URL: http://dukair.com/
Submission: On July 09 via manual from TH — Scanned from DE

Summary

This website contacted 2 IPs in 4 countries across 4 domains to perform 3 HTTP transactions. The main IP is 205.178.189.131, located in United States and belongs to NETWORK-SOLUTIONS-HOSTING, US. The main domain is dukair.com.
This is the only time dukair.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 205.178.189.131 19871 (NETWORK-S...)
1 1 2603:1026:207... 8075 (MICROSOFT...)
1 1 2603:1026:c0d... 8075 (MICROSOFT...)
1 2603:1026:300... 8075 (MICROSOFT...)
3 2
Apex Domain
Subdomains
Transfer
2 dukair.com
dukair.com
1 KB
1 microsoftonline.com
login.microsoftonline.com — Cisco Umbrella Rank: 15
1 office365.com
outlook.office365.com — Cisco Umbrella Rank: 72
3 KB
1 outlook.com
db3prd0410.outlook.com
295 B
3 4
Domain Requested by
2 dukair.com
1 login.microsoftonline.com dukair.com
1 outlook.office365.com 1 redirects
1 db3prd0410.outlook.com 1 redirects
3 4

This site contains no links.

Subject Issuer Validity Valid
stamp2.login.microsoftonline.com
DigiCert SHA2 Secure Server CA
2024-05-27 -
2025-05-27
a year crt.sh

This page contains 2 frames:

Primary Page: http://dukair.com/
Frame ID: F9A9D247EB3CD746DA6D84DCFF87351E
Requests: 2 HTTP requests in this frame

Frame: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=015297e9-0861-d0c7-d02b-d53e7dc3438c&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638560903893978998.1f7fd0a1-ba30-41b4-90c1-f9c39fab0543&state=Dcs7EoAwCABRouNxMDDkA8chcWgtvb4Ub7stAHCmIxXKwByifZCRqIlNNdObY8ZDzrhcCBuvhkabMWyLhS_qTUq-V30_rz8
Frame ID: 099D27B219B92236136E9AE4B3F1E917
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

DUKAIR.COM

Page URL History Show full URLs

  1. http://dukair.com/ HTTP 307
    https://dukair.com/ HTTP 307
    http://dukair.com/ Page URL

Page Statistics

3
Requests

33 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

2
IPs

4
Countries

1 kB
Transfer

1 kB
Size

10
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://dukair.com/ HTTP 307
    https://dukair.com/ HTTP 307
    http://dukair.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://db3prd0410.outlook.com/owa/ HTTP 301
  • https://outlook.office365.com/owa/ HTTP 302
  • https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=015297e9-0861-d0c7-d02b-d53e7dc3438c&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638560903893978998.1f7fd0a1-ba30-41b4-90c1-f9c39fab0543&state=Dcs7EoAwCABRouNxMDDkA8chcWgtvb4Ub7stAHCmIxXKwByifZCRqIlNNdObY8ZDzrhcCBuvhkabMWyLhS_qTUq-V30_rz8

3 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
dukair.com/
Redirect Chain
  • http://dukair.com/
  • https://dukair.com/
  • http://dukair.com/
215 B
369 B
Document
General
Full URL
http://dukair.com/
Protocol
HTTP/1.1
Server
205.178.189.131 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
wf.networksolutions.com
Software
Sun-ONE-Web-Server/6.1 /
Resource Hash
c881a6cf1cf5b182fe900bcd90ffc148ebda48b84f045a4928d2b24d9b4f133a

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-type
text/html
Date
Tue, 09 Jul 2024 02:53:08 GMT
Server
Sun-ONE-Web-Server/6.1
Transfer-encoding
chunked

Redirect headers

Location
http://dukair.com/
Non-Authoritative-Reason
HttpsUpgrades
authorize
login.microsoftonline.com/common/oauth2/ Frame 099D
Redirect Chain
  • https://db3prd0410.outlook.com/owa/
  • https://outlook.office365.com/owa/
  • https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-0...
0
0
Document
General
Full URL
https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=015297e9-0861-d0c7-d02b-d53e7dc3438c&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638560903893978998.1f7fd0a1-ba30-41b4-90c1-f9c39fab0543&state=Dcs7EoAwCABRouNxMDDkA8chcWgtvb4Ub7stAHCmIxXKwByifZCRqIlNNdObY8ZDzrhcCBuvhkabMWyLhS_qTUq-V30_rz8
Requested by
Host: dukair.com
URL: http://dukair.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2603:1026:3000:c8::6 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
http://dukair.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Cache-Control
no-store, no-cache
Content-Encoding
gzip
Content-Length
15125
Content-Type
text/html; charset=utf-8
Date
Tue, 09 Jul 2024 02:53:08 GMT
Expires
-1
Link
<https://aadcdn.msauth.net>; rel=preconnect; crossorigin,<https://aadcdn.msauth.net>; rel=dns-prefetch,<https://aadcdn.msftauth.net>; rel=dns-prefetch
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-DNS-Prefetch-Control
on
X-Frame-Options
DENY
X-XSS-Protection
0
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+dub2"}]}
x-ms-ests-server
2.1.18463.4 - NEULR1 ProdSlices
x-ms-request-id
f631cb7d-c0ce-413d-9e8f-7b8383750600
x-ms-srs
1.P

