daxa1nl9n9p.forevertrendy-wears.business Open in urlscan Pro
194.180.49.204  Public Scan

Submitted URL: https://pub-ab0550fba29342ca86c261be47b185d7.r2.dev/gray.html
Effective URL: https://daxa1nl9n9p.forevertrendy-wears.business/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2N...
Submission: On October 16 via api from IE — Scanned from US

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 8 HTTP transactions. The main IP is 194.180.49.204, located in Amsterdam, Netherlands and belongs to AS_DELIS, US. The main domain is daxa1nl9n9p.forevertrendy-wears.business.
TLS certificate: Issued by R3 on August 31st 2023. Valid for: 3 months.
This is the only time daxa1nl9n9p.forevertrendy-wears.business was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2606:4700::68... 13335 (CLOUDFLAR...)
4 10 194.180.49.204 211252 (AS_DELIS)
1 20.190.157.11 8075 (MICROSOFT...)
8 4
Domain Requested by
9 daxa1nl9n9p.forevertrendy-wears.business 3 redirects pub-ab0550fba29342ca86c261be47b185d7.r2.dev
daxa1nl9n9p.forevertrendy-wears.business
1 login.live.com daxa1nl9n9p.forevertrendy-wears.business
1 westside-analogs.com 1 redirects
1 pub-ab0550fba29342ca86c261be47b185d7.r2.dev
8 4

This site contains no links.

Subject Issuer Validity Valid
*.r2.dev
E1
2023-10-11 -
2024-01-09
3 months crt.sh
forevertrendy-wears.business
R3
2023-08-31 -
2023-11-29
3 months crt.sh
login.live.com
DigiCert SHA2 Secure Server CA
2023-07-04 -
2024-07-04
a year crt.sh

This page contains 1 frames:

Primary Page: https://daxa1nl9n9p.forevertrendy-wears.business/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YTVkNjM0NjgtODZkOC1mNzlmLTFjYTctYjJhN2EyMTQyNjNiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODMzMDY4ODE1MzYxNDA5OC4yMDQzY2YyYy02MWQ2LTQ3ZGMtODg2Ni0wOWRmYjFlYWYzZmEmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNCQkRQSTVwYkZ0Ml9WajgyVTBDZ0Qxc0lWRUVtb3FKa0pyeEpjcVZ1cDJGcWt3dkU1V1hZbTFyb3BrcVVsOS04ek5jZktSNGpfeC1JXzg=&sso_reload=true
Frame ID: F5C1B0E5A5526C852F4BAE7104B423F0
Requests: 10 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://pub-ab0550fba29342ca86c261be47b185d7.r2.dev/gray.html Page URL
  2. https://westside-analogs.com/?zfppbwqn HTTP 302
    https://daxa1nl9n9p.forevertrendy-wears.business/?sign=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2RheGExbmw5b... HTTP 302
    https://daxa1nl9n9p.forevertrendy-wears.business/__// HTTP 301
    https://daxa1nl9n9p.forevertrendy-wears.business/owa/ HTTP 302
    https://daxa1nl9n9p.forevertrendy-wears.business/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV... Page URL
  3. https://daxa1nl9n9p.forevertrendy-wears.business/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV... Page URL

