Submitted URL: http://multfactor0ffotp.info/
Effective URL: https://4smrolqmiih.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2N...
Submission Tags: falconsandbox
Submission: On December 06 via api from US — Scanned from DE

Summary

This website contacted 8 IPs in 4 countries across 11 domains to perform 19 HTTP transactions. The main IP is 88.218.188.92, located in Ukraine and belongs to THEHOST-AS, UA. The main domain is 4smrolqmiih.multi-factor0ffice.info.
TLS certificate: Issued by R3 on December 5th 2023. Valid for: 3 months.
This is the only time 4smrolqmiih.multi-factor0ffice.info was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 198.251.81.30 53667 (PONYNET)
1 1 198.251.84.92 53667 (PONYNET)
1 2600:3c03::f0... 63949 (AKAMAI-LI...)
6 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 2 2606:4700:10:... 13335 (CLOUDFLAR...)
1 52.217.225.241 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
4 10 88.218.188.92 56485 (THEHOST-AS)
19 8
Apex Domain
Subdomains
Transfer
9 multi-factor0ffice.info
4smrolqmiih.multi-factor0ffice.info
798 KB
5 qr.io
qr.io — Cisco Umbrella Rank: 162006
118 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 29
2 KB
2 amung.us
whos.amung.us — Cisco Umbrella Rank: 17707
widgets.amung.us — Cisco Umbrella Rank: 33548
677 B
2 multfactor0ffotp.info
multfactor0ffotp.info
www.multfactor0ffotp.info
429 B
1 security-0tp0ffice.info
security-0tp0ffice.info
661 B
1 gstatic.com
fonts.gstatic.com
31 KB
1 amazonaws.com
multiplelinks-images.s3.amazonaws.com
3 KB
1 qr.codes
qr.codes — Cisco Umbrella Rank: 599960
13 KB
1 linodeobjects.com
sotpwinzwernet.us-east-1.linodeobjects.com
3 KB
0 live.com Failed
login.live.com Failed
19 11
Domain Requested by
9 4smrolqmiih.multi-factor0ffice.info 3 redirects 4smrolqmiih.multi-factor0ffice.info
5 qr.io sotpwinzwernet.us-east-1.linodeobjects.com
2 fonts.googleapis.com qr.io
1 security-0tp0ffice.info 1 redirects
1 fonts.gstatic.com fonts.googleapis.com
1 multiplelinks-images.s3.amazonaws.com sotpwinzwernet.us-east-1.linodeobjects.com
1 widgets.amung.us sotpwinzwernet.us-east-1.linodeobjects.com
1 whos.amung.us 1 redirects
1 qr.codes sotpwinzwernet.us-east-1.linodeobjects.com
1 sotpwinzwernet.us-east-1.linodeobjects.com
1 www.multfactor0ffotp.info 1 redirects
1 multfactor0ffotp.info 1 redirects
0 login.live.com Failed 4smrolqmiih.multi-factor0ffice.info
19 13

This site contains no links.

Subject Issuer Validity Valid
us-east-1.linodeobjects.com
R3
2023-10-11 -
2024-01-09
3 months crt.sh
qr.codes
GTS CA 1P5
2023-10-19 -
2024-01-17
3 months crt.sh
qr.io
GTS CA 1P5
2023-12-06 -
2024-03-05
3 months crt.sh
*.s3.amazonaws.com
Amazon RSA 2048 M01
2023-10-10 -
2024-07-03
9 months crt.sh
upload.video.google.com
GTS CA 1C3
2023-11-20 -
2024-02-12
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2023-11-20 -
2024-02-12
3 months crt.sh
multi-factor0ffice.info
R3
2023-12-05 -
2024-03-04
3 months crt.sh

This page contains 1 frames:

Primary Page: https://4smrolqmiih.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YTA2ZjBjMGQtMWYzMS0xMGRkLTdlNmUtNDk3YmZkZDA4ZjJmJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODM3NDkzODc0NjUwMDQwNi44MDFkMmViZS0zMTlhLTQwMDUtYTE2YS1mOTg4NDNmMjQyNWEmc3RhdGU9RGN0QkVvQWdDRUJSek9rNEpBb2lIb2NtM2Jicy1yRjRmX2NUQU9Sd2hFUVJHTXJHUXliYkVPMUVRbm9aMWFldGV5SFg2U2hFSGIycTQ1NW13cnRKNjU3aVBjdjdlZmtC&sso_reload=true
Frame ID: DC9A35FCDFD0AA946221AB9225AF0EEB
Requests: 21 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://multfactor0ffotp.info/ HTTP 301
    http://www.multfactor0ffotp.info/ HTTP 301
    https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html Page URL
  2. https://security-0tp0ffice.info/?sdqgbkbe HTTP 302
    https://4smrolqmiih.multi-factor0ffice.info/?sign=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovLzRzbXJvbHFta... HTTP 302
    https://4smrolqmiih.multi-factor0ffice.info/ HTTP 301
    https://4smrolqmiih.multi-factor0ffice.info/owa/ HTTP 302
    https://4smrolqmiih.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV... Page URL
  3. https://4smrolqmiih.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

