saididsiamiashaveppen.oneta63.workers.dev Open in urlscan Pro
188.114.97.7 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://saididsiamiashaveppen.oneta63.workers.dev/6627e5038f74dc5e5e1d8615/om/yhILuttdf
Submission: On August 13 via api (August 13th 2024, 5:22:52 pm UTC) from US — Scanned from NL

Summary HTTP 14 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 14 HTTP transactions. The main IP is 188.114.97.7, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is saididsiamiashaveppen.oneta63.workers.dev.
TLS certificate: Issued by WE1 on July 17th 2024. Valid for: 3 months.

This is the only time saididsiamiashaveppen.oneta63.workers.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
2	188.114.97.7 188.114.97.7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	2606:2800:233... 2606:2800:233:1cb7:261b:1f9c:2074:3c	15133 (EDGECAST) (EDGECAST)
1	2603:1026:c0d... 2603:1026:c0d:c1d::2	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
14	3

2 188.114.97.7 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

saididsiamiashaveppen.oneta63.workers.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2606:2800:233:1cb7:261b:1f9c:2074:3c (United States)

ASN15133 (EDGECAST, US)

aadcdn.msftauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2603:1026:c0d:c1d::2 (Frankfurt am Main, Germany)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

outlook.office365.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	msftauth.net aadcdn.msftauth.net — Cisco Umbrella Rank: 2274	348 KB
2	workers.dev saididsiamiashaveppen.oneta63.workers.dev	22 KB
1	office365.com outlook.office365.com — Cisco Umbrella Rank: 71
14	3

	Domain	Requested by
11	aadcdn.msftauth.net	saididsiamiashaveppen.oneta63.workers.dev aadcdn.msftauth.net
2	saididsiamiashaveppen.oneta63.workers.dev	saididsiamiashaveppen.oneta63.workers.dev
1	outlook.office365.com	aadcdn.msftauth.net
14	3

This site contains links to these domains. Also see Links.

Domain
www.microsoft.com
privacy.microsoft.com

Subject Issuer	Validity	Valid
oneta63.workers.dev WE1	`2024-07-17` - `2024-10-15`	3 months	crt.sh
aadcdn.msftauth.net DigiCert SHA2 Secure Server CA	`2024-05-25` - `2025-05-25`	a year	crt.sh
outlook.com DigiCert Cloud Services CA-1	`2024-06-27` - `2025-06-26`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://saididsiamiashaveppen.oneta63.workers.dev/6627e5038f74dc5e5e1d8615/om/yhILuttdf
Frame ID: B612322D01CE89A91AE195695D7CF784
Requests: 13 HTTP requests in this frame

Frame: https://outlook.office365.com/owa/prefetch.aspx
Frame ID: 4FE0F83CFF29878C683F243FFFF5F7F5
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Aanmelden bij Outlook

Page Statistics

14
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

370 kB
Transfer

1202 kB
Size

19
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.microsoft.com/nl-NL/servicesagreement/
Title: Gebruiksvoorwaarden

Search URL Search Domain Scan URL

URL: https://privacy.microsoft.com/nl-NL/privacystatement
Title: Privacy en cookies

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request yhILuttdf Show response
saididsiamiashaveppen.oneta63.workers.dev/6627e5038f74dc5e5e1d8615/om/ 40 KB
19 KB 1207ms
1110ms Document
text/html 188.114.97.7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://saididsiamiashaveppen.oneta63.workers.dev/6627e5038f74dc5e5e1d8615/om/yhILuttdf
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.7 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b25a459693a7b93418454565cb4a5c178a005c990a57a169d8097a916c84f862

