zsrb1bg2puf.multi-factor0ffice.info Open in urlscan Pro
88.218.188.92 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://securedauth0ffice.info/
Effective URL:
https://zsrb1bg2puf.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2N...
Submission: On December 08 via manual (December 8th 2023, 11:30:33 am UTC) from DE — Scanned from DE

Summary HTTP 30 Redirects Behaviour Indicators

Summary

This website contacted 12 IPs in 3 countries across 12 domains to perform 30 HTTP transactions. The main IP is 88.218.188.92, located in Ukraine and belongs to THEHOST-AS, UA. The main domain is zsrb1bg2puf.multi-factor0ffice.info.
TLS certificate: Issued by R3 on December 5th 2023. Valid for: 3 months.

This is the only time zsrb1bg2puf.multi-factor0ffice.info was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	107.161.23.204 107.161.23.204	3842 (RAMNODE) (RAMNODE)
1 1	204.188.203.154 204.188.203.154	46844 (SHARKTECH) (SHARKTECH)
1	2600:3c03::f0... 2600:3c03::f03c:92ff:fe6e:6d8b	63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud)
1	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	2606:4700:10:... 2606:4700:10::ac43:88d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	54.231.161.185 54.231.161.185	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
4 11	88.218.188.92 88.218.188.92	56485 (THEHOST-AS) (THEHOST-AS)
1	20.190.159.2 20.190.159.2	() ()
1	2603:1026:c0d... 2603:1026:c0d:100b::2	() ()
3	2a02:26f0:710... 2a02:26f0:7100::687e:2520	() ()
30	12

1 107.161.23.204 (Miami, United States) 1 redirects

ASN3842 (RAMNODE, US)
PTR: parking.namesilo.com

securedauth0ffice.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 204.188.203.154 (Chicago, United States) 1 redirects

ASN46844 (SHARKTECH, US)
PTR: sixsigma4.ssbrmkt.com.br

www.securedauth0ffice.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:3c03::f03c:92ff:fe6e:6d8b (Cedar Knolls, United States)

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)

sotpwinzwernet.us-east-1.linodeobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

qr.codes	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

qr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::ac43:88d (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

whos.amung.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
widgets.amung.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.231.161.185 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com

multiplelinks-images.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 88.218.188.92 (Ukraine) 4 redirects

ASN56485 (THEHOST-AS, UA)
PTR: eidgrdp.theweb.place

security-0tp0ffice.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
zsrb1bg2puf.multi-factor0ffice.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.190.159.2 (None, )

ASN- ()

login.live.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2603:1026:c0d:100b::2 (None, )

ASN- ()

outlook.office365.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:7100::687e:2520 (None, )

ASN- ()

r4.res.office365.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	multi-factor0ffice.info 3 redirects zsrb1bg2puf.multi-factor0ffice.info	830 KB
5	qr.io qr.io — Cisco Umbrella Rank: 162006	118 KB
4	office365.com outlook.office365.com r4.res.office365.com	504 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	2 KB
2	amung.us 1 redirects whos.amung.us — Cisco Umbrella Rank: 17707 widgets.amung.us — Cisco Umbrella Rank: 33548	661 B
2	securedauth0ffice.info 2 redirects securedauth0ffice.info www.securedauth0ffice.info	430 B
1	live.com login.live.com
1	security-0tp0ffice.info 1 redirects security-0tp0ffice.info	661 B
1	gstatic.com fonts.gstatic.com	31 KB
1	amazonaws.com multiplelinks-images.s3.amazonaws.com	3 KB
1	qr.codes qr.codes — Cisco Umbrella Rank: 599960	13 KB
1	linodeobjects.com sotpwinzwernet.us-east-1.linodeobjects.com	3 KB
30	12

	Domain	Requested by
10	zsrb1bg2puf.multi-factor0ffice.info	3 redirects zsrb1bg2puf.multi-factor0ffice.info
5	qr.io	sotpwinzwernet.us-east-1.linodeobjects.com
3	r4.res.office365.com	outlook.office365.com
2	fonts.googleapis.com	qr.io
1	outlook.office365.com	zsrb1bg2puf.multi-factor0ffice.info
1	login.live.com	zsrb1bg2puf.multi-factor0ffice.info
1	security-0tp0ffice.info	1 redirects
1	fonts.gstatic.com	fonts.googleapis.com
1	multiplelinks-images.s3.amazonaws.com	sotpwinzwernet.us-east-1.linodeobjects.com
1	widgets.amung.us	sotpwinzwernet.us-east-1.linodeobjects.com
1	whos.amung.us	1 redirects
1	qr.codes	sotpwinzwernet.us-east-1.linodeobjects.com
1	sotpwinzwernet.us-east-1.linodeobjects.com
1	www.securedauth0ffice.info	1 redirects
1	securedauth0ffice.info	1 redirects
30	15

This site contains no links.

Subject Issuer	Validity	Valid
us-east-1.linodeobjects.com R3	`2023-10-11` - `2024-01-09`	3 months	crt.sh
qr.codes GTS CA 1P5	`2023-10-19` - `2024-01-17`	3 months	crt.sh
qr.io GTS CA 1P5	`2023-12-06` - `2024-03-05`	3 months	crt.sh
*.s3.amazonaws.com Amazon RSA 2048 M01	`2023-10-10` - `2024-07-03`	9 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
multi-factor0ffice.info R3	`2023-12-05` - `2024-03-04`	3 months	crt.sh
login.live.com DigiCert SHA2 Secure Server CA	`2023-11-10` - `2024-11-10`	a year	crt.sh
outlook.com DigiCert Cloud Services CA-1	`2023-10-31` - `2024-10-30`	a year	crt.sh
*.res.outlook.com DigiCert SHA2 Secure Server CA	`2023-04-17` - `2024-04-17`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://zsrb1bg2puf.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NWRhYzI0NDgtMDNkOC0xYjljLTA0NmEtYTBjNmU4Y2FhYzFhJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODM3NjMxODMwODcwMzg5Ni44NDFhMTFmMS0xYmI2LTQ4Y2UtODVkZC01Y2RkNDllZmY1ZGUmc3RhdGU9RGNzeEVvQWdEQVhSb09OeEltUUMtRGtPRUdndHZiNHA5blViaU9qMERpOGtoNTZxVUVlZ0NVOVN0SG9qU3hmWndqSkc1WXk1R01XTXl6VExiZTFkYkFWX3JfaC1QZjQ=&sso_reload=true
Frame ID: D6B3DD35BBAD6C53CCA4BA73F91AC3A0
Requests: 27 HTTP requests in this frame

Frame: https://outlook.office365.com/owa/prefetch.aspx
Frame ID: 975859031935BD8CA2B31B3D6199F772
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://securedauth0ffice.info/ HTTP 301
http://www.securedauth0ffice.info/ HTTP 301
https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html Page URL
https://security-0tp0ffice.info/?sdqgbkbe HTTP 302
https://zsrb1bg2puf.multi-factor0ffice.info/?sign=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3pzcmIxYmcyc... HTTP 302
https://zsrb1bg2puf.multi-factor0ffice.info/ HTTP 301
https://zsrb1bg2puf.multi-factor0ffice.info/owa/ HTTP 302
https://zsrb1bg2puf.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV... Page URL
https://zsrb1bg2puf.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV... Page URL

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

30
Requests

77 %
HTTPS

62 %
IPv6

12
Domains

15
Subdomains

12
IPs

3
Countries

1495 kB
Transfer

3876 kB
Size

16
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://securedauth0ffice.info/ HTTP 301
http://www.securedauth0ffice.info/ HTTP 301
https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html Page URL
https://security-0tp0ffice.info/?sdqgbkbe HTTP 302
https://zsrb1bg2puf.multi-factor0ffice.info/?sign=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3pzcmIxYmcycHVmLm11bHRpLWZhY3RvcjBmZmljZS5pbmZvIiwiZG9tYWluIjoienNyYjFiZzJwdWYubXVsdGktZmFjdG9yMGZmaWNlLmluZm8iLCJrZXkiOiJWTkVFTWJoT1JEamUiLCJxcmMiOm51bGwsImlhdCI6MTcwMjAzNTAzMCwiZXhwIjoxNzAyMDM1MTUwfQ.xRIj0QwtpItEsz0NbZ3i-4p3UuguoklkIT4F-siT1Pg HTTP 302
https://zsrb1bg2puf.multi-factor0ffice.info/ HTTP 301
https://zsrb1bg2puf.multi-factor0ffice.info/owa/ HTTP 302
https://zsrb1bg2puf.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NWRhYzI0NDgtMDNkOC0xYjljLTA0NmEtYTBjNmU4Y2FhYzFhJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODM3NjMxODMwODcwMzg5Ni44NDFhMTFmMS0xYmI2LTQ4Y2UtODVkZC01Y2RkNDllZmY1ZGUmc3RhdGU9RGNzeEVvQWdEQVhSb09OeEltUUMtRGtPRUdndHZiNHA5blViaU9qMERpOGtoNTZxVUVlZ0NVOVN0SG9qU3hmWndqSkc1WXk1R01XTXl6VExiZTFkYkFWX3JfaC1QZjQ= Page URL
https://zsrb1bg2puf.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NWRhYzI0NDgtMDNkOC0xYjljLTA0NmEtYTBjNmU4Y2FhYzFhJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODM3NjMxODMwODcwMzg5Ni44NDFhMTFmMS0xYmI2LTQ4Y2UtODVkZC01Y2RkNDllZmY1ZGUmc3RhdGU9RGNzeEVvQWdEQVhSb09OeEltUUMtRGtPRUdndHZiNHA5blViaU9qMERpOGtoNTZxVUVlZ0NVOVN0SG9qU3hmWndqSkc1WXk1R01XTXl6VExiZTFkYkFWX3JfaC1QZjQ=&sso_reload=true Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://securedauth0ffice.info/ HTTP 301
http://www.securedauth0ffice.info/ HTTP 301
https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html

Request Chain 7

https://whos.amung.us/swidget/qriostats.png HTTP 307
https://widgets.amung.us/small/08/808.png

Request Chain 12

https://security-0tp0ffice.info/?sdqgbkbe HTTP 302
https://zsrb1bg2puf.multi-factor0ffice.info/?sign=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3pzcmIxYmcycHVmLm11bHRpLWZhY3RvcjBmZmljZS5pbmZvIiwiZG9tYWluIjoienNyYjFiZzJwdWYubXVsdGktZmFjdG9yMGZmaWNlLmluZm8iLCJrZXkiOiJWTkVFTWJoT1JEamUiLCJxcmMiOm51bGwsImlhdCI6MTcwMjAzNTAzMCwiZXhwIjoxNzAyMDM1MTUwfQ.xRIj0QwtpItEsz0NbZ3i-4p3UuguoklkIT4F-siT1Pg HTTP 302
https://zsrb1bg2puf.multi-factor0ffice.info/ HTTP 301
https://zsrb1bg2puf.multi-factor0ffice.info/owa/ HTTP 302
https://zsrb1bg2puf.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NWRhYzI0NDgtMDNkOC0xYjljLTA0NmEtYTBjNmU4Y2FhYzFhJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODM3NjMxODMwODcwMzg5Ni44NDFhMTFmMS0xYmI2LTQ4Y2UtODVkZC01Y2RkNDllZmY1ZGUmc3RhdGU9RGNzeEVvQWdEQVhSb09OeEltUUMtRGtPRUdndHZiNHA5blViaU9qMERpOGtoNTZxVUVlZ0NVOVN0SG9qU3hmWndqSkc1WXk1R01XTXl6VExiZTFkYkFWX3JfaC1QZjQ=

30 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

otep.html Show response
sotpwinzwernet.us-east-1.linodeobjects.com/
Redirect Chain

http://securedauth0ffice.info/
http://www.securedauth0ffice.info/
https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html

3 KB
3 KB

465ms
108ms

Document
text/html

2600:3c03::f03c:92ff:fe6e:6d8b
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:3c03::f03c:92ff:fe6e:6d8b Cedar Knolls, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS
Software: /
Resource Hash: 542274ce779f6dabfb7a9104e127f1b450b56795db59458574c4f4c36d46c5eb

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Length: 3112
Content-Type: text/html
Date: Fri, 08 Dec 2023 11:30:28 GMT
ETag: "fc4a993e599ccea59b1fe685c38e79b5"
Last-Modified: Wed, 06 Dec 2023 16:18:44 GMT
x-amz-request-id: tx000004246207a0ae51bd7-006572fe54-4e3e2432-default
x-rgw-object-type: Normal

Redirect headers

Connection: keep-alive
Content-Length: 178
Content-Type: text/html
Date: Fri, 08 Dec 2023 11:30:27 GMT
Location: https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html
Server: nginx

GET
H2 200 all.css
qr.codes/fontawesome-free-5.15.4-web/css/ 72 KB
13 KB 60ms
22ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qr.codes/fontawesome-free-5.15.4-web/css/all.css
Requested by: Host: sotpwinzwernet.us-east-1.linodeobjects.com
URL: https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0cb8cc3fee4275e182236ab19c3aae55274f43aa0ffde9c0510d8d59fcf8e5dc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotpwinzwernet.us-east-1.linodeobjects.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 11:30:28 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 02 Sep 2022 15:54:29 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 6636
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=63PBC8yB4Na0tDJELi5lDzAOa15RhPKJL5INT9qhx%2FVFIAvGdAsJPz07v12WdZ0J2qH8iLdw5vIgHI7JTsgsjOcTkW5JlWe%2FcwAkxgCNJXld8y4aDrcShWNpOBeVGERRgPGJJecfMw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 8324ad304ebf6940-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 prism.css
qr.io/node_modules/prismjs/themes/ 2 KB
1 KB 53ms
18ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qr.io/node_modules/prismjs/themes/prism.css
Requested by: Host: sotpwinzwernet.us-east-1.linodeobjects.com
URL: https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 565dbff14754261a039640abf421099afefb922ba1e32c4c17b80fd4e61ee840

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotpwinzwernet.us-east-1.linodeobjects.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 11:30:28 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 12 Sep 2020 18:43:17 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 4522
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HSh%2BI31PWsbBmjNgM%2F41VmYVcFMaPrjtjUUlIXDQod7IqhaXLg16U8LxhQJlbSG4NFCahXciOs8X1TzCFjYkJdMny92OZfpPeWyFOG18oXMAe%2FrzjO50Sa3TawwRDjNDbDZROA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 8324ad3048f89bef-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 jqvmap.min.css
qr.io/node_modules/jqvmap/dist/ 613 B
718 B 51ms
16ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qr.io/node_modules/jqvmap/dist/jqvmap.min.css
Requested by: Host: sotpwinzwernet.us-east-1.linodeobjects.com
URL: https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 32d26b3f38f5adcf544dcb92bd5ef604d67ac7300a28f7f8b072ae0e9f555a3c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotpwinzwernet.us-east-1.linodeobjects.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 11:30:28 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 12 Sep 2020 18:43:10 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 4522
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WiIIgvVJJCdhL9GJmBkA1nb0ZE%2BUQXF2riW3zXgd8PEtIC9N1SO5h%2B22M8FVNR5vbl1e1wrnyEO%2BoZjD24x3xUF0zxN0G1GnhcAwPlEm65%2Fm6ful8mAM%2Bs5lp49OfQTolDYr0w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 8324ad3048f99bef-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 leaf.css
qr.io/css/ 559 KB
75 KB 57ms
23ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qr.io/css/leaf.css
Requested by: Host: sotpwinzwernet.us-east-1.linodeobjects.com
URL: https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c25d5aea4b2c07449b8444cc969f070c795fb6ad1bdac11a6b7d16a932174ade

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotpwinzwernet.us-east-1.linodeobjects.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 11:30:28 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 08 Nov 2023 12:07:50 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 4522
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O%2B5FWDYkb0weDj%2FXL6PnQ6I1TwEa3w74%2FoK2Id2zkCAZHt6Arucx7Ut1wXjq%2Bt0m2fYmQnRva6dm7H3CH1tKV%2BmKW6F5md0tTEC6YOHqUhc1luojtRIRaLvyWDLC2m3cjVkLzg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 8324ad3048f49bef-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 vue@2.6.14.js Show response
qr.io/vue-scripts/ 92 KB
35 KB 56ms
22ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qr.io/vue-scripts/vue@2.6.14.js
Requested by: Host: sotpwinzwernet.us-east-1.linodeobjects.com
URL: https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9174c425c445377df4562ad9165ea08fdf9433a808296d7de5f619791df10e17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotpwinzwernet.us-east-1.linodeobjects.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 11:30:28 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 07 Feb 2022 12:51:02 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 4522
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JpE2iaHH1lg216EVUWMd7yZqRB3mlkl1EWnwaLr9FeAVicHqJxfUguAEomclvjdr248CLp%2F5i4fcMkIESjItd%2FiBqbnpSSsinLcULQpkj0mM95P37E1yQjYaKiX%2FmkpLWoHXFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 8324ad3048fb9bef-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 axios.min.js Show response
qr.io/vue-scripts/ 18 KB
6 KB 51ms
17ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qr.io/vue-scripts/axios.min.js
Requested by: Host: sotpwinzwernet.us-east-1.linodeobjects.com
URL: https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b00828aa594968071f062841833553f98541845061e2d1c3144da47acce5940d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotpwinzwernet.us-east-1.linodeobjects.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 11:30:28 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 07 Feb 2022 12:51:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 4522
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jveeSXCwW6iitr%2FmlNwAsa2dz6xSXKp1rv6An%2BuXcNEcynabHRfFXmFG5hbBFHTyUSvJpEcqyE92It%2BhRSzaPhMvh7XPHi60asstSNL3zZES8CM0LBkf9u9sTvagl0%2BtEnERvw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 8324ad3048fa9bef-FRA
alt-svc: h3=":443"; ma=86400

GET
H2

200

808.png
widgets.amung.us/small/08/
Redirect Chain

https://whos.amung.us/swidget/qriostats.png
https://widgets.amung.us/small/08/808.png

320 B
490 B

17ms
16ms

Image
image/png

2606:4700:10::ac43:88d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widgets.amung.us/small/08/808.png
Requested by: Host: sotpwinzwernet.us-east-1.linodeobjects.com
URL: https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html
Protocol: H2
Server: 2606:4700:10::ac43:88d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 740162b605e57acf651002236b09586261c2d97316528b494ac233eef79ceac9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotpwinzwernet.us-east-1.linodeobjects.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 11:30:28 GMT
cf-cache-status: HIT
last-modified: Sun, 13 Jun 2010 09:48:30 GMT
server: cloudflare
age: 2342821
etag: "4c14a96e-140"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 8324ad30eb911e32-FRA
content-length: 320
expires: Sun, 12 Nov 2023 08:43:27 GMT

Redirect headers

location: https://widgets.amung.us/small/08/808.png
date: Fri, 08 Dec 2023 11:30:28 GMT
cache-control: no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8324ad302a6c1e32-FRA
content-type: text/html; charset=UTF-8

GET
H/1.1 200
OK 1b81205565c64bfd340dff5aeef6dfc7.png
multiplelinks-images.s3.amazonaws.com/ 2 KB
3 KB 311ms
112ms Image
image/png 54.231.161.185
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://multiplelinks-images.s3.amazonaws.com/1b81205565c64bfd340dff5aeef6dfc7.png
Requested by: Host: sotpwinzwernet.us-east-1.linodeobjects.com
URL: https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.231.161.185 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 147c66a293f5c689f5f3026425116ae2dc07f9278c3d6bb8ce1224f02a851825

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotpwinzwernet.us-east-1.linodeobjects.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 11:30:29 GMT
Last-Modified: Sat, 15 Jul 2023 12:23:52 GMT
Server: AmazonS3
x-amz-request-id: 7QPQV368NXWX99QN
ETag: "3d8348f9d44e874159cbda81629c2dce"
x-amz-server-side-encryption: AES256
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 2382
x-amz-id-2: uCHjoCaXo+70mIaFquF8Ro8jdJDiSeRT/62pl8tyvOvrr2ql6Eo8PbaCWmr43U1YH+M+ZdvewJo=

GET
H2 200 css
fonts.googleapis.com/ 11 KB
1 KB 37ms
15ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Nunito+Sans:300,400,600,700,800&display=swap

Requested by

Host: qr.io
URL: https://qr.io/css/leaf.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1d5389c7f119dc4c74da821a932f6530191de67aa19a9274a134c0b2155f42b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://qr.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 08 Dec 2023 11:30:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 08 Dec 2023 11:22:58 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 08 Dec 2023 11:30:28 GMT

GET
H2 200 css
fonts.googleapis.com/ 2 KB
502 B 38ms
16ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Sanchez:400,400i&display=swap

Requested by

Host: qr.io
URL: https://qr.io/css/leaf.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e8b48701e04d2913c042952823f5b437b3bd6c25e66e7ddff1b7e9374ce218f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://qr.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 08 Dec 2023 11:30:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 08 Dec 2023 11:21:23 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 08 Dec 2023 11:30:28 GMT

GET
H2 200 pe0TMImSLYBIv1o4X1M8ce2xCx3yop4tQpF_MeTm0lfGWVpNn64CL7U8upHZIbMV51Q42ptCp7t1R-s.woff2
fonts.gstatic.com/s/nunitosans/v15/ 30 KB
31 KB 28ms
7ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/nunitosans/v15/pe0TMImSLYBIv1o4X1M8ce2xCx3yop4tQpF_MeTm0lfGWVpNn64CL7U8upHZIbMV51Q42ptCp7t1R-s.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Nunito+Sans:300,400,600,700,800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1393acc632c160def86b45c2521c8ee742b7e6239d0d90fb95f51d55cf48b9c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://sotpwinzwernet.us-east-1.linodeobjects.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 21:00:30 GMT
x-content-type-options: nosniff
age: 570598
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31052
x-xss-protection: 0
last-modified: Thu, 27 Apr 2023 00:27:41 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 30 Nov 2024 21:00:30 GMT

GET
H/1.1

200
OK

redirect.cgi Show response
zsrb1bg2puf.multi-factor0ffice.info/
Redirect Chain

https://security-0tp0ffice.info/?sdqgbkbe
https://zsrb1bg2puf.multi-factor0ffice.info/?sign=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3pzcmIxYmcycHVmLm11bHRpLWZhY3RvcjBmZmljZS5pbmZvIiwiZG9tYWluIjoienNyYjFiZzJwdWYubXVsdGktZm...
https://zsrb1bg2puf.multi-factor0ffice.info/
https://zsrb1bg2puf.multi-factor0ffice.info/owa/
https://zsrb1bg2puf.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAw...

