.bossdesk.ai
login-microsoftonline.xn--fsqu00a.com
ok4static.oktacdn.com
ts.homedeko.com.ec
www.google.ca
login-microsoftonline.com.bossdesk.ai
104.21.32.1
157.173.199.76
172.66.47.10
172.67.188.102
18.160.18.121
2606:2800:11f:1cb7:261b:1f9c:2074:3c
2620:1ec:bdf::40
2a04:4e42:200::485
2a04:4e42:400::649
64.233.180.94
0053c421ea4a2bdd5a72a2109784f8b657bfeb8c8826e5d8d2949b0d578be5ce
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
0e47f4d2af98bfe77921113c8aaf0c53614f88ff14ff819be6612538611ed3d1
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
383859d885d602c7b07632b1dde0ebca11802565e515d25d26a9f9ab49306ebb
80227223f8dfd7f572ebb8f628b54aa0cd4ff5b4fea5061b9973b0bfb09ee246
877ae491d9aac5c6ef82a8430f9f652ace8a0dbc7294bd112aad49bd593769d0
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93
9cf48244581d6cb6486d6702f7372292284faef2489a3be419ac1bc70606be72
a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74
c39ff65e2a102e644eb0bf2e31d2bad3d18f7afb25b3b9ba7a4d46263a711179
df6dbab5251e56b405e48aaf57d3cd4188f073ffba71131fa6cd26e6742923ae

login-microsoftonline.xn--fsqu00a.com Open in urlscan Pro Puny login-microsoftonline.例子.com IDN 172.66.47.10 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

92 %HTTPS

40 %IPv6

10 Domains

10 Subdomains

9 IPs

3 Countries

409 kBTransfer

1737 kBSize

1 Cookies

8 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

17 JavaScript Global Variables

1 Cookies

6 Console Messages

Security Headers

Indicators

login-microsoftonline.xn--fsqu00a.com Open in urlscan Pro Puny
login-microsoftonline.例子.com IDN
172.66.47.10 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

92 %
HTTPS

40 %
IPv6

10
Domains

10
Subdomains

9
IPs

3
Countries

409 kB
Transfer

1737 kB
Size

1
Cookies

13 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!