rthfsocprq.trafficsdoctor.org Open in urlscan Pro
2a06:98c1:3120::3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://email.app.bamboohr.com/c/eJyMkE3LGjEAhH9Nctsln7u-hxysVohUS1tF8SL5bCKbZNmNwv77YttjD70NzDDwPKak9MzRqBpLvkcrLOWOcGYaTJFtMH...
Effective URL:
https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3...
Submission: On May 16 via api (May 16th 2024, 3:15:41 pm UTC) from US — Scanned from DE

Summary HTTP 31 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 31 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is rthfsocprq.trafficsdoctor.org.
TLS certificate: Issued by E1 on May 12th 2024. Valid for: 3 months.

This is the only time rthfsocprq.trafficsdoctor.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700::68... 2606:4700::6811:f670	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 16	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2a06:98c1:312... 2a06:98c1:3120::9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
31	3

1 2606:4700::6811:f670 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

email.app.bamboohr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a06:98c1:3120::3 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

rthfsmeheff.trafficsdoctor.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rthfsocprq.trafficsdoctor.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rthfshrvetbr.trafficsdoctor.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rthfsdjrhte.trafficsdoctor.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3120::9 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

rthfshefbew.trafficsdoctor.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

rthfsdjrhte.trafficsdoctor.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
21	trafficsdoctor.org 3 redirects rthfsmeheff.trafficsdoctor.org rthfsocprq.trafficsdoctor.org rthfshefbew.trafficsdoctor.org rthfsdjrhte.trafficsdoctor.org Failed rthfshrvetbr.trafficsdoctor.org	363 KB
1	bamboohr.com 1 redirects email.app.bamboohr.com — Cisco Umbrella Rank: 108018	370 B
31	2

	Domain	Requested by
12	rthfsdjrhte.trafficsdoctor.org	rthfsocprq.trafficsdoctor.org rthfsdjrhte.trafficsdoctor.org
6	rthfsocprq.trafficsdoctor.org	1 redirects rthfsocprq.trafficsdoctor.org rthfsdjrhte.trafficsdoctor.org
1	rthfshrvetbr.trafficsdoctor.org	rthfsocprq.trafficsdoctor.org rthfsdjrhte.trafficsdoctor.org
1	rthfshefbew.trafficsdoctor.org	1 redirects
1	rthfsmeheff.trafficsdoctor.org	1 redirects
1	email.app.bamboohr.com	1 redirects
31	6

This site contains no links.

Subject Issuer	Validity	Valid
trafficsdoctor.org E1	`2024-05-12` - `2024-08-10`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638514693369308406.MmM1N2M5ODMtY2RmMy00OWYxLThjNDAtOWZhNTdlZWNjNDM3ZTc4MzczMjEtYTAxZC00OGRlLTlkZmEtZDUwOTMzMGI5M2U1&ui_locales=de-DE&mkt=de-DE&client-request-id=6c651bca-97e5-4da9-a9cf-5fcfb7b442e2&state=xnwrVcANxIXEO0hLM0aS1HPwKiLEefQoZ4NX25sMgxrIOUn_7fGcCut7fp2lcdqo40coWCt3oU1OjqNFC7uCpWQb78eJbOZJKRQcCPlyscMWxpCK8g-v7w2AmTDDTgKO_THOvGhToEj2oyEDCB5kWzm23r2kV7MVilim_iSOqjsYbW4F6TyeWr5oDeLbjdK0jk3yUOL1EeoUIIpGm8WTqhjI7cSG-V0xXmm11_4PowznfK3yoVaFqcndwFmdE-OrQwTijoJ2_oPASfh_6R4laQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=true
Frame ID: 5068AB95A1BEE0E37F529DE018CC01ED
Requests: 30 HTTP requests in this frame

Frame: https://rthfshrvetbr.trafficsdoctor.org/Me.htm?v=3
Frame ID: 05E19C507107334C0E63BE7825B930BF
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Bei Ihrem Konto anmelden

Page URL History Show full URLs

https://email.app.bamboohr.com/c/eJyMkE3LGjEAhH9Nctsln7u-hxysVohUS1tF8SL5bCKbZNmNwv77YttjD70NzDDwPKak9MzRqB... HTTP 302
https://rthfsmeheff.trafficsdoctor.org/NIvNycjX HTTP 302
https://rthfsocprq.trafficsdoctor.org/ HTTP 302
https://rthfshefbew.trafficsdoctor.org/login HTTP 302
https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&... Page URL
https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&... Page URL

Page Statistics

31
Requests

58 %
HTTPS

100 %
IPv6

2
Domains

6
Subdomains

3
IPs

1
Countries

360 kB
Transfer

1244 kB
Size

20
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://email.app.bamboohr.com/c/eJyMkE3LGjEAhH9Nctsln7u-hxysVohUS1tF8SL5bCKbZNmNwv77YttjD70NzDDwPKak9MzRqBpLvkcrLOWOcGYaTJFtMHa--XCON9oZ4lZMGeooNCWNKi_vvYn2TjrMewTNc64lCbfs0e3Cg87f97eN7ORDksPpTA8bOct0fOnrp6Dz8I-OB305x69RLnIro_8G6BbQLbTCsB46gXvMV5hy3sMgbI-VZsoSxO2KdhixjvXEEu4_PNI9hfG_UABDahxbrZIuJUytKQkOItQ6zoCuAdkBsptq8HNywXnf1kl5H81si6llasv0E5DdUb6Oi3lc4SSSihkwpIeSbVJx-H1Yxfr04_75sJZfYHVZ5fo29zf9kfcrAAD__wZRe-k HTTP 302
https://rthfsmeheff.trafficsdoctor.org/NIvNycjX HTTP 302
https://rthfsocprq.trafficsdoctor.org/ HTTP 302
https://rthfshefbew.trafficsdoctor.org/login HTTP 302
https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638514693369308406.MmM1N2M5ODMtY2RmMy00OWYxLThjNDAtOWZhNTdlZWNjNDM3ZTc4MzczMjEtYTAxZC00OGRlLTlkZmEtZDUwOTMzMGI5M2U1&ui_locales=de-DE&mkt=de-DE&client-request-id=6c651bca-97e5-4da9-a9cf-5fcfb7b442e2&state=xnwrVcANxIXEO0hLM0aS1HPwKiLEefQoZ4NX25sMgxrIOUn_7fGcCut7fp2lcdqo40coWCt3oU1OjqNFC7uCpWQb78eJbOZJKRQcCPlyscMWxpCK8g-v7w2AmTDDTgKO_THOvGhToEj2oyEDCB5kWzm23r2kV7MVilim_iSOqjsYbW4F6TyeWr5oDeLbjdK0jk3yUOL1EeoUIIpGm8WTqhjI7cSG-V0xXmm11_4PowznfK3yoVaFqcndwFmdE-OrQwTijoJ2_oPASfh_6R4laQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 Page URL
https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638514693369308406.MmM1N2M5ODMtY2RmMy00OWYxLThjNDAtOWZhNTdlZWNjNDM3ZTc4MzczMjEtYTAxZC00OGRlLTlkZmEtZDUwOTMzMGI5M2U1&ui_locales=de-DE&mkt=de-DE&client-request-id=6c651bca-97e5-4da9-a9cf-5fcfb7b442e2&state=xnwrVcANxIXEO0hLM0aS1HPwKiLEefQoZ4NX25sMgxrIOUn_7fGcCut7fp2lcdqo40coWCt3oU1OjqNFC7uCpWQb78eJbOZJKRQcCPlyscMWxpCK8g-v7w2AmTDDTgKO_THOvGhToEj2oyEDCB5kWzm23r2kV7MVilim_iSOqjsYbW4F6TyeWr5oDeLbjdK0jk3yUOL1EeoUIIpGm8WTqhjI7cSG-V0xXmm11_4PowznfK3yoVaFqcndwFmdE-OrQwTijoJ2_oPASfh_6R4laQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=true Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://email.app.bamboohr.com/c/eJyMkE3LGjEAhH9Nctsln7u-hxysVohUS1tF8SL5bCKbZNmNwv77YttjD70NzDDwPKak9MzRqBpLvkcrLOWOcGYaTJFtMHa--XCON9oZ4lZMGeooNCWNKi_vvYn2TjrMewTNc64lCbfs0e3Cg87f97eN7ORDksPpTA8bOct0fOnrp6Dz8I-OB305x69RLnIro_8G6BbQLbTCsB46gXvMV5hy3sMgbI-VZsoSxO2KdhixjvXEEu4_PNI9hfG_UABDahxbrZIuJUytKQkOItQ6zoCuAdkBsptq8HNywXnf1kl5H81si6llasv0E5DdUb6Oi3lc4SSSihkwpIeSbVJx-H1Yxfr04_75sJZfYHVZ5fo29zf9kfcrAAD__wZRe-k HTTP 302
https://rthfsmeheff.trafficsdoctor.org/NIvNycjX HTTP 302
https://rthfsocprq.trafficsdoctor.org/ HTTP 302
https://rthfshefbew.trafficsdoctor.org/login HTTP 302
https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638514693369308406.MmM1N2M5ODMtY2RmMy00OWYxLThjNDAtOWZhNTdlZWNjNDM3ZTc4MzczMjEtYTAxZC00OGRlLTlkZmEtZDUwOTMzMGI5M2U1&ui_locales=de-DE&mkt=de-DE&client-request-id=6c651bca-97e5-4da9-a9cf-5fcfb7b442e2&state=xnwrVcANxIXEO0hLM0aS1HPwKiLEefQoZ4NX25sMgxrIOUn_7fGcCut7fp2lcdqo40coWCt3oU1OjqNFC7uCpWQb78eJbOZJKRQcCPlyscMWxpCK8g-v7w2AmTDDTgKO_THOvGhToEj2oyEDCB5kWzm23r2kV7MVilim_iSOqjsYbW4F6TyeWr5oDeLbjdK0jk3yUOL1EeoUIIpGm8WTqhjI7cSG-V0xXmm11_4PowznfK3yoVaFqcndwFmdE-OrQwTijoJ2_oPASfh_6R4laQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0

