nowwafsxd.com Open in urlscan Pro
162.241.29.244  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
4 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request officex.html Show response nowwafsxd.com/eFax/	680 KB 680 KB	349ms 303ms	Document text/html	162.241.29.244 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL http://nowwafsxd.com/eFax/officex.html Protocol HTTP/1.1 Server 162.241.29.244 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-241-29-244.unifiedlayer.com Software Apache / Resource Hash 7abf5b84a98f4b2bf323d811c921fcf86f48f29c7c1642a2c32e73ecd06a13c3 Request headers Host nowwafsxd.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Mon, 08 Jun 2020 17:27:47 GMT Server Apache Last-Modified Fri, 22 May 2020 03:55:10 GMT Accept-Ranges bytes Content-Length 696487 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html
GET H2	200	segoeui_light.woff2 blobs.officehome.msocdn.com/versionless/webfonts/	10 KB 11 KB	299ms 69ms	Font application/octet-stream	72.247.226.78 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://blobs.officehome.msocdn.com/versionless/webfonts/segoeui_light.woff2 Requested by Host: nowwafsxd.com URL: http://nowwafsxd.com/eFax/officex.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 72.247.226.78 , United States, ASN16625 (AKAMAI-AS, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash 57febfbad63b722a38bc668e67bc7c2dc02eca221f26db3a9303c1bd584a1a42 Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer http://nowwafsxd.com/eFax/officex.html Origin http://nowwafsxd.com Response headers x-ms-blob-type BlockBlob date Mon, 08 Jun 2020 17:27:48 GMT content-md5 jhYGMsSK0ePQ6fQzRjYIaw== status 200 x-cache-start 1581246712 content-length 10544 x-ms-lease-status unlocked last-modified Tue, 24 Sep 2019 17:42:02 GMT server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 etag 0x8D741168264A7C3 content-type application/octet-stream access-control-allow-origin * x-ms-request-id dd821a4d-601e-0117-7f39-dff1da000000 access-control-expose-headers content-length x-ms-version 2009-09-19 timing-allow-origin *
GET H2	200	segoeui_regular.woff2 blobs.officehome.msocdn.com/versionless/webfonts/	11 KB 11 KB	303ms 74ms	Font application/octet-stream	72.247.226.78 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://blobs.officehome.msocdn.com/versionless/webfonts/segoeui_regular.woff2 Requested by Host: nowwafsxd.com URL: http://nowwafsxd.com/eFax/officex.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 72.247.226.78 , United States, ASN16625 (AKAMAI-AS, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash bb232fd09a6696ce21ec10a43b89933e12ad866dfde30a4a6a08e08082e6557d Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer http://nowwafsxd.com/eFax/officex.html Origin http://nowwafsxd.com Response headers x-ms-blob-type BlockBlob date Mon, 08 Jun 2020 17:27:48 GMT x-cdn 1304 content-md5 kGunTB96T9QhdOD1j608lQ== status 200 x-cache-start 1581245396, 1581246700 content-length 11100 x-ms-lease-status unlocked last-modified Tue, 24 Sep 2019 17:42:03 GMT server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 etag 0x8D741168290EFD0 content-type application/octet-stream access-control-allow-origin * x-ms-request-id a5f493bb-901e-00a7-5736-df4e0f000000 access-control-expose-headers content-length x-ms-version 2009-09-19 timing-allow-origin *
GET H2	200	segoeui_semibold.woff2 blobs.officehome.msocdn.com/versionless/webfonts/	11 KB 12 KB	348ms 120ms	Font application/octet-stream	72.247.226.78 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://blobs.officehome.msocdn.com/versionless/webfonts/segoeui_semibold.woff2 Requested by Host: nowwafsxd.com URL: http://nowwafsxd.com/eFax/officex.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 72.247.226.78 , United States, ASN16625 (AKAMAI-AS, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash 2cd3ef7b5b677b7827bfbe5b926a283e7ca687ddb6b021fa4289630671ebd061 Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer http://nowwafsxd.com/eFax/officex.html Origin http://nowwafsxd.com Response headers x-ms-blob-type BlockBlob date Mon, 08 Jun 2020 17:27:48 GMT x-cdn 1304 content-md5 2sc9x7HrNc02DaQWSN4HKw== status 200 x-cache-start 1581245396, 1581246700 content-length 11356 x-ms-lease-status unlocked last-modified Tue, 24 Sep 2019 17:42:02 GMT server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 etag 0x8D74116825A93D1 content-type application/octet-stream access-control-allow-origin * x-ms-request-id 27b96501-901e-00c1-1436-dffc55000000 access-control-expose-headers content-length x-ms-version 2009-09-19 timing-allow-origin *