19
Requests

89 %
HTTPS

56 %
IPv6

11
Domains

13
Subdomains

8
IPs

4
Countries

959 kB
Transfer

1827 kB
Size

13
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://multfactor0ffotp.info/ HTTP 301
    http://www.multfactor0ffotp.info/ HTTP 301
    https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html Page URL
  2. https://security-0tp0ffice.info/?sdqgbkbe HTTP 302
    https://4smrolqmiih.multi-factor0ffice.info/?sign=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovLzRzbXJvbHFtaWloLm11bHRpLWZhY3RvcjBmZmljZS5pbmZvIiwiZG9tYWluIjoiNHNtcm9scW1paWgubXVsdGktZmFjdG9yMGZmaWNlLmluZm8iLCJrZXkiOiJQUUpYUWpyNjFIMHYiLCJxcmMiOm51bGwsImlhdCI6MTcwMTg5NzA3MywiZXhwIjoxNzAxODk3MTkzfQ.XY-hTDr_VArQ7e165Erx7qEAppZcGEytYnGfAjkKl-0 HTTP 302
    https://4smrolqmiih.multi-factor0ffice.info/ HTTP 301
    https://4smrolqmiih.multi-factor0ffice.info/owa/ HTTP 302
    https://4smrolqmiih.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YTA2ZjBjMGQtMWYzMS0xMGRkLTdlNmUtNDk3YmZkZDA4ZjJmJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODM3NDkzODc0NjUwMDQwNi44MDFkMmViZS0zMTlhLTQwMDUtYTE2YS1mOTg4NDNmMjQyNWEmc3RhdGU9RGN0QkVvQWdDRUJSek9rNEpBb2lIb2NtM2Jicy1yRjRmX2NUQU9Sd2hFUVJHTXJHUXliYkVPMUVRbm9aMWFldGV5SFg2U2hFSGIycTQ1NW13cnRKNjU3aVBjdjdlZmtC Page URL
  3. https://4smrolqmiih.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YTA2ZjBjMGQtMWYzMS0xMGRkLTdlNmUtNDk3YmZkZDA4ZjJmJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODM3NDkzODc0NjUwMDQwNi44MDFkMmViZS0zMTlhLTQwMDUtYTE2YS1mOTg4NDNmMjQyNWEmc3RhdGU9RGN0QkVvQWdDRUJSek9rNEpBb2lIb2NtM2Jicy1yRjRmX2NUQU9Sd2hFUVJHTXJHUXliYkVPMUVRbm9aMWFldGV5SFg2U2hFSGIycTQ1NW13cnRKNjU3aVBjdjdlZmtC&sso_reload=true Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://multfactor0ffotp.info/ HTTP 301
  • http://www.multfactor0ffotp.info/ HTTP 301
  • https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html
Request Chain 7
  • https://whos.amung.us/swidget/qriostats.png HTTP 307
  • https://widgets.amung.us/small/13/1395.png
Request Chain 12
  • https://security-0tp0ffice.info/?sdqgbkbe HTTP 302
  • https://4smrolqmiih.multi-factor0ffice.info/?sign=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovLzRzbXJvbHFtaWloLm11bHRpLWZhY3RvcjBmZmljZS5pbmZvIiwiZG9tYWluIjoiNHNtcm9scW1paWgubXVsdGktZmFjdG9yMGZmaWNlLmluZm8iLCJrZXkiOiJQUUpYUWpyNjFIMHYiLCJxcmMiOm51bGwsImlhdCI6MTcwMTg5NzA3MywiZXhwIjoxNzAxODk3MTkzfQ.XY-hTDr_VArQ7e165Erx7qEAppZcGEytYnGfAjkKl-0 HTTP 302
  • https://4smrolqmiih.multi-factor0ffice.info/ HTTP 301
  • https://4smrolqmiih.multi-factor0ffice.info/owa/ HTTP 302
  • https://4smrolqmiih.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YTA2ZjBjMGQtMWYzMS0xMGRkLTdlNmUtNDk3YmZkZDA4ZjJmJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODM3NDkzODc0NjUwMDQwNi44MDFkMmViZS0zMTlhLTQwMDUtYTE2YS1mOTg4NDNmMjQyNWEmc3RhdGU9RGN0QkVvQWdDRUJSek9rNEpBb2lIb2NtM2Jicy1yRjRmX2NUQU9Sd2hFUVJHTXJHUXliYkVPMUVRbm9aMWFldGV5SFg2U2hFSGIycTQ1NW13cnRKNjU3aVBjdjdlZmtC

19 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
otep.html
sotpwinzwernet.us-east-1.linodeobjects.com/
Redirect Chain
  • http://multfactor0ffotp.info/
  • http://www.multfactor0ffotp.info/
  • https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html
3 KB
3 KB
Document
General
Full URL
https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:3c03::f03c:92ff:fe6e:ce0c Cedar Knolls, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS
Software
/
Resource Hash
542274ce779f6dabfb7a9104e127f1b450b56795db59458574c4f4c36d46c5eb

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Length
3112
Content-Type
text/html
Date
Wed, 06 Dec 2023 21:11:11 GMT
ETag
"fc4a993e599ccea59b1fe685c38e79b5"
Last-Modified
Wed, 06 Dec 2023 16:18:44 GMT
x-amz-request-id
tx00000625898b5c3c2b215-006570e36f-4dbe37a3-default
x-rgw-object-type
Normal

