xpaycdn.azureedge.net Open in urlscan Pro
2620:1ec:bdf::60 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://xpaycdn.azureedge.net/
Submission: On February 23 via manual (February 23rd 2024, 7:46:42 am UTC) from IN — Scanned from DE

Summary HTTP 32 Redirects Behaviour Indicators

Summary

This website contacted 10 IPs in 5 countries across 9 domains to perform 32 HTTP transactions. The main IP is 2620:1ec:bdf::60, located in United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is xpaycdn.azureedge.net. The Cisco Umbrella rank of the primary domain is 10782.
TLS certificate: Issued by Microsoft Azure RSA TLS Issuing CA 07 on January 12th 2024. Valid for: a year.

This is the only time xpaycdn.azureedge.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
4	2620:1ec:bdf::60 2620:1ec:bdf::60	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2620:1ec:bdf::45 2620:1ec:bdf::45	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
5	20.231.53.73 20.231.53.73	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a02:26f0:350... 2a02:26f0:3500:581::33e7	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
10	143.204.98.38 143.204.98.38	16509 (AMAZON-02) (AMAZON-02)
1	2603:1027:1:d... 2603:1027:1:d8::7	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4	52.168.117.171 52.168.117.171	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 2	68.219.88.97 68.219.88.97	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 2	2603:1026:300... 2603:1026:3000:108::8	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2603:1026:300... 2603:1026:3000:148::7	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
32	10

4 2620:1ec:bdf::60 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

xpaycdn.azureedge.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
wallet-static.azureedge.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:bdf::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 20.231.53.73 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

q.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:3500:581::33e7 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

static2.sharepointonline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 143.204.98.38 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-38.fra50.r.cloudfront.net

logos.benevity.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2603:1027:1:d8::7 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

login.microsoftonline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.168.117.171 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

browser.events.data.microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 68.219.88.97 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2603:1026:3000:108::8 (Paris, France) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

login.windows-ppe.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2603:1026:3000:148::7 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

login.live-int.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	benevity.org logos.benevity.org — Cisco Umbrella Rank: 268409	266 KB
9	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 777 q.clarity.ms — Cisco Umbrella Rank: 7247 c.clarity.ms — Cisco Umbrella Rank: 1351	28 KB
4	microsoft.com browser.events.data.microsoft.com — Cisco Umbrella Rank: 132	505 B
4	azureedge.net xpaycdn.azureedge.net — Cisco Umbrella Rank: 10782 wallet-static.azureedge.net — Cisco Umbrella Rank: 149206	1 MB
2	live-int.com login.live-int.com — Cisco Umbrella Rank: 246750	7 KB
2	windows-ppe.net 1 redirects login.windows-ppe.net — Cisco Umbrella Rank: 47604	4 KB
2	sharepointonline.com static2.sharepointonline.com — Cisco Umbrella Rank: 1945	67 KB
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 242	762 B
1	microsoftonline.com login.microsoftonline.com — Cisco Umbrella Rank: 11	2 KB
32	9

	Domain	Requested by
10	logos.benevity.org	xpaycdn.azureedge.net
5	q.clarity.ms	www.clarity.ms
4	browser.events.data.microsoft.com	xpaycdn.azureedge.net
3	xpaycdn.azureedge.net	xpaycdn.azureedge.net
2	login.live-int.com	xpaycdn.azureedge.net login.live-int.com
2	login.windows-ppe.net	1 redirects xpaycdn.azureedge.net
2	c.clarity.ms	1 redirects
2	static2.sharepointonline.com	xpaycdn.azureedge.net
2	www.clarity.ms	xpaycdn.azureedge.net www.clarity.ms
1	c.bing.com	1 redirects
1	wallet-static.azureedge.net	xpaycdn.azureedge.net
1	login.microsoftonline.com	xpaycdn.azureedge.net
32	12

This site contains no links.

Subject Issuer	Validity	Valid
*.azureedge.net Microsoft Azure RSA TLS Issuing CA 07	`2024-01-12` - `2025-01-06`	a year	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2023-12-07` - `2024-12-07`	a year	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 01	`2024-01-14` - `2024-06-27`	5 months	crt.sh
privatecdn.sharepointonline.com DigiCert SHA2 Secure Server CA	`2023-09-05` - `2024-09-05`	a year	crt.sh
benevity.org Amazon RSA 2048 M01	`2023-05-03` - `2024-05-31`	a year	crt.sh
stamp2.login.microsoftonline.com DigiCert SHA2 Secure Server CA	`2023-11-28` - `2024-11-28`	a year	crt.sh
*.events.data.microsoft.com Microsoft Azure RSA TLS Issuing CA 04	`2023-12-31` - `2024-12-25`	a year	crt.sh
graph.windows.net DigiCert SHA2 Secure Server CA	`2024-02-08` - `2025-02-08`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://xpaycdn.azureedge.net/
Frame ID: C8E5B5AA9D69DC3F103A4AAF97704690
Requests: 28 HTTP requests in this frame

Frame: https://login.live-int.com/oauth20_authorize.srf?client_id=f78b16b6-0f85-48c0-b19b-fcaa5da5dae2&scope=openid+profile+offline_access&redirect_uri=https%3a%2f%2fxpaycdn.azureedge.net%2fhome%2fredirectAuth&response_type=code&state=eyJpZCI6ImI2NjJiMDAyLWY3ZDEtNGYzOS1iOWYxLTJiOTA5ZDE2M2RiNyIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19&response_mode=fragment&nonce=1f64a2f6-9d5a-4f90-9c3e-9f2344a015ac&prompt=none&code_challenge=7TcARzx8yuQ4TqgYbmqXhaF5Mt01G4WIh_U38_d58mc&code_challenge_method=S256&x-client-SKU=msal.js.browser&x-client-Ver=2.38.2&uaid=79e321a5ef70419685adcbd9e18a7197&msproxy=1&issuer=windowsppe&tenant=consumers&ui_locales=de-DE&client_info=1&epct=PAQABDgEAAADyI8mat0SKT5axBilfIkCSmVtaQZIhtibUIFdfp1ppK_HVf2WpRPV1Ht4lia9A_DzZ2Yrj9ixxpXzJs44Hh2t4vQ5_OdXsr5x28Ig5JKk6d8wmJkXMBn_W1TxDNqjaq7wyhUxnFgGXbrvq01zKWY0xf1x9Ym4GjOH5-6ZqRxI7ZGVwmBocidFh9_So7JhXnmHc7QArZTP7LBj2iiUl0clJdGUTThMCBqUXzU1dJqmP7iAA&jshs=0
Frame ID: 595795382BC5FC9AD809C85139B88443
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Wallet

Page Statistics

32
Requests

97 %
HTTPS

64 %
IPv6

9
Domains

12
Subdomains

10
IPs

5
Countries

1659 kB
Transfer

3765 kB
Size

14
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 23

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=A4A5A5775F0B4D79AE8C4AC9E31095E1&RedC=c.clarity.ms&MXFR=1F587F433C69625101016B6D38696C0D HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=A4A5A5775F0B4D79AE8C4AC9E31095E1&MUID=1689B8FF30776A8F0B12ACD1311C6BD2

