login.officeonlinecom.huanyv.com Open in urlscan Pro
20.165.168.102 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://trackme.apifon.com/https%3A%2F%2Fs3-us--east--2-wasabisys-com.translate.goog%2Fdocument-share%2FDirect.html%3F_x_tr...
Effective URL:
https://login.officeonlinecom.huanyv.com/rOapBJlo
Submission: On January 20 via manual (January 20th 2023, 2:36:35 pm UTC) from SG — Scanned from NL

Summary HTTP 21 Redirects Behaviour Indicators

Summary

This website contacted 8 IPs in 5 countries across 9 domains to perform 21 HTTP transactions. The main IP is 20.165.168.102, located in Cheyenne, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is login.officeonlinecom.huanyv.com.
TLS certificate: Issued by R3 on January 20th 2023. Valid for: 3 months.

This is the only time login.officeonlinecom.huanyv.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 1	52.166.189.99 52.166.189.99	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:400d:803::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
1	20.165.168.102 20.165.168.102	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 8	2606:4700::68... 2606:4700::6812:6b9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	104.16.169.131 104.16.169.131	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	13.32.27.63 13.32.27.63	16509 (AMAZON-02) (AMAZON-02)
1	65.9.66.97 65.9.66.97	16509 (AMAZON-02) (AMAZON-02)
21	8

1 52.166.189.99 (Amsterdam, Netherlands) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

trackme.apifon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:803::2001 (Ireland)

ASN15169 (GOOGLE, US)

s3-us--east--2-wasabisys-com.translate.goog	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

translate.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.165.168.102 (Cheyenne, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

login.officeonlinecom.huanyv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700::6812:6b9 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

challenges.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 104.16.169.131 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hcaptcha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
newassets.hcaptcha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
hcaptcha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.27.63 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-63.fra56.r.cloudfront.net

findicons.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.66.97 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-97.fra56.r.cloudfront.net

images.freeimages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	hcaptcha.com js.hcaptcha.com — Cisco Umbrella Rank: 14004 newassets.hcaptcha.com — Cisco Umbrella Rank: 11100 hcaptcha.com — Cisco Umbrella Rank: 4768	721 KB
8	cloudflare.com 1 redirects challenges.cloudflare.com — Cisco Umbrella Rank: 14323	84 KB
2	gstatic.com www.gstatic.com	35 KB
1	freeimages.com images.freeimages.com — Cisco Umbrella Rank: 162589	605 B
1	findicons.com 1 redirects findicons.com — Cisco Umbrella Rank: 254450	308 B
1	huanyv.com login.officeonlinecom.huanyv.com	21 KB
1	google.com translate.google.com — Cisco Umbrella Rank: 1178	26 KB
1	translate.goog s3-us--east--2-wasabisys-com.translate.goog	1 KB
1	apifon.com 1 redirects trackme.apifon.com	333 B
21	9

	Domain	Requested by
8	challenges.cloudflare.com	1 redirects login.officeonlinecom.huanyv.com challenges.cloudflare.com s3-us--east--2-wasabisys-com.translate.goog
6	newassets.hcaptcha.com	js.hcaptcha.com newassets.hcaptcha.com
2	www.gstatic.com	s3-us--east--2-wasabisys-com.translate.goog
1	hcaptcha.com	newassets.hcaptcha.com
1	images.freeimages.com	login.officeonlinecom.huanyv.com
1	findicons.com	1 redirects
1	js.hcaptcha.com	login.officeonlinecom.huanyv.com
1	login.officeonlinecom.huanyv.com	s3-us--east--2-wasabisys-com.translate.goog
1	translate.google.com	s3-us--east--2-wasabisys-com.translate.goog
1	s3-us--east--2-wasabisys-com.translate.goog
1	trackme.apifon.com	1 redirects
21	11

This site contains no links.

Subject Issuer	Validity	Valid
*.googleusercontent.com GTS CA 1C3	`2023-01-02` - `2023-03-27`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-01-02` - `2023-03-27`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-01-02` - `2023-03-27`	3 months	crt.sh
login.officeonlinecom.huanyv.com R3	`2023-01-20` - `2023-04-20`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-15` - `2023-05-15`	a year	crt.sh
challenges.cloudflare.com Cloudflare Inc ECC CA-3	`2022-09-18` - `2023-09-17`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://login.officeonlinecom.huanyv.com/rOapBJlo
Frame ID: 51C3931EEF6D8EA2AF4277AD4EB310CD
Requests: 8 HTTP requests in this frame

Frame: https://newassets.hcaptcha.com/captcha/v1/48ebaaf/static/hcaptcha.html
Frame ID: 281C33235EEF3BBC5FA6BB39E5FF54E2
Requests: 4 HTTP requests in this frame

Frame: https://newassets.hcaptcha.com/captcha/v1/48ebaaf/static/hcaptcha.html
Frame ID: 5DCB877C1D9E0C9FC72E877F7FF6D8B4
Requests: 4 HTTP requests in this frame

Frame: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/sqexp/0x4AAAAAAACEYjV0sPrYrFuP/auto/normal
Frame ID: 5108C18475E39FDE61DE116432DFB7E5
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Just a moment...

