lyondellbasell-login.microsoftonline.nsaoixvwszw.click
Open in
urlscan Pro
137.184.127.24
Malicious Activity!
Public Scan
Effective URL: https://lyondellbasell-login.microsoftonline.nsaoixvwszw.click/Applicationview/a258c86006322b5d9b44524c2bb18747/65da078c63e77c1b22119186
Submission: On February 26 via manual from US — Scanned from ES
Summary
TLS certificate: Issued by R3 on February 26th 2024. Valid for: 3 months.
This is the only time lyondellbasell-login.microsoftonline.nsaoixvwszw.click was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Sharepoint (Online) Microsoft (Consumer) OneDrive (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 3 | 142.250.185.227 142.250.185.227 | 15169 (GOOGLE) (GOOGLE) | |
1 1 | 142.250.186.163 142.250.186.163 | 15169 (GOOGLE) (GOOGLE) | |
2 2 | 142.250.184.227 142.250.184.227 | 15169 (GOOGLE) (GOOGLE) | |
3 3 | 172.217.18.99 172.217.18.99 | 15169 (GOOGLE) (GOOGLE) | |
1 1 | 104.20.138.65 104.20.138.65 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 2 | 104.21.51.112 104.21.51.112 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 2 | 142.250.186.164 142.250.186.164 | 15169 (GOOGLE) (GOOGLE) | |
6 17 | 137.184.127.24 137.184.127.24 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
2 | 142.250.184.202 142.250.184.202 | 15169 (GOOGLE) (GOOGLE) | |
3 | 104.18.11.207 104.18.11.207 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 152.199.19.161 152.199.19.161 | 15133 (EDGECAST) (EDGECAST) | |
2 | 151.101.66.137 151.101.66.137 | 54113 (FASTLY) (FASTLY) | |
1 | 104.17.25.14 104.17.25.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 13.107.213.60 13.107.213.60 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
2 2 | 185.15.59.226 185.15.59.226 | 14907 (WIKIMEDIA) (WIKIMEDIA) | |
5 | 185.15.59.224 185.15.59.224 | 14907 (WIKIMEDIA) (WIKIMEDIA) | |
1 | 13.107.246.60 13.107.246.60 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
29 | 10 |
ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f4.1e100.net
www.google.com |
ASN14061 (DIGITALOCEAN-ASN, US)
yqijap6.nsaoixvwszw.click | |
lyondellbasell-login.microsoftonline.nsaoixvwszw.click |
ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f10.1e100.net
fonts.googleapis.com |
ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com | |
stackpath.bootstrapcdn.com |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
secure.aadcdn.microsoftonline-p.com | |
logincdn.msauth.net |
ASN14907 (WIKIMEDIA, US)
PTR: ncredir-lb.esams.wikimedia.org
wikipedia.com |
ASN14907 (WIKIMEDIA, US)
PTR: text-lb.esams.wikimedia.org
www.wikipedia.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
nsaoixvwszw.click
6 redirects
yqijap6.nsaoixvwszw.click lyondellbasell-login.microsoftonline.nsaoixvwszw.click |
244 KB |
5 |
wikipedia.org
www.wikipedia.org — Cisco Umbrella Rank: 11908 |
46 KB |
5 |
google.ae
5 redirects
google.ae — Cisco Umbrella Rank: 33079 www.google.ae — Cisco Umbrella Rank: 33944 |
5 KB |
4 |
google.es
4 redirects
www.google.es — Cisco Umbrella Rank: 23215 google.es — Cisco Umbrella Rank: 21024 |
3 KB |
3 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1082 stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2859 |
50 KB |
2 |
wikipedia.com
2 redirects
wikipedia.com — Cisco Umbrella Rank: 136710 |
277 B |
2 |
msauth.net
logincdn.msauth.net — Cisco Umbrella Rank: 3724 aadcdn.msauth.net — Cisco Umbrella Rank: 893 |
2 KB |
2 |
microsoftonline-p.com
secure.aadcdn.microsoftonline-p.com — Cisco Umbrella Rank: 14951 |
2 KB |
