ww2.affinity.net
Open in
urlscan Pro
34.160.232.116
Public Scan
Submitted URL: https://enterpriseenrollment.mlc5rus.onmircosoft.com/
Effective URL: https://ww2.affinity.net/fly?no_capp=2&enk=MTc5MjU5fDEyM3wxfDczOTM4fDE3MDk0MjExNTN8MXwxfDg5&ls=1709421153.6842&lbc=170942...
Submission: On March 02 via api from US — Scanned from US
Effective URL: https://ww2.affinity.net/fly?no_capp=2&enk=MTc5MjU5fDEyM3wxfDczOTM4fDE3MDk0MjExNTN8MXwxfDg5&ls=1709421153.6842&lbc=170942...
Submission: On March 02 via api from US — Scanned from US
Summary
This website contacted 3 IPs
in 2 countries
across 7 domains to perform 5 HTTP transactions.
The main IP is 34.160.232.116, located in
Kansas City, United States and
belongs to GOOGLE-CLOUD-PLATFORM, US.
The main domain is ww2.affinity.net.
The Cisco Umbrella rank of the primary domain is 230676.
TLS certificate: Issued by GlobalSign GCC R3 DV TLS CA 2020 on July 28th 2023. Valid for: a year.
This is the only time ww2.affinity.net was scanned on urlscan.io!
TLS certificate: Issued by GlobalSign GCC R3 DV TLS CA 2020 on July 28th 2023. Valid for: a year.
This is the only time ww2.affinity.net was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 2 | 199.191.50.184 199.191.50.184 | 40034 (CONFLUENC...) (CONFLUENCE-NETWORK-INC) | |
| 2 2 | 34.111.26.73 34.111.26.73 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
| 1 3 | 34.160.232.116 34.160.232.116 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
| 1 1 | 35.212.67.244 35.212.67.244 | 15169 (GOOGLE) (GOOGLE) | |
| 2 2 | 3.235.80.137 3.235.80.137 | 14618 (AMAZON-AES) (AMAZON-AES) | |
| 1 1 | 34.95.127.121 34.95.127.121 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
| 1 2 | 2600:141b:1c0... 2600:141b:1c00:1681::356e | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 5 | 3 |
2
199.191.50.184
(Virgin Islands (British))
ASN40034 (CONFLUENCE-NETWORK-INC, VG)
ASN40034 (CONFLUENCE-NETWORK-INC, VG)
| enterpriseenrollment.mlc5rus.onmircosoft.com |
2
34.111.26.73
(Kansas City, United States)
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 73.26.111.34.bc.googleusercontent.com
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 73.26.111.34.bc.googleusercontent.com
| fd.sealthatleak.com |
3
34.160.232.116
(Kansas City, United States)
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 116.232.160.34.bc.googleusercontent.com
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 116.232.160.34.bc.googleusercontent.com
| ww2.affinity.net |
1
35.212.67.244
(Washington, United States)
ASN15169 (GOOGLE, US)
PTR: 244.67.212.35.bc.googleusercontent.com
ASN15169 (GOOGLE, US)
PTR: 244.67.212.35.bc.googleusercontent.com
| click.linksynergy.com |
2
3.235.80.137
(Ashburn, United States)
ASN14618 (AMAZON-AES, US)