Page URL History Show full URLs

https://trackme.apifon.com/https%3A%2F%2Fs3-us--east--2-wasabisys-com.translate.goog%2Fdocument-share%2... HTTP 302
https://s3-us--east--2-wasabisys-com.translate.goog/document-share/Direct.html?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp Page URL
https://login.officeonlinecom.huanyv.com/rOapBJlo Page URL

Page Statistics

21
Requests

90 %
HTTPS

44 %
IPv6

9
Domains

11
Subdomains

8
IPs

5
Countries

888 kB
Transfer

2302 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://trackme.apifon.com/https%3A%2F%2Fs3-us--east--2-wasabisys-com.translate.goog%2Fdocument-share%2FDirect.html%3F_x_tr_sl%3Dauto%26_x_tr_tl%3Den%26_x_tr_hl%3Den%26_x_tr_pto%3Dwapp%23alex.gordon-finlayson%40prudentialplc.com/WlFCQng0c3J3TVU5Yk5kR1d6SmVQb0VpUGhWYkZLcjZTLXlpN1hyclpBaUJCdlpDUzUtRTNiUndXa3pCUTRoTTNPX01vZTdyUnMtSXdMZjJES0RTNXc9PQ/TklaOHFmS1JCdTFEamxrSHBzTkhQZmd4V1JkU0xJeVdFZExPb1BsVGIzST0/UXkzMG9oYkVPYmZBbFprdFlLSVFreXhRMmdRTnk4a3BBMXpkWnRNYmF3Nm85N1FzaEo2Tm90V0lyX1NrNG5CTg HTTP 302
https://s3-us--east--2-wasabisys-com.translate.goog/document-share/Direct.html?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp Page URL
https://login.officeonlinecom.huanyv.com/rOapBJlo Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://trackme.apifon.com/https%3A%2F%2Fs3-us--east--2-wasabisys-com.translate.goog%2Fdocument-share%2FDirect.html%3F_x_tr_sl%3Dauto%26_x_tr_tl%3Den%26_x_tr_hl%3Den%26_x_tr_pto%3Dwapp%23alex.gordon-finlayson%40prudentialplc.com/WlFCQng0c3J3TVU5Yk5kR1d6SmVQb0VpUGhWYkZLcjZTLXlpN1hyclpBaUJCdlpDUzUtRTNiUndXa3pCUTRoTTNPX01vZTdyUnMtSXdMZjJES0RTNXc9PQ/TklaOHFmS1JCdTFEamxrSHBzTkhQZmd4V1JkU0xJeVdFZExPb1BsVGIzST0/UXkzMG9oYkVPYmZBbFprdFlLSVFreXhRMmdRTnk4a3BBMXpkWnRNYmF3Nm85N1FzaEo2Tm90V0lyX1NrNG5CTg HTTP 302
https://s3-us--east--2-wasabisys-com.translate.goog/document-share/Direct.html?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp

Request Chain 4

https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP 302
https://challenges.cloudflare.com/turnstile/v0/g/c595c5c5/api.js?onload=onloadTurnstileCallback

Request Chain 6

https://findicons.com/files/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png HTTP 301
https://images.freeimages.com/fic/images/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png?ref=findicons

21 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Direct.html
s3-us--east--2-wasabisys-com.translate.goog/document-share/
Redirect Chain

https://trackme.apifon.com/https%3A%2F%2Fs3-us--east--2-wasabisys-com.translate.goog%2Fdocument-share%2FDirect.html%3F_x_tr_sl%3Dauto%26_x_tr_tl%3Den%26_x_tr_hl%3Den%26_x_tr_pto%3Dwapp%23alex.gordo...
https://s3-us--east--2-wasabisys-com.translate.goog/document-share/Direct.html?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp

2 KB
1 KB

580ms
442ms

Document
text/html

2a00:1450:400d:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s3-us--east--2-wasabisys-com.translate.goog/document-share/Direct.html?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors *.translate.goog
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-security-policy: frame-ancestors *.translate.goog
content-type: text/html
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Fri, 20 Jan 2023 14:36:30 GMT
expires: Fri, 20 Jan 2023 14:36:30 GMT
last-modified: Fri, 20 Jan 2023 09:04:11 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
server: ESF
x-content-type-options: nosniff
x-robots-tag: none
x-xss-protection: 0