2 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 729 |
162 KB |
2 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 32 |
3 KB |
2 |
google.com
2 redirects
www.google.com — Cisco Umbrella Rank: 2 |
2 KB |
2 |
qexspwnsctl.shop
2 redirects
9pjz0izru.qexspwnsctl.shop |
1 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 226 |
7 KB |
1 |
azureedge.net
spoppe-b.azureedge.net — Cisco Umbrella Rank: 6797 |
1 KB |
1 |
tinyurl.com
1 redirects
tinyurl.com — Cisco Umbrella Rank: 18784 |
830 B |
29 | 15 |
Domain | Requested by | |
---|---|---|
15 | lyondellbasell-login.microsoftonline.nsaoixvwszw.click |
4 redirects
lyondellbasell-login.microsoftonline.nsaoixvwszw.click
code.jquery.com |
5 | www.wikipedia.org |
lyondellbasell-login.microsoftonline.nsaoixvwszw.click
www.wikipedia.org |
3 | www.google.ae | 3 redirects |
3 | www.google.es | 3 redirects |
2 | wikipedia.com | 2 redirects |
2 | secure.aadcdn.microsoftonline-p.com |
lyondellbasell-login.microsoftonline.nsaoixvwszw.click
|
2 | code.jquery.com |
lyondellbasell-login.microsoftonline.nsaoixvwszw.click
|
2 | maxcdn.bootstrapcdn.com |
lyondellbasell-login.microsoftonline.nsaoixvwszw.click
|
2 | fonts.googleapis.com |
lyondellbasell-login.microsoftonline.nsaoixvwszw.click
|
2 | yqijap6.nsaoixvwszw.click | 2 redirects |
2 | www.google.com | 2 redirects |
2 | 9pjz0izru.qexspwnsctl.shop | 2 redirects |
2 | google.ae | 2 redirects |
1 | aadcdn.msauth.net |
lyondellbasell-login.microsoftonline.nsaoixvwszw.click
|
1 | logincdn.msauth.net |
lyondellbasell-login.microsoftonline.nsaoixvwszw.click
|
1 | stackpath.bootstrapcdn.com |
lyondellbasell-login.microsoftonline.nsaoixvwszw.click
|
1 | cdnjs.cloudflare.com |
lyondellbasell-login.microsoftonline.nsaoixvwszw.click
|
1 | spoppe-b.azureedge.net |
lyondellbasell-login.microsoftonline.nsaoixvwszw.click
|
1 | tinyurl.com | 1 redirects |
1 | google.es | 1 redirects |
29 | 20 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
nsaoixvwszw.click R3 |
2024-02-26 - 2024-05-26 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2024-02-05 - 2024-04-29 |
3 months | crt.sh |
bootstrapcdn.com GTS CA 1P5 |
2024-01-28 - 2024-04-27 |
3 months | crt.sh |
*.vo.msecnd.net DigiCert SHA2 Secure Server CA |
2023-05-05 - 2024-04-28 |
a year | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
secure.aadcdn.microsoftonline-p.com Microsoft Azure RSA TLS Issuing CA 04 |
2023-12-05 - 2024-11-29 |
a year | crt.sh |
identitycdn.msauth.net Microsoft Azure RSA TLS Issuing CA 03 |
2024-01-17 - 2025-01-11 |
a year | crt.sh |
*.wikipedia.org DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2023-10-18 - 2024-10-16 |
a year | crt.sh |
aadcdn.msauth.net DigiCert SHA2 Secure Server CA |
2024-01-29 - 2025-01-29 |
a year | crt.sh |
This page contains 3 frames:
Primary Page:
https://lyondellbasell-login.microsoftonline.nsaoixvwszw.click/Applicationview/a258c86006322b5d9b44524c2bb18747/65da078c63e77c1b22119186
Frame ID: 098C33A575A2A9B2C71142D235676FB4
Requests: 20 HTTP requests in this frame
Frame:
https://lyondellbasell-login.microsoftonline.nsaoixvwszw.click/Applicationview/a258c86006322b5d9b44524c2bb18747/65da078c63e77c1b22119186?gif=outlook&itb1=true
Frame ID: 5984589DEA7CA1835634B3F9B5A6CA64
Requests: 8 HTTP requests in this frame
Frame:
https://www.wikipedia.org/
Frame ID: B0AD314CD0EA152519C56C70F96FF29D
Requests: 4 HTTP requests in this frame
Screenshot
Page Title
SharepointPage URL History Show full URLs
-
https://www.google.es/url?hl=en&q=https://google.es/url?sa%3Dt%26q%3DMI%26rct%3Dnr%26esrc%3Dfyfd%2...
