sanntafeapdovs.gygbbwqtxzhaltd.workers.dev Open in urlscan Pro
2606:4700:3037::ac43:9113  Malicious Activity! Public Scan

Submitted URL: https://www.baidu.com/link?url=fZ87OZB8VqE0deFZIMu3U4vM3rM2mVLJkfW9ed35Qciatp0lEfUBgW8Ip7xBMtkd&wd=d29ya3BsYWNlfGRHRnV...
Effective URL: https://sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/66defc8fa2fad3a71308b4ef/om/d29ya3BsYWNlfGRHRnVhWFZ0TG1OdmJRPT18VU9wcWpTakZZZkxzVHF1Rk1qUGN0bWtS...
Submission: On September 26 via manual from US — Scanned from US

Summary

This website contacted 6 IPs in 2 countries across 6 domains to perform 23 HTTP transactions. The main IP is 2606:4700:3037::ac43:9113, located in United States and belongs to CLOUDFLARENET, US. The main domain is sanntafeapdovs.gygbbwqtxzhaltd.workers.dev.
TLS certificate: Issued by WE1 on September 24th 2024. Valid for: 3 months.
This is the only time sanntafeapdovs.gygbbwqtxzhaltd.workers.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 103.235.46.96 55967 (BAIDU Bei...)
2 162.241.156.147 19871 (NETWORK-S...)
4 2606:4700:303... 13335 (CLOUDFLAR...)
14 2620:1ec:bdf::38 8075 (MICROSOFT...)
1 2603:1036:302... 8075 (MICROSOFT...)
1 2603:1037:1:1... 8075 (MICROSOFT...)
23 6
Apex Domain
Subdomains
Transfer
14 msauth.net
aadcdn.msauth.net — Cisco Umbrella Rank: 1016
364 KB
4 workers.dev
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev
24 KB
2 damondavis.com
damondavis.com
1 KB
1 microsoftazuread-sso.com
autologon.microsoftazuread-sso.com — Cisco Umbrella Rank: 1135
1 KB
1 office365.com
outlook.office365.com — Cisco Umbrella Rank: 37
1 baidu.com
www.baidu.com — Cisco Umbrella Rank: 3756
903 B
23 6
Domain Requested by
14 aadcdn.msauth.net sanntafeapdovs.gygbbwqtxzhaltd.workers.dev
aadcdn.msauth.net
4 sanntafeapdovs.gygbbwqtxzhaltd.workers.dev damondavis.com
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev
aadcdn.msauth.net
2 damondavis.com www.baidu.com
1 autologon.microsoftazuread-sso.com
1 outlook.office365.com aadcdn.msauth.net
1 www.baidu.com
23 6

This site contains links to these domains. Also see Links.

Domain
www.microsoft.com
privacy.microsoft.com
Subject Issuer Validity Valid
baidu.com
GlobalSign RSA OV SSL CA 2018
2024-07-08 -
2025-08-09
a year crt.sh
www.damondavis.com
R11
2024-08-04 -
2024-11-02
3 months crt.sh
gygbbwqtxzhaltd.workers.dev
WE1
2024-09-24 -
2024-12-23
3 months crt.sh
aadcdn.msauth.net
DigiCert SHA2 Secure Server CA
2024-07-30 -
2025-07-30
a year crt.sh
outlook.com
DigiCert Cloud Services CA-1
2024-06-27 -
2025-06-26
a year crt.sh
autologon.microsoftazuread-sso.com
DigiCert SHA2 Secure Server CA
2024-08-26 -
2025-02-26
6 months crt.sh

This page contains 2 frames:

Primary Page: https://sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/66defc8fa2fad3a71308b4ef/om/d29ya3BsYWNlfGRHRnVhWFZ0TG1OdmJRPT18VU9wcWpTakZZZkxzVHF1Rk1qUGN0bWtSVVhuc21lcU5LdnZvdVFXcEh3b1p1elBWbnRQdHU%3D
Frame ID: CF13E2CE4DB9CCC89FC177C3C958D611
Requests: 22 HTTP requests in this frame

Frame: https://outlook.office365.com/owa/prefetch.aspx
Frame ID: 7A48BB4DEF649AEF48A5BD03EB0E9DBD
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Sign in to Outlook

Page URL History Show full URLs

  1. https://www.baidu.com/link?url=fZ87OZB8VqE0deFZIMu3U4vM3rM2mVLJkfW9ed35Qciatp0lEfUBgW8Ip7xBMtkd&wd... Page URL
  2. https://damondavis.com/ Page URL
  3. https://sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/66defc8fa2fad3a71308b4ef/om/d29ya3BsYWNlfGRHRnVhWFZ0TG1OdmJRPT18VU9wcWpTakZZ... Page URL

