![](/screenshots/e5c34848-9a81-4417-b201-b3a8f77a3570.png)
jtrustroyal-login.microsoftonline.ezgrwnlwplm.click
Open in
urlscan Pro
137.184.127.24
Malicious Activity!
Private Scan
Effective URL: https://jtrustroyal-login.microsoftonline.ezgrwnlwplm.click/Applicationview/98ffec0c008d721a7bd5a20ca822b020/65d709450bbff8b14e661c27
Submission: On February 27 via api from DE — Scanned from ES
Summary
TLS certificate: Issued by R3 on February 26th 2024. Valid for: 3 months.
This is the only time jtrustroyal-login.microsoftonline.ezgrwnlwplm.click was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Sharepoint (Online) Microsoft (Consumer) OneDrive (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 4 | 142.250.184.227 142.250.184.227 | 15169 (GOOGLE) (GOOGLE) | |
2 2 | 172.217.18.3 172.217.18.3 | 15169 (GOOGLE) (GOOGLE) | |
3 3 | 142.250.186.99 142.250.186.99 | 15169 (GOOGLE) (GOOGLE) | |
1 1 | 104.20.139.65 104.20.139.65 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 1 | 188.114.97.3 188.114.97.3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 1 | 188.114.96.3 188.114.96.3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 2 | 142.250.185.196 142.250.185.196 | 15169 (GOOGLE) (GOOGLE) | |
6 17 | 137.184.127.24 137.184.127.24 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
2 | 216.58.206.42 216.58.206.42 | 15169 (GOOGLE) (GOOGLE) | |
2 | 104.18.11.207 104.18.11.207 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 152.199.19.161 152.199.19.161 | 15133 (EDGECAST) (EDGECAST) | |
2 | 151.101.66.137 151.101.66.137 | 54113 (FASTLY) (FASTLY) | |
1 | 104.17.25.14 104.17.25.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 104.18.10.207 104.18.10.207 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 2 | 185.15.59.226 185.15.59.226 | 14907 (WIKIMEDIA) (WIKIMEDIA) | |
5 | 185.15.59.224 185.15.59.224 | 14907 (WIKIMEDIA) (WIKIMEDIA) | |
2 | 13.107.213.60 13.107.213.60 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
2 | 13.107.246.60 13.107.246.60 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
29 | 11 |
ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f3.1e100.net
www.google.es | |
google.es |
ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f4.1e100.net
www.google.com |
ASN14061 (DIGITALOCEAN-ASN, US)
crt7zeu.ezgrwnlwplm.click | |
jtrustroyal-login.microsoftonline.ezgrwnlwplm.click |
ASN15169 (GOOGLE, US)
PTR: lcfraa-aa-in-f10.1e100.net
fonts.googleapis.com |
ASN14907 (WIKIMEDIA, US)
PTR: ncredir-lb.esams.wikimedia.org
wikipedia.com |
ASN14907 (WIKIMEDIA, US)
PTR: text-lb.esams.wikimedia.org
www.wikipedia.org |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
secure.aadcdn.microsoftonline-p.com |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
logincdn.msauth.net | |
aadcdn.msauth.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
ezgrwnlwplm.click
6 redirects
crt7zeu.ezgrwnlwplm.click jtrustroyal-login.microsoftonline.ezgrwnlwplm.click |
244 KB |
5 |
wikipedia.org
www.wikipedia.org — Cisco Umbrella Rank: 11908 |
46 KB |
5 |
google.ae
5 redirects
google.ae — Cisco Umbrella Rank: 33079 www.google.ae — Cisco Umbrella Rank: 33944 |
5 KB |
4 |
google.es
4 redirects
www.google.es — Cisco Umbrella Rank: 23215 google.es — Cisco Umbrella Rank: 21024 |
2 KB |
3 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1082 stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2859 |
50 KB |
2 |
msauth.net
logincdn.msauth.net — Cisco Umbrella Rank: 3724 aadcdn.msauth.net — Cisco Umbrella Rank: 893 |
2 KB |
2 |
microsoftonline-p.com
secure.aadcdn.microsoftonline-p.com — Cisco Umbrella Rank: 14951 |
2 KB |
2 |
wikipedia.com
