| pub-25c3a787c56649d2b1808f40ea2a404b.r2.dev/safeauth.html | 104.18.2.35 | | 518 kB |
URL pub-25c3a787c56649d2b1808f40ea2a404b.r2.dev/safeauth.html IP104.18.2.35:0
File typeHTML document, ASCII text, with very long lines (23074) Size518 kB (518107 bytes) Hashf8670f265b18125b596571e7dab93d95 0744c2ad17b644b7122d109db9f28495d0462c0e 0fa2212497b78b5d080f9d422df709529636c53f7e3e6d62fb06bfc102079b88
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - Suspicious Javascript code | OpenPhish | phishing | Office365 | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET /safeauth.html HTTP/1.1
Host: pub-25c3a787c56649d2b1808f40ea2a404b.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 16:22:39 GMT
Content-Type: text/html
Content-Length: 518107
Connection: keep-alive
Accept-Ranges: bytes
ETag: "f8670f265b18125b596571e7dab93d95"
Last-Modified: Thu, 04 Apr 2024 11:28:52 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87976eeb598c56b7-OSL
|
| ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js | 142.250.74.106 | | 30 kB |
URL ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js IP142.250.74.106:0
File typeJavaScript source, ASCII text, with very long lines (65451) Hasha09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-25c3a787c56649d2b1808f40ea2a404b.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 11:06:16 GMT
expires: Fri, 18 Apr 2025 11:06:16 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 537383
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
IP20.190.181.23:0 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
File typeHTML document, Unicode text, UTF-8 text, with very long lines (23494) Hashe69d5c751b87b948ad07a1df2932fcd9 551e39ce464a9d9d170123005279d0665b37f5f2 c1c5201ffadfd4bf84afa5a8de8efff66b9f0040ace48ba2f67bbf068d1953ad
GET / HTTP/1.1
Host: login.live.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://pub-25c3a787c56649d2b1808f40ea2a404b.r2.dev/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: Wed, 24 Apr 2024 16:21:40 GMT
Vary: Accept-Encoding
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
X-DNS-Prefetch-Control: on
Link: <https://logincdn.msauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msftauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msauth.net/>; rel=dns-prefetch, <https://acctcdn.msftauth.net/>; rel=dns-prefetch, <https://acctcdnmsftuswe2.azureedge.net/>; rel=dns-prefetch, <https://acctcdnvzeuno.azureedge.net/>; rel=dns-prefetch, <https://logincdn.msauth.net/>; rel=dns-prefetch, <https://logincdn.msftauth.net/>; rel=dns-prefetch, <https://lgincdnvzeuno.azureedge.net/>; rel=dns-prefetch, <https://lgincdnmsftuswe2.azureedge.net/>; rel=dns-prefetch
Referrer-Policy: strict-origin-when-cross-origin
x-ms-route-info: C557_BL2
x-ms-request-id: 2bdadbd7-218d-46f2-9e1e-6692d68d788f
PPServer: PPV: 30 H: BL02EPF0001DA1A V: 0
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1; mode=block
Set-Cookie: uaid=d86ede7d95c84080a46eb37bf5a45343; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
MSPRequ=id=N<=1713975760&co=1; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
MSCC=91.90.42.154-NO; expires=Mon, 19-May-2025 16:22:40 GMT; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
MSPOK=$uuid-7b53637f-00f4-443b-9423-c3021539a001; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
OParams=11O.Dq8iyTqhMvdvgeXcPzMWEx9j9eeFY0du0p8zhLUDRnzHaYDNjCx6oZfa8Evy7WX0TEG2jbOb!mLkKzVvMpEFm4tML2bjf3LlKmk65As2Ugizfa8oY0LR1JHkaG*TWvIxqDrKzpBJOrNdppw5xLseD!k$; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
Date: Wed, 24 Apr 2024 16:22:39 GMT
Content-Length: 10511
|