Redirect headers

Connection
keep-alive
Content-Length
178
Content-Type
text/html
Date
Wed, 06 Dec 2023 21:11:11 GMT
Location
https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html
Server
nginx
all.css
qr.codes/fontawesome-free-5.15.4-web/css/
72 KB
13 KB
Stylesheet
General
Full URL
https://qr.codes/fontawesome-free-5.15.4-web/css/all.css
Requested by
Host: sotpwinzwernet.us-east-1.linodeobjects.com
URL: https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0cb8cc3fee4275e182236ab19c3aae55274f43aa0ffde9c0510d8d59fcf8e5dc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sotpwinzwernet.us-east-1.linodeobjects.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 06 Dec 2023 21:11:12 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 02 Sep 2022 15:54:29 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
5247
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8QT8eb8%2BmxCp6GreTn0CYBPgcGdMbUTOPOMxl%2FyrvzUnAP7%2FusfLPb1Y%2FJz%2BsVxyJRp5vMPJbbnNXKVqA7EJ9RdXfJkcsXVCFeWJzAS%2F5dSVYQsB4l7C1kovMxmB9RIa75QUdLh6MQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
8317851c0e4165b1-FRA
alt-svc
h3=":443"; ma=86400
prism.css
qr.io/node_modules/prismjs/themes/
2 KB
1 KB
Stylesheet
General
Full URL
https://qr.io/node_modules/prismjs/themes/prism.css
Requested by
Host: sotpwinzwernet.us-east-1.linodeobjects.com
URL: https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
565dbff14754261a039640abf421099afefb922ba1e32c4c17b80fd4e61ee840

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sotpwinzwernet.us-east-1.linodeobjects.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 06 Dec 2023 21:11:11 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 12 Sep 2020 18:43:17 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
5977
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CP9N3y4bBKASCprcO%2FUEOa8R5CGSPsWraOFVl4%2F%2FGNAa6W9lL3fHEFF4tcOeeXhV4Ae7HRBn6rQ3G6xwdwEXJ9BJEeVi2LgkBbYkH5MJlJgmKcMF4AdpTqsCj21yfv%2FTvpq%2FPg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
8317851b0e9e8fdd-FRA
alt-svc
h3=":443"; ma=86400
jqvmap.min.css
qr.io/node_modules/jqvmap/dist/
613 B
551 B
Stylesheet
General
Full URL
https://qr.io/node_modules/jqvmap/dist/jqvmap.min.css
Requested by
Host: sotpwinzwernet.us-east-1.linodeobjects.com
URL: https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
32d26b3f38f5adcf544dcb92bd5ef604d67ac7300a28f7f8b072ae0e9f555a3c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sotpwinzwernet.us-east-1.linodeobjects.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 06 Dec 2023 21:11:11 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 12 Sep 2020 18:43:10 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
5977
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=moG4HjjSEDdii8%2B52aOCZTHbhSElTwnWdX%2FSf%2B%2FaEg6hdZB0P3svX5iy%2Bg0J9rQsGbpbdI8mBS0UHneFgdt5UIO6Lu7l7q4pXeOb7wjYonnlDPwlZaAFVolGMZBSaCDIXnW8Vw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
8317851b0e9b8fdd-FRA
alt-svc
h3=":443"; ma=86400
leaf.css
qr.io/css/
559 KB
75 KB
Stylesheet
General
Full URL
https://qr.io/css/leaf.css
Requested by
Host: sotpwinzwernet.us-east-1.linodeobjects.com
URL: https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c25d5aea4b2c07449b8444cc969f070c795fb6ad1bdac11a6b7d16a932174ade

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sotpwinzwernet.us-east-1.linodeobjects.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 06 Dec 2023 21:11:11 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 08 Nov 2023 12:07:50 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
5977
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WKufM%2B3%2BupGNcvMiVP8pCVxqFjxeTwfJPQwMj78S90hOH3Oqqd4T8BNY%2BzUx0SU4lrS74V3W0kx8%2FmYIMa56yNVIeSsEWRp%2FbW0Lue8agemWaPriyNB5wM0kdeTpCUAKNXOPaA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
8317851b0ea18fdd-FRA
alt-svc
h3=":443"; ma=86400
vue@2.6.14.js
qr.io/vue-scripts/
92 KB
35 KB
Script
General
Full URL
https://qr.io/vue-scripts/vue@2.6.14.js
Requested by
Host: sotpwinzwernet.us-east-1.linodeobjects.com
URL: https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9174c425c445377df4562ad9165ea08fdf9433a808296d7de5f619791df10e17

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sotpwinzwernet.us-east-1.linodeobjects.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 06 Dec 2023 21:11:11 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 07 Feb 2022 12:51:02 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
5977
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YoiLGyarWD7n%2BA9WSSyn7HW%2BIuYoOCq6Y0ok2zdTfWDYD0DFlPuRPY73%2F6S9CAydQEPbKGU2r1IP6l19UJHXVzKmFhH3POH%2BTOvXG1ZGklt3a1UF5iykN0gdIUVLXwjOUxYV5A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
8317851b0ea38fdd-FRA
alt-svc
h3=":443"; ma=86400
axios.min.js
qr.io/vue-scripts/
18 KB
7 KB
Script
General
Full URL
https://qr.io/vue-scripts/axios.min.js
Requested by
Host: sotpwinzwernet.us-east-1.linodeobjects.com
URL: https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b00828aa594968071f062841833553f98541845061e2d1c3144da47acce5940d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sotpwinzwernet.us-east-1.linodeobjects.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 06 Dec 2023 21:11:11 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 07 Feb 2022 12:51:01 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
5977
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FhgDoHg%2BEGdIWnOAgfwZnWhzzy2QKoOHr6m9mn%2Bo5QcazTru9Ekr0qWqpxROnlwQLesf71xb50Aw0ibDsA%2FR2FHzMAC1SGKPEcmK1cdFtxwjhJE6UJXswVm%2FJAqP62fZVLY3nA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
8317851b0ea28fdd-FRA
alt-svc
h3=":443"; ma=86400
1395.png
widgets.amung.us/small/13/
Redirect Chain
  • https://whos.amung.us/swidget/qriostats.png
  • https://widgets.amung.us/small/13/1395.png
334 B
505 B
Image
General
Full URL
https://widgets.amung.us/small/13/1395.png
Requested by
Host: sotpwinzwernet.us-east-1.linodeobjects.com
URL: https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html
Protocol
H2
Server
2606:4700:10::6816:4bab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc3be91d43a18c81af81f95c976c19b194b53e834aea9d5fbd97940c5cdaa859

