urlscan.io logo urlscan.io
SecurityTrails logo

hncr.sattawatsk.com Open in urlscan Pro
64.226.89.54  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://hncr.sattawatsk.com/?0iQ3Ma=Wj
Effective URL: https://hncr.sattawatsk.com/?0iQ3Ma=Wj&sso_reload=true
Submission Tags: falconsandbox
Submission: On July 05 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 20 HTTP transactions. The main IP is 64.226.89.54, located in Frankfurt am Main, Germany and belongs to DIGITALOCEAN-ASN, US. The main domain is hncr.sattawatsk.com.
TLS certificate: Issued by E6 on July 5th 2024. Valid for: 3 months.
This is the only time hncr.sattawatsk.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 17 64.226.89.54 14061 (DIGITALOC...)
3 142.250.185.68 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
20 3
Domain Requested by
9 90476dfb-5faf3225.sattawatsk.com hncr.sattawatsk.com
90476dfb-5faf3225.sattawatsk.com
5 hncr.sattawatsk.com 1 redirects 6a27f662-5faf3225.sattawatsk.com
3 www.google.com hncr.sattawatsk.com
www.gstatic.com
1 8d417851-5faf3225.sattawatsk.com 90476dfb-5faf3225.sattawatsk.com
1 l1ve.sattawatsk.com hncr.sattawatsk.com
1 6a27f662-5faf3225.sattawatsk.com hncr.sattawatsk.com
1 www.gstatic.com www.google.com
20 7

This site contains no links.

Subject Issuer Validity Valid
sattawatsk.com
E6		 2024-07-05 -
2024-10-03		 3 months crt.sh
*.google.com
WR2		 2024-06-13 -
2024-09-05		 3 months crt.sh
*.gstatic.com
WR2		 2024-06-13 -
2024-09-05		 3 months crt.sh

This page contains 4 frames:

Primary Page: https://hncr.sattawatsk.com/?0iQ3Ma=Wj&sso_reload=true
Frame ID: B57A303F76457640D55E8237C9B175F8
Requests: 17 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcTJQkqAAAAABejzQwsvqlI_8L0CVlw9rWnGTD-&co=aHR0cHM6Ly9obmNyLnNhdHRhd2F0c2suY29tOjQ0Mw..&hl=de&v=rKbTvxTxwcw5VqzrtN-ICwWt&size=normal&cb=frn2xxg7j0h7
Frame ID: 39B80C5BDE6362353883AE5A562F16AE
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=de&v=rKbTvxTxwcw5VqzrtN-ICwWt&k=6LcTJQkqAAAAABejzQwsvqlI_8L0CVlw9rWnGTD-
Frame ID: EE7B0BF715EBFEF42B8C00855FB8E86F
Requests: 1 HTTP requests in this frame

Frame: https://8d417851-5faf3225.sattawatsk.com/Prefetch/Prefetch.aspx
Frame ID: 7A4C01253E4B3DA89AFF8A3A74348E39
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Bei Ihrem Konto anmelden

Page URL History Show full URLs

  1. https://hncr.sattawatsk.com/?0iQ3Ma=Wj Page URL
  2. https://hncr.sattawatsk.com/ HTTP 302
    https://hncr.sattawatsk.com/?0iQ3Ma=Wj Page URL
  3. https://hncr.sattawatsk.com/?0iQ3Ma=Wj&sso_reload=true Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

20
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

7
Subdomains

3
IPs

2
Countries

756 kB
Transfer

2268 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://hncr.sattawatsk.com/?0iQ3Ma=Wj Page URL
  2. https://hncr.sattawatsk.com/ HTTP 302
    https://hncr.sattawatsk.com/?0iQ3Ma=Wj Page URL
  3. https://hncr.sattawatsk.com/?0iQ3Ma=Wj&sso_reload=true Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4
  • https://hncr.sattawatsk.com/ HTTP 302
  • https://hncr.sattawatsk.com/?0iQ3Ma=Wj

