urlscan.io logo urlscan.io
SecurityTrails logo

g98ubupz7e.viaesignsafetycheck.com Open in urlscan Pro
2606:4700:3032::6815:296  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://u4410538.ct.sendgrid.net/ls/click?upn=u001.1PEwvY738zCFV5K7SmIPw5ZdiELbjoV0T-2BS0ARsoBkL50Ig3aCm-2B8QJg3lsyhbf1JatVK5hGCy...
Effective URL: https://g98ubupz7e.viaesignsafetycheck.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%...
Submission: On November 02 via api from RU — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 7 domains to perform 21 HTTP transactions. The main IP is 2606:4700:3032::6815:296, located in United States and belongs to CLOUDFLARENET, US. The main domain is g98ubupz7e.viaesignsafetycheck.com.
TLS certificate: Issued by WE1 on October 23rd 2024. Valid for: 3 months.
This is the only time g98ubupz7e.viaesignsafetycheck.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 1 167.89.118.106 11377 (SENDGRID)
1 1 3.122.123.164 16509 (AMAZON-02)
2 2 2a00:1450:400... 15169 (GOOGLE)
1 2 2606:4700:303... 13335 (CLOUDFLAR...)
1 2 2606:4700:303... 13335 (CLOUDFLAR...)
1 20.190.159.64 8075 (MICROSOFT...)
11 2620:1ec:bdf::45 8075 (MICROSOFT...)
7 2a02:26f0:710... 20940 (AKAMAI-ASN1)
21 6
1    167.89.118.106 (Las Vegas, United States)

ASN11377 (SENDGRID, US)
PTR: o16789118x106.outbound-mail.sendgrid.net
u4410538.ct.sendgrid.net
1    3.122.123.164 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-122-123-164.eu-central-1.compute.amazonaws.com
1g08m269.r.eu-central-1.awstrack.me
2    2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.co.uk
2    2606:4700:3034::ac43:8154 (United States)

ASN13335 (CLOUDFLARENET, US)
lvpy246ze2.viaesignsafetycheck.com
2    2606:4700:3032::6815:296 (United States)

ASN13335 (CLOUDFLARENET, US)
0of8ce5mgy.viaesignsafetycheck.com
g98ubupz7e.viaesignsafetycheck.com
1    20.190.159.64 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
login.live.com
11    2620:1ec:bdf::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
aadcdn.msauth.net
7    2a02:26f0:7100::687e:2520 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
r4.res.office365.com
Apex Domain
Subdomains		 Transfer
11 msauth.net
aadcdn.msauth.net — Cisco Umbrella Rank: 860
353 KB
7 office365.com
r4.res.office365.com — Cisco Umbrella Rank: 214
688 KB
4 viaesignsafetycheck.com
lvpy246ze2.viaesignsafetycheck.com
0of8ce5mgy.viaesignsafetycheck.com
g98ubupz7e.viaesignsafetycheck.com
33 KB
2 google.co.uk
www.google.co.uk — Cisco Umbrella Rank: 5087
45 B
1 live.com
login.live.com — Cisco Umbrella Rank: 63
1 awstrack.me
1g08m269.r.eu-central-1.awstrack.me
352 B
1 sendgrid.net
u4410538.ct.sendgrid.net
694 B
21 7
Domain Requested by
11 aadcdn.msauth.net g98ubupz7e.viaesignsafetycheck.com
aadcdn.msauth.net
7 r4.res.office365.com lvpy246ze2.viaesignsafetycheck.com
2 lvpy246ze2.viaesignsafetycheck.com 1 redirects aadcdn.msauth.net
2 www.google.co.uk 2 redirects
1 login.live.com g98ubupz7e.viaesignsafetycheck.com
1 g98ubupz7e.viaesignsafetycheck.com
1 0of8ce5mgy.viaesignsafetycheck.com 1 redirects
1 1g08m269.r.eu-central-1.awstrack.me 1 redirects
1 u4410538.ct.sendgrid.net 1 redirects
21 9

This site contains links to these domains. Also see Links.

Domain
0of8ce5mgy.viaesignsafetycheck.com
www.microsoft.com
privacy.microsoft.com
Subject Issuer Validity Valid
viaesignsafetycheck.com
WE1		 2024-10-23 -
2025-01-21		 3 months crt.sh
login.live.com
DigiCert SHA2 Secure Server CA		 2024-08-19 -
2025-08-19		 a year crt.sh
aadcdn.msauth.net
DigiCert SHA2 Secure Server CA		 2024-07-30 -
2025-07-30		 a year crt.sh
*.res.outlook.com
DigiCert SHA2 Secure Server CA		 2024-10-28 -
2025-10-28		 a year crt.sh

This page contains 2 frames:

Primary Page: https://g98ubupz7e.viaesignsafetycheck.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=3c4e61db-a50a-9010-5a8d-60b79b831e71&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638661716420145184.a8344d90-a47c-407d-bac1-dd71f3877d21&state=DcsxEoAwCABBouNzMGAQ8DkYxtbS70ux110DgLUspVEFTIersrHKQSwnu-zhQyQvwhCbKGSJd0zGTONnuFke3Ord-vtF_wE
Frame ID: F608C42223D9D8DF5828CA264FBEBE88
Requests: 15 HTTP requests in this frame

Frame: https://lvpy246ze2.viaesignsafetycheck.com/owa/prefetch.aspx
Frame ID: 509C0F6F668B92BD37FF1202AEAA0681
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

