![](/screenshots/0722a3dd-4cda-450c-8f1f-c4271c9a9956.png)
rthfsocprq.trafficsdoctor.org
Open in
urlscan Pro
2a06:98c1:3120::3
Malicious Activity!
Public Scan
Effective URL: https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3...
Submission: On May 16 via api from US — Scanned from DE
Summary
TLS certificate: Issued by E1 on May 12th 2024. Valid for: 3 months.
This is the only time rthfsocprq.trafficsdoctor.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2606:4700::68... 2606:4700::6811:f670 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 16 | 2a06:98c1:312... 2a06:98c1:3120::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 1 | 2a06:98c1:312... 2a06:98c1:3120::9 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 | 2a06:98c1:312... 2a06:98c1:3121::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
31 | 3 |
ASN13335 (CLOUDFLARENET, US)
rthfsmeheff.trafficsdoctor.org | |
rthfsocprq.trafficsdoctor.org | |
rthfshrvetbr.trafficsdoctor.org | |
rthfsdjrhte.trafficsdoctor.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
21 |
trafficsdoctor.org
3 redirects
rthfsmeheff.trafficsdoctor.org rthfsocprq.trafficsdoctor.org rthfshefbew.trafficsdoctor.org rthfsdjrhte.trafficsdoctor.org Failed rthfshrvetbr.trafficsdoctor.org |
363 KB |
1 |
bamboohr.com
1 redirects
email.app.bamboohr.com — Cisco Umbrella Rank: 108018 |
370 B |
31 | 2 |
Domain | Requested by | |
---|---|---|
12 | rthfsdjrhte.trafficsdoctor.org |
rthfsocprq.trafficsdoctor.org
rthfsdjrhte.trafficsdoctor.org |
6 | rthfsocprq.trafficsdoctor.org |
1 redirects
rthfsocprq.trafficsdoctor.org
rthfsdjrhte.trafficsdoctor.org |
1 | rthfshrvetbr.trafficsdoctor.org |
rthfsocprq.trafficsdoctor.org
rthfsdjrhte.trafficsdoctor.org |
1 | rthfshefbew.trafficsdoctor.org | 1 redirects |
1 | rthfsmeheff.trafficsdoctor.org | 1 redirects |
1 | email.app.bamboohr.com | 1 redirects |
31 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
trafficsdoctor.org E1 |
2024-05-12 - 2024-08-10 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638514693369308406.MmM1N2M5ODMtY2RmMy00OWYxLThjNDAtOWZhNTdlZWNjNDM3ZTc4MzczMjEtYTAxZC00OGRlLTlkZmEtZDUwOTMzMGI5M2U1&ui_locales=de-DE&mkt=de-DE&client-request-id=6c651bca-97e5-4da9-a9cf-5fcfb7b442e2&state=xnwrVcANxIXEO0hLM0aS1HPwKiLEefQoZ4NX25sMgxrIOUn_7fGcCut7fp2lcdqo40coWCt3oU1OjqNFC7uCpWQb78eJbOZJKRQcCPlyscMWxpCK8g-v7w2AmTDDTgKO_THOvGhToEj2oyEDCB5kWzm23r2kV7MVilim_iSOqjsYbW4F6TyeWr5oDeLbjdK0jk3yUOL1EeoUIIpGm8WTqhjI7cSG-V0xXmm11_4PowznfK3yoVaFqcndwFmdE-OrQwTijoJ2_oPASfh_6R4laQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=true
Frame ID: 5068AB95A1BEE0E37F529DE018CC01ED
Requests: 30 HTTP requests in this frame
Frame:
https://rthfshrvetbr.trafficsdoctor.org/Me.htm?v=3
Frame ID: 05E19C507107334C0E63BE7825B930BF
Requests: 1 HTTP requests in this frame
Screenshot
![](/screenshots/0722a3dd-4cda-450c-8f1f-c4271c9a9956.png)
Page Title
Bei Ihrem Konto anmeldenPage URL History Show full URLs
-
https://email.app.bamboohr.com/c/eJyMkE3LGjEAhH9Nctsln7u-hxysVohUS1tF8SL5bCKbZNmNwv77YttjD70NzDDwPKak9MzRqB...