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sotpwinzwernet.us-east-1.linodeobjects.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 06 Dec 2023 21:11:11 GMT
cf-cache-status
HIT
last-modified
Sun, 13 Jun 2010 09:48:30 GMT
server
cloudflare
age
2390373
etag
"4c14a96e-14e"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
8317851bdeb73832-FRA
content-length
334
expires
Fri, 10 Nov 2023 05:11:38 GMT

Redirect headers

location
https://widgets.amung.us/small/13/1395.png
date
Wed, 06 Dec 2023 21:11:11 GMT
cache-control
no-cache, no-store, must-revalidate
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
8317851b0db53832-FRA
content-type
text/html; charset=UTF-8
1b81205565c64bfd340dff5aeef6dfc7.png
multiplelinks-images.s3.amazonaws.com/
2 KB
3 KB
Image
General
Full URL
https://multiplelinks-images.s3.amazonaws.com/1b81205565c64bfd340dff5aeef6dfc7.png
Requested by
Host: sotpwinzwernet.us-east-1.linodeobjects.com
URL: https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.217.225.241 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
147c66a293f5c689f5f3026425116ae2dc07f9278c3d6bb8ce1224f02a851825

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sotpwinzwernet.us-east-1.linodeobjects.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date
Wed, 06 Dec 2023 21:11:13 GMT
Last-Modified
Sat, 15 Jul 2023 12:23:52 GMT
Server
AmazonS3
x-amz-request-id
KVD5FY5DCX5GBJZP
ETag
"3d8348f9d44e874159cbda81629c2dce"
x-amz-server-side-encryption
AES256
Content-Type
image/png
Accept-Ranges
bytes
Content-Length
2382
x-amz-id-2
eji0v3YhGzOmzKxr+W+PB51ErocAQvs2RRJ2B2Cyw8rCaSFhFlpmShco0c8Ax5B6ss922USZB1M=
css
fonts.googleapis.com/
11 KB
824 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Nunito+Sans:300,400,600,700,800&display=swap
Requested by
Host: qr.io
URL: https://qr.io/css/leaf.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
1d5389c7f119dc4c74da821a932f6530191de67aa19a9274a134c0b2155f42b4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://qr.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 06 Dec 2023 21:11:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 06 Dec 2023 20:46:42 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 06 Dec 2023 21:11:11 GMT
css
fonts.googleapis.com/
2 KB
838 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Sanchez:400,400i&display=swap
Requested by
Host: qr.io
URL: https://qr.io/css/leaf.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e8b48701e04d2913c042952823f5b437b3bd6c25e66e7ddff1b7e9374ce218f9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://qr.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 06 Dec 2023 21:11:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 06 Dec 2023 21:11:11 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 06 Dec 2023 21:11:11 GMT
pe0TMImSLYBIv1o4X1M8ce2xCx3yop4tQpF_MeTm0lfGWVpNn64CL7U8upHZIbMV51Q42ptCp7t1R-s.woff2
fonts.gstatic.com/s/nunitosans/v15/
30 KB
31 KB
Font
General
Full URL
https://fonts.gstatic.com/s/nunitosans/v15/pe0TMImSLYBIv1o4X1M8ce2xCx3yop4tQpF_MeTm0lfGWVpNn64CL7U8upHZIbMV51Q42ptCp7t1R-s.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Nunito+Sans:300,400,600,700,800&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1393acc632c160def86b45c2521c8ee742b7e6239d0d90fb95f51d55cf48b9c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://sotpwinzwernet.us-east-1.linodeobjects.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Tue, 05 Dec 2023 19:41:38 GMT
x-content-type-options
nosniff
age
91774
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31052
x-xss-protection
0
last-modified
Thu, 27 Apr 2023 00:27:41 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 04 Dec 2024 19:41:38 GMT
redirect.cgi
4smrolqmiih.multi-factor0ffice.info/
Redirect Chain
  • https://security-0tp0ffice.info/?sdqgbkbe
  • https://4smrolqmiih.multi-factor0ffice.info/?sign=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovLzRzbXJvbHFtaWloLm11bHRpLWZhY3RvcjBmZmljZS5pbmZvIiwiZG9tYWluIjoiNHNtcm9scW1paWgubXVsdGktZm...
  • https://4smrolqmiih.multi-factor0ffice.info/
  • https://4smrolqmiih.multi-factor0ffice.info/owa/
  • https://4smrolqmiih.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAw...
21 KB
11 KB
Document
General
Full URL
https://4smrolqmiih.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YTA2ZjBjMGQtMWYzMS0xMGRkLTdlNmUtNDk3YmZkZDA4ZjJmJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODM3NDkzODc0NjUwMDQwNi44MDFkMmViZS0zMTlhLTQwMDUtYTE2YS1mOTg4NDNmMjQyNWEmc3RhdGU9RGN0QkVvQWdDRUJSek9rNEpBb2lIb2NtM2Jicy1yRjRmX2NUQU9Sd2hFUVJHTXJHUXliYkVPMUVRbm9aMWFldGV5SFg2U2hFSGIycTQ1NW13cnRKNjU3aVBjdjdlZmtC
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
88.218.188.92 , Ukraine, ASN56485 (THEHOST-AS, UA),
Reverse DNS
eidgrdp.theweb.place
Software
/
Resource Hash
e27e477611145559592dac9111f9cf7bcc01b70f6c12a96e42194d095fe100e9
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache
Connection
close
Content-Encoding
gzip
Content-Security-Policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Content-Type
text/html; charset=utf-8
Date
Wed, 06 Dec 2023 21:11:14 GMT
Expires
-1
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma
no-cache
Referer
https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=a06f0c0d-1f31-10dd-7e6e-497bfdd08f2f&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638374938746500406.801d2ebe-319a-4005-a16a-f98843f2425a&state=DctBEoAgCEBRzOk4JAoiHocm3bbs-rF4f_cTAORwhEQRGMrGQybbEO1EQnoZ1aeteyHX6ShEHb2q455mwrtJ657iPcv7efkB
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
content-length
21384
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+frc"}]}
x-ms-ests-server
2.1.16790.9 - WEULR1 ProdSlices
x-ms-request-id
84c21ed6-d1db-4c1a-9e5a-195330da6500