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: auth,authkey , authvalue, Authorization, User-Agent, Keep-Alive, Content-Type, X-Requested-With
access-control-allow-methods: GET, POST, DELETE, PUT, PATCH, OPTIONS
access-control-allow-origin: null
access-control-max-age: 1
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8b2a63a05f233a76-FRA
content-encoding: br
content-type: text/html
date: Tue, 13 Aug 2024 17:22:47 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4CEyobE%2Bj0CF3KR%2BQcnvjRHoGh0Zs0XlMCo7AWRS3S67YjmpFW6amnDYUiMPsijs8Amt2ExaQ3bITUCvDRsesGI3DAAHeiqtGiu9OBcgH9Gmwn2he%2BqhhcXTlYtyreQ8m6zXuN3oyr6Ydjvw5dBLBS3E7mdUiVhfKcUlow%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin, Accept-Encoding
x-cache-status: MISS

GET
H3 200 Me.htm
saididsiamiashaveppen.oneta63.workers.dev/6627e5038f74dc5e5e1d8615/o/aHR0cHM6Ly9sb2dpbi5saXZlLmNvbQ==-lg/ 0
2 KB 431ms
429ms Other
text/html 188.114.97.7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://saididsiamiashaveppen.oneta63.workers.dev/6627e5038f74dc5e5e1d8615/o/aHR0cHM6Ly9sb2dpbi5saXZlLmNvbQ==-lg/Me.htm?v=3
Requested by: Host: saididsiamiashaveppen.oneta63.workers.dev
URL: https://saididsiamiashaveppen.oneta63.workers.dev/6627e5038f74dc5e5e1d8615/om/yhILuttdf
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.7 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://saididsiamiashaveppen.oneta63.workers.dev/6627e5038f74dc5e5e1d8615/om/yhILuttdf
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 13 Aug 2024 17:22:47 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-cache-status: MISS
alt-svc: h3=":443"; ma=86400
server: cloudflare
vary: Origin, Accept-Encoding
access-control-allow-methods: GET, POST, DELETE, PUT, PATCH, OPTIONS
content-type: text/html
access-control-allow-origin: null
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pUOjR5sZ8dnpcco%2BKP3JRtYM7E9yOZM%2BuBmR7N9UJtvbErDX76jYcWdc8G3nxPq61QOdVWOH64RzKp0CEZ4WBVHqVc7vdskKkeyHzSIq0zbxtt9QFO2QOMSIJexAp7CvKsh0ZY5uG9iavUw6H6uI0XHWP%2FzU7KdjaKxKAA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: no-cache,no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 8b2a63a778103a76-FRA
access-control-allow-headers: auth,authkey , authvalue, Authorization, User-Agent, Keep-Alive, Content-Type, X-Requested-With
expires: Mon, 25 Jul 1997 05:00:00 GMT

GET
H2 200 converged.v2.login.min_qzvqnltrxpy99ajspyxbgq2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 111 KB
20 KB 87ms
19ms Stylesheet
text/css 2606:2800:233:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_qzvqnltrxpy99ajspyxbgq2.css
Requested by: Host: saididsiamiashaveppen.oneta63.workers.dev
URL: https://saididsiamiashaveppen.oneta63.workers.dev/6627e5038f74dc5e5e1d8615/om/yhILuttdf
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (ama/48BD) /
Resource Hash: 1f8ceb44fe7cfcf7e71dbd5122210335ca3821d697a851d2900b95af7d92d69d

Request headers

Referer: https://saididsiamiashaveppen.oneta63.workers.dev/
Origin: https://saididsiamiashaveppen.oneta63.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 13 Aug 2024 17:22:47 GMT
content-encoding: gzip
content-md5: SJgdPPV+fFjKfj6FHvk1Tg==
age: 2804407
x-cache: HIT
content-length: 20414
x-ms-lease-status: unlocked
last-modified: Wed, 03 Jul 2024 21:49:46 GMT
server: ECAcc (ama/48BD)
etag: 0x8DC9BAA0E5931F9
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 6cc3a49e-101e-0092-7823-d4eb55000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
accept-ranges: bytes