GET H2	200	segoeui_semilight.woff2 blobs.officehome.msocdn.com/versionless/webfonts/	12 KB 12 KB	327ms 109ms	Font application/octet-stream	72.247.226.78 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://blobs.officehome.msocdn.com/versionless/webfonts/segoeui_semilight.woff2 Requested by Host: nowwafsxd.com URL: http://nowwafsxd.com/eFax/officex.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 72.247.226.78 , United States, ASN16625 (AKAMAI-AS, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash 633894cf845287f205f1b5bd26b7667dda186695fce3d789306f30c5fbdb14b5 Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer http://nowwafsxd.com/eFax/officex.html Origin http://nowwafsxd.com Response headers x-ms-blob-type BlockBlob date Mon, 08 Jun 2020 17:27:48 GMT content-md5 NqyaI2UXO2R2V62CmuZP8A== status 200 x-cache-start 1581246712 content-length 12164 x-ms-lease-status unlocked last-modified Tue, 24 Sep 2019 17:42:02 GMT server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 etag 0x8D74116824819F7 content-type application/octet-stream access-control-allow-origin * x-ms-request-id fb394104-f01e-0052-5039-df6a1e000000 access-control-expose-headers content-length x-ms-version 2009-09-19 timing-allow-origin *
GET H2	200	hero-xxl-b79c4b74fa.jpg blobs.officehome.msocdn.com/images/content/images/	515 KB 517 KB	257ms 75ms	Image image/jpeg	72.247.226.78 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://blobs.officehome.msocdn.com/images/content/images/hero-xxl-b79c4b74fa.jpg Requested by Host: nowwafsxd.com URL: http://nowwafsxd.com/eFax/officex.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 72.247.226.78 , United States, ASN16625 (AKAMAI-AS, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash eb4506c6341c8bed31416f698406b26cadf9773b1a70f65a6115bedf88960b02 Request headers Referer http://nowwafsxd.com/eFax/officex.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Mon, 08 Jun 2020 17:27:48 GMT x-cdn 1 content-md5 t5xLdPqw3fIYFd/2RI3Ubg== status 200 x-cache-start 1585850574, 1585850575 content-length 527605 x-ms-lease-status unlocked last-modified Tue, 24 Mar 2020 22:35:34 GMT server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 etag 0x8D7D043AAA2C0B9 content-type image/jpeg access-control-allow-origin * x-ms-request-id 15b6ecc3-901e-00e3-5818-099263000000 access-control-expose-headers content-length x-ms-version 2009-09-19 timing-allow-origin * x-ms-meta-cloudbuildid 4a8270d9-6519-10de-74bd-1abab94f4a54
GET H2	200	linkedin-refresh-02734a460c.png blobs.officehome.msocdn.com/images/content/images/	315 B 743 B	425ms 243ms	Image image/png	72.247.226.78 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://blobs.officehome.msocdn.com/images/content/images/linkedin-refresh-02734a460c.png Requested by Host: nowwafsxd.com URL: http://nowwafsxd.com/eFax/officex.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 72.247.226.78 , United States, ASN16625 (AKAMAI-AS, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash e495966dd87033ec1e3f55c58062de559b251aad1cabf20dd2af44cd34675cd6 Request headers Referer http://nowwafsxd.com/eFax/officex.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Mon, 08 Jun 2020 17:27:48 GMT x-cdn 3 content-md5 AnNKRgwD0guMSuodmnt9zQ== status 200 x-cache-start 1585850571, 1585850574 content-length 315 x-ms-lease-status unlocked last-modified Tue, 24 Mar 2020 22:35:35 GMT server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 etag 0x8D7D043AB3DBD8F content-type image/png access-control-allow-origin * x-ms-request-id 9ce61e00-f01e-0059-7218-09726a000000 access-control-expose-headers content-length x-ms-version 2009-09-19 timing-allow-origin * x-ms-meta-cloudbuildid 4a8270d9-6519-10de-74bd-1abab94f4a54