Request Chain 26

https://login.windows-ppe.net/consumers/oauth2/v2.0/authorize?client_id=f78b16b6-0f85-48c0-b19b-fcaa5da5dae2&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fxpaycdn.azureedge.net%2Fhome%2FredirectAuth&client-request-id=79e321a5-ef70-4196-85ad-cbd9e18a7197&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.38.2&client_info=1&code_challenge=gwG3ogJcSqmW_j1aaKlU1_M_6cidJDK2tJlNrH15cMQ&code_challenge_method=S256&prompt=none&nonce=1f64a2f6-9d5a-4f90-9c3e-9f2344a015ac&state=eyJpZCI6ImI2NjJiMDAyLWY3ZDEtNGYzOS1iOWYxLTJiOTA5ZDE2M2RiNyIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19 HTTP 302
https://login.live-int.com/oauth20_authorize.srf?client_id=f78b16b6-0f85-48c0-b19b-fcaa5da5dae2&scope=openid+profile+offline_access&redirect_uri=https%3a%2f%2fxpaycdn.azureedge.net%2fhome%2fredirectAuth&response_type=code&state=eyJpZCI6ImI2NjJiMDAyLWY3ZDEtNGYzOS1iOWYxLTJiOTA5ZDE2M2RiNyIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19&response_mode=fragment&nonce=1f64a2f6-9d5a-4f90-9c3e-9f2344a015ac&prompt=none&code_challenge=7TcARzx8yuQ4TqgYbmqXhaF5Mt01G4WIh_U38_d58mc&code_challenge_method=S256&x-client-SKU=msal.js.browser&x-client-Ver=2.38.2&uaid=79e321a5ef70419685adcbd9e18a7197&msproxy=1&issuer=windowsppe&tenant=consumers&ui_locales=de-DE&client_info=1&epct=PAQABDgEAAADyI8mat0SKT5axBilfIkCSmVtaQZIhtibUIFdfp1ppK_HVf2WpRPV1Ht4lia9A_DzZ2Yrj9ixxpXzJs44Hh2t4vQ5_OdXsr5x28Ig5JKk6d8wmJkXMBn_W1TxDNqjaq7wyhUxnFgGXbrvq01zKWY0xf1x9Ym4GjOH5-6ZqRxI7ZGVwmBocidFh9_So7JhXnmHc7QArZTP7LBj2iiUl0clJdGUTThMCBqUXzU1dJqmP7iAA&jshs=0

32 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
xpaycdn.azureedge.net/ 70 KB
70 KB 3039ms
2929ms Document
text/html 2620:1ec:bdf::60
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://xpaycdn.azureedge.net/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

0f20feb761892007d2c063fb70ab2fe92dc9131efa9ee8130f6fbbfbe0177614

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-type: text/html; charset=utf-8
date: Fri, 23 Feb 2024 07:46:34 GMT
strict-transport-security: max-age=15724800; includeSubDomains
timing-allow-origin: *
x-azure-ref: 20240223T074631Z-5k572dbbbd4mf8vykz9hfyz5u400000000f000000000221v
x-cache: TCP_MISS
x-fd-int-roxy-purgeid: 65913066

GET
H2 200 jxg97glie1 Show response
www.clarity.ms/tag/ 650 B
1014 B 240ms
123ms Script
application/x-javascript 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/jxg97glie1
Requested by: Host: xpaycdn.azureedge.net
URL: https://xpaycdn.azureedge.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 38c19026b769c7a5244e2cff7dc42f984ad45f386be56d6ce9cc90ca6660d19f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xpaycdn.azureedge.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

expires: -1
date: Fri, 23 Feb 2024 07:46:36 GMT
x-azure-ref: 20240223T074636Z-ytvgwep0kh1htaktw1f35tw84000000003bg00000000hvxs
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 650
request-context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d

GET
H2 200 inject-load-time-data.bundle.js Show response
xpaycdn.azureedge.net/js/pack/ 1003 B
1 KB 564ms
564ms Script
application/javascript 2620:1ec:bdf::60
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://xpaycdn.azureedge.net/js/pack/inject-load-time-data.bundle.js

Requested by

Host: xpaycdn.azureedge.net
URL: https://xpaycdn.azureedge.net/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

94a3ba50d3023f19bf0683baebfafc86a3a0a90a3688219d5500ae80965fe823

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xpaycdn.azureedge.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Fri, 23 Feb 2024 07:46:36 GMT
strict-transport-security: max-age=15724800; includeSubDomains
last-modified: Thu, 22 Feb 2024 01:24:25 GMT
etag: "1da652ddefe696b"
x-azure-ref: 20240223T074636Z-5k572dbbbd4mf8vykz9hfyz5u400000000f00000000022hv
x-cache: TCP_MISS
content-type: application/javascript
access-control-allow-origin: *
x-fd-int-roxy-purgeid: 65913066
accept-ranges: bytes
timing-allow-origin: *
content-length: 1003

GET
H2 200 wallet-donation.bundle.js Show response
xpaycdn.azureedge.net/js/pack/ 3 MB
1 MB 907ms
906ms Script
application/javascript 2620:1ec:bdf::60
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://xpaycdn.azureedge.net/js/pack/wallet-donation.bundle.js

Requested by

Host: xpaycdn.azureedge.net
URL: https://xpaycdn.azureedge.net/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

42484048f5245ad637917c4c7d2ce100e5fbaf0e8fc2c269b3b2232a00ab7883

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xpaycdn.azureedge.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Fri, 23 Feb 2024 07:46:37 GMT
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: br
last-modified: Thu, 22 Feb 2024 01:24:28 GMT
etag: W/"1da652de0fa72d1"
vary: Accept-Encoding
x-azure-ref: 20240223T074636Z-5k572dbbbd4mf8vykz9hfyz5u400000000f00000000022hw
content-type: application/javascript
access-control-allow-origin: *
x-cache: TCP_MISS
x-fd-int-roxy-purgeid: 65913066
timing-allow-origin: *

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.20/ 60 KB
25 KB 43ms
43ms Script
application/javascript 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.20/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/jxg97glie1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: cbcfb303a1e7d1f9da8965565b535f4122f2de2f1f3ed9f61f3f9e2dad3dcf9d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xpaycdn.azureedge.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Fri, 23 Feb 2024 07:46:36 GMT
content-encoding: br
last-modified: Wed, 24 Jan 2024 14:33:55 GMT
etag: W/"0x8DC1CE97EB406F9"
vary: Accept-Encoding
x-azure-ref: 20240223T074636Z-ytvgwep0kh1htaktw1f35tw84000000003bg00000000hvy6
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
x-ms-request-id: e19f2e60-401e-0068-644d-64484b000000
cache-control: public, max-age=86400
x-cache: TCP_HIT
x-ms-version: 2018-03-28
x-fd-int-roxy-purgeid: 51562430