20 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
hncr.sattawatsk.com/ 		156 KB
62 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://hncr.sattawatsk.com/?0iQ3Ma=Wj
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.226.89.54 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
ef4e15895fefbe0346ee6c2de55ba6d46d529b638738704285492cc58661c30a

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

content-encoding
gzip
content-type
text/html; charset=utf-8
date
Fri, 05 Jul 2024 22:47:07 GMT
server
nginx
vary
Accept-Encoding
api.js
www.google.com/recaptcha/ 		1 KB
961 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js
Requested by
Host: hncr.sattawatsk.com
URL: https://hncr.sattawatsk.com/?0iQ3Ma=Wj
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.68 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f4.1e100.net
Software
GSE /
Resource Hash
df85e001ce72e46c578531cf3ea8bbb0712a4af63abc112d9d633e474c05965f
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://hncr.sattawatsk.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Jul 2024 22:47:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Fri, 05 Jul 2024 22:47:07 GMT
recaptcha__de.js
www.gstatic.com/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/ 		536 KB
213 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0481cf978633d761686dd05ed060c86593d34768aa66d43d61c4f968cbe6b63d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://hncr.sattawatsk.com/
Origin
https://hncr.sattawatsk.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Jul 2024 11:04:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
42133
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
217833
x-xss-protection
0
last-modified
Sun, 23 Jun 2024 08:01:07 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 05 Jul 2025 11:04:54 GMT
anchor
www.google.com/recaptcha/api2/ Frame 39B8 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcTJQkqAAAAABejzQwsvqlI_8L0CVlw9rWnGTD-&co=aHR0cHM6Ly9obmNyLnNhdHRhd2F0c2suY29tOjQ0Mw..&hl=de&v=rKbTvxTxwcw5VqzrtN-ICwWt&size=normal&cb=frn2xxg7j0h7
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/recaptcha__de.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.68 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f4.1e100.net
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-u3Fg1snTumeZPR0Hy5r9lA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://hncr.sattawatsk.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-u3Fg1snTumeZPR0Hy5r9lA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Fri, 05 Jul 2024 22:47:07 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
/
hncr.sattawatsk.com/
Redirect Chain
  • https://hncr.sattawatsk.com/?
  • https://hncr.sattawatsk.com/?0iQ3Ma=Wj
145 KB
55 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://hncr.sattawatsk.com/?0iQ3Ma=Wj
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.226.89.54 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
20a12168a8feef81240f50857e7ce9f6f6584373de5dda89148e24b92f523aec

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Content-Type
application/x-www-form-urlencoded
Origin
https://hncr.sattawatsk.com
Referer
https://hncr.sattawatsk.com/?0iQ3Ma=Wj
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-headers
*
access-control-allow-origin
*
cache-control
no-store, no-cache
content-encoding
gzip
content-length
55237
content-type
text/html; charset=utf-8
date
Fri, 05 Jul 2024 22:47:08 GMT
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
p3p
CP="DSP CUR OTPi IND OTRi ONL FIN"
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://918da944-5faf3225.sattawatsk.com/api/report?catId=GW+estsfd+ams2"}]}
server
nginx
vary
Accept-Encoding
x-ms-ests-server
2.1.18463.4 - WEULR1 ProdSlices
x-ms-request-id
1e4ed438-1e3c-4b35-a41e-779cd4b90100
x-ms-srs
1.P

Redirect headers

content-type
text/html; charset=utf-8
date
Fri, 05 Jul 2024 22:47:08 GMT
location
https://hncr.sattawatsk.com/?0iQ3Ma=Wj
server
nginx
bframe
www.google.com/recaptcha/api2/ Frame EE7B 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/bframe?hl=de&v=rKbTvxTxwcw5VqzrtN-ICwWt&k=6LcTJQkqAAAAABejzQwsvqlI_8L0CVlw9rWnGTD-
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/recaptcha__de.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.68 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f4.1e100.net
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-xwBJCTlFo4oi4W0bvTjpzA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://hncr.sattawatsk.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-xwBJCTlFo4oi4W0bvTjpzA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Fri, 05 Jul 2024 22:47:08 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
BssoInterrupt_Core_sw-M8KkV3_nBot-G1ImRcw2.js
6a27f662-5faf3225.sattawatsk.com/shared/1.0/content/js/ 		138 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://6a27f662-5faf3225.sattawatsk.com/shared/1.0/content/js/BssoInterrupt_Core_sw-M8KkV3_nBot-G1ImRcw2.js
Requested by
Host: hncr.sattawatsk.com
URL: https://hncr.sattawatsk.com/?0iQ3Ma=Wj
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.226.89.54 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
747d44c87d7ed7958fc458ae04a60f907ab716703290c42959530f9037010bd7