GET H2	200	facebook-refresh-090a700c0f.png blobs.officehome.msocdn.com/images/content/images/	256 B 684 B	427ms 245ms	Image image/png	72.247.226.78 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://blobs.officehome.msocdn.com/images/content/images/facebook-refresh-090a700c0f.png Requested by Host: nowwafsxd.com URL: http://nowwafsxd.com/eFax/officex.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 72.247.226.78 , United States, ASN16625 (AKAMAI-AS, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash 81dd42197f137d54b0833fb24aab0c9a05ac07bd4aecec3f79ac281bbc46b64a Request headers Referer http://nowwafsxd.com/eFax/officex.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Mon, 08 Jun 2020 17:27:48 GMT x-cdn 3 content-md5 CQpwDA8/7v9EYLS3erXHuQ== status 200 x-cache-start 1585850571, 1585850574 content-length 256 x-ms-lease-status unlocked last-modified Tue, 24 Mar 2020 22:35:29 GMT server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 etag 0x8D7D043A81D9C29 content-type image/png access-control-allow-origin * x-ms-request-id 48092327-201e-0139-2918-09711d000000 access-control-expose-headers content-length x-ms-version 2009-09-19 timing-allow-origin * x-ms-meta-cloudbuildid 4a8270d9-6519-10de-74bd-1abab94f4a54
GET H2	200	instagram-refresh-5d315a943e.png blobs.officehome.msocdn.com/images/content/images/	410 B 837 B	427ms 246ms	Image image/png	72.247.226.78 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://blobs.officehome.msocdn.com/images/content/images/instagram-refresh-5d315a943e.png Requested by Host: nowwafsxd.com URL: http://nowwafsxd.com/eFax/officex.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 72.247.226.78 , United States, ASN16625 (AKAMAI-AS, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash 9ede85d6c2139703e1a1dfa94105f6063607bc0f2f53cfb98d30daf90134bc51 Request headers Referer http://nowwafsxd.com/eFax/officex.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Mon, 08 Jun 2020 17:27:48 GMT x-cdn 3 content-md5 XTFalD7d5tEG9whWdRjPSA== status 200 x-cache-start 1585850571, 1585850574 content-length 410 x-ms-lease-status unlocked last-modified Tue, 24 Mar 2020 22:35:34 GMT server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 etag 0x8D7D043AAF9A338 content-type image/png access-control-allow-origin * x-ms-request-id f631b519-101e-0053-0718-096be3000000 access-control-expose-headers content-length x-ms-version 2009-09-19 timing-allow-origin * x-ms-meta-cloudbuildid 4a8270d9-6519-10de-74bd-1abab94f4a54
GET H2	200	blog-33305b0d90.png blobs.officehome.msocdn.com/images/content/images/	1 KB 2 KB	421ms 246ms	Image image/png	72.247.226.78 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://blobs.officehome.msocdn.com/images/content/images/blog-33305b0d90.png Requested by Host: nowwafsxd.com URL: http://nowwafsxd.com/eFax/officex.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 72.247.226.78 , United States, ASN16625 (AKAMAI-AS, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash 207f50299063fbb1f3b17bc02663cc5e8fb3b385e8ea29919d1af13a7baa6247 Request headers Referer http://nowwafsxd.com/eFax/officex.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Mon, 08 Jun 2020 17:27:48 GMT x-cdn 3 content-md5 MzBbDZBmL4Fv/waONoik2w== status 200 x-cache-start 1585850571, 1585850574 content-length 1131 x-ms-lease-status unlocked last-modified Tue, 24 Mar 2020 22:35:29 GMT server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 etag 0x8D7D043A7D9D01C content-type image/png access-control-allow-origin * x-ms-request-id 15b6e860-901e-00e3-1918-099263000000 access-control-expose-headers content-length x-ms-version 2009-09-19 timing-allow-origin * x-ms-meta-cloudbuildid 4a8270d9-6519-10de-74bd-1abab94f4a54
GET DATA	200 OK	truncated /	33 KB 33 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 4f7f4afe26e71fa9ca1dac4a43b557a554a46f53251d849f07ed08a04829d74b Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer http://nowwafsxd.com/eFax/officex.html Origin http://nowwafsxd.com Response headers Content-Type font/woff2