HTTP 302
https://rthfsmeheff.trafficsdoctor.org/NIvNycjX HTTP 302
https://rthfsocprq.trafficsdoctor.org/ HTTP 302
https://rthfshefbew.trafficsdoctor.org/login HTTP 302
https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&... Page URL
- https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&... Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://email.app.bamboohr.com/c/eJyMkE3LGjEAhH9Nctsln7u-hxysVohUS1tF8SL5bCKbZNmNwv77YttjD70NzDDwPKak9MzRqBpLvkcrLOWOcGYaTJFtMHa--XCON9oZ4lZMGeooNCWNKi_vvYn2TjrMewTNc64lCbfs0e3Cg87f97eN7ORDksPpTA8bOct0fOnrp6Dz8I-OB305x69RLnIro_8G6BbQLbTCsB46gXvMV5hy3sMgbI-VZsoSxO2KdhixjvXEEu4_PNI9hfG_UABDahxbrZIuJUytKQkOItQ6zoCuAdkBsptq8HNywXnf1kl5H81si6llasv0E5DdUb6Oi3lc4SSSihkwpIeSbVJx-H1Yxfr04_75sJZfYHVZ5fo29zf9kfcrAAD__wZRe-k
HTTP 302
https://rthfsmeheff.trafficsdoctor.org/NIvNycjX HTTP 302
https://rthfsocprq.trafficsdoctor.org/ HTTP 302
https://rthfshefbew.trafficsdoctor.org/login HTTP 302
https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638514693369308406.MmM1N2M5ODMtY2RmMy00OWYxLThjNDAtOWZhNTdlZWNjNDM3ZTc4MzczMjEtYTAxZC00OGRlLTlkZmEtZDUwOTMzMGI5M2U1&ui_locales=de-DE&mkt=de-DE&client-request-id=6c651bca-97e5-4da9-a9cf-5fcfb7b442e2&state=xnwrVcANxIXEO0hLM0aS1HPwKiLEefQoZ4NX25sMgxrIOUn_7fGcCut7fp2lcdqo40coWCt3oU1OjqNFC7uCpWQb78eJbOZJKRQcCPlyscMWxpCK8g-v7w2AmTDDTgKO_THOvGhToEj2oyEDCB5kWzm23r2kV7MVilim_iSOqjsYbW4F6TyeWr5oDeLbjdK0jk3yUOL1EeoUIIpGm8WTqhjI7cSG-V0xXmm11_4PowznfK3yoVaFqcndwFmdE-OrQwTijoJ2_oPASfh_6R4laQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 Page URL
- https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638514693369308406.MmM1N2M5ODMtY2RmMy00OWYxLThjNDAtOWZhNTdlZWNjNDM3ZTc4MzczMjEtYTAxZC00OGRlLTlkZmEtZDUwOTMzMGI5M2U1&ui_locales=de-DE&mkt=de-DE&client-request-id=6c651bca-97e5-4da9-a9cf-5fcfb7b442e2&state=xnwrVcANxIXEO0hLM0aS1HPwKiLEefQoZ4NX25sMgxrIOUn_7fGcCut7fp2lcdqo40coWCt3oU1OjqNFC7uCpWQb78eJbOZJKRQcCPlyscMWxpCK8g-v7w2AmTDDTgKO_THOvGhToEj2oyEDCB5kWzm23r2kV7MVilim_iSOqjsYbW4F6TyeWr5oDeLbjdK0jk3yUOL1EeoUIIpGm8WTqhjI7cSG-V0xXmm11_4PowznfK3yoVaFqcndwFmdE-OrQwTijoJ2_oPASfh_6R4laQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=true Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://email.app.bamboohr.com/c/eJyMkE3LGjEAhH9Nctsln7u-hxysVohUS1tF8SL5bCKbZNmNwv77YttjD70NzDDwPKak9MzRqBpLvkcrLOWOcGYaTJFtMHa--XCON9oZ4lZMGeooNCWNKi_vvYn2TjrMewTNc64lCbfs0e3Cg87f97eN7ORDksPpTA8bOct0fOnrp6Dz8I-OB305x69RLnIro_8G6BbQLbTCsB46gXvMV5hy3sMgbI-VZsoSxO2KdhixjvXEEu4_PNI9hfG_UABDahxbrZIuJUytKQkOItQ6zoCuAdkBsptq8HNywXnf1kl5H81si6llasv0E5DdUb6Oi3lc4SSSihkwpIeSbVJx-H1Yxfr04_75sJZfYHVZ5fo29zf9kfcrAAD__wZRe-k HTTP 302
- https://rthfsmeheff.trafficsdoctor.org/NIvNycjX HTTP 302
- https://rthfsocprq.trafficsdoctor.org/ HTTP 302
- https://rthfshefbew.trafficsdoctor.org/login HTTP 302
- https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638514693369308406.MmM1N2M5ODMtY2RmMy00OWYxLThjNDAtOWZhNTdlZWNjNDM3ZTc4MzczMjEtYTAxZC00OGRlLTlkZmEtZDUwOTMzMGI5M2U1&ui_locales=de-DE&mkt=de-DE&client-request-id=6c651bca-97e5-4da9-a9cf-5fcfb7b442e2&state=xnwrVcANxIXEO0hLM0aS1HPwKiLEefQoZ4NX25sMgxrIOUn_7fGcCut7fp2lcdqo40coWCt3oU1OjqNFC7uCpWQb78eJbOZJKRQcCPlyscMWxpCK8g-v7w2AmTDDTgKO_THOvGhToEj2oyEDCB5kWzm23r2kV7MVilim_iSOqjsYbW4F6TyeWr5oDeLbjdK0jk3yUOL1EeoUIIpGm8WTqhjI7cSG-V0xXmm11_4PowznfK3yoVaFqcndwFmdE-OrQwTijoJ2_oPASfh_6R4laQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0