Page Statistics

8
Requests

100 %
HTTPS

33 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

115 kB
Transfer

644 kB
Size

17
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://pub-ab0550fba29342ca86c261be47b185d7.r2.dev/gray.html Page URL
  2. https://westside-analogs.com/?zfppbwqn HTTP 302
    https://daxa1nl9n9p.forevertrendy-wears.business/?sign=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2RheGExbmw5bjlwLmZvcmV2ZXJ0cmVuZHktd2VhcnMuYnVzaW5lc3MiLCJkb21haW4iOiJkYXhhMW5sOW45cC5mb3JldmVydHJlbmR5LXdlYXJzLmJ1c2luZXNzIiwia2V5IjoiYnFnWVQ2RG81anl4IiwicXJjIjpudWxsLCJpYXQiOjE2OTc0NzIwMTQsImV4cCI6MTY5NzQ3MjEzNH0.r1ncdh32ZfIUy5yuvQFcCetLpazZgIUHO9Zphwf9dgY HTTP 302
    https://daxa1nl9n9p.forevertrendy-wears.business/__// HTTP 301
    https://daxa1nl9n9p.forevertrendy-wears.business/owa/ HTTP 302
    https://daxa1nl9n9p.forevertrendy-wears.business/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YTVkNjM0NjgtODZkOC1mNzlmLTFjYTctYjJhN2EyMTQyNjNiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODMzMDY4ODE1MzYxNDA5OC4yMDQzY2YyYy02MWQ2LTQ3ZGMtODg2Ni0wOWRmYjFlYWYzZmEmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNCQkRQSTVwYkZ0Ml9WajgyVTBDZ0Qxc0lWRUVtb3FKa0pyeEpjcVZ1cDJGcWt3dkU1V1hZbTFyb3BrcVVsOS04ek5jZktSNGpfeC1JXzg= Page URL
  3. https://daxa1nl9n9p.forevertrendy-wears.business/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YTVkNjM0NjgtODZkOC1mNzlmLTFjYTctYjJhN2EyMTQyNjNiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODMzMDY4ODE1MzYxNDA5OC4yMDQzY2YyYy02MWQ2LTQ3ZGMtODg2Ni0wOWRmYjFlYWYzZmEmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNCQkRQSTVwYkZ0Ml9WajgyVTBDZ0Qxc0lWRUVtb3FKa0pyeEpjcVZ1cDJGcWt3dkU1V1hZbTFyb3BrcVVsOS04ek5jZktSNGpfeC1JXzg=&sso_reload=true Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://westside-analogs.com/?zfppbwqn HTTP 302
  • https://daxa1nl9n9p.forevertrendy-wears.business/?sign=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2RheGExbmw5bjlwLmZvcmV2ZXJ0cmVuZHktd2VhcnMuYnVzaW5lc3MiLCJkb21haW4iOiJkYXhhMW5sOW45cC5mb3JldmVydHJlbmR5LXdlYXJzLmJ1c2luZXNzIiwia2V5IjoiYnFnWVQ2RG81anl4IiwicXJjIjpudWxsLCJpYXQiOjE2OTc0NzIwMTQsImV4cCI6MTY5NzQ3MjEzNH0.r1ncdh32ZfIUy5yuvQFcCetLpazZgIUHO9Zphwf9dgY HTTP 302
  • https://daxa1nl9n9p.forevertrendy-wears.business/__// HTTP 301
  • https://daxa1nl9n9p.forevertrendy-wears.business/owa/ HTTP 302
  • https://daxa1nl9n9p.forevertrendy-wears.business/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YTVkNjM0NjgtODZkOC1mNzlmLTFjYTctYjJhN2EyMTQyNjNiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODMzMDY4ODE1MzYxNDA5OC4yMDQzY2YyYy02MWQ2LTQ3ZGMtODg2Ni0wOWRmYjFlYWYzZmEmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNCQkRQSTVwYkZ0Ml9WajgyVTBDZ0Qxc0lWRUVtb3FKa0pyeEpjcVZ1cDJGcWt3dkU1V1hZbTFyb3BrcVVsOS04ek5jZktSNGpfeC1JXzg=

8 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
gray.html
pub-ab0550fba29342ca86c261be47b185d7.r2.dev/
627 B
698 B
Document
General
Full URL
https://pub-ab0550fba29342ca86c261be47b185d7.r2.dev/gray.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

