ocprq.swifthired.com Open in urlscan Pro
77.37.120.251 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://multi-trustorg39222.online/
Effective URL:
https://ocprq.swifthired.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%...
Submission Tags: @ecarlesi opendir Search All
Submission: On August 08 via api (August 8th 2024, 6:26:58 pm UTC) from IT — Scanned from IT

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 10 HTTP transactions. The main IP is 77.37.120.251, located in Paris, France and belongs to ACCELERATED-IT, DE. The main domain is ocprq.swifthired.com.
TLS certificate: Issued by R10 on July 26th 2024. Valid for: 3 months.

This is the only time ocprq.swifthired.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3 3	198.187.29.4 198.187.29.4	22612 (NAMECHEAP...) (NAMECHEAP-NET)
4 12	77.37.120.251 77.37.120.251	31400 (ACCELERAT...) (ACCELERATED-IT)
10	2

3 198.187.29.4 (United States) 3 redirects

ASN22612 (NAMECHEAP-NET, US)
PTR: server263-1.web-hosting.com

multi-trustorg39222.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 77.37.120.251 (Paris, France) 4 redirects

ASN31400 (ACCELERATED-IT, DE)
PTR: srv570301.hstgr.cloud

meheff.swifthired.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mejeff.swifthired.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ocprq.swifthired.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
hrvetbr.swifthired.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
htejre.swifthired.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	swifthired.com 4 redirects meheff.swifthired.com mejeff.swifthired.com ocprq.swifthired.com hrvetbr.swifthired.com htejre.swifthired.com jrhte.swifthired.com Failed	986 KB
3	multi-trustorg39222.online 3 redirects multi-trustorg39222.online	1 KB
10	2

	Domain	Requested by
6	htejre.swifthired.com	ocprq.swifthired.com htejre.swifthired.com
3	multi-trustorg39222.online	3 redirects
2	mejeff.swifthired.com	2 redirects
2	meheff.swifthired.com	2 redirects
1	hrvetbr.swifthired.com	ocprq.swifthired.com
1	ocprq.swifthired.com
0	jrhte.swifthired.com Failed	ocprq.swifthired.com
10	7

This site contains no links.

Subject Issuer	Validity	Valid
ocprq.swifthired.com R10	`2024-07-26` - `2024-10-24`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://ocprq.swifthired.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=809351f3-a93b-a0d6-979c-fbc5ac84d8f9&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638587384118726071.877a78f4-0bd8-4c21-b542-7d3b867ecbe4&state=DcsxFoAgDARR0OdxIgQCm-sQwNbS65viTzcxhHC6w8XsCehVm6KqMCtKz-BbgQF9hLItJZmFyZoUwqqmHXvalujvld5vpB8
Frame ID: 36C29B156A3AEF10056ED23DD7E97982
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Accedi a Outlook

Page URL History Show full URLs

http://multi-trustorg39222.online/ HTTP 307
https://multi-trustorg39222.online/ HTTP 301
https://meheff.swifthired.com/caCtRunv HTTP 302
https://mejeff.swifthired.com/owa/ HTTP 302
https://ocprq.swifthired.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redir... HTTP 307
http://multi-trustorg39222.online/ HTTP 301
https://multi-trustorg39222.online/ HTTP 301
https://meheff.swifthired.com/caCtRunv HTTP 302
https://mejeff.swifthired.com/owa/ HTTP 302
https://ocprq.swifthired.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redir... Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

