microsoft0ffice365login.wispform.com Open in urlscan Pro
54.157.4.65  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

30 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request b40bbf84 Show response microsoft0ffice365login.wispform.com/	584 B 932 B	372ms 102ms	Document text/html	54.157.4.65 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://microsoft0ffice365login.wispform.com/b40bbf84 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 54.157.4.65 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-157-4-65.compute-1.amazonaws.com Software Cowboy / Express Resource Hash e5a4e0e1ece06a1d30dd4cbc413641fb284ef63ecb61558c24a0e42fef11ceb5 Request headers Upgrade-Insecure-Requests 1 User-Agent phishfarmer Accept-Language de-DE,de;q=0.9 Response headers Server Cowboy Connection keep-alive X-Powered-By Express Accept-Ranges bytes Cache-Control public, max-age=0 Last-Modified Sun, 24 Oct 2021 18:13:22 GMT Etag W/"248-17cb381d1d0" Content-Type text/html; charset=UTF-8 Content-Length 584 Vary Accept-Encoding Date Tue, 16 Nov 2021 21:59:51 GMT Via 1.1 vegur
GET H2	200	/ Show response js.stripe.com/v3/	266 KB 64 KB	52ms 6ms	Script application/javascript	151.101.64.176 FASTLY
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/ Requested by Host: microsoft0ffice365login.wispform.com URL: https://microsoft0ffice365login.wispform.com/b40bbf84 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.64.176 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Fastly / Resource Hash 725b1b96de3830ef081fcbdf22ee4edc4f8cea45f310e88d7595ca2091eb5fcd Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://microsoft0ffice365login.wispform.com/ User-Agent phishfarmer Response headers strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding br x-content-type-options nosniff age 9 x-cache HIT content-length 65369 etag "a4877f8d9bbf8b4aac9c67f6840fd39f" x-request-id 4f6f1ad1-694f-4b23-aa79-879102ab860b x-served-by cache-hhn4077-HHN access-control-allow-origin * last-modified Tue, 16 Nov 2021 21:28:31 GMT server Fastly date Tue, 16 Nov 2021 21:59:51 GMT vary Accept-Encoding content-type application/javascript; charset=utf-8 via 1.1 varnish cache-control max-age=60 accept-ranges bytes timing-allow-origin * x-cache-hits 7
GET H/1.1	200 OK	main.a9add97d.css microsoft0ffice365login.wispform.com/static/css/	281 KB 49 KB	99ms 99ms	Stylesheet text/css	54.157.4.65 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://microsoft0ffice365login.wispform.com/static/css/main.a9add97d.css Requested by Host: microsoft0ffice365login.wispform.com URL: https://microsoft0ffice365login.wispform.com/b40bbf84 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 54.157.4.65 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-157-4-65.compute-1.amazonaws.com Software Cowboy / Express Resource Hash 3fc672c61069f0381a360209e3c5a514e679f81a348b4cda365a1ec8535915ee Request headers Accept-Language de-DE,de;q=0.9 Referer https://microsoft0ffice365login.wispform.com/b40bbf84 User-Agent phishfarmer Response headers Date Tue, 16 Nov 2021 21:59:51 GMT Content-Encoding gzip Etag W/"4621c-17cb381d1d0" Last-Modified Sun, 24 Oct 2021 18:13:22 GMT Server Cowboy X-Powered-By Express Vary Accept-Encoding Content-Type text/css; charset=UTF-8 Via 1.1 vegur Cache-Control public, max-age=0 Transfer-Encoding chunked Connection keep-alive Accept-Ranges bytes
GET H/1.1	200 OK	main.b61954c5.js Show response microsoft0ffice365login.wispform.com/static/js/	5 MB 1 MB	314ms 104ms	Script application/javascript	54.157.4.65 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://microsoft0ffice365login.wispform.com/static/js/main.b61954c5.js Requested by Host: microsoft0ffice365login.wispform.com URL: https://microsoft0ffice365login.wispform.com/b40bbf84 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 54.157.4.65 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-157-4-65.compute-1.amazonaws.com Software Cowboy / Express Resource Hash bf85e15f7cefc34294721f74d9ab06b79dc574b2a68278080de2a168ef39b11c Request headers Accept-Language de-DE,de;q=0.9 Referer https://microsoft0ffice365login.wispform.com/b40bbf84 User-Agent phishfarmer Response headers Date Tue, 16 Nov 2021 21:59:51 GMT Content-Encoding gzip Etag W/"543de9-17cb381d1d0" Last-Modified Sun, 24 Oct 2021 18:13:22 GMT Server Cowboy X-Powered-By Express Vary Accept-Encoding Content-Type application/javascript; charset=UTF-8 Via 1.1 vegur Cache-Control public, max-age=0 Transfer-Encoding chunked Connection keep-alive Accept-Ranges bytes