CF-RAY
817183728ddd495c-MIA
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Mon, 16 Oct 2023 16:00:13 GMT
ETag
W/"e4a6eaae0924469b95ffbacff40b5c96"
Last-Modified
Mon, 16 Oct 2023 11:15:56 GMT
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
redirect.cgi
daxa1nl9n9p.forevertrendy-wears.business/
Redirect Chain
  • https://westside-analogs.com/?zfppbwqn
  • https://daxa1nl9n9p.forevertrendy-wears.business/?sign=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2RheGExbmw5bjlwLmZvcmV2ZXJ0cmVuZHktd2VhcnMuYnVzaW5lc3MiLCJkb21haW4iOiJkYXhhMW5sOW45c...
  • https://daxa1nl9n9p.forevertrendy-wears.business/__//
  • https://daxa1nl9n9p.forevertrendy-wears.business/owa/
  • https://daxa1nl9n9p.forevertrendy-wears.business/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDA...
21 KB
11 KB
Document
General
Full URL
https://daxa1nl9n9p.forevertrendy-wears.business/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YTVkNjM0NjgtODZkOC1mNzlmLTFjYTctYjJhN2EyMTQyNjNiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODMzMDY4ODE1MzYxNDA5OC4yMDQzY2YyYy02MWQ2LTQ3ZGMtODg2Ni0wOWRmYjFlYWYzZmEmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNCQkRQSTVwYkZ0Ml9WajgyVTBDZ0Qxc0lWRUVtb3FKa0pyeEpjcVZ1cDJGcWt3dkU1V1hZbTFyb3BrcVVsOS04ek5jZktSNGpfeC1JXzg=
Requested by
Host: pub-ab0550fba29342ca86c261be47b185d7.r2.dev
URL: https://pub-ab0550fba29342ca86c261be47b185d7.r2.dev/gray.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
194.180.49.204 Amsterdam, Netherlands, ASN211252 (AS_DELIS, US),
Reverse DNS
Software
/
Resource Hash
fd7f7a63181fbd678051edf86c3ce59fda548ed3afb6dcc553c8635af0a9e613
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://pub-ab0550fba29342ca86c261be47b185d7.r2.dev/gray.html
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
no-store, no-cache
Connection
close
Content-Encoding
gzip
Content-Security-Policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Content-Type
text/html; charset=utf-8
Date
Mon, 16 Oct 2023 16:00:15 GMT
Expires
-1
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma
no-cache
Referer
https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=a5d63468-86d8-f79f-1ca7-b2a7a214263b&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638330688153614098.2043cf2c-61d6-47dc-8866-09dfb1eaf3fa&state=DctBFoAgCABRrNdxSBBDPI5pbFt2_Vj82U0CgD1sIVEEmoqJkJrxJcqVup2FqkwvE5WXYm1ropkqUl9-8zNcfKR4j_x-I_8
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
content-length
21710
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+ams2"}]}
x-ms-ests-server
2.1.16522.6 - WEULR1 ProdSlices
x-ms-request-id
c0c94794-3414-487d-ac27-3e125266ca00