GET
H2 200 ConvergedLogin_PCore_CCN0bXNsyKGzo-is1AL9Ow2.js Show response
aadcdn.msftauth.net/shared/1.0/content/js/ 439 KB
119 KB 87ms
19ms Script
application/x-javascript 2606:2800:233:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_CCN0bXNsyKGzo-is1AL9Ow2.js
Requested by: Host: saididsiamiashaveppen.oneta63.workers.dev
URL: https://saididsiamiashaveppen.oneta63.workers.dev/6627e5038f74dc5e5e1d8615/om/yhILuttdf
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (ama/48B4) /
Resource Hash: 2753374dc9f9478217049db0377fe7dd4c23ee0ce2adf68f77ed60b2bc508994

Request headers

Referer: https://saididsiamiashaveppen.oneta63.workers.dev/
Origin: https://saididsiamiashaveppen.oneta63.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 13 Aug 2024 17:22:47 GMT
content-encoding: gzip
content-md5: Frn0XzMc+H86kbdaK2dLCw==
age: 1288021
x-cache: HIT
content-length: 122101
x-ms-lease-status: unlocked
last-modified: Fri, 26 Jul 2024 22:42:05 GMT
server: ECAcc (ama/48B4)
etag: 0x8DCADC42C99165A
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 1f3c6ee7-101e-002d-3dee-e13214000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
accept-ranges: bytes

GET
H2 200 ux.converged.login.strings-nl.min_lfsy3anht2h1k2svkcgtma2.js Show response
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 59 KB
17 KB 87ms
19ms Script
application/x-javascript 2606:2800:233:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-nl.min_lfsy3anht2h1k2svkcgtma2.js
Requested by: Host: saididsiamiashaveppen.oneta63.workers.dev
URL: https://saididsiamiashaveppen.oneta63.workers.dev/6627e5038f74dc5e5e1d8615/om/yhILuttdf
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (ama/48A8) /
Resource Hash: 2933bda453b6de07ffad4064b449f21c03c08911cdee9ae3bf3a1f69f85d2897

Request headers

Referer: https://saididsiamiashaveppen.oneta63.workers.dev/
Origin: https://saididsiamiashaveppen.oneta63.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 13 Aug 2024 17:22:47 GMT
content-encoding: gzip
content-md5: GvAB9RU5psnrbMxoWXpNcQ==
age: 1264021
x-cache: HIT
content-length: 17018
x-ms-lease-status: unlocked
last-modified: Sun, 28 Jul 2024 07:39:58 GMT
server: ECAcc (ama/48A8)
etag: 0x8DCAED87B0DB396
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 368c4c67-c01e-0073-7626-e2d9f4000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
accept-ranges: bytes

GET
H2 200 convergedlogin_pcustomizationloader_6c7dc46bb93924417b57.js Show response
aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/ 397 KB
114 KB 59ms
14ms Script
application/x-javascript 2606:2800:233:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_6c7dc46bb93924417b57.js
Requested by: Host: aadcdn.msftauth.net
URL: https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_CCN0bXNsyKGzo-is1AL9Ow2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (ama/48A8) /
Resource Hash: 1ec87632ee58734951aa02813ef07ad377126a39a16f063c181519b98ffffc07

Request headers

Referer: https://saididsiamiashaveppen.oneta63.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 13 Aug 2024 17:22:47 GMT
content-encoding: gzip
content-md5: /tr7rG0APA0Nym9G/DMFwg==
age: 4568917
x-cache: HIT
content-length: 116351
x-ms-lease-status: unlocked
last-modified: Thu, 20 Jun 2024 02:16:51 GMT
server: ECAcc (ama/48A8)
etag: 0x8DC90CF0C1378C3
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: c8f5d486-501e-002e-5817-c46908000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
accept-ranges: bytes

GET
H2 200 prefetch.aspx
outlook.office365.com/owa/ Frame 4FE0 0
0 124ms
44ms Document
text/html 2603:1026:c0d:c1d::2
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://outlook.office365.com/owa/prefetch.aspx

