urlscan.io logo urlscan.io
SecurityTrails logo

oval.az Open in urlscan Pro
2606:4700:3037::6815:8a6  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://oval.az/license.html
Submission Tags: falconsandbox
Submission: On November 25 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 1 countries across 5 domains to perform 10 HTTP transactions. The main IP is 2606:4700:3037::6815:8a6, located in United States and belongs to CLOUDFLARENET, US. The main domain is oval.az.
TLS certificate: Issued by WE1 on November 5th 2024. Valid for: 3 months.
This is the only time oval.az was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
2 7 2606:4700:303... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:2800:233... 15133 (EDGECAST)
10 4
Apex Domain
Subdomains		 Transfer
7 oval.az
oval.az
196 KB
1 msftauth.net
aadcdn.msftauth.net — Cisco Umbrella Rank: 876
2 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 225
7 KB
0 openfpcdn.io Failed
openfpcdn.io Failed
0 ipify.org Failed
api.ipify.org Failed
10 5
Domain Requested by
7 oval.az 2 redirects oval.az
1 aadcdn.msftauth.net
1 cdnjs.cloudflare.com oval.az
0 openfpcdn.io Failed oval.az
0 api.ipify.org Failed oval.az
10 5

This site contains no links.

Subject Issuer Validity Valid
oval.az
WE1		 2024-11-05 -
2025-02-03		 3 months crt.sh
cdnjs.cloudflare.com
WE1		 2024-09-28 -
2024-12-27		 3 months crt.sh
aadcdn.msftauth.net
DigiCert SHA2 Secure Server CA		 2024-05-25 -
2025-05-25		 a year crt.sh

This page contains 1 frames:

Primary Page: https://oval.az/license.html
Frame ID: 7766085661A676E86139C376941B39F7
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Confirm you're not a robot.

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/

Page Statistics

10
Requests

50 %
HTTPS

100 %
IPv6

5
Domains

5
Subdomains

4
IPs

1
Countries

204 kB
Transfer

499 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3
  • https://oval.az/favicon.ico HTTP 302
  • https://oval.az/wp-includes/images/w-logo-blue-white-bg.png
Request Chain 8
  • https://oval.az/favicon.ico HTTP 302
  • https://oval.az/wp-includes/images/w-logo-blue-white-bg.png

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request license.html
oval.az/ 		18 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://oval.az/license.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::6815:8a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f999813f84504ab779a94ee59c3e9e1bd788376b044a18734534cce0162a1b62
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8e83e536097fdcb1-FRA
content-encoding
zstd
content-type
text/html
date
Mon, 25 Nov 2024 19:02:50 GMT
last-modified
Tue, 12 Nov 2024 00:40:43 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yp%2FwZ26Fw7Ftbc7n%2ByY4GsO7asnlXuAdfCqBvqCxyYBYpoNjLiE3GfQbIA95RblilHqRU0ucklPNpmzIh5j2h5H%2FfG4OJzSg8xbHHpeDr8r8%2FSFlL1R45KTub1tJesHXX2fb0v4Z"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=20664&sent=11&recv=9&lost=0&retrans=0&sent_bytes=4113&recv_bytes=4388&delivery_rate=28772&cwnd=12000&unsent_bytes=0&cid=58232678e015d2ff&ts=63&x=1" cfHdrFlush;dur=0
strict-transport-security
max-age=15552000; includeSubDomains; preload
vary
accept-encoding
x-content-type-options
nosniff
rocket-loader.min.js
oval.az/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://oval.az/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Requested by
Host: oval.az
URL: https://oval.az/license.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::6815:8a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://oval.az/license.html

Response headers

strict-transport-security
max-age=15552000; includeSubDomains; preload
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control
max-age=172800, public
content-encoding
gzip
etag
W/"673dd3d6-302c"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6vole%2FySpEdixzj1uyMZPQA7WkZ%2FVgzT%2BRnqDoyxiQKVP2%2BzJZgv8V0TdwGhlsvyQR2zHXF%2B53YkJZU0cXrNxYjcWQ0YbdArHwcqm211T1tZIl%2BkB1UBsA3dVmwdsedju3vm4Lxm"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
cf-ray
8e83e5367b17dcb1-FRA
expires
Wed, 27 Nov 2024 19:02:50 GMT
date
Mon, 25 Nov 2024 19:02:50 GMT
content-type
application/javascript
last-modified
Wed, 20 Nov 2024 12:19:34 GMT
vary
Accept-Encoding
server
cloudflare
x-frame-options
DENY
ua-parser.min.js
cdnjs.cloudflare.com/ajax/libs/UAParser.js/0.7.31/ 		15 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/UAParser.js/0.7.31/ua-parser.min.js
Requested by
Host: oval.az
URL: https://oval.az/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
02ea3dec8a4dd3072385528e010e2231083736143c4eb1c6741dc103ade99bf4
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://oval.az/