Page Statistics

23
Requests

100 %
HTTPS

67 %
IPv6

6
Domains

6
Subdomains

6
IPs

2
Countries

392 kB
Transfer

1225 kB
Size

25
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.baidu.com/link?url=fZ87OZB8VqE0deFZIMu3U4vM3rM2mVLJkfW9ed35Qciatp0lEfUBgW8Ip7xBMtkd&wd=d29ya3BsYWNlfGRHRnVhWFZ0TG1OdmJRPT18VU9wcWpTakZZZkxzVHF1Rk1qUGN0bWtSVVhuc21lcU5LdnZvdVFXcEh3b1p1elBWbnRQdHU= Page URL
  2. https://damondavis.com/ Page URL
  3. https://sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/66defc8fa2fad3a71308b4ef/om/d29ya3BsYWNlfGRHRnVhWFZ0TG1OdmJRPT18VU9wcWpTakZZZkxzVHF1Rk1qUGN0bWtSVVhuc21lcU5LdnZvdVFXcEh3b1p1elBWbnRQdHU%3D Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
link
www.baidu.com/
615 B
903 B
Document
General
Full URL
https://www.baidu.com/link?url=fZ87OZB8VqE0deFZIMu3U4vM3rM2mVLJkfW9ed35Qciatp0lEfUBgW8Ip7xBMtkd&wd=d29ya3BsYWNlfGRHRnVhWFZ0TG1OdmJRPT18VU9wcWpTakZZZkxzVHF1Rk1qUGN0bWtSVVhuc21lcU5LdnZvdVFXcEh3b1p1elBWbnRQdHU=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.235.46.96 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),
Reverse DNS
Software
BWS/1.1 /
Resource Hash
de173797dc0406d35110861ad99f2e7804696a037d6cf88a3db3d063ea53a595
Security Headers
Name Value
X-Xss-Protection 1;mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Bdpagetype
3
Connection
keep-alive
Content-Encoding
br
Content-Length
346
Content-Type
text/html
Date
Thu, 26 Sep 2024 18:10:22 GMT
P3p
CP=" OTI DSP COR IVA OUR IND COM "
Server
BWS/1.1
Traceid
1727374222031353857011136453916863672891
Vary
Accept-Encoding
X-Ua-Compatible
IE=Edge,chrome=1
X-Xss-Protection
1;mode=block
/
damondavis.com/
963 B
1 KB
Document
General
Full URL
https://damondavis.com/
Requested by
Host: www.baidu.com
URL: https://www.baidu.com/link?url=fZ87OZB8VqE0deFZIMu3U4vM3rM2mVLJkfW9ed35Qciatp0lEfUBgW8Ip7xBMtkd&wd=d29ya3BsYWNlfGRHRnVhWFZ0TG1OdmJRPT18VU9wcWpTakZZZkxzVHF1Rk1qUGN0bWtSVVhuc21lcU5LdnZvdVFXcEh3b1p1elBWbnRQdHU=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.241.156.147 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
annterry.com
Software
Apache /
Resource Hash
c3ace94f0fb4e03509df7fc557a51de3f258c86fd6fcd39392b10cc19002a1c1

Request headers

Referer
https://www.baidu.com/link?url=fZ87OZB8VqE0deFZIMu3U4vM3rM2mVLJkfW9ed35Qciatp0lEfUBgW8Ip7xBMtkd&wd=d29ya3BsYWNlfGRHRnVhWFZ0TG1OdmJRPT18VU9wcWpTakZZZkxzVHF1Rk1qUGN0bWtSVVhuc21lcU5LdnZvdVFXcEh3b1p1elBWbnRQdHU=
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

content-type
text/html; charset=UTF-8
date
Thu, 26 Sep 2024 18:10:22 GMT
server
Apache
Primary Request d29ya3BsYWNlfGRHRnVhWFZ0TG1OdmJRPT18VU9wcWpTakZZZkxzVHF1Rk1qUGN0bWtSVVhuc21lcU5LdnZvdVFXcEh3b1p1elBWbnRQdHU%3D
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/66defc8fa2fad3a71308b4ef/om/
42 KB
21 KB
Document
General
Full URL
https://sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/66defc8fa2fad3a71308b4ef/om/d29ya3BsYWNlfGRHRnVhWFZ0TG1OdmJRPT18VU9wcWpTakZZZkxzVHF1Rk1qUGN0bWtSVVhuc21lcU5LdnZvdVFXcEh3b1p1elBWbnRQdHU%3D
Requested by
Host: damondavis.com
URL: https://damondavis.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::ac43:9113 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
06441f14802cc6f59462c0bffde05e28352d93cc9f2f2dde6bac98fd8709cb22

Request headers

Referer
https://damondavis.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
auth,authkey , authvalue, Authorization, User-Agent, Keep-Alive, Content-Type, X-Requested-With
access-control-allow-methods
GET, POST, DELETE, PUT, PATCH, OPTIONS
access-control-allow-origin
null
access-control-max-age
1
cache-control
s-maxage=0
cf-cache-status
DYNAMIC
cf-ray
8c9535de3fc7435d-EWR
content-encoding
br
content-type
text/html; charset=utf-8
date
Thu, 26 Sep 2024 18:10:23 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fcNpMP3uRmaiIF4sfpqHEk9Ad0r2paLDJzYI6lQhkQ9i9bBm4EZ4RIG4oeBR2zWoa%2FFElYpfQcZKMDUHZWr6V7x01Wb158bs42aNXgigGbc7LCbWeBVOibQ%2F8zL8ZvlhfmErtaXd4a%2BDNIvZ0St9BHovRxYyL9vhmqYETpi5KGb7TZ5nPCBN64A%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
speculation-rules
"/cdn-cgi/speculation"
vary
Origin, Accept-Encoding
x-cache-status
MISS
favicon.ico
damondavis.com/
4 B
26 B
Other
General
Full URL
https://damondavis.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.241.156.147 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
annterry.com
Software
Apache /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://damondavis.com/