POST
H/1.1 204
No Content collect Show response
q.clarity.ms/ 0
301 B 339ms
108ms XHR
text/plain 20.231.53.73
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://q.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.20/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.231.53.73 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://xpaycdn.azureedge.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://xpaycdn.azureedge.net
Date: Fri, 23 Feb 2024 07:46:36 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8

POST
H/1.1 204
No Content collect Show response
q.clarity.ms/ 0
301 B 108ms
107ms XHR
text/plain 20.231.53.73
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://q.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.20/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.231.53.73 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://xpaycdn.azureedge.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://xpaycdn.azureedge.net
Date: Fri, 23 Feb 2024 07:46:37 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8

POST
H/1.1 204
No Content collect
q.clarity.ms/ 0
301 B 104ms
104ms Ping
text/plain 20.231.53.73
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://q.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.20/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.231.53.73 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://xpaycdn.azureedge.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://xpaycdn.azureedge.net
Date: Fri, 23 Feb 2024 07:46:38 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8

GET
H2 200 segoeui-semibold.woff2
static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/ 31 KB
32 KB 117ms
34ms Font
application/font-woff2 2a02:26f0:3500:581::33e7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-semibold.woff2
Requested by: Host: xpaycdn.azureedge.net
URL: https://xpaycdn.azureedge.net/donation/overview
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:581::33e7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 22e7ac6e00b3f7463f2c89c577877ed717686d6f219614c890317d86560c413d

Request headers

Referer: https://xpaycdn.azureedge.net/
Origin: https://xpaycdn.azureedge.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Fri, 23 Feb 2024 07:46:38 GMT
last-modified: Thu, 26 Oct 2017 19:02:14 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5: ZtEeVbekE932qE6Fhpfntg==
etag: 0x8D51CA4122953A7
content-type: application/font-woff2
access-control-allow-origin: *
x-ms-request-id: e1e0d87d-f01e-0083-5e06-f0984f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=18306288
x-ms-version: 2009-09-19
content-length: 31824

GET
H2 200 segoeui-regular.woff2
static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/ 35 KB
36 KB 155ms
73ms Font
application/font-woff2 2a02:26f0:3500:581::33e7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-regular.woff2
Requested by: Host: xpaycdn.azureedge.net
URL: https://xpaycdn.azureedge.net/donation/overview
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:581::33e7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 94ef87ee295c67526205d67124f404e246226105e939e14c435a20c29a956f49

Request headers

Referer: https://xpaycdn.azureedge.net/
Origin: https://xpaycdn.azureedge.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Fri, 23 Feb 2024 07:46:38 GMT
last-modified: Thu, 02 Nov 2017 17:22:02 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5: hl8dtlRfyUovRETdYOe7xg==
etag: 0x8D522163B704E10
content-type: application/font-woff2
access-control-allow-origin: *
x-ms-request-id: eb06e6e0-601e-0091-7106-f0e39f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=18306341
x-ms-version: 2009-09-19
content-length: 36344

GET
H2 200 840-620646012.jpg
logos.benevity.org/400x400/public/clogos/ 7 KB
8 KB 186ms
65ms Image
image/jpeg 143.204.98.38
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://logos.benevity.org/400x400/public/clogos/840-620646012.jpg
Requested by: Host: xpaycdn.azureedge.net
URL: https://xpaycdn.azureedge.net/donation/overview
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-38.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d179449c767a9c1d8462ea075965823cdb2e8324a9eab990da5a47a809a26c1d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xpaycdn.azureedge.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-amz-version-id: nTz0hrLgHfk7seano6ewOQNVmRA1yrCW
date: Fri, 23 Feb 2024 03:43:42 GMT
via: 1.1 5721f7035c3fc934bd3f96dbb04ba1e4.cloudfront.net (CloudFront)
last-modified: Sat, 05 Aug 2023 11:09:59 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
age: 17822
x-amz-server-side-encryption: AES256
etag: "5c395732d80ff358599bf4a80410ba71"
x-cache: Hit from cloudfront
content-type: image/jpeg
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 7547
x-amz-cf-id: L2ddjIOwsHQu2gJIUDjNp068zlIgPgb2Imhg_pkKaMKVnc7rYvJ5Cw==

GET
H2 200 840-133433452.png
logos.benevity.org/400x400/public/clogos/ 48 KB
49 KB 145ms
24ms Image
image/png 143.204.98.38
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://logos.benevity.org/400x400/public/clogos/840-133433452.png
Requested by: Host: xpaycdn.azureedge.net
URL: https://xpaycdn.azureedge.net/donation/overview
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-38.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d7105eaa59679b5eb46feee7c147bad9db8ea3a69bbd396efbe7000847d5c647

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xpaycdn.azureedge.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-amz-version-id: aOuQACYPGADOFeTxk2JJLV41AGaLpWLh
date: Thu, 22 Feb 2024 10:33:45 GMT
via: 1.1 5721f7035c3fc934bd3f96dbb04ba1e4.cloudfront.net (CloudFront)
last-modified: Thu, 12 Oct 2023 11:50:04 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
age: 76374
x-amz-server-side-encryption: AES256
etag: "bf4b5add0246a9a697c424ee018396dc"
x-cache: Hit from cloudfront
content-type: image/png
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 49315
x-amz-cf-id: itVGh6RxNz7vke3WyqM5U5GWSz0AdeLab2nwJW9YYrtQcKvDmpylyQ==

GET
H2 200 840-530196605.jpg
logos.benevity.org/400x400/public/clogos/ 6 KB
7 KB 161ms
41ms Image
image/jpeg 143.204.98.38
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://logos.benevity.org/400x400/public/clogos/840-530196605.jpg
Requested by: Host: xpaycdn.azureedge.net
URL: https://xpaycdn.azureedge.net/donation/overview
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-38.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4c38c480257d11d0c83a583d51102abae794ec4138360d9fa188b01647b2e6e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xpaycdn.azureedge.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-amz-version-id: oXTrO4Sq2M4QhBmlMuoqDrdIuVDD3Whx
date: Fri, 23 Feb 2024 05:03:43 GMT
via: 1.1 5721f7035c3fc934bd3f96dbb04ba1e4.cloudfront.net (CloudFront)
last-modified: Sat, 27 Jan 2024 12:52:00 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
age: 11524
x-amz-server-side-encryption: AES256
etag: "6f17be8a96e13af842361dc2a121607b"
x-cache: Hit from cloudfront
content-type: image/jpeg
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 6562
x-amz-cf-id: Q09nnbF7TkPjPYqJ4SOZDcrtSrSRNQAus6vLxgDZC5xrHIDyCUj4Iw==