31 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	authorize Show response rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/ Redirect Chain https://email.app.bamboohr.com/c/eJyMkE3LGjEAhH9Nctsln7u-hxysVohUS1tF8SL5bCKbZNmNwv77YttjD70NzDDwPKak9MzRqBpLvkcrLOWOcGYaTJFtMHa--XCON9oZ4lZMGeooNCWNKi_vvYn2TjrMewTNc64lCbfs0e3Cg87f97eN7ORDksPpTA8b... https://rthfsmeheff.trafficsdoctor.org/NIvNycjX https://rthfsocprq.trafficsdoctor.org/ https://rthfshefbew.trafficsdoctor.org/login https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token...	21 KB 10 KB	306ms 303ms	Document text/html	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638514693369308406.MmM1N2M5ODMtY2RmMy00OWYxLThjNDAtOWZhNTdlZWNjNDM3ZTc4MzczMjEtYTAxZC00OGRlLTlkZmEtZDUwOTMzMGI5M2U1&ui_locales=de-DE&mkt=de-DE&client-request-id=6c651bca-97e5-4da9-a9cf-5fcfb7b442e2&state=xnwrVcANxIXEO0hLM0aS1HPwKiLEefQoZ4NX25sMgxrIOUn_7fGcCut7fp2lcdqo40coWCt3oU1OjqNFC7uCpWQb78eJbOZJKRQcCPlyscMWxpCK8g-v7w2AmTDDTgKO_THOvGhToEj2oyEDCB5kWzm23r2kV7MVilim_iSOqjsYbW4F6TyeWr5oDeLbjdK0jk3yUOL1EeoUIIpGm8WTqhjI7cSG-V0xXmm11_4PowznfK3yoVaFqcndwFmdE-OrQwTijoJ2_oPASfh_6R4laQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `540e3218d4c47b9d6ebac23dec52e08075f1b23d0d3cfc9104e7053c3a546f2d` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers alt-svc h3=":443"; ma=86400 cache-control no-store, no-cache cf-cache-status DYNAMIC cf-ray 884c52fcbe343a84-FRA content-encoding br content-type text/html; charset=utf-8 date Thu, 16 May 2024 15:15:37 GMT expires -1 nel {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} p3p CP="DSP CUR OTPi IND OTRi ONL FIN" pragma no-cache referrer-policy strict-origin-when-cross-origin report-to {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+SEC"}]} server cloudflare vary Accept-Encoding x-ms-clitelem 1,50168,0,, x-ms-ests-server 2.1.18077.3 - FRC ProdSlices x-ms-request-id f365a4df-07d6-43fb-a29e-c2e9ffad8700 x-ms-srs 1.P Redirect headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 884c52f9fa525d8b-FRA content-type text/html; charset=utf-8 date Thu, 16 May 2024 15:15:37 GMT location https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638514693369308406.MmM1N2M5ODMtY2RmMy00OWYxLThjNDAtOWZhNTdlZWNjNDM3ZTc4MzczMjEtYTAxZC00OGRlLTlkZmEtZDUwOTMzMGI5M2U1&ui_locales=de-DE&mkt=de-DE&client-request-id=6c651bca-97e5-4da9-a9cf-5fcfb7b442e2&state=xnwrVcANxIXEO0hLM0aS1HPwKiLEefQoZ4NX25sMgxrIOUn_7fGcCut7fp2lcdqo40coWCt3oU1OjqNFC7uCpWQb78eJbOZJKRQcCPlyscMWxpCK8g-v7w2AmTDDTgKO_THOvGhToEj2oyEDCB5kWzm23r2kV7MVilim_iSOqjsYbW4F6TyeWr5oDeLbjdK0jk3yUOL1EeoUIIpGm8WTqhjI7cSG-V0xXmm11_4PowznfK3yoVaFqcndwFmdE-OrQwTijoJ2_oPASfh_6R4laQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} referrer-policy strict-origin-when-cross-origin report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gjPmzNQpjrTVZkXHsLaf1uJBJi5hUDQk1nxt64etdtFZ0jHQGTAIQuGOMm%2BSV1NW8%2F0vmLVo%2BNPUz02ZARWpINnusLoNqp4TAcN%2FxV5DHB99YEgWI7xPWBgt5oqu3nsOt6slbcZnYtKw%2B6zFUN5Jy8qJFEdVOiOGNCjSRn4%3D"}],"group":"cf-nel","max_age":604800} request-context appId= server cloudflare vary Accept-Encoding x-cache CONFIG_NOCACHE x-msedge-ref Ref A: B74BAF2925AE4F9FBC5D53F334F5097C Ref B: HEL01EDGE1609 Ref C: 2024-05-16T15:15:36Z x-ua-compatible IE=edge,chrome=1
GET		BssoInterrupt_Core_RY3pVDLvjU_KKLtTKxjDFA2.js rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/js/	0 0

GET H3	200	BssoInterrupt_Core_RY3pVDLvjU_KKLtTKxjDFA2.js Show response rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/js/	138 KB 50 KB	78ms 46ms	Script application/x-javascript	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/js/BssoInterrupt_Core_RY3pVDLvjU_KKLtTKxjDFA2.js Requested by Host: rthfsocprq.trafficsdoctor.org URL: https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638514693369308406.MmM1N2M5ODMtY2RmMy00OWYxLThjNDAtOWZhNTdlZWNjNDM3ZTc4MzczMjEtYTAxZC00OGRlLTlkZmEtZDUwOTMzMGI5M2U1&ui_locales=de-DE&mkt=de-DE&client-request-id=6c651bca-97e5-4da9-a9cf-5fcfb7b442e2&state=xnwrVcANxIXEO0hLM0aS1HPwKiLEefQoZ4NX25sMgxrIOUn_7fGcCut7fp2lcdqo40coWCt3oU1OjqNFC7uCpWQb78eJbOZJKRQcCPlyscMWxpCK8g-v7w2AmTDDTgKO_THOvGhToEj2oyEDCB5kWzm23r2kV7MVilim_iSOqjsYbW4F6TyeWr5oDeLbjdK0jk3yUOL1EeoUIIpGm8WTqhjI7cSG-V0xXmm11_4PowznfK3yoVaFqcndwFmdE-OrQwTijoJ2_oPASfh_6R4laQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `4638fd8935d19192119469391e3befbb88f620ccd8eeeef2045cd5bdd3bba414` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://rthfsocprq.trafficsdoctor.org/ Origin https://rthfsocprq.trafficsdoctor.org Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-ms-blob-type BlockBlob date Thu, 16 May 2024 15:15:37 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 7168 x-cache TCP_HIT x-cache-info L1_T2 x-fd-int-roxy-purgeid 4554691 alt-svc h3=":443"; ma=86400 x-ms-lease-status unlocked last-modified Mon, 29 Apr 2024 17:13:55 GMT server cloudflare x-azure-ref 20240516T131609Z-17c898fb97fmj7g5qpq8wd9qfs00000003h0000000009qce report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DGdtahayXj5ChOgfpiGSIsLQnBJd5TDDF6UsvJARv1xG2HWZGhs5PWyuN3Ha0ucfbbrm4y%2BmFBltPjVihshXW%2BwMvRqxmB4zMpwavH83GOTcPy9iw9r7AtkTBmw%2F09FXB2edc%2Bd3OsoWiRINzWO8Yx7TL7ztf1hwMj4PeaQ%3D"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript access-control-allow-origin * x-ms-request-id 54f923b2-501e-0047-25f7-a6e781000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 vary Accept-Encoding cf-ray 884c52ff3b6536dc-FRA
GET		watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/	0 0