31 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
authorize
rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/ Redirect Chain
|
21 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
BssoInterrupt_Core_RY3pVDLvjU_KKLtTKxjDFA2.js
rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/js/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
BssoInterrupt_Core_RY3pVDLvjU_KKLtTKxjDFA2.js
rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/js/ |
138 KB 50 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js
rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js
rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js
rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
watson
rthfsocprq.trafficsdoctor.org/common/handlers/ |
265 B 938 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Primary Request
authorize
rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/ |
45 KB 17 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
rthfsocprq.trafficsdoctor.org/ |
0 537 B |
Other
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Me.htm
rthfshrvetbr.trafficsdoctor.org/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css
rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
ConvergedLogin_PCore_9i90DmN8HbFiIvCSmsAz-Q2.js
rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/js/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
ux.converged.login.strings-de.min_pg3qvekbtzilyo4uvuckhw2.js
rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css
rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/ |
110 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js
rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ConvergedLogin_PCore_9i90DmN8HbFiIvCSmsAz-Q2.js
rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/js/ |
434 KB 115 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ux.converged.login.strings-de.min_pg3qvekbtzilyo4uvuckhw2.js
rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/ |
60 KB 18 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js
rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
oneDs_f2e0f4a029670f10d892.js
rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/js/ |
186 KB 61 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js
rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
watson
rthfsocprq.trafficsdoctor.org/common/handlers/ |
265 B 953 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
convergedlogin_pcustomizationloader_8e14dcf0e3ff5580d170.js
rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/js/asyncchunk/ |
219 KB 51 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
favicon_a_eupayfgghqiai7k9sol6lg2.ico
rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/images/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
convergedlogin_pfetchsessionsprogress_7c1aa7609345f99e4914.js
rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/js/asyncchunk/ |
15 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif
rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/images/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif
rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/images/ |
4 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg
rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/images/backgrounds/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/images/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif
rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/images/ |
3 KB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif
rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/images/ |
4 KB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Me.htm
rthfshrvetbr.trafficsdoctor.org/ Frame 05E1 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- rthfsdjrhte.trafficsdoctor.org
- URL
- https://rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/js/BssoInterrupt_Core_RY3pVDLvjU_KKLtTKxjDFA2.js
- Domain
- rthfsdjrhte.trafficsdoctor.org
- URL
- https://rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js
- Domain
- rthfsdjrhte.trafficsdoctor.org
- URL
- https://rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js
- Domain
- rthfsdjrhte.trafficsdoctor.org
- URL
- https://rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js
- Domain
- rthfsdjrhte.trafficsdoctor.org
- URL
- https://rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css
- Domain
- rthfsdjrhte.trafficsdoctor.org
- URL
- https://rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/js/ConvergedLogin_PCore_9i90DmN8HbFiIvCSmsAz-Q2.js
- Domain
- rthfsdjrhte.trafficsdoctor.org
- URL
- https://rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/ux.converged.login.strings-de.min_pg3qvekbtzilyo4uvuckhw2.js
- Domain
- rthfsdjrhte.trafficsdoctor.org
- URL
- https://rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js
- Domain
- rthfsdjrhte.trafficsdoctor.org
- URL
- https://rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js
- Domain
- rthfsdjrhte.trafficsdoctor.org
- URL
- https://rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js
- Domain
- rthfsdjrhte.trafficsdoctor.org
- URL
- https://rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
- Domain
- rthfsdjrhte.trafficsdoctor.org
- URL
- https://rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
- Domain
- rthfshrvetbr.trafficsdoctor.org
- URL
- https://rthfshrvetbr.trafficsdoctor.org/Me.htm?v=3
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)19 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| $Config object| $Debug object| $Do function| $Loader object| $WebWatson function| GetString function| GetErrorString function| GetUrl object| $B object| ServerData object| webpackJsonp object| ko object| PROOF object| StringRepository object| Telemetry object| telemetry_webpackJsonp boolean| __ConvergedLogin_PCore boolean| __ boolean| __convergedlogin_pcustomizationloader_8e14dcf0e3ff5580d17020 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.bamboohr.com/ | Name: _cfuvid Value: PTPTFMPrA.pBKlYTVa6JHweEgo5V_hDCUhcvszHJzh4-1715872535789-0.0.1.1-604800000 |
|
.trafficsdoctor.org/ | Name: pHlS Value: 13eb31b6de48b42bdaec6caf9682efae38aeacbcf23c48635156e7f2ce6972cf |
|
rthfsocprq.trafficsdoctor.org/ | Name: x-ms-gateway-slice Value: estsfd |
|
rthfsocprq.trafficsdoctor.org/ | Name: stsservicecookie Value: estsfd |
|
rthfshefbew.trafficsdoctor.org/ | Name: OH.DCAffinity Value: OH-sec |
|
rthfshefbew.trafficsdoctor.org/ | Name: OH.FLID Value: 6f49e4cd-fbc8-49ea-bf90-4a63a5db7e3e |
|
