urlscan.io logo urlscan.io
SecurityTrails logo

6cvyhceg3v2.wizzupload.com Open in urlscan Pro
185.196.10.27  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://catalog.ehgriffith.com/redirect.php?action=url&goto=simplicity-vinyl.com
Effective URL: https://6cvyhceg3v2.wizzupload.com/?auth=2
Submission: On October 09 via manual from BE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 5 domains to perform 14 HTTP transactions. The main IP is 185.196.10.27, located in United Kingdom and belongs to SWISSNETWORK02, SC. The main domain is 6cvyhceg3v2.wizzupload.com.
TLS certificate: Issued by R11 on October 8th 2024. Valid for: 3 months.
This is the only time 6cvyhceg3v2.wizzupload.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
2 2606:4700:303... 13335 (CLOUDFLAR...)
1 1 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 12 185.196.10.27 42624 (SWISSNETW...)
1 2620:1ec:a92:... 8068 (MICROSOFT...)
14 4
1    2606:4700:3031::6815:2511 (United States)

ASN13335 (CLOUDFLARENET, US)
catalog.ehgriffith.com
2    2606:4700:3030::6815:4491 (United States)

ASN13335 (CLOUDFLARENET, US)
simplicity-vinyl.com
1    2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)
vlufi.com
12    185.196.10.27 (United Kingdom)

ASN42624 (SWISSNETWORK02, SC)
6cvyhceg3v2.wizzupload.com
1    2620:1ec:a92::156 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
portal.microsoftonline.com
Apex Domain
Subdomains		 Transfer
12 wizzupload.com
6cvyhceg3v2.wizzupload.com
821 KB
2 simplicity-vinyl.com
simplicity-vinyl.com
1 KB
1 microsoftonline.com
portal.microsoftonline.com — Cisco Umbrella Rank: 30620
1 vlufi.com
vlufi.com
762 B
1 ehgriffith.com
catalog.ehgriffith.com
602 B
14 5
Domain Requested by
12 6cvyhceg3v2.wizzupload.com 1 redirects simplicity-vinyl.com
6cvyhceg3v2.wizzupload.com
2 simplicity-vinyl.com
1 portal.microsoftonline.com 6cvyhceg3v2.wizzupload.com
1 vlufi.com 1 redirects
1 catalog.ehgriffith.com 1 redirects
14 5

This site contains links to these domains. Also see Links.

Domain
www.microsoft.com
privacy.microsoft.com
Subject Issuer Validity Valid
simplicity-vinyl.com
WE1		 2024-10-09 -
2025-01-07		 3 months crt.sh
wizzupload.com
R11		 2024-10-08 -
2025-01-06		 3 months crt.sh
portal.office.com
Microsoft Azure RSA TLS Issuing CA 04		 2024-09-18 -
2025-09-13		 a year crt.sh

This page contains 2 frames:

Primary Page: https://6cvyhceg3v2.wizzupload.com/?auth=2
Frame ID: DFAA53C61C194F82566FA14365DDB332
Requests: 14 HTTP requests in this frame

Frame: https://portal.microsoftonline.com/Prefetch/Prefetch.aspx
Frame ID: 6DCEEEC0136D86FB327C32FC5D47C987
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

I6KYYocH8d

Page URL History Show full URLs

  1. https://catalog.ehgriffith.com/redirect.php?action=url&goto=simplicity-vinyl.com HTTP 302
    http://simplicity-vinyl.com/ HTTP 307
    https://simplicity-vinyl.com/ Page URL
  2. https://vlufi.com/?bjwanvlj HTTP 302
    https://6cvyhceg3v2.wizzupload.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovLzZjdnloY2... HTTP 302
    https://6cvyhceg3v2.wizzupload.com/?auth=2 Page URL