49iD3rB9xk

Page URL History Show full URLs

  1. https://u4410538.ct.sendgrid.net/ls/click?upn=u001.1PEwvY738zCFV5K7SmIPw5ZdiELbjoV0T-2BS0ARsoBkL50Ig3aCm-2B8Q... HTTP 302
    https://1g08m269.r.eu-central-1.awstrack.me/L0/https:%2F%2Fwww.google.co.uk%2Furl%3Fq=QtJRh8aiDO%26rct=2RUDu%26sa=t%26es... HTTP 302
    https://www.google.co.uk/url?q=QtJRh8aiDO&rct=2RUDu&sa=t&esrc=QtJRh8aiDO&source=&cd=QtJRh8aiDO&uact=&... HTTP 302
    https://www.google.co.uk/amp/lvpy246ze2.viaesignsafetycheck.com/nyVIkPeX HTTP 302
    http://lvpy246ze2.viaesignsafetycheck.com/nyVIkPeX HTTP 307
    https://lvpy246ze2.viaesignsafetycheck.com/nyVIkPeX HTTP 302
    https://0of8ce5mgy.viaesignsafetycheck.com/owa/ HTTP 302
    https://g98ubupz7e.viaesignsafetycheck.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redir... Page URL

Page Statistics

21
Requests

100 %
HTTPS

63 %
IPv6

7
Domains

9
Subdomains

6
IPs

3
Countries

1063 kB
Transfer

4034 kB
Size

18
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://u4410538.ct.sendgrid.net/ls/click?upn=u001.1PEwvY738zCFV5K7SmIPw5ZdiELbjoV0T-2BS0ARsoBkL50Ig3aCm-2B8QJg3lsyhbf1JatVK5hGCypRhsDIAvFncLsS0E-2BJnt7RCpV-2Fj23ncHXhvSz385-2B-2BR-2FKBNQf2KK6xJLPD01Fhmi4MxuOkjWUHvkQs2OqXY6t7InEc-2BTS8NA88fHSoZcsbZ4UY9KXw3CVKTdctaz-2F-2Fd8ulu-2F18siTvbbKn3CyxadpIHMbt4aUeEsJBQKgoAjHbjGYd7Tq60SsqkKFM-2BbAC5bULaKHBXbxu1EBGvZbPq60LALTRoqT0kZ7NoX0-2BGy7JG4BtwVS0T9N-2FOCWr6ZK3ShdgFdPXKd9AYh6FmYdkn8UV9XrfHq1bZmdTArm3N-2BiatPtSWxFOBS0Aa3UUuClEZW9KdCV80-2Bg-2FzyjBZzbV-2FNzrg5q7ioAcp3YugDgAeju8oDD80K0-2FVZSaY56Euf-2B5gtOQqMnn8WUIbfVeTEsPyOYKYPtu-2BkRfdnkBYeN8I3p8uISTlfMcVgfcvwniyLDEKtMuyz6Mk9GEuR7e-2BJhisPgFdZ-2FUraoQ2QXa9NkK7SPT1Nn4g05k-2BZaTINghbu8M-2BtBisaXQpdsU7TNGHgLfOdeZzbMN5MxP0eYCtCkG66wjbRLyaoG4xyDmZUWx-2FIZgbAfyfLkY782UhIYDG63zXgW-2FCxz2FHqHabY-3Db_LO_Vo6NGgsc5emRw3x-2FSp71bZlcKg9LW4e5yOXCB4IZX-2BntexxRSAQ8iVlc4FHWjdnCYABNCCjwMYbP7FQY9k6Wv4iQuI64LSyP-2FkZ-2BN2SSjiz6veOS02wT6SGU7mzv7PuPuOSGN0Iu3xpqNUum64hirR2HYM3FZOWqSpp8-2B7HnyQND8Xsz-2F8vR3w3uFGDdwRGw3A9HC1JQOYmRbJb1fixgz-2FuOmjzVAcZ3QJYmrjMKuZU-3D HTTP 302
    https://1g08m269.r.eu-central-1.awstrack.me/L0/https:%2F%2Fwww.google.co.uk%2Furl%3Fq=QtJRh8aiDO%26rct=2RUDu%26sa=t%26esrc=QtJRh8aiDO%26source=%26cd=QtJRh8aiDO%26uact=%26url=amp%2F%256C%2576%2570%2579%2532%2534%2536%257A%2565%2532%252E%2576%2569%2561%2565%2573%2569%2567%256E%2573%2561%2566%2565%2574%2579%2563%2568%2565%2563%256B%252E%2563%256F%256D%252F%256E%2579%2556%2549%256B%2550%2565%2558/1/01070192e91c8bbd-2241d8ed-e469-4f90-989d-bb99929b2e12-000000/m_mlUIWd_PQ3J6oNi23l45w_K0w=179 HTTP 302
    https://www.google.co.uk/url?q=QtJRh8aiDO&rct=2RUDu&sa=t&esrc=QtJRh8aiDO&source=&cd=QtJRh8aiDO&uact=&url=amp/%6C%76%70%79%32%34%36%7A%65%32%2E%76%69%61%65%73%69%67%6E%73%61%66%65%74%79%63%68%65%63%6B%2E%63%6F%6D%2F%6E%79%56%49%6B%50%65%58 HTTP 302
    https://www.google.co.uk/amp/lvpy246ze2.viaesignsafetycheck.com/nyVIkPeX HTTP 302
    http://lvpy246ze2.viaesignsafetycheck.com/nyVIkPeX HTTP 307
    https://lvpy246ze2.viaesignsafetycheck.com/nyVIkPeX HTTP 302
    https://0of8ce5mgy.viaesignsafetycheck.com/owa/ HTTP 302
    https://g98ubupz7e.viaesignsafetycheck.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=3c4e61db-a50a-9010-5a8d-60b79b831e71&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638661716420145184.a8344d90-a47c-407d-bac1-dd71f3877d21&state=DcsxEoAwCABBouNzMGAQ8DkYxtbS70ux110DgLUspVEFTIersrHKQSwnu-zhQyQvwhCbKGSJd0zGTONnuFke3Ord-vtF_wE Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request authorize
g98ubupz7e.viaesignsafetycheck.com/common/oauth2/
Redirect Chain
  • https://u4410538.ct.sendgrid.net/ls/click?upn=u001.1PEwvY738zCFV5K7SmIPw5ZdiELbjoV0T-2BS0ARsoBkL50Ig3aCm-2B8QJg3lsyhbf1JatVK5hGCypRhsDIAvFncLsS0E-2BJnt7RCpV-2Fj23ncHXhvSz385-2B-2BR-2FKBNQf2KK6xJLPD...
  • https://1g08m269.r.eu-central-1.awstrack.me/L0/https:%2F%2Fwww.google.co.uk%2Furl%3Fq=QtJRh8aiDO%26rct=2RUDu%26sa=t%26esrc=QtJRh8aiDO%26source=%26cd=QtJRh8aiDO%26uact=%26url=amp%2F%256C%2576%2570%2...
  • https://www.google.co.uk/url?q=QtJRh8aiDO&rct=2RUDu&sa=t&esrc=QtJRh8aiDO&source=&cd=QtJRh8aiDO&uact=&url=amp/%6C%76%70%79%32%34%36%7A%65%32%2E%76%69%61%65%73%69%67%6E%73%61%66%65%74%79%63%68%65%63%...
  • https://www.google.co.uk/amp/lvpy246ze2.viaesignsafetycheck.com/nyVIkPeX
  • http://lvpy246ze2.viaesignsafetycheck.com/nyVIkPeX
  • https://lvpy246ze2.viaesignsafetycheck.com/nyVIkPeX
  • https://0of8ce5mgy.viaesignsafetycheck.com/owa/
  • https://g98ubupz7e.viaesignsafetycheck.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-...
42 KB
19 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://g98ubupz7e.viaesignsafetycheck.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=3c4e61db-a50a-9010-5a8d-60b79b831e71&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638661716420145184.a8344d90-a47c-407d-bac1-dd71f3877d21&state=DcsxEoAwCABBouNzMGAQ8DkYxtbS70ux110DgLUspVEFTIersrHKQSwnu-zhQyQvwhCbKGSJd0zGTONnuFke3Ord-vtF_wE
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::6815:296 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cbc876f91af0f984ea24c5940a620cd70b8929ba5d97aff30c67769398700fe9