Requested by

Host: aadcdn.msftauth.net
URL: https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_CCN0bXNsyKGzo-is1AL9Ow2.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2603:1026:c0d:c1d::2 Frankfurt am Main, Germany, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://saididsiamiashaveppen.oneta63.workers.dev/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443";ma=2592000,h3-29=":443";ma=2592000
cache-control: private, no-store
content-encoding: gzip
content-length: 1236
content-type: text/html; charset=utf-8
date: Tue, 13 Aug 2024 17:22:46 GMT
nel: {"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
report-to: {"group":"NelOfficeUpload1","max_age":7200,"endpoints":[{"url":"https://exo.nel.measure.office.net/api/report?TenantId=&FrontEnd=Cafe&DestinationEndpoint=HHN&RemoteIP=2001:1af8:4020::&Environment=MT"}],"include_subdomains":true}
request-id: d7839997-c99f-0be0-1c5b-390adcf9f61d
server: Microsoft-IIS/10.0
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-backend-begin: 2024-08-13T17:22:47.900
x-backend-end: 2024-08-13T17:22:47.916
x-backendhttpstatus: 200 200
x-beserver: FR4P281MB3621
x-besku: WCS7
x-calculatedbetarget: FR4P281MB3621.DEUP281.PROD.OUTLOOK.COM
x-calculatedfetarget: FR2P281CU006.internal.outlook.com
x-content-type-options: nosniff
x-diaginfo: FR4P281MB3621
x-feefzinfo: HHN
x-feproxyinfo: FR0P281CA0132.DEUP281.PROD.OUTLOOK.COM
x-feserver: FR2P281CA0093 FR0P281CA0132
x-firsthopcafeefz: HHN
x-owa-diagnosticsinfo: 5;0;0;
x-owa-version: 15.20.7849.22
x-proxy-backendserverstatus: 200
x-proxy-routingcorrectness: 1
x-rum-notupdatequerieddbcopy: 1
x-rum-notupdatequeriedpath: 1
x-rum-validated: 1
x-ua-compatible: IE=EmulateIE7

GET
H2 200 49-small_2055002f2daae2ed8f69f03944c0e5d9.jpg
aadcdn.msftauth.net/shared/1.0/content/images/appbackgrounds/ 987 B
1 KB 19ms
18ms Image
image/jpeg 2606:2800:233:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aadcdn.msftauth.net/shared/1.0/content/images/appbackgrounds/49-small_2055002f2daae2ed8f69f03944c0e5d9.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (ama/48AF) /
Resource Hash: 8b34a475187302935336bf43a2bf2a4e0adb9a1e87953ea51f6fcf0ef52a4a1d

Request headers

Referer: https://saididsiamiashaveppen.oneta63.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 13 Aug 2024 17:22:47 GMT
content-md5: 5YqvyYBhSpzXeWvqe16o8A==
age: 12314984
x-cache: HIT
content-length: 987
x-ms-lease-status: unlocked
last-modified: Wed, 24 May 2023 10:11:35 GMT
server: ECAcc (ama/48AF)
etag: 0x8DB5C3F41C14038
content-type: image/jpeg
access-control-allow-origin: *
x-ms-request-id: 957c5907-101e-0016-7aa4-7d1008000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
accept-ranges: bytes

GET
H2 200 49_6ffe0a92d779c878835b40171ffc2e13.jpg
aadcdn.msftauth.net/shared/1.0/content/images/appbackgrounds/ 17 KB
17 KB 20ms
20ms Image
image/jpeg 2606:2800:233:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aadcdn.msftauth.net/shared/1.0/content/images/appbackgrounds/49_6ffe0a92d779c878835b40171ffc2e13.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (ama/4883) /
Resource Hash: d8f5ab3e00202fd3b45be1acd95d677b137064001e171bc79b06826d98f1e1d3