Page Statistics

14
Requests

100 %
HTTPS

80 %
IPv6

5
Domains

5
Subdomains

4
IPs

2
Countries

822 kB
Transfer

1127 kB
Size

13
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://catalog.ehgriffith.com/redirect.php?action=url&goto=simplicity-vinyl.com HTTP 302
    http://simplicity-vinyl.com/ HTTP 307
    https://simplicity-vinyl.com/ Page URL
  2. https://vlufi.com/?bjwanvlj HTTP 302
    https://6cvyhceg3v2.wizzupload.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovLzZjdnloY2VnM3YyLndpenp1cGxvYWQuY29tLyIsImRvbWFpbiI6IjZjdnloY2VnM3YyLndpenp1cGxvYWQuY29tIiwia2V5IjoiU3c0aVZabm1XQUhEIiwicXJjIjpudWxsLCJpYXQiOjE3Mjg0NTg5MjYsImV4cCI6MTcyODQ1OTA0Nn0._9KA63QFspjRhbAU78WEExIDFqjp3a_cWkJE62EuiBQ HTTP 302
    https://6cvyhceg3v2.wizzupload.com/?auth=2 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://catalog.ehgriffith.com/redirect.php?action=url&goto=simplicity-vinyl.com HTTP 302
  • http://simplicity-vinyl.com/ HTTP 307
  • https://simplicity-vinyl.com/

14 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
simplicity-vinyl.com/
Redirect Chain
  • https://catalog.ehgriffith.com/redirect.php?action=url&goto=simplicity-vinyl.com
  • http://simplicity-vinyl.com/
  • https://simplicity-vinyl.com/
93 B
590 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simplicity-vinyl.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::6815:4491 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cf-cache-status
DYNAMIC
cf-ray
8cfca7e09ec68ffe-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 09 Oct 2024 07:28:46 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sjxTWgjZl3oCr0HQorTwLfJhRGoWfjeXNo2VHad7YDxQJgMORj5kSsqBBhORZgA862uEb%2Fn7y51PC6ZsjHJpoWJ%2FtSjywJq%2BBjbD%2B23bd7wKXVPt%2Fznw3BGYXV6Hy72N6B3CFxgNwI8bH%2B4Kj2tuhjsEpg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
speculation-rules
"/cdn-cgi/speculation"
x-turbo-charged-by
LiteSpeed

Redirect headers

Location
https://simplicity-vinyl.com/
Non-Authoritative-Reason
HttpsUpgrades
speculation
simplicity-vinyl.com/cdn-cgi/ 		128 B
568 B 		Other
General
Check archive.org
Download Go to
Full URL
https://simplicity-vinyl.com/cdn-cgi/speculation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::6815:4491 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://simplicity-vinyl.com
Referer
https://simplicity-vinyl.com/

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c7qNenhj%2BsvbtQFliVVNzOvAgkffR8p%2BsMwcpU2L%2FBrvylghiIcj2zXTUkKsvgIuyynAF7sNhOmHpULHgwXBWiMlf89xdehM4%2FhAcJYPDm1SPXja3IQmQh4sLU96VXXtjtedK9KGjkwR%2Bri8mx5g%2FG%2Bzfg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8cfca7e4a98e8ffe-FRA
access-control-allow-origin
https://simplicity-vinyl.com
content-length
128
date
Wed, 09 Oct 2024 07:28:46 GMT
content-type
application/speculationrules+json
vary
Origin, Accept-Encoding
server
cloudflare
Primary Request /
6cvyhceg3v2.wizzupload.com/
Redirect Chain
  • https://vlufi.com/?bjwanvlj
  • https://6cvyhceg3v2.wizzupload.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovLzZjdnloY2VnM3YyLndpenp1cGxvYWQuY29tLyIsImRvbWFpbiI6IjZjdnloY2VnM3YyLndpenp1cGxvYWQuY29tIiwia2V5...
  • https://6cvyhceg3v2.wizzupload.com/?auth=2
38 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://6cvyhceg3v2.wizzupload.com/?auth=2
Requested by
Host: simplicity-vinyl.com
URL: https://simplicity-vinyl.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.196.10.27 , United Kingdom, ASN42624 (SWISSNETWORK02, SC),
Reverse DNS
Software
/
Resource Hash
84fbf5c033b1573b4017f38c59f658870da3093b5c696522d30b75648c8ad06e
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://simplicity-vinyl.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Cache-Control
no-store, no-cache
Connection
close
Content-Encoding
gzip
Content-Security-Policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Content-Type
text/html; charset=utf-8
Date
Wed, 09 Oct 2024 07:28:47 GMT
Expires
-1
Link
<https://aadcdn.msauth.net>; rel=preconnect; crossorigin,<https://aadcdn.msauth.net>; rel=dns-prefetch,<https://aadcdn.msftauth.net>; rel=dns-prefetch
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
content-length
38924
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
x-ms-ests-server
2.1.19005.9 - NEULR1 ProdSlices
x-ms-request-id
a2055e2e-117e-48d8-b1b3-ade9d82d7a00
x-ms-srs
1.P