Redirect headers

Connection: Keep-Alive
Content-Length: 0
Date: Fri, 20 Jan 2023 14:36:29 GMT
Keep-Alive: timeout=5, max=100
Location: https://s3-us--east--2-wasabisys-com.translate.goog/document-share/Direct.html?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp#alex.gordon-finlayson@prudentialplc.com
Server: Apache

GET
H2 200 m=ajaxproxy
www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.nl.vdhk0GhArrQ.O/d=1/rs=AN8SPfosN9kI5IWqIj6K48tfhRK64wmPDA/ 69 KB
24 KB 69ms
20ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.nl.vdhk0GhArrQ.O/d=1/rs=AN8SPfosN9kI5IWqIj6K48tfhRK64wmPDA/m=ajaxproxy

Requested by

Host: s3-us--east--2-wasabisys-com.translate.goog
URL: https://s3-us--east--2-wasabisys-com.translate.goog/document-share/Direct.html?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s3-us--east--2-wasabisys-com.translate.goog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Sun, 15 Jan 2023 02:40:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 474958
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24053
x-xss-protection: 0
last-modified: Wed, 07 Dec 2022 22:10:10 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="rosetta"
vary: Accept-Encoding
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 15 Jan 2024 02:40:32 GMT

GET
H2 200 m=navigationui
www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.nl.vdhk0GhArrQ.O/d=1/exm=ajaxproxy/ed=1/rs=AN8SPfosN9kI5IWqIj6K48tfhRK64wmPDA/ 26 KB
10 KB 89ms
41ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.nl.vdhk0GhArrQ.O/d=1/exm=ajaxproxy/ed=1/rs=AN8SPfosN9kI5IWqIj6K48tfhRK64wmPDA/m=navigationui

Requested by

Host: s3-us--east--2-wasabisys-com.translate.goog
URL: https://s3-us--east--2-wasabisys-com.translate.goog/document-share/Direct.html?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s3-us--east--2-wasabisys-com.translate.goog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 19 Jan 2023 21:30:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61537
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10570
x-xss-protection: 0
last-modified: Wed, 07 Dec 2022 22:10:10 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="rosetta"
vary: Accept-Encoding
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 19 Jan 2024 21:30:53 GMT

GET
H2 200 element.js
translate.google.com/translate_a/ 75 KB
26 KB 84ms
35ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.google.com/translate_a/element.js?cb=gtElInit&hl=en&client=wt

Requested by

Host: s3-us--east--2-wasabisys-com.translate.goog
URL: https://s3-us--east--2-wasabisys-com.translate.goog/document-share/Direct.html?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s3-us--east--2-wasabisys-com.translate.goog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 20 Jan 2023 14:36:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK Primary Request rOapBJlo Show response
login.officeonlinecom.huanyv.com/ 21 KB
21 KB 735ms
140ms Document
text/html 20.165.168.102
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://login.officeonlinecom.huanyv.com/rOapBJlo
Requested by: Host: s3-us--east--2-wasabisys-com.translate.goog
URL: https://s3-us--east--2-wasabisys-com.translate.goog/document-share/Direct.html?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 20.165.168.102 Cheyenne, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 8f110581c55e2cdf36367e4c5f5c5622c873f582f194b1fc173f989dbe4a88ae

Request headers

Referer: https://s3-us--east--2-wasabisys-com.translate.goog/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

Connection: close
Content-Type: text/html
Transfer-Encoding: chunked

GET
H2

200

api.js Show response
challenges.cloudflare.com/turnstile/v0/g/c595c5c5/
Redirect Chain

https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
https://challenges.cloudflare.com/turnstile/v0/g/c595c5c5/api.js?onload=onloadTurnstileCallback

11 KB
4 KB

45ms
44ms

Script
application/javascript

2606:4700::6812:6b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/turnstile/v0/g/c595c5c5/api.js?onload=onloadTurnstileCallback
Requested by: Host: login.officeonlinecom.huanyv.com
URL: https://login.officeonlinecom.huanyv.com/rOapBJlo
Protocol: H2
Server: 2606:4700::6812:6b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a1a687b2ed20a53ba5e9c3a58e56bef166bc4457cba16ec566885e910c549321

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://login.officeonlinecom.huanyv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 20 Jan 2023 14:36:31 GMT
content-encoding: br
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=31536000
cf-ray: 78c88af74f9a9bfa-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

location: /turnstile/v0/g/c595c5c5/api.js?onload=onloadTurnstileCallback
date: Fri, 20 Jan 2023 14:36:31 GMT
cache-control: max-age=300, public
server: cloudflare
cf-ray: 78c88af71f279bfa-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
vary: accept-encoding