10
Requests

80 %
HTTPS

0 %
IPv6

2
Domains

7
Subdomains

2
IPs

2
Countries

974 kB
Transfer

967 kB
Size

15
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://multi-trustorg39222.online/ HTTP 307
https://multi-trustorg39222.online/ HTTP 301
https://meheff.swifthired.com/caCtRunv HTTP 302
https://mejeff.swifthired.com/owa/ HTTP 302
https://ocprq.swifthired.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=e17c7d20-dcd6-0c2b-d295-325f014d29e6&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638587384096183320.2fe144b0-5c63-4991-b620-0885297eef8f&state=DcsxEoAwCABBouNzMAQIgeeok7SWfl-Kve4KAOxpS4UyMEy8-xBXCmsuwnTymk31JuyPCWpEw9uYkNw7x5hz-Sr5HvX9rvoD HTTP 307
http://multi-trustorg39222.online/ HTTP 301
https://multi-trustorg39222.online/ HTTP 301
https://meheff.swifthired.com/caCtRunv HTTP 302
https://mejeff.swifthired.com/owa/ HTTP 302
https://ocprq.swifthired.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=809351f3-a93b-a0d6-979c-fbc5ac84d8f9&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638587384118726071.877a78f4-0bd8-4c21-b542-7d3b867ecbe4&state=DcsxFoAgDARR0OdxIgQCm-sQwNbS65viTzcxhHC6w8XsCehVm6KqMCtKz-BbgQF9hLItJZmFyZoUwqqmHXvalujvld5vpB8 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request authorize Show response ocprq.swifthired.com/common/oauth2/ Redirect Chain http://multi-trustorg39222.online/ https://multi-trustorg39222.online/ https://meheff.swifthired.com/caCtRunv https://mejeff.swifthired.com/owa/ https://ocprq.swifthired.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000... http://multi-trustorg39222.online/ https://multi-trustorg39222.online/ https://meheff.swifthired.com/caCtRunv https://mejeff.swifthired.com/owa/ https://ocprq.swifthired.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000...	44 KB 46 KB	521ms 521ms	Document text/html	77.37.120.251 ACCELERATED-IT
General Check archive.org Show headers Download Go to Full URL https://ocprq.swifthired.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=809351f3-a93b-a0d6-979c-fbc5ac84d8f9&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638587384118726071.877a78f4-0bd8-4c21-b542-7d3b867ecbe4&state=DcsxFoAgDARR0OdxIgQCm-sQwNbS65viTzcxhHC6w8XsCehVm6KqMCtKz-BbgQF9hLItJZmFyZoUwqqmHXvalujvld5vpB8 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 77.37.120.251 Paris, France, ASN31400 (ACCELERATED-IT, DE), Reverse DNS srv570301.hstgr.cloud Software / Resource Hash `6005128ecbeb1c4d4b42f29a5a7d96cbb23ca3cc7febb2c9966de70796c0639e` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers Cache-Control no-store, no-cache Connection close Content-Type text/html; charset=utf-8 Date Thu, 08 Aug 2024 18:26:51 GMT Expires -1 Link <https://aadcdn.msftauth.net>; rel=preconnect; crossorigin,<https://aadcdn.msftauth.net>; rel=dns-prefetch,<https://aadcdn.msauth.net>; rel=dns-prefetch Nel {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} P3p CP="DSP CUR OTPi IND OTRi ONL FIN" Pragma no-cache Referrer-Policy strict-origin-when-cross-origin Report-To {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+dub2"}]} Transfer-Encoding chunked Vary Accept-Encoding X-Dns-Prefetch-Control on X-Ms-Ests-Server 2.1.18708.3 - WEULR1 ProdSlices X-Ms-Request-Id 5dd9db20-1dfa-461c-88a7-862ede181100 X-Ms-Srs 1.P Redirect headers Alt-Svc h3=":443";ma=2592000,h3-29=":443";ma=2592000 Connection close Content-Type text/html; charset=utf-8 Date Thu, 08 Aug 2024 18:26:51 GMT Location https://ocprq.swifthired.