Redirect headers

Connection
keep-alive
Date
Wed, 09 Oct 2024 07:28:47 GMT
Keep-Alive
timeout=5
Transfer-Encoding
chunked
location
/?auth=2
converged.v2.login.min_qzvqnltrxpy99ajspyxbgq2.css
6cvyhceg3v2.wizzupload.com/aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/ 		111 KB
21 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://6cvyhceg3v2.wizzupload.com/aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_qzvqnltrxpy99ajspyxbgq2.css
Requested by
Host: 6cvyhceg3v2.wizzupload.com
URL: https://6cvyhceg3v2.wizzupload.com/?auth=2
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.196.10.27 , United Kingdom, ASN42624 (SWISSNETWORK02, SC),
Reverse DNS
Software
/
Resource Hash
1f8ceb44fe7cfcf7e71dbd5122210335ca3821d697a851d2900b95af7d92d69d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://6cvyhceg3v2.wizzupload.com/?auth=2

Response headers

Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Content-Encoding
gzip
x-ms-version
2009-09-19
ETag
0x8DC9BA9D4131BFD
x-ms-lease-status
unlocked
x-fd-int-roxy-purgeid
0
X-Cache
TCP_HIT
Date
Wed, 09 Oct 2024 07:28:47 GMT
Content-Type
text/css
Last-Modified
Wed, 03 Jul 2024 21:48:08 GMT
Cache-Control
public, max-age=31536000
Connection
close
x-ms-request-id
9016c601-a01e-0062-3579-170171000000
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Content-Length
20414
x-azure-ref
20241009T072847Z-1668457d99cs4ddnh66vhek0v800000005ag000000006gg6
x-ms-blob-type
BlockBlob
ConvergedLogin_PCore_ELtAAt2Ya8ISGuc0PJcBKA2.js
6cvyhceg3v2.wizzupload.com/aadcdn.msauth.net/~/shared/1.0/content/js/ 		673 KB
673 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://6cvyhceg3v2.wizzupload.com/aadcdn.msauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_ELtAAt2Ya8ISGuc0PJcBKA2.js
Requested by
Host: 6cvyhceg3v2.wizzupload.com
URL: https://6cvyhceg3v2.wizzupload.com/?auth=2
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.196.10.27 , United Kingdom, ASN42624 (SWISSNETWORK02, SC),
Reverse DNS
Software
/
Resource Hash
6665ca6a09f770c6679556eb86cf4234c8bdb0271049620e03199b34b4a16099

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://6cvyhceg3v2.wizzupload.com/?auth=2

Response headers

Content-Length
689017
Keep-Alive
timeout=5
Date
Wed, 09 Oct 2024 07:28:47 GMT
Content-Type
application/x-javascript
Connection
keep-alive
ux.converged.login.strings-de.min_ko72obxvu9yj3q3_akvs9q2.js
6cvyhceg3v2.wizzupload.com/aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/ 		63 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://6cvyhceg3v2.wizzupload.com/aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-de.min_ko72obxvu9yj3q3_akvs9q2.js
Requested by
Host: 6cvyhceg3v2.wizzupload.com
URL: https://6cvyhceg3v2.wizzupload.com/?auth=2
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.196.10.27 , United Kingdom, ASN42624 (SWISSNETWORK02, SC),
Reverse DNS
Software
/
Resource Hash
b9df4bf16fcb24c8da35cf1a1e891f5a4c8d4bceb89a7cf1ffd5a0f29a6d43ba
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://6cvyhceg3v2.wizzupload.com/?auth=2

Response headers

Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Content-Encoding
gzip
x-ms-version
2009-09-19
ETag
0x8DCC6D5379BFE3A
x-ms-lease-status
unlocked
x-fd-int-roxy-purgeid
0
X-Cache
TCP_HIT
Date
Wed, 09 Oct 2024 07:28:47 GMT
Content-Type
application/x-javascript
Last-Modified
Tue, 27 Aug 2024 20:17:04 GMT
Content-Security-Policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Cache-Control
public, max-age=31536000
Connection
close
x-ms-request-id
2b7565b9-901e-0069-364a-17fa1a000000
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
content-length
64483
x-azure-ref
20241009T072847Z-1668457d99c6p8vl6edh2ctq1g00000005ag0000000084bs
x-ms-blob-type
BlockBlob
truncated
/ 		341 B
0 		Script
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
90682803943448f3acffc81014c87fdd71f30d8cf97335fcea451fac1e568221