Response headers

date
Thu, 26 Sep 2024 18:10:22 GMT
content-type
text/html; charset=UTF-8
server
Apache
speculation
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/cdn-cgi/
128 B
605 B
Other
General
Full URL
https://sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/cdn-cgi/speculation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::ac43:9113 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://sanntafeapdovs.gygbbwqtxzhaltd.workers.dev
Referer
https://sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/66defc8fa2fad3a71308b4ef/om/d29ya3BsYWNlfGRHRnVhWFZ0TG1OdmJRPT18VU9wcWpTakZZZkxzVHF1Rk1qUGN0bWtSVVhuc21lcU5LdnZvdVFXcEh3b1p1elBWbnRQdHU%3D

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8TLHMRGKTEWFcs%2BCNa3XPTJRPsrhYMsmf8YeUIYDVkoFxz%2BochF3H2cFoFY7Ys3%2BYnNR6b5l46XgJZg47giPCaXVtogaHJjg%2F81viReEgpKaRzakxbvtd9Zmj3NiEfqZHbOa%2FP%2B%2BhJCvr1kjcBiwrGu8EIRhVZ64EN27P7BH19pFatckqKf5ia4%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8c9535e33f4e435d-EWR
access-control-allow-origin
https://sanntafeapdovs.gygbbwqtxzhaltd.workers.dev
content-length
128
date
Thu, 26 Sep 2024 18:10:23 GMT
content-type
application/speculationrules+json
vary
Origin, Accept-Encoding
server
cloudflare
Me.htm
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/66defc8fa2fad3a71308b4ef/o/aHR0cHM6Ly9sb2dpbi5saXZlLmNvbQ==-lg/
0
2 KB
Other
General
Full URL
https://sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/66defc8fa2fad3a71308b4ef/o/aHR0cHM6Ly9sb2dpbi5saXZlLmNvbQ==-lg/Me.htm?v=3
Requested by
Host: sanntafeapdovs.gygbbwqtxzhaltd.workers.dev
URL: https://sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/66defc8fa2fad3a71308b4ef/om/d29ya3BsYWNlfGRHRnVhWFZ0TG1OdmJRPT18VU9wcWpTakZZZkxzVHF1Rk1qUGN0bWtSVVhuc21lcU5LdnZvdVFXcEh3b1p1elBWbnRQdHU%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::ac43:9113 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/66defc8fa2fad3a71308b4ef/om/d29ya3BsYWNlfGRHRnVhWFZ0TG1OdmJRPT18VU9wcWpTakZZZkxzVHF1Rk1qUGN0bWtSVVhuc21lcU5LdnZvdVFXcEh3b1p1elBWbnRQdHU%3D

Response headers

content-encoding
br
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TO6ggoa9mGaEZZFPjGXirkVQYI8Vn0oJPDMsUoUKxn6PTGaUkqGS4sRS3fuP6BLHopLYtTozWYa7fdoG5VMeSN%2F2BOczSqDAO71JreVvGNZQnq4ok%2BasBoVTtfSDhfWuNqmzw%2F6pKhGxUQSEKPEbf7yXLRMhbJh1RsFVP196igsb3hi%2BnL0hJdw%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET, POST, DELETE, PUT, PATCH, OPTIONS
x-content-type-options
nosniff
expires
Mon, 25 Jul 1997 05:00:00 GMT
p3p
CP="DSP CUR OTPi IND OTRi ONL FIN"
date
Thu, 26 Sep 2024 18:10:24 GMT
content-type
text/html; charset=utf-8
vary
Origin, Origin, Accept-Encoding
access-control-allow-headers
auth,authkey , authvalue, Authorization, User-Agent, Keep-Alive, Content-Type, X-Requested-With
x-cache-status
MISS
strict-transport-security
max-age=31536000
ppserver
PPV: 30 H: SN1PEPF0002F092 V: 0
cache-control
s-maxage=0
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules
"/cdn-cgi/speculation"
x-ms-route-info
C510_SN1
access-control-allow-credentials
true
referrer-policy
strict-origin-when-cross-origin
x-ms-request-id
eedbfb35-5f66-47b7-930e-f524579bc979
cf-ray
8c9535e36f8d435d-EWR
access-control-allow-origin
null
x-xss-protection
1; mode=block
server
cloudflare
converged.v2.login.min_qzvqnltrxpy99ajspyxbgq2.css
aadcdn.msauth.net/ests/2.1/content/cdnbundles/
111 KB
20 KB
Stylesheet
General
Full URL
https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_qzvqnltrxpy99ajspyxbgq2.css
Requested by
Host: sanntafeapdovs.gygbbwqtxzhaltd.workers.dev
URL: https://sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/66defc8fa2fad3a71308b4ef/om/d29ya3BsYWNlfGRHRnVhWFZ0TG1OdmJRPT18VU9wcWpTakZZZkxzVHF1Rk1qUGN0bWtSVVhuc21lcU5LdnZvdVFXcEh3b1p1elBWbnRQdHU%3D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::38 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
1f8ceb44fe7cfcf7e71dbd5122210335ca3821d697a851d2900b95af7d92d69d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://sanntafeapdovs.gygbbwqtxzhaltd.workers.dev
Referer
https://sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/