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=809351f3-a93b-a0d6-979c-fbc5ac84d8f9&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638587384118726071.877a78f4-0bd8-4c21-b542-7d3b867ecbe4&state=DcsxFoAgDARR0OdxIgQCm-sQwNbS65viTzcxhHC6w8XsCehVm6KqMCtKz-BbgQF9hLItJZmFyZoUwqqmHXvalujvld5vpB8 Nel {"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01} P3p CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Report-To {"group":"NelOfficeUpload1","max_age":7200,"endpoints":[{"url":"https://exo.nel.measure.office.net/api/report?TenantId=&FrontEnd=Cafe&DestinationEndpoint=ORY&RemoteIP=2a02:4780:28::&Environment=MT"}],"include_subdomains":true} Request-Id 809351f3-a93b-a0d6-979c-fbc5ac84d8f9 Server Microsoft-IIS/10.0 Transfer-Encoding chunked X-Backend-Begin 2024-08-08T18:26:51.872 X-Backend-End 2024-08-08T18:26:51.872 X-Backendhttpstatus 302 302 X-Beserver PARP264MB4749 X-Besku WCS7 X-Calculatedbetarget PARP264MB4749.FRAP264.PROD.OUTLOOK.COM X-Calculatedfetarget PR1P264CU003.internal.outlook.com X-Diaginfo PARP264MB4749 X-Feefzinfo ORY X-Feproxyinfo PAZP264CA0079.FRAP264.PROD.OUTLOOK.COM X-Feserver PR1P264CA0050 PAZP264CA0079 X-Firsthopcafeefz ORY X-Owa-Diagnosticsinfo 4;0;0; X-Proxy-Backendserverstatus 302 X-Proxy-Routingcorrectness 1 X-Rum-Notupdatequerieddbcopy 1 X-Rum-Notupdatequeriedpath 1 X-Rum-Validated 1 X-Ua-Compatible IE=EmulateIE7
GET H/1.1	200 OK	Me.htm hrvetbr.swifthired.com/	0 0	1662ms 1142ms	Other text/html	77.37.120.251 ACCELERATED-IT
General Check archive.org Show headers Download Go to Full URL https://hrvetbr.swifthired.com/Me.htm?v=3 Requested by Host: ocprq.swifthired.com URL: https://ocprq.swifthired.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=809351f3-a93b-a0d6-979c-fbc5ac84d8f9&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638587384118726071.877a78f4-0bd8-4c21-b542-7d3b867ecbe4&state=DcsxFoAgDARR0OdxIgQCm-sQwNbS65viTzcxhHC6w8XsCehVm6KqMCtKz-BbgQF9hLItJZmFyZoUwqqmHXvalujvld5vpB8 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 77.37.120.251 Paris, France, ASN31400 (ACCELERATED-IT, DE), Reverse DNS srv570301.hstgr.cloud Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer https://ocprq.swifthired.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers
GET H/1.1	200 OK	converged.v2.login.min_qzvqnltrxpy99ajspyxbgq2.css htejre.swifthired.com/ests/2.1/content/cdnbundles/	111 KB 111 KB	837ms 409ms	Stylesheet text/css	77.37.120.251 ACCELERATED-IT