2 redirects
wikipedia.com — Cisco Umbrella Rank: 136710 |
277 B |
2 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 729 |
162 KB |
2 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 32 |
3 KB |
2 |
google.com
2 redirects
www.google.com — Cisco Umbrella Rank: 2 |
2 KB |
2 |
yxnwnjcbtx.shop
2 redirects
m18ddps9y.yxnwnjcbtx.shop |
1 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 226 |
7 KB |
1 |
azureedge.net
spoppe-b.azureedge.net — Cisco Umbrella Rank: 6797 |
1 KB |
1 |
tinyurl.com
1 redirects
tinyurl.com — Cisco Umbrella Rank: 18784 |
832 B |
29 | 15 |
Domain | Requested by | |
---|---|---|
15 | jtrustroyal-login.microsoftonline.ezgrwnlwplm.click |
4 redirects
jtrustroyal-login.microsoftonline.ezgrwnlwplm.click
code.jquery.com |
5 | www.wikipedia.org |
jtrustroyal-login.microsoftonline.ezgrwnlwplm.click
www.wikipedia.org |
3 | www.google.ae | 3 redirects |
3 | www.google.es | 3 redirects |
2 | secure.aadcdn.microsoftonline-p.com |
jtrustroyal-login.microsoftonline.ezgrwnlwplm.click
|
2 | wikipedia.com | 2 redirects |
2 | code.jquery.com |
jtrustroyal-login.microsoftonline.ezgrwnlwplm.click
|
2 | maxcdn.bootstrapcdn.com |
jtrustroyal-login.microsoftonline.ezgrwnlwplm.click
|
2 | fonts.googleapis.com |
jtrustroyal-login.microsoftonline.ezgrwnlwplm.click
|
2 | crt7zeu.ezgrwnlwplm.click | 2 redirects |
2 | www.google.com | 2 redirects |
2 | m18ddps9y.yxnwnjcbtx.shop | 2 redirects |
2 | google.ae | 2 redirects |
1 | aadcdn.msauth.net |
jtrustroyal-login.microsoftonline.ezgrwnlwplm.click
|
1 | logincdn.msauth.net |
jtrustroyal-login.microsoftonline.ezgrwnlwplm.click
|
1 | stackpath.bootstrapcdn.com |
jtrustroyal-login.microsoftonline.ezgrwnlwplm.click
|
1 | cdnjs.cloudflare.com |
jtrustroyal-login.microsoftonline.ezgrwnlwplm.click
|
1 | spoppe-b.azureedge.net |
jtrustroyal-login.microsoftonline.ezgrwnlwplm.click
|
1 | tinyurl.com | 1 redirects |
1 | google.es | 1 redirects |
29 | 20 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
ezgrwnlwplm.click R3 |
2024-02-26 - 2024-05-26 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2024-02-05 - 2024-04-29 |
3 months | crt.sh |
bootstrapcdn.com GTS CA 1P5 |
2024-01-28 - 2024-04-27 |
3 months | crt.sh |
*.vo.msecnd.net DigiCert SHA2 Secure Server CA |
2024-01-30 - 2025-01-30 |
a year | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
*.wikipedia.org DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2023-10-18 - 2024-10-16 |
a year | crt.sh |
secure.aadcdn.microsoftonline-p.com Microsoft Azure RSA TLS Issuing CA 04 |
2023-12-05 - 2024-11-29 |
a year | crt.sh |
identitycdn.msauth.net Microsoft Azure RSA TLS Issuing CA 03 |
2024-01-17 - 2025-01-11 |
a year | crt.sh |
aadcdn.msauth.net DigiCert SHA2 Secure Server CA |
2024-01-29 - 2025-01-29 |
a year | crt.sh |
This page contains 3 frames:
Primary Page:
https://jtrustroyal-login.microsoftonline.ezgrwnlwplm.click/Applicationview/98ffec0c008d721a7bd5a20ca822b020/65d709450bbff8b14e661c27
Frame ID: B37F9AF26AE13110D52F93D071C054FE
Requests: 20 HTTP requests in this frame
Frame:
https://jtrustroyal-login.microsoftonline.ezgrwnlwplm.click/Applicationview/98ffec0c008d721a7bd5a20ca822b020/65d709450bbff8b14e661c27?gif=outlook&itb1=true
Frame ID: 2957AB28C77FD8C31D85512159537ECA
Requests: 8 HTTP requests in this frame
Frame:
https://www.wikipedia.org/
Frame ID: 651F997E7E5DEA49DAE58462814AE164
Requests: 4 HTTP requests in this frame
Screenshot
![](/screenshots/e5c34848-9a81-4417-b201-b3a8f77a3570.png)
Page Title
SharepointPage URL History Show full URLs
-
https://www.google.es/url?hl=en&q=https://google.es/url?sa%3Dt%26q%3DWw%26rct%3Dcv%26esrc%3Dhoti%2...