GET
H2 200 api.js Show response
js.hcaptcha.com/1/ 284 KB
80 KB 81ms
29ms Script
application/javascript 104.16.169.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hcaptcha.com/1/api.js

Requested by

Host: login.officeonlinecom.huanyv.com
URL: https://login.officeonlinecom.huanyv.com/rOapBJlo

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0ad6ae536ba6962f01e5ef77d5daadf8e73f80847fb50c1ab5d95a14e5d34c10

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://login.officeonlinecom.huanyv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 20 Jan 2023 14:36:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 934706f40ffde6f857deae8d024c1192.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
x-amz-cf-pop: FRA56-P4
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 27 Dec 2022 13:52:50 GMT
server: cloudflare
etag: W/"6f882143f7e3a0802a1c7633f8b11933"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=120
cf-ray: 78c88af71e679048-FRA
x-amz-cf-id: z5-tnoQBJXwNdxmr_fPZV0-AMm5zSXZrTe3pNyVfgax1R3mdAAaJeA==

GET
H2

200

microsoft_new_logo_alt.png
images.freeimages.com/fic/images/icons/2796/metro_uinvert_dock/64/
Redirect Chain

https://findicons.com/files/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png
https://images.freeimages.com/fic/images/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png?ref=findicons

254 B
605 B

73ms
20ms

Image
image/png

65.9.66.97
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.freeimages.com/fic/images/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png?ref=findicons
Requested by: Host: login.officeonlinecom.huanyv.com
URL: https://login.officeonlinecom.huanyv.com/rOapBJlo
Protocol: H2
Server: 65.9.66.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-97.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2267d1822dbefc10c25e17d1fa4a6d9331e5a126e2483c5aff542d6107ebca36

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://login.officeonlinecom.huanyv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 16 Jan 2023 14:47:35 GMT
via: 1.1 b3dc72c60418e8887de31f772538f118.cloudfront.net (CloudFront)
last-modified: Tue, 20 Dec 2022 05:17:19 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 344936
etag: "57ab754695eb0a2c74201ecd6948c12f"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 254
x-amz-cf-id: eJp5OPNd8OVVjD9d_pRPKheWLXf7kb12UQLd5i7hqFgG55ws3jrwkA==

Redirect headers

date: Mon, 16 Jan 2023 16:11:49 GMT
via: 1.1 0363fab377de19b9b4f85394469f6fca.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA56-C2
age: 339882
x-cache: Hit from cloudfront
location: https://images.freeimages.com/fic/images/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png?ref=findicons
content-length: 0
x-amz-cf-id: 8UYw3Ui3WuVcb-tLO8bTavvQA5SxZ_wGwjoPTJpczBI2NOF3FOmFwg==

GET
H2 200 hcaptcha.html Show response
newassets.hcaptcha.com/captcha/v1/48ebaaf/static/ Frame 281C 2 KB
1007 B 52ms
42ms Document
text/html 104.16.169.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://newassets.hcaptcha.com/captcha/v1/48ebaaf/static/hcaptcha.html

Requested by

Host: js.hcaptcha.com
URL: https://js.hcaptcha.com/1/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4e0da66f57636c3f2497d598db5c163cdd1450affc8fcf3be9d9095a4d629a2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://login.officeonlinecom.huanyv.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

access-control-allow-origin: *
age: 2003366
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=1209600
cf-cache-status: HIT
cf-ray: 78c88af79f419048-FRA
content-encoding: gzip
content-type: text/html
date: Fri, 20 Jan 2023 14:36:31 GMT
last-modified: Tue, 27 Dec 2022 13:52:50 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 a823be133adad65df6d3bf471a742792.cloudfront.net (CloudFront)
x-amz-cf-id: f7vpPAezIVbeLbe7kxd5Gd_Z8eUjtnZtOywd6p2O1ZMfwFlfBVs8eA==
x-amz-cf-pop: FRA56-P4
x-cache: Hit from cloudfront
x-content-type-options: nosniff

GET
H2 200 hcaptcha.html Show response
newassets.hcaptcha.com/captcha/v1/48ebaaf/static/ Frame 5DCB 2 KB
885 B 52ms
43ms Document
text/html 104.16.169.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://newassets.hcaptcha.com/captcha/v1/48ebaaf/static/hcaptcha.html