General Check archive.org Show headers Download Go to Full URL https://htejre.swifthired.com/ests/2.1/content/cdnbundles/converged.v2.login.min_qzvqnltrxpy99ajspyxbgq2.css Requested by Host: ocprq.swifthired.com URL: https://ocprq.swifthired.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=809351f3-a93b-a0d6-979c-fbc5ac84d8f9&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638587384118726071.877a78f4-0bd8-4c21-b542-7d3b867ecbe4&state=DcsxFoAgDARR0OdxIgQCm-sQwNbS65viTzcxhHC6w8XsCehVm6KqMCtKz-BbgQF9hLItJZmFyZoUwqqmHXvalujvld5vpB8 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 77.37.120.251 Paris, France, ASN31400 (ACCELERATED-IT, DE), Reverse DNS srv570301.hstgr.cloud Software ECAcc (paa/6F56) / Resource Hash `1f8ceb44fe7cfcf7e71dbd5122210335ca3821d697a851d2900b95af7d92d69d` Request headers Referer https://ocprq.swifthired.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers X-Ms-Blob-Type BlockBlob Date Thu, 08 Aug 2024 18:26:53 GMT Content-Md5 SJgdPPV+fFjKfj6FHvk1Tg== Age 3017048 Transfer-Encoding chunked X-Cache HIT Connection close X-Ms-Lease-Status unlocked Last-Modified Wed, 03 Jul 2024 21:49:46 GMT Server ECAcc (paa/6F56) Etag 0x8DC9BAA0E5931F9 Vary Accept-Encoding Content-Type text/css Access-Control-Allow-Origin * X-Ms-Request-Id a118d96c-901e-00e2-294f-ce1955000000 Access-Control-Expose-Headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Cache-Control public, max-age=31536000 X-Ms-Version 2009-09-19 Accept-Ranges bytes
GET H/1.1	200 OK	ConvergedLogin_PCore_CCN0bXNsyKGzo-is1AL9Ow2.js Show response htejre.swifthired.com/shared/1.0/content/js/	439 KB 440 KB	1047ms 557ms	Script application/x-javascript	77.37.120.251 ACCELERATED-IT
General Check archive.org Show headers Download Go to Full URL https://htejre.swifthired.com/shared/1.0/content/js/ConvergedLogin_PCore_CCN0bXNsyKGzo-is1AL9Ow2.js Requested by Host: ocprq.swifthired.com URL: https://ocprq.swifthired.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=809351f3-a93b-a0d6-979c-fbc5ac84d8f9&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638587384118726071.877a78f4-0bd8-4c21-b542-7d3b867ecbe4&state=DcsxFoAgDARR0OdxIgQCm-sQwNbS65viTzcxhHC6w8XsCehVm6KqMCtKz-BbgQF9hLItJZmFyZoUwqqmHXvalujvld5vpB8 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 77.37.120.251 Paris, France, ASN31400 (ACCELERATED-IT, DE), Reverse DNS srv570301.hstgr.cloud Software ECAcc (paa/6F60) / Resource Hash `d684dcc83ff4e8f0c6da570748f3187c60652c6b55d7b4d2924e0e349617ba7f` Request headers Referer https://ocprq.swifthired.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers X-Ms-Blob-Type BlockBlob Date Thu, 08 Aug 2024 18:26:53 GMT Content-Md5 Frn0XzMc+H86kbdaK2dLCw== Age 858984 Transfer-Encoding chunked X-Cache HIT Connection close X-Ms-Lease-Status unlocked Last-Modified Fri, 26 Jul 2024 22:42:05 GMT Server ECAcc (paa/6F60) Etag 0x8DCADC42C99165A Vary Accept-Encoding Content-Type application/x-javascript Access-Control-Allow-Origin * X-Ms-Request-Id d7c2e4db-a01e-008f-4cf0-e1dda4000000 Access-Control-Expose-Headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Cache-Control public, max-age=31536000 X-Ms-Version 2009-09-19 Accept-Ranges bytes
GET H/1.1	200 OK	ux.converged.login.strings-it.min_h8sqvfq_m4kf24yzjzwbmg2.js Show response htejre.swifthired.com/ests/2.1/content/cdnbundles/	59 KB 60 KB	949ms 464ms	Script application/x-javascript	77.37.120.251 ACCELERATED-IT
