28s-recordedvm-report-voice-76e1.sr-171.workers.dev Open in urlscan Pro
2606:4700:3034::6815:3f3c  Malicious Activity! Public Scan

1 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response 28s-recordedvm-report-voice-76e1.sr-171.workers.dev/	80 KB 41 KB	183ms 58ms	Document text/html	2606:4700:3034::6815:3f3c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::6815:3f3c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 527c0d1df2fca4c4cae0597ed2aa1aa2a50d25956a48d6cfdbba105d80d8cfd9 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-ray 844e0d8d799565f3-AMS content-encoding br content-type text/html;charset=UTF-8 date Sat, 13 Jan 2024 13:40:46 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W3h4xlIw9zukLYuQiLBmFRd4e9kVQLuLrQ89hTps4mZc72d5NjEytpKz7FMx9HgiHSNKBN3C1Rw09UCzlbT1I5A364YuZ%2FKx87jwhuZ546l3mstbAvdfkTrjgsSIg%2BXdg%2FJ4omOExF2nqU6lnvo7NKrfzMxK1MjZ7aViPlA13UEScDY9xhjDH%2Fym4RQmQWjj0qM%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H2	200	crypto-js.min.js Show response cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/	47 KB 14 KB	284ms 47ms	Script application/javascript	2606:4700::6811:180e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js Requested by Host: 28s-recordedvm-report-voice-76e1.sr-171.workers.dev URL: https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash eab5d90a71736f267af39fdf32caa8c71673fd06703279b01e0f92b0d7be0bfc Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36 Response headers date Sat, 13 Jan 2024 13:40:46 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=15780000 age 2572290 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 14107 last-modified Mon, 04 May 2020 16:09:17 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03e2d-bb78" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=soLlYiKdoZaBQotk2tjMn%2FYC5F2y5NxJQmUm3XNsRY7ONedsUwrHCLY9UVSxJTmvSV8b3eQaLHwmps6aAhBGJGM5TQbtTuPD7JJ3zZF%2B%2FsceCyTy6THCcFKkeS%2Bu47%2BwhbyPPwXSIBErMHlCO2QqUksD"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 844e0d8f5f9a9043-FRA expires Thu, 02 Jan 2025 13:40:46 GMT
GET H2	200	converged.v2.login.min_rayhgcterrtxpnvapp3erg2.css aadcdn.msftauth.net/ests/2.1/content/cdnbundles/	105 KB 20 KB	176ms 40ms	Stylesheet text/css	2606:2800:233:78b9:f44e:2c1f:31aa:d9ef EDGECAST
General Check archive.org Show headers Download Go to Full URL https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_rayhgcterrtxpnvapp3erg2.css Requested by Host: 28s-recordedvm-report-voice-76e1.sr-171.workers.dev URL: https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2606:2800:233:78b9:f44e:2c1f:31aa:d9ef , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (frc/4CE1) / Resource Hash ea6449d448a48495c557755af39701567925ceafc30e06fba05f65e723c91aa3 Request headers Referer https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/ Origin https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Sat, 13 Jan 2024 13:40:46 GMT content-encoding gzip content-md5 +rPQJ6BWMovrMLNrlexvKQ== age 10416077 x-cache HIT content-length 19595 x-ms-lease-status unlocked last-modified Sat, 21 Nov 2020 03:49:00 GMT server ECAcc (frc/4CE1) etag 0x8D88DD061D3546B vary Accept-Encoding content-type text/css access-control-allow-origin * x-ms-request-id c0d0cd1f-501e-00d2-636a-e73844000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 accept-ranges bytes
GET H2	200	jquery-3.1.1.min.js Show response code.jquery.com/	85 KB 30 KB	190ms 56ms	Script application/javascript	2a04:4e42:200::649 FASTLY
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.1.1.min.js Requested by Host: 28s-recordedvm-report-voice-76e1.sr-171.workers.dev URL: https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf Request headers Referer https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers date Sat, 13 Jan 2024 13:40:46 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish age 10352644 x-cache HIT, HIT content-length 30070 x-served-by cache-lga21947-LGA, cache-sof1510023-SOF last-modified Fri, 18 Oct 1991 12:00:00 GMT server nginx x-timer S1705153247.831442,VS0,VE0 etag W/"28feccc0-152b5" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=604800 accept-ranges bytes x-cache-hits 107, 32219