Response headers

access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DC9BA9D4131BFD
x-ms-lease-status
unlocked
x-fd-int-roxy-purgeid
4554691
x-cache
TCP_HIT
date
Thu, 26 Sep 2024 18:10:24 GMT
content-type
text/css
last-modified
Wed, 03 Jul 2024 21:48:08 GMT
cache-control
public, max-age=31536000
x-ms-request-id
ad882c9e-501e-005a-5efa-0b9a1c000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
20414
x-azure-ref
20240926T181024Z-r1566bc5897x9vqzfw8b15skv800000008rg000000002q45
x-ms-blob-type
BlockBlob
ConvergedLogin_PCore_NXCGegEOpKB5nrI5GnSS3g2.js
aadcdn.msauth.net/shared/1.0/content/js/
439 KB
120 KB
Script
General
Full URL
https://aadcdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_NXCGegEOpKB5nrI5GnSS3g2.js
Requested by
Host: sanntafeapdovs.gygbbwqtxzhaltd.workers.dev
URL: https://sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/66defc8fa2fad3a71308b4ef/om/d29ya3BsYWNlfGRHRnVhWFZ0TG1OdmJRPT18VU9wcWpTakZZZkxzVHF1Rk1qUGN0bWtSVVhuc21lcU5LdnZvdVFXcEh3b1p1elBWbnRQdHU%3D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::38 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
729b9bf98f3edbbbe47c947a08b87b8f434a2e9277230b12129889787fe3c507

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://sanntafeapdovs.gygbbwqtxzhaltd.workers.dev
Referer
https://sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/

Response headers

access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCC7710D0FB909
x-ms-lease-status
unlocked
x-fd-int-roxy-purgeid
4554691
x-cache
TCP_HIT
date
Thu, 26 Sep 2024 18:10:24 GMT
content-type
application/x-javascript
last-modified
Wed, 28 Aug 2024 14:52:34 GMT
cache-control
public, max-age=31536000
x-ms-request-id
d3f7f130-601e-007e-06fa-0b6cbc000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
122194
x-azure-ref
20240926T181024Z-r1566bc5897x9vqzfw8b15skv800000008rg000000002q47
x-ms-blob-type
BlockBlob
ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js
aadcdn.msauth.net/ests/2.1/content/cdnbundles/
56 KB
16 KB
Script
General
Full URL
https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js
Requested by
Host: sanntafeapdovs.gygbbwqtxzhaltd.workers.dev
URL: https://sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/66defc8fa2fad3a71308b4ef/om/d29ya3BsYWNlfGRHRnVhWFZ0TG1OdmJRPT18VU9wcWpTakZZZkxzVHF1Rk1qUGN0bWtSVVhuc21lcU5LdnZvdVFXcEh3b1p1elBWbnRQdHU%3D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::38 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
81188e8a76162c79db4a5c10ac933c9e874c5b9eae10e47956ad9df704e01b28

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://sanntafeapdovs.gygbbwqtxzhaltd.workers.dev
Referer
https://sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/

Response headers

access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCC6D537C7BF24
x-ms-lease-status
unlocked
x-fd-int-roxy-purgeid
4554691
x-cache
TCP_HIT
date
Thu, 26 Sep 2024 18:10:24 GMT
content-type
application/x-javascript
last-modified
Tue, 27 Aug 2024 20:17:04 GMT
cache-control
public, max-age=31536000
x-ms-request-id
c8935b7d-301e-000a-06fa-0b105e000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
16326
x-azure-ref
20240926T181024Z-r1566bc5897x9vqzfw8b15skv800000008rg000000002q46
x-ms-blob-type
BlockBlob
convergedlogin_pcustomizationloader_117b650bccea354984d8.js
aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/
397 KB
114 KB
Script
General
Full URL
https://aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js
Requested by
Host: aadcdn.msauth.net
URL: https://aadcdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_NXCGegEOpKB5nrI5GnSS3g2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::38 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
da4a8df0c326292b5bee9c732b3c962fd67aaf2f99d850f1bf65068d573c5619

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/

Response headers

access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCBD5317046A2F
x-ms-lease-status
unlocked
x-fd-int-roxy-purgeid
0
x-cache
TCP_HIT
date
Thu, 26 Sep 2024 18:10:24 GMT
content-type
application/x-javascript
last-modified
Thu, 15 Aug 2024 17:52:54 GMT
cache-control
public, max-age=31536000
x-ms-request-id
d1cfacbd-e01e-0002-406a-0b4243000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
116365
x-azure-ref
20240926T181024Z-r1566bc5897hfw6trpuxk2aysn00000009t0000000001zkc
x-ms-blob-type
BlockBlob
prefetch.aspx
outlook.office365.com/owa/ Frame 7A48
0
0
Document
General
Full URL
https://outlook.office365.com/owa/prefetch.aspx
Requested by
Host: aadcdn.msauth.net
URL: https://aadcdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_NXCGegEOpKB5nrI5GnSS3g2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2603:1036:302:4832::2 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443";ma=2592000,h3-29=":443";ma=2592000
cache-control
private, no-store
content-encoding
gzip
content-length
1236
content-type
text/html; charset=utf-8
date
Thu, 26 Sep 2024 18:10:24 GMT
nel
{"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
report-to
{"group":"NelOfficeUpload1","max_age":7200,"endpoints":[{"url":"https://exo.nel.measure.office.net/api/report?TenantId=&FrontEnd=Cafe&DestinationEndpoint=MNZ&RemoteIP=2600:803:a88::&Environment=MT"}],"include_subdomains":true}
request-id
36a15bb2-98b2-56c8-0e43-f774f81bf208
server
Microsoft-IIS/10.0
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
x-backend-begin
2024-09-26T18:10:24.433
x-backend-end
2024-09-26T18:10:24.449
x-backendhttpstatus
200
x-beserver
BN8PR13MB2593
x-besku
WCS5
x-calculatedbetarget
BN8PR13MB2593.namprd13.prod.outlook.com
x-content-type-options
nosniff
x-diaginfo
BN8PR13MB2593
x-feefzinfo
MNZ
x-feproxyinfo
BL1PR13CA0260.NAMPRD13.PROD.OUTLOOK.COM
x-feserver
BL1PR13CA0260
x-firsthopcafeefz
MNZ
x-owa-diagnosticsinfo
9;0;0;
x-owa-version
15.20.7982.22
x-proxy-backendserverstatus
200
x-proxy-routingcorrectness
1
x-responseorigin
OwaAppPool
x-rum-notupdatequerieddbcopy
1
x-rum-notupdatequeriedpath
1
x-rum-validated
1
x-ua-compatible
IE=EmulateIE7
convergedlogin_pfetchsessionsprogress_d0a803279e7397bef834.js
aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/
15 KB
6 KB
Script
General
Full URL
https://aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_d0a803279e7397bef834.js
Requested by
Host: aadcdn.msauth.net
URL: https://aadcdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_NXCGegEOpKB5nrI5GnSS3g2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::38 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
bc6804d058d5bd5b24fc04e479fc8973bef5d3efeafaa9c19c60a009bf0fac0b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/