GET H2	200	css2 fonts.googleapis.com/	804 B 650 B	854ms 60ms	Stylesheet text/css	142.250.185.170 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap Requested by Host: microsoft0ffice365login.wispform.com URL: https://microsoft0ffice365login.wispform.com/static/css/main.a9add97d.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.185.170 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s51-in-f10.1e100.net Software ESF / Resource Hash 0625c0d91ccfc2ecee28e094f4d343570c095581011287f8c7754bbf58a3684d Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://microsoft0ffice365login.wispform.com/ User-Agent phishfarmer Response headers date Tue, 16 Nov 2021 21:59:52 GMT content-encoding gzip x-content-type-options nosniff server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400 cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 expires Tue, 16 Nov 2021 21:59:52 GMT
GET H2	200	analytics.js Show response www.google-analytics.com/	49 KB 20 KB	1796ms 826ms	Script text/javascript	2a00:1450:4001:82a::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: microsoft0ffice365login.wispform.com URL: https://microsoft0ffice365login.wispform.com/static/js/main.b61954c5.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://microsoft0ffice365login.wispform.com/ User-Agent phishfarmer Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Tue, 02 Nov 2021 17:39:06 GMT server Golfe2 age 7127 date Tue, 16 Nov 2021 20:01:06 GMT vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 20006 expires Tue, 16 Nov 2021 22:01:06 GMT
GET H/1.1	200 OK	Form.830b9b78.chunk.js Show response microsoft0ffice365login.wispform.com/static/js/	231 B 591 B	98ms 98ms	Script application/javascript	54.157.4.65 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://microsoft0ffice365login.wispform.com/static/js/Form.830b9b78.chunk.js Requested by Host: microsoft0ffice365login.wispform.com URL: https://microsoft0ffice365login.wispform.com/static/js/main.b61954c5.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 54.157.4.65 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-157-4-65.compute-1.amazonaws.com Software Cowboy / Express Resource Hash 32ee4f61cee76be867fd840d23203a8c4f2ce4b115c77430fb0181cbd2c9d045 Request headers Accept-Language de-DE,de;q=0.9 Referer https://microsoft0ffice365login.wispform.com/b40bbf84 User-Agent phishfarmer Response headers Date Tue, 16 Nov 2021 21:59:52 GMT Via 1.1 vegur Etag W/"e7-17cb381d1d0" Last-Modified Sun, 24 Oct 2021 18:13:22 GMT Server Cowboy X-Powered-By Express Vary Accept-Encoding Content-Type application/javascript; charset=UTF-8 Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 231
GET H2	200	gtm.js Show response www.googletagmanager.com/	118 KB 45 KB	4112ms 3829ms	Script application/javascript	2a00:1450:4001:829::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-WLT42B5 Requested by Host: microsoft0ffice365login.wispform.com URL: https://microsoft0ffice365login.wispform.com/b40bbf84 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 71fb519bbab20f1b89944541c54f3547c76a8d11b8802dd4d077ddfeb186b64b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://microsoft0ffice365login.wispform.com/ User-Agent phishfarmer Response headers date Tue, 16 Nov 2021 21:59:53 GMT content-encoding br vary Accept-Encoding cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 46097 x-xss-protection 0 last-modified Tue, 16 Nov 2021 21:33:15 GMT server Google Tag Manager strict-transport-security max-age=31536000; includeSubDomains content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Tue, 16 Nov 2021 21:59:53 GMT
GET H2	200	ns.html Show response www.googletagmanager.com/ Frame 928A	266 B 504 B	3953ms 3752ms	Document text/html	2a00:1450:4001:829::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/ns.html?id=GTM-WLT42B5 Requested by Host: microsoft0ffice365login.wispform.com URL: https://microsoft0ffice365login.wispform.com/static/js/main.b61954c5.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 1508490e2a7f3949d866ce8f032895224c55a02eb24f9ada50c7cb79a4c887c8 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent phishfarmer Accept-Language de-DE,de;q=0.9 Referer https://microsoft0ffice365login.wispform.com/ Response headers content-type text/html; charset=UTF-8 content-encoding br vary * date Tue, 16 Nov 2021 21:59:53 GMT pragma no-cache expires Fri, 01 Jan 1990 00:00:00 GMT cache-control no-cache, no-store, must-revalidate strict-transport-security max-age=31536000; includeSubDomains cross-origin-embedder-policy require-corp cross-origin-resource-policy cross-origin server Google Tag Manager content-length 92 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H/1.1	403 Forbidden	51555f4e534f535a480c5a5a555f590f0a0950535b5552125e080c5e5e5a0408 wispform-file.s3.us-east-2.amazonaws.com/	0 0	454ms 121ms	Image application/xml	52.219.105.226 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://wispform-file.s3.us-east-2.amazonaws.com/51555f4e534f535a480c5a5a555f590f0a0950535b5552125e080c5e5e5a0408 Requested by Host: microsoft0ffice365login.wispform.com URL: https://microsoft0ffice365login.wispform.com/b40bbf84 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.219.105.226 Columbus, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-r-w.us-east-2.