HTTP 302
https://google.es/url?sa=t&q=Ww&rct=cv&esrc=hoti&source=inx&cd=DJCG&cad=2A6N1w&ved=Vn2SypKkFKv... HTTP 301
https://www.google.es/url?sa=t&q=Ww&rct=cv&esrc=hoti&source=inx&cd=DJCG&cad=2A6N1w&ved=Vn2SypKkFKv... HTTP 302
https://www.google.es/amp/google.ae/amp/tinyurl.com/2ycmw6ns HTTP 302
http://google.ae/amp/tinyurl.com/2ycmw6ns HTTP 301
http://www.google.ae/amp/tinyurl.com/2ycmw6ns HTTP 301
https://www.google.ae/amp/tinyurl.com/2ycmw6ns HTTP 302
http://tinyurl.com/2ycmw6ns HTTP 307
https://tinyurl.com/2ycmw6ns HTTP 301
https://google.ae/amp/m18DDps9Y.yxnwnjcbtx.shop/nrzes3 HTTP 301
https://www.google.ae/amp/m18DDps9Y.yxnwnjcbtx.shop/nrzes3 HTTP 302
http://m18ddps9y.yxnwnjcbtx.shop/nrzes3 HTTP 301
https://m18ddps9y.yxnwnjcbtx.shop/nrzes3 HTTP 302
https://www.google.com/amp/Crt7ZEU.ezgrwnlwplm.click/bdd600/1/98ffec0c008d721a7bd5a20ca822b020/65d7... HTTP 302
http://crt7zeu.ezgrwnlwplm.click/bdd600/1/98ffec0c008d721a7bd5a20ca822b020/65d709450bbff8b14e661c27 HTTP 301
https://crt7zeu.ezgrwnlwplm.click/bdd600/1/98ffec0c008d721a7bd5a20ca822b020/65d709450bbff8b14e661c27 HTTP 301
https://www.google.com/amp/jtrustroyal-login.microsoftonline.ezgrwnlwplm.click/Applicationview/98ff... HTTP 302
http://jtrustroyal-login.microsoftonline.ezgrwnlwplm.click/Applicationview/98ffec0c008d721a7bd5a20ca822b020/65d709450bbff8b14e661c27 HTTP 301
https://jtrustroyal-login.microsoftonline.ezgrwnlwplm.click/Applicationview/98ffec0c008d721a7bd5a20ca822b020/65d709450bbff8b14e661c27 Page URL
Detected technologies
![](/vendor/wappa/icons/Bootstrap.png)
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
![](/vendor/wappa/icons/Google Font API.png)
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
![](/vendor/wappa/icons/Popper.png)
Detected patterns
- /popper\.js/([0-9.]+)
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://www.google.es/url?hl=en&q=https://google.es/url?sa%3Dt%26q%3DWw%26rct%3Dcv%26esrc%3Dhoti%26source%3Dinx%26cd%3DDJCG%26cad%3D2A6N1w%26ved%3DVn2SypKkFKvZkv%26uact%3D990%26url%3D%2561%256D%2570%252F%2567%256F%256F%2567%256C%2565%252E%2561%2565%252F%2561%256D%2570%252F%2574%2569%256E%2579%2575%2572%256C%252E%2563%256F%256D%252F%2532%2579%2563%256D%2577%2536%256E%2573%26opi%3D7264657763966%26usg%3D9TdmvuKPevt4mE&source=gmail&ust=1709019341740000&usg=AOvVaw22mlh--kd9HxYl-j3d0cXL
HTTP 302
https://google.es/url?sa=t&q=Ww&rct=cv&esrc=hoti&source=inx&cd=DJCG&cad=2A6N1w&ved=Vn2SypKkFKvZkv&uact=990&url=%61%6D%70%2F%67%6F%6F%67%6C%65%2E%61%65%2F%61%6D%70%2F%74%69%6E%79%75%72%6C%2E%63%6F%6D%2F%32%79%63%6D%77%36%6E%73&opi=7264657763966&usg=9TdmvuKPevt4mE HTTP 301
https://www.google.es/url?sa=t&q=Ww&rct=cv&esrc=hoti&source=inx&cd=DJCG&cad=2A6N1w&ved=Vn2SypKkFKvZkv&uact=990&url=amp%2Fgoogle%2Eae%2Famp%2Ftinyurl%2Ecom%2F2ycmw6ns&opi=7264657763966&usg=9TdmvuKPevt4mE HTTP 302
https://www.google.es/amp/google.ae/amp/tinyurl.com/2ycmw6ns HTTP 302
http://google.ae/amp/tinyurl.com/2ycmw6ns HTTP 301
http://www.google.ae/amp/tinyurl.com/2ycmw6ns HTTP 301
https://www.google.ae/amp/tinyurl.com/2ycmw6ns HTTP 302
http://tinyurl.com/2ycmw6ns HTTP 307
https://tinyurl.com/2ycmw6ns HTTP 301
https://google.ae/amp/m18DDps9Y.yxnwnjcbtx.shop/nrzes3 HTTP 301
https://www.google.ae/amp/m18DDps9Y.yxnwnjcbtx.shop/nrzes3 HTTP 302
http://m18ddps9y.yxnwnjcbtx.shop/nrzes3 HTTP 301
https://m18ddps9y.yxnwnjcbtx.shop/nrzes3 HTTP 302
https://www.google.com/amp/Crt7ZEU.ezgrwnlwplm.click/bdd600/1/98ffec0c008d721a7bd5a20ca822b020/65d709450bbff8b14e661c27 HTTP 302
http://crt7zeu.ezgrwnlwplm.click/bdd600/1/98ffec0c008d721a7bd5a20ca822b020/65d709450bbff8b14e661c27 HTTP 301
https://crt7zeu.ezgrwnlwplm.click/bdd600/1/98ffec0c008d721a7bd5a20ca822b020/65d709450bbff8b14e661c27 HTTP 301
https://www.google.com/amp/jtrustroyal-login.microsoftonline.ezgrwnlwplm.click/Applicationview/98ffec0c008d721a7bd5a20ca822b020/65d709450bbff8b14e661c27 HTTP 302
http://jtrustroyal-login.microsoftonline.ezgrwnlwplm.click/Applicationview/98ffec0c008d721a7bd5a20ca822b020/65d709450bbff8b14e661c27 HTTP 301
https://jtrustroyal-login.microsoftonline.ezgrwnlwplm.click/Applicationview/98ffec0c008d721a7bd5a20ca822b020/65d709450bbff8b14e661c27 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 13- https://jtrustroyal-login.microsoftonline.ezgrwnlwplm.click//Applicationview/98ffec0c008d721a7bd5a20ca822b020/65d709450bbff8b14e661c27?gif=outlook&itb1=true HTTP 301
- https://jtrustroyal-login.microsoftonline.ezgrwnlwplm.click/Applicationview/98ffec0c008d721a7bd5a20ca822b020/65d709450bbff8b14e661c27?gif=outlook&itb1=true
- https://jtrustroyal-login.microsoftonline.ezgrwnlwplm.click/Applicationview/98ffec0c008d721a7bd5a20ca822b020/Sign%20in%20to%20your%20account_files/prefetch(1).html HTTP 301
- https://wikipedia.com/ HTTP 301
- https://www.wikipedia.org/
- https://jtrustroyal-login.microsoftonline.ezgrwnlwplm.click/Applicationview/98ffec0c008d721a7bd5a20ca822b020/Sign%20in%20to%20your%20account_files/ellipsis_grey.svg HTTP 301
- https://wikipedia.com/ HTTP 301
- https://www.wikipedia.org/
29 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
65d709450bbff8b14e661c27
jtrustroyal-login.microsoftonline.ezgrwnlwplm.click/Applicationview/98ffec0c008d721a7bd5a20ca822b020/ Redirect Chain
|
59 KB 59 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
0 2 KB |
Other
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/ |
141 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
20 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
docx.png
spoppe-b.azureedge.net/files/fabric-cdn-prod_20211104.001/assets/item-types/32_2x/ |
975 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.4.1.js
code.jquery.com/ |
274 KB 81 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/ |
19 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/ |
48 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ |
50 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
script.js
jtrustroyal-login.microsoftonline.ezgrwnlwplm.click/uploads/ |
23 KB 24 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 2 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mac-chrome.css
jtrustroyal-login.microsoftonline.ezgrwnlwplm.click/uploads/ |
7 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
65d709450bbff8b14e661c27
jtrustroyal-login.microsoftonline.ezgrwnlwplm.click/Applicationview/98ffec0c008d721a7bd5a20ca822b020/ Frame 2957 Redirect Chain
|