Response headers

access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCBD531731891C
x-ms-lease-status
unlocked
x-fd-int-roxy-purgeid
0
x-cache
TCP_HIT
date
Thu, 26 Sep 2024 18:10:24 GMT
content-type
application/x-javascript
last-modified
Thu, 15 Aug 2024 17:52:54 GMT
cache-control
public, max-age=31536000
x-ms-request-id
197bd41c-301e-004c-7e65-0b6ccb000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
5529
x-azure-ref
20240926T181024Z-r1566bc5897hfw6trpuxk2aysn00000009t0000000001zkh
x-ms-blob-type
BlockBlob
marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif
aadcdn.msauth.net/shared/1.0/content/images/
3 KB
3 KB
Image
General
Full URL
https://aadcdn.msauth.net/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::38 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
a46201581a7c7c667fd42787cd1e9adf2f6bf809efb7596e61a03e8dba9ada13

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/

Response headers

access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
etag
0x8DB5C3F48EC4154
x-fd-int-roxy-purgeid
4554691
x-cache
TCP_HIT
date
Thu, 26 Sep 2024 18:10:24 GMT
content-type
image/gif
last-modified
Wed, 24 May 2023 10:11:47 GMT
cache-control
public, max-age=31536000
x-ms-request-id
670812d1-901e-0069-116b-0bfa1a000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
2672
x-azure-ref
20240926T181024Z-r1566bc5897hfw6trpuxk2aysn00000009t0000000001zkk
x-ms-blob-type
BlockBlob
marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif
aadcdn.msauth.net/shared/1.0/content/images/
4 KB
4 KB
Image
General
Full URL
https://aadcdn.msauth.net/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::38 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
8737d721808655f37b333f08a90185699e7e8b9bdaaa15cdb63c8448b426f95d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/

Response headers

access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
etag
0x8DB5C3F4904824B
x-fd-int-roxy-purgeid
4554691
x-cache
TCP_HIT
date
Thu, 26 Sep 2024 18:10:24 GMT
content-type
image/gif
last-modified
Wed, 24 May 2023 10:11:48 GMT
cache-control
public, max-age=31536000
x-ms-request-id
19e106c9-c01e-001e-066b-0b5831000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
3620
x-azure-ref
20240926T181024Z-r1566bc5897hfw6trpuxk2aysn00000009t0000000001zkm
x-ms-blob-type
BlockBlob
49-small_2055002f2daae2ed8f69f03944c0e5d9.jpg
aadcdn.msauth.net/shared/1.0/content/images/appbackgrounds/
987 B
1 KB
Image
General
Full URL
https://aadcdn.msauth.net/shared/1.0/content/images/appbackgrounds/49-small_2055002f2daae2ed8f69f03944c0e5d9.jpg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::38 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
8b34a475187302935336bf43a2bf2a4e0adb9a1e87953ea51f6fcf0ef52a4a1d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/

Response headers

access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
etag
0x8DB5C3F457E15E1
x-fd-int-roxy-purgeid
0
x-cache
TCP_HIT
date
Thu, 26 Sep 2024 18:10:24 GMT
content-type
image/jpeg
last-modified
Wed, 24 May 2023 10:11:42 GMT
cache-control
public, max-age=31536000
x-ms-request-id
f97e6491-301e-002d-2f6a-0b7025000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
987
x-azure-ref
20240926T181024Z-r1566bc5897hfw6trpuxk2aysn00000009t0000000001zkn
x-ms-blob-type
BlockBlob
49_6ffe0a92d779c878835b40171ffc2e13.jpg
aadcdn.msauth.net/shared/1.0/content/images/appbackgrounds/
17 KB
18 KB
Image
General
Full URL
https://aadcdn.msauth.net/shared/1.0/content/images/appbackgrounds/49_6ffe0a92d779c878835b40171ffc2e13.jpg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::38 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
d8f5ab3e00202fd3b45be1acd95d677b137064001e171bc79b06826d98f1e1d3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/

Response headers

access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
etag
0x8DB5C3F4584F323
x-fd-int-roxy-purgeid
4554691
x-cache
TCP_HIT
date
Thu, 26 Sep 2024 18:10:24 GMT
content-type
image/jpeg
last-modified
Wed, 24 May 2023 10:11:42 GMT
cache-control
public, max-age=31536000
x-ms-request-id
b9c72af6-601e-0017-166b-0b1de2000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
17453
x-azure-ref
20240926T181024Z-r1566bc5897hfw6trpuxk2aysn00000009t0000000001zkp
x-ms-blob-type
BlockBlob
53_7a3c80bf9694448bac31a9589d2e9e92.png
aadcdn.msauth.net/shared/1.0/content/images/applogos/
5 KB
6 KB
Image
General
Full URL
https://aadcdn.msauth.net/shared/1.0/content/images/applogos/53_7a3c80bf9694448bac31a9589d2e9e92.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::38 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e4e1e65871749d18aea150643c07e0aab2057da057c6c57ec1c3c43580e1c898

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/

Response headers

access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
etag
0x8DB5C3F475BAFC0
x-fd-int-roxy-purgeid
0
x-cache
TCP_HIT
date
Thu, 26 Sep 2024 18:10:24 GMT
content-type
image/png
last-modified
Wed, 24 May 2023 10:11:45 GMT
cache-control
public, max-age=31536000
x-ms-request-id
008f1b2b-f01e-000e-3d6a-0bd54b000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
5139
x-azure-ref
20240926T181024Z-r1566bc5897hfw6trpuxk2aysn00000009t0000000001zkq
x-ms-blob-type
BlockBlob
microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
aadcdn.msauth.net/shared/1.0/content/images/
4 KB
2 KB
Image
General
Full URL
https://aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::38 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/

Response headers

access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DB5C3F4911527F
x-ms-lease-status
unlocked
x-fd-int-roxy-purgeid
4554691
x-cache
TCP_HIT
date
Thu, 26 Sep 2024 18:10:24 GMT
content-type
image/svg+xml
last-modified
Wed, 24 May 2023 10:11:48 GMT
cache-control
public, max-age=31536000
x-ms-request-id
afff00d8-f01e-0053-3a6b-0bdfcf000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
1435
x-azure-ref
20240926T181024Z-r1566bc5897hfw6trpuxk2aysn00000009t0000000001zkr
x-ms-blob-type
BlockBlob
ssoprobe
autologon.microsoftazuread-sso.com/tanium.com/winauth/
12 B
1 KB
Image
General
Full URL
https://autologon.microsoftazuread-sso.com/tanium.com/winauth/ssoprobe?client-request-id=a2dc8fcd-a06e-0869-56f2-a2d0b1a13463&_=1727374224467
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2603:1037:1:128::8 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
d089c8a9fc28e4e50223eb38c9409e362521be9380a37341304fbac7a4cd9e5f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/

Response headers

x-ms-ests-server
2.1.18947.4 - SCUS ProdSlices
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+est"}]}
X-Content-Type-Options
nosniff
Access-Control-Allow-Methods
GET, OPTIONS
Expires
-1
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
Date
Thu, 26 Sep 2024 18:10:24 GMT
Content-Type
image/png; charset=utf-8
Vary
Origin
Cache-Control
no-store, no-cache
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
Pragma
no-cache
WWW-Authenticate
Negotiate
Access-Control-Allow-Credentials
true
Referrer-Policy
strict-origin-when-cross-origin
x-ms-request-id
7b3598e3-b7f6-4f08-8c32-a5ee5ab1cf00
Access-Control-Allow-Origin
https://login.microsoftonline.com
Content-Length
12
X-XSS-Protection
0
favicon_a_eupayfgghqiai7k9sol6lg2.ico
aadcdn.msauth.net/shared/1.0/content/images/
17 KB
17 KB
Other
General
Full URL
https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::38 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/

Response headers

access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
etag
0x8D8731230C851A6
x-fd-int-roxy-purgeid
4554691
x-cache
TCP_HIT
date
Thu, 26 Sep 2024 18:10:24 GMT
content-type
image/x-icon
last-modified
Sun, 18 Oct 2020 03:02:03 GMT
cache-control
public, max-age=31536000
x-ms-request-id
eb14cb9b-401e-000b-236b-0b0790000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
17174
x-azure-ref
20240926T181024Z-r1566bc5897hfw6trpuxk2aysn00000009t0000000001zks
x-ms-blob-type
BlockBlob
dssostatus
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/66defc8fa2fad3a71308b4ef/o/common/instrumentation/
265 B
1 KB
XHR
General
Full URL
https://sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/66defc8fa2fad3a71308b4ef/o/common/instrumentation/dssostatus
Requested by
Host: aadcdn.msauth.net
URL: https://aadcdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_NXCGegEOpKB5nrI5GnSS3g2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::ac43:9113 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f7869c42919304263247835251d858ef6dc28a6c5b0af6331a1f4b1f78b4e26f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

hpgid
1104
Referer
https://sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/66defc8fa2fad3a71308b4ef/om/d29ya3BsYWNlfGRHRnVhWFZ0TG1OdmJRPT18VU9wcWpTakZZZkxzVHF1Rk1qUGN0bWtSVVhuc21lcU5LdnZvdVFXcEh3b1p1elBWbnRQdHU%3D
hpgact
1800
canary
PAQABDgEAAAApTwJmzXqdR4BN2miheQMYP4831mkaiHYFEKvzg8T4FsneN0DlJQmWPZaNMAbT7P5UqkS-ItuzGXSQE8uSt2b_3foRXhyPaHQAn5f_neyu5iUyiD1_EYUVsN9b-ejrOXzBkz2hTqpJ4KhGwuvcBJx6fzDV_TM04owcyV5W1At9SWoCiY_aZHhFiQZm3MdFxRTp4VKe7CAiirBtw56V4yW4u1lHQ2pB6ZK6Fj75GNvDAiAA
client-request-id
a2dc8fcd-a06e-0869-56f2-a2d0b1a13463
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/json
hpgrequestid
ba3db20d-b977-42d7-8fcb-085f778fab00
Content-type
application/json; charset=UTF-8