Requested by

Host: js.hcaptcha.com
URL: https://js.hcaptcha.com/1/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4e0da66f57636c3f2497d598db5c163cdd1450affc8fcf3be9d9095a4d629a2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://login.officeonlinecom.huanyv.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

access-control-allow-origin: *
age: 2003366
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=1209600
cf-cache-status: HIT
cf-ray: 78c88af79f3f9048-FRA
content-encoding: gzip
content-type: text/html
date: Fri, 20 Jan 2023 14:36:31 GMT
last-modified: Tue, 27 Dec 2022 13:52:50 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 a823be133adad65df6d3bf471a742792.cloudfront.net (CloudFront)
x-amz-cf-id: f7vpPAezIVbeLbe7kxd5Gd_Z8eUjtnZtOywd6p2O1ZMfwFlfBVs8eA==
x-amz-cf-pop: FRA56-P4
x-cache: Hit from cloudfront
x-content-type-options: nosniff

GET
H3 200 normal Show response
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/sqexp/0x4AAAAAAACEYjV0sPrYrFuP/auto/ Frame 5108 19 KB
7 KB 44ms
44ms Document
text/html 2606:4700::6812:6b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/sqexp/0x4AAAAAAACEYjV0sPrYrFuP/auto/normal
Requested by: Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:6b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7230cfc93d91e94894f4cb023e9ccdfd7af0041761aaa06e07fc538ea740a809

Request headers

Referer: https://login.officeonlinecom.huanyv.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=0, must-revalidate
cf-ray: 78c88af7989b929b-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
date: Fri, 20 Jan 2023 14:36:31 GMT
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare

GET
H3 200 v1 Show response
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/ Frame 5108 55 KB
24 KB 38ms
38ms Script
application/javascript 2606:4700::6812:6b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=78c88af7989b929b
Requested by: Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/sqexp/0x4AAAAAAACEYjV0sPrYrFuP/auto/normal
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:6b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c3e261d23c64f2210d23138253f0bb0bf658d792d10f9681c5cdce0d8026e29f

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/sqexp/0x4AAAAAAACEYjV0sPrYrFuP/auto/normal
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 20 Jan 2023 14:36:31 GMT
cache-control: max-age=0, must-revalidate
content-encoding: br
server: cloudflare
cf-ray: 78c88af7f92e929b-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-type: application/javascript; charset=UTF-8

GET
H2 200 hcaptcha.js Show response
newassets.hcaptcha.com/captcha/v1/48ebaaf/ Frame 281C 284 KB
80 KB 32ms
31ms Script
application/javascript 104.16.169.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://newassets.hcaptcha.com/captcha/v1/48ebaaf/hcaptcha.js

Requested by

Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/48ebaaf/static/hcaptcha.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0ad6ae536ba6962f01e5ef77d5daadf8e73f80847fb50c1ab5d95a14e5d34c10

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://newassets.hcaptcha.com/captcha/v1/48ebaaf/static/hcaptcha.html
Origin: https://newassets.hcaptcha.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 20 Jan 2023 14:36:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 934706f40ffde6f857deae8d024c1192.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: gzip
x-content-type-options: nosniff
age: 27013
x-amz-cf-pop: FRA56-P4
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 27 Dec 2022 13:52:50 GMT
server: cloudflare
etag: W/"6f882143f7e3a0802a1c7633f8b11933"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=1209600
cf-ray: 78c88af8083f9048-FRA
x-amz-cf-id: z5-tnoQBJXwNdxmr_fPZV0-AMm5zSXZrTe3pNyVfgax1R3mdAAaJeA==

GET
H2 200 hcaptcha.js Show response
newassets.hcaptcha.com/captcha/v1/48ebaaf/ Frame 5DCB 284 KB
80 KB 39ms
39ms Script
application/javascript 104.16.169.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://newassets.hcaptcha.com/captcha/v1/48ebaaf/hcaptcha.js

Requested by

Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/48ebaaf/static/hcaptcha.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0ad6ae536ba6962f01e5ef77d5daadf8e73f80847fb50c1ab5d95a14e5d34c10

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://newassets.hcaptcha.com/captcha/v1/48ebaaf/static/hcaptcha.html
Origin: https://newassets.hcaptcha.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 20 Jan 2023 14:36:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 934706f40ffde6f857deae8d024c1192.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: gzip
x-content-type-options: nosniff
age: 27013
x-amz-cf-pop: FRA56-P4
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 27 Dec 2022 13:52:50 GMT
server: cloudflare
etag: W/"6f882143f7e3a0802a1c7633f8b11933"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=1209600
cf-ray: 78c88af808429048-FRA
x-amz-cf-id: z5-tnoQBJXwNdxmr_fPZV0-AMm5zSXZrTe3pNyVfgax1R3mdAAaJeA==

GET
DATA 200
OK truncated
/ Frame 5DCB 798 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 57cafa49fb677c3f09d6e90b051917d10e7bb54e83102a25f3d32b06e8fa59a7