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://microsoft0ffice365login.wispform.com/ User-Agent phishfarmer Response headers
GET H2	200	m-outer-f7902241893e7a497417843cb15dc858.html Show response js.stripe.com/v3/ Frame 4F13	240 B 539 B	7ms 6ms	Document text/html	151.101.64.176 FASTLY
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/m-outer-f7902241893e7a497417843cb15dc858.html Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.64.176 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Fastly / Resource Hash 1969520bd7b0ea7b84b1cbdda4a8ae93c321abe6eaeff82b5fa496680bf88a0f Security Headers Name Value Content-Security-Policy default-src 'self'; connect-src 'self' https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src https://m.stripe.network; img-src https://q.stripe.com; font-src 'none'; media-src 'none'; object-src 'none'; report-uri https://q.stripe.com/csp-report Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Upgrade-Insecure-Requests 1 User-Agent phishfarmer Accept-Language de-DE,de;q=0.9 Referer https://microsoft0ffice365login.wispform.com/ Response headers last-modified Wed, 27 Oct 2021 22:19:31 GMT etag "f7902241893e7a497417843cb15dc858" content-type text/html; charset=utf-8 content-security-policy default-src 'self'; connect-src 'self' https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src https://m.stripe.network; img-src https://q.stripe.com; font-src 'none'; media-src 'none'; object-src 'none'; report-uri https://q.stripe.com/csp-report strict-transport-security max-age=31556926; includeSubDomains; preload x-content-type-options nosniff access-control-allow-origin * server Fastly content-encoding br accept-ranges bytes date Tue, 16 Nov 2021 21:59:52 GMT via 1.1 varnish age 41 x-request-id 74a01350-0950-4a19-8f06-f017ad2b368f x-served-by cache-hhn4077-HHN x-cache HIT x-cache-hits 67 vary Accept-Encoding timing-allow-origin * cache-control max-age=60 content-length 141
GET H2	200	KFOmCnqEu92Fr1Me5Q.ttf fonts.gstatic.com/s/roboto/v29/	127 KB 69 KB	424ms 37ms	Font font/ttf	142.250.184.227 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Me5Q.ttf Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.184.227 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s12-in-f3.1e100.net Software sffe / Resource Hash e294f7580d272f024161c6e5c744278f90d45ee67846f66d4083f7aef61c979e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://microsoft0ffice365login.wispform.com Accept-Language de-DE,de;q=0.9 User-Agent phishfarmer Response headers date Mon, 15 Nov 2021 11:57:44 GMT content-encoding gzip x-content-type-options nosniff age 122529 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 69671 x-xss-protection 0 last-modified Wed, 22 Sep 2021 16:13:23 GMT server sffe vary Accept-Encoding report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/ttf access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Tue, 15 Nov 2022 11:57:44 GMT
POST H2	200	csp-report q.stripe.com/ Frame 4F13	0 347 B	530ms 173ms	Other text/plain	54.186.23.98 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://q.stripe.com/csp-report Requested by Host: microsoft0ffice365login.wispform.com URL: https://microsoft0ffice365login.wispform.com/b40bbf84 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-186-23-98.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://js.stripe.com/ Accept-Language de-DE,de;q=0.9 User-Agent phishfarmer Content-Type application/csp-report Response headers date Tue, 16 Nov 2021 21:59:53 GMT server nginx access-control-max-age 3600 access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin https://js.stripe.com access-control-expose-headers Server, Range, Content-Type x-envoy-upstream-service-time 5 access-control-allow-headers Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token content-length 0
GET H2	200	m-outer-639174098ea8fe7fede6fa654790e8ec.js Show response js.stripe.com/v3/fingerprinted/js/ Frame 4F13	1 KB 797 B	7ms 6ms	Script application/javascript	151.101.64.176 FASTLY