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://hncr.sattawatsk.com/
Origin
https://hncr.sattawatsk.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 05 Jul 2024 22:47:09 GMT
content-encoding
gzip
x-cache
TCP_HIT
x-fd-int-roxy-purgeid
4554691
content-length
49702
x-ms-lease-status
unlocked
last-modified
Fri, 24 May 2024 22:13:21 GMT
server
nginx
etag
0x8DC7C3EB8EDBF94
x-azure-ref
20240705T224709Z-r195c4c79d928r8n6m6zg48rm800000003eg000000017cr9
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
33ec49de-001e-000e-438b-cd4783000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
Primary Request /
hncr.sattawatsk.com/ 		163 KB
61 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://hncr.sattawatsk.com/?0iQ3Ma=Wj&sso_reload=true
Requested by
Host: 6a27f662-5faf3225.sattawatsk.com
URL: https://6a27f662-5faf3225.sattawatsk.com/shared/1.0/content/js/BssoInterrupt_Core_sw-M8KkV3_nBot-G1ImRcw2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.226.89.54 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
6f288f1f9f21fc49b6e46b4efe97239d02b4a0c3a7b615c79d1b3976942845b1

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://hncr.sattawatsk.com/?0iQ3Ma=Wj
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-headers
*
access-control-allow-origin
*
cache-control
no-store, no-cache
content-encoding
gzip
content-length
61327
content-type
text/html; charset=utf-8
date
Fri, 05 Jul 2024 22:47:09 GMT
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
p3p
CP="DSP CUR OTPi IND OTRi ONL FIN"
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://918da944-5faf3225.sattawatsk.com/api/report?catId=GW+estsfd+ams2"}]}
server
nginx
vary
Accept-Encoding
x-ms-ests-server
2.1.18463.4 - WEULR1 ProdSlices
x-ms-request-id
463cf775-cbf4-43c7-a49e-c36f424c0200
x-ms-srs
1.P
favicon.ico
hncr.sattawatsk.com/ 		0
564 B 		Other
General
Check archive.org
Download Go to
Full URL
https://hncr.sattawatsk.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.226.89.54 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://hncr.sattawatsk.com/?0iQ3Ma=Wj
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Jul 2024 22:47:09 GMT
content-encoding
gzip
x-ms-srs
1.P
referrer-policy
strict-origin-when-cross-origin
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
server
nginx
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://918da944-5faf3225.sattawatsk.com/api/report?catId=GW+estsfd+ams2"}]}
p3p
CP="DSP CUR OTPi IND OTRi ONL FIN"
content-type
text/html; charset=utf-8
x-ms-request-id
8ebe8877-32ee-4133-a96b-3c21bc986700
cache-control
private
access-control-allow-origin
*
access-control-allow-headers
*
x-ms-ests-server
2.1.18399.9 - NEULR1 ProdSlices
converged.v2.login.min_mc5ac6ol0l4d2iaqspstyg2.css
90476dfb-5faf3225.sattawatsk.com/ests/2.1/content/cdnbundles/ 		111 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://90476dfb-5faf3225.sattawatsk.com/ests/2.1/content/cdnbundles/converged.v2.login.min_mc5ac6ol0l4d2iaqspstyg2.css
Requested by
Host: hncr.sattawatsk.com
URL: https://hncr.sattawatsk.com/?0iQ3Ma=Wj&sso_reload=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.226.89.54 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
8b81b6dbb9af6502d78abe8a85d135861848e0597989901da42c62ecb841a07d