Redirect headers

Alt-Svc
h3=":443",h3-29=":443"
Connection
close
Content-Security-Policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Content-Type
text/html; charset=utf-8
Date
Wed, 06 Dec 2023 21:11:14 GMT
Location
https://4smrolqmiih.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YTA2ZjBjMGQtMWYzMS0xMGRkLTdlNmUtNDk3YmZkZDA4ZjJmJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODM3NDkzODc0NjUwMDQwNi44MDFkMmViZS0zMTlhLTQwMDUtYTE2YS1mOTg4NDNmMjQyNWEmc3RhdGU9RGN0QkVvQWdDRUJSek9rNEpBb2lIb2NtM2Jicy1yRjRmX2NUQU9Sd2hFUVJHTXJHUXliYkVPMUVRbm9aMWFldGV5SFg2U2hFSGIycTQ1NW13cnRKNjU3aVBjdjdlZmtC
NEL
{"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
P3P
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Report-To
{"group":"NelOfficeUpload1","max_age":7200,"endpoints":[{"url":"https://exo.nel.measure.office.net/api/report?TenantId=&FrontEnd=Cafe&DestinationEndpoint=FRA&RemoteIP=88.218.188.0"}],"include_subdomains":true}
Server
Microsoft-IIS/10.0
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-BEServer
FRYP281MB0095
X-BackEnd-Begin
2023-12-06T21:11:14.650
X-BackEnd-End
2023-12-06T21:11:14.650
X-BackEndHttpStatus
302
X-BeSku
WCS6
X-CalculatedBETarget
FRYP281MB0095.DEUP281.PROD.OUTLOOK.COM
X-DiagInfo
FRYP281MB0095
X-FEEFZInfo
FRA
X-FEProxyInfo
FR2P281CA0066.DEUP281.PROD.OUTLOOK.COM
X-FEServer
FR2P281CA0066
X-FirstHopCafeEFZ
FRA
X-IIDs
0
X-OWA-DiagnosticsInfo
2;0;0
X-Proxy-BackendServerStatus
302
X-Proxy-RoutingCorrectness
1
X-RUM-NotUpdateQueriedDbCopy
1
X-RUM-NotUpdateQueriedPath
1
X-RUM-Validated
1
X-UA-Compatible
IE=EmulateIE7
content-length
1303
request-id
a06f0c0d-1f31-10dd-7e6e-497bfdd08f2f
BssoInterrupt_Core_PukjvzWvVsvIJFh4xJhtXA2.js
4smrolqmiih.multi-factor0ffice.info/aadcdn.msauth.net/~/shared/1.0/content/js/
136 KB
49 KB
Script
General
Full URL
https://4smrolqmiih.multi-factor0ffice.info/aadcdn.msauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_PukjvzWvVsvIJFh4xJhtXA2.js
Requested by
Host: 4smrolqmiih.multi-factor0ffice.info
URL: https://4smrolqmiih.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YTA2ZjBjMGQtMWYzMS0xMGRkLTdlNmUtNDk3YmZkZDA4ZjJmJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODM3NDkzODc0NjUwMDQwNi44MDFkMmViZS0zMTlhLTQwMDUtYTE2YS1mOTg4NDNmMjQyNWEmc3RhdGU9RGN0QkVvQWdDRUJSek9rNEpBb2lIb2NtM2Jicy1yRjRmX2NUQU9Sd2hFUVJHTXJHUXliYkVPMUVRbm9aMWFldGV5SFg2U2hFSGIycTQ1NW13cnRKNjU3aVBjdjdlZmtC
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
88.218.188.92 , Ukraine, ASN56485 (THEHOST-AS, UA),
Reverse DNS
eidgrdp.theweb.place
Software
/
Resource Hash
5263d1581b63803f1ba6129bfbf6afd62df2ef3cee487fc5500b74e553c46011
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4smrolqmiih.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YTA2ZjBjMGQtMWYzMS0xMGRkLTdlNmUtNDk3YmZkZDA4ZjJmJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODM3NDkzODc0NjUwMDQwNi44MDFkMmViZS0zMTlhLTQwMDUtYTE2YS1mOTg4NDNmMjQyNWEmc3RhdGU9RGN0QkVvQWdDRUJSek9rNEpBb2lIb2NtM2Jicy1yRjRmX2NUQU9Sd2hFUVJHTXJHUXliYkVPMUVRbm9aMWFldGV5SFg2U2hFSGIycTQ1NW13cnRKNjU3aVBjdjdlZmtC
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
Date
Wed, 06 Dec 2023 21:11:15 GMT
Content-Encoding
gzip
Content-Security-Policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
X-Cache
TCP_HIT
Connection
close
content-length
138850
x-ms-lease-status
unlocked
Last-Modified
Tue, 31 Oct 2023 21:22:47 GMT
ETag
0x8DBDA5787B3F8D5
x-azure-ref
20231206T211115Z-9nppr5c9797pxcbv36g5uwpr200000000ghg00000001sw7y
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
x-ms-request-id
d0c3b730-901e-0046-2f97-1f1e6e000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
Accept-Ranges
bytes
truncated
/
341 B
0
Script
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
90682803943448f3acffc81014c87fdd71f30d8cf97335fcea451fac1e568221