21 KB
11 KB

360ms
264ms

Document
text/html

88.218.188.92
THEHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://zsrb1bg2puf.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NWRhYzI0NDgtMDNkOC0xYjljLTA0NmEtYTBjNmU4Y2FhYzFhJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODM3NjMxODMwODcwMzg5Ni44NDFhMTFmMS0xYmI2LTQ4Y2UtODVkZC01Y2RkNDllZmY1ZGUmc3RhdGU9RGNzeEVvQWdEQVhSb09OeEltUUMtRGtPRUdndHZiNHA5blViaU9qMERpOGtoNTZxVUVlZ0NVOVN0SG9qU3hmWndqSkc1WXk1R01XTXl6VExiZTFkYkFWX3JfaC1QZjQ=

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.218.188.92 , Ukraine, ASN56485 (THEHOST-AS, UA),

Reverse DNS

eidgrdp.theweb.place

Software

Resource Hash

749da4edca591a8cf58ab7871a8e4b356bf3850d4ce6c3caa1752ade27fb8f54

Security Headers

Name

Value

Content-Security-Policy

default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

Strict-Transport-Security

max-age=31536000; includeSubDomains

Request headers

Referer: https://sotpwinzwernet.us-east-1.linodeobjects.com/otep.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache
Connection: close
Content-Encoding: gzip
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Content-Type: text/html; charset=utf-8
Date: Fri, 08 Dec 2023 11:30:30 GMT
Expires: -1
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma: no-cache
Referer: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=5dac2448-03d8-1b9c-046a-a0c6e8caac1a&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638376318308703896.841a11f1-1bb6-48ce-85dd-5cdd49eff5de&state=DcsxEoAgDAXRoONxImQC-DkOEGgtvb4p9nUbiOj0Di8kh56qUEegCU9StHojSxfZwjJG5Yy5GMWMyzTLbe1dbAV_r_h-Pf4
Referrer-Policy: strict-origin-when-cross-origin
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
content-length: 21541
nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+frc"}]}
x-ms-ests-server: 2.1.16790.9 - SEC ProdSlices
x-ms-request-id: 89926bd3-87bf-465b-b753-f18efeef2801

Redirect headers

Alt-Svc: h3=":443",h3-29=":443"
Connection: close
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Content-Type: text/html; charset=utf-8
Date: Fri, 08 Dec 2023 11:30:30 GMT
Location: https://zsrb1bg2puf.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NWRhYzI0NDgtMDNkOC0xYjljLTA0NmEtYTBjNmU4Y2FhYzFhJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODM3NjMxODMwODcwMzg5Ni44NDFhMTFmMS0xYmI2LTQ4Y2UtODVkZC01Y2RkNDllZmY1ZGUmc3RhdGU9RGNzeEVvQWdEQVhSb09OeEltUUMtRGtPRUdndHZiNHA5blViaU9qMERpOGtoNTZxVUVlZ0NVOVN0SG9qU3hmWndqSkc1WXk1R01XTXl6VExiZTFkYkFWX3JfaC1QZjQ=
NEL: {"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Report-To: {"group":"NelOfficeUpload1","max_age":7200,"endpoints":[{"url":"https://exo.nel.measure.office.net/api/report?TenantId=&FrontEnd=Cafe&DestinationEndpoint=FRA&RemoteIP=88.218.188.0"}],"include_subdomains":true}
Server: Microsoft-IIS/10.0
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-BEServer: BEVP281MB3524
X-BackEnd-Begin: 2023-12-08T11:30:30.870
X-BackEnd-End: 2023-12-08T11:30:30.870
X-BackEndHttpStatus: 302, 302
X-BeSku: WCS7
X-CalculatedBETarget: BEVP281MB3524.DEUP281.PROD.OUTLOOK.COM
X-CalculatedFETarget: BE1P281CU023.internal.outlook.com
X-DiagInfo: BEVP281MB3524
X-FEEFZInfo: FRA
X-FEProxyInfo: FR4P281CA0217.DEUP281.PROD.OUTLOOK.COM
X-FEServer: BE1P281CA0292, FR4P281CA0217
X-FirstHopCafeEFZ: FRA
X-IIDs: 0
X-OWA-DiagnosticsInfo: 1;0;0
X-Proxy-BackendServerStatus: 302
X-Proxy-RoutingCorrectness: 1
X-RUM-NotUpdateQueriedDbCopy: 1
X-RUM-NotUpdateQueriedPath: 1
X-RUM-Validated: 1
X-UA-Compatible: IE=EmulateIE7
content-length: 1302
request-id: 5dac2448-03d8-1b9c-046a-a0c6e8caac1a

GET
H/1.1 200
OK BssoInterrupt_Core_PukjvzWvVsvIJFh4xJhtXA2.js Show response
zsrb1bg2puf.multi-factor0ffice.info/aadcdn.msftauth.net/~/shared/1.0/content/js/ 136 KB
49 KB 595ms
494ms Script
application/x-javascript 88.218.188.92
THEHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://zsrb1bg2puf.multi-factor0ffice.info/aadcdn.msftauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_PukjvzWvVsvIJFh4xJhtXA2.js

Requested by

Host: zsrb1bg2puf.multi-factor0ffice.info
URL: https://zsrb1bg2puf.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NWRhYzI0NDgtMDNkOC0xYjljLTA0NmEtYTBjNmU4Y2FhYzFhJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODM3NjMxODMwODcwMzg5Ni44NDFhMTFmMS0xYmI2LTQ4Y2UtODVkZC01Y2RkNDllZmY1ZGUmc3RhdGU9RGNzeEVvQWdEQVhSb09OeEltUUMtRGtPRUdndHZiNHA5blViaU9qMERpOGtoNTZxVUVlZ0NVOVN0SG9qU3hmWndqSkc1WXk1R01XTXl6VExiZTFkYkFWX3JfaC1QZjQ=

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.218.188.92 , Ukraine, ASN56485 (THEHOST-AS, UA),

Reverse DNS

eidgrdp.theweb.place

Software

ECAcc (wmi/FEED) /

Resource Hash

9d194f8db66fadfe649299d0e41772970cc6b6359d9f5bcc43be22bd0cea8b11

Security Headers

Name

Value

Content-Security-Policy

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zsrb1bg2puf.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NWRhYzI0NDgtMDNkOC0xYjljLTA0NmEtYTBjNmU4Y2FhYzFhJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODM3NjMxODMwODcwMzg5Ni44NDFhMTFmMS0xYmI2LTQ4Y2UtODVkZC01Y2RkNDllZmY1ZGUmc3RhdGU9RGNzeEVvQWdEQVhSb09OeEltUUMtRGtPRUdndHZiNHA5blViaU9qMERpOGtoNTZxVUVlZ0NVOVN0SG9qU3hmWndqSkc1WXk1R01XTXl6VExiZTFkYkFWX3JfaC1QZjQ=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
Date: Fri, 08 Dec 2023 11:30:31 GMT
Content-Encoding: gzip
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Content-MD5: pEruxoX3zW+eBTfZGurBsA==
Age: 3097993
X-Cache: HIT
Connection: close
content-length: 138850
x-ms-lease-status: unlocked
Last-Modified: Tue, 31 Oct 2023 21:22:58 GMT
Server: ECAcc (wmi/FEED)
Etag: 0x8DBDA578DE8CB7A
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
x-ms-request-id: ea52d94a-b01e-00dc-4d9c-0d9a59000000
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Cache-Control: public, max-age=31536000
x-ms-version: 2009-09-19
Accept-Ranges: bytes

GET
DATA 200
OK truncated Show response
/ 341 B
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 90682803943448f3acffc81014c87fdd71f30d8cf97335fcea451fac1e568221

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: text/javascript

GET
H/1.1 200
OK Primary Request redirect.cgi Show response
zsrb1bg2puf.multi-factor0ffice.info/ 39 KB
18 KB 366ms
271ms Document
text/html 88.218.188.92
THEHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: zsrb1bg2puf.multi-factor0ffice.info
URL: https://zsrb1bg2puf.multi-factor0ffice.info/aadcdn.msftauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_PukjvzWvVsvIJFh4xJhtXA2.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.218.188.92 , Ukraine, ASN56485 (THEHOST-AS, UA),

Reverse DNS

eidgrdp.theweb.place

Software

Resource Hash

391c7d56c61ba6a7c9a320354b457df9684f792b8b7e76b3a89be8a2a6de5990

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=31536000; includeSubDomains

Request headers

Referer: https://zsrb1bg2puf.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NWRhYzI0NDgtMDNkOC0xYjljLTA0NmEtYTBjNmU4Y2FhYzFhJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODM3NjMxODMwODcwMzg5Ni44NDFhMTFmMS0xYmI2LTQ4Y2UtODVkZC01Y2RkNDllZmY1ZGUmc3RhdGU9RGNzeEVvQWdEQVhSb09OeEltUUMtRGtPRUdndHZiNHA5blViaU9qMERpOGtoNTZxVUVlZ0NVOVN0SG9qU3hmWndqSkc1WXk1R01XTXl6VExiZTFkYkFWX3JfaC1QZjQ=
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache
Connection: close
Content-Encoding: gzip
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Content-Type: text/html; charset=utf-8
Date: Fri, 08 Dec 2023 11:30:32 GMT
Expires: -1
Link: <https://aadcdn.msftauth.net>; rel=preconnect; crossorigin, <https://aadcdn.msftauth.net>; rel=dns-prefetch, <https://aadcdn.msauth.net>; rel=dns-prefetch
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma: no-cache
Referer: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=5dac2448-03d8-1b9c-046a-a0c6e8caac1a&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638376318308703896.841a11f1-1bb6-48ce-85dd-5cdd49eff5de&state=DcsxEoAgDAXRoONxImQC-DkOEGgtvb4p9nUbiOj0Di8kh56qUEegCU9StHojSxfZwjJG5Yy5GMWMyzTLbe1dbAV_r_h-Pf4
Referrer-Policy: strict-origin-when-cross-origin
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
content-length: 39995
nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+frc"}]}
x-ms-ests-server: 2.1.16878.5 - NEULR1 ProdSlices
x-ms-request-id: 98028a6f-be79-4ca5-ac84-7b40d2023c00

GET
H/1.1 200
OK converged.v2.login.min_ltjvsvk5aekta_kgibi0gg2.css
zsrb1bg2puf.multi-factor0ffice.info/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/ 109 KB
20 KB 337ms
242ms Stylesheet
text/css 88.218.188.92
THEHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://zsrb1bg2puf.multi-factor0ffice.info/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_ltjvsvk5aekta_kgibi0gg2.css
Requested by: Host: zsrb1bg2puf.multi-factor0ffice.info
URL: https://zsrb1bg2puf.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NWRhYzI0NDgtMDNkOC0xYjljLTA0NmEtYTBjNmU4Y2FhYzFhJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODM3NjMxODMwODcwMzg5Ni44NDFhMTFmMS0xYmI2LTQ4Y2UtODVkZC01Y2RkNDllZmY1ZGUmc3RhdGU9RGNzeEVvQWdEQVhSb09OeEltUUMtRGtPRUdndHZiNHA5blViaU9qMERpOGtoNTZxVUVlZ0NVOVN0SG9qU3hmWndqSkc1WXk1R01XTXl6VExiZTFkYkFWX3JfaC1QZjQ=&sso_reload=true
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.218.188.92 , Ukraine, ASN56485 (THEHOST-AS, UA),
Reverse DNS: eidgrdp.theweb.place
Software: ECAcc (wmi/FEBB) /
Resource Hash: 1a0ea89ae667420caeae29d594d53258e6ed157dab7e8dfe6f154f0054b0cf99

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zsrb1bg2puf.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NWRhYzI0NDgtMDNkOC0xYjljLTA0NmEtYTBjNmU4Y2FhYzFhJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODM3NjMxODMwODcwMzg5Ni44NDFhMTFmMS0xYmI2LTQ4Y2UtODVkZC01Y2RkNDllZmY1ZGUmc3RhdGU9RGNzeEVvQWdEQVhSb09OeEltUUMtRGtPRUdndHZiNHA5blViaU9qMERpOGtoNTZxVUVlZ0NVOVN0SG9qU3hmWndqSkc1WXk1R01XTXl6VExiZTFkYkFWX3JfaC1QZjQ=&sso_reload=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
Date: Fri, 08 Dec 2023 11:30:32 GMT
Content-Encoding: gzip
Content-MD5: znAMuOwBXwRYMjVZ8p4wCw==
Age: 7912162
X-Cache: HIT
Connection: close
Content-Length: 20208
x-ms-lease-status: unlocked
Last-Modified: Wed, 06 Sep 2023 21:24:15 GMT
Server: ECAcc (wmi/FEBB)
Etag: 0x8DBAF1F9F5D8653
Vary: Accept-Encoding
Content-Type: text/css
Access-Control-Allow-Origin: *
x-ms-request-id: 64855c7a-401e-009f-58d4-e1344e000000
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Cache-Control: public, max-age=31536000
x-ms-version: 2009-09-19
Accept-Ranges: bytes

GET
H/1.1 200
OK ConvergedLogin_PCore_xQ_4cu5kMxqWy6T1zLKcgw2.js Show response
zsrb1bg2puf.multi-factor0ffice.info/aadcdn.msftauth.net/~/shared/1.0/content/js/ 673 KB
673 KB 246ms
145ms Script
application/x-javascript 88.218.188.92
THEHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://zsrb1bg2puf.multi-factor0ffice.info/aadcdn.msftauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_xQ_4cu5kMxqWy6T1zLKcgw2.js
Requested by: Host: zsrb1bg2puf.multi-factor0ffice.info
URL: https://zsrb1bg2puf.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NWRhYzI0NDgtMDNkOC0xYjljLTA0NmEtYTBjNmU4Y2FhYzFhJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODM3NjMxODMwODcwMzg5Ni44NDFhMTFmMS0xYmI2LTQ4Y2UtODVkZC01Y2RkNDllZmY1ZGUmc3RhdGU9RGNzeEVvQWdEQVhSb09OeEltUUMtRGtPRUdndHZiNHA5blViaU9qMERpOGtoNTZxVUVlZ0NVOVN0SG9qU3hmWndqSkc1WXk1R01XTXl6VExiZTFkYkFWX3JfaC1QZjQ=&sso_reload=true
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.218.188.92 , Ukraine, ASN56485 (THEHOST-AS, UA),
Reverse DNS: eidgrdp.theweb.place
Software: /
Resource Hash: 6665ca6a09f770c6679556eb86cf4234c8bdb0271049620e03199b34b4a16099

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zsrb1bg2puf.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NWRhYzI0NDgtMDNkOC0xYjljLTA0NmEtYTBjNmU4Y2FhYzFhJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODM3NjMxODMwODcwMzg5Ni44NDFhMTFmMS0xYmI2LTQ4Y2UtODVkZC01Y2RkNDllZmY1ZGUmc3RhdGU9RGNzeEVvQWdEQVhSb09OeEltUUMtRGtPRUdndHZiNHA5blViaU9qMERpOGtoNTZxVUVlZ0NVOVN0SG9qU3hmWndqSkc1WXk1R01XTXl6VExiZTFkYkFWX3JfaC1QZjQ=&sso_reload=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 11:30:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Content-Length: 689017
Content-Type: application/x-javascript

GET
H/1.1 200
OK ux.converged.login.strings-de.min_kttbcevibl3axf-emyvupa2.js Show response
zsrb1bg2puf.multi-factor0ffice.info/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/ 58 KB
18 KB 330ms
221ms Script
application/x-javascript 88.218.188.92
THEHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://zsrb1bg2puf.multi-factor0ffice.info/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-de.min_kttbcevibl3axf-emyvupa2.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.218.188.92 , Ukraine, ASN56485 (THEHOST-AS, UA),

Reverse DNS

eidgrdp.theweb.place

Software

ECAcc (wmi/FEE2) /

Resource Hash

ab57a810667ec1440a8969be19347e62aedecd99b07a7c74e1ef14be04bc9e4a

Security Headers

Name

Value

Content-Security-Policy

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zsrb1bg2puf.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NWRhYzI0NDgtMDNkOC0xYjljLTA0NmEtYTBjNmU4Y2FhYzFhJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODM3NjMxODMwODcwMzg5Ni44NDFhMTFmMS0xYmI2LTQ4Y2UtODVkZC01Y2RkNDllZmY1ZGUmc3RhdGU9RGNzeEVvQWdEQVhSb09OeEltUUMtRGtPRUdndHZiNHA5blViaU9qMERpOGtoNTZxVUVlZ0NVOVN0SG9qU3hmWndqSkc1WXk1R01XTXl6VExiZTFkYkFWX3JfaC1QZjQ=&sso_reload=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
Date: Fri, 08 Dec 2023 11:30:32 GMT
Content-Encoding: gzip
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Content-MD5: i1bWH79CoaSd0fRSchAlmg==
Age: 663988
X-Cache: HIT
Connection: close
content-length: 59041
x-ms-lease-status: unlocked
Last-Modified: Fri, 10 Nov 2023 01:29:02 GMT
Server: ECAcc (wmi/FEE2)
Etag: 0x8DBE18C6C228E70
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
x-ms-request-id: 6a0b9881-801e-0053-1dbf-234413000000
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Cache-Control: public, max-age=31536000
x-ms-version: 2009-09-19
Accept-Ranges: bytes

GET
DATA 200
OK truncated Show response
/ 341 B
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 90682803943448f3acffc81014c87fdd71f30d8cf97335fcea451fac1e568221

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: text/javascript

GET
H/1.1 200
OK Me.htm
login.live.com/ 0
0 271ms
127ms Other
text/html 20.190.159.2

General

Check archive.org

Show headers Download Go to

Full URL: https://login.live.com/Me.htm?v=3
Requested by: Host: zsrb1bg2puf.multi-factor0ffice.info
URL: https://zsrb1bg2puf.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NWRhYzI0NDgtMDNkOC0xYjljLTA0NmEtYTBjNmU4Y2FhYzFhJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODM3NjMxODMwODcwMzg5Ni44NDFhMTFmMS0xYmI2LTQ4Y2UtODVkZC01Y2RkNDllZmY1ZGUmc3RhdGU9RGNzeEVvQWdEQVhSb09OeEltUUMtRGtPRUdndHZiNHA5blViaU9qMERpOGtoNTZxVUVlZ0NVOVN0SG9qU3hmWndqSkc1WXk1R01XTXl6VExiZTFkYkFWX3JfaC1QZjQ=&sso_reload=true
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.190.159.2 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zsrb1bg2puf.multi-factor0ffice.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

GET
H/1.1 200
OK convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js Show response
zsrb1bg2puf.multi-factor0ffice.info/aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/ 107 KB
33 KB 151ms
151ms Script
application/x-javascript 88.218.188.92
THEHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://zsrb1bg2puf.multi-factor0ffice.info/aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js

Requested by

Host: zsrb1bg2puf.multi-factor0ffice.info
URL: https://zsrb1bg2puf.multi-factor0ffice.info/aadcdn.msftauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_xQ_4cu5kMxqWy6T1zLKcgw2.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.218.188.92 , Ukraine, ASN56485 (THEHOST-AS, UA),

Reverse DNS

eidgrdp.theweb.place

Software

ECAcc (wmi/FEE6) /

Resource Hash

5f5fbee72883732799d75f6c08679ed8a6e769ae4f3afdcd3721103a481afa80

Security Headers

Name

Value

Content-Security-Policy

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zsrb1bg2puf.multi-factor0ffice.info/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NWRhYzI0NDgtMDNkOC0xYjljLTA0NmEtYTBjNmU4Y2FhYzFhJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODM3NjMxODMwODcwMzg5Ni44NDFhMTFmMS0xYmI2LTQ4Y2UtODVkZC01Y2RkNDllZmY1ZGUmc3RhdGU9RGNzeEVvQWdEQVhSb09OeEltUUMtRGtPRUdndHZiNHA5blViaU9qMERpOGtoNTZxVUVlZ0NVOVN0SG9qU3hmWndqSkc1WXk1R01XTXl6VExiZTFkYkFWX3JfaC1QZjQ=&sso_reload=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
Date: Fri, 08 Dec 2023 11:30:32 GMT
Content-Encoding: gzip
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Content-MD5: todPgSbCBNAfnMYQ5LVdvw==
Age: 27217028
X-Cache: HIT
Connection: close
content-length: 109863
x-ms-lease-status: unlocked
Last-Modified: Thu, 26 Jan 2023 00:32:12 GMT
Server: ECAcc (wmi/FEE6)
Etag: 0x8DAFF34C449D50E
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
x-ms-request-id: d9183a4b-801e-006a-3240-327634000000
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Cache-Control: public, max-age=31536000
x-ms-version: 2009-09-19
Accept-Ranges: bytes

GET
H2 200 prefetch.aspx Show response
outlook.office365.com/owa/ Frame 9758 3 KB
2 KB 120ms
18ms Document
text/html 2603:1026:c0d:100b::2

General

Check archive.org

Show headers Download Go to

Full URL

https://outlook.office365.com/owa/prefetch.aspx

Requested by

Host: zsrb1bg2puf.multi-factor0ffice.info
URL: https://zsrb1bg2puf.multi-factor0ffice.info/aadcdn.msftauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_xQ_4cu5kMxqWy6T1zLKcgw2.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2603:1026:c0d:100b::2 -, , ASN (),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

f5d9667cdeae2d273b6dc914f337761f9f8b44dd2f22d0c20d645626898f8e66

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://zsrb1bg2puf.multi-factor0ffice.info/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443",h3-29=":443"
cache-control: private, no-store
content-encoding: gzip
content-length: 1236
content-type: text/html; charset=utf-8
date: Fri, 08 Dec 2023 11:30:32 GMT
nel: {"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
report-to: {"group":"NelOfficeUpload1","max_age":7200,"endpoints":[{"url":"https://exo.nel.measure.office.net/api/report?TenantId=&FrontEnd=Cafe&DestinationEndpoint=FRA&RemoteIP=2001:ac8:20::"}],"include_subdomains":true}
request-id: 1e5d24da-427a-9bac-51fd-e63546ef10b8
server: Microsoft-IIS/10.0
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-backend-begin: 2023-12-08T11:30:32.953
x-backend-end: 2023-12-08T11:30:32.953
x-backendhttpstatus: 200 200
x-beserver: FR0P281MB1787
x-besku: WCS7
x-calculatedbetarget: FR0P281MB1787.DEUP281.PROD.OUTLOOK.COM
x-calculatedfetarget: FR3P281CU007.internal.outlook.com
x-content-type-options: nosniff
x-diaginfo: FR0P281MB1787
x-feefzinfo: FRA
x-feproxyinfo: FR4P281CA0067.DEUP281.PROD.OUTLOOK.COM
x-feserver: FR3P281CA0108 FR4P281CA0067
x-firsthopcafeefz: FRA
x-iids: 0
x-owa-diagnosticsinfo: 3;0;0
x-owa-version: 15.20.7068.28
x-proxy-backendserverstatus: 200
x-proxy-routingcorrectness: 1
x-rum-notupdatequerieddbcopy: 1
x-rum-notupdatequeriedpath: 1
x-rum-validated: 1
x-ua-compatible: IE=EmulateIE7

GET
H2 200 boot.worldwide.0.mouse.js
r4.res.office365.com/owa/prem/15.20.7068.28/scripts/ Frame 9758 648 KB
176 KB 49ms
7ms Stylesheet
application/x-javascript 2a02:26f0:7100::687e:2520

General

Check archive.org

Show headers Download Go to

Full URL

https://r4.res.office365.com/owa/prem/15.20.7068.28/scripts/boot.worldwide.0.mouse.js

Requested by

Host: outlook.office365.com
URL: https://outlook.office365.com/owa/prefetch.aspx

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::687e:2520 -, , ASN (),

Reverse DNS

Software

AkamaiNetStorage /

Resource Hash

d5238dcd5576de5c01381727798f579c4722e1c0b07f544135fbe537d7ccf94f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://outlook.office365.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 11:30:33 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 07 Dec 2023 04:33:09 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public,max-age=630720000, s-maxage=630720000
accept-ranges: bytes
timing-allow-origin: *
content-length: 179692

GET 49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg
zsrb1bg2puf.multi-factor0ffice.info/aadcdn.msftauth.net/~/shared/1.0/content/images/appbackgrounds/ 0
0

GET 49_7916a894ebde7d29c2cc29b267f1299f.jpg
zsrb1bg2puf.multi-factor0ffice.info/aadcdn.msftauth.net/~/shared/1.0/content/images/appbackgrounds/ 0
0

GET 53_8b36337037cff88c3df203bb73d58e41.png
zsrb1bg2puf.multi-factor0ffice.info/aadcdn.msftauth.net/~/shared/1.0/content/images/applogos/ 0
0

GET microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
zsrb1bg2puf.multi-factor0ffice.info/aadcdn.msftauth.net/~/shared/1.0/content/images/ 0
0

GET convergedlogin_pstringcustomizationhelper_76bb127b5869a5c6b8b3.js
zsrb1bg2puf.multi-factor0ffice.info/aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/ 0
0

GET
H2 200 boot.worldwide.1.mouse.js
r4.res.office365.com/owa/prem/15.20.7068.28/scripts/ Frame 9758 644 KB
160 KB 7ms
7ms Stylesheet
application/x-javascript 2a02:26f0:7100::687e:2520

General

Check archive.org

Show headers Download Go to

Full URL

https://r4.res.office365.com/owa/prem/15.20.7068.28/scripts/boot.worldwide.1.mouse.js

Requested by

Host: outlook.office365.com
URL: https://outlook.office365.com/owa/prefetch.aspx

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::687e:2520 -, , ASN (),

Reverse DNS

Software

AkamaiNetStorage /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://outlook.office365.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 11:30:33 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 07 Dec 2023 04:32:58 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public,max-age=630720000, s-maxage=630720000
accept-ranges: bytes
timing-allow-origin: *
content-length: 163064

GET
H2 200 boot.worldwide.2.mouse.js
r4.res.office365.com/owa/prem/15.20.7068.28/scripts/ Frame 9758 647 KB
166 KB 7ms
7ms Stylesheet
application/x-javascript 2a02:26f0:7100::687e:2520

General

Check archive.org

Show headers Download Go to

Full URL

https://r4.res.office365.com/owa/prem/15.20.7068.28/scripts/boot.worldwide.2.mouse.js

Requested by

Host: outlook.office365.com
URL: https://outlook.office365.com/owa/prefetch.aspx

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::687e:2520 -, , ASN (),

Reverse DNS

Software

AkamaiNetStorage /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://outlook.office365.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 11:30:33 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 07 Dec 2023 04:33:10 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public,max-age=630720000, s-maxage=630720000
accept-ranges: bytes
timing-allow-origin: *
content-length: 169666

GET boot.worldwide.3.mouse.js
r4.res.office365.com/owa/prem/15.20.7068.28/scripts/ Frame 9758 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: zsrb1bg2puf.multi-factor0ffice.info
URL: https://zsrb1bg2puf.multi-factor0ffice.info/aadcdn.msftauth.net/~/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg

Domain: zsrb1bg2puf.multi-factor0ffice.info
URL: https://zsrb1bg2puf.multi-factor0ffice.info/aadcdn.msftauth.net/~/shared/1.0/content/images/appbackgrounds/49_7916a894ebde7d29c2cc29b267f1299f.jpg

Domain: zsrb1bg2puf.multi-factor0ffice.info
URL: https://zsrb1bg2puf.multi-factor0ffice.info/aadcdn.msftauth.net/~/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png

Domain: zsrb1bg2puf.multi-factor0ffice.info
URL: https://zsrb1bg2puf.multi-factor0ffice.info/aadcdn.msftauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg

Domain: zsrb1bg2puf.multi-factor0ffice.info
URL: https://zsrb1bg2puf.multi-factor0ffice.info/aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_76bb127b5869a5c6b8b3.js

Domain: r4.res.office365.com
URL: https://r4.res.office365.com/owa/prem/15.20.7068.28/scripts/boot.worldwide.3.mouse.js

Verdicts & Comments Add Verdict or Comment

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

16 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
security-0tp0ffice.info/	1969-12-31 23:59:59	Name: qPdM Value: VNEEMbhORDje
security-0tp0ffice.info/	1969-12-31 23:59:59	Name: qPdM.sig Value: CE2xa5psZMUD5uRkOOF3L7aGpyQ
zsrb1bg2puf.multi-factor0ffice.info/	1969-12-31 23:59:59	Name: qPdM Value: VNEEMbhORDje
zsrb1bg2puf.multi-factor0ffice.info/	1969-12-31 23:59:59	Name: qPdM.sig Value: CE2xa5psZMUD5uRkOOF3L7aGpyQ
zsrb1bg2puf.multi-factor0ffice.info/	1970-01-21 01:34:17	Name: ClientId Value: 56E337058EA84DC4AA6F54AC5FA2E762
zsrb1bg2puf.multi-factor0ffice.info/	1970-01-20 21:10:46	Name: OIDC Value: 1
zsrb1bg2puf.multi-factor0ffice.info/	1970-01-20 16:47:18	Name: OpenIdConnect.nonce.v3.nkaziBbfjCFCx1JsYAA_EJn1VT3NZyNeVdvhNu742pE Value: 638376318308703896.841a11f1-1bb6-48ce-85dd-5cdd49eff5de
zsrb1bg2puf.multi-factor0ffice.info/	1970-01-20 16:47:36	Name: X-OWA-RedirectHistory Value: ArLym14BmN7PFeH32wg
zsrb1bg2puf.multi-factor0ffice.info/	1969-12-31 23:59:59	Name: x-ms-gateway-slice Value: estsfd
zsrb1bg2puf.multi-factor0ffice.info/	1969-12-31 23:59:59	Name: stsservicecookie Value: estsfd
.zsrb1bg2puf.multi-factor0ffice.info/	1969-12-31 23:59:59	Name: AADSSO Value: NA\|NoExtension
zsrb1bg2puf.multi-factor0ffice.info/	1970-01-20 16:47:15	Name: SSOCOOKIEPULLED Value: 1
zsrb1bg2puf.multi-factor0ffice.info/	1970-01-20 17:30:27	Name: buid Value: 0.ATsAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-Qo0-deQ0V3NT8CERTg6DEwbijpWRSdTfAag0fMt5yrRf6HsPyRfYBtKr8TVeVvXYLXdaw3zSOzz0kYxo1MOLd77dmu9_GQJ_YjeZZt8YKYQgAA
.zsrb1bg2puf.multi-factor0ffice.info/	1969-12-31 23:59:59	Name: esctx Value: PAQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-KwAYb7WjJsnRNrKLxuMLEZ22pbzGcQ9e3NRCA-AzLk0Q-7dSOIntk8j7AwyTH07MP6ygw39nORKgDItYiYZjxcTtMYfd-2IL53jP-AG_fGFUz81zlTl6PAJ-OwYpi_kZsYPdICOaaIIIyx-cr901azCXzi1B8qE6Bo5LwWkjUKogAA
.zsrb1bg2puf.multi-factor0ffice.info/	1969-12-31 23:59:59	Name: esctx-eX9C7ZdguqY Value: AQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-KejsfbWlGpv_jGGi79g_sfcvgyMNznxuT-UyQRXJJgWJPT9ECpWbrWBo_hhabdoUUYL5YdBJjbDXkT-A0fDi6sW5ZFF-3qV8sUsjYILd0p9ZZQdZUvQIIHjtK_IlDibyq97gkKinprI4IsDZdbfADyAA
zsrb1bg2puf.multi-factor0ffice.info/	1970-01-20 17:30:27	Name: fpc Value: Ai8F9Oc4Z61GkEuA_eui6S-erOTJAQAAAFj1BN0OAAAA

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
login.live.com
multiplelinks-images.s3.amazonaws.com
outlook.office365.com
qr.codes
qr.io
r4.res.office365.com
securedauth0ffice.info
security-0tp0ffice.info
sotpwinzwernet.us-east-1.linodeobjects.com
whos.amung.us
widgets.amung.us
www.securedauth0ffice.info
zsrb1bg2puf.multi-factor0ffice.info
r4.res.office365.com
zsrb1bg2puf.multi-factor0ffice.info
107.161.23.204
20.190.159.2
204.188.203.154
2600:3c03::f03c:92ff:fe6e:6d8b
2603:1026:c0d:100b::2
2606:4700:10::ac43:88d
2a00:1450:4001:813::2003
2a00:1450:4001:831::200a
2a02:26f0:7100::687e:2520
2a06:98c1:3120::3
2a06:98c1:3121::3
54.231.161.185
88.218.188.92
0cb8cc3fee4275e182236ab19c3aae55274f43aa0ffde9c0510d8d59fcf8e5dc
1393acc632c160def86b45c2521c8ee742b7e6239d0d90fb95f51d55cf48b9c3
147c66a293f5c689f5f3026425116ae2dc07f9278c3d6bb8ce1224f02a851825
1a0ea89ae667420caeae29d594d53258e6ed157dab7e8dfe6f154f0054b0cf99
1d5389c7f119dc4c74da821a932f6530191de67aa19a9274a134c0b2155f42b4
32d26b3f38f5adcf544dcb92bd5ef604d67ac7300a28f7f8b072ae0e9f555a3c
391c7d56c61ba6a7c9a320354b457df9684f792b8b7e76b3a89be8a2a6de5990
542274ce779f6dabfb7a9104e127f1b450b56795db59458574c4f4c36d46c5eb
565dbff14754261a039640abf421099afefb922ba1e32c4c17b80fd4e61ee840
5f5fbee72883732799d75f6c08679ed8a6e769ae4f3afdcd3721103a481afa80
6665ca6a09f770c6679556eb86cf4234c8bdb0271049620e03199b34b4a16099
740162b605e57acf651002236b09586261c2d97316528b494ac233eef79ceac9
749da4edca591a8cf58ab7871a8e4b356bf3850d4ce6c3caa1752ade27fb8f54
90682803943448f3acffc81014c87fdd71f30d8cf97335fcea451fac1e568221
9174c425c445377df4562ad9165ea08fdf9433a808296d7de5f619791df10e17
9d194f8db66fadfe649299d0e41772970cc6b6359d9f5bcc43be22bd0cea8b11
ab57a810667ec1440a8969be19347e62aedecd99b07a7c74e1ef14be04bc9e4a
b00828aa594968071f062841833553f98541845061e2d1c3144da47acce5940d
c25d5aea4b2c07449b8444cc969f070c795fb6ad1bdac11a6b7d16a932174ade
d5238dcd5576de5c01381727798f579c4722e1c0b07f544135fbe537d7ccf94f
e8b48701e04d2913c042952823f5b437b3bd6c25e66e7ddff1b7e9374ce218f9
f5d9667cdeae2d273b6dc914f337761f9f8b44dd2f22d0c20d645626898f8e66

zsrb1bg2puf.multi-factor0ffice.info Open in urlscan Pro 88.218.188.92 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

30 Requests

77 %HTTPS

62 %IPv6

12 Domains

15 Subdomains

12 IPs

3 Countries

1495 kBTransfer

3876 kBSize

16 Cookies

0 Outgoing links

Page URL History

Redirected requests

30 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

12 JavaScript Global Variables

zsrb1bg2puf.multi-factor0ffice.info Open in urlscan Pro
88.218.188.92 Public Scan

Screenshot
Live screenshot

Full Image

30
Requests

77 %
HTTPS

62 %
IPv6

12
Domains

15
Subdomains

12
IPs

3
Countries

1495 kB
Transfer

3876 kB
Size

16
Cookies

30 HTTP transactions
2 data transactions