pub-952f747c80014ca091e8ee6e0a32103a.r2.dev Open in urlscan Pro
2606:4700:7::eb Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://r.baudoain.com/tr/cl/rxoctPlERVDMSuLOgH3mZhgYMsNhAwTWoQPoDhiPzMI0xTTOq5qA8Edu1LDH5JEgH0De2cYyWNogOd41cDscr9rIpi...
Effective URL:
https://pub-952f747c80014ca091e8ee6e0a32103a.r2.dev/will.html
Submission Tags: falconsandbox
Submission: On November 20 via api (November 20th 2024, 8:12:05 am UTC) from US — Scanned from FR

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 3 countries across 7 domains to perform 13 HTTP transactions. The main IP is 2606:4700:7::eb, located in United States and belongs to CLOUDFLARENET, US. The main domain is pub-952f747c80014ca091e8ee6e0a32103a.r2.dev.
TLS certificate: Issued by E5 on September 29th 2024. Valid for: 3 months.

This is the only time pub-952f747c80014ca091e8ee6e0a32103a.r2.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 1	1.179.112.195 1.179.112.195	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	20.60.197.4 20.60.197.4	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
6	2606:2800:233... 2606:2800:233:1cb7:261b:1f9c:2074:3c	15133 (EDGECAST) (EDGECAST)
1	2606:4700:7::eb 2606:4700:7::eb	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42:600... 2a04:4e42:600::649	54113 (FASTLY) (FASTLY)
3	2620:1ec:29:1... 2620:1ec:29:1::45	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
13	6

1 1.179.112.195 (France) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)

r.baudoain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 20.60.197.4 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

yourpersonaldocs.z6.web.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:2800:233:1cb7:261b:1f9c:2074:3c (United States)

ASN15133 (EDGECAST, US)

res.public.onecdn.static.microsoft	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
aadcdn.msftauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:7::eb (United States)

ASN13335 (CLOUDFLARENET, US)

pub-952f747c80014ca091e8ee6e0a32103a.r2.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:600::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:29:1::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

logincdn.msauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
aadcdn.msauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	msftauth.net aadcdn.msftauth.net — Cisco Umbrella Rank: 876	49 KB
3	msauth.net logincdn.msauth.net — Cisco Umbrella Rank: 4454 aadcdn.msauth.net — Cisco Umbrella Rank: 871	4 KB
2	windows.net yourpersonaldocs.z6.web.core.windows.net	10 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 847	30 KB
1	r2.dev pub-952f747c80014ca091e8ee6e0a32103a.r2.dev	140 KB
1	static.microsoft res.public.onecdn.static.microsoft — Cisco Umbrella Rank: 170	12 KB
1	baudoain.com 1 redirects r.baudoain.com	284 B
13	7

	Domain	Requested by
5	aadcdn.msftauth.net	pub-952f747c80014ca091e8ee6e0a32103a.r2.dev
2	aadcdn.msauth.net	pub-952f747c80014ca091e8ee6e0a32103a.r2.dev
2	yourpersonaldocs.z6.web.core.windows.net
1	logincdn.msauth.net	pub-952f747c80014ca091e8ee6e0a32103a.r2.dev
1	code.jquery.com	pub-952f747c80014ca091e8ee6e0a32103a.r2.dev
1	pub-952f747c80014ca091e8ee6e0a32103a.r2.dev	yourpersonaldocs.z6.web.core.windows.net
1	res.public.onecdn.static.microsoft	yourpersonaldocs.z6.web.core.windows.net
1	r.baudoain.com	1 redirects
13	8

This site contains no links.

Subject Issuer	Validity	Valid
*.web.core.windows.net Microsoft Azure RSA TLS Issuing CA 03	`2024-11-01` - `2025-04-30`	6 months	crt.sh
*.public.onecdn.static.microsoft Microsoft Azure RSA TLS Issuing CA 03	`2024-06-13` - `2025-06-08`	a year	crt.sh
*.r2.dev E5	`2024-09-29` - `2024-12-28`	3 months	crt.sh
aadcdn.msftauth.net DigiCert SHA2 Secure Server CA	`2024-05-25` - `2025-05-25`	a year	crt.sh
*.jquery.com Sectigo ECC Domain Validation Secure Server CA	`2024-06-25` - `2025-06-25`	a year	crt.sh
identitycdn.msauth.net Microsoft Azure RSA TLS Issuing CA 08	`2024-08-31` - `2025-08-26`	a year	crt.sh
aadcdn.msauth.net DigiCert SHA2 Secure Server CA	`2024-10-29` - `2025-10-29`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://pub-952f747c80014ca091e8ee6e0a32103a.r2.dev/will.html
Frame ID: 3822504EAB21A41B8910527CFE80DE3C
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in to your account