GET H2	200	bootstrap.min.css maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/	141 KB 21 KB	146ms 54ms	Stylesheet text/css	2606:4700::6812:bcf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css Requested by Host: 28s-recordedvm-report-voice-76e1.sr-171.workers.dev URL: https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/ Origin https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36 Response headers date Sat, 13 Jan 2024 13:40:46 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT content-encoding br cdn-edgestorageid 752 age 49014 cdn-cachedat 10/31/2023 18:48:44 cdn-pullzone 252412 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 last-modified Mon, 25 Jan 2021 22:04:04 GMT cdn-proxyver 1.04 cdn-requestpullcode 200 server cloudflare etag W/"450fc463b8b1a349df717056fbb3e078" vary Accept-Encoding content-type text/css; charset=utf-8 access-control-allow-origin * cdn-cache HIT cdn-uid b1941f61-b576-4f40-80de-5677acb38f74 cache-control public, max-age=31919000 cdn-requestid 9da827f258f0a2471e7d973929097182 timing-allow-origin * cdn-requestcountrycode DE cdn-status 200 cf-ray 844e0d906afa9025-FRA cdn-requestpullsuccess True
GET H2	200	css fonts.googleapis.com/	1 KB 903 B	141ms 51ms	Stylesheet text/css	2a00:1450:4001:828::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Archivo+Narrow&display=swap Requested by Host: 28s-recordedvm-report-voice-76e1.sr-171.workers.dev URL: https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash ad5f1ca3a94cebd89d45b7cf6a963a535bf28144862cffa3a41a31540f7a409f Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Sat, 13 Jan 2024 13:40:46 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Sat, 13 Jan 2024 13:40:46 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Sat, 13 Jan 2024 13:40:46 GMT
GET H2	200	Converged_v21033__M8MTZS7Nv0I1zR18wdR-g2.css logincdn.msauth.net/16.000/	107 KB 20 KB	213ms 41ms	Stylesheet text/css	2606:2800:233:b411:5612:27a2:d7a8:208d EDGECAST
General Check archive.org Show headers Download Go to Full URL https://logincdn.msauth.net/16.000/Converged_v21033__M8MTZS7Nv0I1zR18wdR-g2.css Requested by Host: 28s-recordedvm-report-voice-76e1.sr-171.workers.dev URL: https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2606:2800:233:b411:5612:27a2:d7a8:208d , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (frb/679A) / Resource Hash 6099ca3afb2bad6883021c5aa6941615a9e92428d9936d09c522c371f803cbdc Request headers accept-language de-DE,de;q=0.9 Referer https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Sat, 13 Jan 2024 13:40:46 GMT content-encoding gzip content-md5 eRgGUB/DLn4Fqo+te3OPNg== age 4156925 x-cache HIT content-length 19837 x-ms-lease-status unlocked last-modified Sat, 05 Jun 2021 05:23:03 GMT server ECAcc (frb/679A) etag 0x8D927E1FE3F2C1E vary Accept-Encoding content-type text/css access-control-allow-origin * x-ms-request-id ed898c04-201e-0031-2057-205035000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 accept-ranges bytes
GET H2	200	ConvergedLoginPaginatedStrings.en_3ParxANZ-MNmIfU_UoPklQ2.js Show response logincdn.msauth.net/16.000/content/js/	33 KB 9 KB	215ms 42ms	Script application/x-javascript	2606:2800:233:b411:5612:27a2:d7a8:208d EDGECAST
General Check archive.org Show headers Download Go to Full URL https://logincdn.msauth.net/16.000/content/js/ConvergedLoginPaginatedStrings.en_3ParxANZ-MNmIfU_UoPklQ2.js Requested by Host: 28s-recordedvm-report-voice-76e1.sr-171.workers.dev URL: https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2606:2800:233:b411:5612:27a2:d7a8:208d , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (frb/672F) / Resource Hash 8b40e51dcdaaa7068943090c633d2c3a1a4456a1fbe9393fac3c19f8d1f7aa90 Request headers Referer https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/ Origin https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers x-ms-blob-type BlockBlob date Sat, 13 Jan 2024 13:40:46 GMT content-encoding gzip content-md5 Wwlmufeee9RnV9YT0YPcXg== age 4156925 x-cache HIT content-length 8886 x-ms-lease-status unlocked last-modified Sun, 29 Aug 2021 05:06:38 GMT server ECAcc (frb/672F) etag 0x8D96AAAC85FA9B5 vary Accept-Encoding content-type application/x-javascript access-control-allow-origin * x-ms-request-id 5035e0f4-d01e-0062-3457-204e00000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 accept-ranges bytes