Redirect headers

alt-svc
h3=":443";ma=2592000,h3-29=":443";ma=2592000
content-length
785
content-type
text/html; charset=utf-8
date
Tue, 09 Jul 2024 02:53:08 GMT
location
https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=015297e9-0861-d0c7-d02b-d53e7dc3438c&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638560903893978998.1f7fd0a1-ba30-41b4-90c1-f9c39fab0543&state=Dcs7EoAwCABRouNxMDDkA8chcWgtvb4Ub7stAHCmIxXKwByifZCRqIlNNdObY8ZDzrhcCBuvhkabMWyLhS_qTUq-V30_rz8
nel
{"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
p3p
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
report-to
{"group":"NelOfficeUpload1","max_age":7200,"endpoints":[{"url":"https://exo.nel.measure.office.net/api/report?TenantId=&FrontEnd=Cafe&DestinationEndpoint=FRA&RemoteIP=2a01:4a0:1338::&Environment=MT"}],"include_subdomains":true}
request-id
015297e9-0861-d0c7-d02b-d53e7dc3438c
server
Microsoft-IIS/10.0
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-backend-begin
2024-07-09T02:53:09.397
x-backend-end
2024-07-09T02:53:09.397
x-backendhttpstatus
302
x-beserver
FR6P281MB3420
x-besku
WCS7
x-calculatedbetarget
FR6P281MB3420.DEUP281.PROD.OUTLOOK.COM
x-content-type-options
nosniff
x-diaginfo
FR6P281MB3420
x-feefzinfo
FRA
x-feproxyinfo
FR4P281CA0100.DEUP281.PROD.OUTLOOK.COM
x-feserver
FR4P281CA0100
x-firsthopcafeefz
FRA
x-owa-diagnosticsinfo
1;0;0
x-proxy-backendserverstatus
302
x-proxy-routingcorrectness
1
x-rum-notupdatequerieddbcopy
1
x-rum-notupdatequeriedpath
1
x-rum-validated
1
x-ua-compatible
IE=EmulateIE7
favicon.ico
dukair.com/
894 B
1 KB
Other
General
Full URL
http://dukair.com/favicon.ico
Protocol
HTTP/1.1
Server
205.178.189.131 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
wf.networksolutions.com
Software
Sun-ONE-Web-Server/6.1 /
Resource Hash
f2a0c2b043e9cc51d6da340a0a5ff691aaf1c7984c036cca6fdcfeef3b1e7cb9

Request headers

Referer
http://dukair.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Tue, 09 Jul 2024 02:53:09 GMT
Last-modified
Mon, 19 Jun 2023 12:52:50 GMT
Server
Sun-ONE-Web-Server/6.1
Accept-ranges
bytes
Etag
"37e-64904fa2"
Content-length
894
Content-type
image/x-icon

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0

10 Cookies

Domain/Path Name / Value
outlook.office365.com/ Name: ClientId
Value: 16D1A8D448104C78A3C5297DACCE6E8A
outlook.office365.com/ Name: OIDC
Value: 1
outlook.office365.com/ Name: OpenIdConnect.nonce.v3.GeHJw7YFJqJQ14tq46LRPMDXIzdXSEuNwvzXggpH1FY
Value: 638560903893978998.1f7fd0a1-ba30-41b4-90c1-f9c39fab0543
outlook.office365.com/ Name: X-OWA-RedirectHistory
Value: ArLym14Bdo8NRMKf3Ag
login.microsoftonline.com/ Name: buid
Value: 0.AVwAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMY0bjJ5iUhOkEUi1VIqSqNzorJIp8K7bYvAbthz1S3zF6tqd9ST7zjXulnBcUIbhjxgJyrrKke9cCmW-ATfZ9Vm8Vc1_gHnEfEAPrpLH-c5WIgAA
.login.microsoftonline.com/ Name: esctx
Value: PAQABBwEAAAApTwJmzXqdR4BN2miheQMYmE0fKwL-jfk0wuE_bAjhQbscqwLVojQAspHblEGUqaZiLCoqwA9iV1DQiXbrpbXoDc4o3AAiibVVUsW_tUZMtNx8RArQDhXXWD5zL1iSuEhk1r_zDJc8VO2WwI78ljQnmsVeFoAqO3Xiqu50ZIyWRVmjr6Xi2gGeegpsk169oeUgAA
.login.microsoftonline.com/ Name: esctx-UZYkBmicc6c
Value: AQABCQEAAAApTwJmzXqdR4BN2miheQMYVtiFGCmlWjAws5_qkEpaW92DMsJQM28hP2uSZxvhNBxlfOxLhoq2NszbMHg3DRaoZEfO-ZBTODhCHsBLK-WPZJQG812t_ckrWZ2W4WukWPnZq1H7rcXagEZzfHaqlV8V9NNqEOj_GPr839DuyXOwLiAA
login.microsoftonline.com/ Name: fpc
Value: AgFSrv7AiUFFij9SKARKAnKerOTJAQAAABSdHt4OAAAA
login.microsoftonline.com/ Name: x-ms-gateway-slice
Value: estsfd
login.microsoftonline.com/ Name: stsservicecookie
Value: estsfd

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

db3prd0410.outlook.com
dukair.com
login.microsoftonline.com
outlook.office365.com
205.178.189.131
2603:1026:207:1::2
2603:1026:3000:c8::6
2603:1026:c0d:100c::2
c881a6cf1cf5b182fe900bcd90ffc148ebda48b84f045a4928d2b24d9b4f133a
f2a0c2b043e9cc51d6da340a0a5ff691aaf1c7984c036cca6fdcfeef3b1e7cb9