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/fingerprinted/js/m-outer-639174098ea8fe7fede6fa654790e8ec.js Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/m-outer-f7902241893e7a497417843cb15dc858.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.64.176 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Fastly / Resource Hash 6b5402ff8932ed835d39a31b75c6bc737a80f6ddcd6269a1fa53556485ca3ad8 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://js.stripe.com/v3/m-outer-f7902241893e7a497417843cb15dc858.html User-Agent phishfarmer Response headers strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding br x-content-type-options nosniff age 36 x-cache HIT content-length 645 etag "5213886b88cd72e6d0aebc89868e5d13" x-request-id 55b4c6e4-1a0e-4459-94f9-a584b5724628 x-served-by cache-hhn4077-HHN access-control-allow-origin * last-modified Mon, 25 Oct 2021 19:35:20 GMT server Fastly date Tue, 16 Nov 2021 21:59:53 GMT vary Accept-Encoding content-type application/javascript; charset=utf-8 via 1.1 varnish cache-control max-age=60 accept-ranges bytes timing-allow-origin * x-cache-hits 58
GET H/1.1	200 OK	b40bbf84 Show response fingerform.herokuapp.com/api/v1/forms/b40bbf84/question_details/	2 KB 3 KB	146ms 146ms	XHR application/json	54.243.238.66 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://fingerform.herokuapp.com/api/v1/forms/b40bbf84/question_details/b40bbf84 Requested by Host: microsoft0ffice365login.wispform.com URL: https://microsoft0ffice365login.wispform.com/static/js/main.b61954c5.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.243.238.66 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-243-238-66.compute-1.amazonaws.com Software Cowboy / Resource Hash 0c2bb1b5ddc2efdd4a3cbfc1c8549c11365b9804b736564ebb092cce6838d08f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept application/json, text/plain, */* Referer https://microsoft0ffice365login.wispform.com/ referral other Accept-Language de-DE,de;q=0.9 User-Agent phishfarmer form_name microsoft0ffice365login Response headers Date Tue, 16 Nov 2021 21:59:53 GMT Via 1.1 vegur X-Content-Type-Options nosniff X-Permitted-Cross-Domain-Policies none Transfer-Encoding chunked Access-Control-Max-Age 7200 Connection keep-alive Vary Origin X-Xss-Protection 1; mode=block X-Request-Id 3b2181cf-9c3d-4cc2-89ae-e2eea6f3b264 X-Runtime 0.040350 Referrer-Policy strict-origin-when-cross-origin Server Cowboy X-Frame-Options SAMEORIGIN Etag W/"0c2bb1b5ddc2efdd4a3cbfc1c8549c11" X-Download-Options noopen Strict-Transport-Security max-age=31536000; includeSubDomains Access-Control-Allow-Methods GET, POST, OPTIONS, PATCH, PUT, DELETE Content-Type application/json; charset=utf-8 Access-Control-Allow-Origin https://microsoft0ffice365login.wispform.com Access-Control-Expose-Headers Cache-Control max-age=0, private, must-revalidate Access-Control-Allow-Credentials true
OPTIONS H/1.1	200 OK	b40bbf84 fingerform.herokuapp.com/api/v1/forms/b40bbf84/question_details/ Frame	0 0	416ms 104ms	Preflight	54.243.238.66 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://fingerform.herokuapp.com/api/v1/forms/b40bbf84/question_details/b40bbf84 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.243.238.66 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-243-238-66.compute-1.amazonaws.com Software Cowboy / Resource Hash Request headers Accept */* Access-Control-Request-Method GET Access-Control-Request-Headers form_name,referral Origin https://microsoft0ffice365login.wispform.com User-Agent phishfarmer Sec-Fetch-Mode cors Response headers Server Cowboy Date Tue, 16 Nov 2021 21:59:52 GMT Connection keep-alive Access-Control-Allow-Origin * Access-Control-Allow-Methods GET, POST, OPTIONS, PATCH, PUT, DELETE Access-Control-Expose-Headers Access-Control-Max-Age 7200 Access-Control-Allow-Headers form_name,referral Transfer-Encoding chunked Via 1.1 vegur
GET H2	200	inner.html Show response m.stripe.network/ Frame 88AF	932 B 1 KB	13ms 6ms	Document text/html	151.101.64.176 FASTLY