Request headers

Referer: https://saididsiamiashaveppen.oneta63.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 13 Aug 2024 17:22:47 GMT
content-md5: eRaolOvefSnCzCmyZ/Epnw==
age: 12314203
x-cache: HIT
content-length: 17453
x-ms-lease-status: unlocked
last-modified: Wed, 24 May 2023 10:11:35 GMT
server: ECAcc (ama/4883)
etag: 0x8DB5C3F41AC335E
content-type: image/jpeg
access-control-allow-origin: *
x-ms-request-id: 75b4166e-301e-00bc-2da6-7dd87b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
accept-ranges: bytes

GET
H2 200 53_7a3c80bf9694448bac31a9589d2e9e92.png
aadcdn.msftauth.net/shared/1.0/content/images/applogos/ 5 KB
5 KB 23ms
23ms Image
image/png 2606:2800:233:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aadcdn.msftauth.net/shared/1.0/content/images/applogos/53_7a3c80bf9694448bac31a9589d2e9e92.png
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (ama/48C3) /
Resource Hash: e4e1e65871749d18aea150643c07e0aab2057da057c6c57ec1c3c43580e1c898

Request headers

Referer: https://saididsiamiashaveppen.oneta63.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 13 Aug 2024 17:22:47 GMT
content-md5: izYzcDfP+Iw98gO7c9WOQQ==
age: 12315348
x-cache: HIT
content-length: 5139
x-ms-lease-status: unlocked
last-modified: Wed, 24 May 2023 10:11:42 GMT
server: ECAcc (ama/48C3)
etag: 0x8DB5C3F457C234F
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: 699a58cb-a01e-0029-60a3-7db806000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
accept-ranges: bytes

GET
H2 200 microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
aadcdn.msftauth.net/shared/1.0/content/images/ 4 KB
2 KB 22ms
22ms Image
image/svg+xml 2606:2800:233:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (ama/4889) /
Resource Hash: 04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

Referer: https://saididsiamiashaveppen.oneta63.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 13 Aug 2024 17:22:47 GMT
content-encoding: gzip
content-md5: nzaLxFgP7ZB3dfMcaybWzw==
age: 12315252
x-cache: HIT
content-length: 1435
x-ms-lease-status: unlocked
last-modified: Wed, 24 May 2023 10:11:48 GMT
server: ECAcc (ama/4889)
etag: 0x8DB5C3F495F4B8C
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 4e8f133c-301e-0080-1ba3-7d0d73000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
accept-ranges: bytes

GET
H2 200 convergedlogin_pstringcustomizationhelper_92013fd9f2f609d397ae.js Show response
aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/ 111 KB
35 KB 19ms
19ms Script
application/x-javascript 2606:2800:233:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_92013fd9f2f609d397ae.js
Requested by: Host: aadcdn.msftauth.net
URL: https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_CCN0bXNsyKGzo-is1AL9Ow2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (ama/48F6) /
Resource Hash: bab311bf22661b153353a159f0ec931dbcb79f950fa37daf9d0ff180cbf45deb

Request headers

Referer: https://saididsiamiashaveppen.oneta63.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 13 Aug 2024 17:22:47 GMT
content-encoding: gzip
content-md5: FXzSZAYOwKp2jFj6XjvNRQ==
age: 4569078
x-cache: HIT
content-length: 35167
x-ms-lease-status: unlocked
last-modified: Thu, 20 Jun 2024 02:16:53 GMT
server: ECAcc (ama/48F6)
etag: 0x8DC90CF0D8CB039
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 36188e50-e01e-003d-4517-c4a42c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
accept-ranges: bytes

GET
H2 200 favicon_a_eupayfgghqiai7k9sol6lg2.ico
aadcdn.msftauth.net/shared/1.0/content/images/ 17 KB
17 KB 24ms
22ms Other
image/x-icon 2606:2800:233:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (ama/48B2) /
Resource Hash: 90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