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type
text/javascript
Primary Request redirect.cgi
4smrolqmiih.multi-factor0ffice.info/
39 KB
18 KB
Document
General
Full URL
https://4smrolqmiih.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YTA2ZjBjMGQtMWYzMS0xMGRkLTdlNmUtNDk3YmZkZDA4ZjJmJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODM3NDkzODc0NjUwMDQwNi44MDFkMmViZS0zMTlhLTQwMDUtYTE2YS1mOTg4NDNmMjQyNWEmc3RhdGU9RGN0QkVvQWdDRUJSek9rNEpBb2lIb2NtM2Jicy1yRjRmX2NUQU9Sd2hFUVJHTXJHUXliYkVPMUVRbm9aMWFldGV5SFg2U2hFSGIycTQ1NW13cnRKNjU3aVBjdjdlZmtC&sso_reload=true
Requested by
Host: 4smrolqmiih.multi-factor0ffice.info
URL: https://4smrolqmiih.multi-factor0ffice.info/aadcdn.msauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_PukjvzWvVsvIJFh4xJhtXA2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
88.218.188.92 , Ukraine, ASN56485 (THEHOST-AS, UA),
Reverse DNS
eidgrdp.theweb.place
Software
/
Resource Hash
3dcb08f9828eb6318b0a87c2402900ad9ad21e06a2706bbd3b74c306f6c45cd3
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://4smrolqmiih.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YTA2ZjBjMGQtMWYzMS0xMGRkLTdlNmUtNDk3YmZkZDA4ZjJmJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODM3NDkzODc0NjUwMDQwNi44MDFkMmViZS0zMTlhLTQwMDUtYTE2YS1mOTg4NDNmMjQyNWEmc3RhdGU9RGN0QkVvQWdDRUJSek9rNEpBb2lIb2NtM2Jicy1yRjRmX2NUQU9Sd2hFUVJHTXJHUXliYkVPMUVRbm9aMWFldGV5SFg2U2hFSGIycTQ1NW13cnRKNjU3aVBjdjdlZmtC
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache
Connection
close
Content-Encoding
gzip
Content-Security-Policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Content-Type
text/html; charset=utf-8
Date
Wed, 06 Dec 2023 21:11:16 GMT
Expires
-1
Link
<https://aadcdn.msftauth.net>; rel=preconnect; crossorigin, <https://aadcdn.msftauth.net>; rel=dns-prefetch, <https://aadcdn.msauth.net>; rel=dns-prefetch
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma
no-cache
Referer
https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=a06f0c0d-1f31-10dd-7e6e-497bfdd08f2f&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638374938746500406.801d2ebe-319a-4005-a16a-f98843f2425a&state=DctBEoAgCEBRzOk4JAoiHocm3bbs-rF4f_cTAORwhEQRGMrGQybbEO1EQnoZ1aeteyHX6ShEHb2q455mwrtJ657iPcv7efkB2J?-ihi
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
content-length
40066
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+frc"}]}
x-ms-ests-server
2.1.16878.5 - SEC ProdSlices
x-ms-request-id
499a7b91-74e6-4184-84ab-bcc7d557f800
converged.v2.login.min_ltjvsvk5aekta_kgibi0gg2.css
4smrolqmiih.multi-factor0ffice.info/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/
109 KB
20 KB
Stylesheet
General
Full URL
https://4smrolqmiih.multi-factor0ffice.info/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_ltjvsvk5aekta_kgibi0gg2.css
Requested by
Host: 4smrolqmiih.multi-factor0ffice.info
URL: https://4smrolqmiih.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YTA2ZjBjMGQtMWYzMS0xMGRkLTdlNmUtNDk3YmZkZDA4ZjJmJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODM3NDkzODc0NjUwMDQwNi44MDFkMmViZS0zMTlhLTQwMDUtYTE2YS1mOTg4NDNmMjQyNWEmc3RhdGU9RGN0QkVvQWdDRUJSek9rNEpBb2lIb2NtM2Jicy1yRjRmX2NUQU9Sd2hFUVJHTXJHUXliYkVPMUVRbm9aMWFldGV5SFg2U2hFSGIycTQ1NW13cnRKNjU3aVBjdjdlZmtC&sso_reload=true
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
88.218.188.92 , Ukraine, ASN56485 (THEHOST-AS, UA),
Reverse DNS
eidgrdp.theweb.place
Software
ECAcc (wmi/FEBB) /
Resource Hash
1a0ea89ae667420caeae29d594d53258e6ed157dab7e8dfe6f154f0054b0cf99