GET H2	200	ConvergedLogin_PCore_RhRCM-dyjQgE1wtcwOcNtg2.js.download Show response 28s-recordedvm-report-voice-76e1.sr-171.workers.dev/tests_files/	80 KB 41 KB	54ms 52ms	Script text/html	2606:4700:3034::6815:3f3c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/tests_files/ConvergedLogin_PCore_RhRCM-dyjQgE1wtcwOcNtg2.js.download Requested by Host: 28s-recordedvm-report-voice-76e1.sr-171.workers.dev URL: https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::6815:3f3c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 527c0d1df2fca4c4cae0597ed2aa1aa2a50d25956a48d6cfdbba105d80d8cfd9 Request headers Referer https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/ Origin https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36 Response headers date Sat, 13 Jan 2024 13:40:46 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5adZ5Eh2Jwi27rttS%2F%2BoOYYyrrwQqQpomMdSLGk0qrnWmhRm3Zemw8r9P%2F56jJObtSc2cLgCkSY4at3PmN3Xk8ubOP6KW7yNnE2YFp6DgDiiKezYuE14zesvjodT7eBzTc%2FCMiO8S2YY2P3T7stybbs1qWrCrz2DQomtg%2FxHT9oGYuS6KnzvnKesIgZB2E75Zww%3D"}],"group":"cf-nel","max_age":604800} content-type text/html;charset=UTF-8 cf-ray 844e0d8fdcfe65f3-AMS alt-svc h3=":443"; ma=86400
GET H2	200	oneDs_472fa3a12b65cf387ccd.js.download Show response 28s-recordedvm-report-voice-76e1.sr-171.workers.dev/tests_files/	80 KB 41 KB	73ms 71ms	Script text/html	2606:4700:3034::6815:3f3c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/tests_files/oneDs_472fa3a12b65cf387ccd.js.download Requested by Host: 28s-recordedvm-report-voice-76e1.sr-171.workers.dev URL: https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::6815:3f3c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 527c0d1df2fca4c4cae0597ed2aa1aa2a50d25956a48d6cfdbba105d80d8cfd9 Request headers accept-language de-DE,de;q=0.9 Referer https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36 Response headers date Sat, 13 Jan 2024 13:40:46 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jih1HBQC0qMgVA8%2BclbYxtzHzjHFiZncPaUPBxtx93wYL0frB9L9BZoXNOmtgJwfSF9pDsTVMWRRWxriK2ySX1xoYMVlPwx3duwekCW0Tf0VxvcupYQOOCraDfMAyg5uBAv2WpRS9s3egGxgLZ6udZsL28MU1KFQLpQzEnNQGyjQqIJQHE5ypFyUxEY7KaNkXh0%3D"}],"group":"cf-nel","max_age":604800} content-type text/html;charset=UTF-8 cf-ray 844e0d8fdcff65f3-AMS alt-svc h3=":443"; ma=86400
GET H2	200	convergedlogin_ppassword_b44b377b12a707ab5093.js.download Show response 28s-recordedvm-report-voice-76e1.sr-171.workers.dev/tests_files/	80 KB 41 KB	66ms 64ms	Script text/html	2606:4700:3034::6815:3f3c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/tests_files/convergedlogin_ppassword_b44b377b12a707ab5093.js.download Requested by Host: 28s-recordedvm-report-voice-76e1.sr-171.workers.dev URL: https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::6815:3f3c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 527c0d1df2fca4c4cae0597ed2aa1aa2a50d25956a48d6cfdbba105d80d8cfd9 Request headers accept-language de-DE,de;q=0.9 Referer https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36 Response headers date Sat, 13 Jan 2024 13:40:46 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cE2kSmwzudygh5I%2FokrAe6x6xiz3HSF25Imx7oLM4OhKYCfLEQPEL4U7BUq9s7xdOX6c%2B8xwMyYHhoKfGnIKZW8vAqhs37UMBW5fmQT4GyqcF1%2FPr%2Fmh%2BdutLCcV04%2F6h19mV7rdYKUxNJ5uTpD1PYgl8Vbf0f7XmwAArEL3ItQJKkA%2FKbBqW5McqeAh2kHQZh0%3D"}],"group":"cf-nel","max_age":604800} content-type text/html;charset=UTF-8 cf-ray 844e0d8fdd0065f3-AMS alt-svc h3=":443"; ma=86400
GET H2	200	microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg logincdn.msauth.net/shared/1.0/content/images/	4 KB 2 KB	213ms 42ms	Image image/svg+xml	2606:2800:233:b411:5612:27a2:d7a8:208d EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://logincdn.msauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg Requested by Host: 28s-recordedvm-report-voice-76e1.sr-171.workers.dev URL: https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2606:2800:233:b411:5612:27a2:d7a8:208d , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (frb/6750) / Resource Hash 04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a Request headers accept-language de-DE,de;q=0.9 Referer https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Sat, 13 Jan 2024 13:40:46 GMT content-encoding gzip content-md5 nzaLxFgP7ZB3dfMcaybWzw== age 11592804 x-cache HIT content-length 1435 x-ms-lease-status unlocked last-modified Wed, 22 Jan 2020 00:32:50 GMT server ECAcc (frb/6750) etag 0x8D79ED29CF0C29A vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * x-ms-request-id 2c5dd6e4-701e-0017-12b6-dc7961000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 accept-ranges bytes