Request headers

Referer: https://saididsiamiashaveppen.oneta63.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 13 Aug 2024 17:22:47 GMT
content-md5: EuPayFgGHQiAI7K9SOL6lg==
age: 12315080
x-cache: HIT
content-length: 17174
x-ms-lease-status: unlocked
last-modified: Sun, 18 Oct 2020 03:02:30 GMT
server: ECAcc (ama/48B2)
etag: 0x8D8731240E548EB
content-type: image/x-icon
access-control-allow-origin: *
x-ms-request-id: d65caf55-e01e-0001-20a4-7d7124000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
accept-ranges: bytes

GET
H2 200 signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg
aadcdn.msftauth.net/shared/1.0/content/images/ 2 KB
796 B 15ms
15ms Image
image/svg+xml 2606:2800:233:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aadcdn.msftauth.net/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (ama/48ED) /
Resource Hash: 8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93

Request headers

Referer: https://saididsiamiashaveppen.oneta63.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 13 Aug 2024 17:22:48 GMT
content-encoding: gzip
content-md5: R2FAVxfpONfnQAuxVxXbHg==
age: 12315121
x-cache: HIT
content-length: 621
x-ms-lease-status: unlocked
last-modified: Wed, 24 May 2023 10:11:52 GMT
server: ECAcc (ama/48ED)
etag: 0x8DB5C3F4BB4F03C
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 43cefdc3-f01e-00c8-3ea4-7d8673000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
accept-ranges: bytes

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

19 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
saididsiamiashaveppen.oneta63.workers.dev/	1970-01-21 07:31:45	Name: 0 Value: ClientId=B1B7E693661F4A38B1A4DA0D948AD5B1
saididsiamiashaveppen.oneta63.workers.dev/	1970-01-21 07:31:45	Name: 1 Value: ClientId=B1B7E693661F4A38B1A4DA0D948AD5B1
saididsiamiashaveppen.oneta63.workers.dev/	1970-01-21 03:11:07	Name: 2 Value: OIDC=1
saididsiamiashaveppen.oneta63.workers.dev/	1970-01-20 22:46:13	Name: 16 Value: OpenIdConnect.nonce.v3.g4Ly-uvS0hfQo0Y1bwSpGt89D5Rx3PateOWmhD-3TAI=638591665670672611.b2dfed76-bdef-4826-9295-c97b8ad72b2b
saididsiamiashaveppen.oneta63.workers.dev/	1970-01-21 07:31:45	Name: 20 Value: ClientId=B1B7E693661F4A38B1A4DA0D948AD5B1
saididsiamiashaveppen.oneta63.workers.dev/	1970-01-21 03:11:07	Name: 21 Value: OIDC=1
saididsiamiashaveppen.oneta63.workers.dev/	1970-01-20 22:46:13	Name: 35 Value: OpenIdConnect.nonce.v3.g4Ly-uvS0hfQo0Y1bwSpGt89D5Rx3PateOWmhD-3TAI=638591665670672611.b2dfed76-bdef-4826-9295-c97b8ad72b2b
saididsiamiashaveppen.oneta63.workers.dev/	1970-01-20 22:46:31	Name: 39 Value: X-OWA-RedirectHistory=ArLym14B41DTjLy73Ag
saididsiamiashaveppen.oneta63.workers.dev/	1969-12-31 23:59:59	Name: buid Value: 0.AUUAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYB9LrMYmGs3EZPnjkNBUbT6mxy-l4vr9IcqYQ7HXyleJ1fEcaZSBBl3Yu198_upeSgKCXuEo6_MgBGUrQLaJQJWLAHLCv1M_pbpLhjP_VQO0gAA
saididsiamiashaveppen.oneta63.workers.dev/	1969-12-31 23:59:59	Name: esctx Value: PAQABBwEAAAApTwJmzXqdR4BN2miheQMYBfBFehrpiSFKZaBqx8S1ImVpeQt1IwCldfPtCbm2f2p2nfxEqvMk-Fk3qyO6bjnca3hrkRP6kqI874aPky5sZ7Mmcz9RoGRvucqtMZzlFbSHtoN83wUqRM4gzh69y47RnwfJnY4w7qzvuN_IuMZr3IVlRnzthcPF_RVsOa9e8a8gAA
saididsiamiashaveppen.oneta63.workers.dev/	1969-12-31 23:59:59	Name: esctx-neK8u4SyJGo Value: AQABCQEAAAApTwJmzXqdR4BN2miheQMYjfO8AHTOgz5uK9EibCZD4_e-Bu13DZjO-KL1kFtajCMNTg9R8jt6395fje2EPoWzF-HGMHajLkEz4-gd2t8iz1ewrP8KTtXRdWmfiyWWeBmd2rgWS1lesHJepUWXnNTIhKP5oWz5B16_JOvnu99SqCAA
saididsiamiashaveppen.oneta63.workers.dev/	1969-12-31 23:59:59	Name: fpc Value: As1ULgCK3jhHq8CF25370eKerOTJAQAAAGaNTd4OAAAA
saididsiamiashaveppen.oneta63.workers.dev/	1969-12-31 23:59:59	Name: x-ms-gateway-slice Value: estsfd
saididsiamiashaveppen.oneta63.workers.dev/	1969-12-31 23:59:59	Name: stsservicecookie Value: estsfd
.saididsiamiashaveppen.oneta63.workers.dev/	1970-01-21 08:07:45	Name: brcap Value: 0
outlook.office365.com/	1970-01-21 07:31:45	Name: ClientId Value: 817B4BAFA08649F497815339A02B7804
outlook.office365.com/	1970-01-21 03:11:07	Name: OIDC Value: 1
saididsiamiashaveppen.oneta63.workers.dev/	1969-12-31 23:59:59	Name: uaid Value: 50d5c05a411f456cb8678ccb72c22c1b
saididsiamiashaveppen.oneta63.workers.dev/	1969-12-31 23:59:59	Name: MSPRequ Value: id=N&lt=1723569767&co=1