General Check archive.org Show headers Download Go to Full URL https://htejre.swifthired.com/ests/2.1/content/cdnbundles/ux.converged.login.strings-it.min_h8sqvfq_m4kf24yzjzwbmg2.js Requested by Host: ocprq.swifthired.com URL: https://ocprq.swifthired.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=809351f3-a93b-a0d6-979c-fbc5ac84d8f9&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638587384118726071.877a78f4-0bd8-4c21-b542-7d3b867ecbe4&state=DcsxFoAgDARR0OdxIgQCm-sQwNbS65viTzcxhHC6w8XsCehVm6KqMCtKz-BbgQF9hLItJZmFyZoUwqqmHXvalujvld5vpB8 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 77.37.120.251 Paris, France, ASN31400 (ACCELERATED-IT, DE), Reverse DNS srv570301.hstgr.cloud Software ECAcc (paa/6F14) / Resource Hash `4e2897766a1f9b2b1fa7fe2cd44a9be27eec880b1eb99785ba2bc8e6a835c219` Request headers Referer https://ocprq.swifthired.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers X-Ms-Blob-Type BlockBlob Date Thu, 08 Aug 2024 18:26:53 GMT Content-Md5 x26AjtfflDFldSBJiDsPuQ== Age 705502 Transfer-Encoding chunked X-Cache HIT Connection close X-Ms-Lease-Status unlocked Last-Modified Sun, 28 Jul 2024 07:39:55 GMT Server ECAcc (paa/6F14) Etag 0x8DCAED8797CEEC9 Vary Accept-Encoding Content-Type application/x-javascript Access-Control-Allow-Origin * X-Ms-Request-Id c2f05a65-501e-00fc-7055-e31bd5000000 Access-Control-Expose-Headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Cache-Control public, max-age=31536000 X-Ms-Version 2009-09-19 Accept-Ranges bytes
GET H/1.1	200 OK	oneDs_f2e0f4a029670f10d892.js Show response htejre.swifthired.com/shared/1.0/content/js/	186 KB 186 KB	929ms 504ms	Script application/x-javascript	77.37.120.251 ACCELERATED-IT
General Check archive.org Show headers Download Go to Full URL https://htejre.swifthired.com/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js Requested by Host: htejre.swifthired.com URL: https://htejre.swifthired.com/shared/1.0/content/js/ConvergedLogin_PCore_CCN0bXNsyKGzo-is1AL9Ow2.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 77.37.120.251 Paris, France, ASN31400 (ACCELERATED-IT, DE), Reverse DNS srv570301.hstgr.cloud Software ECAcc (paa/6F53) / Resource Hash `8405362eb8f09df13ae244de155b51b1577274673d9728b6c81cd0278a63c8b0` Request headers Referer https://ocprq.swifthired.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers X-Ms-Blob-Type BlockBlob Date Thu, 08 Aug 2024 18:26:55 GMT Content-Md5 wegr9xrdYirQ87+FcvY0/A== Age 11807664 Transfer-Encoding chunked X-Cache HIT Connection close X-Ms-Lease-Status unlocked Last-Modified Thu, 25 May 2023 17:22:37 GMT Server ECAcc (paa/6F53) Etag 0x8DB5D44A2CEB430 Vary Accept-Encoding Content-Type application/x-javascript Access-Control-Allow-Origin * X-Ms-Request-Id 2230c8de-b01e-0020-515c-7ecb15000000 Access-Control-Expose-Headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Cache-Control public, max-age=31536000 X-Ms-Version 2009-09-19 Accept-Ranges bytes
GET H/1.1	200 OK	watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js Show response htejre.swifthired.com/ests/2.1/content/cdnbundles/	117 KB 118 KB	950ms 479ms	Script application/x-javascript	77.37.120.251 ACCELERATED-IT