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4smrolqmiih.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YTA2ZjBjMGQtMWYzMS0xMGRkLTdlNmUtNDk3YmZkZDA4ZjJmJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODM3NDkzODc0NjUwMDQwNi44MDFkMmViZS0zMTlhLTQwMDUtYTE2YS1mOTg4NDNmMjQyNWEmc3RhdGU9RGN0QkVvQWdDRUJSek9rNEpBb2lIb2NtM2Jicy1yRjRmX2NUQU9Sd2hFUVJHTXJHUXliYkVPMUVRbm9aMWFldGV5SFg2U2hFSGIycTQ1NW13cnRKNjU3aVBjdjdlZmtC&sso_reload=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
Date
Wed, 06 Dec 2023 21:11:16 GMT
Content-Encoding
gzip
Content-MD5
znAMuOwBXwRYMjVZ8p4wCw==
Age
7774206
X-Cache
HIT
Connection
close
Content-Length
20208
x-ms-lease-status
unlocked
Last-Modified
Wed, 06 Sep 2023 21:24:15 GMT
Server
ECAcc (wmi/FEBB)
Etag
0x8DBAF1F9F5D8653
Vary
Accept-Encoding
Content-Type
text/css
Access-Control-Allow-Origin
*
x-ms-request-id
64855c7a-401e-009f-58d4-e1344e000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
Accept-Ranges
bytes
ConvergedLogin_PCore_xQ_4cu5kMxqWy6T1zLKcgw2.js
4smrolqmiih.multi-factor0ffice.info/aadcdn.msftauth.net/~/shared/1.0/content/js/
673 KB
673 KB
Script
General
Full URL
https://4smrolqmiih.multi-factor0ffice.info/aadcdn.msftauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_xQ_4cu5kMxqWy6T1zLKcgw2.js
Requested by
Host: 4smrolqmiih.multi-factor0ffice.info
URL: https://4smrolqmiih.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YTA2ZjBjMGQtMWYzMS0xMGRkLTdlNmUtNDk3YmZkZDA4ZjJmJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODM3NDkzODc0NjUwMDQwNi44MDFkMmViZS0zMTlhLTQwMDUtYTE2YS1mOTg4NDNmMjQyNWEmc3RhdGU9RGN0QkVvQWdDRUJSek9rNEpBb2lIb2NtM2Jicy1yRjRmX2NUQU9Sd2hFUVJHTXJHUXliYkVPMUVRbm9aMWFldGV5SFg2U2hFSGIycTQ1NW13cnRKNjU3aVBjdjdlZmtC&sso_reload=true
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
88.218.188.92 , Ukraine, ASN56485 (THEHOST-AS, UA),
Reverse DNS
eidgrdp.theweb.place
Software
/
Resource Hash
6665ca6a09f770c6679556eb86cf4234c8bdb0271049620e03199b34b4a16099

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4smrolqmiih.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YTA2ZjBjMGQtMWYzMS0xMGRkLTdlNmUtNDk3YmZkZDA4ZjJmJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODM3NDkzODc0NjUwMDQwNi44MDFkMmViZS0zMTlhLTQwMDUtYTE2YS1mOTg4NDNmMjQyNWEmc3RhdGU9RGN0QkVvQWdDRUJSek9rNEpBb2lIb2NtM2Jicy1yRjRmX2NUQU9Sd2hFUVJHTXJHUXliYkVPMUVRbm9aMWFldGV5SFg2U2hFSGIycTQ1NW13cnRKNjU3aVBjdjdlZmtC&sso_reload=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date
Wed, 06 Dec 2023 21:11:16 GMT
Connection
keep-alive
Keep-Alive
timeout=5
Content-Length
689017
Content-Type
application/x-javascript
ux.converged.login.strings-de.min_kttbcevibl3axf-emyvupa2.js
4smrolqmiih.multi-factor0ffice.info/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/
58 KB
18 KB
Script
General
Full URL
https://4smrolqmiih.multi-factor0ffice.info/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-de.min_kttbcevibl3axf-emyvupa2.js
Requested by
Host: 4smrolqmiih.multi-factor0ffice.info
URL: https://4smrolqmiih.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YTA2ZjBjMGQtMWYzMS0xMGRkLTdlNmUtNDk3YmZkZDA4ZjJmJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODM3NDkzODc0NjUwMDQwNi44MDFkMmViZS0zMTlhLTQwMDUtYTE2YS1mOTg4NDNmMjQyNWEmc3RhdGU9RGN0QkVvQWdDRUJSek9rNEpBb2lIb2NtM2Jicy1yRjRmX2NUQU9Sd2hFUVJHTXJHUXliYkVPMUVRbm9aMWFldGV5SFg2U2hFSGIycTQ1NW13cnRKNjU3aVBjdjdlZmtC&sso_reload=true
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
88.218.188.92 , Ukraine, ASN56485 (THEHOST-AS, UA),
Reverse DNS
eidgrdp.theweb.place
Software
ECAcc (wmi/FEE2) /
Resource Hash
ab57a810667ec1440a8969be19347e62aedecd99b07a7c74e1ef14be04bc9e4a
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4smrolqmiih.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YTA2ZjBjMGQtMWYzMS0xMGRkLTdlNmUtNDk3YmZkZDA4ZjJmJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODM3NDkzODc0NjUwMDQwNi44MDFkMmViZS0zMTlhLTQwMDUtYTE2YS1mOTg4NDNmMjQyNWEmc3RhdGU9RGN0QkVvQWdDRUJSek9rNEpBb2lIb2NtM2Jicy1yRjRmX2NUQU9Sd2hFUVJHTXJHUXliYkVPMUVRbm9aMWFldGV5SFg2U2hFSGIycTQ1NW13cnRKNjU3aVBjdjdlZmtC&sso_reload=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
Date
Wed, 06 Dec 2023 21:11:16 GMT
Content-Encoding
gzip
Content-Security-Policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Content-MD5
i1bWH79CoaSd0fRSchAlmg==
Age
526032
X-Cache
HIT
Connection
close
content-length
59041
x-ms-lease-status
unlocked
Last-Modified
Fri, 10 Nov 2023 01:29:02 GMT
Server
ECAcc (wmi/FEE2)
Etag
0x8DBE18C6C228E70
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
x-ms-request-id
6a0b9881-801e-0053-1dbf-234413000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
Accept-Ranges
bytes
truncated
/
341 B
0
Script
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
90682803943448f3acffc81014c87fdd71f30d8cf97335fcea451fac1e568221