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache
cf-cache-status
DYNAMIC
cf-ray
8dc671fc4bb4db0c-FRA
content-encoding
br
content-type
text/html; charset=utf-8
date
Sat, 02 Nov 2024 19:14:03 GMT
expires
-1
link
<https://aadcdn.msauth.net>; rel=preconnect; crossorigin,<https://aadcdn.msauth.net>; rel=dns-prefetch,<https://aadcdn.msftauth.net>; rel=dns-prefetch
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
p3p
CP="DSP CUR OTPi IND OTRi ONL FIN"
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+chi"}]}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=24126&sent=24&recv=17&lost=0&retrans=0&sent_bytes=14916&recv_bytes=5628&delivery_rate=475885&cwnd=12000&unsent_bytes=0&cid=f45d214ae7f27c3f&ts=1575&x=1" cfHdrFlush;dur=0
vary
Accept-Encoding
x-dns-prefetch-control
on
x-ms-ests-server
2.1.19343.4 - WUS3 ProdSlices
x-ms-request-id
58297c06-09e1-4583-800e-1ed1ec128a00
x-ms-srs
1.P

Redirect headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8dc671f81f2adb0c-FRA
content-type
text/html; charset=utf-8
date
Sat, 02 Nov 2024 19:14:02 GMT
location
https://g98ubupz7e.viaesignsafetycheck.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=3c4e61db-a50a-9010-5a8d-60b79b831e71&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638661716420145184.a8344d90-a47c-407d-bac1-dd71f3877d21&state=DcsxEoAwCABBouNzMGAQ8DkYxtbS70ux110DgLUspVEFTIersrHKQSwnu-zhQyQvwhCbKGSJd0zGTONnuFke3Ord-vtF_wE
nel
{"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
p3p
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
report-to
{"group":"NelOfficeUpload1","max_age":7200,"endpoints":[{"url":"https://exo.nel.measure.office.net/api/report?TenantId=&FrontEnd=Cafe&DestinationEndpoint=SAT&RemoteIP=2605:7980::&Environment=MT"}],"include_subdomains":true}
request-id
3c4e61db-a50a-9010-5a8d-60b79b831e71
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=25541&sent=12&recv=10&lost=0&retrans=0&sent_bytes=4170&recv_bytes=4496&delivery_rate=593&cwnd=12000&unsent_bytes=0&cid=f45d214ae7f27c3f&ts=661&x=1" cfHdrFlush;dur=0
x-backend-begin
2024-11-02T19:14:02.014
x-backend-end
2024-11-02T19:14:02.014
x-backendhttpstatus
302 302
x-beserver
CH3PR16MB5393
x-besku
WCS7
x-calculatedbetarget
CH3PR16MB5393.namprd16.PROD.OUTLOOK.COM
x-calculatedfetarget
CH5P223CU001.internal.outlook.com
x-diaginfo
CH3PR16MB5393
x-feefzinfo
SAT
x-feproxyinfo
SN6PR16CA0065.NAMPRD16.PROD.OUTLOOK.COM
x-feserver
CH5P223CA0014 SN6PR16CA0065
x-firsthopcafeefz
SAT
x-owa-diagnosticsinfo
4;0;0;
x-proxy-backendserverstatus
302
x-proxy-routingcorrectness
1
x-responseorigin
OwaAppPool
x-rum-notupdatequerieddbcopy
1
x-rum-notupdatequeriedpath
1
x-rum-validated
1
x-ua-compatible
IE=EmulateIE7
Me.htm
login.live.com/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://login.live.com/Me.htm?v=3
Requested by
Host: g98ubupz7e.viaesignsafetycheck.com
URL: https://g98ubupz7e.viaesignsafetycheck.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=3c4e61db-a50a-9010-5a8d-60b79b831e71&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638661716420145184.a8344d90-a47c-407d-bac1-dd71f3877d21&state=DcsxEoAwCABBouNzMGAQ8DkYxtbS70ux110DgLUspVEFTIersrHKQSwnu-zhQyQvwhCbKGSJd0zGTONnuFke3Ord-vtF_wE
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.190.159.64 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://g98ubupz7e.viaesignsafetycheck.com/