Response headers

cf-cdnjs-via
cfworker/kv
content-encoding
br
cf-cache-status
HIT
etag
"6179331d-186c"
age
430345
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U%2F4fCkRtb86rSFlJda6a6xm3J3x%2BFtu%2Fa2oVRi2D0qytCeuwjEw4OVZhv0iM99gx7V53HsuyIEcbBQzvQKtX9ZJEgzKk8J0hJyqIw2KKce5Z%2BxbtLlrOZ5qTkJVr1cNOUqfIeVaBw1Lqu%2FrbWIZlqGvY"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
Sat, 15 Nov 2025 19:02:50 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Mon, 25 Nov 2024 19:02:50 GMT
content-type
application/javascript; charset=utf-8
last-modified
Wed, 27 Oct 2021 11:08:13 GMT
vary
Accept-Encoding
priority
u=1,i=?0
strict-transport-security
max-age=15780000
cache-control
public, max-age=30672000
timing-allow-origin
*
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy
cross-origin
cf-ray
8e83e536cb8dd22a-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
6252
server
cloudflare
xmlrpc.js
oval.az/ 		442 KB
181 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://oval.az/xmlrpc.js
Requested by
Host: oval.az
URL: https://oval.az/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::6815:8a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ade1b836718f2ed527d47bd6f657735d74165840fb4983a9e7b56a862a9f9220
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://oval.az/license.html

Response headers

strict-transport-security
max-age=15552000; includeSubDomains; preload
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
zstd
cf-cache-status
REVALIDATED
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sG%2FquYvRQYok90OF5xbul9uVS6Zq9sS2xpOb%2FXQFG38D%2BqZVubqi2jmJCX1itRXxaYKYkCmsIg3cjqH3M05zGXtlEFLDGr1l4xDHk37H5f38gQ%2BygCSvs3z%2FdpPJqAkVLAw7c5R6"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
cf-ray
8e83e536abfadcb1-FRA
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=25797&sent=24&recv=17&lost=0&retrans=0&sent_bytes=13542&recv_bytes=5532&delivery_rate=198404&cwnd=12000&unsent_bytes=0&cid=58232678e015d2ff&ts=162&x=1", cfHdrFlush;dur=0
date
Mon, 25 Nov 2024 19:02:50 GMT
content-type
application/javascript
last-modified
Tue, 12 Nov 2024 00:40:10 GMT
vary
Accept-Encoding
server
cloudflare
w-logo-blue-white-bg.png
oval.az/wp-includes/images/
Redirect Chain
  • https://oval.az/favicon.ico
  • https://oval.az/wp-includes/images/w-logo-blue-white-bg.png
4 KB
5 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://oval.az/wp-includes/images/w-logo-blue-white-bg.png
Protocol
H3
Server
2606:4700:3037::6815:8a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6bdb369337ac2496761c6f063bffea0aa6a91d4662279c399071a468251f51f0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://oval.az/license.html

Response headers

cf-cache-status
MISS
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E8iZEcu0bb0qwb0jN5Rl750N6rYWy3mjoy4QqYKKIf2%2BTJwaOUeRR7o09RcwLpj5ylHHxr6EUfjgbTiM7gMDj9QP%2FLDLIE8fB8SM7ACAVkJgYWF5kmaRlPTlcdGCs6vzMBgAQ9St"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=21436&sent=187&recv=67&lost=0&retrans=0&sent_bytes=204164&recv_bytes=8061&delivery_rate=33642&cwnd=100800&unsent_bytes=0&cid=58232678e015d2ff&ts=478&x=1", cfHdrFlush;dur=0
date
Mon, 25 Nov 2024 19:02:51 GMT
content-type
image/png
last-modified
Thu, 21 May 2020 09:10:12 GMT
vary
Accept-Encoding
strict-transport-security
max-age=15552000; includeSubDomains; preload
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8e83e538aaf0dcb1-FRA
accept-ranges
bytes
content-length
4119
server
cloudflare

Redirect headers

x-redirect-by
WordPress
strict-transport-security
max-age=15552000; includeSubDomains; preload
link
<https://oval.az/wp-json/>; rel="https://api.w.org/"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
location
https://oval.az/wp-includes/images/w-logo-blue-white-bg.png
cf-cache-status
BYPASS
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uBsAVJhuePvtIk5Uu%2B2MCpwxp%2BCzTfNurQEYzB5%2FB6cze%2Fg3lSjc59ytY5BLtcT8IxUp4x8Mai1nvRC0JAI7BbxN4UrZRQpWEqvdwQWH5%2Fd%2F9oo1M33KERw55sN%2BISpDPs71bLYD"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
cf-ray
8e83e536abfcdcb1-FRA
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=21513&sent=185&recv=66&lost=0&retrans=0&sent_bytes=203378&recv_bytes=7688&delivery_rate=3039995&cwnd=100800&unsent_bytes=0&cid=58232678e015d2ff&ts=423&x=1", cfHdrFlush;dur=0
date
Mon, 25 Nov 2024 19:02:50 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
cloudflare
/
api.ipify.org/ 		0
0
/
api.ipify.org/ 		0
0
microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
aadcdn.msftauth.net/shared/1.0/content/images/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CFA) /
Resource Hash
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://oval.az/