GET		watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/	0 0

GET		watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/	0 0

POST H3	200	watson rthfsocprq.trafficsdoctor.org/common/handlers/	265 B 938 B	272ms 272ms	XHR application/json	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rthfsocprq.trafficsdoctor.org/common/handlers/watson Requested by Host: rthfsocprq.trafficsdoctor.org URL: https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638514693369308406.MmM1N2M5ODMtY2RmMy00OWYxLThjNDAtOWZhNTdlZWNjNDM3ZTc4MzczMjEtYTAxZC00OGRlLTlkZmEtZDUwOTMzMGI5M2U1&ui_locales=de-DE&mkt=de-DE&client-request-id=6c651bca-97e5-4da9-a9cf-5fcfb7b442e2&state=xnwrVcANxIXEO0hLM0aS1HPwKiLEefQoZ4NX25sMgxrIOUn_7fGcCut7fp2lcdqo40coWCt3oU1OjqNFC7uCpWQb78eJbOZJKRQcCPlyscMWxpCK8g-v7w2AmTDDTgKO_THOvGhToEj2oyEDCB5kWzm23r2kV7MVilim_iSOqjsYbW4F6TyeWr5oDeLbjdK0jk3yUOL1EeoUIIpGm8WTqhjI7cSG-V0xXmm11_4PowznfK3yoVaFqcndwFmdE-OrQwTijoJ2_oPASfh_6R4laQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 client-request-id 6c651bca-97e5-4da9-a9cf-5fcfb7b442e2 canary PAQABDgEAAADnfolhJpSnRYB1SVj-Hgd8eF1qxAxFnWYwdjtFVxjq1uWX-Iwz9fGk6t2NYjTslrjNWRbtsbkaMmuAqGFWjwPmGbpsD55N_8BKn6wOBTLLLvphWgha9AAu-MN_TEZCX08JtA7FCyVSe8LUwA_Xv9J7lYTVrxDn0lRZfRlHE18ZexHjyADo9YBo3BNU2BYzalKttaflJHPetlqSbgr-SGHc6fxW9hqRn7CyK5eknPgR2iAA Content-Type application/json; charset=UTF-8 hpgid 6 Accept application/json Referer https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638514693369308406.MmM1N2M5ODMtY2RmMy00OWYxLThjNDAtOWZhNTdlZWNjNDM3ZTc4MzczMjEtYTAxZC00OGRlLTlkZmEtZDUwOTMzMGI5M2U1&ui_locales=de-DE&mkt=de-DE&client-request-id=6c651bca-97e5-4da9-a9cf-5fcfb7b442e2&state=xnwrVcANxIXEO0hLM0aS1HPwKiLEefQoZ4NX25sMgxrIOUn_7fGcCut7fp2lcdqo40coWCt3oU1OjqNFC7uCpWQb78eJbOZJKRQcCPlyscMWxpCK8g-v7w2AmTDDTgKO_THOvGhToEj2oyEDCB5kWzm23r2kV7MVilim_iSOqjsYbW4F6TyeWr5oDeLbjdK0jk3yUOL1EeoUIIpGm8WTqhjI7cSG-V0xXmm11_4PowznfK3yoVaFqcndwFmdE-OrQwTijoJ2_oPASfh_6R4laQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 hpgact 1800 sec-ch-ua-platform "Win32" Response headers date Thu, 16 May 2024 15:15:38 GMT content-encoding br cf-cache-status DYNAMIC nel {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} client-request-id 6c651bca-97e5-4da9-a9cf-5fcfb7b442e2 p3p CP="DSP CUR OTPi IND OTRi ONL FIN" alt-svc h3=":443"; ma=86400 pragma no-cache referrer-policy strict-origin-when-cross-origin x-ms-srs 1.P server cloudflare report-to {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+SEC"}]} content-type application/json; charset=utf-8 x-ms-request-id 02a3e259-bbc6-455e-b373-346912cd9100 cache-control no-store, no-cache cf-ray 884c5302ef2f3a84-FRA x-ms-ests-server 2.1.18077.3 - WEULR1 ProdSlices expires -1
GET H3	200	Primary Request authorize Show response rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/	45 KB 17 KB	442ms 441ms	Document text/html	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638514693369308406.MmM1N2M5ODMtY2RmMy00OWYxLThjNDAtOWZhNTdlZWNjNDM3ZTc4MzczMjEtYTAxZC00OGRlLTlkZmEtZDUwOTMzMGI5M2U1&ui_locales=de-DE&mkt=de-DE&client-request-id=6c651bca-97e5-4da9-a9cf-5fcfb7b442e2&state=xnwrVcANxIXEO0hLM0aS1HPwKiLEefQoZ4NX25sMgxrIOUn_7fGcCut7fp2lcdqo40coWCt3oU1OjqNFC7uCpWQb78eJbOZJKRQcCPlyscMWxpCK8g-v7w2AmTDDTgKO_THOvGhToEj2oyEDCB5kWzm23r2kV7MVilim_iSOqjsYbW4F6TyeWr5oDeLbjdK0jk3yUOL1EeoUIIpGm8WTqhjI7cSG-V0xXmm11_4PowznfK3yoVaFqcndwFmdE-OrQwTijoJ2_oPASfh_6R4laQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=true Requested by Host: rthfsdjrhte.trafficsdoctor.org URL: https://rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/js/BssoInterrupt_Core_RY3pVDLvjU_KKLtTKxjDFA2.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `eae914ce3a43829aba1828ef3d1b5907537c38c632abfeb2bede3bfda7ffbd55` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638514693369308406.MmM1N2M5ODMtY2RmMy00OWYxLThjNDAtOWZhNTdlZWNjNDM3ZTc4MzczMjEtYTAxZC00OGRlLTlkZmEtZDUwOTMzMGI5M2U1&ui_locales=de-DE&mkt=de-DE&client-request-id=6c651bca-97e5-4da9-a9cf-5fcfb7b442e2&state=xnwrVcANxIXEO0hLM0aS1HPwKiLEefQoZ4NX25sMgxrIOUn_7fGcCut7fp2lcdqo40coWCt3oU1OjqNFC7uCpWQb78eJbOZJKRQcCPlyscMWxpCK8g-v7w2AmTDDTgKO_THOvGhToEj2oyEDCB5kWzm23r2kV7MVilim_iSOqjsYbW4F6TyeWr5oDeLbjdK0jk3yUOL1EeoUIIpGm8WTqhjI7cSG-V0xXmm11_4PowznfK3yoVaFqcndwFmdE-OrQwTijoJ2_oPASfh_6R4laQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers alt-svc h3=":443"; ma=86400 cache-control no-store, no-cache cf-cache-status DYNAMIC cf-ray 884c5302ff433a84-FRA content-encoding br content-type text/html; charset=utf-8 date Thu, 16 May 2024 15:15:38 GMT expires -1 link <https://aadcdn.msftauth.net>; rel=preconnect; crossorigin,<https://aadcdn.msftauth.net>; rel=dns-prefetch,<https://aadcdn.msauth.net>; rel=dns-prefetch nel {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} p3p CP="DSP CUR OTPi IND OTRi ONL FIN" pragma no-cache referrer-policy strict-origin-when-cross-origin report-to {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+SEC"}]} server cloudflare vary Accept-Encoding x-dns-prefetch-control on x-ms-clitelem 1,0,0,, x-ms-ests-server 2.1.18077.3 - WEULR1 ProdSlices x-ms-request-id eaabd62d-6d8d-46f3-9c09-3a2946751700 x-ms-srs 1.P
GET H3	404	favicon.ico rthfsocprq.trafficsdoctor.org/	0 537 B	304ms 304ms	Other text/plain	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rthfsocprq.trafficsdoctor.org/favicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638514693369308406.MmM1N2M5ODMtY2RmMy00OWYxLThjNDAtOWZhNTdlZWNjNDM3ZTc4MzczMjEtYTAxZC00OGRlLTlkZmEtZDUwOTMzMGI5M2U1&ui_locales=de-DE&mkt=de-DE&client-request-id=6c651bca-97e5-4da9-a9cf-5fcfb7b442e2&state=xnwrVcANxIXEO0hLM0aS1HPwKiLEefQoZ4NX25sMgxrIOUn_7fGcCut7fp2lcdqo40coWCt3oU1OjqNFC7uCpWQb78eJbOZJKRQcCPlyscMWxpCK8g-v7w2AmTDDTgKO_THOvGhToEj2oyEDCB5kWzm23r2kV7MVilim_iSOqjsYbW4F6TyeWr5oDeLbjdK0jk3yUOL1EeoUIIpGm8WTqhjI7cSG-V0xXmm11_4PowznfK3yoVaFqcndwFmdE-OrQwTijoJ2_oPASfh_6R4laQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 16 May 2024 15:15:38 GMT referrer-policy strict-origin-when-cross-origin x-ms-srs 1.P nel {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} server cloudflare cf-cache-status BYPASS vary Accept-Encoding report-to {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+SEC"}]} p3p CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id 24e3e6fd-8700-4c61-85ae-067c44819300 cache-control private cf-ray 884c5302ff463a84-FRA alt-svc h3=":443"; ma=86400 x-ms-ests-server 2.1.18077.3 - SEC ProdSlices
GET H3	200	Me.htm rthfshrvetbr.trafficsdoctor.org/	0 0	406ms 389ms	Other text/html	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rthfshrvetbr.trafficsdoctor.org/Me.htm?v=3 Requested by Host: rthfsocprq.trafficsdoctor.org URL: https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638514693369308406.MmM1N2M5ODMtY2RmMy00OWYxLThjNDAtOWZhNTdlZWNjNDM3ZTc4MzczMjEtYTAxZC00OGRlLTlkZmEtZDUwOTMzMGI5M2U1&ui_locales=de-DE&mkt=de-DE&client-request-id=6c651bca-97e5-4da9-a9cf-5fcfb7b442e2&state=xnwrVcANxIXEO0hLM0aS1HPwKiLEefQoZ4NX25sMgxrIOUn_7fGcCut7fp2lcdqo40coWCt3oU1OjqNFC7uCpWQb78eJbOZJKRQcCPlyscMWxpCK8g-v7w2AmTDDTgKO_THOvGhToEj2oyEDCB5kWzm23r2kV7MVilim_iSOqjsYbW4F6TyeWr5oDeLbjdK0jk3yUOL1EeoUIIpGm8WTqhjI7cSG-V0xXmm11_4PowznfK3yoVaFqcndwFmdE-OrQwTijoJ2_oPASfh_6R4laQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=true Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://rthfsocprq.trafficsdoctor.org/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers
GET		converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/	0 0