Page URL History Show full URLs

https://r.baudoain.com/tr/cl/rxoctPlERVDMSuLOgH3mZhgYMsNhAwTWoQPoDhiPzMI0xTTOq5qA8Edu1LDH5JEgH0De2c... HTTP 302
https://yourpersonaldocs.z6.web.core.windows.net/ Page URL
https://pub-952f747c80014ca091e8ee6e0a32103a.r2.dev/will.html Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

13
Requests

100 %
HTTPS

67 %
IPv6

7
Domains

8
Subdomains

6
IPs

3
Countries

244 kB
Transfer

479 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://r.baudoain.com/tr/cl/rxoctPlERVDMSuLOgH3mZhgYMsNhAwTWoQPoDhiPzMI0xTTOq5qA8Edu1LDH5JEgH0De2cYyWNogOd41cDscr9rIpiYdWwE9Lir-O4U5-Zy3TF9mqroe0D8hWvWblzsl9BPLs3gcHCRlGZ6jNqytFddvejxBmmuOmDg0ahv1jppbS6WNFLeMlKqqTCRcn7XkYrX1m8dwQRtsPFCyY43ThZvhUvqZ9mn91Nk2qyiia0bjQVyFUK1kMH4wGDNfbtr2Tf8sOKqFmBB5beBR2nwqiP-x3fU7a71_fo77xdPgL8vvKSCYKltThlo0Mw5Vtnz6lNmAgwtvpoV7SZlhxRborWai0pilL-RlxtvRCgjzUwvKYHMz5ZFNXvG9Wg38GkrX7weuKNsUZzOXqq_EPIme3ocZXi4OqHZsE6dYP69r2xEytAZS3q6TeELjbGJrQ6FA8X_Kuw2QSbs-hrDD33v3 HTTP 302
https://yourpersonaldocs.z6.web.core.windows.net/ Page URL
https://pub-952f747c80014ca091e8ee6e0a32103a.r2.dev/will.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://r.baudoain.com/tr/cl/rxoctPlERVDMSuLOgH3mZhgYMsNhAwTWoQPoDhiPzMI0xTTOq5qA8Edu1LDH5JEgH0De2cYyWNogOd41cDscr9rIpiYdWwE9Lir-O4U5-Zy3TF9mqroe0D8hWvWblzsl9BPLs3gcHCRlGZ6jNqytFddvejxBmmuOmDg0ahv1jppbS6WNFLeMlKqqTCRcn7XkYrX1m8dwQRtsPFCyY43ThZvhUvqZ9mn91Nk2qyiia0bjQVyFUK1kMH4wGDNfbtr2Tf8sOKqFmBB5beBR2nwqiP-x3fU7a71_fo77xdPgL8vvKSCYKltThlo0Mw5Vtnz6lNmAgwtvpoV7SZlhxRborWai0pilL-RlxtvRCgjzUwvKYHMz5ZFNXvG9Wg38GkrX7weuKNsUZzOXqq_EPIme3ocZXi4OqHZsE6dYP69r2xEytAZS3q6TeELjbGJrQ6FA8X_Kuw2QSbs-hrDD33v3 HTTP 302
https://yourpersonaldocs.z6.web.core.windows.net/

13 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

/ Show response
yourpersonaldocs.z6.web.core.windows.net/
Redirect Chain

https://r.baudoain.com/tr/cl/rxoctPlERVDMSuLOgH3mZhgYMsNhAwTWoQPoDhiPzMI0xTTOq5qA8Edu1LDH5JEgH0De2cYyWNogOd41cDscr9rIpiYdWwE9Lir-O4U5-Zy3TF9mqroe0D8hWvWblzsl9BPLs3gcHCRlGZ6jNqytFddvejxBmmuOmDg0ahv1...
https://yourpersonaldocs.z6.web.core.windows.net/

9 KB
9 KB

244ms
32ms

Document
text/html

20.60.197.4
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://yourpersonaldocs.z6.web.core.windows.net/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 20.60.197.4 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: d0201dd6d8bff7339b19af571a9092564980a936c46012053a6bf10d43261e51

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
Content-Length: 8985
Content-MD5: 3K01/81TqOQqb2gFqki1cg==
Content-Type: text/html
Date: Wed, 20 Nov 2024 08:11:59 GMT
ETag: "0x8DD0869FF0F5CAE"
Last-Modified: Tue, 19 Nov 2024 07:15:50 GMT
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 68cac763-301e-0066-6123-3b32ea000000
x-ms-version: 2018-03-28

Redirect headers

content-length: 200
content-type: text/html; charset=utf-8
date: Wed, 20 Nov 2024 08:12:00 GMT
location: https://yourpersonaldocs.z6.web.core.windows.net#cHViLTk1MmY3NDdjODAwMTRjYTA5MWU4ZWU2ZTBhMzIxMDNhLnIyLmRldi93aWxsLmh0bWwjWkdWdWFYTmhMbnBsY21Wc2JHRnlhVUJoYkdKamFISnZiV1V1WVd3PQ==
x-content-type-options: nosniff
x-sib-server: gke-public-cluster-v2-1-179-112-179
x-xss-protection: 1

GET
DATA 200
OK truncated
/ 1 KB
0 Stylesheet
text/css

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 27704ae95609773ee2fb8a52b83e1a73721dd36b87f89cb9d2d265119301b51c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: text/css

GET
H2 200 apple-touch-icon.png
res.public.onecdn.static.microsoft/assets/mail/pwa/v1/pngs/ 11 KB
12 KB 144ms
23ms Image
image/png 2606:2800:233:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://res.public.onecdn.static.microsoft/assets/mail/pwa/v1/pngs/apple-touch-icon.png

Requested by

Host: yourpersonaldocs.z6.web.core.windows.net
URL: https://yourpersonaldocs.z6.web.core.windows.net/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (paa/6F11) /

Resource Hash

2344bf99eba344e5340c3a4ffca47a65ca036e7d5764e4f1fbcb8179d0fc11d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://yourpersonaldocs.z6.web.core.windows.net/

Response headers

access-control-expose-headers: date,X-Cdn-Provider,X-Ms-Request-Id
age: 393191
report-to: {"group":"NelM365CDNUpload1","max_age":604800,"endpoints":[{"url":"https://M365CDN.nel.measure.office.net/api/report?FrontEnd=VerizonCDNWorldWide&DestinationEndpoint=&ASN=16276&Country=FR&Region=&RequestIdentifier=521982794168794777210707866323732324403"}],"include_subdomains ":true}
access-control-allow-methods: GET,HEAD,OPTIONS
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-cache: HIT
x-cdn-provider: Verizon
date: Wed, 20 Nov 2024 08:12:00 GMT
content-type: image/png
last-modified: Fri, 06 Nov 2020 19:04:25 GMT
access-control-allow-headers: *
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
timing-allow-origin: *
nel: {"report_to":"NelM365CDNUpload1","max_age":604800,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
x-ms-request-id: 4f71b972-c01e-0016-4f90-379ed7000000
accept-ranges: bytes
access-control-allow-origin: *
content-length: 11231
server: ECAcc (paa/6F11)

GET
H/1.1 404
The requested content does not exist. favicon.ico
yourpersonaldocs.z6.web.core.windows.net/ 321 B
629 B 30ms
29ms Other
text/html 20.60.197.4
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://yourpersonaldocs.z6.web.core.windows.net/favicon.ico
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 20.60.197.4 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: b28f59e5d9d041494d06cbb1f88ce288445ce4b8bda0dc38fd406fa08dbac8ea

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://yourpersonaldocs.z6.web.core.windows.net/

Response headers

x-ms-request-id: 68cac87d-301e-0066-6023-3b32ea000000
Content-Length: 321
x-ms-version: 2018-03-28
Date: Wed, 20 Nov 2024 08:12:00 GMT
Content-Type: text/html
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-error-code: WebContentNotFound

GET
H/1.1 200
OK Primary Request will.html Show response
pub-952f747c80014ca091e8ee6e0a32103a.r2.dev/ 140 KB
140 KB 337ms
275ms Document
text/html 2606:4700:7::eb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-952f747c80014ca091e8ee6e0a32103a.r2.dev/will.html
Requested by: Host: yourpersonaldocs.z6.web.core.windows.net
URL: https://yourpersonaldocs.z6.web.core.windows.net/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::eb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7cf051313865e60250d27319208db1869f121fa7933865ee5f4575b8f32e629e