Redirect headers

Alt-Svc
h3=":443",h3-29=":443"
Connection
close
Content-Security-Policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Content-Type
text/html; charset=utf-8
Date
Mon, 16 Oct 2023 16:00:15 GMT
Location
https://daxa1nl9n9p.forevertrendy-wears.business/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YTVkNjM0NjgtODZkOC1mNzlmLTFjYTctYjJhN2EyMTQyNjNiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODMzMDY4ODE1MzYxNDA5OC4yMDQzY2YyYy02MWQ2LTQ3ZGMtODg2Ni0wOWRmYjFlYWYzZmEmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNCQkRQSTVwYkZ0Ml9WajgyVTBDZ0Qxc0lWRUVtb3FKa0pyeEpjcVZ1cDJGcWt3dkU1V1hZbTFyb3BrcVVsOS04ek5jZktSNGpfeC1JXzg=
NEL
{"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
P3P
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Report-To
{"group":"NelOfficeUpload1","max_age":7200,"endpoints":[{"url":"https://exo.nel.measure.office.net/api/report?TenantId=&FrontEnd=Cafe&DestinationEndpoint=AMS"}],"include_subdomains":true}
Server
Microsoft-IIS/10.0
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-BEServer
DB9P190MB1035
X-BackEnd-Begin
2023-10-16T16:00:15.361
X-BackEnd-End
2023-10-16T16:00:15.361
X-BackEndHttpStatus
302, 302
X-BeSku
WCS6
X-CalculatedBETarget
DB9P190MB1035.EURP190.PROD.OUTLOOK.COM
X-CalculatedFETarget
DUZPR01CU004.internal.outlook.com
X-DiagInfo
DB9P190MB1035
X-FEEFZInfo
AMS
X-FEProxyInfo
AS4P190CA0034.EURP190.PROD.OUTLOOK.COM
X-FEServer
DUZPR01CA0056, AS4P190CA0034
X-FirstHopCafeEFZ
AMS
X-IIDs
0
X-OWA-DiagnosticsInfo
1;0;0
X-Proxy-BackendServerStatus
302
X-Proxy-RoutingCorrectness
1
X-RUM-NotUpdateQueriedDbCopy
1
X-RUM-NotUpdateQueriedPath
1
X-RUM-Validated
1
X-UA-Compatible
IE=EmulateIE7
content-length
1307
request-id
a5d63468-86d8-f79f-1ca7-b2a7a214263b
BssoInterrupt_Core_pOO34JFwD1EVcxt413xLZg2.js
daxa1nl9n9p.forevertrendy-wears.business/aadcdn.msftauth.net/~/shared/1.0/content/js/
136 KB
49 KB
Script
General
Full URL
https://daxa1nl9n9p.forevertrendy-wears.business/aadcdn.msftauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_pOO34JFwD1EVcxt413xLZg2.js
Requested by
Host: daxa1nl9n9p.forevertrendy-wears.business
URL: https://daxa1nl9n9p.forevertrendy-wears.business/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YTVkNjM0NjgtODZkOC1mNzlmLTFjYTctYjJhN2EyMTQyNjNiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODMzMDY4ODE1MzYxNDA5OC4yMDQzY2YyYy02MWQ2LTQ3ZGMtODg2Ni0wOWRmYjFlYWYzZmEmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNCQkRQSTVwYkZ0Ml9WajgyVTBDZ0Qxc0lWRUVtb3FKa0pyeEpjcVZ1cDJGcWt3dkU1V1hZbTFyb3BrcVVsOS04ek5jZktSNGpfeC1JXzg=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
194.180.49.204 Amsterdam, Netherlands, ASN211252 (AS_DELIS, US),
Reverse DNS
Software
ECAcc (ama/48AE) /
Resource Hash
b40619b062b3b8eb96ead4efa6c2219dc902f6b85f5b9930c067e81ce1eab0d2
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

Request headers

accept-language
en-US,en;q=0.9
Referer
https://daxa1nl9n9p.forevertrendy-wears.business/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YTVkNjM0NjgtODZkOC1mNzlmLTFjYTctYjJhN2EyMTQyNjNiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODMzMDY4ODE1MzYxNDA5OC4yMDQzY2YyYy02MWQ2LTQ3ZGMtODg2Ni0wOWRmYjFlYWYzZmEmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNCQkRQSTVwYkZ0Ml9WajgyVTBDZ0Qxc0lWRUVtb3FKa0pyeEpjcVZ1cDJGcWt3dkU1V1hZbTFyb3BrcVVsOS04ek5jZktSNGpfeC1JXzg=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
Date
Mon, 16 Oct 2023 16:00:17 GMT
Content-Encoding
gzip
Content-Security-Policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Content-MD5
ZMFy5HcA9P2mV6uiFqhObw==
Age
3898444
X-Cache
HIT
Connection
close
content-length
138813
x-ms-lease-status
unlocked
Last-Modified
Thu, 31 Aug 2023 16:33:27 GMT
Server
ECAcc (ama/48AE)
Etag
0x8DBAA4001543B19
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
x-ms-request-id
d7125088-901e-001e-04d5-dc4819000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
Accept-Ranges
bytes
truncated
/
341 B
0
Script
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
90682803943448f3acffc81014c87fdd71f30d8cf97335fcea451fac1e568221

