daxa1nl9n9p.forevertrendy-wears.business
Open in
urlscan Pro
194.180.49.204
Public Scan
Effective URL: https://daxa1nl9n9p.forevertrendy-wears.business/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2N...
Submission: On October 16 via api from IE — Scanned from US
Summary
TLS certificate: Issued by R3 on August 31st 2023. Valid for: 3 months.
This is the only time daxa1nl9n9p.forevertrendy-wears.business was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2606:4700::68... 2606:4700::6812:223 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 10 | 194.180.49.204 194.180.49.204 | 211252 (AS_DELIS) (AS_DELIS) | |
1 | 20.190.157.11 20.190.157.11 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
8 | 4 |
ASN13335 (CLOUDFLARENET, US)
pub-ab0550fba29342ca86c261be47b185d7.r2.dev |
ASN211252 (AS_DELIS, US)
westside-analogs.com | |
daxa1nl9n9p.forevertrendy-wears.business |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
login.live.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
forevertrendy-wears.business
3 redirects
daxa1nl9n9p.forevertrendy-wears.business |
123 KB |
1 |
live.com
login.live.com — Cisco Umbrella Rank: 100 |
|
1 |
westside-analogs.com
1 redirects
westside-analogs.com |
679 B |
1 |
r2.dev
pub-ab0550fba29342ca86c261be47b185d7.r2.dev |
698 B |
8 | 4 |
Domain | Requested by | |
---|---|---|
9 | daxa1nl9n9p.forevertrendy-wears.business |
3 redirects
pub-ab0550fba29342ca86c261be47b185d7.r2.dev
daxa1nl9n9p.forevertrendy-wears.business |
1 | login.live.com |
daxa1nl9n9p.forevertrendy-wears.business
|
1 | westside-analogs.com | 1 redirects |
1 | pub-ab0550fba29342ca86c261be47b185d7.r2.dev | |
8 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.r2.dev E1 |
2023-10-11 - 2024-01-09 |
3 months | crt.sh |
forevertrendy-wears.business R3 |
2023-08-31 - 2023-11-29 |
3 months | crt.sh |
login.live.com DigiCert SHA2 Secure Server CA |
2023-07-04 - 2024-07-04 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://daxa1nl9n9p.forevertrendy-wears.business/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YTVkNjM0NjgtODZkOC1mNzlmLTFjYTctYjJhN2EyMTQyNjNiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODMzMDY4ODE1MzYxNDA5OC4yMDQzY2YyYy02MWQ2LTQ3ZGMtODg2Ni0wOWRmYjFlYWYzZmEmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNCQkRQSTVwYkZ0Ml9WajgyVTBDZ0Qxc0lWRUVtb3FKa0pyeEpjcVZ1cDJGcWt3dkU1V1hZbTFyb3BrcVVsOS04ek5jZktSNGpfeC1JXzg=&sso_reload=true
Frame ID: F5C1B0E5A5526C852F4BAE7104B423F0
Requests: 10 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://pub-ab0550fba29342ca86c261be47b185d7.r2.dev/gray.html Page URL
-
https://westside-analogs.com/?zfppbwqn
HTTP 302
https://daxa1nl9n9p.forevertrendy-wears.business/?sign=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2RheGExbmw5b... HTTP 302
https://daxa1nl9n9p.forevertrendy-wears.business/__// HTTP 301
https://daxa1nl9n9p.forevertrendy-wears.business/owa/ HTTP 302
https://daxa1nl9n9p.forevertrendy-wears.business/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV... Page URL
- https://daxa1nl9n9p.forevertrendy-wears.business/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV... Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://pub-ab0550fba29342ca86c261be47b185d7.r2.dev/gray.html Page URL
-
https://westside-analogs.com/?zfppbwqn
HTTP 302
https://daxa1nl9n9p.forevertrendy-wears.business/?sign=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2RheGExbmw5bjlwLmZvcmV2ZXJ0cmVuZHktd2VhcnMuYnVzaW5lc3MiLCJkb21haW4iOiJkYXhhMW5sOW45cC5mb3JldmVydHJlbmR5LXdlYXJzLmJ1c2luZXNzIiwia2V5IjoiYnFnWVQ2RG81anl4IiwicXJjIjpudWxsLCJpYXQiOjE2OTc0NzIwMTQsImV4cCI6MTY5NzQ3MjEzNH0.r1ncdh32ZfIUy5yuvQFcCetLpazZgIUHO9Zphwf9dgY HTTP 302
https://daxa1nl9n9p.forevertrendy-wears.business/__// HTTP 301
https://daxa1nl9n9p.forevertrendy-wears.business/owa/ HTTP 302
https://daxa1nl9n9p.forevertrendy-wears.business/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YTVkNjM0NjgtODZkOC1mNzlmLTFjYTctYjJhN2EyMTQyNjNiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODMzMDY4ODE1MzYxNDA5OC4yMDQzY2YyYy02MWQ2LTQ3ZGMtODg2Ni0wOWRmYjFlYWYzZmEmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNCQkRQSTVwYkZ0Ml9WajgyVTBDZ0Qxc0lWRUVtb3FKa0pyeEpjcVZ1cDJGcWt3dkU1V1hZbTFyb3BrcVVsOS04ek5jZktSNGpfeC1JXzg= Page URL
- https://daxa1nl9n9p.forevertrendy-wears.business/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YTVkNjM0NjgtODZkOC1mNzlmLTFjYTctYjJhN2EyMTQyNjNiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODMzMDY4ODE1MzYxNDA5OC4yMDQzY2YyYy02MWQ2LTQ3ZGMtODg2Ni0wOWRmYjFlYWYzZmEmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNCQkRQSTVwYkZ0Ml9WajgyVTBDZ0Qxc0lWRUVtb3FKa0pyeEpjcVZ1cDJGcWt3dkU1V1hZbTFyb3BrcVVsOS04ek5jZktSNGpfeC1JXzg=&sso_reload=true Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- https://westside-analogs.com/?zfppbwqn HTTP 302
- https://daxa1nl9n9p.forevertrendy-wears.business/?sign=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2RheGExbmw5bjlwLmZvcmV2ZXJ0cmVuZHktd2VhcnMuYnVzaW5lc3MiLCJkb21haW4iOiJkYXhhMW5sOW45cC5mb3JldmVydHJlbmR5LXdlYXJzLmJ1c2luZXNzIiwia2V5IjoiYnFnWVQ2RG81anl4IiwicXJjIjpudWxsLCJpYXQiOjE2OTc0NzIwMTQsImV4cCI6MTY5NzQ3MjEzNH0.r1ncdh32ZfIUy5yuvQFcCetLpazZgIUHO9Zphwf9dgY HTTP 302
- https://daxa1nl9n9p.forevertrendy-wears.business/__// HTTP 301
- https://daxa1nl9n9p.forevertrendy-wears.business/owa/ HTTP 302
- https://daxa1nl9n9p.forevertrendy-wears.business/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YTVkNjM0NjgtODZkOC1mNzlmLTFjYTctYjJhN2EyMTQyNjNiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODMzMDY4ODE1MzYxNDA5OC4yMDQzY2YyYy02MWQ2LTQ3ZGMtODg2Ni0wOWRmYjFlYWYzZmEmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNCQkRQSTVwYkZ0Ml9WajgyVTBDZ0Qxc0lWRUVtb3FKa0pyeEpjcVZ1cDJGcWt3dkU1V1hZbTFyb3BrcVVsOS04ek5jZktSNGpfeC1JXzg=
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
gray.html
pub-ab0550fba29342ca86c261be47b185d7.r2.dev/ |
627 B 698 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
redirect.cgi
daxa1nl9n9p.forevertrendy-wears.business/ Redirect Chain
|
21 KB 11 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
BssoInterrupt_Core_pOO34JFwD1EVcxt413xLZg2.js
daxa1nl9n9p.forevertrendy-wears.business/aadcdn.msftauth.net/~/shared/1.0/content/js/ |
136 KB 49 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
341 B 0 |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
redirect.cgi
daxa1nl9n9p.forevertrendy-wears.business/ |
39 KB 19 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
converged.v2.login.min_ltjvsvk5aekta_kgibi0gg2.css
daxa1nl9n9p.forevertrendy-wears.business/aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/ |
109 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ConvergedLogin_PCore_cMGnwaE07ZSpRlsZYnkefA2.js
daxa1nl9n9p.forevertrendy-wears.business/aadcdn.msauth.net/~/shared/1.0/content/js/ |
288 KB 0 |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ux.converged.login.strings-en.min_m9-edh3zk6bsrzenpxkndq2.js
daxa1nl9n9p.forevertrendy-wears.business/aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/ |
50 KB 16 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
341 B 0 |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Me.htm
login.live.com/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
Verdicts & Comments Add Verdict or Comment
11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| c object| $Config object| $Debug object| $Do function| $Loader object| $WebWatson function| GetString function| GetErrorString function| GetUrl object| $B object| ServerData17 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
westside-analogs.com/ | Name: qPdM Value: bqgYT6Do5jyx |
|
westside-analogs.com/ | Name: qPdM.sig Value: jU8kuxbpeiwf-7DcGzDyy1v0IHk |
|
daxa1nl9n9p.forevertrendy-wears.business/ | Name: qPdM Value: bqgYT6Do5jyx |
|
daxa1nl9n9p.forevertrendy-wears.business/ | Name: qPdM.sig Value: jU8kuxbpeiwf-7DcGzDyy1v0IHk |
|
daxa1nl9n9p.forevertrendy-wears.business/ | Name: ClientId Value: A771E755772A44B2B6078E28144208B9 |
|
daxa1nl9n9p.forevertrendy-wears.business/ | Name: OIDC Value: 1 |
|
daxa1nl9n9p.forevertrendy-wears.business/ | Name: OpenIdConnect.nonce.v3.ao4UDfqYilXByNXs6vP-uNdI8K9yskhDpOefz2WTQJ8 Value: 638330688153614098.2043cf2c-61d6-47dc-8866-09dfb1eaf3fa |
|
daxa1nl9n9p.forevertrendy-wears.business/ | Name: X-OWA-RedirectHistory Value: ArLym14BEneg_GDO2wg |
|
daxa1nl9n9p.forevertrendy-wears.business/ | Name: x-ms-gateway-slice Value: estsfd |
|
daxa1nl9n9p.forevertrendy-wears.business/ | Name: stsservicecookie Value: estsfd |
|
.daxa1nl9n9p.forevertrendy-wears.business/ | Name: AADSSO Value: NA|NoExtension |
|
daxa1nl9n9p.forevertrendy-wears.business/ | Name: SSOCOOKIEPULLED Value: 1 |
|
daxa1nl9n9p.forevertrendy-wears.business/ | Name: buid Value: 0.ASAAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABAAEAAAAtyolDObpQQ5VtlI4uGjEP5MXIrcZagNsMzUiAlvxrcTdFrSKV7Q17Q-wzBi9btkoJQauzbakjftYv_oIg5JOdfgPkQn6pLkWrdctidPzZHBZ39ydUecxAtFw9-f85MQIgAA |
|
.daxa1nl9n9p.forevertrendy-wears.business/ | Name: esctx Value: PAQABAAEAAAAtyolDObpQQ5VtlI4uGjEPcrp7ell38rMxQ5XA49J29MSilpS7BdcaOYOwj_dO3cUNjGZqQP7X7md9vpK30XjW0-F3HU5I-GrnQY4jDLbhzqO7yTdhT9DtLhc8Cv3wcWyAucUoYSxgU413_aaDx-OmpcLwLFqeF5BpXWGWwEYZ1HqlqO5Qt6F33m_dno4zVeMYUY6mqMbUMAL-Gse1ksp4bv85RjmKTHCe3yoZHrlDDEwDhb6pVOvoa02xAwsgP14gAA |
|
daxa1nl9n9p.forevertrendy-wears.business/ | Name: fpc Value: AhN5t-kcw55Jmqj1rThrmmuerOTJAQAAABNVv9wOAAAA |
|
.login.live.com/ | Name: uaid Value: d8c4a808fdd6471c95e2ecf9d90c6997 |
|
.login.live.com/ | Name: MSPRequ Value: id=N<=1697472020&co=1 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
daxa1nl9n9p.forevertrendy-wears.business
login.live.com
pub-ab0550fba29342ca86c261be47b185d7.r2.dev
westside-analogs.com
194.180.49.204
20.190.157.11
2606:4700::6812:223
1a0ea89ae667420caeae29d594d53258e6ed157dab7e8dfe6f154f0054b0cf99
8ea3fcd85de809f8472884dc80669af2aec1f9342f5751ac6d4c5afa1d7b192e
90682803943448f3acffc81014c87fdd71f30d8cf97335fcea451fac1e568221
9b62c34dd11d80cd0894cff31a63cc9d891701662ed10de89f5a760276b83715
b40619b062b3b8eb96ead4efa6c2219dc902f6b85f5b9930c067e81ce1eab0d2
fd7f7a63181fbd678051edf86c3ce59fda548ed3afb6dcc553c8635af0a9e613