GET		ConvergedLogin_PCore_9i90DmN8HbFiIvCSmsAz-Q2.js rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/js/	0 0

GET		ux.converged.login.strings-de.min_pg3qvekbtzilyo4uvuckhw2.js rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/	0 0

GET H3	200	converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/	110 KB 20 KB	45ms 44ms	Stylesheet text/css	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css Requested by Host: rthfsocprq.trafficsdoctor.org URL: https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638514693369308406.MmM1N2M5ODMtY2RmMy00OWYxLThjNDAtOWZhNTdlZWNjNDM3ZTc4MzczMjEtYTAxZC00OGRlLTlkZmEtZDUwOTMzMGI5M2U1&ui_locales=de-DE&mkt=de-DE&client-request-id=6c651bca-97e5-4da9-a9cf-5fcfb7b442e2&state=xnwrVcANxIXEO0hLM0aS1HPwKiLEefQoZ4NX25sMgxrIOUn_7fGcCut7fp2lcdqo40coWCt3oU1OjqNFC7uCpWQb78eJbOZJKRQcCPlyscMWxpCK8g-v7w2AmTDDTgKO_THOvGhToEj2oyEDCB5kWzm23r2kV7MVilim_iSOqjsYbW4F6TyeWr5oDeLbjdK0jk3yUOL1EeoUIIpGm8WTqhjI7cSG-V0xXmm11_4PowznfK3yoVaFqcndwFmdE-OrQwTijoJ2_oPASfh_6R4laQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=true Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `4b01a0a34ce8ed4bc8a8713be0442d49da6a756236b7b4424622ca3dee820f41` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://rthfsocprq.trafficsdoctor.org/ Origin https://rthfsocprq.trafficsdoctor.org Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-ms-blob-type BlockBlob date Thu, 16 May 2024 15:15:38 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 10630 x-cache TCP_HIT x-fd-int-roxy-purgeid 4554691 alt-svc h3=":443"; ma=86400 x-ms-lease-status unlocked last-modified Wed, 27 Dec 2023 18:18:12 GMT server cloudflare x-azure-ref 20240516T121828Z-17c898fb97fpdjjnxmzucpsbz0000000029g000000004rv3 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rjOfeIymlaxcrfVX8mKWYpwvbXLYoDAUb7xs3Ok4KIGuY1Kpamj1%2BuVdgS2Cp7w2Yw1EVRhwwtYUXIM4vt2qazkAS%2F4lk4HUhPC0aOZiGTZGL3QwqJ2L8aCb5aVjnotL7mdbTmIxS5VnMcKtszlo4BK9l3gFMvIzcbc85gU%3D"}],"group":"cf-nel","max_age":604800} content-type text/css access-control-allow-origin * x-ms-request-id 8b7559fd-d01e-0073-5a7d-a66a98000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 vary Accept-Encoding cf-ray 884c5306acc136dc-FRA
GET		watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/	0 0

GET H3	200	ConvergedLogin_PCore_9i90DmN8HbFiIvCSmsAz-Q2.js Show response rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/js/	434 KB 115 KB	46ms 46ms	Script application/x-javascript	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/js/ConvergedLogin_PCore_9i90DmN8HbFiIvCSmsAz-Q2.js Requested by Host: rthfsocprq.trafficsdoctor.org URL: https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638514693369308406.MmM1N2M5ODMtY2RmMy00OWYxLThjNDAtOWZhNTdlZWNjNDM3ZTc4MzczMjEtYTAxZC00OGRlLTlkZmEtZDUwOTMzMGI5M2U1&ui_locales=de-DE&mkt=de-DE&client-request-id=6c651bca-97e5-4da9-a9cf-5fcfb7b442e2&state=xnwrVcANxIXEO0hLM0aS1HPwKiLEefQoZ4NX25sMgxrIOUn_7fGcCut7fp2lcdqo40coWCt3oU1OjqNFC7uCpWQb78eJbOZJKRQcCPlyscMWxpCK8g-v7w2AmTDDTgKO_THOvGhToEj2oyEDCB5kWzm23r2kV7MVilim_iSOqjsYbW4F6TyeWr5oDeLbjdK0jk3yUOL1EeoUIIpGm8WTqhjI7cSG-V0xXmm11_4PowznfK3yoVaFqcndwFmdE-OrQwTijoJ2_oPASfh_6R4laQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=true Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `49b5577253df30d270fa49037d7f669b5e7450317d13dba2c66af1c8b58ddd68` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://rthfsocprq.trafficsdoctor.org/ Origin https://rthfsocprq.trafficsdoctor.org Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-ms-blob-type BlockBlob date Thu, 16 May 2024 15:15:39 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 10631 x-cache TCP_HIT x-cache-info L1_T2 x-fd-int-roxy-purgeid 4554691 alt-svc h3=":443"; ma=86400 x-ms-lease-status unlocked last-modified Mon, 29 Apr 2024 17:13:57 GMT server cloudflare x-azure-ref 20240516T121828Z-1654dd6c8cbnvnncgpnv32ssns00000000ag000000003pu6 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jNGsUUdJUklBLpv5%2B%2FSsy6WNrlnw7lefutMAlc2%2BHAA7ac0MR2iWE%2FeSWBCCxJECSJdNW3F0kt2JSbbsF2n3kGeD8r%2B0lXgDpywO1b2kTKenFgAvyNBn5YuecULWSGJs2c6diAsEv9JzBDZCzdqoXBDzRJC6oI9yE7XybEU%3D"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript access-control-allow-origin * x-ms-request-id 30ec5516-801e-006e-5373-a705a1000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 vary Accept-Encoding cf-ray 884c5309682336dc-FRA
GET H3	200	ux.converged.login.strings-de.min_pg3qvekbtzilyo4uvuckhw2.js Show response rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/	60 KB 18 KB	41ms 40ms	Script application/x-javascript	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/ux.converged.login.strings-de.min_pg3qvekbtzilyo4uvuckhw2.js Requested by Host: rthfsocprq.trafficsdoctor.org URL: https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638514693369308406.MmM1N2M5ODMtY2RmMy00OWYxLThjNDAtOWZhNTdlZWNjNDM3ZTc4MzczMjEtYTAxZC00OGRlLTlkZmEtZDUwOTMzMGI5M2U1&ui_locales=de-DE&mkt=de-DE&client-request-id=6c651bca-97e5-4da9-a9cf-5fcfb7b442e2&state=xnwrVcANxIXEO0hLM0aS1HPwKiLEefQoZ4NX25sMgxrIOUn_7fGcCut7fp2lcdqo40coWCt3oU1OjqNFC7uCpWQb78eJbOZJKRQcCPlyscMWxpCK8g-v7w2AmTDDTgKO_THOvGhToEj2oyEDCB5kWzm23r2kV7MVilim_iSOqjsYbW4F6TyeWr5oDeLbjdK0jk3yUOL1EeoUIIpGm8WTqhjI7cSG-V0xXmm11_4PowznfK3yoVaFqcndwFmdE-OrQwTijoJ2_oPASfh_6R4laQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=true Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `1f74044ddfaf154497974982234d52d8066ca432fdfea221fce31d55a68f0d6c` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://rthfsocprq.trafficsdoctor.org/ Origin https://rthfsocprq.trafficsdoctor.org Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-ms-blob-type BlockBlob date Thu, 16 May 2024 15:15:39 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 7168 x-cache TCP_MISS x-fd-int-roxy-purgeid 4554691 alt-svc h3=":443"; ma=86400 x-ms-lease-status unlocked last-modified Wed, 24 Apr 2024 05:49:08 GMT server cloudflare x-azure-ref 20240516T131610Z-17c898fb97fmj7g5qpq8wd9qfs00000003h0000000009qf6 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hMJh1zlXBcqsl%2BIB2psvsiXywLTUvULly7oB1Uo8DGzn6TAooLuQfKE0%2BPZ%2BJnPvs9TL0r%2Fz5DJbagA5cAXsaFIDh4Z4vhtrXwE%2Fel%2BsUUDDWKKMxhnwjk9OnQ14bs8dX6wx3iVAccBmzxIHs6GuHlMSfa11oAHQ%2BLcd2O0%3D"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript access-control-allow-origin * x-ms-request-id 95d15315-e01e-0010-8093-a755bc000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 vary Accept-Encoding cf-ray 884c5309682536dc-FRA
GET		watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/	0 0