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
text/javascript
Me.htm
6cvyhceg3v2.wizzupload.com/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://6cvyhceg3v2.wizzupload.com/Me.htm?v=3
Requested by
Host: 6cvyhceg3v2.wizzupload.com
URL: https://6cvyhceg3v2.wizzupload.com/?auth=2
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.196.10.27 , United Kingdom, ASN42624 (SWISSNETWORK02, SC),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://6cvyhceg3v2.wizzupload.com/?auth=2

Response headers

x-ms-srs
1.P
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Cache-Control
private
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
x-ms-ests-server
2.1.19005.9 - FRC ProdSlices
Connection
close
Referrer-Policy
strict-origin-when-cross-origin
x-ms-request-id
9749a162-7e03-4581-913d-d065c39b6d00
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
Content-Length
0
Date
Wed, 09 Oct 2024 07:28:47 GMT
convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js
6cvyhceg3v2.wizzupload.com/aadcdn.msauth.net/~/shared/1.0/content/js/asyncchunk/ 		107 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://6cvyhceg3v2.wizzupload.com/aadcdn.msauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js
Requested by
Host: 6cvyhceg3v2.wizzupload.com
URL: https://6cvyhceg3v2.wizzupload.com/aadcdn.msauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_ELtAAt2Ya8ISGuc0PJcBKA2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.196.10.27 , United Kingdom, ASN42624 (SWISSNETWORK02, SC),
Reverse DNS
Software
/
Resource Hash
5f5fbee72883732799d75f6c08679ed8a6e769ae4f3afdcd3721103a481afa80
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://6cvyhceg3v2.wizzupload.com/?auth=2

Response headers

X-Cache-Info
L1_T2
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Content-Encoding
gzip
x-ms-version
2009-09-19
ETag
0x8DAFF34DD9DC630
x-ms-lease-status
unlocked
x-fd-int-roxy-purgeid
0
X-Cache
TCP_HIT
Date
Wed, 09 Oct 2024 07:28:48 GMT
Content-Type
application/x-javascript
Last-Modified
Thu, 26 Jan 2023 00:32:54 GMT
Content-Security-Policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Cache-Control
public, max-age=31536000
Connection
close
x-ms-request-id
c115bda8-501e-0051-77a1-152965000000
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
content-length
109863
x-azure-ref
20241009T072848Z-1588498f885lzdcmx4fbsmgrk800000008vg00000000k90c
x-ms-blob-type
BlockBlob
Prefetch.aspx
portal.microsoftonline.com/Prefetch/ Frame 6DCE 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://portal.microsoftonline.com/Prefetch/Prefetch.aspx
Requested by
Host: 6cvyhceg3v2.wizzupload.com
URL: https://6cvyhceg3v2.wizzupload.com/aadcdn.msauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_ELtAAt2Ya8ISGuc0PJcBKA2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:a92::156 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://6cvyhceg3v2.wizzupload.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control
no-store, no-cache
content-length
1245
content-type
text/html
date
Wed, 09 Oct 2024 07:28:47 GMT
x-cache
CONFIG_NOCACHE
x-content-type-options
nosniff
x-ms-correlation-id
7695d9a9-3bdf-4985-bf9e-ef9383a9d640
x-msedge-ref
Ref A: 5FC40369DB7542DB95A9AFB8FB8DBD5E Ref B: AMS231032603007 Ref C: 2024-10-09T07:28:47Z
x-ua-compatible
IE=Edge
2_bc3d32a696895f78c19df6c717586a5d.svg
6cvyhceg3v2.wizzupload.com/aadcdn.msauth.net/~/shared/1.0/content/images/backgrounds/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://6cvyhceg3v2.wizzupload.com/aadcdn.msauth.net/~/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.196.10.27 , United Kingdom, ASN42624 (SWISSNETWORK02, SC),
Reverse DNS
Software
/
Resource Hash
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://6cvyhceg3v2.wizzupload.com/?auth=2

Response headers

Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Content-Encoding
gzip
x-ms-version
2009-09-19
ETag
0x8D7B0071D86E386
x-ms-lease-status
unlocked
x-fd-int-roxy-purgeid
0
X-Cache
TCP_HIT
Date
Wed, 09 Oct 2024 07:28:48 GMT
Content-Type
image/svg+xml
Last-Modified
Wed, 12 Feb 2020 22:01:30 GMT
Cache-Control
public, max-age=31536000
Connection
close
x-ms-request-id
389a5f3e-401e-003f-13aa-157c4a000000
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Content-Length
673
x-azure-ref
20241009T072848Z-r15dd9fcfbb5dk8g845hwpdcaw00000008rg00000000k9fw
x-ms-blob-type
BlockBlob
microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
6cvyhceg3v2.wizzupload.com/aadcdn.msauth.net/~/shared/1.0/content/images/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://6cvyhceg3v2.wizzupload.com/aadcdn.msauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.196.10.27 , United Kingdom, ASN42624 (SWISSNETWORK02, SC),
Reverse DNS
Software
/
Resource Hash
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://6cvyhceg3v2.wizzupload.com/?auth=2

Response headers

Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Content-Encoding
gzip
x-ms-version
2009-09-19
ETag
0x8D79B8373CB2849
x-ms-lease-status
unlocked
x-fd-int-roxy-purgeid
0
X-Cache
TCP_HIT
Date
Wed, 09 Oct 2024 07:28:48 GMT
Content-Type
image/svg+xml
Last-Modified
Fri, 17 Jan 2020 19:28:38 GMT
Cache-Control
public, max-age=31536000
Connection
close
x-ms-request-id
3fd665e6-801e-0004-1e63-1771fc000000
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Content-Length
1435
x-azure-ref
20241009T072848Z-1668457d99c49m871ag0u7ksr4000000059g000000009be7
x-ms-blob-type
BlockBlob
convergedlogin_pstringcustomizationhelper_76bb127b5869a5c6b8b3.js
6cvyhceg3v2.wizzupload.com/aadcdn.msauth.net/~/shared/1.0/content/js/asyncchunk/ 		111 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://6cvyhceg3v2.wizzupload.com/aadcdn.msauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_76bb127b5869a5c6b8b3.js
Requested by
Host: 6cvyhceg3v2.wizzupload.com
URL: https://6cvyhceg3v2.wizzupload.com/aadcdn.msauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_ELtAAt2Ya8ISGuc0PJcBKA2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.196.10.27 , United Kingdom, ASN42624 (SWISSNETWORK02, SC),
Reverse DNS
Software
/
Resource Hash
2516ef9d75f7088bea081c0b2cf357d4e0055ca3a508972247346e5ee5828400
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://6cvyhceg3v2.wizzupload.com/?auth=2

Response headers

X-Cache-Info
L1_T2
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Content-Encoding
gzip
x-ms-version
2009-09-19
ETag
0x8DAFF34DE8E0647
x-ms-lease-status
unlocked
x-fd-int-roxy-purgeid
4554691
X-Cache
TCP_HIT
Date
Wed, 09 Oct 2024 07:28:48 GMT
Content-Type
application/x-javascript
Last-Modified
Thu, 26 Jan 2023 00:32:56 GMT
Content-Security-Policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Cache-Control
public, max-age=31536000
Connection
close
x-ms-request-id
df75bce8-301e-0011-368f-19664f000000
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
content-length
113440
x-azure-ref
20241009T072848Z-r15dd9fcfbbnmvqcng0ccugdns00000008z0000000006wk0
x-ms-blob-type
BlockBlob
favicon_a_eupayfgghqiai7k9sol6lg2.ico
6cvyhceg3v2.wizzupload.com/aadcdn.msauth.net/~/shared/1.0/content/images/ 		17 KB
17 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://6cvyhceg3v2.wizzupload.com/aadcdn.msauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.196.10.27 , United Kingdom, ASN42624 (SWISSNETWORK02, SC),
Reverse DNS
Software
/
Resource Hash
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://6cvyhceg3v2.wizzupload.com/?auth=2

Response headers

Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
ETag
0x8D8731230C851A6
x-fd-int-roxy-purgeid
0
X-Cache
TCP_HIT
Date
Wed, 09 Oct 2024 07:28:48 GMT
Content-Type
image/x-icon
Last-Modified
Sun, 18 Oct 2020 03:02:03 GMT
Cache-Control
public, max-age=31536000
Connection
close
x-ms-request-id
4021826c-b01e-007d-5948-178dd8000000
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Content-Length
17174
x-azure-ref
20241009T072848Z-1668457d99c98q4lncar3qrbe400000005a000000000d0fk
x-ms-blob-type
BlockBlob
signin-options_4e48046ce74f4b89d45037c90576bfac.svg
6cvyhceg3v2.wizzupload.com/aadcdn.msauth.net/~/shared/1.0/content/images/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://6cvyhceg3v2.wizzupload.com/aadcdn.msauth.net/~/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.196.10.27 , United Kingdom, ASN42624 (SWISSNETWORK02, SC),
Reverse DNS
Software
/
Resource Hash
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://6cvyhceg3v2.wizzupload.com/?auth=2