General Check archive.org Show headers Download Go to Full URL https://m.stripe.network/inner.html Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-639174098ea8fe7fede6fa654790e8ec.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.64.176 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Fastly / Resource Hash ed34a59f182c66e2b25c602f3c9b0f21435a8f475d5dbc9e6830ff4c7929f5cd Security Headers Name Value Content-Security-Policy connect-src 'self' https://m.stripe.com; default-src 'self'; font-src data: https:; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; media-src 'none'; object-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; report-uri https://q.stripe.com/csp-report Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Upgrade-Insecure-Requests 1 User-Agent phishfarmer Accept-Language de-DE,de;q=0.9 Referer https://js.stripe.com/ Response headers content-type text/html; charset=utf-8 cache-control max-age=300, public content-security-policy connect-src 'self' https://m.stripe.com; default-src 'self'; font-src data: https:; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; media-src 'none'; object-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; report-uri https://q.stripe.com/csp-report content-security-policy-report-only base-uri 'none'; connect-src 'self' https://m.stripe.com; default-src 'none'; font-src 'self'; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; script-src 'self' 'sha256-Qj6AdMOUjZkBBUTjGW/OORBoqx2Pohcq8Bg/ZvZzgYw='; style-src 'self'; report-uri https://q.stripe.com/csp-report strict-transport-security max-age=31556926; includeSubDomains; preload x-content-type-options nosniff server Fastly content-encoding gzip accept-ranges bytes date Tue, 16 Nov 2021 21:59:53 GMT via 1.1 varnish age 47 x-request-id 087640f9-2c57-47d5-8ba6-86e66e50b321 x-served-by cache-hhn4077-HHN x-cache HIT x-cache-hits 59 x-timer S1637099993.041926,VS0,VE0 vary Accept-Encoding, Origin content-length 528
GET DATA	200 OK	truncated /	838 B 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 1c67b7d008365d39885e4598f7067bb9af3c67a846b8d97a9c80927714c97c7f Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent phishfarmer Response headers Content-Type image/jpeg
POST H2	200	csp-report q.stripe.com/ Frame 88AF	0 122 B	1795ms 1467ms	Other text/plain	54.186.23.98 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://q.stripe.com/csp-report Requested by Host: microsoft0ffice365login.wispform.com URL: https://microsoft0ffice365login.wispform.com/b40bbf84 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-186-23-98.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload Request headers Referer https://m.stripe.network/ Accept-Language de-DE,de;q=0.9 User-Agent phishfarmer Content-Type application/csp-report Response headers date Tue, 16 Nov 2021 21:59:54 GMT x-envoy-upstream-service-time 1298 server nginx content-length 0 strict-transport-security max-age=31556926; includeSubDomains; preload
POST H2	200	csp-report q.stripe.com/ Frame 88AF	0 122 B	2015ms 1687ms	Other text/plain	54.186.23.98 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://q.stripe.com/csp-report Requested by Host: microsoft0ffice365login.wispform.com URL: https://microsoft0ffice365login.wispform.com/b40bbf84 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-186-23-98.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload Request headers Referer https://m.stripe.network/ Accept-Language de-DE,de;q=0.9 User-Agent phishfarmer Content-Type application/csp-report Response headers date Tue, 16 Nov 2021 21:59:54 GMT x-envoy-upstream-service-time 1518 server nginx content-length 0 strict-transport-security max-age=31556926; includeSubDomains; preload
GET H2	200	out-4.5.41.js Show response m.stripe.network/ Frame 88AF	85 KB 16 KB	7ms 6ms	Script text/javascript	151.101.64.176 FASTLY
General Check archive.org Show headers Download Go to Full URL https://m.stripe.network/out-4.5.41.js Requested by Host: m.stripe.network URL: https://m.stripe.network/inner.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.64.176 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Fastly / Resource Hash a2f6b81396ab1150effea054efbf1623212ea0419976389ce8f10e909d39e4c7 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://m.stripe.network/inner.html User-Agent phishfarmer Response headers strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff age 36 x-cache HIT content-length 15786 x-request-id 24e3f27f-bfca-4fab-8cf2-867e040fc704 x-served-by cache-hhn4077-HHN server Fastly x-timer S1637099993.054533,VS0,VE0 date Tue, 16 Nov 2021 21:59:53 GMT vary Accept-Encoding, Origin content-type text/javascript; charset=utf-8 via 1.1 varnish cache-control max-age=300, public accept-ranges bytes x-cache-hits 41