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type: image/png

POST
H2 200 checksiteconfig Show response
hcaptcha.com/ Frame 5DCB 554 B
810 B 62ms
53ms XHR
application/json 104.16.169.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hcaptcha.com/checksiteconfig?v=48ebaaf&host=login.officeonlinecom.huanyv.com&sitekey=234adb2f-52ba-4697-82fa-abecbb14b173&sc=1&swa=1

Requested by

Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/48ebaaf/hcaptcha.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0944fd3e503076260bbc5c5cdc92773b57d43d621f72e03a1bc2109b7b38c97a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: https://newassets.hcaptcha.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 20 Jan 2023 14:36:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
server: cloudflare
vary: Origin, Accept-Encoding
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://newassets.hcaptcha.com
access-control-allow-credentials: true
cf-ray: 78c88af8b9a29048-FRA
access-control-allow-headers: Cache-Control, Content-Type, DNT, Referer, User-Agent, challenge-bypass-token, cf-chl-bypass, challenge-bypass-token, challenge-bypass-host, challenge-bypass-path
cf-chl-bypass: 2
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 hsw.js Show response
newassets.hcaptcha.com/c/b1686a2/ Frame 281C 957 KB
359 KB 29ms
28ms Script
application/javascript 104.16.169.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://newassets.hcaptcha.com/c/b1686a2/hsw.js

Requested by

Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/48ebaaf/hcaptcha.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8c49a6c383b42b973c33d43316fa2cb5109edda97b2f2533881e8d353990949a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://newassets.hcaptcha.com/captcha/v1/48ebaaf/static/hcaptcha.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 20 Jan 2023 14:36:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 2c29bb35ddacc1dc2616fe65bdf5122e.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: gzip
x-content-type-options: nosniff
age: 201543
x-amz-cf-pop: FRA56-P4
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 23 Dec 2022 10:03:04 GMT
server: cloudflare
etag: W/"e27dcce9bea0c18f927485b6892b2b7b"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=1209600
cf-ray: 78c88af919efbb89-FRA
x-amz-cf-id: vmnkThFM0ENq2A4Pw8KKt7VC6N1gTGwBbaqrLQQCItAicgY5Alcwjw==

POST
H3 200 7f690a624174c6f Show response
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/0.27837341583528913:1674223642:PwL7lDVmS-WFKpg6K8E2ptvdiChjEVyNKgTB_uKvm2E/78c88af7989b929b/ Frame 5108 91 KB
47 KB 79ms
79ms XHR
text/plain 2606:4700::6812:6b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/0.27837341583528913:1674223642:PwL7lDVmS-WFKpg6K8E2ptvdiChjEVyNKgTB_uKvm2E/78c88af7989b929b/7f690a624174c6f
Requested by: Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=78c88af7989b929b
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:6b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fa3c031ab7256703bd0b001eb8e576ca044b1810fda7a5a373398590743eea55

Request headers

Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/sqexp/0x4AAAAAAACEYjV0sPrYrFuP/auto/normal
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
CF-Challenge: 7f690a624174c6f
Content-type: application/x-www-form-urlencoded

Response headers

date: Fri, 20 Jan 2023 14:36:31 GMT
content-encoding: br
cf_chl_gen: +zwPlI9F5eVdrz3seLFkBOdmzYLRIKniFpyRveVL21UduhgLWSdO+z9vDF1Q1E/bK8Pcs5qiQbS7i8imtLbaGUK9fcCB4mZTK4US/zdsqAHrjFbT59fso/cpFZNQFIIkEx2jMhRqG9o2J+zq4zIuJRezu+eDizenSK2n70NVyfzlvh90O9ihkQCRb35F0c5X2Pb1CnFK7vsnpP8wSqc2RlPDzITYjt1V0f1RSh9bA8BRHKJpto7UuTaXe+RcwbrFVa/FMYISGvYLAejq6luX/8SGm7RStdL+XUK0ksNK89q0EFtVmdm/7CryTPadgvC0DH0NdmdYIexZX8MK/noCHbXrajgVS0O+uxVhTIKv2IU=$pK25TnJZm8Fl+ABNdooyVw==
server: cloudflare
cf-ray: 78c88af95b50929b-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-type: text/plain; charset=UTF-8

GET
H3 200 e Show response
newassets.hcaptcha.com/i/b1686a2/ Frame 281C 119 KB
119 KB 28ms
27ms XHR
application/octet-stream 104.16.169.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://newassets.hcaptcha.com/i/b1686a2/e