146 KB 146 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ssl.svg
jtrustroyal-login.microsoftonline.ezgrwnlwplm.click/uploads/images/ |
563 B 751 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
close.svg
jtrustroyal-login.microsoftonline.ezgrwnlwplm.click/uploads/images/ |
720 B 908 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
arrow-right.svg
jtrustroyal-login.microsoftonline.ezgrwnlwplm.click/uploads/images/ |
1023 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cookies.svg
jtrustroyal-login.microsoftonline.ezgrwnlwplm.click/uploads/images/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
settings.svg
jtrustroyal-login.microsoftonline.ezgrwnlwplm.click/uploads/images/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
new-tab.svg
jtrustroyal-login.microsoftonline.ezgrwnlwplm.click/uploads/images/ |
468 B 656 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.4.1.js
code.jquery.com/ Frame 2957 |
274 KB 81 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.wikipedia.org/ Frame 651F Redirect Chain
|
76 KB 19 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microsoft_logo.svg
secure.aadcdn.microsoftonline-p.com/ests/2.1.8148.16/content/images/ Frame 2957 |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
arrow_left.svg
logincdn.msauth.net/16.000.28345.6/images/ Frame 2957 |
513 B 928 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
documentation_bcb4d1dc4eae64f0b2b2538209d8435a.svg
aadcdn.msauth.net/shared/1.0/content/images/ Frame 2957 |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ellipsis_white.svg
secure.aadcdn.microsoftonline-p.com/ests/2.1.8148.16/content/images/ Frame 2957 |
915 B 600 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.wikipedia.org/ Frame 2957 Redirect Chain
|
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
65d709450bbff8b14e661c27
jtrustroyal-login.microsoftonline.ezgrwnlwplm.click/Applicationview/98ffec0c008d721a7bd5a20ca822b020/ Frame 2957 |
0 177 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Wikipedia-logo-v2.png
www.wikipedia.org/portal/wikipedia.org/assets/img/ Frame 651F |
15 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index-24c3e2ca18.js
www.wikipedia.org/portal/wikipedia.org/assets/js/ Frame 651F |
22 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gt-ie9-ce3fe8e88d.js
www.wikipedia.org/portal/wikipedia.org/assets/js/ Frame 651F |
614 B 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Sharepoint (Online) Microsoft (Consumer) OneDrive (Online)22 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 function| $ function| jQuery function| Popper object| bootstrap function| isLikelyDesktop function| getOperatingSystem function| setInitialSize function| deobfString function| openTop function| openIn function| deObfData function| handleDnDLogic function| applyPositioning function| closePopup function| toggleSSLPopup function| enlarge function| setPrimaryContent function| handleSecondaryFlowStart function| handleIsOpenedState function| triggerSecondaryFlowStart function| hadleDOMContentLoaded4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.google.es/ | Name: __Secure-ENID Value: 17.SE=aulg0RxO2suIc1wNRxQIQMxea7-BqdUjxWdU9uii1C9_WD73no4CChxfMWf4WBXO0mi63CCZpiAzMRUhKmTwHngUhMwzX8vNuGmw4KHOJvIxezSZg-mob-0wnccRY7K-q5B8SVure2ExiipIGOCaxtauCa2qM4zoFpyUmJJG2oY4QKA |