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Content-Type
text/javascript
Primary Request redirect.cgi
daxa1nl9n9p.forevertrendy-wears.business/
39 KB
19 KB
Document
General
Full URL
https://daxa1nl9n9p.forevertrendy-wears.business/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YTVkNjM0NjgtODZkOC1mNzlmLTFjYTctYjJhN2EyMTQyNjNiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODMzMDY4ODE1MzYxNDA5OC4yMDQzY2YyYy02MWQ2LTQ3ZGMtODg2Ni0wOWRmYjFlYWYzZmEmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNCQkRQSTVwYkZ0Ml9WajgyVTBDZ0Qxc0lWRUVtb3FKa0pyeEpjcVZ1cDJGcWt3dkU1V1hZbTFyb3BrcVVsOS04ek5jZktSNGpfeC1JXzg=&sso_reload=true
Requested by
Host: daxa1nl9n9p.forevertrendy-wears.business
URL: https://daxa1nl9n9p.forevertrendy-wears.business/aadcdn.msftauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_pOO34JFwD1EVcxt413xLZg2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
194.180.49.204 Amsterdam, Netherlands, ASN211252 (AS_DELIS, US),
Reverse DNS
Software
/
Resource Hash
9b62c34dd11d80cd0894cff31a63cc9d891701662ed10de89f5a760276b83715
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://daxa1nl9n9p.forevertrendy-wears.business/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YTVkNjM0NjgtODZkOC1mNzlmLTFjYTctYjJhN2EyMTQyNjNiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODMzMDY4ODE1MzYxNDA5OC4yMDQzY2YyYy02MWQ2LTQ3ZGMtODg2Ni0wOWRmYjFlYWYzZmEmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNCQkRQSTVwYkZ0Ml9WajgyVTBDZ0Qxc0lWRUVtb3FKa0pyeEpjcVZ1cDJGcWt3dkU1V1hZbTFyb3BrcVVsOS04ek5jZktSNGpfeC1JXzg=
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
no-store, no-cache
Connection
close
Content-Encoding
gzip
Content-Security-Policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Content-Type
text/html; charset=utf-8
Date
Mon, 16 Oct 2023 16:00:19 GMT
Expires
-1
Link
<https://aadcdn.msauth.net>; rel=preconnect; crossorigin, <https://aadcdn.msauth.net>; rel=dns-prefetch, <https://aadcdn.msftauth.net>; rel=dns-prefetch
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma
no-cache
Referer
https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=a5d63468-86d8-f79f-1ca7-b2a7a214263b&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638330688153614098.2043cf2c-61d6-47dc-8866-09dfb1eaf3fa&state=DctBFoAgCABRrNdxSBBDPI5pbFt2_Vj82U0CgD1sIVEEmoqJkJrxJcqVup2FqkwvE5WXYm1ropkqUl9-8zNcfKR4j_x-I_8
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
content-length
39943
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+ams2"}]}
x-ms-ests-server
2.1.16522.6 - FRC ProdSlices
x-ms-request-id
e9c12e65-e190-486f-809e-0e1405ad1000
converged.v2.login.min_ltjvsvk5aekta_kgibi0gg2.css
daxa1nl9n9p.forevertrendy-wears.business/aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/
109 KB
20 KB
Stylesheet
General
Full URL
https://daxa1nl9n9p.forevertrendy-wears.business/aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_ltjvsvk5aekta_kgibi0gg2.css
Requested by
Host: daxa1nl9n9p.forevertrendy-wears.business
URL: https://daxa1nl9n9p.forevertrendy-wears.business/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YTVkNjM0NjgtODZkOC1mNzlmLTFjYTctYjJhN2EyMTQyNjNiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODMzMDY4ODE1MzYxNDA5OC4yMDQzY2YyYy02MWQ2LTQ3ZGMtODg2Ni0wOWRmYjFlYWYzZmEmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNCQkRQSTVwYkZ0Ml9WajgyVTBDZ0Qxc0lWRUVtb3FKa0pyeEpjcVZ1cDJGcWt3dkU1V1hZbTFyb3BrcVVsOS04ek5jZktSNGpfeC1JXzg=&sso_reload=true
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
194.180.49.204 Amsterdam, Netherlands, ASN211252 (AS_DELIS, US),
Reverse DNS
Software
/
Resource Hash
1a0ea89ae667420caeae29d594d53258e6ed157dab7e8dfe6f154f0054b0cf99