GET
H2 200 840-363673599.png
logos.benevity.org/400x400/public/clogos/ 17 KB
17 KB 168ms
47ms Image
image/png 143.204.98.38
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://logos.benevity.org/400x400/public/clogos/840-363673599.png
Requested by: Host: xpaycdn.azureedge.net
URL: https://xpaycdn.azureedge.net/donation/overview
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-38.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 415c1fcf329ae9f516bac67d7115629d54867e1a55e36b6e83128fd7814bc0b6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xpaycdn.azureedge.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-amz-version-id: YflogmPb3AkkWJj4s5Y2AcIwt.eOhNiF
date: Fri, 23 Feb 2024 03:43:42 GMT
via: 1.1 5721f7035c3fc934bd3f96dbb04ba1e4.cloudfront.net (CloudFront)
last-modified: Sat, 19 Aug 2023 06:30:47 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
age: 20377
x-amz-server-side-encryption: AES256
etag: "443be12069dceb8c42a2e94f7a5e054f"
x-cache: Hit from cloudfront
content-type: image/png
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 16955
x-amz-cf-id: UdoSQAaDlHWD_9T2vXfVgqTeHrU6HybWOhCNyjEF1pntBOqhv8DjPA==

GET
H2 200 840-273521132.png
logos.benevity.org/400x400/public/clogos/ 57 KB
57 KB 174ms
54ms Image
image/png 143.204.98.38
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://logos.benevity.org/400x400/public/clogos/840-273521132.png
Requested by: Host: xpaycdn.azureedge.net
URL: https://xpaycdn.azureedge.net/donation/overview
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-38.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f60a12c30abdc43edf5b53cc7e980dbbd58a653c3cf47cb62fad47d214eaa433

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xpaycdn.azureedge.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-amz-version-id: nJwjaNTNK20fp5xj6sZqV36FEBo_YYkl
date: Fri, 23 Feb 2024 05:03:43 GMT
via: 1.1 5721f7035c3fc934bd3f96dbb04ba1e4.cloudfront.net (CloudFront)
last-modified: Tue, 06 Feb 2024 08:38:27 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
age: 11524
x-amz-server-side-encryption: AES256
etag: "1f4819d93abe231f75ac75996562e980"
x-cache: Hit from cloudfront
content-type: image/png
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 58202
x-amz-cf-id: jN23bo2Sn-Vt7RfRvcfhPbft_xSg9lw3CeStFWqeianIJFf8E0YEbg==

GET
H2 200 840-131788491.png
logos.benevity.org/400x400/public/clogos/ 68 KB
68 KB 187ms
67ms Image
image/png 143.204.98.38
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://logos.benevity.org/400x400/public/clogos/840-131788491.png
Requested by: Host: xpaycdn.azureedge.net
URL: https://xpaycdn.azureedge.net/donation/overview
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-38.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6d01d4a3d2fbeb94874680325fabe844c18ce42081b720c522142d4a5c188595

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xpaycdn.azureedge.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-amz-version-id: ulc0T1vbFoSIA71jjWxm08dlJcbUuOlF
date: Fri, 23 Feb 2024 03:43:42 GMT
via: 1.1 5721f7035c3fc934bd3f96dbb04ba1e4.cloudfront.net (CloudFront)
last-modified: Wed, 21 Feb 2024 23:25:58 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
age: 17822
x-amz-server-side-encryption: AES256
etag: "02a8f1b5a7508eb3ef8f7cea2ab0175e"
x-cache: Hit from cloudfront
content-type: image/png
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 69553
x-amz-cf-id: 7HcSAoEEIqwnpEs15lFD7oVHQ2EgQ0lo-UIaSqYRfm4VZuC5zYH5WA==

GET
H2 200 840-135660870.jpg
logos.benevity.org/400x400/public/clogos/ 12 KB
13 KB 170ms
63ms Image
image/jpeg 143.204.98.38
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://logos.benevity.org/400x400/public/clogos/840-135660870.jpg
Requested by: Host: xpaycdn.azureedge.net
URL: https://xpaycdn.azureedge.net/donation/overview
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-38.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 902b0fdd97452e1e28245ae77ef112a7ee6228818c65131e883f16a87c4474e3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xpaycdn.azureedge.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-amz-version-id: bcgbBiFBWTfZLL0VniUmbSPT7n.w3inc
date: Fri, 23 Feb 2024 02:49:37 GMT
via: 1.1 5721f7035c3fc934bd3f96dbb04ba1e4.cloudfront.net (CloudFront)
last-modified: Wed, 21 Feb 2024 06:04:54 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
age: 17822
x-amz-server-side-encryption: AES256
etag: "b8f37574fed7a74bbd71c14243e1fe3a"
x-cache: Hit from cloudfront
content-type: image/jpeg
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 12571
x-amz-cf-id: C00IvqE1eq5AIEDkkd4Lp_c_LDosXjKlR-Aaa3ogXsTO4NoL6O8f1g==

GET
H2 200 840-131655255.jpg
logos.benevity.org/400x400/public/clogos/ 11 KB
11 KB 172ms
64ms Image
image/jpeg 143.204.98.38
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://logos.benevity.org/400x400/public/clogos/840-131655255.jpg
Requested by: Host: xpaycdn.azureedge.net
URL: https://xpaycdn.azureedge.net/donation/overview
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-38.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d92303c4b5477ac3abcbf199ae83d0a6bf91773e6e13cb9d32acb8c67e561ba1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xpaycdn.azureedge.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-amz-version-id: pCqUoZxgrJdgurxmOaQyv1Q2SINftp7I
date: Fri, 23 Feb 2024 05:03:43 GMT
via: 1.1 5721f7035c3fc934bd3f96dbb04ba1e4.cloudfront.net (CloudFront)
last-modified: Fri, 12 May 2023 06:04:17 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
age: 11524
x-amz-server-side-encryption: AES256
etag: "188f269041c6f77d4e3f2af62682f576"
x-cache: Hit from cloudfront
content-type: image/jpeg
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 10807
x-amz-cf-id: ZjdlYFDjal44nb1M-16pEA3T6A1YU-al_D38dkWzS0lZjJYWgII1Bg==

GET
H2 200 840-135613797.jpg
logos.benevity.org/400x400/public/clogos/ 14 KB
14 KB 181ms
74ms Image
image/jpeg 143.204.98.38
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://logos.benevity.org/400x400/public/clogos/840-135613797.jpg
Requested by: Host: xpaycdn.azureedge.net
URL: https://xpaycdn.azureedge.net/donation/overview
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-38.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ffe34468ea7bcf1df50f7a8d5cc1e9976129d4a2e2906a36b8840bc6d0cb5b89

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xpaycdn.azureedge.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-amz-version-id: 3qZCcithC4RVK6yX7caieQKEi8bT7VTS
date: Fri, 23 Feb 2024 05:03:43 GMT
via: 1.1 5721f7035c3fc934bd3f96dbb04ba1e4.cloudfront.net (CloudFront)
last-modified: Wed, 25 Oct 2023 07:46:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
age: 10447
x-amz-server-side-encryption: AES256
etag: "fa9ae11c69b8293d65ec82cfe077223e"
x-cache: Hit from cloudfront
content-type: image/jpeg
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 13896
x-amz-cf-id: 6L2nAHKDZMDFVOBHsemq5BQ8ohe3Wk2lwx4Zjtk_yTaPxe88YUg8EQ==