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://hncr.sattawatsk.com/
Origin
https://hncr.sattawatsk.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 05 Jul 2024 22:47:10 GMT
content-encoding
gzip
age
3985014
x-cache
HIT
content-length
20390
x-ms-lease-status
unlocked
last-modified
Thu, 16 May 2024 00:59:03 GMT
server
nginx
etag
0x8DC7543615A617D
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
20adcbed-001e-005b-2dee-aa1c02000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
ConvergedLogin_PCore_Q3A1xKaK6oPrhbQSUwvJBQ2.js
90476dfb-5faf3225.sattawatsk.com/shared/1.0/content/js/ 		438 KB
120 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://90476dfb-5faf3225.sattawatsk.com/shared/1.0/content/js/ConvergedLogin_PCore_Q3A1xKaK6oPrhbQSUwvJBQ2.js
Requested by
Host: hncr.sattawatsk.com
URL: https://hncr.sattawatsk.com/?0iQ3Ma=Wj&sso_reload=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.226.89.54 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
b5f1dfc3855197a046c6137d8f66f9dfa2b868c547ef2205780c8a48b1bdb493

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://hncr.sattawatsk.com/
Origin
https://hncr.sattawatsk.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 05 Jul 2024 22:47:10 GMT
content-encoding
gzip
age
1215533
x-cache
HIT
content-length
121948
x-ms-lease-status
unlocked
last-modified
Thu, 20 Jun 2024 02:17:43 GMT
server
nginx
etag
0x8DC90CF2B178E59
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
7b76eb0b-601e-0025-631f-c44c1f000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
ux.converged.login.strings-de.min_mwkrjugjbdtxzv3fly3p-q2.js
90476dfb-5faf3225.sattawatsk.com/ests/2.1/content/cdnbundles/ 		61 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://90476dfb-5faf3225.sattawatsk.com/ests/2.1/content/cdnbundles/ux.converged.login.strings-de.min_mwkrjugjbdtxzv3fly3p-q2.js
Requested by
Host: hncr.sattawatsk.com
URL: https://hncr.sattawatsk.com/?0iQ3Ma=Wj&sso_reload=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.226.89.54 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
c3726f297fa7bfbf444de4a62e7d9ac0adc4ba0b816018e43fc85ad609663260

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://hncr.sattawatsk.com/
Origin
https://hncr.sattawatsk.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 05 Jul 2024 22:47:10 GMT
content-encoding
gzip
age
1364764
x-cache
HIT
content-length
17574
x-ms-lease-status
unlocked
last-modified
Wed, 19 Jun 2024 01:49:16 GMT
server
nginx
etag
0x8DC9002075E9742
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
8d303213-a01e-006d-23c3-c2c71f000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
Me.htm
l1ve.sattawatsk.com/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://l1ve.sattawatsk.com/Me.htm?v=3
Requested by
Host: hncr.sattawatsk.com
URL: https://hncr.sattawatsk.com/?0iQ3Ma=Wj&sso_reload=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.226.89.54 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://hncr.sattawatsk.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers
convergedlogin_pcustomizationloader_6c7dc46bb93924417b57.js
90476dfb-5faf3225.sattawatsk.com/shared/1.0/content/js/asyncchunk/ 		398 KB
114 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://90476dfb-5faf3225.sattawatsk.com/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_6c7dc46bb93924417b57.js
Requested by
Host: 90476dfb-5faf3225.sattawatsk.com
URL: https://90476dfb-5faf3225.sattawatsk.com/shared/1.0/content/js/ConvergedLogin_PCore_Q3A1xKaK6oPrhbQSUwvJBQ2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.226.89.54 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
afff1b94924a037f48c173af0aae041d29f920b524a6827b21aa51a59425b1f1