GET H3	200	oneDs_f2e0f4a029670f10d892.js Show response rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/js/	186 KB 61 KB	562ms 562ms	Script application/x-javascript	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js Requested by Host: rthfsdjrhte.trafficsdoctor.org URL: https://rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/js/ConvergedLogin_PCore_9i90DmN8HbFiIvCSmsAz-Q2.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `8405362eb8f09df13ae244de155b51b1577274673d9728b6c81cd0278a63c8b0` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://rthfsocprq.trafficsdoctor.org/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-ms-blob-type BlockBlob date Thu, 16 May 2024 15:15:39 GMT content-encoding br cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-cache TCP_HIT x-fd-int-roxy-purgeid 4554691 alt-svc h3=":443"; ma=86400 x-ms-lease-status unlocked last-modified Thu, 25 May 2023 17:22:47 GMT server cloudflare x-azure-ref 20240516T151539Z-1654dd6c8cb7wmvfg4ztn70v0800000003qg00000000fv3n report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rz%2FhCDu3%2FazSkTi19mJx2rf4fh2L4HzP4dN9xLGfszLBSIsWf0%2F0AOBgt9h6ekFhyUfRJxXj5vIqpxPuEIqoyOEAkwhywc0fxA7vsCvHN2X9YMXcfRknhu4Aqgn%2FXL3qstfOo67rf3fS73pukkSe9II4grtvyf9FixCF2nI%3D"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript access-control-allow-origin * x-ms-request-id abf21565-c01e-0002-2758-a5b39a000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 vary Accept-Encoding cf-ray 884c530af9873a84-FRA
GET		watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/	0 0

POST H3	200	watson Show response rthfsocprq.trafficsdoctor.org/common/handlers/	265 B 953 B	263ms 262ms	XHR application/json	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rthfsocprq.trafficsdoctor.org/common/handlers/watson Requested by Host: rthfsocprq.trafficsdoctor.org URL: https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638514693369308406.MmM1N2M5ODMtY2RmMy00OWYxLThjNDAtOWZhNTdlZWNjNDM3ZTc4MzczMjEtYTAxZC00OGRlLTlkZmEtZDUwOTMzMGI5M2U1&ui_locales=de-DE&mkt=de-DE&client-request-id=6c651bca-97e5-4da9-a9cf-5fcfb7b442e2&state=xnwrVcANxIXEO0hLM0aS1HPwKiLEefQoZ4NX25sMgxrIOUn_7fGcCut7fp2lcdqo40coWCt3oU1OjqNFC7uCpWQb78eJbOZJKRQcCPlyscMWxpCK8g-v7w2AmTDDTgKO_THOvGhToEj2oyEDCB5kWzm23r2kV7MVilim_iSOqjsYbW4F6TyeWr5oDeLbjdK0jk3yUOL1EeoUIIpGm8WTqhjI7cSG-V0xXmm11_4PowznfK3yoVaFqcndwFmdE-OrQwTijoJ2_oPASfh_6R4laQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=true Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `58435e1ca804c22d6e0f4cfd8e5a0df980c4b85a478e4100dee55731527b615f` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 client-request-id 6c651bca-97e5-4da9-a9cf-5fcfb7b442e2 canary PAQABDgEAAADnfolhJpSnRYB1SVj-Hgd8MzewDOTHboI9M3d--obTcXHpJUTlLPthSQLixyrByxc4YmYo4JYJaDHnbelg9y14twD5DXbmtx_c0RXI5S14s4y831L0UEHNuNcjLrNTlnWkD8ZqCU1vNCKESLKVGOqbWmeSnVC64gUrznwnSkvgudVotW00TZnOFXqkhjoLnt5dSYvOm7Rv6acIIBM0EaU6VePuRNP92eB5Jx-Ci8MwVyAA Content-Type application/json; charset=UTF-8 hpgid 1104 Accept application/json Referer https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638514693369308406.MmM1N2M5ODMtY2RmMy00OWYxLThjNDAtOWZhNTdlZWNjNDM3ZTc4MzczMjEtYTAxZC00OGRlLTlkZmEtZDUwOTMzMGI5M2U1&ui_locales=de-DE&mkt=de-DE&client-request-id=6c651bca-97e5-4da9-a9cf-5fcfb7b442e2&state=xnwrVcANxIXEO0hLM0aS1HPwKiLEefQoZ4NX25sMgxrIOUn_7fGcCut7fp2lcdqo40coWCt3oU1OjqNFC7uCpWQb78eJbOZJKRQcCPlyscMWxpCK8g-v7w2AmTDDTgKO_THOvGhToEj2oyEDCB5kWzm23r2kV7MVilim_iSOqjsYbW4F6TyeWr5oDeLbjdK0jk3yUOL1EeoUIIpGm8WTqhjI7cSG-V0xXmm11_4PowznfK3yoVaFqcndwFmdE-OrQwTijoJ2_oPASfh_6R4laQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=true hpgact 1800 sec-ch-ua-platform "Win32" Response headers date Thu, 16 May 2024 15:15:39 GMT content-encoding br cf-cache-status DYNAMIC nel {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} client-request-id 6c651bca-97e5-4da9-a9cf-5fcfb7b442e2 p3p CP="DSP CUR OTPi IND OTRi ONL FIN" alt-svc h3=":443"; ma=86400 pragma no-cache referrer-policy strict-origin-when-cross-origin x-ms-srs 1.P server cloudflare report-to {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+frc"}]} content-type application/json; charset=utf-8 x-ms-request-id 0330a248-b654-48ed-91d0-42f15fa98600 cache-control no-store, no-cache cf-ray 884c530d6cea3a84-FRA x-ms-ests-server 2.1.18077.3 - NEULR1 ProdSlices expires -1
GET H3	200	convergedlogin_pcustomizationloader_8e14dcf0e3ff5580d170.js Show response rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/js/asyncchunk/	219 KB 51 KB	669ms 669ms	Script application/x-javascript	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_8e14dcf0e3ff5580d170.js Requested by Host: rthfsdjrhte.trafficsdoctor.org URL: https://rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/js/ConvergedLogin_PCore_9i90DmN8HbFiIvCSmsAz-Q2.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `474ce0790ceb18a100cebaf1ac0915a51389fcae0830c3b44bfa1e365d40b2b4` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://rthfsocprq.trafficsdoctor.org/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-ms-blob-type BlockBlob date Thu, 16 May 2024 15:15:40 GMT content-encoding br cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-cache TCP_HIT x-fd-int-roxy-purgeid 4554691 alt-svc h3=":443"; ma=86400 x-ms-lease-status unlocked last-modified Thu, 28 Mar 2024 21:22:21 GMT server cloudflare x-azure-ref 20240516T151540Z-1654dd6c8cb7wmvfg4ztn70v0800000003qg00000000fv4e report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Fdcu8zSUp50z9F4rkf39a1foovnRsm6cBUSNcwyz5LJcHpJ8oKDtsWiJ6mJbpLjoPbgXp%2BOkBnmddSX7pOY4ogpQ0OpYhyEisSctifPKsvTfJVt2bHe9tXvMykuLsSNeEDGzxwDjPsS9D%2Bw%2FvbTDAky1EHfjwhAmTmsvT60%3D"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript access-control-allow-origin * x-ms-request-id 7e2985bc-501e-006b-14bb-a582ab000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 vary Accept-Encoding cf-ray 884c530edec63a84-FRA
GET		favicon_a_eupayfgghqiai7k9sol6lg2.ico rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/images/	0 0