GET
H2 200 840-131760110.png
logos.benevity.org/400x400/public/clogos/ 22 KB
22 KB 150ms
43ms Image
image/png 143.204.98.38
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://logos.benevity.org/400x400/public/clogos/840-131760110.png
Requested by: Host: xpaycdn.azureedge.net
URL: https://xpaycdn.azureedge.net/donation/overview
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-38.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: caab9f46fc376fb4d1b30eb0750d57031865540e4e79a4a0381bcb2419882665

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xpaycdn.azureedge.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-amz-version-id: OMYTGYlXQ1I.3d3cR1bKd2dQVZUCBYxr
date: Fri, 23 Feb 2024 06:19:38 GMT
via: 1.1 5721f7035c3fc934bd3f96dbb04ba1e4.cloudfront.net (CloudFront)
last-modified: Sat, 17 Feb 2024 05:44:24 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
age: 5966
x-amz-server-side-encryption: AES256
etag: "0d1167d394d87995a3fbd7925504a202"
x-cache: Hit from cloudfront
content-type: image/png
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 22436
x-amz-cf-id: OzsxIEcCl9oo1yI7pvR3WVG1UKHhPuxzg82q-wzPChYDnEpd9cxZng==

GET
H/1.1 200
OK instance Show response
login.microsoftonline.com/common/discovery/ 949 B
2 KB 175ms
42ms Fetch
application/json 2603:1027:1:d8::7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=https://login.windows-ppe.net/consumers/oauth2/v2.0/authorize

Requested by

Host: xpaycdn.azureedge.net
URL: https://xpaycdn.azureedge.net/js/pack/wallet-donation.bundle.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2603:1027:1:d8::7 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

2d8dc2485855cd1ee88d1a0a02c69a753e55af18713e395292782933f4480d9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xpaycdn.azureedge.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Fri, 23 Feb 2024 07:46:37 GMT
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
Access-Control-Allow-Methods: GET, OPTIONS
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Access-Control-Allow-Origin: *
x-ms-request-id: cc1302a8-ae9d-4b5b-9edf-4518935e0b00
Content-Type: application/json; charset=utf-8
Cache-Control: max-age=86400, private
report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+dub2"}]}
Content-Length: 949
x-ms-ests-server: 2.1.17338.9 - NEULR1 ProdSlices
X-XSS-Protection: 0

GET
H2 200 banner.png
wallet-static.azureedge.net/hub/donation/ 71 KB
71 KB 64ms
37ms Image
image/png 2620:1ec:bdf::60
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://wallet-static.azureedge.net/hub/donation/banner.png

Requested by

Host: xpaycdn.azureedge.net
URL: https://xpaycdn.azureedge.net/donation/overview

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

3624d1c179ef090eab4ed1009447a9d5bbc02ab5ba40530bb4f30ec7c5ee33f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xpaycdn.azureedge.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Fri, 23 Feb 2024 07:46:38 GMT
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-cache: TCP_HIT
x-cache-info: L1_T2
x-fd-int-roxy-purgeid: 65906648
content-length: 72332
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 06 Feb 2024 02:42:02 GMT
etag: "13927702"
x-azure-ref: 20240223T074638Z-5k572dbbbd4mf8vykz9hfyz5u400000000f00000000022t6
content-type: image/png
cache-control: public, must-revalidate, max-age=30
accept-ranges: bytes

OPTIONS
H2 200 /
browser.events.data.microsoft.com/OneCollector/1.0/ Frame 0
0 543ms
204ms Preflight 52.168.117.171
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.168.117.171 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-HTTPAPI/2.0 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Headers: apikey,cache-control,client-id,client-version,content-type,time-delta-to-apply-millis,upload-time
Access-Control-Request-Method: POST
Origin: https://xpaycdn.azureedge.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: AuthMsaDeviceTicket,AuthXToken,Content-Encoding,Content-Type,Cache-Control,Client-Id,SDK-Name,sdk-version,apikey,x-apikey,client-version,upload-time,time-delta-to-apply-millis,client-time-epoch-millis,persistence-mode,reliability-mode,NoResponseBody
access-control-allow-origin: https://xpaycdn.azureedge.net
access-control-max-age: 3600
cache-control: public, 3600
content-length: 0
date: Fri, 23 Feb 2024 07:46:38 GMT
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000

POST
H2 403 / Show response
browser.events.data.microsoft.com/OneCollector/1.0/ 82 B
378 B 668ms
353ms XHR
application/json 52.168.117.171
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

Requested by

Host: xpaycdn.azureedge.net
URL: https://xpaycdn.azureedge.net/js/pack/wallet-donation.bundle.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.168.117.171 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-HTTPAPI/2.0 /

Resource Hash

6c0d822d93813d2a3c107c875549aa610a05ba2dcc875541631685497fbc6a2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

upload-time: 1708674398101
accept-language: de-DE,de;q=0.9
client-version: 1DS-Web-JS-4.0.2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
time-delta-to-apply-millis: use-collector-delta
content-type: application/x-json-stream
cache-control: no-cache, no-store
Referer: https://xpaycdn.azureedge.net/
apikey: 2a671c162c284339b81ee479448942a8-3154a86d-78b7-4957-bba7-a61708ca9dd3-6991
Client-Id: NO_AUTH

Response headers

strict-transport-security: max-age=31536000
date: Fri, 23 Feb 2024 07:46:38 GMT
server: Microsoft-HTTPAPI/2.0
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: https://xpaycdn.azureedge.net
access-control-expose-headers: Collector-Error
access-control-allow-credentials: true
collector-error: No events are from an allowed domain.
access-control-allow-headers: Collector-Error
content-length: 82

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=A4A5A5775F0B4D79AE8C4AC9E31095E1&RedC=c.clarity.ms&MXFR=1F587F433C69625101016B6D38696C0D
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=A4A5A5775F0B4D79AE8C4AC9E31095E1&MUID=1689B8FF30776A8F0B12ACD1311C6BD2

42 B
443 B

39ms
39ms

Image
image/gif

68.219.88.97
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=A4A5A5775F0B4D79AE8C4AC9E31095E1&MUID=1689B8FF30776A8F0B12ACD1311C6BD2
Protocol: H2
Server: 68.219.88.97 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xpaycdn.azureedge.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Feb 2024 07:46:38 GMT
last-modified: Fri, 09 Feb 2024 19:55:32 GMT
server: Microsoft-IIS/10.0
etag: "2155d7f0915bda1:0"
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

Redirect headers

pragma: no-cache
date: Fri, 23 Feb 2024 07:46:38 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0C4940AE25204C158CA24991DF384CC5 Ref B: FRAEDGE1111 Ref C: 2024-02-23T07:46:38Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=A4A5A5775F0B4D79AE8C4AC9E31095E1&MUID=1689B8FF30776A8F0B12ACD1311C6BD2
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H/1.1 200
OK openid-configuration Show response
login.windows-ppe.net/consumers/v2.0/.well-known/ 2 KB
3 KB 244ms
131ms Fetch
application/json 2603:1026:3000:108::8
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://login.windows-ppe.net/consumers/v2.0/.well-known/openid-configuration