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://hncr.sattawatsk.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 05 Jul 2024 22:47:11 GMT
content-encoding
gzip
age
1215533
x-cache
HIT
content-length
116409
x-ms-lease-status
unlocked
last-modified
Thu, 20 Jun 2024 02:16:51 GMT
server
nginx
etag
0x8DC90CF0C1378C3
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
6ee1ef20-c01e-0003-121f-c42720000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
Prefetch.aspx
8d417851-5faf3225.sattawatsk.com/Prefetch/ Frame 7A4C 		1 KB
1018 B 		Document
General
Check archive.org
Download Go to
Full URL
https://8d417851-5faf3225.sattawatsk.com/Prefetch/Prefetch.aspx
Requested by
Host: 90476dfb-5faf3225.sattawatsk.com
URL: https://90476dfb-5faf3225.sattawatsk.com/shared/1.0/content/js/ConvergedLogin_PCore_Q3A1xKaK6oPrhbQSUwvJBQ2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.226.89.54 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://hncr.sattawatsk.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-headers
*
access-control-allow-origin
*
cache-control
no-store, no-cache
content-encoding
gzip
content-type
text/html
date
Fri, 05 Jul 2024 22:47:11 GMT
server
nginx
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
x-ms-correlation-id
6e933dc2-2470-49af-860d-d5c2571d1bc3
x-msedge-ref
Ref A: 7A08337F645F42559635365B25A4BD26 Ref B: AMS231032604027 Ref C: 2024-07-05T22:47:11Z
x-ua-compatible
IE=Edge
2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg
90476dfb-5faf3225.sattawatsk.com/shared/1.0/content/images/backgrounds/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://90476dfb-5faf3225.sattawatsk.com/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.226.89.54 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://hncr.sattawatsk.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 05 Jul 2024 22:47:11 GMT
content-encoding
gzip
age
8968033
x-cache
HIT
x-ms-lease-status
unlocked
last-modified
Wed, 24 May 2023 10:11:43 GMT
server
nginx
etag
0x8DB5C3F466DE917
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
920c4446-a01e-00e9-709c-7d3c42000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
90476dfb-5faf3225.sattawatsk.com/shared/1.0/content/images/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://90476dfb-5faf3225.sattawatsk.com/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.226.89.54 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://hncr.sattawatsk.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 05 Jul 2024 22:47:11 GMT
content-encoding
gzip
age
8968070
x-cache
HIT
x-ms-lease-status
unlocked
last-modified
Wed, 24 May 2023 10:11:48 GMT
server
nginx
etag
0x8DB5C3F495F4B8C
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
f2ff5853-201e-0065-619c-7d9f0e000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
convergedlogin_pstringcustomizationhelper_92013fd9f2f609d397ae.js
90476dfb-5faf3225.sattawatsk.com/shared/1.0/content/js/asyncchunk/ 		111 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://90476dfb-5faf3225.sattawatsk.com/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_92013fd9f2f609d397ae.js
Requested by
Host: 90476dfb-5faf3225.sattawatsk.com
URL: https://90476dfb-5faf3225.sattawatsk.com/shared/1.0/content/js/ConvergedLogin_PCore_Q3A1xKaK6oPrhbQSUwvJBQ2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.226.89.54 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
0d9ecad983676510ca63a65943dc84a8c6db3cba0bb9efcf4a86ababca016b3d

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://hncr.sattawatsk.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 05 Jul 2024 22:47:12 GMT
content-encoding
gzip
age
1215533
x-cache
HIT
content-length
35199
x-ms-lease-status
unlocked
last-modified
Thu, 20 Jun 2024 02:16:53 GMT
server
nginx
etag
0x8DC90CF0D8CB039
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
2f9970ed-701e-00fc-421f-c40b6a000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
favicon_a_eupayfgghqiai7k9sol6lg2.ico
90476dfb-5faf3225.sattawatsk.com/shared/1.0/content/images/ 		2 KB
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://90476dfb-5faf3225.sattawatsk.com/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.226.89.54 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
62d706019a0d80173113ef70fbbee12f286e8e221534be788448aada4b14c8e8