General Check archive.org Show headers Download Go to Full URL https://htejre.swifthired.com/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js Requested by Host: ocprq.swifthired.com URL: https://ocprq.swifthired.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=809351f3-a93b-a0d6-979c-fbc5ac84d8f9&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638587384118726071.877a78f4-0bd8-4c21-b542-7d3b867ecbe4&state=DcsxFoAgDARR0OdxIgQCm-sQwNbS65viTzcxhHC6w8XsCehVm6KqMCtKz-BbgQF9hLItJZmFyZoUwqqmHXvalujvld5vpB8 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 77.37.120.251 Paris, France, ASN31400 (ACCELERATED-IT, DE), Reverse DNS srv570301.hstgr.cloud Software ECAcc (paa/6F5C) / Resource Hash `df2aa8537c1992c94846a0ffffaa9031d430d9d0210b9e396ec059aff62627e0` Request headers Referer https://ocprq.swifthired.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers X-Ms-Blob-Type BlockBlob Date Thu, 08 Aug 2024 18:26:56 GMT Content-Md5 HWW92uTq7vx3y5z+zFZbXQ== Age 11807714 Transfer-Encoding chunked X-Cache HIT Connection close X-Ms-Lease-Status unlocked Last-Modified Fri, 26 Feb 2021 06:18:37 GMT Server ECAcc (paa/6F5C) Etag 0x8D8DA1E5A71125A Vary Accept-Encoding Content-Type application/x-javascript Access-Control-Allow-Origin * X-Ms-Request-Id 1949424e-001e-0077-495c-7e7928000000 Access-Control-Expose-Headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Cache-Control public, max-age=31536000 X-Ms-Version 2009-09-19 Accept-Ranges bytes
GET H/1.1	200 OK	frameworksupport.min_oadrnc13magb009k4d20lg2.js Show response htejre.swifthired.com/ests/2.1/content/cdnbundles/	12 KB 12 KB	897ms 454ms	Script application/x-javascript	77.37.120.251 ACCELERATED-IT
General Check archive.org Show headers Download Go to Full URL https://htejre.swifthired.com/ests/2.1/content/cdnbundles/frameworksupport.min_oadrnc13magb009k4d20lg2.js Requested by Host: ocprq.swifthired.com URL: https://ocprq.swifthired.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=809351f3-a93b-a0d6-979c-fbc5ac84d8f9&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638587384118726071.877a78f4-0bd8-4c21-b542-7d3b867ecbe4&state=DcsxFoAgDARR0OdxIgQCm-sQwNbS65viTzcxhHC6w8XsCehVm6KqMCtKz-BbgQF9hLItJZmFyZoUwqqmHXvalujvld5vpB8 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 77.37.120.251 Paris, France, ASN31400 (ACCELERATED-IT, DE), Reverse DNS srv570301.hstgr.cloud Software ECAcc (paa/6F35) / Resource Hash `c8cef105fcaf7cbf3f8682c861045505c24d41cf6686c20c1c03e14031a3db69` Request headers Referer https://ocprq.swifthired.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers X-Ms-Blob-Type BlockBlob Date Thu, 08 Aug 2024 18:26:57 GMT Content-Md5 A8dgUeRfi6/VknMbox6Cuw== Age 11894734 Transfer-Encoding chunked X-Cache HIT Connection close X-Ms-Lease-Status unlocked Last-Modified Thu, 22 Oct 2020 20:43:24 GMT Server ECAcc (paa/6F35) Etag 0x8D876CB1F3EA0D9 Vary Accept-Encoding Content-Type application/x-javascript Access-Control-Allow-Origin * X-Ms-Request-Id d6f61876-b01e-00a4-1491-7d3048000000 Access-Control-Expose-Headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Cache-Control public, max-age=31536000 X-Ms-Version 2009-09-19 Accept-Ranges bytes
GET		watson.min_q5ptmu8aniymd4ftuqdkda2.js htejre.swifthired.com/ests/2.1/content/cdnbundles/	0 0