Response headers

content-encoding
gzip
cf-cache-status
DYNAMIC
x-ms-ests-server
2.1.18947.4 - WUS3 ProdSlices
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.google.net/api/report?catId=GW+estsfd+wst"}]}
access-control-allow-methods
GET, POST, DELETE, PUT, PATCH, OPTIONS
x-content-type-options
nosniff
expires
Mon, 25 Jul 1997 05:00:00 GMT
p3p
CP="DSP CUR OTPi IND OTRi ONL FIN"
date
Thu, 26 Sep 2024 18:10:25 GMT
content-type
application/json
vary
Origin, Origin, Accept-Encoding
access-control-allow-headers
auth,authkey , authvalue, Authorization, User-Agent, Keep-Alive, Content-Type, X-Requested-With
x-ms-srs
1.P
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
s-maxage=0
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
pragma
no-cache
access-control-allow-credentials
true
referrer-policy
strict-origin-when-cross-origin
x-ms-request-id
fe099479-6e4c-417e-9a33-2d1c84249400
cf-ray
8c9535e87f95435d-EWR
client-request-id
a2dc8fcd-a06e-0869-56f2-a2d0b1a13463
access-control-allow-origin
https://sanntafeapdovs.gygbbwqtxzhaltd.workers.dev
x-xss-protection
0
server
cloudflare
convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d.js
aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/
111 KB
35 KB
Script
General
Full URL
https://aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d.js
Requested by
Host: aadcdn.msauth.net
URL: https://aadcdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_NXCGegEOpKB5nrI5GnSS3g2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::38 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
ddd0bb1c19b3d2d045bfcde85d2020bba57854c887a6691b66dba3da1bb3afbe

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/

Response headers

access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCBD5317AEB807
x-ms-lease-status
unlocked
x-fd-int-roxy-purgeid
0
x-cache
TCP_HIT
date
Thu, 26 Sep 2024 18:10:24 GMT
content-type
application/x-javascript
last-modified
Thu, 15 Aug 2024 17:52:55 GMT
cache-control
public, max-age=31536000
x-ms-request-id
5789fc6f-701e-0003-7a6a-0b2232000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
35168
x-azure-ref
20240926T181024Z-r1566bc5897hfw6trpuxk2aysn00000009t0000000001zkz
x-ms-blob-type
BlockBlob
signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg
aadcdn.msauth.net/shared/1.0/content/images/
2 KB
1 KB
Image
General
Full URL
https://aadcdn.msauth.net/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::38 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/

Response headers

access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DB5C3F49ED96E0
x-ms-lease-status
unlocked
x-fd-int-roxy-purgeid
4554691
x-cache
TCP_HIT
date
Thu, 26 Sep 2024 18:10:24 GMT
content-type
image/svg+xml
last-modified
Wed, 24 May 2023 10:11:49 GMT
cache-control
public, max-age=31536000
x-ms-request-id
3057c5ee-201e-0021-0f6b-0be72d000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
621
x-azure-ref
20240926T181024Z-r1566bc5897hfw6trpuxk2aysn00000009t0000000001zm0
x-ms-blob-type
BlockBlob

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| $Config object| $Debug object| $Do function| $Loader object| $WebWatson function| GetString function| GetErrorString function| GetUrl object| $B object| ServerData object| webpackJsonp object| ko object| PROOF object| StringRepository object| Telemetry object| telemetry_webpackJsonp boolean| __ConvergedLogin_PCore boolean| __ boolean| __convergedlogin_pcustomizationloader_117b650bccea354984d8 boolean| __convergedlogin_pfetchsessionsprogress_d0a803279e7397bef834 boolean| __convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d