Response headers
converged.v2.login.min_nin8k2ycrbzww8zl5vxkaq2.css
aadcdn.msauth.net/ests/2.1/content/cdnbundles/ 		111 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_nin8k2ycrbzww8zl5vxkaq2.css
Requested by
Host: g98ubupz7e.viaesignsafetycheck.com
URL: https://g98ubupz7e.viaesignsafetycheck.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=3c4e61db-a50a-9010-5a8d-60b79b831e71&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638661716420145184.a8344d90-a47c-407d-bac1-dd71f3877d21&state=DcsxEoAwCABBouNzMGAQ8DkYxtbS70ux110DgLUspVEFTIersrHKQSwnu-zhQyQvwhCbKGSJd0zGTONnuFke3Ord-vtF_wE
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
68c2994e21a564345eb3b4091dd2334c9cbddb0aecda45ee963c6de2e1629b93

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://g98ubupz7e.viaesignsafetycheck.com
Referer
https://g98ubupz7e.viaesignsafetycheck.com/

Response headers

access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCDDAAF34D1A25
x-ms-lease-status
unlocked
x-fd-int-roxy-purgeid
0
x-cache
TCP_HIT
date
Sat, 02 Nov 2024 19:14:03 GMT
content-type
text/css
last-modified
Wed, 25 Sep 2024 21:42:27 GMT
cache-control
public, max-age=31536000
x-ms-request-id
9ef45925-901e-001b-71ea-27fd55000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
20400
x-azure-ref
20241102T191403Z-r1687d95c9965pbluyp05c35g00000000ahg00000001g5kv
x-ms-blob-type
BlockBlob
ConvergedLogin_PCore_IzDt-l0Cuie0gYRUoEk15w2.js
aadcdn.msauth.net/shared/1.0/content/js/ 		439 KB
120 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_IzDt-l0Cuie0gYRUoEk15w2.js
Requested by
Host: g98ubupz7e.viaesignsafetycheck.com
URL: https://g98ubupz7e.viaesignsafetycheck.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=3c4e61db-a50a-9010-5a8d-60b79b831e71&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638661716420145184.a8344d90-a47c-407d-bac1-dd71f3877d21&state=DcsxEoAwCABBouNzMGAQ8DkYxtbS70ux110DgLUspVEFTIersrHKQSwnu-zhQyQvwhCbKGSJd0zGTONnuFke3Ord-vtF_wE
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
6379d57694ecb499626f889744fb47d1979dde32c9f95bcaf48e318642a8c292

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://g98ubupz7e.viaesignsafetycheck.com
Referer
https://g98ubupz7e.viaesignsafetycheck.com/

Response headers

access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCE4DDB9B391BE
x-ms-lease-status
unlocked
x-fd-int-roxy-purgeid
4554691
x-cache
TCP_HIT
date
Sat, 02 Nov 2024 19:14:03 GMT
content-type
application/x-javascript
last-modified
Sat, 05 Oct 2024 01:33:33 GMT
cache-control
public, max-age=31536000
x-ms-request-id
48fc225a-801e-0017-12d3-276a5d000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
122342
x-azure-ref
20241102T191403Z-r1687d95c9965pbluyp05c35g00000000ahg00000001g5kx
x-ms-blob-type
BlockBlob
ux.converged.login.strings-de.min_ko72obxvu9yj3q3_akvs9q2.js
aadcdn.msauth.net/ests/2.1/content/cdnbundles/ 		63 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-de.min_ko72obxvu9yj3q3_akvs9q2.js
Requested by
Host: g98ubupz7e.viaesignsafetycheck.com
URL: https://g98ubupz7e.viaesignsafetycheck.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=3c4e61db-a50a-9010-5a8d-60b79b831e71&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638661716420145184.a8344d90-a47c-407d-bac1-dd71f3877d21&state=DcsxEoAwCABBouNzMGAQ8DkYxtbS70ux110DgLUspVEFTIersrHKQSwnu-zhQyQvwhCbKGSJd0zGTONnuFke3Ord-vtF_wE
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
b9df4bf16fcb24c8da35cf1a1e891f5a4c8d4bceb89a7cf1ffd5a0f29a6d43ba

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://g98ubupz7e.viaesignsafetycheck.com
Referer
https://g98ubupz7e.viaesignsafetycheck.com/

Response headers

access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCC6D5379BFE3A
x-ms-lease-status
unlocked
x-fd-int-roxy-purgeid
4554691
x-cache
TCP_HIT
date
Sat, 02 Nov 2024 19:14:03 GMT
content-type
application/x-javascript
last-modified
Tue, 27 Aug 2024 20:17:04 GMT
cache-control
public, max-age=31536000
x-ms-request-id
9af1765d-c01e-0015-6cea-27eb48000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
17996
x-azure-ref
20241102T191403Z-r1687d95c9965pbluyp05c35g00000000ahg00000001g5kw
x-ms-blob-type
BlockBlob
truncated
/ 		341 B
0 		Script
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
90682803943448f3acffc81014c87fdd71f30d8cf97335fcea451fac1e568221

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
text/javascript
truncated
/ 		3 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cc9f6f9584312720681d152323dbb41d631fe03498f5b94958ef38baeb2046ba

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
text/javascript
convergedlogin_pcustomizationloader_117b650bccea354984d8.js
aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/ 		397 KB
114 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js
Requested by
Host: aadcdn.msauth.net
URL: https://aadcdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_IzDt-l0Cuie0gYRUoEk15w2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
da4a8df0c326292b5bee9c732b3c962fd67aaf2f99d850f1bf65068d573c5619

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://g98ubupz7e.viaesignsafetycheck.com/