GET H3	200	convergedlogin_pfetchsessionsprogress_7c1aa7609345f99e4914.js Show response rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/js/asyncchunk/	15 KB 6 KB	330ms 330ms	Script application/x-javascript	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_7c1aa7609345f99e4914.js Requested by Host: rthfsdjrhte.trafficsdoctor.org URL: https://rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/js/ConvergedLogin_PCore_9i90DmN8HbFiIvCSmsAz-Q2.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `35afb11dab6edcbc989a25fe5cf19f5d8289499232b7ec775f318d8b8a5bbf78` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://rthfsocprq.trafficsdoctor.org/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-ms-blob-type BlockBlob date Thu, 16 May 2024 15:15:40 GMT content-encoding br cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-cache TCP_HIT x-fd-int-roxy-purgeid 4554691 alt-svc h3=":443"; ma=86400 x-ms-lease-status unlocked last-modified Thu, 28 Mar 2024 21:22:21 GMT server cloudflare x-azure-ref 20240516T151540Z-1654dd6c8cb7wmvfg4ztn70v0800000003qg00000000fv50 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pKs%2B0lr3E%2F58u%2FH8Ut61thL0C6%2FwD15c%2Bx2Rf6pkxDCUf3ehKiVbnyq59bmGYjT7mc3f3SY93XaFk3nH4%2BK5AnAATXBffQrqwSFTS9NoSilAx5ZTvagLcZZfvZTCKOKKu1UZMUcH6Rc4WVCigvdthgy0mQbmYafC5KE%2BssU%3D"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript access-control-allow-origin * x-ms-request-id 235b2ae4-601e-0070-73e2-a5179e000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 vary Accept-Encoding cf-ray 884c53132cdc3a84-FRA
GET H3	200	marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/images/	3 KB 3 KB	280ms 280ms	Image image/gif	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a46201581a7c7c667fd42787cd1e9adf2f6bf809efb7596e61a03e8dba9ada13` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://rthfsocprq.trafficsdoctor.org/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-ms-blob-type BlockBlob date Thu, 16 May 2024 15:15:40 GMT cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-cache TCP_HIT x-fd-int-roxy-purgeid 4554691 alt-svc h3=":443"; ma=86400 x-ms-lease-status unlocked last-modified Wed, 24 May 2023 10:11:47 GMT server cloudflare etag 0x8DB5C3F48EC4154 x-azure-ref 20240516T151540Z-1654dd6c8cb7wmvfg4ztn70v0800000003qg00000000fv4x report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8rz8QyoqEZEQCBfAxq9mac4G7KXefMXaNdXVKQVDDVgM8E0yfOXRmsHva3Bw8FxhDfrq5FOSrvLViqY2XN6fE2JBNG6QSnlYnBwJtwp5CqTmtZlGeT5aqR6f0fiOPJYLILmI58j5lZ%2FkII%2BXn%2FEd5GU1eDKEEXB0Gfi5l1A%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif access-control-allow-origin * x-ms-request-id 5c3eaa76-701e-003d-2ae9-a51b94000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 vary Accept-Encoding cf-ray 884c53132cdd3a84-FRA
GET H3	200	marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/images/	4 KB 4 KB	237ms 237ms	Image image/gif	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `8737d721808655f37b333f08a90185699e7e8b9bdaaa15cdb63c8448b426f95d` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://rthfsocprq.trafficsdoctor.org/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-ms-blob-type BlockBlob date Thu, 16 May 2024 15:15:40 GMT cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-cache TCP_HIT x-fd-int-roxy-purgeid 4554691 alt-svc h3=":443"; ma=86400 x-ms-lease-status unlocked last-modified Wed, 24 May 2023 10:11:48 GMT server cloudflare etag 0x8DB5C3F4904824B x-azure-ref 20240516T151540Z-1654dd6c8cb7wmvfg4ztn70v0800000003qg00000000fv4w report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=49rTrHKLueoLrqtp%2FkyLyx10sFGE1%2BK4QX60w5Oi6TQZOOMclc2Z1KSUB%2B5JLY5G23h2Umw%2BnCSEhro4upCgT%2BoHa9v4l6go6zSNMUIe5QLUzbnr8oG3h%2FwVl21N8SMQZIBkb%2B1ez9kNpmTQUWZ6fFFJTRcsJb%2B3NxF2JZ4%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif access-control-allow-origin * x-ms-request-id 89453ec9-d01e-005f-6399-a50fb2000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 vary Accept-Encoding cf-ray 884c53132cdf3a84-FRA
GET H3	200	2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/images/backgrounds/	2 KB 1 KB	242ms 241ms	Image image/svg+xml	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://rthfsocprq.trafficsdoctor.org/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-ms-blob-type BlockBlob date Thu, 16 May 2024 15:15:41 GMT content-encoding br cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-cache TCP_HIT x-fd-int-roxy-purgeid 4554691 alt-svc h3=":443"; ma=86400 x-ms-lease-status unlocked last-modified Wed, 24 May 2023 10:11:46 GMT server cloudflare x-azure-ref 20240516T151541Z-1654dd6c8cb8ggrq1x9xmz59kn000000035g0000000055hm report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5dnIbfV1s3XMhLGp18vuaWIpfQY%2BBDHUoqS4HW%2BcpQ4EcHBfEoHxDKf0mtyMt2DFFQFbZlusukggrROdLPuIiZnmgVHXjexTBPcsLQmUY3ILa9bndZda6rQqMJ4J2pX6JUPxZyTNjGJC7J7Ut5c2oEQaG2iIqFQQiKN1l%2B0%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml access-control-allow-origin * x-ms-request-id 78a9a6c7-001e-005a-3bc7-a588b8000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 vary Accept-Encoding cf-ray 884c531568323a84-FRA
GET		microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/images/	0 0

GET H3	200	marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/images/	3 KB 0	0ms 0ms	Image image/gif	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a46201581a7c7c667fd42787cd1e9adf2f6bf809efb7596e61a03e8dba9ada13` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://rthfsocprq.trafficsdoctor.org/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-ms-blob-type BlockBlob date Thu, 16 May 2024 15:15:40 GMT cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-cache TCP_HIT x-fd-int-roxy-purgeid 4554691 alt-svc h3=":443"; ma=86400 x-ms-lease-status unlocked last-modified Wed, 24 May 2023 10:11:47 GMT server cloudflare etag 0x8DB5C3F48EC4154 x-azure-ref 20240516T151540Z-1654dd6c8cb7wmvfg4ztn70v0800000003qg00000000fv4x report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8rz8QyoqEZEQCBfAxq9mac4G7KXefMXaNdXVKQVDDVgM8E0yfOXRmsHva3Bw8FxhDfrq5FOSrvLViqY2XN6fE2JBNG6QSnlYnBwJtwp5CqTmtZlGeT5aqR6f0fiOPJYLILmI58j5lZ%2FkII%2BXn%2FEd5GU1eDKEEXB0Gfi5l1A%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif access-control-allow-origin * x-ms-request-id 5c3eaa76-701e-003d-2ae9-a51b94000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 vary Accept-Encoding cf-ray 884c53132cdd3a84-FRA
GET H3	200	marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/images/	4 KB 0	1ms 1ms	Image image/gif	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `8737d721808655f37b333f08a90185699e7e8b9bdaaa15cdb63c8448b426f95d` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://rthfsocprq.trafficsdoctor.org/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-ms-blob-type BlockBlob date Thu, 16 May 2024 15:15:40 GMT cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-cache TCP_HIT x-fd-int-roxy-purgeid 4554691 alt-svc h3=":443"; ma=86400 x-ms-lease-status unlocked last-modified Wed, 24 May 2023 10:11:48 GMT server cloudflare etag 0x8DB5C3F4904824B x-azure-ref 20240516T151540Z-1654dd6c8cb7wmvfg4ztn70v0800000003qg00000000fv4w report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=49rTrHKLueoLrqtp%2FkyLyx10sFGE1%2BK4QX60w5Oi6TQZOOMclc2Z1KSUB%2B5JLY5G23h2Umw%2BnCSEhro4upCgT%2BoHa9v4l6go6zSNMUIe5QLUzbnr8oG3h%2FwVl21N8SMQZIBkb%2B1ez9kNpmTQUWZ6fFFJTRcsJb%2B3NxF2JZ4%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif access-control-allow-origin * x-ms-request-id 89453ec9-d01e-005f-6399-a50fb2000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 vary Accept-Encoding cf-ray 884c53132cdf3a84-FRA
GET		Me.htm rthfshrvetbr.trafficsdoctor.org/ Frame 05E1	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: rthfsdjrhte.trafficsdoctor.org
URL: https://rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/js/BssoInterrupt_Core_RY3pVDLvjU_KKLtTKxjDFA2.js

Domain: rthfsdjrhte.trafficsdoctor.org
URL: https://rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js

Domain: rthfsdjrhte.trafficsdoctor.org
URL: https://rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js

Domain: rthfsdjrhte.trafficsdoctor.org
URL: https://rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js

Domain: rthfsdjrhte.trafficsdoctor.org
URL: https://rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css

Domain: rthfsdjrhte.trafficsdoctor.org
URL: https://rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/js/ConvergedLogin_PCore_9i90DmN8HbFiIvCSmsAz-Q2.js

Domain: rthfsdjrhte.trafficsdoctor.org
URL: https://rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/ux.converged.login.strings-de.min_pg3qvekbtzilyo4uvuckhw2.js

Domain: rthfsdjrhte.trafficsdoctor.org
URL: https://rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js

Domain: rthfsdjrhte.trafficsdoctor.org
URL: https://rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js

Domain: rthfsdjrhte.trafficsdoctor.org
URL: https://rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js

Domain: rthfsdjrhte.trafficsdoctor.org
URL: https://rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico

Domain: rthfsdjrhte.trafficsdoctor.org
URL: https://rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg

Domain: rthfshrvetbr.trafficsdoctor.org
URL: https://rthfshrvetbr.trafficsdoctor.org/Me.htm?v=3