Requested by

Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/48ebaaf/hcaptcha.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cd3947f47b01a151abd8b9f003e6b406e0d3408e2a904c15649e77103d7d171a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://newassets.hcaptcha.com/captcha/v1/48ebaaf/static/hcaptcha.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 20 Jan 2023 14:36:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 ab23076896ec73a1a830c9cdc49fcac4.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-content-type-options: nosniff
age: 205695
x-amz-cf-pop: FRA56-P4
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 121651
last-modified: Fri, 23 Dec 2022 10:03:03 GMT
server: cloudflare
etag: "a4b1a83872a261cc5f82c62400df3719"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=1209600
accept-ranges: bytes
cf-ray: 78c88afb1e28bb89-FRA
x-amz-cf-id: 2L3IudZVNnoBvYX1AIZ0sYuJhpsslWXORO9ymA_0lTAcmrnb4_dxGg==

GET
H3 200 Ag7IEe03cBW7Qay
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/img/78c88af7989b929b/1674225391593/ Frame 5108 61 B
166 B 32ms
32ms Image
image/png 2606:4700::6812:6b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/img/78c88af7989b929b/1674225391593/Ag7IEe03cBW7Qay
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:6b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 866c7e8e3e0a97b5f8b3a235d00ba65cba9aab5c2537db1e75874f79186f3094

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/sqexp/0x4AAAAAAACEYjV0sPrYrFuP/auto/normal
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 20 Jan 2023 14:36:32 GMT
server: cloudflare
cf-ray: 78c88b0179dd929b-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-type: image/png

GET
H3 401 Mz2Yx_t32poJE08 Show response
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/78c88af7989b929b/1674225391609/8ff8f00f10916519d4f4e94f1e726e95f8bf40d342d48bde6167b7b216a1c935/ Frame 5108 1 B
649 B 31ms
31ms Fetch
text/plain 2606:4700::6812:6b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/78c88af7989b929b/1674225391609/8ff8f00f10916519d4f4e94f1e726e95f8bf40d342d48bde6167b7b216a1c935/Mz2Yx_t32poJE08
Requested by: Host: s3-us--east--2-wasabisys-com.translate.goog
URL: https://s3-us--east--2-wasabisys-com.translate.goog/document-share/Direct.html?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:6b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/sqexp/0x4AAAAAAACEYjV0sPrYrFuP/auto/normal
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 20 Jan 2023 14:36:32 GMT
www-authenticate: PrivateToken challenge=AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gj_jwDxCRZRnU9OlPHnJulfi_QNNC1IveYWe3shahyTUAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=, token-key=MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEA2luiYIFOx77KVWnues8qQ4goMrIsSyn7F2Nywmz4ePz-bHnji7XCWx4eAEa9QCjXznu3duRoDAEywkOAwYdx1w5O0B8EwNfVyUrZ-l0ODUZqAwYJxvRoSuPyGFxd2YWnXUFQQ4_EMleml_r7163EWMNkoDlvhen9ern16yp63UnDZ3ugHuJjymFj1UzE-Y6-uT2WaOIPyHKO8jsIWyCBcp-8b_l54jXrcNOgSLY4QFjwJ05eOwxj8sIO1dZur9SN6ql8ak07M0PHzv863sL0oT48aS_8OjopPN0CWWiFXgBklSI-0bWE-Q_o8YQHG9IB13YhUIy7Cw-xu8nE3hK6KQIDAQAB, max-age=15
server: cloudflare
cf-ray: 78c88b01aa52929b-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-type: text/plain; charset=UTF-8

POST
H3 200 7f690a624174c6f Show response
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/0.27837341583528913:1674223642:PwL7lDVmS-WFKpg6K8E2ptvdiChjEVyNKgTB_uKvm2E/78c88af7989b929b/ Frame 5108 880 B
1 KB 64ms
63ms XHR
text/html 2606:4700::6812:6b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/0.27837341583528913:1674223642:PwL7lDVmS-WFKpg6K8E2ptvdiChjEVyNKgTB_uKvm2E/78c88af7989b929b/7f690a624174c6f
Requested by: Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=78c88af7989b929b
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:6b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4b78d9d8e38e85a03ebed99a5b8bea907ec2d76898ed88d196abbe9506d19591

Request headers

Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/sqexp/0x4AAAAAAACEYjV0sPrYrFuP/auto/normal
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
CF-Challenge: 7f690a624174c6f
Content-type: application/x-www-form-urlencoded