Requested by

Host: xpaycdn.azureedge.net
URL: https://xpaycdn.azureedge.net/js/pack/wallet-donation.bundle.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2603:1026:3000:108::8 Paris, France, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e486dbcd3259e4b3f304da6908e3a2591ee76db118449bfc8ca29b04d484ae06

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xpaycdn.azureedge.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Fri, 23 Feb 2024 07:46:37 GMT
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Access-Control-Allow-Methods: GET, OPTIONS
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Access-Control-Allow-Origin: *
x-ms-request-id: 74aee503-20b6-4808-af15-efea04600f00
Content-Type: application/json; charset=utf-8
Cache-Control: max-age=86400, private
Access-Control-Expose-Headers: x-ms-httpver
x-ms-httpver: 1.1
Content-Length: 1575
x-ms-ests-server: 2.1.17515.0 - DMS PPE
X-XSS-Protection: 0

POST
H/1.1 204
No Content collect Show response
q.clarity.ms/ 0
301 B 320ms
320ms XHR
text/plain 20.231.53.73
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://q.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.20/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.231.53.73 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://xpaycdn.azureedge.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://xpaycdn.azureedge.net
Date: Fri, 23 Feb 2024 07:46:38 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8

GET
H/1.1

200
OK

oauth20_authorize.srf Show response
login.live-int.com/ Frame 5957
Redirect Chain

https://login.windows-ppe.net/consumers/oauth2/v2.0/authorize?client_id=f78b16b6-0f85-48c0-b19b-fcaa5da5dae2&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fxpaycdn.azureedge.net...
https://login.live-int.com/oauth20_authorize.srf?client_id=f78b16b6-0f85-48c0-b19b-fcaa5da5dae2&scope=openid+profile+offline_access&redirect_uri=https%3a%2f%2fxpaycdn.azureedge.net%2fhome%2fredirec...

6 KB
4 KB

453ms
324ms

Document
text/html

2603:1026:3000:148::7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://login.live-int.com/oauth20_authorize.srf?client_id=f78b16b6-0f85-48c0-b19b-fcaa5da5dae2&scope=openid+profile+offline_access&redirect_uri=https%3a%2f%2fxpaycdn.azureedge.net%2fhome%2fredirectAuth&response_type=code&state=eyJpZCI6ImI2NjJiMDAyLWY3ZDEtNGYzOS1iOWYxLTJiOTA5ZDE2M2RiNyIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19&response_mode=fragment&nonce=1f64a2f6-9d5a-4f90-9c3e-9f2344a015ac&prompt=none&code_challenge=7TcARzx8yuQ4TqgYbmqXhaF5Mt01G4WIh_U38_d58mc&code_challenge_method=S256&x-client-SKU=msal.js.browser&x-client-Ver=2.38.2&uaid=79e321a5ef70419685adcbd9e18a7197&msproxy=1&issuer=windowsppe&tenant=consumers&ui_locales=de-DE&client_info=1&epct=PAQABDgEAAADyI8mat0SKT5axBilfIkCSmVtaQZIhtibUIFdfp1ppK_HVf2WpRPV1Ht4lia9A_DzZ2Yrj9ixxpXzJs44Hh2t4vQ5_OdXsr5x28Ig5JKk6d8wmJkXMBn_W1TxDNqjaq7wyhUxnFgGXbrvq01zKWY0xf1x9Ym4GjOH5-6ZqRxI7ZGVwmBocidFh9_So7JhXnmHc7QArZTP7LBj2iiUl0clJdGUTThMCBqUXzU1dJqmP7iAA&jshs=0

Requested by

Host: xpaycdn.azureedge.net
URL: https://xpaycdn.azureedge.net/js/pack/wallet-donation.bundle.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2603:1026:3000:148::7 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

42705c4f0d1b09faaf22b9feea8d04fb5fc62fb85000ee1ad440efaa4a7e7137

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://xpaycdn.azureedge.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Content-Encoding: gzip
Content-Length: 3254
Content-Type: text/html; charset=utf-8
Date: Fri, 23 Feb 2024 07:46:38 GMT
PPServer: PPV: 30 H: BL02EPF0000DBD2 V: 0
Referrer-Policy: strict-origin-when-cross-origin
Strict-Transport-Security: max-age=31536000
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
x-ms-aadg: True
x-ms-gateway-sliceweight: 100
x-ms-gateway-target: True
x-ms-gateway-targethost: 20.163.208.250
x-ms-request-id: a752455d-f752-44ab-ac88-4988e386876b
x-ms-responsehealth: TargetId=BL02EPF0000DBD2 TargetId=BL02EPF0000DBD2
x-ms-route-info: C0_EUS

Redirect headers

Cache-Control: no-store, no-cache
Content-Encoding: gzip
Content-Length: 822
Content-Type: text/html; charset=utf-8
Date: Fri, 23 Feb 2024 07:46:37 GMT
Expires: -1
Location: https://login.live-int.com/oauth20_authorize.srf?client_id=f78b16b6-0f85-48c0-b19b-fcaa5da5dae2&scope=openid+profile+offline_access&redirect_uri=https%3a%2f%2fxpaycdn.azureedge.net%2fhome%2fredirectAuth&response_type=code&state=eyJpZCI6ImI2NjJiMDAyLWY3ZDEtNGYzOS1iOWYxLTJiOTA5ZDE2M2RiNyIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19&response_mode=fragment&nonce=1f64a2f6-9d5a-4f90-9c3e-9f2344a015ac&prompt=none&code_challenge=7TcARzx8yuQ4TqgYbmqXhaF5Mt01G4WIh_U38_d58mc&code_challenge_method=S256&x-client-SKU=msal.js.browser&x-client-Ver=2.38.2&uaid=79e321a5ef70419685adcbd9e18a7197&msproxy=1&issuer=windowsppe&tenant=consumers&ui_locales=de-DE&client_info=1&epct=PAQABDgEAAADyI8mat0SKT5axBilfIkCSmVtaQZIhtibUIFdfp1ppK_HVf2WpRPV1Ht4lia9A_DzZ2Yrj9ixxpXzJs44Hh2t4vQ5_OdXsr5x28Ig5JKk6d8wmJkXMBn_W1TxDNqjaq7wyhUxnFgGXbrvq01zKWY0xf1x9Ym4GjOH5-6ZqRxI7ZGVwmBocidFh9_So7JhXnmHc7QArZTP7LBj2iiUl0clJdGUTThMCBqUXzU1dJqmP7iAA&jshs=0#
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma: no-cache
Referrer-Policy: strict-origin-when-cross-origin
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
x-ms-clitelem: 1,0,0,,
x-ms-ests-server: 2.1.17515.0 - DMS PPE
x-ms-httpver: 1.1
x-ms-request-id: f73972e6-51a8-48da-a353-870a3f670e00