POST H2	200	6 Show response m.stripe.com/ Frame 88AF	156 B 517 B	520ms 173ms	XHR text/plain	52.36.204.98 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://m.stripe.com/6 Requested by Host: m.stripe.network URL: https://m.stripe.network/out-4.5.41.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.36.204.98 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-36-204-98.us-west-2.compute.amazonaws.com Software nginx / Resource Hash 3310736285ad12ccfe415c1b4ee075afc41baa9510806776fe1853f9e752e5bd Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://m.stripe.network/ Accept-Language de-DE,de;q=0.9 User-Agent phishfarmer Content-Type text/plain;charset=UTF-8 Response headers date Tue, 16 Nov 2021 21:59:53 GMT content-encoding gzip x-content-type-options nosniff server nginx vary Accept-Encoding content-type text/plain;charset=utf-8 access-control-allow-origin https://m.stripe.network access-control-allow-credentials true strict-transport-security max-age=31556926; includeSubDomains; preload access-control-allow-headers Content-Type
GET H/1.1	200 OK	microsoft_1633036261642.jpg wispform-file.s3.us-east-2.amazonaws.com/	273 KB 274 KB	472ms 151ms	Image application/octet-stream	52.219.105.226 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://wispform-file.s3.us-east-2.amazonaws.com/microsoft_1633036261642.jpg Requested by Host: microsoft0ffice365login.wispform.com URL: https://microsoft0ffice365login.wispform.com/b40bbf84 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.219.105.226 Columbus, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-r-w.us-east-2.amazonaws.com Software AmazonS3 / Resource Hash 6bde963a562ffd594492bdff280c01e9e6518856aa3a9f14b96fcad867ce2f0f Request headers Accept-Language de-DE,de;q=0.9 Referer https://microsoft0ffice365login.wispform.com/ User-Agent phishfarmer Response headers x-amz-server-side-encryption AES256 Date Tue, 16 Nov 2021 21:59:54 GMT Last-Modified Thu, 30 Sep 2021 21:11:05 GMT Server AmazonS3 x-amz-request-id 9E78MA53JEAAFF2A ETag "bcc8c3add31d42b2c4b6d13c0db8d3a5" Content-Type application/octet-stream Accept-Ranges bytes Content-Length 279841 x-amz-id-2 ppO4aI7ZvW+LNq/JKRs15IZ7idigNdHb1FTn/CnAj6CQMIMY1tXvagQQo3/d9CWD55Sl6tPF6J4=
GET H2	200	KFOlCnqEu92Fr1MmEU9vAw.ttf fonts.gstatic.com/s/roboto/v29/	127 KB 69 KB	91ms 90ms	Font font/ttf	142.250.184.227 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9vAw.ttf Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.184.227 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s12-in-f3.1e100.net Software sffe / Resource Hash bd6e16dcf973d77e746a62b112acf1cdde2c9d579520f017eb3b9c0919533e52 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://microsoft0ffice365login.wispform.com Accept-Language de-DE,de;q=0.9 User-Agent phishfarmer Response headers date Tue, 16 Nov 2021 14:19:41 GMT content-encoding gzip x-content-type-options nosniff age 27612 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 70183 x-xss-protection 0 last-modified Wed, 22 Sep 2021 16:13:30 GMT server sffe vary Accept-Encoding report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/ttf access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Wed, 16 Nov 2022 14:19:41 GMT
GET H2	200	KFOlCnqEu92Fr1MmWUlvAw.ttf fonts.gstatic.com/s/roboto/v29/	126 KB 69 KB	50ms 49ms	Font font/ttf	142.250.184.227 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlvAw.ttf Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.184.227 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s12-in-f3.1e100.net Software sffe / Resource Hash 7d922a769bf8383bd1cd9f75a3d5935a7938d15741978b060efcf6cb74d00061 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://microsoft0ffice365login.wispform.com Accept-Language de-DE,de;q=0.9 User-Agent phishfarmer Response headers date Sun, 14 Nov 2021 15:53:59 GMT content-encoding gzip x-content-type-options nosniff age 194754 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 70015 x-xss-protection 0 last-modified Wed, 22 Sep 2021 16:13:29 GMT server sffe vary Accept-Encoding report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/ttf access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Mon, 14 Nov 2022 15:53:59 GMT
GET H/1.1	200 OK	fontawesome-webfont.af7ae505.woff2 microsoft0ffice365login.wispform.com/static/media/	75 KB 76 KB	98ms 98ms	Font font/woff2	54.157.4.65 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://microsoft0ffice365login.wispform.com/static/media/fontawesome-webfont.af7ae505.woff2 Requested by Host: microsoft0ffice365login.wispform.com URL: https://microsoft0ffice365login.wispform.com/static/css/main.a9add97d.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 54.157.4.65 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-157-4-65.compute-1.amazonaws.com Software Cowboy / Express Resource Hash 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe Request headers Referer https://microsoft0ffice365login.wispform.com/static/css/main.a9add97d.css Origin https://microsoft0ffice365login.wispform.com Accept-Language de-DE,de;q=0.9 User-Agent phishfarmer Response headers Date Tue, 16 Nov 2021 21:59:53 GMT Via 1.1 vegur Etag W/"12d68-17cb381d1d0" Last-Modified Sun, 24 Oct 2021 18:13:22 GMT Server Cowboy X-Powered-By Express Content-Type font/woff2 Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 77160
GET H2	200	KFOlCnqEu92Fr1MmSU5vAw.ttf fonts.gstatic.com/s/roboto/v29/	125 KB 68 KB	41ms 41ms	Font font/ttf	142.250.184.227 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmSU5vAw.ttf Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.184.227 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s12-in-f3.1e100.net Software sffe / Resource Hash d305a976e225bdeb9c39382f5245810b37f70bdbbd0dcf2e74feb2bf7109a3bd Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://microsoft0ffice365login.wispform.com Accept-Language de-DE,de;q=0.9 User-Agent phishfarmer Response headers date Thu, 11 Nov 2021 03:01:57 GMT content-encoding gzip x-content-type-options nosniff age 500276 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 69377 x-xss-protection 0 last-modified Wed, 22 Sep 2021 16:13:26 GMT server sffe vary Accept-Encoding report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/ttf access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Fri, 11 Nov 2022 03:01:57 GMT
GET H/1.1	200 OK	hhh_1633036280836.png wispform-file.s3.us-east-2.amazonaws.com/	25 KB 25 KB	454ms 132ms	Image application/octet-stream	52.219.105.226 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://wispform-file.s3.us-east-2.amazonaws.com/hhh_1633036280836.png Requested by Host: microsoft0ffice365login.wispform.com URL: https://microsoft0ffice365login.wispform.com/b40bbf84 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.219.105.226 Columbus, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-r-w.us-east-2.amazonaws.com Software AmazonS3 / Resource Hash 8ae79a4d18eea420af0fd562d43879b569bbd2c622da6deba79f6c202e385361 Request headers Accept-Language de-DE,de;q=0.9 Referer https://microsoft0ffice365login.wispform.com/ User-Agent phishfarmer Response headers x-amz-server-side-encryption AES256 Date Tue, 16 Nov 2021 21:59:55 GMT Last-Modified Thu, 30 Sep 2021 21:11:21 GMT Server AmazonS3 x-amz-request-id NGHZSVVVKDQG9D7D ETag "95e1d221f4f2f485c900d7c69d5f8049" Content-Type application/octet-stream Accept-Ranges bytes Content-Length 25171 x-amz-id-2 6nZ9dSWeuZArV/1Dy55W3ULu2oDridkSCid3ZIkalFbvFLNyL9I4+vUnrR5gpHiR9hxiiRnXvqw=
POST H3	200	collect Show response www.google-analytics.com/j/	4 B 24 B	289ms 79ms	XHR text/plain	2a00:1450:4001:82a::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j96&a=806557005&t=pageview&_s=1&dl=https%3A%2F%2Fmicrosoft0ffice365login.wispform.com%2Fb40bbf84&dp=https%3A%2F%2Fmicrosoft0ffice365login.wispform.com%2Fb40bbf84&ul=en-us&de=UTF-8&dt=Wispform&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=909708647&gjid=1112061832&cid=760441734.1637099995&tid=UA-91428321-1&_gid=1005793865.1637099995&_r=1&_slc=1&z=1294959609 Requested by Host: microsoft0ffice365login.wispform.com URL: https://microsoft0ffice365login.wispform.com/static/js/main.b61954c5.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://microsoft0ffice365login.wispform.com/ Accept-Language de-DE,de;q=0.9 User-Agent phishfarmer Content-Type text/plain Response headers pragma no-cache date Tue, 16 Nov 2021 21:59:55 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://microsoft0ffice365login.wispform.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	collect www.google-analytics.com/	35 B 55 B	288ms 80ms	Image image/gif	2a00:1450:4001:82a::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google-analytics.com/collect?v=1&_v=j96&a=806557005&t=event&_s=2&dl=https%3A%2F%2Fmicrosoft0ffice365login.wispform.com%2Fb40bbf84&ul=en-us&de=UTF-8&dt=Wispform&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Performance&ea=formPageLoaded&el=B40bbf84&_u=IEBAAEABAAAAAC~&jid=&gjid=&cid=760441734.1637099995&tid=UA-91428321-1&_gid=1005793865.1637099995&z=1271878969 Requested by Host: microsoft0ffice365login.wispform.com URL: https://microsoft0ffice365login.wispform.com/b40bbf84 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://microsoft0ffice365login.wispform.com/ User-Agent phishfarmer Response headers pragma no-cache date Tue, 16 Nov 2021 15:49:00 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 age 22255 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 35 expires Mon, 01 Jan 1990 00:00:00 GMT