Request headers

Referer: https://yourpersonaldocs.z6.web.core.windows.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
CF-RAY: 8e56f9022cecd110-CDG
Connection: keep-alive
Content-Length: 143382
Content-Type: text/html
Date: Wed, 20 Nov 2024 08:12:02 GMT
ETag: "a15c6e672eea038973b6174c55d4622f"
Last-Modified: Tue, 19 Nov 2024 07:17:56 GMT
Server: cloudflare
Vary: Accept-Encoding

GET
H2 200 converged.v2.login.min_rayhgcterrtxpnvapp3erg2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 105 KB
20 KB 103ms
21ms Stylesheet
text/css 2606:2800:233:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_rayhgcterrtxpnvapp3erg2.css
Requested by: Host: pub-952f747c80014ca091e8ee6e0a32103a.r2.dev
URL: https://pub-952f747c80014ca091e8ee6e0a32103a.r2.dev/will.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (paa/6F6D) /
Resource Hash: ea6449d448a48495c557755af39701567925ceafc30e06fba05f65e723c91aa3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://pub-952f747c80014ca091e8ee6e0a32103a.r2.dev
Referer: https://pub-952f747c80014ca091e8ee6e0a32103a.r2.dev/

Response headers

content-md5: +rPQJ6BWMovrMLNrlexvKQ==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-lease-status: unlocked
etag: 0x8D88DD061D3546B
age: 1085671
x-ms-version: 2009-09-19
x-cache: HIT
date: Wed, 20 Nov 2024 08:12:02 GMT
content-type: text/css
last-modified: Sat, 21 Nov 2020 03:49:00 GMT
vary: Accept-Encoding
cache-control: public, max-age=31536000
x-ms-request-id: 9d0551de-701e-00eb-2744-31b2de000000
accept-ranges: bytes
access-control-allow-origin: *
content-length: 19595
x-ms-blob-type: BlockBlob
server: ECAcc (paa/6F6D)

GET
H2 200 converged.v2.login.min_rayhgcterrtxpnvapp3erg2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 0
0 55ms
55ms Other
text/css 2606:2800:233:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_rayhgcterrtxpnvapp3erg2.css
Requested by: Host: pub-952f747c80014ca091e8ee6e0a32103a.r2.dev
URL: https://pub-952f747c80014ca091e8ee6e0a32103a.r2.dev/will.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (paa/6F6D) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://pub-952f747c80014ca091e8ee6e0a32103a.r2.dev/

Response headers

content-md5: +rPQJ6BWMovrMLNrlexvKQ==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-lease-status: unlocked
etag: 0x8D88DD061D3546B
age: 1085671
x-ms-version: 2009-09-19
x-cache: HIT
date: Wed, 20 Nov 2024 08:12:02 GMT
content-type: text/css
last-modified: Sat, 21 Nov 2020 03:49:00 GMT
vary: Accept-Encoding
cache-control: public, max-age=31536000
x-ms-request-id: 9d0551de-701e-00eb-2744-31b2de000000
accept-ranges: bytes
access-control-allow-origin: *
content-length: 19595
x-ms-blob-type: BlockBlob
server: ECAcc (paa/6F6D)

GET
H2 200 ux.converged.login.strings-en.min_szor2ujtsn_b-ik0b744ha2.js
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 0
12 KB 89ms
22ms Other
application/x-javascript 2606:2800:233:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_szor2ujtsn_b-ik0b744ha2.js
Requested by: Host: pub-952f747c80014ca091e8ee6e0a32103a.r2.dev
URL: https://pub-952f747c80014ca091e8ee6e0a32103a.r2.dev/will.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (paa/6F06) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://pub-952f747c80014ca091e8ee6e0a32103a.r2.dev/

Response headers

content-md5: 6Qvaph3XjGlz0gTgNQb8QQ==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-lease-status: unlocked
etag: 0x8D8B274B724F769
age: 1085670
x-ms-version: 2009-09-19
x-cache: HIT
date: Wed, 20 Nov 2024 08:12:02 GMT
content-type: application/x-javascript
last-modified: Wed, 06 Jan 2021 18:56:03 GMT
vary: Accept-Encoding
cache-control: public, max-age=31536000
x-ms-request-id: f246d78e-301e-0056-1844-31a521000000
accept-ranges: bytes
access-control-allow-origin: *
content-length: 12109
x-ms-blob-type: BlockBlob
server: ECAcc (paa/6F06)