Response headers

date: Fri, 20 Jan 2023 14:36:33 GMT
content-encoding: br
server: cloudflare
cf_chl_out: hDg2umEGBKaBYtx3mGUEKKd/kAK+q0RJWEkG1aQKfHUmB/DEX4Cdf9WR8+/BY0TOzM2CElBo9sGeZWjU3JvmmQ==$tbavKauQ0h9Vdtt6srkB/Q==
content-type: text/html; charset=UTF-8
cf_chl_out_s: oFDSjJKRTTeKorKTRFQwTOWW8obzA32flSyHHajMLZJJ/B54o7e8DLNSjgiJCbevMAg3Xjy3y6eO6iJIz8QJWHdrHz7hx+vbxpOsZ7SvsCjZm219u+1h4DgCVNJCu+aQrKBzncyLH5PWJXl4pY2d+dx9NhmGSq5kWDH5TmQoQatJllm3aye0TpqR6tZsXvWIn4xVc0tFbDJLQpFdLB/zoU4Vqh+ajsqnHAyCbmIvS3Rzlbb4SdqN6S68JfgghtKdySz2TRXs616aMqZ0LpMHumSGxH6a7baSypLTTFEQqUiOgu5YvJ51pJ+q0ubhDaX68a4h/JzdV28toyYxNb9MsO6H7GwFD3371BWSFKm3/xE=$GcS6wgcJHEPC5fQlV8pgYA==
cf-ray: 78c88b021b1e929b-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.officeonlinecom.huanyv.com/	1970-01-20 09:03:48	Name: WQcc Value: af4b7ad072edb889a36c71fbe552eeb6bb67da2058afa968a1ba35fb8fe55a4b
			.challenges.cloudflare.com/	1970-01-20 09:03:47	Name: __cf_bm Value: agMIZbhdPRkDJKKcSZiTX33hXx3PVt.xtiJ8MmIUNMA-1674225391-0-AUeMbJnFM453szGAZhE3z9OZVkeHomPu55uX6NQVS4uNr2lroU3FA1NADvFl1Ii8HJsvKG1MNcgsGgdUXVHAnUU=

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
network	error	URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/78c88af7989b929b/1674225391609/8ff8f00f10916519d4f4e94f1e726e95f8bf40d342d48bde6167b7b216a1c935/Mz2Yx_t32poJE08 Message: Failed to load resource: the server responded with a status of 401 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors *.translate.goog
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

challenges.cloudflare.com
findicons.com
hcaptcha.com
images.freeimages.com
js.hcaptcha.com
login.officeonlinecom.huanyv.com
newassets.hcaptcha.com
s3-us--east--2-wasabisys-com.translate.goog
trackme.apifon.com
translate.google.com
www.gstatic.com
104.16.169.131
13.32.27.63
20.165.168.102
2606:4700::6812:6b9
2a00:1450:4001:827::200e
2a00:1450:4001:82a::2003
2a00:1450:400d:803::2001
52.166.189.99
65.9.66.97
0944fd3e503076260bbc5c5cdc92773b57d43d621f72e03a1bc2109b7b38c97a
0ad6ae536ba6962f01e5ef77d5daadf8e73f80847fb50c1ab5d95a14e5d34c10
2267d1822dbefc10c25e17d1fa4a6d9331e5a126e2483c5aff542d6107ebca36
4b78d9d8e38e85a03ebed99a5b8bea907ec2d76898ed88d196abbe9506d19591
4e0da66f57636c3f2497d598db5c163cdd1450affc8fcf3be9d9095a4d629a2a
57cafa49fb677c3f09d6e90b051917d10e7bb54e83102a25f3d32b06e8fa59a7
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5
7230cfc93d91e94894f4cb023e9ccdfd7af0041761aaa06e07fc538ea740a809
866c7e8e3e0a97b5f8b3a235d00ba65cba9aab5c2537db1e75874f79186f3094
8c49a6c383b42b973c33d43316fa2cb5109edda97b2f2533881e8d353990949a
8f110581c55e2cdf36367e4c5f5c5622c873f582f194b1fc173f989dbe4a88ae
a1a687b2ed20a53ba5e9c3a58e56bef166bc4457cba16ec566885e910c549321
c3e261d23c64f2210d23138253f0bb0bf658d792d10f9681c5cdce0d8026e29f
cd3947f47b01a151abd8b9f003e6b406e0d3408e2a904c15649e77103d7d171a
fa3c031ab7256703bd0b001eb8e576ca044b1810fda7a5a373398590743eea55

login.officeonlinecom.huanyv.com Open in urlscan Pro 20.165.168.102 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

21 Requests

90 %HTTPS

44 %IPv6

9 Domains

11 Subdomains

8 IPs

5 Countries

888 kBTransfer

2302 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

16 JavaScript Global Variables

2 Cookies

2 Console Messages

Security Headers

Indicators

login.officeonlinecom.huanyv.com Open in urlscan Pro
20.165.168.102 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

90 %
HTTPS

44 %
IPv6

9
Domains

11
Subdomains

8
IPs

5
Countries

888 kB
Transfer

2302 kB
Size

2
Cookies

21 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!