apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com Open in urlscan Pro
43.152.64.193  Malicious Activity! Public Scan

Submitted URL: http://www.lagottodirubbiana.it/kyrd-40646r3317/
Effective URL: https://apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com/U5drr77B4bG24uamDAumphbjXnHZMP/fmZZRh1eG6E5MvxD7eJQWGej79Ctm4/fv2UDmpB1R9XFSEgRNTHLJpVR1YTHa/qXq...
Submission: On January 28 via manual from IT — Scanned from IT

Summary

This website contacted 8 IPs in 3 countries across 7 domains to perform 16 HTTP transactions. The main IP is 43.152.64.193, located in Singapore, Singapore and belongs to TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN. The main domain is apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com.
TLS certificate: Issued by GlobalSign Organization Validation CA... on March 6th 2023. Valid for: a year.
This is the only time apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 89.46.108.49 31034 (ARUBA-ASN)
1 104.21.235.195 13335 (CLOUDFLAR...)
1 43.152.64.193 132203 (TENCENT-N...)
2 151.101.194.137 ()
1 ()
1 104.17.24.14 ()
1 185.31.40.24 ()
8 152.199.23.37 ()
16 8
Domain Requested by
8 aadcdn.msftauth.net apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com
2 code.jquery.com apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com
2 apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com www.lagottodirubbiana.it
apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com
1 adminpanel.alwaysdata.net apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com
1 cdnjs.cloudflare.com apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com
1 api.allorigins.win www.lagottodirubbiana.it
1 www.lagottodirubbiana.it
16 7

This site contains no links.

Subject Issuer Validity Valid
allorigins.win
E1
2023-12-04 -
2024-03-03
3 months crt.sh
*.cos.ap-singapore.myqcloud.com
GlobalSign Organization Validation CA - SHA256 - G3
2023-03-06 -
2024-04-06
a year crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA
2023-07-11 -
2024-07-14
a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2023-07-03 -
2024-07-02
a year crt.sh
*.alwaysdata.net
R3
2023-12-12 -
2024-03-11
3 months crt.sh
aadcdn.msftauth.net
DigiCert SHA2 Secure Server CA
2023-12-01 -
2024-12-01
a year crt.sh

This page contains 1 frames:

Primary Page: https://apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com/U5drr77B4bG24uamDAumphbjXnHZMP/fmZZRh1eG6E5MvxD7eJQWGej79Ctm4/fv2UDmpB1R9XFSEgRNTHLJpVR1YTHa/qXqURSJ8y4SfX2pYuyFp4chUXDv5q1/caffcTE4uiNNcRbApgMzmmE665jcfR/RnX0xmMgt7HPVac7ZVhHndWfcc21SA/854Y6FBMjfVFrbDd1f8mjpC2iB2YVL/3jja0SPP0gn2mmKLN5Q3Rhb85mBL29/U0tQMXfBT2uWMpdNA3vDeXf0iQzCtw/1A4UjpU69jr6WTu7BggmXZVi5HGiKN/appc.htm
Frame ID: B5006046C8BB3404B28C8B7F19E3FA3E
Requests: 16 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://www.lagottodirubbiana.it/kyrd-40646r3317/ Page URL
  2. https://apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com/U5drr77B4bG24uamDAumphbjXnHZMP/fmZZRh1eG6E5MvxD7eJQWGej79Ctm4/fv2UDmpB1R9XFS... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

16
Requests

94 %
HTTPS

0 %
IPv6

7
Domains

7
Subdomains

8
IPs

3
Countries

127 kB
Transfer

414 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.lagottodirubbiana.it/kyrd-40646r3317/ Page URL
  2. https://apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com/U5drr77B4bG24uamDAumphbjXnHZMP/fmZZRh1eG6E5MvxD7eJQWGej79Ctm4/fv2UDmpB1R9XFSEgRNTHLJpVR1YTHa/qXqURSJ8y4SfX2pYuyFp4chUXDv5q1/caffcTE4uiNNcRbApgMzmmE665jcfR/RnX0xmMgt7HPVac7ZVhHndWfcc21SA/854Y6FBMjfVFrbDd1f8mjpC2iB2YVL/3jja0SPP0gn2mmKLN5Q3Rhb85mBL29/U0tQMXfBT2uWMpdNA3vDeXf0iQzCtw/1A4UjpU69jr6WTu7BggmXZVi5HGiKN/appc.htm Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
www.lagottodirubbiana.it/kyrd-40646r3317/
2 KB
1 KB
Document
General
Full URL
http://www.lagottodirubbiana.it/kyrd-40646r3317/
Protocol
HTTP/1.1
Server
89.46.108.49 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS
webx1305.aruba.it
Software
aruba-proxy /
Resource Hash
8a770aef10c7cd96318ed85657b30eb742901b681dcee2cb7000bf5a5808cccc

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
it-IT,it;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Sun, 28 Jan 2024 07:49:41 GMT
Last-Modified
Thu, 25 Jan 2024 08:09:02 GMT
Server
aruba-proxy
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-ServerName
ipvsproxy153.ad.aruba.it
raw
api.allorigins.win/
387 B
996 B
Fetch
General
Full URL
https://api.allorigins.win/raw?url=https://pastebin.com/raw/VGJiX2T0
Requested by
Host: www.lagottodirubbiana.it
URL: http://www.lagottodirubbiana.it/kyrd-40646r3317/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.235.195 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

accept-language
it-IT,it;q=0.9
Referer
http://www.lagottodirubbiana.it/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sun, 28 Jan 2024 07:49:43 GMT
via
allOrigins v3+
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-response-time
206.00ms
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
OPTIONS, GET, POST, PATCH, PUT, DELETE
content-type
text/plain; charset=utf-8
access-control-allow-origin
http://www.lagottodirubbiana.it
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NjKdkmQlj2gujejtvUngtIW3vm%2BJchV%2FykVNEMOR%2FNTI4Ps2Cv5knV%2FP%2BKLuggdVeVTfGphAeLpjylr8badSzZBR%2BOgxgX2HddamlWNJcHT53d1sEMWR%2FJQtB6IJKUaN9qLCpcM%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=300, stale-while-revalidate=86400
access-control-allow-credentials
true
cf-ray
84c7a3f13f714c4c-MXP
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Encoding, Accept
Primary Request appc.htm
apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com/U5drr77B4bG24uamDAumphbjXnHZMP/fmZZRh1eG6E5MvxD7eJQWGej79Ctm4/fv2UDmpB1R9XFSEgRNTHLJpVR1YTHa/qXqURSJ8y4SfX2pYuyFp4chUXDv5q1/caffcTE4uiNN...
37 KB
37 KB
Document
General
Full URL
https://apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com/U5drr77B4bG24uamDAumphbjXnHZMP/fmZZRh1eG6E5MvxD7eJQWGej79Ctm4/fv2UDmpB1R9XFSEgRNTHLJpVR1YTHa/qXqURSJ8y4SfX2pYuyFp4chUXDv5q1/caffcTE4uiNNcRbApgMzmmE665jcfR/RnX0xmMgt7HPVac7ZVhHndWfcc21SA/854Y6FBMjfVFrbDd1f8mjpC2iB2YVL/3jja0SPP0gn2mmKLN5Q3Rhb85mBL29/U0tQMXfBT2uWMpdNA3vDeXf0iQzCtw/1A4UjpU69jr6WTu7BggmXZVi5HGiKN/appc.htm
Requested by
Host: www.lagottodirubbiana.it
URL: http://www.lagottodirubbiana.it/kyrd-40646r3317/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
43.152.64.193 Singapore, Singapore, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),
Reverse DNS
Software
tencent-cos /
Resource Hash
66c11a9b1ad3918a7b6425b9f5999613d95c84b8701529ba061daae7d244fecb