GET
H2 200 jquery-3.1.1.min.js Show response
code.jquery.com/ 85 KB
30 KB 97ms
18ms Script
application/javascript 2a04:4e42:600::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.1.1.min.js
Requested by: Host: pub-952f747c80014ca091e8ee6e0a32103a.r2.dev
URL: https://pub-952f747c80014ca091e8ee6e0a32103a.r2.dev/will.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"
Referer: https://pub-952f747c80014ca091e8ee6e0a32103a.r2.dev/

Response headers

content-encoding: gzip
etag: W/"28feccc0-152b5"
age: 2067385
x-cache: HIT, HIT
date: Wed, 20 Nov 2024 08:12:02 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
x-cache-hits: 78, 35584
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
x-served-by: cache-lga21947-LGA, cache-lcy-eglc8600077-LCY
cache-control: public, max-age=31536000, stale-while-revalidate=604800
x-timer: S1732090323.691937,VS0,VE0
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 30070
server: nginx

GET
H2 200 converged.v2.login.min_rayhgcterrtxpnvapp3erg2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 105 KB
0 96ms
96ms Stylesheet
text/css 2606:2800:233:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_rayhgcterrtxpnvapp3erg2.css
Requested by: Host: pub-952f747c80014ca091e8ee6e0a32103a.r2.dev
URL: https://pub-952f747c80014ca091e8ee6e0a32103a.r2.dev/will.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (paa/6F6D) /
Resource Hash: ea6449d448a48495c557755af39701567925ceafc30e06fba05f65e723c91aa3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://pub-952f747c80014ca091e8ee6e0a32103a.r2.dev
Referer: https://pub-952f747c80014ca091e8ee6e0a32103a.r2.dev/

Response headers

content-md5: +rPQJ6BWMovrMLNrlexvKQ==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-lease-status: unlocked
etag: 0x8D88DD061D3546B
age: 1085671
x-ms-version: 2009-09-19
x-cache: HIT
date: Wed, 20 Nov 2024 08:12:02 GMT
content-type: text/css
last-modified: Sat, 21 Nov 2020 03:49:00 GMT
vary: Accept-Encoding
cache-control: public, max-age=31536000
x-ms-request-id: 9d0551de-701e-00eb-2744-31b2de000000
accept-ranges: bytes
access-control-allow-origin: *
content-length: 19595
x-ms-blob-type: BlockBlob
server: ECAcc (paa/6F6D)

GET
H2 200 microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
logincdn.msauth.net/shared/1.0/content/images/ 4 KB
2 KB 219ms
36ms Image
image/svg+xml 2620:1ec:29:1::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://logincdn.msauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
Requested by: Host: pub-952f747c80014ca091e8ee6e0a32103a.r2.dev
URL: https://pub-952f747c80014ca091e8ee6e0a32103a.r2.dev/will.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:29:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://pub-952f747c80014ca091e8ee6e0a32103a.r2.dev/

Response headers

x-cache-info: L1_T2
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8D79ED359808AB6
x-ms-lease-status: unlocked
x-fd-int-roxy-purgeid: 79218156
x-cache: TCP_HIT
date: Wed, 20 Nov 2024 08:12:02 GMT
content-type: image/svg+xml
last-modified: Wed, 22 Jan 2020 00:38:07 GMT
cache-control: public, max-age=31536000
x-ms-request-id: c662d970-501e-0007-0baa-399098000000
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1435
x-azure-ref: 20241120T081202Z-186946656b6wls7rhC1PARg4kc00000005t000000000fcmr
x-ms-blob-type: BlockBlob

GET
H2 200 arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
aadcdn.msauth.net/ests/2.1/content/images/ 513 B
836 B 133ms
25ms Image
image/svg+xml 2620:1ec:29:1::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aadcdn.msauth.net/ests/2.1/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
Requested by: Host: pub-952f747c80014ca091e8ee6e0a32103a.r2.dev
URL: https://pub-952f747c80014ca091e8ee6e0a32103a.r2.dev/will.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:29:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://pub-952f747c80014ca091e8ee6e0a32103a.r2.dev/

Response headers

x-cache-info: L1_T2
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8D64101494758DF
x-ms-lease-status: unlocked
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
date: Wed, 20 Nov 2024 08:12:02 GMT
content-type: image/svg+xml
last-modified: Fri, 02 Nov 2018 20:25:09 GMT
cache-control: public, max-age=604800
x-ms-request-id: 7c6aae3b-c01e-003a-159f-39e683000000
accept-ranges: bytes
access-control-allow-origin: *
content-length: 276
x-azure-ref: 20241120T081202Z-186946656b6plt4zhC1PARwc0000000006c000000000hxfp
x-ms-blob-type: BlockBlob

GET
H2 200 2_bc3d32a696895f78c19df6c717586a5d.svg
aadcdn.msauth.net/shared/1.0/content/images/backgrounds/ 2 KB
1 KB 138ms
32ms Image
image/svg+xml 2620:1ec:29:1::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
Requested by: Host: pub-952f747c80014ca091e8ee6e0a32103a.r2.dev
URL: https://pub-952f747c80014ca091e8ee6e0a32103a.r2.dev/will.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:29:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://pub-952f747c80014ca091e8ee6e0a32103a.r2.dev/

Response headers

access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8D7B0071D86E386
x-ms-lease-status: unlocked
x-fd-int-roxy-purgeid: 0
x-cache: TCP_HIT
date: Wed, 20 Nov 2024 08:12:02 GMT
content-type: image/svg+xml
last-modified: Wed, 12 Feb 2020 22:01:30 GMT
cache-control: public, max-age=31536000
x-ms-request-id: 206095ac-301e-0001-3ecc-3aa327000000
accept-ranges: bytes
access-control-allow-origin: *
content-length: 673
x-azure-ref: 20241120T081202Z-186946656b6plt4zhC1PARwc0000000006c000000000hxfn
x-ms-blob-type: BlockBlob

GET
H2 200 favicon_a_eupayfgghqiai7k9sol6lg2.ico
aadcdn.msftauth.net/shared/1.0/content/images/ 17 KB
17 KB 32ms
25ms Other
image/x-icon 2606:2800:233:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (paa/6F55) /
Resource Hash: 90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://pub-952f747c80014ca091e8ee6e0a32103a.r2.dev/

Response headers

content-md5: EuPayFgGHQiAI7K9SOL6lg==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-lease-status: unlocked
x-ms-version: 2009-09-19
etag: 0x8D8731240E548EB
age: 20756399
x-cache: HIT
date: Wed, 20 Nov 2024 08:12:02 GMT
content-type: image/x-icon
last-modified: Sun, 18 Oct 2020 03:02:30 GMT
cache-control: public, max-age=31536000
x-ms-request-id: 48453b9f-a01e-00e9-275c-7e3c42000000
accept-ranges: bytes
access-control-allow-origin: *
content-length: 17174
x-ms-blob-type: BlockBlob
server: ECAcc (paa/6F55)

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://yourpersonaldocs.z6.web.core.windows.net/favicon.ico Message: Failed to load resource: the server responded with a status of 404 (The requested content does not exist.)
javascript	warning	URL: https://pub-952f747c80014ca091e8ee6e0a32103a.r2.dev/will.html Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.1.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://pub-952f747c80014ca091e8ee6e0a32103a.r2.dev/will.html Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.1.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aadcdn.msauth.net
aadcdn.msftauth.net
code.jquery.com
logincdn.msauth.net
pub-952f747c80014ca091e8ee6e0a32103a.r2.dev
r.baudoain.com
res.public.onecdn.static.microsoft
yourpersonaldocs.z6.web.core.windows.net
1.179.112.195
20.60.197.4
2606:2800:233:1cb7:261b:1f9c:2074:3c
2606:4700:7::eb
2620:1ec:29:1::45
2a04:4e42:600::649
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
2344bf99eba344e5340c3a4ffca47a65ca036e7d5764e4f1fbcb8179d0fc11d4
27704ae95609773ee2fb8a52b83e1a73721dd36b87f89cb9d2d265119301b51c
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
7cf051313865e60250d27319208db1869f121fa7933865ee5f4575b8f32e629e
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
b28f59e5d9d041494d06cbb1f88ce288445ce4b8bda0dc38fd406fa08dbac8ea
d0201dd6d8bff7339b19af571a9092564980a936c46012053a6bf10d43261e51
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea6449d448a48495c557755af39701567925ceafc30e06fba05f65e723c91aa3

pub-952f747c80014ca091e8ee6e0a32103a.r2.dev Open in urlscan Pro 2606:4700:7::eb Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

100 %HTTPS

67 %IPv6

7 Domains

8 Subdomains

6 IPs

3 Countries

244 kBTransfer

479 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

3 Console Messages

Indicators

pub-952f747c80014ca091e8ee6e0a32103a.r2.dev Open in urlscan Pro
2606:4700:7::eb Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

67 %
IPv6

7
Domains

8
Subdomains

6
IPs

3
Countries

244 kB
Transfer

479 kB
Size

0
Cookies

13 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!