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

20 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.bamboohr.com/	1969-12-31 23:59:59	Name: _cfuvid Value: PTPTFMPrA.pBKlYTVa6JHweEgo5V_hDCUhcvszHJzh4-1715872535789-0.0.1.1-604800000
.trafficsdoctor.org/	1970-01-20 20:37:56	Name: pHlS Value: 13eb31b6de48b42bdaec6caf9682efae38aeacbcf23c48635156e7f2ce6972cf
rthfsocprq.trafficsdoctor.org/	1969-12-31 23:59:59	Name: x-ms-gateway-slice Value: estsfd
rthfsocprq.trafficsdoctor.org/	1969-12-31 23:59:59	Name: stsservicecookie Value: estsfd
rthfshefbew.trafficsdoctor.org/	1970-01-20 20:38:21	Name: OH.DCAffinity Value: OH-sec
rthfshefbew.trafficsdoctor.org/	1970-01-21 05:23:28	Name: OH.FLID Value: 6f49e4cd-fbc8-49ea-bf90-4a63a5db7e3e
rthfshefbew.trafficsdoctor.org/	1970-01-20 20:37:53	Name: .AspNetCore.OpenIdConnect.Nonce.jhrE5dLmVH8mxSg1A_vqXawy4jNaONWS1lMEvpNJ3Op1Mqq-qZKvjzN8n_nZhlPQfEFY1YGcPCXqSpVdK_wmZ4JeK4N7tAIMTNR3Qmojf0jY_ollpebDzTAVJtk2V2W59DSe6F3CcWRNV2xpUvXUiCkxHSvXkGErr737Q9OPtVVIeTGc5miwaRa83qlaIbFhnCpZJMm20WJBc2LRjuVePmeJ9gtKdGx_jVc0ajgMaSmTq0l6qK-Je8NaXHSlSAr- Value: N
rthfshefbew.trafficsdoctor.org/	1970-01-20 20:37:53	Name: .AspNetCore.Correlation.33vlYYH_YzAi7Au3eq78VY--_qrhU-F2fGTIjrlxnCg Value: N
.trafficsdoctor.org/	1970-01-21 05:59:28	Name: MUID Value: 048A7EE1DD936DE90F746A60DCDB6C72
.rthfsocprq.trafficsdoctor.org/	1969-12-31 23:59:59	Name: esctx-ketausirj7A Value: AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8SVPt2aMfHLMWBxE0vFZM6E59uPfkhZsIx5LNIH0szVgWHo-lJNJHlrgXkue2IMc_KpJJ2QULB9sRLfWhR6AbITbAQ4hMRfn9aZ_3soI7udm8Bc2Gq-BCH8uD3pBYQaKMUkAaeYvA2qyp_Ll4Gn7TzyAA
.rthfsocprq.trafficsdoctor.org/	1969-12-31 23:59:59	Name: AADSSO Value: NA\|NoExtension
rthfsocprq.trafficsdoctor.org/	1970-01-20 20:37:52	Name: SSOCOOKIEPULLED Value: 1
rthfsocprq.trafficsdoctor.org/	1970-01-20 21:21:04	Name: buid Value: 0.AXkAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd853hUL_tGDD0Br3dDoliozGHcVC7tb7ZQjQljDuEY0-Vl93bT9n-ta23rH-41I3qqkQpHJ7oPIGwP5T3SUjJhPmJRplbeyioAL47P_o0G5RIgAA
.rthfsocprq.trafficsdoctor.org/	1969-12-31 23:59:59	Name: esctx Value: PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8OVBhrKAJbMa8iqcdTj7_xL0uKBT1UyJ0N8O8KHXpB6UYhTnacLVjJnQBx0Pohl7IbvTZoiZwD9KIR2cQKnlMSEIpDMl9YHgwTcKGYq6CtrlADT2_PECTuNVEWoeOk9JLecOyMdRH0lGkomOTsQUvkwJEFyKi3Ac7nOTeA5H7tUsgAA
.rthfsocprq.trafficsdoctor.org/	1969-12-31 23:59:59	Name: esctx-Oy5RuQSbEg Value: AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8BqZgAbI2Fq8frmAPVHVxSTwtkTl2xQ6MhR6NBqwLAAxv9_2kSkvYOikxD8_XjEski4jsOJqmN9qAair_mb6hSL2OQSIB3ds0lKg1yT9QnRt-SZmg8921r4Xt1RBH3GXqaoofhy9G-AyphdMMvEmAxCAA
rthfsocprq.trafficsdoctor.org/	1970-01-20 21:21:04	Name: fpc Value: AolMe4fUaW5FtpTW7fAssDy8Ae7AAQAAABka2N0OAAAA
.rthfshrvetbr.trafficsdoctor.org/	1969-12-31 23:59:59	Name: uaid Value: 2f2ef449204940c3b32837f3e9831826
.rthfshrvetbr.trafficsdoctor.org/	1969-12-31 23:59:59	Name: MSPRequ Value: id=N&lt=1715872538&co=1
rthfsocprq.trafficsdoctor.org/	1970-01-21 05:23:28	Name: MicrosoftApplicationsTelemetryDeviceId Value: 1e27069c-61c3-4969-a1a6-2f67167e9106
.rthfsocprq.trafficsdoctor.org/	1970-01-21 05:59:28	Name: brcap Value: 0

21 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638514693369308406.MmM1N2M5ODMtY2RmMy00OWYxLThjNDAtOWZhNTdlZWNjNDM3ZTc4MzczMjEtYTAxZC00OGRlLTlkZmEtZDUwOTMzMGI5M2U1&ui_locales=de-DE&mkt=de-DE&client-request-id=6c651bca-97e5-4da9-a9cf-5fcfb7b442e2&state=xnwrVcANxIXEO0hLM0aS1HPwKiLEefQoZ4NX25sMgxrIOUn_7fGcCut7fp2lcdqo40coWCt3oU1OjqNFC7uCpWQb78eJbOZJKRQcCPlyscMWxpCK8g-v7w2AmTDDTgKO_THOvGhToEj2oyEDCB5kWzm23r2kV7MVilim_iSOqjsYbW4F6TyeWr5oDeLbjdK0jk3yUOL1EeoUIIpGm8WTqhjI7cSG-V0xXmm11_4PowznfK3yoVaFqcndwFmdE-OrQwTijoJ2_oPASfh_6R4laQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 Message: Access to script at 'https://rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/js/BssoInterrupt_Core_RY3pVDLvjU_KKLtTKxjDFA2.js' from origin 'https://rthfsocprq.trafficsdoctor.org' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'.
network	error	URL: https://rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/js/BssoInterrupt_Core_RY3pVDLvjU_KKLtTKxjDFA2.js Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638514693369308406.MmM1N2M5ODMtY2RmMy00OWYxLThjNDAtOWZhNTdlZWNjNDM3ZTc4MzczMjEtYTAxZC00OGRlLTlkZmEtZDUwOTMzMGI5M2U1&ui_locales=de-DE&mkt=de-DE&client-request-id=6c651bca-97e5-4da9-a9cf-5fcfb7b442e2&state=xnwrVcANxIXEO0hLM0aS1HPwKiLEefQoZ4NX25sMgxrIOUn_7fGcCut7fp2lcdqo40coWCt3oU1OjqNFC7uCpWQb78eJbOZJKRQcCPlyscMWxpCK8g-v7w2AmTDDTgKO_THOvGhToEj2oyEDCB5kWzm23r2kV7MVilim_iSOqjsYbW4F6TyeWr5oDeLbjdK0jk3yUOL1EeoUIIpGm8WTqhjI7cSG-V0xXmm11_4PowznfK3yoVaFqcndwFmdE-OrQwTijoJ2_oPASfh_6R4laQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 Message: Access to script at 'https://rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js' from origin 'https://rthfsocprq.trafficsdoctor.org' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638514693369308406.MmM1N2M5ODMtY2RmMy00OWYxLThjNDAtOWZhNTdlZWNjNDM3ZTc4MzczMjEtYTAxZC00OGRlLTlkZmEtZDUwOTMzMGI5M2U1&ui_locales=de-DE&mkt=de-DE&client-request-id=6c651bca-97e5-4da9-a9cf-5fcfb7b442e2&state=xnwrVcANxIXEO0hLM0aS1HPwKiLEefQoZ4NX25sMgxrIOUn_7fGcCut7fp2lcdqo40coWCt3oU1OjqNFC7uCpWQb78eJbOZJKRQcCPlyscMWxpCK8g-v7w2AmTDDTgKO_THOvGhToEj2oyEDCB5kWzm23r2kV7MVilim_iSOqjsYbW4F6TyeWr5oDeLbjdK0jk3yUOL1EeoUIIpGm8WTqhjI7cSG-V0xXmm11_4PowznfK3yoVaFqcndwFmdE-OrQwTijoJ2_oPASfh_6R4laQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 Message: Access to script at 'https://rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js' from origin 'https://rthfsocprq.trafficsdoctor.org' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638514693369308406.MmM1N2M5ODMtY2RmMy00OWYxLThjNDAtOWZhNTdlZWNjNDM3ZTc4MzczMjEtYTAxZC00OGRlLTlkZmEtZDUwOTMzMGI5M2U1&ui_locales=de-DE&mkt=de-DE&client-request-id=6c651bca-97e5-4da9-a9cf-5fcfb7b442e2&state=xnwrVcANxIXEO0hLM0aS1HPwKiLEefQoZ4NX25sMgxrIOUn_7fGcCut7fp2lcdqo40coWCt3oU1OjqNFC7uCpWQb78eJbOZJKRQcCPlyscMWxpCK8g-v7w2AmTDDTgKO_THOvGhToEj2oyEDCB5kWzm23r2kV7MVilim_iSOqjsYbW4F6TyeWr5oDeLbjdK0jk3yUOL1EeoUIIpGm8WTqhjI7cSG-V0xXmm11_4PowznfK3yoVaFqcndwFmdE-OrQwTijoJ2_oPASfh_6R4laQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 Message: Access to script at 'https://rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js' from origin 'https://rthfsocprq.trafficsdoctor.org' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://rthfsocprq.trafficsdoctor.org/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()
javascript	error	URL: https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638514693369308406.MmM1N2M5ODMtY2RmMy00OWYxLThjNDAtOWZhNTdlZWNjNDM3ZTc4MzczMjEtYTAxZC00OGRlLTlkZmEtZDUwOTMzMGI5M2U1&ui_locales=de-DE&mkt=de-DE&client-request-id=6c651bca-97e5-4da9-a9cf-5fcfb7b442e2&state=xnwrVcANxIXEO0hLM0aS1HPwKiLEefQoZ4NX25sMgxrIOUn_7fGcCut7fp2lcdqo40coWCt3oU1OjqNFC7uCpWQb78eJbOZJKRQcCPlyscMWxpCK8g-v7w2AmTDDTgKO_THOvGhToEj2oyEDCB5kWzm23r2kV7MVilim_iSOqjsYbW4F6TyeWr5oDeLbjdK0jk3yUOL1EeoUIIpGm8WTqhjI7cSG-V0xXmm11_4PowznfK3yoVaFqcndwFmdE-OrQwTijoJ2_oPASfh_6R4laQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=true Message: Access to CSS stylesheet at 'https://rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css' from origin 'https://rthfsocprq.trafficsdoctor.org' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'.
network	error	URL: https://rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638514693369308406.MmM1N2M5ODMtY2RmMy00OWYxLThjNDAtOWZhNTdlZWNjNDM3ZTc4MzczMjEtYTAxZC00OGRlLTlkZmEtZDUwOTMzMGI5M2U1&ui_locales=de-DE&mkt=de-DE&client-request-id=6c651bca-97e5-4da9-a9cf-5fcfb7b442e2&state=xnwrVcANxIXEO0hLM0aS1HPwKiLEefQoZ4NX25sMgxrIOUn_7fGcCut7fp2lcdqo40coWCt3oU1OjqNFC7uCpWQb78eJbOZJKRQcCPlyscMWxpCK8g-v7w2AmTDDTgKO_THOvGhToEj2oyEDCB5kWzm23r2kV7MVilim_iSOqjsYbW4F6TyeWr5oDeLbjdK0jk3yUOL1EeoUIIpGm8WTqhjI7cSG-V0xXmm11_4PowznfK3yoVaFqcndwFmdE-OrQwTijoJ2_oPASfh_6R4laQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=true Message: Access to script at 'https://rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/js/ConvergedLogin_PCore_9i90DmN8HbFiIvCSmsAz-Q2.js' from origin 'https://rthfsocprq.trafficsdoctor.org' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'.
network	error	URL: https://rthfsdjrhte.trafficsdoctor.org/shared/1.0/content/js/ConvergedLogin_PCore_9i90DmN8HbFiIvCSmsAz-Q2.js Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638514693369308406.MmM1N2M5ODMtY2RmMy00OWYxLThjNDAtOWZhNTdlZWNjNDM3ZTc4MzczMjEtYTAxZC00OGRlLTlkZmEtZDUwOTMzMGI5M2U1&ui_locales=de-DE&mkt=de-DE&client-request-id=6c651bca-97e5-4da9-a9cf-5fcfb7b442e2&state=xnwrVcANxIXEO0hLM0aS1HPwKiLEefQoZ4NX25sMgxrIOUn_7fGcCut7fp2lcdqo40coWCt3oU1OjqNFC7uCpWQb78eJbOZJKRQcCPlyscMWxpCK8g-v7w2AmTDDTgKO_THOvGhToEj2oyEDCB5kWzm23r2kV7MVilim_iSOqjsYbW4F6TyeWr5oDeLbjdK0jk3yUOL1EeoUIIpGm8WTqhjI7cSG-V0xXmm11_4PowznfK3yoVaFqcndwFmdE-OrQwTijoJ2_oPASfh_6R4laQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=true Message: Access to script at 'https://rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/ux.converged.login.strings-de.min_pg3qvekbtzilyo4uvuckhw2.js' from origin 'https://rthfsocprq.trafficsdoctor.org' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'.
network	error	URL: https://rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/ux.converged.login.strings-de.min_pg3qvekbtzilyo4uvuckhw2.js Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638514693369308406.MmM1N2M5ODMtY2RmMy00OWYxLThjNDAtOWZhNTdlZWNjNDM3ZTc4MzczMjEtYTAxZC00OGRlLTlkZmEtZDUwOTMzMGI5M2U1&ui_locales=de-DE&mkt=de-DE&client-request-id=6c651bca-97e5-4da9-a9cf-5fcfb7b442e2&state=xnwrVcANxIXEO0hLM0aS1HPwKiLEefQoZ4NX25sMgxrIOUn_7fGcCut7fp2lcdqo40coWCt3oU1OjqNFC7uCpWQb78eJbOZJKRQcCPlyscMWxpCK8g-v7w2AmTDDTgKO_THOvGhToEj2oyEDCB5kWzm23r2kV7MVilim_iSOqjsYbW4F6TyeWr5oDeLbjdK0jk3yUOL1EeoUIIpGm8WTqhjI7cSG-V0xXmm11_4PowznfK3yoVaFqcndwFmdE-OrQwTijoJ2_oPASfh_6R4laQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=true Message: Access to script at 'https://rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js' from origin 'https://rthfsocprq.trafficsdoctor.org' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638514693369308406.MmM1N2M5ODMtY2RmMy00OWYxLThjNDAtOWZhNTdlZWNjNDM3ZTc4MzczMjEtYTAxZC00OGRlLTlkZmEtZDUwOTMzMGI5M2U1&ui_locales=de-DE&mkt=de-DE&client-request-id=6c651bca-97e5-4da9-a9cf-5fcfb7b442e2&state=xnwrVcANxIXEO0hLM0aS1HPwKiLEefQoZ4NX25sMgxrIOUn_7fGcCut7fp2lcdqo40coWCt3oU1OjqNFC7uCpWQb78eJbOZJKRQcCPlyscMWxpCK8g-v7w2AmTDDTgKO_THOvGhToEj2oyEDCB5kWzm23r2kV7MVilim_iSOqjsYbW4F6TyeWr5oDeLbjdK0jk3yUOL1EeoUIIpGm8WTqhjI7cSG-V0xXmm11_4PowznfK3yoVaFqcndwFmdE-OrQwTijoJ2_oPASfh_6R4laQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=true Message: Access to script at 'https://rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js' from origin 'https://rthfsocprq.trafficsdoctor.org' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://rthfsocprq.trafficsdoctor.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638514693369308406.MmM1N2M5ODMtY2RmMy00OWYxLThjNDAtOWZhNTdlZWNjNDM3ZTc4MzczMjEtYTAxZC00OGRlLTlkZmEtZDUwOTMzMGI5M2U1&ui_locales=de-DE&mkt=de-DE&client-request-id=6c651bca-97e5-4da9-a9cf-5fcfb7b442e2&state=xnwrVcANxIXEO0hLM0aS1HPwKiLEefQoZ4NX25sMgxrIOUn_7fGcCut7fp2lcdqo40coWCt3oU1OjqNFC7uCpWQb78eJbOZJKRQcCPlyscMWxpCK8g-v7w2AmTDDTgKO_THOvGhToEj2oyEDCB5kWzm23r2kV7MVilim_iSOqjsYbW4F6TyeWr5oDeLbjdK0jk3yUOL1EeoUIIpGm8WTqhjI7cSG-V0xXmm11_4PowznfK3yoVaFqcndwFmdE-OrQwTijoJ2_oPASfh_6R4laQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=true Message: Access to script at 'https://rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js' from origin 'https://rthfsocprq.trafficsdoctor.org' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://rthfsdjrhte.trafficsdoctor.org/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

email.app.bamboohr.com
rthfsdjrhte.trafficsdoctor.org
rthfshefbew.trafficsdoctor.org
rthfshrvetbr.trafficsdoctor.org
rthfsmeheff.trafficsdoctor.org
rthfsocprq.trafficsdoctor.org
rthfsdjrhte.trafficsdoctor.org
rthfshrvetbr.trafficsdoctor.org
2606:4700::6811:f670
2a06:98c1:3120::3
2a06:98c1:3120::9
2a06:98c1:3121::3
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
1f74044ddfaf154497974982234d52d8066ca432fdfea221fce31d55a68f0d6c
35afb11dab6edcbc989a25fe5cf19f5d8289499232b7ec775f318d8b8a5bbf78
4638fd8935d19192119469391e3befbb88f620ccd8eeeef2045cd5bdd3bba414
474ce0790ceb18a100cebaf1ac0915a51389fcae0830c3b44bfa1e365d40b2b4
49b5577253df30d270fa49037d7f669b5e7450317d13dba2c66af1c8b58ddd68
4b01a0a34ce8ed4bc8a8713be0442d49da6a756236b7b4424622ca3dee820f41
540e3218d4c47b9d6ebac23dec52e08075f1b23d0d3cfc9104e7053c3a546f2d
58435e1ca804c22d6e0f4cfd8e5a0df980c4b85a478e4100dee55731527b615f
8405362eb8f09df13ae244de155b51b1577274673d9728b6c81cd0278a63c8b0
8737d721808655f37b333f08a90185699e7e8b9bdaaa15cdb63c8448b426f95d
a46201581a7c7c667fd42787cd1e9adf2f6bf809efb7596e61a03e8dba9ada13
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eae914ce3a43829aba1828ef3d1b5907537c38c632abfeb2bede3bfda7ffbd55

rthfsocprq.trafficsdoctor.org Open in urlscan Pro 2a06:98c1:3120::3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

31 Requests

58 %HTTPS

100 %IPv6

2 Domains

6 Subdomains

3 IPs

1 Countries

360 kBTransfer

1244 kBSize

20 Cookies

0 Outgoing links

Page URL History

Redirected requests

31 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

19 JavaScript Global Variables

20 Cookies

21 Console Messages

Indicators

rthfsocprq.trafficsdoctor.org Open in urlscan Pro
2a06:98c1:3120::3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

31
Requests

58 %
HTTPS

100 %
IPv6

2
Domains

6
Subdomains

3
IPs

1
Countries

360 kB
Transfer

1244 kB
Size

20
Cookies

31 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!