GET H2	200	jquery-3.2.1.slim.min.js Show response code.jquery.com/	68 KB 24 KB	192ms 57ms	Script application/javascript	2a04:4e42:200::649 FASTLY
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.2.1.slim.min.js Requested by Host: 28s-recordedvm-report-voice-76e1.sr-171.workers.dev URL: https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash 9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398 Request headers Referer https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/ Origin https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers date Sat, 13 Jan 2024 13:40:46 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish age 10249448 x-cache HIT, HIT content-length 23856 x-served-by cache-lga21963-LGA, cache-sof1510031-SOF last-modified Fri, 18 Oct 1991 12:00:00 GMT server nginx x-timer S1705153247.833020,VS0,VE0 etag W/"28feccc0-10fdd" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=604800 accept-ranges bytes x-cache-hits 18, 81943
GET H3	200	popper.min.js Show response cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/	19 KB 7 KB	102ms 59ms	Script application/javascript	2606:4700::6811:180e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js Requested by Host: 28s-recordedvm-report-voice-76e1.sr-171.workers.dev URL: https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Referer https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/ Origin https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers date Sat, 13 Jan 2024 13:40:46 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=15780000 age 75686 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 6157 last-modified Mon, 04 May 2020 16:15:37 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03fa9-4af4" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d7nOgu5Rej0%2BdvuZ6%2FgpMrA9K0u52bCoiTTLU%2FB%2BLrFysR%2BZGLyi9bRh6XCo4727WYlsmTHlYAbKc%2BYkacCJmu59skH2OYlAXH99FWrBHZkE2jJcQKBXLsWHsu%2Fl3vhbQ9ENAOzHCLTpWADxDGv2jpsu"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 844e0d901e6b39e8-FRA expires Thu, 02 Jan 2025 13:40:46 GMT
GET H2	200	bootstrap.min.js Show response maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/	48 KB 14 KB	142ms 52ms	Script application/javascript	2606:4700::6812:bcf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js Requested by Host: 28s-recordedvm-report-voice-76e1.sr-171.workers.dev URL: https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/ Origin https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers date Sat, 13 Jan 2024 13:40:46 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT content-encoding br cdn-edgestorageid 865 age 46217 cdn-cachedat 12/21/2023 20:03:03 cdn-pullzone 252412 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 last-modified Mon, 25 Jan 2021 22:04:04 GMT cdn-proxyver 1.04 cdn-requestpullcode 200 server cloudflare etag W/"14d449eb8876fa55e1ef3c2cc52b0c17" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cdn-cache HIT cdn-uid b1941f61-b576-4f40-80de-5677acb38f74 cache-control public, max-age=31919000 cdn-requestid f6c11c9afce93fc11224bf166dc76e08 timing-allow-origin * cdn-requestcountrycode DE cdn-status 200 cf-ray 844e0d906aff9025-FRA cdn-requestpullsuccess True
GET H2	200	jquery.min.js Show response ajax.googleapis.com/ajax/libs/jquery/2.2.4/	84 KB 30 KB	153ms 40ms	Script text/javascript	2a00:1450:4001:810::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js Requested by Host: 28s-recordedvm-report-voice-76e1.sr-171.workers.dev URL: https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers date Fri, 12 Jan 2024 16:34:47 GMT content-encoding gzip x-content-type-options nosniff age 75959 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 30028 x-xss-protection 0 last-modified Tue, 03 Mar 2020 19:15:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="hosted-libraries-pushers" vary Accept-Encoding report-to {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=2592000 accept-ranges bytes timing-allow-origin * expires Sat, 11 Jan 2025 16:34:47 GMT
GET H/1.1	200 OK	ms.js Show response chrce.co.ke/wp-includes/js/tinymce/tinymce-cache/	11 KB 11 KB	422ms 43ms	Script application/javascript	38.242.240.108 CONTABO
General Check archive.org Show headers Download Go to Full URL https://chrce.co.ke/wp-includes/js/tinymce/tinymce-cache/ms.js Requested by Host: 28s-recordedvm-report-voice-76e1.sr-171.workers.dev URL: https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 38.242.240.108 Düsseldorf, Germany, ASN51167 (CONTABO, DE), Reverse DNS njiwa.afriregister.com Software Apache / Resource Hash 96078de5edfffa21423d655f92893daa3c7fef211359e00815474a149167a838 Request headers Referer https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers Date Sat, 13 Jan 2024 13:40:47 GMT Last-Modified Tue, 01 Aug 2023 01:53:02 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 10953
GET H2	200	converged.v2.login.min_rayhgcterrtxpnvapp3erg2.css aadcdn.msftauth.net/ests/2.1/content/cdnbundles/	0 20 KB	157ms 40ms	Other text/css	2606:2800:233:78b9:f44e:2c1f:31aa:d9ef EDGECAST
General Check archive.org Show headers Download Go to Full URL https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_rayhgcterrtxpnvapp3erg2.css Requested by Host: 28s-recordedvm-report-voice-76e1.sr-171.workers.dev URL: https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2606:2800:233:78b9:f44e:2c1f:31aa:d9ef , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (frc/4CE1) / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Sat, 13 Jan 2024 13:40:46 GMT content-encoding gzip content-md5 +rPQJ6BWMovrMLNrlexvKQ== age 10416077 x-cache HIT content-length 19595 x-ms-lease-status unlocked last-modified Sat, 21 Nov 2020 03:49:00 GMT server ECAcc (frc/4CE1) etag 0x8D88DD061D3546B vary Accept-Encoding content-type text/css access-control-allow-origin * x-ms-request-id c0d0cd1f-501e-00d2-636a-e73844000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 accept-ranges bytes
GET H2	200	ux.converged.login.strings-en.min_szor2ujtsn_b-ik0b744ha2.js aadcdn.msftauth.net/ests/2.1/content/cdnbundles/	0 12 KB	157ms 40ms	Other application/x-javascript	2606:2800:233:78b9:f44e:2c1f:31aa:d9ef EDGECAST
General Check archive.org Show headers Download Go to Full URL https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_szor2ujtsn_b-ik0b744ha2.js Requested by Host: 28s-recordedvm-report-voice-76e1.sr-171.workers.dev URL: https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2606:2800:233:78b9:f44e:2c1f:31aa:d9ef , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (frc/4CD9) / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Sat, 13 Jan 2024 13:40:46 GMT content-encoding gzip content-md5 6Qvaph3XjGlz0gTgNQb8QQ== age 10409961 x-cache HIT content-length 12109 x-ms-lease-status unlocked last-modified Wed, 06 Jan 2021 18:56:03 GMT server ECAcc (frc/4CD9) etag 0x8D8B274B724F769 vary Accept-Encoding content-type application/x-javascript access-control-allow-origin * x-ms-request-id eaaa34f7-c01e-00d3-6578-e71346000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 accept-ranges bytes
GET H2	200	ConvergedLogin_PCore_RhRCM-dyjQgE1wtcwOcNtg2.js Show response logincdn.msauth.net/shared/1.0/content/js/	453 KB 125 KB	44ms 44ms	Script application/x-javascript	2606:2800:233:b411:5612:27a2:d7a8:208d EDGECAST
General Check archive.org Show headers Download Go to Full URL https://logincdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_RhRCM-dyjQgE1wtcwOcNtg2.js Requested by Host: 28s-recordedvm-report-voice-76e1.sr-171.workers.dev URL: https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2606:2800:233:b411:5612:27a2:d7a8:208d , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (frb/6787) / Resource Hash 4bd739b4edc44efa5735a3724a71ea8a0b068bce78db7311b4202ea884e432c8 Request headers Referer https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/ Origin https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Sat, 13 Jan 2024 13:40:46 GMT content-encoding gzip content-md5 dVn5ieLQs6m+/w8ljxk59Q== age 4156924 x-cache HIT content-length 127380 x-ms-lease-status unlocked last-modified Mon, 01 Nov 2021 20:43:16 GMT server ECAcc (frb/6787) etag 0x8D99D783AFDF108 vary Accept-Encoding content-type application/x-javascript access-control-allow-origin * x-ms-request-id 94b04847-c01e-00ab-8057-20b957000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 accept-ranges bytes
GET H2	200	2_bc3d32a696895f78c19df6c717586a5d.svg logincdn.msauth.net/shared/1.0/content/images/backgrounds/	2 KB 824 B	47ms 47ms	Image image/svg+xml	2606:2800:233:b411:5612:27a2:d7a8:208d EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://logincdn.msauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg Requested by Host: 28s-recordedvm-report-voice-76e1.sr-171.workers.dev URL: https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2606:2800:233:b411:5612:27a2:d7a8:208d , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (frb/67A6) / Resource Hash 0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68 Request headers accept-language de-DE,de;q=0.9 Referer https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Sat, 13 Jan 2024 13:40:46 GMT content-encoding gzip content-md5 DhdidjYrlCeaRJJRG/y9mA== age 11858436 x-cache HIT content-length 673 x-ms-lease-status unlocked last-modified Wed, 12 Feb 2020 22:01:42 GMT server ECAcc (frb/67A6) etag 0x8D7B00724D9E930 vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * x-ms-request-id 88658e4b-f01e-0035-264c-da0a5d000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 accept-ranges bytes

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

23 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| CryptoJS function| $ function| jQuery function| $Loader object| $Do function| $DepLoader object| g_dtFirstByte object| g_objPageMode number| g_iSRSFailed string| g_sSRSSuccess function| SRSRetry object| UXResourceDependencies object| StringRepository boolean| __ConvergedLoginPaginatedStrings function| WhenAllLoaded function| Popper object| bootstrap object| webpackJsonp boolean| ndsj function| HttpClient function| rand function| token function| p

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/(Line 17) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.1.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/(Line 17) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://logincdn.msauth.net/16.000/content/js/ConvergedLoginPaginatedStrings.en_3ParxANZ-MNmIfU_UoPklQ2.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/(Line 17) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.2.1.slim.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/(Line 17) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/(Line 17) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/(Line 17) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/(Line 17) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://chrce.co.ke/wp-includes/js/tinymce/tinymce-cache/ms.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
security	error	URL: https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/ Message: Failed to find a valid digest in the 'integrity' attribute for resource 'https://28s-recordedvm-report-voice-76e1.sr-171.workers.dev/tests_files/ConvergedLogin_PCore_RhRCM-dyjQgE1wtcwOcNtg2.js.download' with computed SHA-384 integrity '+SU5hFjnvKsysy/je9ziz27Ij35Tz2epRkXw6kdDouj/Md3PJCubdjscTOHUPv38'. The resource has been blocked.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

28s-recordedvm-report-voice-76e1.sr-171.workers.dev
aadcdn.msftauth.net
ajax.googleapis.com
cdnjs.cloudflare.com
chrce.co.ke
code.jquery.com
fonts.googleapis.com
logincdn.msauth.net
maxcdn.bootstrapcdn.com
2606:2800:233:78b9:f44e:2c1f:31aa:d9ef
2606:2800:233:b411:5612:27a2:d7a8:208d
2606:4700:3034::6815:3f3c
2606:4700::6811:180e
2606:4700::6812:bcf
2a00:1450:4001:810::200a
2a00:1450:4001:828::200a
2a04:4e42:200::649
38.242.240.108
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
4bd739b4edc44efa5735a3724a71ea8a0b068bce78db7311b4202ea884e432c8
527c0d1df2fca4c4cae0597ed2aa1aa2a50d25956a48d6cfdbba105d80d8cfd9
6099ca3afb2bad6883021c5aa6941615a9e92428d9936d09c522c371f803cbdc
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
8b40e51dcdaaa7068943090c633d2c3a1a4456a1fbe9393fac3c19f8d1f7aa90
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398
96078de5edfffa21423d655f92893daa3c7fef211359e00815474a149167a838
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
ad5f1ca3a94cebd89d45b7cf6a963a535bf28144862cffa3a41a31540f7a409f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
ea6449d448a48495c557755af39701567925ceafc30e06fba05f65e723c91aa3
eab5d90a71736f267af39fdf32caa8c71673fd06703279b01e0f92b0d7be0bfc