HTTP 302
https://google.es/url?sa=t&q=MI&rct=nr&esrc=fyfd&source=crg&cd=RQSG&cad=Z0kWJE&ved=QOCOf1vwP2i... HTTP 301
https://www.google.es/url?sa=t&q=MI&rct=nr&esrc=fyfd&source=crg&cd=RQSG&cad=Z0kWJE&ved=QOCOf1vwP2i... HTTP 302
https://www.google.es/amp/google.ae/amp/tinyurl.com/yc7fhwxp HTTP 302
http://google.ae/amp/tinyurl.com/yc7fhwxp HTTP 301
http://www.google.ae/amp/tinyurl.com/yc7fhwxp HTTP 301
https://www.google.ae/amp/tinyurl.com/yc7fhwxp HTTP 302
http://tinyurl.com/yc7fhwxp HTTP 307
https://tinyurl.com/yc7fhwxp HTTP 301
https://google.ae/amp/9pJz0Izru.qexspwnsctl.shop/YI6ys HTTP 301
https://www.google.ae/amp/9pJz0Izru.qexspwnsctl.shop/YI6ys HTTP 302
http://9pjz0izru.qexspwnsctl.shop/YI6ys HTTP 301
https://9pjz0izru.qexspwnsctl.shop/YI6ys HTTP 302
https://www.google.com/amp/yQIJAP6.nsaoixvwszw.click/bdd600/1/a258c86006322b5d9b44524c2bb18747/65da... HTTP 302
http://yqijap6.nsaoixvwszw.click/bdd600/1/a258c86006322b5d9b44524c2bb18747/65da078c63e77c1b22119186 HTTP 301
https://yqijap6.nsaoixvwszw.click/bdd600/1/a258c86006322b5d9b44524c2bb18747/65da078c63e77c1b22119186 HTTP 301
https://www.google.com/amp/lyondellbasell-login.microsoftonline.nsaoixvwszw.click/Applicationview/a... HTTP 302
http://lyondellbasell-login.microsoftonline.nsaoixvwszw.click/Applicationview/a258c86006322b5d9b44524c2bb18747/65da078c63e77c1b22119186 HTTP 301
https://lyondellbasell-login.microsoftonline.nsaoixvwszw.click/Applicationview/a258c86006322b5d9b44524c2bb18747/65da078c63e77c1b22119186 Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Google Font API (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Popper (Miscellaneous) Expand
Detected patterns
- /popper\.js/([0-9.]+)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://www.google.es/url?hl=en&q=https://google.es/url?sa%3Dt%26q%3DMI%26rct%3Dnr%26esrc%3Dfyfd%26source%3Dcrg%26cd%3DRQSG%26cad%3DZ0kWJE%26ved%3DQOCOf1vwP2iY5W%26uact%3D285%26url%3D%2561%256D%2570%252F%2567%256F%256F%2567%256C%2565%252E%2561%2565%252F%2561%256D%2570%252F%2574%2569%256E%2579%2575%2572%256C%252E%2563%256F%256D%252F%2579%2563%2537%2566%2568%2577%2578%2570%26opi%3D1909943882040%26usg%3DPyGfQw2wiJbWrI&source=gmail&ust=1709035963589000&usg=AOvVaw0zo6zAbznYN7q8w8LmfnTf
HTTP 302
https://google.es/url?sa=t&q=MI&rct=nr&esrc=fyfd&source=crg&cd=RQSG&cad=Z0kWJE&ved=QOCOf1vwP2iY5W&uact=285&url=%61%6D%70%2F%67%6F%6F%67%6C%65%2E%61%65%2F%61%6D%70%2F%74%69%6E%79%75%72%6C%2E%63%6F%6D%2F%79%63%37%66%68%77%78%70&opi=1909943882040&usg=PyGfQw2wiJbWrI HTTP 301
https://www.google.es/url?sa=t&q=MI&rct=nr&esrc=fyfd&source=crg&cd=RQSG&cad=Z0kWJE&ved=QOCOf1vwP2iY5W&uact=285&url=amp%2Fgoogle%2Eae%2Famp%2Ftinyurl%2Ecom%2Fyc7fhwxp&opi=1909943882040&usg=PyGfQw2wiJbWrI HTTP 302
https://www.google.es/amp/google.ae/amp/tinyurl.com/yc7fhwxp HTTP 302
http://google.ae/amp/tinyurl.com/yc7fhwxp HTTP 301
http://www.google.ae/amp/tinyurl.com/yc7fhwxp HTTP 301
https://www.google.ae/amp/tinyurl.com/yc7fhwxp HTTP 302
http://tinyurl.com/yc7fhwxp HTTP 307
https://tinyurl.com/yc7fhwxp HTTP 301
https://google.ae/amp/9pJz0Izru.qexspwnsctl.shop/YI6ys HTTP 301
https://www.google.ae/amp/9pJz0Izru.qexspwnsctl.shop/YI6ys HTTP 302
http://9pjz0izru.qexspwnsctl.shop/YI6ys HTTP 301
https://9pjz0izru.qexspwnsctl.shop/YI6ys HTTP 302
https://www.google.com/amp/yQIJAP6.nsaoixvwszw.click/bdd600/1/a258c86006322b5d9b44524c2bb18747/65da078c63e77c1b22119186 HTTP 302
http://yqijap6.nsaoixvwszw.click/bdd600/1/a258c86006322b5d9b44524c2bb18747/65da078c63e77c1b22119186 HTTP 301
https://yqijap6.nsaoixvwszw.click/bdd600/1/a258c86006322b5d9b44524c2bb18747/65da078c63e77c1b22119186 HTTP 301
https://www.google.com/amp/lyondellbasell-login.microsoftonline.nsaoixvwszw.click/Applicationview/a258c86006322b5d9b44524c2bb18747/65da078c63e77c1b22119186 HTTP 302
http://lyondellbasell-login.microsoftonline.nsaoixvwszw.click/Applicationview/a258c86006322b5d9b44524c2bb18747/65da078c63e77c1b22119186 HTTP 301
https://lyondellbasell-login.microsoftonline.nsaoixvwszw.click/Applicationview/a258c86006322b5d9b44524c2bb18747/65da078c63e77c1b22119186 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 13- https://lyondellbasell-login.microsoftonline.nsaoixvwszw.click//Applicationview/a258c86006322b5d9b44524c2bb18747/65da078c63e77c1b22119186?gif=outlook&itb1=true HTTP 301
- https://lyondellbasell-login.microsoftonline.nsaoixvwszw.click/Applicationview/a258c86006322b5d9b44524c2bb18747/65da078c63e77c1b22119186?gif=outlook&itb1=true
- https://lyondellbasell-login.microsoftonline.nsaoixvwszw.click/Applicationview/a258c86006322b5d9b44524c2bb18747/Sign%20in%20to%20your%20account_files/prefetch(1).html HTTP 301
- https://wikipedia.com/ HTTP 301
- https://www.wikipedia.org/
- https://lyondellbasell-login.microsoftonline.nsaoixvwszw.click/Applicationview/a258c86006322b5d9b44524c2bb18747/Sign%20in%20to%20your%20account_files/ellipsis_grey.svg HTTP 301
- https://wikipedia.com/ HTTP 301
- https://www.wikipedia.org/
29 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
65da078c63e77c1b22119186
lyondellbasell-login.microsoftonline.nsaoixvwszw.click/Applicationview/a258c86006322b5d9b44524c2bb18747/ Redirect Chain
|
59 KB 59 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
0 2 KB |
Other
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/ |
141 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
20 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
docx.png
spoppe-b.azureedge.net/files/fabric-cdn-prod_20211104.001/assets/item-types/32_2x/ |
975 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.4.1.js
code.jquery.com/ |
274 KB 81 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/ |
19 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/ |
48 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ |
50 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
script.js
lyondellbasell-login.microsoftonline.nsaoixvwszw.click/uploads/ |
23 KB 24 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 2 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mac-chrome.css
lyondellbasell-login.microsoftonline.nsaoixvwszw.click/uploads/ |
7 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
65da078c63e77c1b22119186
lyondellbasell-login.microsoftonline.nsaoixvwszw.click/Applicationview/a258c86006322b5d9b44524c2bb18747/ Frame 5984 Redirect Chain
|
146 KB 146 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ssl.svg