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://saididsiamiashaveppen.oneta63.workers.dev/6627e5038f74dc5e5e1d8615/om/yhILuttdf Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aadcdn.msftauth.net
outlook.office365.com
saididsiamiashaveppen.oneta63.workers.dev
188.114.97.7
2603:1026:c0d:c1d::2
2606:2800:233:1cb7:261b:1f9c:2074:3c
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
1ec87632ee58734951aa02813ef07ad377126a39a16f063c181519b98ffffc07
1f8ceb44fe7cfcf7e71dbd5122210335ca3821d697a851d2900b95af7d92d69d
2753374dc9f9478217049db0377fe7dd4c23ee0ce2adf68f77ed60b2bc508994
2933bda453b6de07ffad4064b449f21c03c08911cdee9ae3bf3a1f69f85d2897
8b34a475187302935336bf43a2bf2a4e0adb9a1e87953ea51f6fcf0ef52a4a1d
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
b25a459693a7b93418454565cb4a5c178a005c990a57a169d8097a916c84f862
bab311bf22661b153353a159f0ec931dbcb79f950fa37daf9d0ff180cbf45deb
d8f5ab3e00202fd3b45be1acd95d677b137064001e171bc79b06826d98f1e1d3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4e1e65871749d18aea150643c07e0aab2057da057c6c57ec1c3c43580e1c898

saididsiamiashaveppen.oneta63.workers.dev Open in urlscan Pro 188.114.97.7 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

14 Requests

100 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

3 IPs

3 Countries

370 kBTransfer

1202 kBSize

19 Cookies

2 Outgoing links

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

21 JavaScript Global Variables

19 Cookies

1 Console Messages

Indicators

saididsiamiashaveppen.oneta63.workers.dev Open in urlscan Pro
188.114.97.7 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

370 kB
Transfer

1202 kB
Size

19
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!