Response headers

Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Content-Encoding
gzip
x-ms-version
2009-09-19
ETag
0x8D8852A7FA6B761
x-ms-lease-status
unlocked
x-fd-int-roxy-purgeid
0
X-Cache
TCP_HIT
Date
Wed, 09 Oct 2024 07:28:48 GMT
Content-Type
image/svg+xml
Last-Modified
Tue, 10 Nov 2020 03:41:24 GMT
Cache-Control
public, max-age=31536000
Connection
close
x-ms-request-id
ed2f19c2-f01e-007c-0d5e-17d204000000
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Content-Length
621
x-azure-ref
20241009T072848Z-1668457d99c7lgjtkgyr614t7s00000005dg00000000g07g
x-ms-blob-type
BlockBlob

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| c object| $Config object| $Debug object| $Do function| $Loader object| $WebWatson function| GetString function| GetErrorString function| GetUrl object| $B object| ServerData object| webpackJsonp object| ko object| PROOF object| StringRepository object| Telemetry object| telemetry_webpackJsonp boolean| __ConvergedLogin_PCore boolean| __ boolean| __convergedlogin_pcustomizationloader_80e93b9a4cb13643afca boolean| __convergedlogin_pstringcustomizationhelper_76bb127b5869a5c6b8b3

13 Cookies

Domain/Path Name / Value
catalog.ehgriffith.com/ Name: osCsid
Value: r8qeml8ccq6bsfokqgqb6mvno2
vlufi.com/ Name: qPdM
Value: Sw4iVZnmWAHD
vlufi.com/ Name: qPdM.sig
Value: hg7W_MpgwYGQN2q-wPbq_4m2g_4
6cvyhceg3v2.wizzupload.com/ Name: qPdM
Value: Sw4iVZnmWAHD
6cvyhceg3v2.wizzupload.com/ Name: qPdM.sig
Value: hg7W_MpgwYGQN2q-wPbq_4m2g_4
6cvyhceg3v2.wizzupload.com/ Name: buid
Value: 0.ATwAqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFegVfJFOD-eLQoAi0cOfij50PBuJPLppgejZUJwm7qJ3ScK10UYTxLxw-b-xUj2xacfDqCMmsGv90y6vdfRmV2R84_EbieHmJDqciBiT3lC4ogAA
.6cvyhceg3v2.wizzupload.com/ Name: esctx
Value: PAQABBwEAAADW6jl31mB3T7ugrWTT8pFe4aFPiACaq_AjMxm6q3j_1BM_6LGNKO9JjiaeGmZdGaZKRi7IYOZz5gIqVCk5Q1LUd7DIqliJNiooNkEOs_OCJc5ojcY0V9mQBKvXGB4ilx-2sKac5Uu2IDXV_LKJIEJy510LmKnIZmskVAVx2HiXcWZvg8pjmEGzAwudFHvxo8ggAA
.6cvyhceg3v2.wizzupload.com/ Name: esctx-hhfIeRm38xc
Value: AQABCQEAAADW6jl31mB3T7ugrWTT8pFegTReGWizaVx2YaA-iNJ9kPZmBxbuFEnrsypnjQbVmUABqeTAji7SXVqvivEiYa_bgxxx68__E3_NRgv-e5gqaGLWwcun2cuj4MmE69_v7sE0gWok0vLnszVH8Ktlr8JRctptCbLbPLDNgmzz02fC8CAA
6cvyhceg3v2.wizzupload.com/ Name: fpc
Value: ApKzqbnGxIxLmzjkxeChj9e4vjNwAQAAAK8nmN4OAAAA
6cvyhceg3v2.wizzupload.com/ Name: x-ms-gateway-slice
Value: estsfd
6cvyhceg3v2.wizzupload.com/ Name: stsservicecookie
Value: estsfd
.6cvyhceg3v2.wizzupload.com/ Name: brcap
Value: 0
portal.microsoftonline.com/ Name: s.SessID
Value: 5e52ceba-27cf-4ac4-8ae2-ade3f6662273

1 Console Messages

Source Level URL
Text
network error URL: https://6cvyhceg3v2.wizzupload.com/Me.htm?v=3
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)