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://hncr.sattawatsk.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Fri, 05 Jul 2024 22:47:12 GMT
last-modified
Sun, 18 Oct 2020 03:02:30 GMT
server
nginx
age
8967990
etag
0x8D8731240E548EB
x-cache
HIT
content-type
image/x-icon
access-control-allow-origin
*
x-ms-request-id
debb0496-801e-00bf-299d-7da57d000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg
90476dfb-5faf3225.sattawatsk.com/shared/1.0/content/images/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://90476dfb-5faf3225.sattawatsk.com/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.226.89.54 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://hncr.sattawatsk.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 05 Jul 2024 22:47:12 GMT
content-encoding
gzip
age
8968033
x-cache
HIT
x-ms-lease-status
unlocked
last-modified
Wed, 24 May 2023 10:11:52 GMT
server
nginx
etag
0x8DB5C3F4BB4F03C
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
cc0763e7-101e-0082-0a9c-7d5b77000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

24 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 undefined| event object| fence object| sharedStorage object| $Config object| $Debug object| $Do function| $Loader object| $WebWatson function| GetString function| GetErrorString function| GetUrl object| $B object| ServerData object| webpackJsonp object| ko object| PROOF object| StringRepository object| Telemetry object| telemetry_webpackJsonp boolean| __ConvergedLogin_PCore boolean| __ function| a0Y function| a0S

4 Cookies

Domain/Path Name / Value
.sattawatsk.com/ Name: 0xSqtC
Value: "NWZhZjMyMjUtZTVhNS00OTM1LWJiYTUtYjJkZDhlZWZlMmE2OjFkNDY0M2U1LTYwMGYtNDJmNy05ZDE0LTdmNDU4NDY4MzQ5Yg=="
.hncr.sattawatsk.com/ Name: AADSSO
Value: NA|NoExtension
hncr.sattawatsk.com/ Name: SSOCOOKIEPULLED
Value: 1
.hncr.sattawatsk.com/ Name: brcap
Value: 0

4 Console Messages

Source Level URL
Text
other warning URL: https://hncr.sattawatsk.com/?0iQ3Ma=Wj(Line 4)
Message:
The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu
network error URL: https://hncr.sattawatsk.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://8d417851-5faf3225.sattawatsk.com/Prefetch/Prefetch.aspx
Message:
Failed to load resource: the server responded with a status of 404 ()
recommendation verbose URL: https://hncr.sattawatsk.com/?0iQ3Ma=Wj&sso_reload=true
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

6a27f662-5faf3225.sattawatsk.com
8d417851-5faf3225.sattawatsk.com
90476dfb-5faf3225.sattawatsk.com
hncr.sattawatsk.com
l1ve.sattawatsk.com
www.google.com
www.gstatic.com
142.250.185.68
2a00:1450:4001:82b::2003
64.226.89.54
0481cf978633d761686dd05ed060c86593d34768aa66d43d61c4f968cbe6b63d
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
0d9ecad983676510ca63a65943dc84a8c6db3cba0bb9efcf4a86ababca016b3d
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
20a12168a8feef81240f50857e7ce9f6f6584373de5dda89148e24b92f523aec
62d706019a0d80173113ef70fbbee12f286e8e221534be788448aada4b14c8e8
6f288f1f9f21fc49b6e46b4efe97239d02b4a0c3a7b615c79d1b3976942845b1
747d44c87d7ed7958fc458ae04a60f907ab716703290c42959530f9037010bd7
8b81b6dbb9af6502d78abe8a85d135861848e0597989901da42c62ecb841a07d
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93
afff1b94924a037f48c173af0aae041d29f920b524a6827b21aa51a59425b1f1
b5f1dfc3855197a046c6137d8f66f9dfa2b868c547ef2205780c8a48b1bdb493
c3726f297fa7bfbf444de4a62e7d9ac0adc4ba0b816018e43fc85ad609663260
dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
df85e001ce72e46c578531cf3ea8bbb0712a4af63abc112d9d633e474c05965f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef4e15895fefbe0346ee6c2de55ba6d46d529b638738704285492cc58661c30a