PTR: ec2-3-235-80-137.compute-1.amazonaws.com
ASN14618 (AMAZON-AES, US)
PTR: ec2-3-235-80-137.compute-1.amazonaws.com
| microsoft.msafflnk.net |
1
34.95.127.121
(Kansas City, United States)
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 121.127.95.34.bc.googleusercontent.com
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 121.127.95.34.bc.googleusercontent.com
| www.ojrq.net |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 3 |
affinity.net
1 redirects
ww2.affinity.net — Cisco Umbrella Rank: 230676 |
6 KB |
| 2 |
microsoft.com
1 redirects
www.microsoft.com — Cisco Umbrella Rank: 273 |
446 B |
| 2 |
msafflnk.net
2 redirects
microsoft.msafflnk.net — Cisco Umbrella Rank: 129954 |
2 KB |
| 2 |
sealthatleak.com
2 redirects
fd.sealthatleak.com |
410 B |
| 2 |
onmircosoft.com
enterpriseenrollment.mlc5rus.onmircosoft.com |
4 KB |
| 1 |
ojrq.net
1 redirects
www.ojrq.net — Cisco Umbrella Rank: 7549 |
727 B |
| 1 |
linksynergy.com
1 redirects
click.linksynergy.com — Cisco Umbrella Rank: 36427 |
1 KB |
| 5 | 7 |
| Domain | Requested by | |
|---|---|---|
| 3 | ww2.affinity.net |
1 redirects
enterpriseenrollment.mlc5rus.onmircosoft.com
|
| 2 | www.microsoft.com | 1 redirects |
| 2 | microsoft.msafflnk.net | 2 redirects |
| 2 | fd.sealthatleak.com | 2 redirects |
| 2 | enterpriseenrollment.mlc5rus.onmircosoft.com |
enterpriseenrollment.mlc5rus.onmircosoft.com
|
| 1 | www.ojrq.net | 1 redirects |
| 1 | click.linksynergy.com | 1 redirects |
| 5 | 7 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| testexp testexp |
2020-06-02 - 2030-05-31 |
10 years | crt.sh |
| *.affinity.net GlobalSign GCC R3 DV TLS CA 2020 |
2023-07-28 - 2024-08-28 |
a year | crt.sh |
| www.microsoft.com Microsoft Azure RSA TLS Issuing CA 07 |
2023-09-14 - 2024-09-08 |
a year | crt.sh |
This page contains 2 frames:
Frame:
https://www.microsoft.com/en-us/store/b/sale?ranMID=24542&ranEAID=PqGoi0DnEyQ&ranSiteID=PqGoi0DnEyQ-Tv7TddZbEthtG9zZKe_.WQ&epi=PqGoi0DnEyQ-Tv7TddZbEthtG9zZKe_.WQ&irgwc=1&OCID=AIDcmm549zy227_aff_7593_1243925&tduid=%28ir__jjl1ryfcdkkfdzd3t9ubnem1jf2x9elff9rkkduw00%29%287593%29%281243925%29%28PqGoi0DnEyQ-Tv7TddZbEthtG9zZKe_.WQ%29%28%29&irclickid=_jjl1ryfcdkkfdzd3t9ubnem1jf2x9elff9rkkduw00
Frame ID: 432B45F2CC8290271070478671972F43
Requests: 3 HTTP requests in this frame
Frame:
https://ww2.affinity.net/fly?no_capp=2&enk=MTc5MjU5fDEyMnwxfDczOTM4fDE3MDk0MjExNTN8MXwxfDg5&ls=1709421153.6843&lbc=1709421153.6862&lac=1709421153.703
Frame ID: 59529D50B8F1F43DC5704A35339C5CB8
Requests: 2 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://enterpriseenrollment.mlc5rus.onmircosoft.com/ Page URL
-
https://fd.sealthatleak.com/r?o=txe14&s=73938&u=onmircosoft.com&&
HTTP 302