GET DATA	200 OK	truncated /	26 KB 26 KB		Font application/font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12 Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer http://nowwafsxd.com/eFax/officex.html Origin http://nowwafsxd.com Response headers Content-Type application/font-woff
GET H/1.1	200 OK	officex.html nowwafsxd.com/eFax/	680 KB 680 KB	169ms 168ms	Font text/html	162.241.29.244 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL http://nowwafsxd.com/eFax/officex.html Requested by Host: nowwafsxd.com URL: http://nowwafsxd.com/eFax/officex.html Protocol HTTP/1.1 Server 162.241.29.244 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-241-29-244.unifiedlayer.com Software Apache / Resource Hash 28e76ebb1e5a6f267375abbb8d476e268eaf6628f1d5a629771b804f108422db Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer http://nowwafsxd.com/eFax/officex.html Origin http://nowwafsxd.com Response headers Date Mon, 08 Jun 2020 17:27:48 GMT Last-Modified Fri, 22 May 2020 03:55:10 GMT Server Apache Content-Type text/html Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 696487
GET H/1.1	200 OK	jquery-3.4.1.min.js Show response code.jquery.com/	86 KB 30 KB	21ms 7ms	Script application/javascript	2001:4de0:ac19::1:b:1b HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.4.1.min.js Requested by Host: nowwafsxd.com URL: http://nowwafsxd.com/eFax/officex.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2001:4de0:ac19::1:b:1b , Netherlands, ASN20446 (HIGHWINDS3, US), Reverse DNS Software nginx / Resource Hash 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Request headers Referer http://nowwafsxd.com/eFax/officex.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Mon, 08 Jun 2020 17:27:49 GMT Content-Encoding gzip Last-Modified Wed, 01 May 2019 21:14:27 GMT Server nginx ETag W/"5cca0c33-15851" Vary Accept-Encoding X-HW 1591637269.dop027.fr8.shc,1591637269.dop027.fr8.t,1591637269.cds159.fr8.c Content-Type application/javascript; charset=utf-8 Access-Control-Allow-Origin * Cache-Control max-age=315360000, public Connection Keep-Alive Accept-Ranges bytes Content-Length 30638
GET DATA	200 OK	truncated /	358 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash ee2b841529e5d06aeae7f65b413b40bbfef5161c9fad9a8a1755dac03806291b Request headers Referer http://nowwafsxd.com/eFax/officex.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/svg+xml;charset=utf-8
GET DATA	200 OK	truncated /	11 KB 11 KB		Font application/octet-stream
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 2cd3ef7b5b677b7827bfbe5b926a283e7ca687ddb6b021fa4289630671ebd061 Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer http://nowwafsxd.com/eFax/officex.html Origin http://nowwafsxd.com Response headers Content-Type application/octet-stream

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| savepage_ShadowLoader function| $ function| jQuery function| validate

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

blobs.officehome.msocdn.com
code.jquery.com
nowwafsxd.com
162.241.29.244
2001:4de0:ac19::1:b:1b
72.247.226.78
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
207f50299063fbb1f3b17bc02663cc5e8fb3b385e8ea29919d1af13a7baa6247
22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12
28e76ebb1e5a6f267375abbb8d476e268eaf6628f1d5a629771b804f108422db
2cd3ef7b5b677b7827bfbe5b926a283e7ca687ddb6b021fa4289630671ebd061
4f7f4afe26e71fa9ca1dac4a43b557a554a46f53251d849f07ed08a04829d74b
57febfbad63b722a38bc668e67bc7c2dc02eca221f26db3a9303c1bd584a1a42
633894cf845287f205f1b5bd26b7667dda186695fce3d789306f30c5fbdb14b5
7abf5b84a98f4b2bf323d811c921fcf86f48f29c7c1642a2c32e73ecd06a13c3
81dd42197f137d54b0833fb24aab0c9a05ac07bd4aecec3f79ac281bbc46b64a
9ede85d6c2139703e1a1dfa94105f6063607bc0f2f53cfb98d30daf90134bc51
bb232fd09a6696ce21ec10a43b89933e12ad866dfde30a4a6a08e08082e6557d
e495966dd87033ec1e3f55c58062de559b251aad1cabf20dd2af44cd34675cd6
eb4506c6341c8bed31416f698406b26cadf9773b1a70f65a6115bedf88960b02
ee2b841529e5d06aeae7f65b413b40bbfef5161c9fad9a8a1755dac03806291b