|
.google.ae/ | Name: __Secure-ENID Value: 17.SE=rI1mEFQPGTxlbz2RxJ2PvUuKvFt4EsAasLf6AD8C8PP2bQn7qRyRC2a9xxtE_p89JCGof2OGFzG8AIqG-ZYjt4WQirA4ADrUSob6sCpfvRh_Jl8zIy5V_m3dnOT_0A8w15Qp01n2zZO4k-UXbGI4PnGxYcEB0FSEbjSD9kbC0dOD7as |
|
.tinyurl.com/ | Name: __cf_bm Value: yKrrMDpJnSyv44Dpit15TAGK2Ps8XbPMYLplKzv_Dy0-1709005019-1.0-AZsYWEvisIQSiacggecjR6M/T0Ue8QodBmVL4jo0f7KUxDkrpTWVYUE8V1FC1UJDn/C4bLp3FdPWEeQAZRNd9Wg= |
|
.google.com/ | Name: __Secure-ENID Value: 17.SE=WV0M1mdBTYqqxgegNA9VY5Tw_nL3JlPrpUyxxCPPRr6c91El-kUPkzdCVGPxOkEPZZN8S-MwM86_E7l_hiKUlyWkib_5DL5e1BCQhnxsMYxblUY60w_XpWJPylU18yxdFbEAZWEnpG7SzLihFP8rq_UL1xqvef8yS6k8G2OXJPaqmWU |
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aadcdn.msauth.net
cdnjs.cloudflare.com
code.jquery.com
crt7zeu.ezgrwnlwplm.click
fonts.googleapis.com
google.ae
google.es
jtrustroyal-login.microsoftonline.ezgrwnlwplm.click
logincdn.msauth.net
m18ddps9y.yxnwnjcbtx.shop
maxcdn.bootstrapcdn.com
secure.aadcdn.microsoftonline-p.com
spoppe-b.azureedge.net
stackpath.bootstrapcdn.com
tinyurl.com
wikipedia.com
www.google.ae
www.google.com
www.google.es
www.wikipedia.org
104.17.25.14
104.18.10.207
104.18.11.207
104.20.139.65
13.107.213.60
13.107.246.60
137.184.127.24
142.250.184.227
142.250.185.196
142.250.186.99
151.101.66.137
152.199.19.161
172.217.18.3
185.15.59.224
185.15.59.226
188.114.96.3
188.114.97.3
216.58.206.42
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
076adb70dec01ca99ad6325565ffdaabd47a3213e3224c26faa1d01100af9d31
29b7a9358abdc68c51db5a5af4a4f4e2e041a67527adee2366b1f84f116fe9a5
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
314253e27fd3392df6c58f38e27abcabcd178ea709fdb738cda64708141dc105
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
5a93a88493aa32aab228bf4571c01207d3b42b0002409a454d404b4d8395bd55
5d0992782b6d45c3153c0f4d096c48bba6a0fa8acf9f617dec1d04f15af96fb8
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea
75038605ff9e35cc393e0ed8200069601c889100607cde67d2af68b9eb88e5d4
7a659e3b9a835c1585742ae9f3544481528ca7c7a9ec6cf93470f14d6291d9c8
825de044d5ac6442a094ff95099f9f67e9249a8110a2fbd57128285776632adb
833e4f5e3cebfe70b9687cf08afd5a3f47f1ef8ccf15013c573149954f08c7d8
86fd50197d175e54a0a41cfde6dca8061e60a9f4fdae4d2a1b88235b82e29666
94b9d1f65f9e2a5f7a3f5a77730182b91fbfc81a03228d28985e6d566c181ee4
9a2ae80f16da64e90fc098c1ded9e0c1de6a9c74d9e4e22123e404ae89a5d0cf
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
a76c08e9cdc3bb87bfb57627ad8f6b46f0e5ef826cc7f046dfbaf25d7b7958ea
b19808e35d2be36afee40661f06cc879b5d80e45929c75f1d6a852bb21143f72
b4e544b010077ceacf159dfdf566b37d06f8ab3c151e9561720e392b8f1ea38e
c98a51021441557bc974e25392d183705fbf3347345aa7e5adc7cae3ded0165a
cf5916e86bb18875db4e12ee5e799cce7b23bc1cd1ad721fb65d3879de629bec
d4b2aac3bcfbd9aa265d5640347ca941ed220ca43d067029dc078112e746cc9a
e26e4f6b66581c73cd8b912cd88d0788be4fc0124da5d145f2bf5a8657fde1c0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
f237f435eb554271638068a47f5cc80ebae8ac4140a2a1c7e226c489e67fb0a9
fe51e51e5890cf5c1ec7a55bb137460d8d906c00ad60b3e1e686910cd93db59c