25 Cookies

Domain/Path Name / Value
.baidu.com/ Name: BAIDUID
Value: C3D6846B17A2FA27685541987099F655:FG=1
www.baidu.com/ Name: BDSVRTM
Value: 0
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/ Name: 0
Value: ClientId=EAF5795D7CFF4F2382656BC0C86FEA4A
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/ Name: 1
Value: ClientId=EAF5795D7CFF4F2382656BC0C86FEA4A
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/ Name: 2
Value: OIDC=1
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/ Name: 16
Value: OpenIdConnect.nonce.v3.Ykz_irYMka7xBzi-I72qRCGuADy4WRU_IjBVAvLQDt4=638629710234197413.d0bf77c1-e823-4376-80e9-b5668779438c
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/ Name: 20
Value: ClientId=EAF5795D7CFF4F2382656BC0C86FEA4A
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/ Name: 21
Value: OIDC=1
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/ Name: 35
Value: OpenIdConnect.nonce.v3.Ykz_irYMka7xBzi-I72qRCGuADy4WRU_IjBVAvLQDt4=638629710234197413.d0bf77c1-e823-4376-80e9-b5668779438c
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/ Name: 39
Value: X-OWA-RedirectHistory=ArLym14BpR2FfVbe3Ag
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/ Name: buid
Value: 0.AQMAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYbgXig4V67JlEpKzJ3p28mR4JwvyzjsGBlN2a7hsKrEBUt4_KIFbfa91enz4q2Ff1kl2zXN9FJIJm57nWCfEpjiy5d9oT3hZ3J8alXcd7SDwgAA
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/ Name: esctx
Value: PAQABBwEAAAApTwJmzXqdR4BN2miheQMYOm3-Yf0E5jIXf8drGnqSA3mA_2uceb6mOZt0y2Stg101lODNjaXfqjaCvhiO48xgDdX8M5JiaAfdM-BPJkWtG2-gvuxHIc_iC1AQz8wROuzxltDPTACKO-q798C0B3SY6MkKHNAJ7CZrtweNhZEbPmEBBTMSJ4Hf1S5woESg20sgAA
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/ Name: esctx-kdgGzY40ODI
Value: AQABCQEAAAApTwJmzXqdR4BN2miheQMYOlTZpyO54Vki-0zlQqG3GhOYyBPt4gbeJ9tiB6Mq-bHYcVPh5Je2Dhs9uO1H4tOVOq4IdrpGvxvNR4WMOG6KzCGIWFevz5-G60E0coiAdPx166eReKHaSmkUIrjVsLGHw041IVFI7ZDWThG0fpi3ByAA
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/ Name: fpc
Value: AkZ7smsb_05MuboRcpOZ3UCerOTJAQAAAI-ah94OAAAA
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/ Name: x-ms-gateway-slice
Value: estsfd
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/ Name: stsservicecookie
Value: estsfd
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/ Name: appdfmd5naosiz309213
Value: d29ya3BsYWNlQHRhbml1bS5jb20=
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/ Name: uaid
Value: 0a53572c505f45ba8f1b20c361fee2f7
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/ Name: MSPRequ
Value: id=N&lt=1727374224&co=1
.sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/ Name: brcap
Value: 0
outlook.office365.com/ Name: ClientId
Value: F4C339BB8AD14259AF829545E406ADF5
outlook.office365.com/ Name: OIDC
Value: 1
autologon.microsoftazuread-sso.com/ Name: fpc
Value: ApFfubuYvA9LvXPBM-qhRBs
autologon.microsoftazuread-sso.com/ Name: x-ms-gateway-slice
Value: estsfd
autologon.microsoftazuread-sso.com/ Name: stsservicecookie
Value: estsfd

2 Console Messages

Source Level URL
Text
network error URL: https://autologon.microsoftazuread-sso.com/tanium.com/winauth/ssoprobe?client-request-id=a2dc8fcd-a06e-0869-56f2-a2d0b1a13463&_=1727374224467
Message:
Failed to load resource: the server responded with a status of 401 (Unauthorized)
recommendation verbose URL: https://sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/66defc8fa2fad3a71308b4ef/om/d29ya3BsYWNlfGRHRnVhWFZ0TG1OdmJRPT18VU9wcWpTakZZZkxzVHF1Rk1qUGN0bWtSVVhuc21lcU5LdnZvdVFXcEh3b1p1elBWbnRQdHU%3D
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Xss-Protection 1;mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aadcdn.msauth.net
autologon.microsoftazuread-sso.com
damondavis.com
outlook.office365.com
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev
www.baidu.com
103.235.46.96
162.241.156.147
2603:1036:302:4832::2
2603:1037:1:128::8
2606:4700:3037::ac43:9113
2620:1ec:bdf::38
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
06441f14802cc6f59462c0bffde05e28352d93cc9f2f2dde6bac98fd8709cb22
11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d
1f8ceb44fe7cfcf7e71dbd5122210335ca3821d697a851d2900b95af7d92d69d
729b9bf98f3edbbbe47c947a08b87b8f434a2e9277230b12129889787fe3c507
81188e8a76162c79db4a5c10ac933c9e874c5b9eae10e47956ad9df704e01b28
8737d721808655f37b333f08a90185699e7e8b9bdaaa15cdb63c8448b426f95d
8b34a475187302935336bf43a2bf2a4e0adb9a1e87953ea51f6fcf0ef52a4a1d
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
a46201581a7c7c667fd42787cd1e9adf2f6bf809efb7596e61a03e8dba9ada13
bc6804d058d5bd5b24fc04e479fc8973bef5d3efeafaa9c19c60a009bf0fac0b
c3ace94f0fb4e03509df7fc557a51de3f258c86fd6fcd39392b10cc19002a1c1
d089c8a9fc28e4e50223eb38c9409e362521be9380a37341304fbac7a4cd9e5f
d8f5ab3e00202fd3b45be1acd95d677b137064001e171bc79b06826d98f1e1d3
da4a8df0c326292b5bee9c732b3c962fd67aaf2f99d850f1bf65068d573c5619
ddd0bb1c19b3d2d045bfcde85d2020bba57854c887a6691b66dba3da1bb3afbe
de173797dc0406d35110861ad99f2e7804696a037d6cf88a3db3d063ea53a595
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4e1e65871749d18aea150643c07e0aab2057da057c6c57ec1c3c43580e1c898
f7869c42919304263247835251d858ef6dc28a6c5b0af6331a1f4b1f78b4e26f