Response headers

content-md5
nzaLxFgP7ZB3dfMcaybWzw==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-lease-status
unlocked
etag
0x8D79A1B9F5E121A
age
21309582
x-ms-version
2009-09-19
x-cache
HIT
date
Mon, 25 Nov 2024 19:02:51 GMT
content-type
image/svg+xml
last-modified
Thu, 16 Jan 2020 00:32:52 GMT
vary
Accept-Encoding
cache-control
public, max-age=31536000
x-ms-request-id
75ef2987-a01e-0051-099d-7d1217000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
1435
x-ms-blob-type
BlockBlob
server
ECAcc (frc/4CFA)
v1
openfpcdn.io/botd/ 		0
0
w-logo-blue-white-bg.png
oval.az/wp-includes/images/
Redirect Chain
  • https://oval.az/favicon.ico
  • https://oval.az/wp-includes/images/w-logo-blue-white-bg.png
4 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
https://oval.az/wp-includes/images/w-logo-blue-white-bg.png
Protocol
H3
Server
2606:4700:3037::6815:8a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6bdb369337ac2496761c6f063bffea0aa6a91d4662279c399071a468251f51f0
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://oval.az/Download_files-Onedrive2024-3277492

Response headers

cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status
MISS
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E8iZEcu0bb0qwb0jN5Rl750N6rYWy3mjoy4QqYKKIf2%2BTJwaOUeRR7o09RcwLpj5ylHHxr6EUfjgbTiM7gMDj9QP%2FLDLIE8fB8SM7ACAVkJgYWF5kmaRlPTlcdGCs6vzMBgAQ9St"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
cf-ray
8e83e538aaf0dcb1-FRA
accept-ranges
bytes
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=21436&sent=187&recv=67&lost=0&retrans=0&sent_bytes=204164&recv_bytes=8061&delivery_rate=33642&cwnd=100800&unsent_bytes=0&cid=58232678e015d2ff&ts=478&x=1", cfHdrFlush;dur=0
content-length
4119
date
Mon, 25 Nov 2024 19:02:51 GMT
content-type
image/png
last-modified
Thu, 21 May 2020 09:10:12 GMT
vary
Accept-Encoding
server
cloudflare

Redirect headers

x-redirect-by
WordPress
strict-transport-security
max-age=15552000; includeSubDomains; preload
link
<https://oval.az/wp-json/>; rel="https://api.w.org/"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
location
https://oval.az/wp-includes/images/w-logo-blue-white-bg.png
cf-cache-status
BYPASS
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D8o6ZA4iLRUN9j8pGe18B9CDg%2BioCt6LU5jrYYoSTcjuqKbrUhcp6RcsqisHJsV9Qv%2F4KAc2jLxb8W7VRw4nq83cstr9HP37OexddjVp4MJrp4fgpIzBuqEXRLH9imixh2vI9ozt"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
cf-ray
8e83e5516a69dcb1-FRA
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=21324&sent=193&recv=69&lost=0&retrans=0&sent_bytes=209070&recv_bytes=8465&delivery_rate=84234&cwnd=100800&unsent_bytes=0&cid=58232678e015d2ff&ts=4667&x=1", cfHdrFlush;dur=0
date
Mon, 25 Nov 2024 19:02:55 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
cloudflare

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
api.ipify.org
URL
https://api.ipify.org/?format=json
Domain
api.ipify.org
URL
https://api.ipify.org/?format=json
Domain
openfpcdn.io
URL
https://openfpcdn.io/botd/v1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

34 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| __cfQR function| _0x31c275 object| BlockedRedirect object| blockedIps function| getRandomElement function| generateRandomNumber function| _0x2a3c function| _0x5230a3 function| generateRandomUrl function| updateUrl function| _0x1f8f38 function| handleClick function| getVisitorIP function| _0x5603aa function| checkAndRedirect function| _0x17b4 object| BOOKS function| setupBranding function| isBotUserAgent function| fetchUserIp function| _0x5e110e function| sendMessageToTelegram function| logActivity function| getFormattedDateAndTime function| generateCaptcha function| getIconSVG function| lightenColor function| checkColor function| startCountdown function| _0x1eb99e function| UAParser function| checkers function| redirectToshop boolean| __cfRLUnblockHandlers

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff