28s-recordedvm-report-voice-76e1.sr-171.workers.dev
Open in
urlscan Pro
2606:4700:3034::6815:3f3c
Malicious Activity!
Public Scan
Submission: On January 13 via automatic, source phishtank — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1P5 on November 25th 2023. Valid for: 3 months.
This is the only time 28s-recordedvm-report-voice-76e1.sr-171.workers.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 2606:4700:303... 2606:4700:3034::6815:3f3c | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2606:4700::68... 2606:4700::6811:180e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 2606:2800:233... 2606:2800:233:78b9:f44e:2c1f:31aa:d9ef | 15133 (EDGECAST) (EDGECAST) | |
2 | 2a04:4e42:200... 2a04:4e42:200::649 | 54113 (FASTLY) (FASTLY) | |
2 | 2606:4700::68... 2606:4700::6812:bcf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:828::200a | 15169 (GOOGLE) (GOOGLE) | |
5 | 2606:2800:233... 2606:2800:233:b411:5612:27a2:d7a8:208d | 15133 (EDGECAST) (EDGECAST) | |
1 | 2a00:1450:400... 2a00:1450:4001:810::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 38.242.240.108 38.242.240.108 | 51167 (CONTABO) (CONTABO) | |
21 | 9 |
ASN13335 (CLOUDFLARENET, US)
28s-recordedvm-report-voice-76e1.sr-171.workers.dev |
ASN15133 (EDGECAST, US)
aadcdn.msftauth.net |
ASN15133 (EDGECAST, US)
logincdn.msauth.net |
ASN51167 (CONTABO, DE)
PTR: njiwa.afriregister.com
chrce.co.ke |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
msauth.net
logincdn.msauth.net — Cisco Umbrella Rank: 3799 |
156 KB |
4 |
workers.dev
28s-recordedvm-report-voice-76e1.sr-171.workers.dev |
165 KB |
3 |
msftauth.net
aadcdn.msftauth.net — Cisco Umbrella Rank: 943 |
51 KB |
2 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 28 ajax.googleapis.com — Cisco Umbrella Rank: 369 |
31 KB |
2 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1019 |
35 KB |
2 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 760 |
53 KB |
2 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 225 |
21 KB |
1 |
chrce.co.ke
chrce.co.ke |
11 KB |
21 | 8 |
Domain | Requested by | |
---|---|---|
5 | logincdn.msauth.net |
28s-recordedvm-report-voice-76e1.sr-171.workers.dev
|
4 | 28s-recordedvm-report-voice-76e1.sr-171.workers.dev |
28s-recordedvm-report-voice-76e1.sr-171.workers.dev
|
3 | aadcdn.msftauth.net |
28s-recordedvm-report-voice-76e1.sr-171.workers.dev
|
2 | maxcdn.bootstrapcdn.com |
28s-recordedvm-report-voice-76e1.sr-171.workers.dev
|
2 | code.jquery.com |
28s-recordedvm-report-voice-76e1.sr-171.workers.dev
|
2 | cdnjs.cloudflare.com |
28s-recordedvm-report-voice-76e1.sr-171.workers.dev
|
1 | chrce.co.ke |
28s-recordedvm-report-voice-76e1.sr-171.workers.dev
|
1 | ajax.googleapis.com |
28s-recordedvm-report-voice-76e1.sr-171.workers.dev
|
1 | fonts.googleapis.com |
28s-recordedvm-report-voice-76e1.sr-171.workers.dev
|
21 | 9 |
This site contains links to these domains. Also see Links.
Domain |
---|
login.live.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sr-171.workers.dev GTS CA 1P5 |
2023-11-25 - 2024-02-23 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
aadcdn.msftauth.net DigiCert SHA2 Secure Server CA |
2023-12-01 - 2024-12-01 |
a year | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
bootstrapcdn.com GTS CA 1P5 |
2023-11-30 - 2024-02-28 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-12-11 - 2024-03-04 |
3 months | crt.sh |
identitycdn.msauth.net Microsoft Azure RSA TLS Issuing CA 03 |
2023-11-02 - 2024-10-27 |
a year | crt.sh |
chrce.co.ke R3 |
2023-12-05 - 2024-03-04 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/
Frame ID: 8734E2EB672AFB77CA0F0E53EB1C0E3E
Requests: 21 HTTP requests in this frame
Screenshot
Page Title
a773b46a6141d3810a3d467ce08f91e92df0ba5751a5833d024b6Sign in to your accountDetected technologies
WordPress (CMS) ExpandDetected patterns
- /wp-(?:content|includes)/
Bootstrap (Web Frameworks) Expand
Detected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Popper (Miscellaneous) Expand
Detected patterns
- /popper\.js/([0-9.]+)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Privacy & cookies
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
28s-recordedvm-report-voice-76e1.sr-171.workers.dev/ |
80 KB 41 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
crypto-js.min.js
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/ |
47 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
converged.v2.login.min_rayhgcterrtxpnvapp3erg2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ |
105 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.1.1.min.js
code.jquery.com/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/ |
141 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
1 KB 903 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Converged_v21033__M8MTZS7Nv0I1zR18wdR-g2.css
logincdn.msauth.net/16.000/ |
107 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ConvergedLoginPaginatedStrings.en_3ParxANZ-MNmIfU_UoPklQ2.js
logincdn.msauth.net/16.000/content/js/ |
33 KB 9 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ConvergedLogin_PCore_RhRCM-dyjQgE1wtcwOcNtg2.js.download
28s-recordedvm-report-voice-76e1.sr-171.workers.dev/tests_files/ |
80 KB 41 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
oneDs_472fa3a12b65cf387ccd.js.download
28s-recordedvm-report-voice-76e1.sr-171.workers.dev/tests_files/ |
80 KB 41 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
convergedlogin_ppassword_b44b377b12a707ab5093.js.download
28s-recordedvm-report-voice-76e1.sr-171.workers.dev/tests_files/ |
80 KB 41 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
logincdn.msauth.net/shared/1.0/content/images/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.2.1.slim.min.js
code.jquery.com/ |
68 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/ |
19 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/ |
48 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ |
84 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ms.js
chrce.co.ke/wp-includes/js/tinymce/tinymce-cache/ |
11 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
converged.v2.login.min_rayhgcterrtxpnvapp3erg2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ |
0 20 KB |
Other
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ux.converged.login.strings-en.min_szor2ujtsn_b-ik0b744ha2.js
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ |
0 12 KB |
Other
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ConvergedLogin_PCore_RhRCM-dyjQgE1wtcwOcNtg2.js
logincdn.msauth.net/shared/1.0/content/js/ |
453 KB 125 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2_bc3d32a696895f78c19df6c717586a5d.svg
logincdn.msauth.net/shared/1.0/content/images/backgrounds/ |
2 KB 824 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)23 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| CryptoJS function| $ function| jQuery function| $Loader object| $Do function| $DepLoader object| g_dtFirstByte object| g_objPageMode number| g_iSRSFailed string| g_sSRSSuccess function| SRSRetry object| UXResourceDependencies object| StringRepository boolean| __ConvergedLoginPaginatedStrings function| WhenAllLoaded function| Popper object| bootstrap object| webpackJsonp boolean| ndsj function| HttpClient function| rand function| token function| p0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
8 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
28s-recordedvm-report-voice-76e1.sr-171.workers.dev
aadcdn.msftauth.net
ajax.googleapis.com
cdnjs.cloudflare.com
chrce.co.ke
code.jquery.com
fonts.googleapis.com
logincdn.msauth.net
maxcdn.bootstrapcdn.com
2606:2800:233:78b9:f44e:2c1f:31aa:d9ef
2606:2800:233:b411:5612:27a2:d7a8:208d
2606:4700:3034::6815:3f3c
2606:4700::6811:180e
2606:4700::6812:bcf
2a00:1450:4001:810::200a
2a00:1450:4001:828::200a
2a04:4e42:200::649
38.242.240.108
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
4bd739b4edc44efa5735a3724a71ea8a0b068bce78db7311b4202ea884e432c8
527c0d1df2fca4c4cae0597ed2aa1aa2a50d25956a48d6cfdbba105d80d8cfd9
6099ca3afb2bad6883021c5aa6941615a9e92428d9936d09c522c371f803cbdc
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
8b40e51dcdaaa7068943090c633d2c3a1a4456a1fbe9393fac3c19f8d1f7aa90
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398
96078de5edfffa21423d655f92893daa3c7fef211359e00815474a149167a838
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
ad5f1ca3a94cebd89d45b7cf6a963a535bf28144862cffa3a41a31540f7a409f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
ea6449d448a48495c557755af39701567925ceafc30e06fba05f65e723c91aa3
eab5d90a71736f267af39fdf32caa8c71673fd06703279b01e0f92b0d7be0bfc