Request headers

accept-language
en-US,en;q=0.9
Referer
https://daxa1nl9n9p.forevertrendy-wears.business/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YTVkNjM0NjgtODZkOC1mNzlmLTFjYTctYjJhN2EyMTQyNjNiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODMzMDY4ODE1MzYxNDA5OC4yMDQzY2YyYy02MWQ2LTQ3ZGMtODg2Ni0wOWRmYjFlYWYzZmEmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNCQkRQSTVwYkZ0Ml9WajgyVTBDZ0Qxc0lWRUVtb3FKa0pyeEpjcVZ1cDJGcWt3dkU1V1hZbTFyb3BrcVVsOS04ek5jZktSNGpfeC1JXzg=&sso_reload=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
Date
Mon, 16 Oct 2023 16:00:20 GMT
Content-Encoding
gzip
X-Cache
TCP_HIT
Connection
close
Content-Length
20208
x-ms-lease-status
unlocked
Last-Modified
Wed, 06 Sep 2023 21:22:45 GMT
ETag
0x8DBAF1F69A21EAA
x-azure-ref
20231016T160020Z-860ptmmbs1721cv4nfu4ynnx9s000000022g000000029qdu
Content-Type
text/css
Access-Control-Allow-Origin
*
x-ms-request-id
26bda986-c01e-0023-3383-fedb46000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
Accept-Ranges
bytes
ConvergedLogin_PCore_cMGnwaE07ZSpRlsZYnkefA2.js
daxa1nl9n9p.forevertrendy-wears.business/aadcdn.msauth.net/~/shared/1.0/content/js/
288 KB
0
Script
General
Full URL
https://daxa1nl9n9p.forevertrendy-wears.business/aadcdn.msauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_cMGnwaE07ZSpRlsZYnkefA2.js
Requested by
Host: daxa1nl9n9p.forevertrendy-wears.business
URL: https://daxa1nl9n9p.forevertrendy-wears.business/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YTVkNjM0NjgtODZkOC1mNzlmLTFjYTctYjJhN2EyMTQyNjNiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODMzMDY4ODE1MzYxNDA5OC4yMDQzY2YyYy02MWQ2LTQ3ZGMtODg2Ni0wOWRmYjFlYWYzZmEmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNCQkRQSTVwYkZ0Ml9WajgyVTBDZ0Qxc0lWRUVtb3FKa0pyeEpjcVZ1cDJGcWt3dkU1V1hZbTFyb3BrcVVsOS04ek5jZktSNGpfeC1JXzg=&sso_reload=true
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
194.180.49.204 Amsterdam, Netherlands, ASN211252 (AS_DELIS, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
https://daxa1nl9n9p.forevertrendy-wears.business/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YTVkNjM0NjgtODZkOC1mNzlmLTFjYTctYjJhN2EyMTQyNjNiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODMzMDY4ODE1MzYxNDA5OC4yMDQzY2YyYy02MWQ2LTQ3ZGMtODg2Ni0wOWRmYjFlYWYzZmEmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNCQkRQSTVwYkZ0Ml9WajgyVTBDZ0Qxc0lWRUVtb3FKa0pyeEpjcVZ1cDJGcWt3dkU1V1hZbTFyb3BrcVVsOS04ek5jZktSNGpfeC1JXzg=&sso_reload=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date
Mon, 16 Oct 2023 16:00:20 GMT
Connection
keep-alive
Keep-Alive
timeout=5
Content-Length
689017
Content-Type
application/x-javascript
ux.converged.login.strings-en.min_m9-edh3zk6bsrzenpxkndq2.js
daxa1nl9n9p.forevertrendy-wears.business/aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/
50 KB
16 KB
Script
General
Full URL
https://daxa1nl9n9p.forevertrendy-wears.business/aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_m9-edh3zk6bsrzenpxkndq2.js
Requested by
Host: daxa1nl9n9p.forevertrendy-wears.business
URL: https://daxa1nl9n9p.forevertrendy-wears.business/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YTVkNjM0NjgtODZkOC1mNzlmLTFjYTctYjJhN2EyMTQyNjNiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODMzMDY4ODE1MzYxNDA5OC4yMDQzY2YyYy02MWQ2LTQ3ZGMtODg2Ni0wOWRmYjFlYWYzZmEmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNCQkRQSTVwYkZ0Ml9WajgyVTBDZ0Qxc0lWRUVtb3FKa0pyeEpjcVZ1cDJGcWt3dkU1V1hZbTFyb3BrcVVsOS04ek5jZktSNGpfeC1JXzg=&sso_reload=true
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
194.180.49.204 Amsterdam, Netherlands, ASN211252 (AS_DELIS, US),
Reverse DNS
Software
/
Resource Hash
8ea3fcd85de809f8472884dc80669af2aec1f9342f5751ac6d4c5afa1d7b192e
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