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type
text/javascript
Me.htm
login.live.com/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
login.live.com
URL
https://login.live.com/Me.htm?v=3

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

13 Cookies

Domain/Path Name / Value
security-0tp0ffice.info/ Name: qPdM
Value: PQJXQjr61H0v
security-0tp0ffice.info/ Name: qPdM.sig
Value: 65HcBTpZcqoDpXt79TWdigY5WWY
4smrolqmiih.multi-factor0ffice.info/ Name: qPdM
Value: PQJXQjr61H0v
4smrolqmiih.multi-factor0ffice.info/ Name: qPdM.sig
Value: 65HcBTpZcqoDpXt79TWdigY5WWY
4smrolqmiih.multi-factor0ffice.info/ Name: ClientId
Value: 6F715409CD984BD09A0BFB4B65DEA8C0
4smrolqmiih.multi-factor0ffice.info/ Name: OIDC
Value: 1
4smrolqmiih.multi-factor0ffice.info/ Name: OpenIdConnect.nonce.v3.c5SqWKw3Rr4LWmIct3EoeUTq6oS3Yw80NQRqYKaNud4
Value: 638374938746500406.801d2ebe-319a-4005-a16a-f98843f2425a
4smrolqmiih.multi-factor0ffice.info/ Name: X-OWA-RedirectHistory
Value: ArLym14BNjV_4Z_22wg
4smrolqmiih.multi-factor0ffice.info/ Name: fpc
Value: Ap8kBvIyPh5EjYIfHNCkXV0
4smrolqmiih.multi-factor0ffice.info/ Name: x-ms-gateway-slice
Value: estsfd
4smrolqmiih.multi-factor0ffice.info/ Name: stsservicecookie
Value: estsfd
.4smrolqmiih.multi-factor0ffice.info/ Name: AADSSO
Value: NA|NoExtension
4smrolqmiih.multi-factor0ffice.info/ Name: SSOCOOKIEPULLED
Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

4smrolqmiih.multi-factor0ffice.info
fonts.googleapis.com
fonts.gstatic.com
login.live.com
multfactor0ffotp.info
multiplelinks-images.s3.amazonaws.com
qr.codes
qr.io
security-0tp0ffice.info
sotpwinzwernet.us-east-1.linodeobjects.com
whos.amung.us
widgets.amung.us
www.multfactor0ffotp.info
login.live.com
198.251.81.30
198.251.84.92
2600:3c03::f03c:92ff:fe6e:ce0c
2606:4700:10::6816:4bab
2a00:1450:4001:830::2003
2a00:1450:4001:831::200a
2a06:98c1:3121::3
52.217.225.241
88.218.188.92
0cb8cc3fee4275e182236ab19c3aae55274f43aa0ffde9c0510d8d59fcf8e5dc
1393acc632c160def86b45c2521c8ee742b7e6239d0d90fb95f51d55cf48b9c3
147c66a293f5c689f5f3026425116ae2dc07f9278c3d6bb8ce1224f02a851825
1a0ea89ae667420caeae29d594d53258e6ed157dab7e8dfe6f154f0054b0cf99
1d5389c7f119dc4c74da821a932f6530191de67aa19a9274a134c0b2155f42b4
32d26b3f38f5adcf544dcb92bd5ef604d67ac7300a28f7f8b072ae0e9f555a3c
3dcb08f9828eb6318b0a87c2402900ad9ad21e06a2706bbd3b74c306f6c45cd3
5263d1581b63803f1ba6129bfbf6afd62df2ef3cee487fc5500b74e553c46011
542274ce779f6dabfb7a9104e127f1b450b56795db59458574c4f4c36d46c5eb
565dbff14754261a039640abf421099afefb922ba1e32c4c17b80fd4e61ee840
6665ca6a09f770c6679556eb86cf4234c8bdb0271049620e03199b34b4a16099
90682803943448f3acffc81014c87fdd71f30d8cf97335fcea451fac1e568221
9174c425c445377df4562ad9165ea08fdf9433a808296d7de5f619791df10e17
ab57a810667ec1440a8969be19347e62aedecd99b07a7c74e1ef14be04bc9e4a
b00828aa594968071f062841833553f98541845061e2d1c3144da47acce5940d
c25d5aea4b2c07449b8444cc969f070c795fb6ad1bdac11a6b7d16a932174ade
dc3be91d43a18c81af81f95c976c19b194b53e834aea9d5fbd97940c5cdaa859
e27e477611145559592dac9111f9cf7bcc01b70f6c12a96e42194d095fe100e9
e8b48701e04d2913c042952823f5b437b3bd6c25e66e7ddff1b7e9374ce218f9