GET
H/1.1 200
OK ms-logo-v2.jpg
login.live-int.com/images/ Frame 5957 3 KB
3 KB 296ms
296ms Image
image/jpeg 2603:1026:3000:148::7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login.live-int.com/images/ms-logo-v2.jpg

Requested by

Host: login.live-int.com
URL: https://login.live-int.com/oauth20_authorize.srf?client_id=f78b16b6-0f85-48c0-b19b-fcaa5da5dae2&scope=openid+profile+offline_access&redirect_uri=https%3a%2f%2fxpaycdn.azureedge.net%2fhome%2fredirectAuth&response_type=code&state=eyJpZCI6ImI2NjJiMDAyLWY3ZDEtNGYzOS1iOWYxLTJiOTA5ZDE2M2RiNyIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19&response_mode=fragment&nonce=1f64a2f6-9d5a-4f90-9c3e-9f2344a015ac&prompt=none&code_challenge=7TcARzx8yuQ4TqgYbmqXhaF5Mt01G4WIh_U38_d58mc&code_challenge_method=S256&x-client-SKU=msal.js.browser&x-client-Ver=2.38.2&uaid=79e321a5ef70419685adcbd9e18a7197&msproxy=1&issuer=windowsppe&tenant=consumers&ui_locales=de-DE&client_info=1&epct=PAQABDgEAAADyI8mat0SKT5axBilfIkCSmVtaQZIhtibUIFdfp1ppK_HVf2WpRPV1Ht4lia9A_DzZ2Yrj9ixxpXzJs44Hh2t4vQ5_OdXsr5x28Ig5JKk6d8wmJkXMBn_W1TxDNqjaq7wyhUxnFgGXbrvq01zKWY0xf1x9Ym4GjOH5-6ZqRxI7ZGVwmBocidFh9_So7JhXnmHc7QArZTP7LBj2iiUl0clJdGUTThMCBqUXzU1dJqmP7iAA&jshs=0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2603:1026:3000:148::7 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

bc2b16b51738b77d94ed7591ad1033fa804297ca9faaa35222aa65773f749164

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://login.live-int.com/oauth20_authorize.srf?client_id=f78b16b6-0f85-48c0-b19b-fcaa5da5dae2&scope=openid+profile+offline_access&redirect_uri=https%3a%2f%2fxpaycdn.azureedge.net%2fhome%2fredirectAuth&response_type=code&state=eyJpZCI6ImI2NjJiMDAyLWY3ZDEtNGYzOS1iOWYxLTJiOTA5ZDE2M2RiNyIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19&response_mode=fragment&nonce=1f64a2f6-9d5a-4f90-9c3e-9f2344a015ac&prompt=none&code_challenge=7TcARzx8yuQ4TqgYbmqXhaF5Mt01G4WIh_U38_d58mc&code_challenge_method=S256&x-client-SKU=msal.js.browser&x-client-Ver=2.38.2&uaid=79e321a5ef70419685adcbd9e18a7197&msproxy=1&issuer=windowsppe&tenant=consumers&ui_locales=de-DE&client_info=1&epct=PAQABDgEAAADyI8mat0SKT5axBilfIkCSmVtaQZIhtibUIFdfp1ppK_HVf2WpRPV1Ht4lia9A_DzZ2Yrj9ixxpXzJs44Hh2t4vQ5_OdXsr5x28Ig5JKk6d8wmJkXMBn_W1TxDNqjaq7wyhUxnFgGXbrvq01zKWY0xf1x9Ym4GjOH5-6ZqRxI7ZGVwmBocidFh9_So7JhXnmHc7QArZTP7LBj2iiUl0clJdGUTThMCBqUXzU1dJqmP7iAA&jshs=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Date: Fri, 23 Feb 2024 07:46:39 GMT
x-ms-responsehealth: TargetId=BL02EPF0000DBDF
X-Content-Type-Options: nosniff
x-ms-aadg: True
Content-Length: 2797
X-XSS-Protection: 1; mode=block
x-ms-gateway-target: True
Last-Modified: Fri, 16 Feb 2024 18:21:08 GMT
PPServer: PPV: 30 H: BL02EPF0000DBDF V: 0
x-ms-gateway-sliceweight: 100
x-ms-gateway-targethost: 20.119.42.121
ETag: "0223e9461da1:0"
Content-Type: image/jpeg
x-ms-request-id: 3a70d1fb-9b5a-446b-aa70-ae8a3f6127f4
Cache-Control: max-age=31536000
Accept-Ranges: bytes

POST
H/1.1 204
No Content collect Show response
q.clarity.ms/ 0
301 B 104ms
104ms XHR
text/plain 20.231.53.73
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://q.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.20/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.231.53.73 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://xpaycdn.azureedge.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://xpaycdn.azureedge.net
Date: Fri, 23 Feb 2024 07:46:39 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8

POST
H2 403 / Show response
browser.events.data.microsoft.com/OneCollector/1.0/ 61 B
127 B 106ms
106ms XHR
application/json 52.168.117.171
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

Requested by

Host: xpaycdn.azureedge.net
URL: https://xpaycdn.azureedge.net/js/pack/wallet-donation.bundle.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.168.117.171 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-HTTPAPI/2.0 /

Resource Hash

0af00930d8936cced6f4ad75f9b97bd93379ac1a2a4efe0d9181ba79b0988b14

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

upload-time: 1708674401353
accept-language: de-DE,de;q=0.9
client-version: 1DS-Web-JS-4.0.2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
content-type: application/x-json-stream
cache-control: no-cache, no-store
Referer: https://xpaycdn.azureedge.net/
apikey: 2a671c162c284339b81ee479448942a8-3154a86d-78b7-4957-bba7-a61708ca9dd3-6991
Client-Id: NO_AUTH

Response headers

strict-transport-security: max-age=31536000
date: Fri, 23 Feb 2024 07:46:40 GMT
server: Microsoft-HTTPAPI/2.0
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: https://xpaycdn.azureedge.net
access-control-expose-headers: Collector-Error
access-control-allow-credentials: true
collector-error: No events are from an allowed domain.
access-control-allow-headers: Collector-Error
content-length: 61

OPTIONS
H2 200 /
browser.events.data.microsoft.com/OneCollector/1.0/ Frame 0
0 103ms
103ms Preflight 52.168.117.171
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.168.117.171 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-HTTPAPI/2.0 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Headers: apikey,cache-control,client-id,client-version,content-type,upload-time
Access-Control-Request-Method: POST
Origin: https://xpaycdn.azureedge.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: AuthMsaDeviceTicket,AuthXToken,Content-Encoding,Content-Type,Cache-Control,Client-Id,SDK-Name,sdk-version,apikey,x-apikey,client-version,upload-time,time-delta-to-apply-millis,client-time-epoch-millis,persistence-mode,reliability-mode,NoResponseBody
access-control-allow-origin: https://xpaycdn.azureedge.net
access-control-max-age: 3600
cache-control: public, 3600
content-length: 0
date: Fri, 23 Feb 2024 07:46:41 GMT
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

14 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.clarity.ms/	1970-01-21 03:23:30	Name: CLID Value: edc2bf9e41654ab49eda193c3540b01a.20240223.20250222
.azureedge.net/	1970-01-21 03:23:30	Name: _clck Value: etgisa%7C2%7Cfji%7C0%7C1514
xpaycdn.azureedge.net/	1970-01-21 03:23:30	Name: MicrosoftApplicationsTelemetryDeviceId Value: 3f23c1ed-1762-4215-8d56-5a0f46383c25
xpaycdn.azureedge.net/	1970-01-20 18:37:56	Name: ai_session Value: c0vDULxweuYabNq/WDtmuZ\|1708674397998\|1708674397998
.bing.com/	1970-01-21 03:59:30	Name: MUID Value: 1689B8FF30776A8F0B12ACD1311C6BD2
.c.bing.com/	1970-01-20 18:47:59	Name: MR Value: 0
.c.bing.com/	1970-01-21 03:59:30	Name: SRM_B Value: 1689B8FF30776A8F0B12ACD1311C6BD2
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-21 03:59:30	Name: MUID Value: 1689B8FF30776A8F0B12ACD1311C6BD2
.c.clarity.ms/	1970-01-20 18:47:59	Name: MR Value: 0
.c.clarity.ms/	1970-01-20 18:37:54	Name: ANONCHK Value: 0
.azureedge.net/	1970-01-20 18:39:20	Name: _clsk Value: 1yf8a63%7C1708674398683%7C2%7C1%7Cq.clarity.ms%2Fcollect
login.windows-ppe.net/	1970-01-20 19:21:06	Name: fpc Value: AiNhYNT6S5hIrNfXdNur7x4
login.windows-ppe.net/	1969-12-31 23:59:59	Name: stsservicecookie Value: estsppe

20 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://xpaycdn.azureedge.net/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://xpaycdn.azureedge.net/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
security	warning	URL: https://xpaycdn.azureedge.net/js/pack/wallet-donation.bundle.js(Line 1) Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
other	warning	URL: https://xpaycdn.azureedge.net/donation/overview Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://xpaycdn.azureedge.net/donation/overview Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://xpaycdn.azureedge.net/donation/overview Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://xpaycdn.azureedge.net/donation/overview Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://xpaycdn.azureedge.net/donation/overview Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://xpaycdn.azureedge.net/donation/overview Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://xpaycdn.azureedge.net/donation/overview Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://xpaycdn.azureedge.net/donation/overview Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://xpaycdn.azureedge.net/donation/overview Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://xpaycdn.azureedge.net/donation/overview Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://xpaycdn.azureedge.net/donation/overview Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://xpaycdn.azureedge.net/donation/overview Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://xpaycdn.azureedge.net/donation/overview Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://xpaycdn.azureedge.net/donation/overview Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 Message: Failed to load resource: the server responded with a status of 403 ()
other	warning	URL: https://xpaycdn.azureedge.net/donation/overview Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

browser.events.data.microsoft.com
c.bing.com
c.clarity.ms
login.live-int.com
login.microsoftonline.com
login.windows-ppe.net
logos.benevity.org
q.clarity.ms
static2.sharepointonline.com
wallet-static.azureedge.net
www.clarity.ms
xpaycdn.azureedge.net
143.204.98.38
20.231.53.73
2603:1026:3000:108::8
2603:1026:3000:148::7
2603:1027:1:d8::7
2620:1ec:bdf::45
2620:1ec:bdf::60
2620:1ec:c11::200
2a02:26f0:3500:581::33e7
52.168.117.171
68.219.88.97
0af00930d8936cced6f4ad75f9b97bd93379ac1a2a4efe0d9181ba79b0988b14
0f20feb761892007d2c063fb70ab2fe92dc9131efa9ee8130f6fbbfbe0177614
22e7ac6e00b3f7463f2c89c577877ed717686d6f219614c890317d86560c413d
2d8dc2485855cd1ee88d1a0a02c69a753e55af18713e395292782933f4480d9d
3624d1c179ef090eab4ed1009447a9d5bbc02ab5ba40530bb4f30ec7c5ee33f7
38c19026b769c7a5244e2cff7dc42f984ad45f386be56d6ce9cc90ca6660d19f
415c1fcf329ae9f516bac67d7115629d54867e1a55e36b6e83128fd7814bc0b6
42484048f5245ad637917c4c7d2ce100e5fbaf0e8fc2c269b3b2232a00ab7883
42705c4f0d1b09faaf22b9feea8d04fb5fc62fb85000ee1ad440efaa4a7e7137
4c38c480257d11d0c83a583d51102abae794ec4138360d9fa188b01647b2e6e4
6c0d822d93813d2a3c107c875549aa610a05ba2dcc875541631685497fbc6a2e
6d01d4a3d2fbeb94874680325fabe844c18ce42081b720c522142d4a5c188595
902b0fdd97452e1e28245ae77ef112a7ee6228818c65131e883f16a87c4474e3
94a3ba50d3023f19bf0683baebfafc86a3a0a90a3688219d5500ae80965fe823
94ef87ee295c67526205d67124f404e246226105e939e14c435a20c29a956f49
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
bc2b16b51738b77d94ed7591ad1033fa804297ca9faaa35222aa65773f749164
caab9f46fc376fb4d1b30eb0750d57031865540e4e79a4a0381bcb2419882665
cbcfb303a1e7d1f9da8965565b535f4122f2de2f1f3ed9f61f3f9e2dad3dcf9d
d179449c767a9c1d8462ea075965823cdb2e8324a9eab990da5a47a809a26c1d
d7105eaa59679b5eb46feee7c147bad9db8ea3a69bbd396efbe7000847d5c647
d92303c4b5477ac3abcbf199ae83d0a6bf91773e6e13cb9d32acb8c67e561ba1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e486dbcd3259e4b3f304da6908e3a2591ee76db118449bfc8ca29b04d484ae06
f60a12c30abdc43edf5b53cc7e980dbbd58a653c3cf47cb62fad47d214eaa433
ffe34468ea7bcf1df50f7a8d5cc1e9976129d4a2e2906a36b8840bc6d0cb5b89

xpaycdn.azureedge.net Open in urlscan Pro 2620:1ec:bdf::60 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

32 Requests

97 %HTTPS

64 %IPv6

9 Domains

12 Subdomains

10 IPs

5 Countries

1659 kBTransfer

3765 kBSize

14 Cookies

0 Outgoing links

Redirected requests

32 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

xpaycdn.azureedge.net Open in urlscan Pro
2620:1ec:bdf::60 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

32
Requests

97 %
HTTPS

64 %
IPv6

9
Domains

12
Subdomains

10
IPs

5
Countries

1659 kB
Transfer

3765 kB
Size

14
Cookies

32 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!