GET		watson.min_q5ptmu8aniymd4ftuqdkda2.js jrhte.swifthired.com/ests/2.1/content/cdnbundles/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: htejre.swifthired.com
URL: https://htejre.swifthired.com/ests/2.1/content/cdnbundles/watson.min_q5ptmu8aniymd4ftuqdkda2.js

Domain: jrhte.swifthired.com
URL: https://jrhte.swifthired.com/ests/2.1/content/cdnbundles/watson.min_q5ptmu8aniymd4ftuqdkda2.js

Verdicts & Comments Add Verdict or Comment

28 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

15 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.swifthired.com/	1970-01-20 22:39:05	Name: yHVi Value: 455b77f841ac8b11ec8774f84aafa2c570770ffc4ecf7bfead5e1a5595e24f99
mejeff.swifthired.com/	1970-01-21 07:24:37	Name: ClientId Value: FEAFD0D6187A401889C47E5D9921224C
mejeff.swifthired.com/	1970-01-21 03:03:59	Name: OIDC Value: 1
mejeff.swifthired.com/	1970-01-20 22:39:05	Name: OpenIdConnect.nonce.v3.S1rurhH6AToGFvnK2fKpwER63-HAe3CmOPCo6gkp1dY Value: 638587384096183320.2fe144b0-5c63-4991-b620-0885297eef8f
mejeff.swifthired.com/	1970-01-20 22:39:05	Name: OpenIdConnect.nonce.v3.3GMh4h0lDIJZ_peLlM6DwLfw3Fm6nQFj0DT9gYnr4qs Value: 638587384118726071.877a78f4-0bd8-4c21-b542-7d3b867ecbe4
mejeff.swifthired.com/	1970-01-20 22:39:23	Name: X-OWA-RedirectHistory Value: ArLym14Bt01xrNe33Ag\|ArLym14BGFQZq9e33Ag
ocprq.swifthired.com/	1970-01-20 23:22:13	Name: buid Value: 0.AXkAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYFMuX6WGuM3H2Gnub_zOs_m3MHePwFxIeCxWxqJyztlA4OVavMRF4sNGhIbfXYjByHBLpQyzlrPx9DL3Mfgn9dEghtMlYOhGQjmpWxEYr424gAA
.ocprq.swifthired.com/	1969-12-31 23:59:59	Name: esctx Value: PAQABBwEAAAApTwJmzXqdR4BN2miheQMY0UNWekhFs6IiP2slBRx5ZdnltFZ6e1A_tf7s0sknVDvO-vD87FjDloPxBja4zVe3qkh7x2E9y7rLrXe4hhqBtRkPeAybq2nQ--XtA6dUKtyGdt9heglPCDBxC8ncqQ0vJwm883tT6A549xmEa41unckB7-N5vi5J3gcrLD6R0h4gAA
.ocprq.swifthired.com/	1969-12-31 23:59:59	Name: esctx-JFTHLinpb48 Value: AQABCQEAAAApTwJmzXqdR4BN2miheQMY7IJe7yz0gC5264Il85n61WJs5aFXTP4K6QN8Lia9mV78hzBWQ-HzGMPjsmGkf98SVOYlvLIXthSNYsVLKzxmXQ9ZprXzTTtyIcKVC9KR42eeSKEzeacGTxXcWKLNlC0ttPVSiHZ8G0qBC55J1Pt2niAA
ocprq.swifthired.com/	1970-01-20 23:22:13	Name: fpc Value: Ami96j_M_ntIhistqOjEjgmerOTJAQAAAOwER94OAAAA
ocprq.swifthired.com/	1969-12-31 23:59:59	Name: x-ms-gateway-slice Value: estsfd
ocprq.swifthired.com/	1969-12-31 23:59:59	Name: stsservicecookie Value: estsfd
.hrvetbr.swifthired.com/	1969-12-31 23:59:59	Name: uaid Value: d1a8b2d9c1cd4285aa456cb37656bd51
.hrvetbr.swifthired.com/	1969-12-31 23:59:59	Name: MSPRequ Value: id=N&lt=1723141614&co=1
ocprq.swifthired.com/	1970-01-21 07:24:37	Name: MicrosoftApplicationsTelemetryDeviceId Value: 47ff5272-df90-4662-be53-eba8b39aff0a

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

hrvetbr.swifthired.com
htejre.swifthired.com
jrhte.swifthired.com
meheff.swifthired.com
mejeff.swifthired.com
multi-trustorg39222.online
ocprq.swifthired.com
htejre.swifthired.com
jrhte.swifthired.com
198.187.29.4
77.37.120.251
1f8ceb44fe7cfcf7e71dbd5122210335ca3821d697a851d2900b95af7d92d69d
4e2897766a1f9b2b1fa7fe2cd44a9be27eec880b1eb99785ba2bc8e6a835c219
6005128ecbeb1c4d4b42f29a5a7d96cbb23ca3cc7febb2c9966de70796c0639e
8405362eb8f09df13ae244de155b51b1577274673d9728b6c81cd0278a63c8b0
c8cef105fcaf7cbf3f8682c861045505c24d41cf6686c20c1c03e14031a3db69
d684dcc83ff4e8f0c6da570748f3187c60652c6b55d7b4d2924e0e349617ba7f
df2aa8537c1992c94846a0ffffaa9031d430d9d0210b9e396ec059aff62627e0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

ocprq.swifthired.com Open in urlscan Pro 77.37.120.251 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

10 Requests

80 %HTTPS

0 %IPv6

2 Domains

7 Subdomains

2 IPs

2 Countries

974 kBTransfer

967 kBSize

15 Cookies

0 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

28 JavaScript Global Variables

15 Cookies

Indicators

ocprq.swifthired.com Open in urlscan Pro
77.37.120.251 Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

80 %
HTTPS

0 %
IPv6

2
Domains

7
Subdomains

2
IPs

2
Countries

974 kB
Transfer

967 kB
Size

15
Cookies

10 HTTP transactions
0 data transactions