Request headers

accept-language
en-US,en;q=0.9
Referer
https://daxa1nl9n9p.forevertrendy-wears.business/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YTVkNjM0NjgtODZkOC1mNzlmLTFjYTctYjJhN2EyMTQyNjNiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODMzMDY4ODE1MzYxNDA5OC4yMDQzY2YyYy02MWQ2LTQ3ZGMtODg2Ni0wOWRmYjFlYWYzZmEmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNCQkRQSTVwYkZ0Ml9WajgyVTBDZ0Qxc0lWRUVtb3FKa0pyeEpjcVZ1cDJGcWt3dkU1V1hZbTFyb3BrcVVsOS04ek5jZktSNGpfeC1JXzg=&sso_reload=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
Date
Mon, 16 Oct 2023 16:00:20 GMT
Content-Encoding
gzip
Content-Security-Policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
X-Cache
TCP_HIT
Connection
close
content-length
51481
x-ms-lease-status
unlocked
Last-Modified
Tue, 26 Sep 2023 01:33:58 GMT
ETag
0x8DBBE30A79804EA
x-azure-ref
20231016T160020Z-ea4gr4ahrh5114ucew1xggaby8000000025000000001vhb3
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
x-ms-request-id
bc998a0c-301e-008c-2b83-fe943f000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
Accept-Ranges
bytes
truncated
/
341 B
0
Script
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
90682803943448f3acffc81014c87fdd71f30d8cf97335fcea451fac1e568221