https://ww2.affinity.net/fly?no_capp=2&enk=MTc5MjU5fDEyM3wxfDczOTM4fDE3MDk0MjExNTN8MXwxfDg5&ls=170942... Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://enterpriseenrollment.mlc5rus.onmircosoft.com/ Page URL
-
https://fd.sealthatleak.com/r?o=txe14&s=73938&u=onmircosoft.com&&
HTTP 302
https://ww2.affinity.net/fly?no_capp=2&enk=MTc5MjU5fDEyM3wxfDczOTM4fDE3MDk0MjExNTN8MXwxfDg5&ls=1709421153.6842&lbc=1709421153.686&lac=1709421153.7032 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 2- https://fd.sealthatleak.com/r?o=txe14&s=73938&u=onmircosoft.com&& HTTP 302
- https://ww2.affinity.net/fly?no_capp=2&enk=MTc5MjU5fDEyMnwxfDczOTM4fDE3MDk0MjExNTN8MXwxfDg5&ls=1709421153.6843&lbc=1709421153.6862&lac=1709421153.703
- https://ww2.affinity.net/fly1?sid=179259&sa=123&p=1&s=73938&qt=1709421153&q=&rf=https%3A%2F%2Fenterpriseenrollment.mlc5rus.onmircosoft.com%2F&enc=&enk=MTc5MjU5fDEyM3wxfDczOTM4fDE3MDk0MjExNTN8MXwxfDg5&xsc=&xsp=&xsm=&xuc=&xcf=&xai=&qxcli=df72c47cc3888f93&qxsi=ed46a770e6a7e72d&mk=1&sx=1600&sy=1200&bx=1600&by=1200&mx=0&my=0&ifm=0&ol=2b54daaa06e81bb29442ff3fce748f7a&tm=1709421153.8679&etm=1709421153.8751&ls=1709421153.6842&lbc=1709421153.686&lac=1709421153.7032&cskey=txe14&ipspm=&no_capp=2 HTTP 302
- https://click.linksynergy.com/fs-bin/click?id=PqGoi0DnEyQ&offerid=780591.10002557&type=3&u1=054f33f9994ea6bd4bf12e627efd5218@SiteDirect HTTP 302
- https://microsoft.msafflnk.net/c/1243925/433017/7593?sharedid=PqGoi0DnEyQ-Tv7TddZbEthtG9zZKe_.WQ&subid2=24542&subid3=3553785&u=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fstore%2Fb%2Fhome%3FranMID=24542%26ranEAID=PqGoi0DnEyQ%26ranSiteID=PqGoi0DnEyQ-Tv7TddZbEthtG9zZKe_.WQ%26epi=PqGoi0DnEyQ-Tv7TddZbEthtG9zZKe_.WQ HTTP 302
- https://www.ojrq.net/p/?return=https%3A%2F%2Fmicrosoft.msafflnk.net%2Fc%2F1243925%2F433017%2F7593%3Fsharedid%3DPqGoi0DnEyQ-Tv7TddZbEthtG9zZKe_.WQ%26subid2%3D24542%26subid3%3D3553785%26u%3Dhttps%253A%252F%252Fwww.microsoft.com%252Fen-us%252Fstore%252Fb%252Fhome%253FranMID%3D24542%2526ranEAID%3DPqGoi0DnEyQ%2526ranSiteID%3DPqGoi0DnEyQ-Tv7TddZbEthtG9zZKe_.WQ%2526epi%3DPqGoi0DnEyQ-Tv7TddZbEthtG9zZKe_.WQ%26level%3D1%26srcref%3Dhttps%253A%252F%252Fww2.affinity.net%252F&cid=7593&tpsync=yes&auth=56f216bf41ea131c HTTP 302
- https://microsoft.msafflnk.net/c/1243925/433017/7593?sharedid=PqGoi0DnEyQ-Tv7TddZbEthtG9zZKe_.WQ&subid2=24542&subid3=3553785&u=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fstore%2Fb%2Fhome%3FranMID=24542%26ranEAID=PqGoi0DnEyQ%26ranSiteID=PqGoi0DnEyQ-Tv7TddZbEthtG9zZKe_.WQ%26epi=PqGoi0DnEyQ-Tv7TddZbEthtG9zZKe_.WQ&level=1&srcref=https%3A%2F%2Fww2.affinity.net%2F&brwsr=5ada599f-d8ea-11ee-8fa6-af25b769455f&brwsrsig=R8EVyVx7TS4CXyL2t9RUc3F30pi3-0 HTTP 301
- https://www.microsoft.com/en-us/store/b/home?ranMID=24542&ranEAID=PqGoi0DnEyQ&ranSiteID=PqGoi0DnEyQ-Tv7TddZbEthtG9zZKe_.WQ&epi=PqGoi0DnEyQ-Tv7TddZbEthtG9zZKe_.WQ&irgwc=1&OCID=AIDcmm549zy227_aff_7593_1243925&tduid=%28ir__jjl1ryfcdkkfdzd3t9ubnem1jf2x9elff9rkkduw00%29%287593%29%281243925%29%28PqGoi0DnEyQ-Tv7TddZbEthtG9zZKe_.WQ%29%28%29&irclickid=_jjl1ryfcdkkfdzd3t9ubnem1jf2x9elff9rkkduw00 HTTP 301
- https://www.microsoft.com/en-us/store/b/sale?ranMID=24542&ranEAID=PqGoi0DnEyQ&ranSiteID=PqGoi0DnEyQ-Tv7TddZbEthtG9zZKe_.WQ&epi=PqGoi0DnEyQ-Tv7TddZbEthtG9zZKe_.WQ&irgwc=1&OCID=AIDcmm549zy227_aff_7593_1243925&tduid=%28ir__jjl1ryfcdkkfdzd3t9ubnem1jf2x9elff9rkkduw00%29%287593%29%281243925%29%28PqGoi0DnEyQ-Tv7TddZbEthtG9zZKe_.WQ%29%28%29&irclickid=_jjl1ryfcdkkfdzd3t9ubnem1jf2x9elff9rkkduw00
5 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
/
enterpriseenrollment.mlc5rus.onmircosoft.com/ |
2 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
/
enterpriseenrollment.mlc5rus.onmircosoft.com/ Frame 5952 |
943 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Primary Request
fly
ww2.affinity.net/ Redirect Chain
|
6 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
fly
ww2.affinity.net/ Frame 5952 Redirect Chain
|
6 KB 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
sale
www.microsoft.com/en-us/store/b/ Redirect Chain
|
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
10 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| .enterpriseenrollment.mlc5rus.onmircosoft.com/ | Name: vsid Value: 921vr456966754222439303 |
|
| enterpriseenrollment.mlc5rus.onmircosoft.com/ | Name: isframesetenabled Value: 1 |
|
| .linksynergy.com/ | Name: lsn_statp Value: %2FcTzhBUAAADdftn6lTUHdw%3D%3D |
|
| .linksynergy.com/ | Name: rmuid Value: 00e19eff-92e5-45d7-ba05-7e21dbc2adf8 |
|
| .linksynergy.com/ | Name: lsclick_mid24542 Value: "2024-03-02 23:12:34.226|PqGoi0DnEyQ-Tv7TddZbEthtG9zZKe_.WQ" |
|
| .ojrq.net/ | Name: brwsr Value: 5ada599f-d8ea-11ee-8fa6-af25b769455f |
|
| microsoft.msafflnk.net/ | Name: AWSALB Value: +kLqn1S8xV1Sc9PioZ3xbnnMWcvf3aOOfREp9V95uIVZ2rqOeGjWLaYPOnD56w81DOIVhj4H8w+WHKRavr8OGa3nYWrNWIKzUGxbeBQuMT4sgx+m10zqkvRzKvog |
|
| microsoft.msafflnk.net/ | Name: AWSALBCORS Value: +kLqn1S8xV1Sc9PioZ3xbnnMWcvf3aOOfREp9V95uIVZ2rqOeGjWLaYPOnD56w81DOIVhj4H8w+WHKRavr8OGa3nYWrNWIKzUGxbeBQuMT4sgx+m10zqkvRzKvog |
|
| .msafflnk.net/ | Name: brwsr Value: 5ada599f-d8ea-11ee-8fa6-af25b769455f |
|
| microsoft.msafflnk.net/ | Name: irld Value: LSDXx5t3VCUlrQfLVSWyg2Rvhz6s177T5LRrrUiRxbFTFqRGJ |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
click.linksynergy.com
enterpriseenrollment.mlc5rus.onmircosoft.com
fd.sealthatleak.com
microsoft.msafflnk.net
ww2.affinity.net
www.microsoft.com
www.ojrq.net
199.191.50.184
2600:141b:1c00:1681::356e
3.235.80.137
34.111.26.73
34.160.232.116
34.95.127.121
35.212.67.244
c3773fa426d7a8b73303c0d4fc18b3aecf6ef79a13665568c14538a4f4da62d4