rthfshefbew.trafficsdoctor.org/ | Name: .AspNetCore.OpenIdConnect.Nonce.jhrE5dLmVH8mxSg1A_vqXawy4jNaONWS1lMEvpNJ3Op1Mqq-qZKvjzN8n_nZhlPQfEFY1YGcPCXqSpVdK_wmZ4JeK4N7tAIMTNR3Qmojf0jY_ollpebDzTAVJtk2V2W59DSe6F3CcWRNV2xpUvXUiCkxHSvXkGErr737Q9OPtVVIeTGc5miwaRa83qlaIbFhnCpZJMm20WJBc2LRjuVePmeJ9gtKdGx_jVc0ajgMaSmTq0l6qK-Je8NaXHSlSAr- Value: N |
|
rthfshefbew.trafficsdoctor.org/ | Name: .AspNetCore.Correlation.33vlYYH_YzAi7Au3eq78VY--_qrhU-F2fGTIjrlxnCg Value: N |
|
.trafficsdoctor.org/ | Name: MUID Value: 048A7EE1DD936DE90F746A60DCDB6C72 |
|
.rthfsocprq.trafficsdoctor.org/ | Name: esctx-ketausirj7A Value: AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8SVPt2aMfHLMWBxE0vFZM6E59uPfkhZsIx5LNIH0szVgWHo-lJNJHlrgXkue2IMc_KpJJ2QULB9sRLfWhR6AbITbAQ4hMRfn9aZ_3soI7udm8Bc2Gq-BCH8uD3pBYQaKMUkAaeYvA2qyp_Ll4Gn7TzyAA |
|
.rthfsocprq.trafficsdoctor.org/ | Name: AADSSO Value: NA|NoExtension |
|
rthfsocprq.trafficsdoctor.org/ | Name: SSOCOOKIEPULLED Value: 1 |
|
rthfsocprq.trafficsdoctor.org/ | Name: buid Value: 0.AXkAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd853hUL_tGDD0Br3dDoliozGHcVC7tb7ZQjQljDuEY0-Vl93bT9n-ta23rH-41I3qqkQpHJ7oPIGwP5T3SUjJhPmJRplbeyioAL47P_o0G5RIgAA |
|
.rthfsocprq.trafficsdoctor.org/ | Name: esctx Value: PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8OVBhrKAJbMa8iqcdTj7_xL0uKBT1UyJ0N8O8KHXpB6UYhTnacLVjJnQBx0Pohl7IbvTZoiZwD9KIR2cQKnlMSEIpDMl9YHgwTcKGYq6CtrlADT2_PECTuNVEWoeOk9JLecOyMdRH0lGkomOTsQUvkwJEFyKi3Ac7nOTeA5H7tUsgAA |
|
.rthfsocprq.trafficsdoctor.org/ | Name: esctx-Oy5RuQSbEg Value: AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8BqZgAbI2Fq8frmAPVHVxSTwtkTl2xQ6MhR6NBqwLAAxv9_2kSkvYOikxD8_XjEski4jsOJqmN9qAair_mb6hSL2OQSIB3ds0lKg1yT9QnRt-SZmg8921r4Xt1RBH3GXqaoofhy9G-AyphdMMvEmAxCAA |
|
rthfsocprq.trafficsdoctor.org/ | Name: fpc Value: AolMe4fUaW5FtpTW7fAssDy8Ae7AAQAAABka2N0OAAAA |
|
.rthfshrvetbr.trafficsdoctor.org/ | Name: uaid Value: 2f2ef449204940c3b32837f3e9831826 |
|
.rthfshrvetbr.trafficsdoctor.org/ | Name: MSPRequ Value: id=N<=1715872538&co=1 |
|
rthfsocprq.trafficsdoctor.org/ | Name: MicrosoftApplicationsTelemetryDeviceId Value: 1e27069c-61c3-4969-a1a6-2f67167e9106 |
|
.rthfsocprq.trafficsdoctor.org/ | Name: brcap Value: 0 |
21 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
email.app.bamboohr.com
rthfsdjrhte.trafficsdoctor.org
rthfshefbew.trafficsdoctor.org
rthfshrvetbr.trafficsdoctor.org
rthfsmeheff.trafficsdoctor.org
rthfsocprq.trafficsdoctor.org
rthfsdjrhte.trafficsdoctor.org
rthfshrvetbr.trafficsdoctor.org
2606:4700::6811:f670
2a06:98c1:3120::3
2a06:98c1:3120::9
2a06:98c1:3121::3
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
1f74044ddfaf154497974982234d52d8066ca432fdfea221fce31d55a68f0d6c
35afb11dab6edcbc989a25fe5cf19f5d8289499232b7ec775f318d8b8a5bbf78
4638fd8935d19192119469391e3befbb88f620ccd8eeeef2045cd5bdd3bba414
474ce0790ceb18a100cebaf1ac0915a51389fcae0830c3b44bfa1e365d40b2b4
49b5577253df30d270fa49037d7f669b5e7450317d13dba2c66af1c8b58ddd68
4b01a0a34ce8ed4bc8a8713be0442d49da6a756236b7b4424622ca3dee820f41
540e3218d4c47b9d6ebac23dec52e08075f1b23d0d3cfc9104e7053c3a546f2d
58435e1ca804c22d6e0f4cfd8e5a0df980c4b85a478e4100dee55731527b615f
8405362eb8f09df13ae244de155b51b1577274673d9728b6c81cd0278a63c8b0
8737d721808655f37b333f08a90185699e7e8b9bdaaa15cdb63c8448b426f95d
a46201581a7c7c667fd42787cd1e9adf2f6bf809efb7596e61a03e8dba9ada13
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eae914ce3a43829aba1828ef3d1b5907537c38c632abfeb2bede3bfda7ffbd55