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Content-Type
text/javascript
Me.htm
login.live.com/
0
0
Other
General
Full URL
https://login.live.com/Me.htm?v=3
Requested by
Host: daxa1nl9n9p.forevertrendy-wears.business
URL: https://daxa1nl9n9p.forevertrendy-wears.business/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YTVkNjM0NjgtODZkOC1mNzlmLTFjYTctYjJhN2EyMTQyNjNiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODMzMDY4ODE1MzYxNDA5OC4yMDQzY2YyYy02MWQ2LTQ3ZGMtODg2Ni0wOWRmYjFlYWYzZmEmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNCQkRQSTVwYkZ0Ml9WajgyVTBDZ0Qxc0lWRUVtb3FKa0pyeEpjcVZ1cDJGcWt3dkU1V1hZbTFyb3BrcVVsOS04ek5jZktSNGpfeC1JXzg=&sso_reload=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.190.157.11 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
https://daxa1nl9n9p.forevertrendy-wears.business/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| c object| $Config object| $Debug object| $Do function| $Loader object| $WebWatson function| GetString function| GetErrorString function| GetUrl object| $B object| ServerData

17 Cookies

Domain/Path Name / Value
westside-analogs.com/ Name: qPdM
Value: bqgYT6Do5jyx
westside-analogs.com/ Name: qPdM.sig
Value: jU8kuxbpeiwf-7DcGzDyy1v0IHk
daxa1nl9n9p.forevertrendy-wears.business/ Name: qPdM
Value: bqgYT6Do5jyx
daxa1nl9n9p.forevertrendy-wears.business/ Name: qPdM.sig
Value: jU8kuxbpeiwf-7DcGzDyy1v0IHk
daxa1nl9n9p.forevertrendy-wears.business/ Name: ClientId
Value: A771E755772A44B2B6078E28144208B9
daxa1nl9n9p.forevertrendy-wears.business/ Name: OIDC
Value: 1
daxa1nl9n9p.forevertrendy-wears.business/ Name: OpenIdConnect.nonce.v3.ao4UDfqYilXByNXs6vP-uNdI8K9yskhDpOefz2WTQJ8
Value: 638330688153614098.2043cf2c-61d6-47dc-8866-09dfb1eaf3fa
daxa1nl9n9p.forevertrendy-wears.business/ Name: X-OWA-RedirectHistory
Value: ArLym14BEneg_GDO2wg
daxa1nl9n9p.forevertrendy-wears.business/ Name: x-ms-gateway-slice
Value: estsfd
daxa1nl9n9p.forevertrendy-wears.business/ Name: stsservicecookie
Value: estsfd
.daxa1nl9n9p.forevertrendy-wears.business/ Name: AADSSO
Value: NA|NoExtension
daxa1nl9n9p.forevertrendy-wears.business/ Name: SSOCOOKIEPULLED
Value: 1
daxa1nl9n9p.forevertrendy-wears.business/ Name: buid
Value: 0.ASAAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABAAEAAAAtyolDObpQQ5VtlI4uGjEP5MXIrcZagNsMzUiAlvxrcTdFrSKV7Q17Q-wzBi9btkoJQauzbakjftYv_oIg5JOdfgPkQn6pLkWrdctidPzZHBZ39ydUecxAtFw9-f85MQIgAA
.daxa1nl9n9p.forevertrendy-wears.business/ Name: esctx
Value: PAQABAAEAAAAtyolDObpQQ5VtlI4uGjEPcrp7ell38rMxQ5XA49J29MSilpS7BdcaOYOwj_dO3cUNjGZqQP7X7md9vpK30XjW0-F3HU5I-GrnQY4jDLbhzqO7yTdhT9DtLhc8Cv3wcWyAucUoYSxgU413_aaDx-OmpcLwLFqeF5BpXWGWwEYZ1HqlqO5Qt6F33m_dno4zVeMYUY6mqMbUMAL-Gse1ksp4bv85RjmKTHCe3yoZHrlDDEwDhb6pVOvoa02xAwsgP14gAA
daxa1nl9n9p.forevertrendy-wears.business/ Name: fpc
Value: AhN5t-kcw55Jmqj1rThrmmuerOTJAQAAABNVv9wOAAAA
.login.live.com/ Name: uaid
Value: d8c4a808fdd6471c95e2ecf9d90c6997
.login.live.com/ Name: MSPRequ
Value: id=N&lt=1697472020&co=1