lyondellbasell-login.microsoftonline.nsaoixvwszw.click/uploads/images/ |
563 B 751 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
close.svg
lyondellbasell-login.microsoftonline.nsaoixvwszw.click/uploads/images/ |
720 B 908 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
arrow-right.svg
lyondellbasell-login.microsoftonline.nsaoixvwszw.click/uploads/images/ |
1023 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cookies.svg
lyondellbasell-login.microsoftonline.nsaoixvwszw.click/uploads/images/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
settings.svg
lyondellbasell-login.microsoftonline.nsaoixvwszw.click/uploads/images/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
new-tab.svg
lyondellbasell-login.microsoftonline.nsaoixvwszw.click/uploads/images/ |
468 B 656 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.4.1.js
code.jquery.com/ Frame 5984 |
274 KB 81 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microsoft_logo.svg
secure.aadcdn.microsoftonline-p.com/ests/2.1.8148.16/content/images/ Frame 5984 |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
arrow_left.svg
logincdn.msauth.net/16.000.28345.6/images/ Frame 5984 |
513 B 928 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.wikipedia.org/ Frame B0AD Redirect Chain
|
76 KB 19 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
documentation_bcb4d1dc4eae64f0b2b2538209d8435a.svg
aadcdn.msauth.net/shared/1.0/content/images/ Frame 5984 |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ellipsis_white.svg
secure.aadcdn.microsoftonline-p.com/ests/2.1.8148.16/content/images/ Frame 5984 |
915 B 753 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.wikipedia.org/ Frame 5984 Redirect Chain
|
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
65da078c63e77c1b22119186
lyondellbasell-login.microsoftonline.nsaoixvwszw.click/Applicationview/a258c86006322b5d9b44524c2bb18747/ Frame 5984 |
0 177 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Wikipedia-logo-v2.png
www.wikipedia.org/portal/wikipedia.org/assets/img/ Frame B0AD |
15 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index-24c3e2ca18.js
www.wikipedia.org/portal/wikipedia.org/assets/js/ Frame B0AD |
22 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gt-ie9-ce3fe8e88d.js
www.wikipedia.org/portal/wikipedia.org/assets/js/ Frame B0AD |
614 B 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Sharepoint (Online) Microsoft (Consumer) OneDrive (Online)22 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 function| $ function| jQuery function| Popper object| bootstrap function| isLikelyDesktop function| getOperatingSystem function| setInitialSize function| deobfString function| openTop function| openIn function| deObfData function| handleDnDLogic function| applyPositioning function| closePopup function| toggleSSLPopup function| enlarge function| setPrimaryContent function| handleSecondaryFlowStart function| handleIsOpenedState function| triggerSecondaryFlowStart function| hadleDOMContentLoaded4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.google.es/ | Name: __Secure-ENID Value: 17.SE=hFa_1S45bDfgUiexIMaD2dHwfXumvdl7cdyCEFGV-9dr_tS50Za6uXnS0YOsQkVzHsqo-u_qceVvCUnb1O2rmCdlAfJvge9nk4NZrTr4B-ibQgD4NeqsvL74KDGTRsnMwc_Btd_wi2w8tu9LJeOh667UQJWTgpp8JTqyA6z6-Xw |
|
.google.ae/ | Name: __Secure-ENID Value: 17.SE=r743bePRVWPE7kzWkqb0WHvyg1qLC4U7ZzZm2_bjlSrjPSmfmR7pwiJNTJXJRcVcINJuSTtxxU2bsNP9BXl3yNDbpDNESSXkeh2uKlzq89g1ChSXB2tSX-JwMazSEQOvPL4QAzXDRzkdO8fDFS9g8Yt_ZuSPCpaMpDUOHOhhyxY |
|
.tinyurl.com/ | Name: __cf_bm Value: _vm.4uikAAKvv05z7bh5dVHXRMhcMYzetbfuZJZncKQ-1708979162-1.0-AQQ2Q7B+s3ZOZIMxKpiuOUQHwVLTaRjLoYN1/a+D4w9W6TkPGp4X1saKy+/8ylgV9MnWTdevfSHMs+7dsqwfKGg= |
|
.google.com/ | Name: __Secure-ENID Value: 17.SE=aBLtms9FwyOziwQyQol-_cLzEiNpp-gq5HX4fmuJouktZxyZwMUprM3E78cnuRpPGdw1W4hpLOToSMPSQz-lMCr3R67Sji3XsA7kfeFZi1b0FkYZ1_lkjvm-4UzB6mpV5zU89j15w_6VzI_ZKKFlfwCIbTGXfRpDLEFq6tw5bEc |
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
9pjz0izru.qexspwnsctl.shop
aadcdn.msauth.net
cdnjs.cloudflare.com
code.jquery.com
fonts.googleapis.com
google.ae
google.es
logincdn.msauth.net
lyondellbasell-login.microsoftonline.nsaoixvwszw.click
maxcdn.bootstrapcdn.com
secure.aadcdn.microsoftonline-p.com
spoppe-b.azureedge.net
stackpath.bootstrapcdn.com
tinyurl.com
wikipedia.com
www.google.ae
www.google.com
www.google.es
www.wikipedia.org
yqijap6.nsaoixvwszw.click
104.17.25.14
104.18.11.207
104.20.138.65
104.21.51.112
13.107.213.60
13.107.246.60
137.184.127.24
142.250.184.202
142.250.184.227
142.250.185.227
142.250.186.163
142.250.186.164
151.101.66.137
152.199.19.161
172.217.18.99
185.15.59.224
185.15.59.226
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
076adb70dec01ca99ad6325565ffdaabd47a3213e3224c26faa1d01100af9d31
29b7a9358abdc68c51db5a5af4a4f4e2e041a67527adee2366b1f84f116fe9a5
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
314253e27fd3392df6c58f38e27abcabcd178ea709fdb738cda64708141dc105
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
5a93a88493aa32aab228bf4571c01207d3b42b0002409a454d404b4d8395bd55
5d0992782b6d45c3153c0f4d096c48bba6a0fa8acf9f617dec1d04f15af96fb8
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea
75038605ff9e35cc393e0ed8200069601c889100607cde67d2af68b9eb88e5d4
7a659e3b9a835c1585742ae9f3544481528ca7c7a9ec6cf93470f14d6291d9c8
825de044d5ac6442a094ff95099f9f67e9249a8110a2fbd57128285776632adb
833e4f5e3cebfe70b9687cf08afd5a3f47f1ef8ccf15013c573149954f08c7d8
86fd50197d175e54a0a41cfde6dca8061e60a9f4fdae4d2a1b88235b82e29666
94b9d1f65f9e2a5f7a3f5a77730182b91fbfc81a03228d28985e6d566c181ee4
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
a76c08e9cdc3bb87bfb57627ad8f6b46f0e5ef826cc7f046dfbaf25d7b7958ea
afbd284675af07b0f2c0c09f367283b2de9d04b9ffb75e97472d69b066f678b2
b19808e35d2be36afee40661f06cc879b5d80e45929c75f1d6a852bb21143f72
b4e544b010077ceacf159dfdf566b37d06f8ab3c151e9561720e392b8f1ea38e
c98a51021441557bc974e25392d183705fbf3347345aa7e5adc7cae3ded0165a
cf5916e86bb18875db4e12ee5e799cce7b23bc1cd1ad721fb65d3879de629bec
d4b2aac3bcfbd9aa265d5640347ca941ed220ca43d067029dc078112e746cc9a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
f1ff400c380a6dacea01229933154982c9cc9e1755abd5503febafa004d5896a
f237f435eb554271638068a47f5cc80ebae8ac4140a2a1c7e226c489e67fb0a9
fe51e51e5890cf5c1ec7a55bb137460d8d906c00ad60b3e1e686910cd93db59c