Response headers

access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCBD5317046A2F
x-ms-lease-status
unlocked
x-fd-int-roxy-purgeid
4554691
x-cache
TCP_HIT
date
Sat, 02 Nov 2024 19:14:03 GMT
content-type
application/x-javascript
last-modified
Thu, 15 Aug 2024 17:52:54 GMT
cache-control
public, max-age=31536000
x-ms-request-id
81338e68-201e-005b-6af4-268dd2000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
116365
x-azure-ref
20241102T191403Z-r1687d95c997tpvr8k425zx8kg0000000cyg00000000y41g
x-ms-blob-type
BlockBlob
prefetch.aspx
lvpy246ze2.viaesignsafetycheck.com/owa/ Frame 509C 		7 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://lvpy246ze2.viaesignsafetycheck.com/owa/prefetch.aspx
Requested by
Host: aadcdn.msauth.net
URL: https://aadcdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_IzDt-l0Cuie0gYRUoEk15w2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::ac43:8154 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d9c901cb4a8f614a37f41268446195a16f49afd927096b6edc321a13cdd816db

Request headers

Referer
https://g98ubupz7e.viaesignsafetycheck.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
private, no-store
cf-cache-status
DYNAMIC
cf-ray
8dc672065e093cc5-CDG
content-encoding
br
content-type
text/html; charset=utf-8
date
Sat, 02 Nov 2024 19:14:04 GMT
nel
{"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
report-to
{"group":"NelOfficeUpload1","max_age":7200,"endpoints":[{"url":"https://exo.nel.measure.office.net/api/report?TenantId=&FrontEnd=Cafe&DestinationEndpoint=SAT&RemoteIP=2605:7980::&Environment=MT"}],"include_subdomains":true}
request-id
db97180d-3751-bec0-4d87-6ff994856156
server
cloudflare
server-timing
cfL4;desc="?proto=TCP&rtt=33909&sent=15&recv=20&lost=0&retrans=0&sent_bytes=9105&recv_bytes=2554&delivery_rate=273339&cwnd=133&unsent_bytes=0&cid=a63e4d6c3b4f7f64&ts=3517&x=0"
x-backend-begin
2024-11-02T19:14:04.269
x-backend-end
2024-11-02T19:14:04.269
x-backendhttpstatus
200 200
x-beserver
SJ0PR16MB4774
x-besku
WCS7
x-calculatedbetarget
SJ0PR16MB4774.namprd16.PROD.OUTLOOK.COM
x-calculatedfetarget
SJ0PR03CU008.internal.outlook.com
x-diaginfo
SJ0PR16MB4774
x-feefzinfo
SAT
x-feproxyinfo
SN6PR16CA0050.NAMPRD16.PROD.OUTLOOK.COM
x-feserver
SJ0PR03CA0240 SN6PR16CA0050
x-firsthopcafeefz
SAT
x-owa-diagnosticsinfo
4;0;0;
x-owa-version
15.20.8114.23
x-proxy-backendserverstatus
200
x-proxy-routingcorrectness
1
x-responseorigin
OwaAppPool
x-rum-notupdatequerieddbcopy
1
x-rum-notupdatequeriedpath
1
x-rum-validated
1
x-ua-compatible
IE=EmulateIE7
49-small_2055002f2daae2ed8f69f03944c0e5d9.jpg
aadcdn.msauth.net/shared/1.0/content/images/appbackgrounds/ 		987 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msauth.net/shared/1.0/content/images/appbackgrounds/49-small_2055002f2daae2ed8f69f03944c0e5d9.jpg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
8b34a475187302935336bf43a2bf2a4e0adb9a1e87953ea51f6fcf0ef52a4a1d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://g98ubupz7e.viaesignsafetycheck.com/

Response headers

access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
etag
0x8DB5C3F457E15E1
x-fd-int-roxy-purgeid
4554691
x-cache
TCP_HIT
date
Sat, 02 Nov 2024 19:14:03 GMT
content-type
image/jpeg
last-modified
Wed, 24 May 2023 10:11:42 GMT
cache-control
public, max-age=31536000
x-ms-request-id
faf0bf0b-801e-000f-19fc-26c285000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
987
x-azure-ref
20241102T191403Z-r1687d95c997tpvr8k425zx8kg0000000cyg00000000y424
x-ms-blob-type
BlockBlob
49_6ffe0a92d779c878835b40171ffc2e13.jpg
aadcdn.msauth.net/shared/1.0/content/images/appbackgrounds/ 		17 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msauth.net/shared/1.0/content/images/appbackgrounds/49_6ffe0a92d779c878835b40171ffc2e13.jpg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
d8f5ab3e00202fd3b45be1acd95d677b137064001e171bc79b06826d98f1e1d3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://g98ubupz7e.viaesignsafetycheck.com/

Response headers

access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
etag
0x8DB5C3F4584F323
x-fd-int-roxy-purgeid
4554691
x-cache
TCP_HIT
date
Sat, 02 Nov 2024 19:14:03 GMT
content-type
image/jpeg
last-modified
Wed, 24 May 2023 10:11:42 GMT
cache-control
public, max-age=31536000
x-ms-request-id
30912821-001e-0073-30f4-26ec7a000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
17453
x-azure-ref
20241102T191403Z-r1687d95c997tpvr8k425zx8kg0000000cyg00000000y425
x-ms-blob-type
BlockBlob
53_7a3c80bf9694448bac31a9589d2e9e92.png
aadcdn.msauth.net/shared/1.0/content/images/applogos/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msauth.net/shared/1.0/content/images/applogos/53_7a3c80bf9694448bac31a9589d2e9e92.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e4e1e65871749d18aea150643c07e0aab2057da057c6c57ec1c3c43580e1c898

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://g98ubupz7e.viaesignsafetycheck.com/

Response headers

access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
etag
0x8DB5C3F475BAFC0
x-fd-int-roxy-purgeid
4554691
x-cache
TCP_HIT
date
Sat, 02 Nov 2024 19:14:03 GMT
content-type
image/png
last-modified
Wed, 24 May 2023 10:11:45 GMT
cache-control
public, max-age=31536000
x-ms-request-id
d88ecea1-601e-0051-65f4-266177000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
5139
x-azure-ref
20241102T191403Z-r1687d95c997tpvr8k425zx8kg0000000cyg00000000y426
x-ms-blob-type
BlockBlob
microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
aadcdn.msauth.net/shared/1.0/content/images/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://g98ubupz7e.viaesignsafetycheck.com/

Response headers

access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DB5C3F4911527F
x-ms-lease-status
unlocked
x-fd-int-roxy-purgeid
4554691
x-cache
TCP_HIT
date
Sat, 02 Nov 2024 19:14:03 GMT
content-type
image/svg+xml
last-modified
Wed, 24 May 2023 10:11:48 GMT
cache-control
public, max-age=31536000
x-ms-request-id
ef822be7-201e-0040-5cf4-26fbc3000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
1435
x-azure-ref
20241102T191403Z-r1687d95c997tpvr8k425zx8kg0000000cyg00000000y427
x-ms-blob-type
BlockBlob
convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d.js
aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/ 		111 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d.js
Requested by
Host: aadcdn.msauth.net
URL: https://aadcdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_IzDt-l0Cuie0gYRUoEk15w2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
ddd0bb1c19b3d2d045bfcde85d2020bba57854c887a6691b66dba3da1bb3afbe

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://g98ubupz7e.viaesignsafetycheck.com/

Response headers

access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCBD5317AEB807
x-ms-lease-status
unlocked
x-fd-int-roxy-purgeid
4554691
x-cache
TCP_HIT
date
Sat, 02 Nov 2024 19:14:03 GMT
content-type
application/x-javascript
last-modified
Thu, 15 Aug 2024 17:52:55 GMT
cache-control
public, max-age=31536000
x-ms-request-id
0a3b701d-501e-0059-7ef4-2644d5000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
35168
x-azure-ref
20241102T191403Z-r1687d95c997tpvr8k425zx8kg0000000cyg00000000y42a
x-ms-blob-type
BlockBlob
favicon_a_eupayfgghqiai7k9sol6lg2.ico
aadcdn.msauth.net/shared/1.0/content/images/ 		17 KB
17 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://g98ubupz7e.viaesignsafetycheck.com/

Response headers

access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
etag
0x8D8731230C851A6
x-fd-int-roxy-purgeid
4554691
x-cache
TCP_HIT
date
Sat, 02 Nov 2024 19:14:03 GMT
content-type
image/x-icon
last-modified
Sun, 18 Oct 2020 03:02:03 GMT
cache-control
public, max-age=31536000
x-ms-request-id
ca102ef7-401e-0045-30f4-2616b5000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
17174
x-azure-ref
20241102T191403Z-r1687d95c997tpvr8k425zx8kg0000000cyg00000000y42w
x-ms-blob-type
BlockBlob
signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg
aadcdn.msauth.net/shared/1.0/content/images/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msauth.net/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://g98ubupz7e.viaesignsafetycheck.com/

Response headers

access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DB5C3F49ED96E0
x-ms-lease-status
unlocked
x-fd-int-roxy-purgeid
4554691
x-cache
TCP_HIT
date
Sat, 02 Nov 2024 19:14:04 GMT
content-type
image/svg+xml
last-modified
Wed, 24 May 2023 10:11:49 GMT
cache-control
public, max-age=31536000
x-ms-request-id
3dfbeadf-a01e-0003-3cf2-261d9f000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
621
x-azure-ref
20241102T191404Z-r1687d95c997tpvr8k425zx8kg0000000cyg00000000y439
x-ms-blob-type
BlockBlob
truncated
/ Frame 509C 		341 B
0 		Script
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
90682803943448f3acffc81014c87fdd71f30d8cf97335fcea451fac1e568221

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
text/javascript
truncated
/ Frame 509C 		3 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
04138d1934b81392707ca56857b8a1cedf8d778a72082987354dd76b74e059a2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
text/javascript
boot.worldwide.0.mouse.js
r4.res.office365.com/owa/prem/15.20.8114.24/scripts/ Frame 509C 		648 KB
176 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r4.res.office365.com/owa/prem/15.20.8114.24/scripts/boot.worldwide.0.mouse.js
Requested by
Host: lvpy246ze2.viaesignsafetycheck.com
URL: https://lvpy246ze2.viaesignsafetycheck.com/owa/prefetch.aspx
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100::687e:2520 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
d5238dcd5576de5c01381727798f579c4722e1c0b07f544135fbe537d7ccf94f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://lvpy246ze2.viaesignsafetycheck.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
public,max-age=630720000, s-maxage=630720000
timing-allow-origin
*
content-encoding
gzip
accept-ranges
bytes
access-control-allow-origin
*
content-length
179692
date
Sat, 02 Nov 2024 19:14:04 GMT
content-type
application/x-javascript
last-modified
Tue, 08 Oct 2024 23:14:20 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
boot.worldwide.1.mouse.js
r4.res.office365.com/owa/prem/15.20.8114.24/scripts/ Frame 509C 		644 KB
160 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r4.res.office365.com/owa/prem/15.20.8114.24/scripts/boot.worldwide.1.mouse.js
Requested by
Host: lvpy246ze2.viaesignsafetycheck.com
URL: https://lvpy246ze2.viaesignsafetycheck.com/owa/prefetch.aspx
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100::687e:2520 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
5f5adbc771d02801fb69961683d3ee1f50b7e9c8a66dc3f3cc86263a3f995c0d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://lvpy246ze2.viaesignsafetycheck.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
public,max-age=630720000, s-maxage=630720000
timing-allow-origin
*
content-encoding
gzip
accept-ranges
bytes
access-control-allow-origin
*
content-length
163064
date
Sat, 02 Nov 2024 19:14:04 GMT
content-type
application/x-javascript
last-modified
Tue, 08 Oct 2024 23:14:13 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
boot.worldwide.2.mouse.js
r4.res.office365.com/owa/prem/15.20.8114.24/scripts/ Frame 509C 		647 KB
166 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r4.res.office365.com/owa/prem/15.20.8114.24/scripts/boot.worldwide.2.mouse.js
Requested by
Host: lvpy246ze2.viaesignsafetycheck.com
URL: https://lvpy246ze2.viaesignsafetycheck.com/owa/prefetch.aspx
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100::687e:2520 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
58fa5e4a247076c76b9683f01fdf108f54ff88fda4221b2de376eb96d1f2ba2a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://lvpy246ze2.viaesignsafetycheck.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
public,max-age=630720000, s-maxage=630720000
timing-allow-origin
*
content-encoding
gzip
accept-ranges
bytes
access-control-allow-origin
*
content-length
169666
date
Sat, 02 Nov 2024 19:14:04 GMT
content-type
application/x-javascript
last-modified
Tue, 08 Oct 2024 23:14:20 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
boot.worldwide.3.mouse.js
r4.res.office365.com/owa/prem/15.20.8114.24/scripts/ Frame 509C 		645 KB
142 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r4.res.office365.com/owa/prem/15.20.8114.24/scripts/boot.worldwide.3.mouse.js
Requested by
Host: lvpy246ze2.viaesignsafetycheck.com
URL: https://lvpy246ze2.viaesignsafetycheck.com/owa/prefetch.aspx
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100::687e:2520 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
1f90c3543f5b76b8295a8d298dbce301d9c379027c128b47fda21e002638107f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://lvpy246ze2.viaesignsafetycheck.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
public,max-age=630720000, s-maxage=630720000
timing-allow-origin
*
content-encoding
gzip
accept-ranges
bytes
access-control-allow-origin
*
content-length
145599
date
Sat, 02 Nov 2024 19:14:04 GMT
content-type
application/x-javascript
last-modified
Tue, 08 Oct 2024 23:14:14 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
sprite1.mouse.png
r4.res.office365.com/owa/prem/15.20.8114.24/resources/images/0/ Frame 509C 		132 B
327 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r4.res.office365.com/owa/prem/15.20.8114.24/resources/images/0/sprite1.mouse.png
Requested by
Host: lvpy246ze2.viaesignsafetycheck.com
URL: https://lvpy246ze2.viaesignsafetycheck.com/owa/prefetch.aspx
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100::687e:2520 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
3ab09a213eedd51a0eb0e4bc5e6e96c472032dd937420e7e233ea54775c7e024
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://lvpy246ze2.viaesignsafetycheck.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
public,max-age=630720000, s-maxage=630720000
timing-allow-origin
*
accept-ranges
bytes
access-control-allow-origin
*
content-length
132
date
Sat, 02 Nov 2024 19:14:04 GMT
content-type
image/png
last-modified
Tue, 08 Oct 2024 23:24:14 GMT
server
AkamaiNetStorage
sprite1.mouse.css
r4.res.office365.com/owa/prem/15.20.8114.24/resources/images/0/ Frame 509C 		994 B
503 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r4.res.office365.com/owa/prem/15.20.8114.24/resources/images/0/sprite1.mouse.css
Requested by
Host: lvpy246ze2.viaesignsafetycheck.com
URL: https://lvpy246ze2.viaesignsafetycheck.com/owa/prefetch.aspx
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100::687e:2520 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
6d1be7ed96dd494447f348986317faf64728ccf788be551f2a621b31ddc929ac
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://lvpy246ze2.viaesignsafetycheck.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
public,max-age=630720000, s-maxage=630720000
timing-allow-origin
*
content-encoding
gzip
accept-ranges
bytes
access-control-allow-origin
*
content-length
288
date
Sat, 02 Nov 2024 19:14:04 GMT
content-type
text/css
last-modified
Tue, 08 Oct 2024 23:24:12 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
boot.worldwide.mouse.css
r4.res.office365.com/owa/prem/15.20.8114.24/resources/styles/0/ Frame 509C 		227 KB
43 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r4.res.office365.com/owa/prem/15.20.8114.24/resources/styles/0/boot.worldwide.mouse.css
Requested by
Host: lvpy246ze2.viaesignsafetycheck.com
URL: https://lvpy246ze2.viaesignsafetycheck.com/owa/prefetch.aspx
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100::687e:2520 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
37619b16288166cc76403f0b7df6586349b2d5628de00d5850c815d019b17904
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://lvpy246ze2.viaesignsafetycheck.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
public,max-age=630720000, s-maxage=630720000
timing-allow-origin
*
content-encoding
gzip
accept-ranges
bytes
access-control-allow-origin
*
content-length
44144
date
Sat, 02 Nov 2024 19:14:04 GMT
content-type
text/css
last-modified
Tue, 08 Oct 2024 23:24:42 GMT
server
AkamaiNetStorage
vary
Accept-Encoding

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

23 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| $Config object| $Debug object| $Do function| $Loader object| $WebWatson function| GetString function| GetErrorString function| GetUrl object| $B object| ServerData object| webpackJsonp object| ko object| PROOF object| StringRepository object| Telemetry object| telemetry_webpackJsonp boolean| __ConvergedLogin_PCore boolean| __ function| c function| lp boolean| __convergedlogin_pcustomizationloader_117b650bccea354984d8 boolean| __convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d

18 Cookies

Domain/Path Name / Value
.google.co.uk/ Name: __Secure-ENID
Value: 23.SE=YhkbQPHYWucYTfvCyJV8cu0JDVnBxNNZUkTa_YOuXcrZBFB3b0j-zYNFpghaSZl9x8q88HGHweXey3b7n_kOjXK16NMyq-JuVH1MuS73FNAU8aylIhq3_ckrPJZz3r6UnVB8lzaer0zuCNPRYAtsKJV12Ophv7Dt5PH9Wh039Z1U2rR-G4a-d83kabcrdSGMi-1SpXzt
.viaesignsafetycheck.com/ Name: YuRv
Value: fce340e238471639446f24f8fa6f6c8c4bbb3594b218faea28c147c0e696bbbb
0of8ce5mgy.viaesignsafetycheck.com/ Name: ClientId
Value: B0D91366ACEB49458C3869BE1C40E6AB
0of8ce5mgy.viaesignsafetycheck.com/ Name: OIDC
Value: 1
0of8ce5mgy.viaesignsafetycheck.com/ Name: OpenIdConnect.nonce.v3.FSURoSXUzI7UDhHHYY97h3G-rI0WHHuEoZvSLarGpqM
Value: 638661716420145184.a8344d90-a47c-407d-bac1-dd71f3877d21
0of8ce5mgy.viaesignsafetycheck.com/ Name: X-OWA-RedirectHistory
Value: ArLym14BIDDdgnL73Ag
g98ubupz7e.viaesignsafetycheck.com/ Name: buid
Value: 1.AXcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAB3AA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFeGMhcTa6pTlRAluDwiC_77HTpBqPRI7eDC1kln9pXCrwUj6CfbCpgRPm3dcBnbyd6cfAJFwsaO6mAxYb17Trc1hEGz282fRgCZYNXVbz6Ar8gAA
.g98ubupz7e.viaesignsafetycheck.com/ Name: esctx
Value: PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeP3_VyCALoh-I5kaKGpjYYu3SsSMUFlkChsNP_L8eK0DBeoEiYawzdfrDfLVukhXcqL7ym27N32-OqborDzID6UDcWbfRqwbBrrSH1BzAeFBMO03lnt42bnRSjpnAtHPZdL6VZ6T3UuKf7ZGtFvCd24abj5zoNMk1b5af0edMgLwgAA
.g98ubupz7e.viaesignsafetycheck.com/ Name: esctx-nektFeqqYxs
Value: AQABCQEAAADW6jl31mB3T7ugrWTT8pFe0n90iRzkiy4hFWfVCBD7RFA_iulk7hPGxtbSJtS6pIKhWTJHoGQaXOgL_lp78ZpRHb6riAWLV_Vx2oQRqDf6aYl4Cfg9KiqDICnyRYvkfzYvIkzmO6E9Mq0SnWBGI1LLYsvhdHMmg2zdT_V2ULFVUyAA
g98ubupz7e.viaesignsafetycheck.com/ Name: fpc
Value: AqlpXy77_idEi6LHaDCGZNOerOTJAQAAAPpwuN4OAAAA
g98ubupz7e.viaesignsafetycheck.com/ Name: x-ms-gateway-slice
Value: estsfd
g98ubupz7e.viaesignsafetycheck.com/ Name: stsservicecookie
Value: estsfd
.g98ubupz7e.viaesignsafetycheck.com/ Name: brcap
Value: 0
.login.live.com/ Name: uaid
Value: 501763085ab148b6ac745346f0b9bb50
.login.live.com/ Name: MSPRequ
Value: id=N&lt=1730574843&co=1
lvpy246ze2.viaesignsafetycheck.com/ Name: ClientId
Value: 4B67256F4E394858987577F5C0F3ACA8
lvpy246ze2.viaesignsafetycheck.com/ Name: OIDC
Value: 1
lvpy246ze2.viaesignsafetycheck.com/ Name: OWAPF
Value: v:15.20.8114.24&l:mouse

1 Console Messages

Source Level URL
Text
recommendation verbose URL: https://g98ubupz7e.viaesignsafetycheck.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=3c4e61db-a50a-9010-5a8d-60b79b831e71&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638661716420145184.a8344d90-a47c-407d-bac1-dd71f3877d21&state=DcsxEoAwCABBouNzMGAQ8DkYxtbS70ux110DgLUspVEFTIersrHKQSwnu-zhQyQvwhCbKGSJd0zGTONnuFke3Ord-vtF_wE
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0of8ce5mgy.viaesignsafetycheck.com
1g08m269.r.eu-central-1.awstrack.me
aadcdn.msauth.net
g98ubupz7e.viaesignsafetycheck.com
login.live.com
lvpy246ze2.viaesignsafetycheck.com
r4.res.office365.com
u4410538.ct.sendgrid.net
www.google.co.uk
167.89.118.106
20.190.159.64
2606:4700:3032::6815:296
2606:4700:3034::ac43:8154
2620:1ec:bdf::45
2a00:1450:4001:810::2003
2a02:26f0:7100::687e:2520
3.122.123.164
04138d1934b81392707ca56857b8a1cedf8d778a72082987354dd76b74e059a2
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
1f90c3543f5b76b8295a8d298dbce301d9c379027c128b47fda21e002638107f
37619b16288166cc76403f0b7df6586349b2d5628de00d5850c815d019b17904
3ab09a213eedd51a0eb0e4bc5e6e96c472032dd937420e7e233ea54775c7e024
58fa5e4a247076c76b9683f01fdf108f54ff88fda4221b2de376eb96d1f2ba2a
5f5adbc771d02801fb69961683d3ee1f50b7e9c8a66dc3f3cc86263a3f995c0d
6379d57694ecb499626f889744fb47d1979dde32c9f95bcaf48e318642a8c292
68c2994e21a564345eb3b4091dd2334c9cbddb0aecda45ee963c6de2e1629b93
6d1be7ed96dd494447f348986317faf64728ccf788be551f2a621b31ddc929ac
8b34a475187302935336bf43a2bf2a4e0adb9a1e87953ea51f6fcf0ef52a4a1d
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93
90682803943448f3acffc81014c87fdd71f30d8cf97335fcea451fac1e568221
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
b9df4bf16fcb24c8da35cf1a1e891f5a4c8d4bceb89a7cf1ffd5a0f29a6d43ba
cbc876f91af0f984ea24c5940a620cd70b8929ba5d97aff30c67769398700fe9
cc9f6f9584312720681d152323dbb41d631fe03498f5b94958ef38baeb2046ba
d5238dcd5576de5c01381727798f579c4722e1c0b07f544135fbe537d7ccf94f
d8f5ab3e00202fd3b45be1acd95d677b137064001e171bc79b06826d98f1e1d3
d9c901cb4a8f614a37f41268446195a16f49afd927096b6edc321a13cdd816db
da4a8df0c326292b5bee9c732b3c962fd67aaf2f99d850f1bf65068d573c5619
ddd0bb1c19b3d2d045bfcde85d2020bba57854c887a6691b66dba3da1bb3afbe
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4e1e65871749d18aea150643c07e0aab2057da057c6c57ec1c3c43580e1c898