POST H2	200	collect Show response stats.g.doubleclick.net/j/	1 B 453 B	57ms 18ms	XHR text/plain	2a00:1450:400c:c07::9b GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-91428321-1&cid=760441734.1637099995&jid=909708647&gjid=1112061832&_gid=1005793865.1637099995&_u=IEBAAEAAAAAAAC~&z=2024262937 Requested by Host: microsoft0ffice365login.wispform.com URL: https://microsoft0ffice365login.wispform.com/static/js/main.b61954c5.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c07::9b Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://microsoft0ffice365login.wispform.com/ Accept-Language de-DE,de;q=0.9 User-Agent phishfarmer Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=10886400; includeSubDomains; preload x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 date Tue, 16 Nov 2021 21:59:55 GMT content-type text/plain access-control-allow-origin https://microsoft0ffice365login.wispform.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1 expires Fri, 01 Jan 1990 00:00:00 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer) Office 365 (Online)

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| webpackJsonp string| GoogleAnalyticsObject function| ga function| Velocity object| core object| __core-js_shared__ function| setImmediate function| clearImmediate object| AWS object| Prism object| __SENTRY__ object| dataLayer object| __webpackStripeJSv3Jsonp function| Stripe number| window_height object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| google_tag_manager

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			m.stripe.com/	1970-01-20 16:16:11	Name: m Value: 07043b56-7910-4708-b701-e542eb2b8ba0b27db3
			.microsoft0ffice365login.wispform.com/	1970-01-20 07:30:35	Name: __stripe_mid Value: 05db6544-f74e-4558-8de1-ff476b9c1a255a4105
			.microsoft0ffice365login.wispform.com/	1970-01-19 22:45:01	Name: __stripe_sid Value: 7c537d1d-796b-489f-a5fc-22364417960005b2ce
			.wispform.com/	1970-01-20 16:16:11	Name: _ga Value: GA1.2.760441734.1637099995
			.wispform.com/	1970-01-19 22:46:26	Name: _gid Value: GA1.2.1005793865.1637099995
			.wispform.com/	1970-01-19 22:45:00	Name: _gat Value: 1
			.wispform.com/	1970-01-20 00:54:35	Name: _gcl_au Value: 1.1.376786634.1637099998

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-Qj6AdMOUjZkBBUTjGW/OORBoqx2Pohcq8Bg/ZvZzgYw='".
network	error	URL: https://wispform-file.s3.us-east-2.amazonaws.com/51555f4e534f535a480c5a5a555f590f0a0950535b5552125e080c5e5e5a0408 Message: Failed to load resource: the server responded with a status of 403 (Forbidden)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fingerform.herokuapp.com
fonts.googleapis.com
fonts.gstatic.com
js.stripe.com
m.stripe.com
m.stripe.network
microsoft0ffice365login.wispform.com
q.stripe.com
stats.g.doubleclick.net
wispform-file.s3.us-east-2.amazonaws.com
www.google-analytics.com
www.googletagmanager.com
142.250.184.227
142.250.185.170
151.101.64.176
2a00:1450:4001:829::2008
2a00:1450:4001:82a::200e
2a00:1450:400c:c07::9b
52.219.105.226
52.36.204.98
54.157.4.65
54.186.23.98
54.243.238.66
0625c0d91ccfc2ecee28e094f4d343570c095581011287f8c7754bbf58a3684d
0c2bb1b5ddc2efdd4a3cbfc1c8549c11365b9804b736564ebb092cce6838d08f
1508490e2a7f3949d866ce8f032895224c55a02eb24f9ada50c7cb79a4c887c8
1969520bd7b0ea7b84b1cbdda4a8ae93c321abe6eaeff82b5fa496680bf88a0f
1c67b7d008365d39885e4598f7067bb9af3c67a846b8d97a9c80927714c97c7f
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
32ee4f61cee76be867fd840d23203a8c4f2ce4b115c77430fb0181cbd2c9d045
3310736285ad12ccfe415c1b4ee075afc41baa9510806776fe1853f9e752e5bd
3fc672c61069f0381a360209e3c5a514e679f81a348b4cda365a1ec8535915ee
6b5402ff8932ed835d39a31b75c6bc737a80f6ddcd6269a1fa53556485ca3ad8
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6bde963a562ffd594492bdff280c01e9e6518856aa3a9f14b96fcad867ce2f0f
71fb519bbab20f1b89944541c54f3547c76a8d11b8802dd4d077ddfeb186b64b
725b1b96de3830ef081fcbdf22ee4edc4f8cea45f310e88d7595ca2091eb5fcd
7d922a769bf8383bd1cd9f75a3d5935a7938d15741978b060efcf6cb74d00061
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8ae79a4d18eea420af0fd562d43879b569bbd2c622da6deba79f6c202e385361
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a2f6b81396ab1150effea054efbf1623212ea0419976389ce8f10e909d39e4c7
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
bd6e16dcf973d77e746a62b112acf1cdde2c9d579520f017eb3b9c0919533e52
bf85e15f7cefc34294721f74d9ab06b79dc574b2a68278080de2a168ef39b11c
d305a976e225bdeb9c39382f5245810b37f70bdbbd0dcf2e74feb2bf7109a3bd
e294f7580d272f024161c6e5c744278f90d45ee67846f66d4083f7aef61c979e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5a4e0e1ece06a1d30dd4cbc413641fb284ef63ecb61558c24a0e42fef11ceb5
ed34a59f182c66e2b25c602f3c9b0f21435a8f475d5dbc9e6830ff4c7929f5cd