Request headers

Referer
http://www.lagottodirubbiana.it/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
it-IT,it;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Length
37798
Content-Type
text/html
Date
Sun, 28 Jan 2024 07:49:45 GMT
ETag
"b3499df2b058c99f1c0a4049f488911e"
Last-Modified
Thu, 25 Jan 2024 08:43:54 GMT
Server
tencent-cos
x-cos-hash-crc64ecma
10455848440482416539
x-cos-request-id
NjViNjA3MTlfMWFlYzE1MGJfY2I3ZF81MjY1Y2Mx
jquery-3.4.1.min.js
code.jquery.com/
86 KB
30 KB
Script
General
Full URL
https://code.jquery.com/jquery-3.4.1.min.js
Requested by
Host: apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com
URL: https://apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com/U5drr77B4bG24uamDAumphbjXnHZMP/fmZZRh1eG6E5MvxD7eJQWGej79Ctm4/fv2UDmpB1R9XFSEgRNTHLJpVR1YTHa/qXqURSJ8y4SfX2pYuyFp4chUXDv5q1/caffcTE4uiNNcRbApgMzmmE665jcfR/RnX0xmMgt7HPVac7ZVhHndWfcc21SA/854Y6FBMjfVFrbDd1f8mjpC2iB2YVL/3jja0SPP0gn2mmKLN5Q3Rhb85mBL29/U0tQMXfBT2uWMpdNA3vDeXf0iQzCtw/1A4UjpU69jr6WTu7BggmXZVi5HGiKN/appc.htm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sun, 28 Jan 2024 07:49:46 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
1745269
x-cache
HIT, HIT
content-length
30638
x-served-by
cache-lga21923-LGA, cache-mxp6968-MXP
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1706428187.618115,VS0,VE0
etag
W/"28feccc0-15851"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
83, 13710
ae554c33-4b3c-409d-9df9-e3ed77109dd3
https://apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com/
26 KB
0
Document
General
Full URL
blob:https://apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com/ae554c33-4b3c-409d-9df9-e3ed77109dd3
Requested by
Host: apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com
URL: https://apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com/U5drr77B4bG24uamDAumphbjXnHZMP/fmZZRh1eG6E5MvxD7eJQWGej79Ctm4/fv2UDmpB1R9XFSEgRNTHLJpVR1YTHa/qXqURSJ8y4SfX2pYuyFp4chUXDv5q1/caffcTE4uiNNcRbApgMzmmE665jcfR/RnX0xmMgt7HPVac7ZVhHndWfcc21SA/854Y6FBMjfVFrbDd1f8mjpC2iB2YVL/3jja0SPP0gn2mmKLN5Q3Rhb85mBL29/U0tQMXfBT2uWMpdNA3vDeXf0iQzCtw/1A4UjpU69jr6WTu7BggmXZVi5HGiKN/appc.htm
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2ce656adce90b7fa4e9e093997841a9308fdb851905ad30cec486df705091cc8

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
it-IT,it;q=0.9

Response headers

Content-Length
26700
Content-Type
text/html
font-awesome.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/
37 KB
6 KB
Stylesheet
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
Requested by
Host: apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com
URL: blob:https://apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com/ae554c33-4b3c-409d-9df9-e3ed77109dd3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.24.14 -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
Origin
https://apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sun, 28 Jan 2024 07:49:47 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
300876
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
5884
last-modified
Mon, 04 May 2020 16:10:07 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e5f-9226"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wZ09MHmQIw6vMHnuAVH2Lpsrn9%2FQTW7%2FeaCIGiA3tGiY%2BJPrio7yLnvtRe1cpOMFJE0rVTHemRrgUhlHlZ6MRsOlqw4xmHMofl%2FtoMqrV7ZOmwMHxhUMU772i9k2xhz37SY%2F9Upp"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
84c7a409ba940e66-MXP
expires
Fri, 17 Jan 2025 07:49:47 GMT
styles.css
adminpanel.alwaysdata.net/
132 KB
17 KB
Stylesheet
General
Full URL
https://adminpanel.alwaysdata.net/styles.css
Requested by
Host: apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com
URL: blob:https://apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com/ae554c33-4b3c-409d-9df9-e3ed77109dd3
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.31.40.24 -, , ASN (),
Reverse DNS
Software
Apache /
Resource Hash
bd35bebddac1e4b1f4e255b9359ecb84b98cb5f8d8498474f0347b1992c01dfc

Request headers

accept-language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sun, 28 Jan 2024 07:49:47 GMT
content-encoding
br
via
2.0 alproxy
last-modified
Sat, 20 Jan 2024 00:52:54 GMT
server
Apache
etag
"20f4f-60f56044ca580-br"
vary
Accept-Encoding
content-type
text/css
accept-ranges
bytes
content-length
17042
microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
aadcdn.msftauth.net/ests/2.1/content/images/
4 KB
2 KB
Image
General
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
Requested by
Host: apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com
URL: blob:https://apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com/ae554c33-4b3c-409d-9df9-e3ed77109dd3
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 -, , ASN (),
Reverse DNS
Software
ECAcc (mil/6CD7) /
Resource Hash
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

accept-language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sun, 28 Jan 2024 07:49:47 GMT
content-encoding
gzip
content-md5
nzaLxFgP7ZB3dfMcaybWzw==
age
247169
x-cache
HIT
content-length
1435
x-ms-lease-status
unlocked
last-modified
Fri, 02 Nov 2018 20:25:22 GMT
server
ECAcc (mil/6CD7)
etag
0x8D64101507E84BD
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
dadf2da6-c01e-00ef-1d7f-4fc64e000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=604800
x-ms-version
2009-09-19
accept-ranges
bytes
picker_account_aad_9de70d1c5191d1852a0d5aac28b44a6c.svg
aadcdn.msftauth.net/ests/2.1/content/images/
756 B
788 B
Image
General
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/images/picker_account_aad_9de70d1c5191d1852a0d5aac28b44a6c.svg
Requested by
Host: apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com
URL: blob:https://apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com/ae554c33-4b3c-409d-9df9-e3ed77109dd3
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 -, , ASN (),
Reverse DNS
Software
ECAcc (mil/6C72) /
Resource Hash
5d3357bd875b7335ace42e8ee3a64578e4253bed1a4e279109de403eedae3a69

Request headers

accept-language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sun, 28 Jan 2024 07:49:47 GMT
content-encoding
gzip
content-md5
Sm6wIsHj8wthIZkm/aQWhA==
age
596149
x-cache
HIT
content-length
394
x-ms-lease-status
unlocked
last-modified
Fri, 02 Nov 2018 20:25:26 GMT
server
ECAcc (mil/6C72)
etag
0x8D64101535909BA
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
f956d854-401e-0037-5952-4caa39000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=604800
x-ms-version
2009-09-19
accept-ranges
bytes
picker_more_7568a43cf440757c55d2e7f51557ae1f.svg
aadcdn.msftauth.net/ests/2.1/content/images/
899 B
409 B
Image
General
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/images/picker_more_7568a43cf440757c55d2e7f51557ae1f.svg
Requested by
Host: apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com
URL: blob:https://apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com/ae554c33-4b3c-409d-9df9-e3ed77109dd3
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 -, , ASN (),
Reverse DNS
Software
ECAcc (mil/6CB5) /
Resource Hash
b7fcd37eaafe3f08647ed072d5289eadfff6c660a26cdef31532b3fcfb4a0bb2

Request headers

accept-language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sun, 28 Jan 2024 07:49:47 GMT
content-encoding
gzip
content-md5
K28EA/F25txr6jQahXym+g==
age
316346
x-cache
HIT
content-length
257
x-ms-lease-status
unlocked
last-modified
Fri, 02 Nov 2018 20:25:30 GMT
server
ECAcc (mil/6CB5)
etag
0x8D641015563B044
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
fb6d27fb-201e-00e1-60de-4e6453000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=604800
x-ms-version
2009-09-19
accept-ranges
bytes
picker_account_add_56e73414003cdb676008ff7857343074.svg
aadcdn.msftauth.net/ests/2.1/content/images/
222 B
334 B
Image
General
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/images/picker_account_add_56e73414003cdb676008ff7857343074.svg
Requested by
Host: apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com
URL: blob:https://apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com/ae554c33-4b3c-409d-9df9-e3ed77109dd3
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 -, , ASN (),
Reverse DNS
Software
ECAcc (mil/6C95) /
Resource Hash
749f85621d92a5b31b2a377a8c385a36d48a83327dad9a8a8da93cd831b8c9a2

Request headers

accept-language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sun, 28 Jan 2024 07:49:47 GMT
content-encoding
gzip
content-md5
ykuOnMaTo0vw2Gx/ZceiPg==
age
316346
x-cache
HIT
content-length
184
x-ms-lease-status
unlocked
last-modified
Fri, 02 Nov 2018 20:25:27 GMT
server
ECAcc (mil/6C95)
etag
0x8D6410153A20B4B
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
026c1e4b-501e-00fe-14de-4e5d6e000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=604800
x-ms-version
2009-09-19
accept-ranges
bytes
arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
aadcdn.msftauth.net/ests/2.1/content/images/
513 B
427 B
Image
General
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
Requested by
Host: apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com
URL: blob:https://apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com/ae554c33-4b3c-409d-9df9-e3ed77109dd3
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 -, , ASN (),
Reverse DNS
Software
ECAcc (mil/6C62) /
Resource Hash
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58

Request headers

accept-language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sun, 28 Jan 2024 07:49:47 GMT
content-encoding
gzip
content-md5
TjUQkZ0p0Y7rbj6LJofS9Q==
age
335664
x-cache
HIT
content-length
276
x-ms-lease-status
unlocked
last-modified
Fri, 02 Nov 2018 20:25:02 GMT
server
ECAcc (mil/6C62)
etag
0x8D6410144A4CB90
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
1dab9c23-a01e-007d-6fb1-4e773d000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=604800
x-ms-version
2009-09-19
accept-ranges
bytes
ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg
aadcdn.msftauth.net/ests/2.1/content/images/
900 B
404 B
Image
General
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg
Requested by
Host: apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com
URL: blob:https://apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com/ae554c33-4b3c-409d-9df9-e3ed77109dd3
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 -, , ASN (),
Reverse DNS
Software
ECAcc (mil/6CC4) /
Resource Hash
61d7ccc5d2c41bf86be6cefb0063405067849ba64e9f219f60596ef09a54a942

Request headers

accept-language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sun, 28 Jan 2024 07:49:47 GMT
content-encoding
gzip
content-md5
GapJ5vNFgRzr6JUAPI/Pxw==
age
596149
x-cache
HIT
content-length
252
x-ms-lease-status
unlocked
last-modified
Fri, 02 Nov 2018 20:25:14 GMT
server
ECAcc (mil/6CC4)
etag
0x8D641014BCAFCCD
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
083c4133-901e-00e2-5252-4c1955000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=604800
x-ms-version
2009-09-19
accept-ranges
bytes
ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg
aadcdn.msftauth.net/ests/2.1/content/images/
915 B
390 B
Image
General
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg
Requested by
Host: apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com
URL: blob:https://apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com/ae554c33-4b3c-409d-9df9-e3ed77109dd3
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 -, , ASN (),
Reverse DNS
Software
ECAcc (mil/6C6A) /
Resource Hash
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6

Request headers

accept-language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sun, 28 Jan 2024 07:49:47 GMT
content-encoding
gzip
content-md5
/a3y/mpA+HRaVAiPACrsog==
age
596149
x-cache
HIT
content-length
263
x-ms-lease-status
unlocked
last-modified
Fri, 02 Nov 2018 20:25:14 GMT
server
ECAcc (mil/6C6A)
etag
0x8D641014C1EFD89
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
1765ef51-901e-00b6-3052-4cd66e000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=604800
x-ms-version
2009-09-19
accept-ranges
bytes
jquery-3.1.1.min.js
code.jquery.com/
85 KB
29 KB
Script
General
Full URL
https://code.jquery.com/jquery-3.1.1.min.js
Requested by
Host: apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com
URL: blob:https://apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com/ae554c33-4b3c-409d-9df9-e3ed77109dd3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

Request headers

accept-language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sun, 28 Jan 2024 07:49:46 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
11627584
x-cache
HIT, HIT
content-length
30070
x-served-by
cache-lga21947-LGA, cache-mxp6968-MXP
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1706428187.728374,VS0,VE0
etag
W/"28feccc0-152b5"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
95, 1863
2_bc3d32a696895f78c19df6c717586a5d.svg
aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/
2 KB
843 B
Image
General
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
Requested by
Host: apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com
URL: blob:https://apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com/ae554c33-4b3c-409d-9df9-e3ed77109dd3
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 -, , ASN (),
Reverse DNS
Software
ECAcc (mil/6CD9) /
Resource Hash
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68

Request headers

accept-language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sun, 28 Jan 2024 07:49:47 GMT
content-encoding
gzip
content-md5
DhdidjYrlCeaRJJRG/y9mA==
age
6569108
x-cache
HIT
content-length
673
x-ms-lease-status
unlocked
last-modified
Thu, 13 Feb 2020 02:09:09 GMT
server
ECAcc (mil/6CD9)
etag
0x8D7B029B6833F84
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
342939ad-601e-0035-0fff-15fc3d000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies