urlscan.io
Sponsored by

quarantine-service.vipservicesllc.net
162.214.101.243  Malicious Activity!

Go To Report
Submitted URL: https://rowangibson.com/senta-x1graf-r2deka-x1de
Effective URL: https://quarantine-service.vipservicesllc.net/ri9yWdmanq0Hfri9yWdmanprr7Pp9yWrti9yWsa7XB8xr7Pm/login.php
Submission: On November 24 via manual from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API

Summary

This website contacted 8 IPs in 3 countries across 7 domains to perform 24 HTTP transactions. The main IP is 162.214.101.243, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is quarantine-service.vipservicesllc.net.
TLS certificate: Issued by R3 on November 24th 2021. Valid for: 3 months.
rowangibson.com scanned 2 times on urlscan.io Show Scans 2
quarantine-service.vipservicesllc.net scanned 2 times on urlscan.io Show Scans 2
480 similar pages on different IPs, domains and ASNs found Show Scans 480

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Live information

Google Safe Browsing: Malicious for quarantine-service.vipservicesllc.net
Current DNS A record: 162.214.101.243 (AS46606 - UNIFIEDLAYER-AS-1, US)
Domain created: July 20th 2020, 18:07:13 (UTC)
Domain registrar: PDR Ltd. d/b/a PublicDomainRegistry.com

Domain & IP information

IP Address AS Autonomous System
1 1 107.161.181.50 33182 (DIMENOC)
1 2 162.214.101.243 46606 (UNIFIEDLA...)
11 152.199.23.37 15133 (EDGECAST)
1 143.204.98.21 16509 (AMAZON-02)
1 20.190.160.71 8075 (MICROSOFT...)
1 2603:1026:205... 8075 (MICROSOFT...)
1 2 192.166.111.131 12316 (FITSNET F...)
7 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
24 8
1    107.161.181.50 (United States)

ASN33182 (DIMENOC, US)
PTR: servidor1.webservices.com.co
rowangibson.com
2    162.214.101.243 (United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 162-214-101-243.unifiedlayer.com
quarantine-service.vipservicesllc.net
11    152.199.23.37 (United States)

ASN15133 (EDGECAST, US)
aadcdn.msftauth.net
1    143.204.98.21 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-21.fra50.r.cloudfront.net
logo.clearbit.com
1    20.190.160.71 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
login.live.com
1    2603:1026:205:14::2 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
outlook.office365.com
2    192.166.111.131 (Germany)

ASN12316 (FITSNET FITS Internet Backbone, DE)
www.deka.de
7    2a02:26f0:6c00:29b::753 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
r4.res.office365.com
Domain Requested by
11 aadcdn.msftauth.net quarantine-service.vipservicesllc.net
7 r4.res.office365.com outlook.office365.com
2 www.deka.de 1 redirects quarantine-service.vipservicesllc.net
2 quarantine-service.vipservicesllc.net 1 redirects
1 outlook.office365.com quarantine-service.vipservicesllc.net
1 login.live.com quarantine-service.vipservicesllc.net
1 logo.clearbit.com quarantine-service.vipservicesllc.net
1 rowangibson.com 1 redirects
24 8

This site contains links to these domains. Also see Links.

Domain
www.microsoft.com
privacy.microsoft.com
Subject Issuer Validity Valid
www.quarantine-service.vipservicesllc.net
R3		 2021-11-24 -
2022-02-22		 3 months crt.sh
aadcdn.msftauth.net
DigiCert SHA2 Secure Server CA		 2021-05-13 -
2022-05-13		 a year crt.sh
clearbit.com
Amazon		 2021-04-22 -
2022-05-21		 a year crt.sh
graph.windows.net
DigiCert SHA2 Secure Server CA		 2021-11-16 -
2022-11-16		 a year crt.sh
outlook.com
DigiCert Cloud Services CA-1		 2020-07-02 -
2022-07-02		 2 years crt.sh
www.deka.de
TeleSec Business CA 1		 2020-02-07 -
2022-05-07		 2 years crt.sh
*.res.outlook.com
Microsoft RSA TLS CA 02		 2021-01-20 -
2022-01-20		 a year crt.sh

This page contains 3 frames:

Primary Page: https://quarantine-service.vipservicesllc.net/ri9yWdmanq0Hfri9yWdmanprr7Pp9yWrti9yWsa7XB8xr7Pm/login.php
Frame ID: 4C5B685ABA604F52DCD5C04BC327F85C
Requests: 14 HTTP requests in this frame

Frame: https://outlook.office365.com/owa/prefetch.aspx
Frame ID: E85A6478322F166DF36F3FF0F7EB5B0B
Requests: 8 HTTP requests in this frame

Frame: https://www.deka.de/privatkunden
Frame ID: DB56AD6BCCEE5AF14E843EA782537DF2
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://rowangibson.com/senta-x1graf-r2deka-x1de HTTP 302
    https://quarantine-service.vipservicesllc.net/ri9yWdmanq0Hfri9yWdmanprr7Pp9yWrti9yWsa7XB8xr7Pm/?client-request-id=c2VudGEu... HTTP 302
    https://quarantine-service.vipservicesllc.net/ri9yWdmanq0Hfri9yWdmanprr7Pp9yWrti9yWsa7XB8xr7Pm/login.php Page URL

Page Statistics

24
Requests

96 %
HTTPS

25 %
IPv6

7
Domains

8
Subdomains

8
IPs

3
Countries

991 kB
Transfer

3490 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://rowangibson.com/senta-x1graf-r2deka-x1de HTTP 302
    https://quarantine-service.vipservicesllc.net/ri9yWdmanq0Hfri9yWdmanprr7Pp9yWrti9yWsa7XB8xr7Pm/?client-request-id=c2VudGEuZ3JhZkBkZWthLmRl HTTP 302
    https://quarantine-service.vipservicesllc.net/ri9yWdmanq0Hfri9yWdmanprr7Pp9yWrti9yWsa7XB8xr7Pm/login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12
  • https://www.deka.de/ HTTP 302
  • https://www.deka.de/privatkunden

24 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login.php
quarantine-service.vipservicesllc.net/ri9yWdmanq0Hfri9yWdmanprr7Pp9yWrti9yWsa7XB8xr7Pm/
Redirect Chain
  • https://rowangibson.com/senta-x1graf-r2deka-x1de
  • https://quarantine-service.vipservicesllc.net/ri9yWdmanq0Hfri9yWdmanprr7Pp9yWrti9yWsa7XB8xr7Pm/?client-request-id=c2VudGEuZ3JhZkBkZWthLmRl
  • https://quarantine-service.vipservicesllc.net/ri9yWdmanq0Hfri9yWdmanprr7Pp9yWrti9yWsa7XB8xr7Pm/login.php
50 KB
50 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://quarantine-service.vipservicesllc.net/ri9yWdmanq0Hfri9yWdmanprr7Pp9yWrti9yWsa7XB8xr7Pm/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.214.101.243 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
162-214-101-243.unifiedlayer.com
Software
Apache / PHP/7.4.26
Resource Hash
30b58107171fb6fde6c159ccbd8464a5d65ce834a48124492060112a85bfbf69

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

x-powered-by
PHP/7.4.26
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
content-type
text/html; charset=UTF-8
date
Wed, 24 Nov 2021 13:29:59 GMT
server
Apache

Redirect headers

x-powered-by
PHP/7.4.26
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
location
login.php
content-length
0
content-type
text/html; charset=UTF-8
date
Wed, 24 Nov 2021 13:29:58 GMT
server
Apache
converged.v2.login.min_kb8fbtudybay5t8ts3k87g2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 		105 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_kb8fbtudybay5t8ts3k87g2.css
Requested by
Host: quarantine-service.vipservicesllc.net
URL: https://quarantine-service.vipservicesllc.net/ri9yWdmanq0Hfri9yWdmanprr7Pp9yWrti9yWsa7XB8xr7Pm/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8FDF) /
Resource Hash
1b31b0ffabf72e2545aaad397417ba58f66eb3d57a232e115085136a497ffb34

Request headers

Referer
https://quarantine-service.vipservicesllc.net/
Origin
https://quarantine-service.vipservicesllc.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 24 Nov 2021 13:29:59 GMT
content-encoding
gzip
content-md5
77s7HX/qO+HbHX0PjIhH1A==
age
13089957
x-cache
HIT
content-length
19615
x-ms-lease-status
unlocked
last-modified
Thu, 11 Feb 2021 19:27:28 GMT
server
ECAcc (frc/8FDF)
etag
0x8D8CEC311CB1846
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
1499ce03-d01e-0006-1229-6a3844000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
ConvergedLogin_PCore_5xSFkxCybJ66PCkQYoQCtQ2.js
aadcdn.msftauth.net/shared/1.0/content/js/ 		431 KB
118 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_5xSFkxCybJ66PCkQYoQCtQ2.js
Requested by
Host: quarantine-service.vipservicesllc.net
URL: https://quarantine-service.vipservicesllc.net/ri9yWdmanq0Hfri9yWdmanprr7Pp9yWrti9yWsa7XB8xr7Pm/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8FAE) /
Resource Hash
194b80ca3d4d40425984bb7900c623a05d932fd2b7d42f99f4071a2e9c85b292

Request headers

Referer
https://quarantine-service.vipservicesllc.net/
Origin
https://quarantine-service.vipservicesllc.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 24 Nov 2021 13:29:59 GMT
content-encoding
gzip
content-md5
COGKTwgRt/V6czGbYK/rJw==
age
13773818
x-cache
HIT
content-length
120419
x-ms-lease-status
unlocked
last-modified
Thu, 18 Mar 2021 08:32:22 GMT
server
ECAcc (frc/8FAE)
etag
0x8D8E9E85A12EF66
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
44567b69-201e-0038-54f1-6338d3000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
ux.converged.login.strings-en-gb.min_dy6zu1br07b27dynemrfsg2.js
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 		42 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en-gb.min_dy6zu1br07b27dynemrfsg2.js
Requested by
Host: quarantine-service.vipservicesllc.net
URL: https://quarantine-service.vipservicesllc.net/ri9yWdmanq0Hfri9yWdmanprr7Pp9yWrti9yWsa7XB8xr7Pm/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8E91) /
Resource Hash
10a120d27978a7f702f7700ada4c265f5e0aa0564b3b50aa542a611a7217fcf1

Request headers

Referer
https://quarantine-service.vipservicesllc.net/
Origin
https://quarantine-service.vipservicesllc.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 24 Nov 2021 13:29:59 GMT
content-encoding
gzip
content-md5
3NbIbf1MJFrM7z7J3e4PDw==
age
9721851
x-cache
HIT
content-length
12553
x-ms-lease-status
unlocked
last-modified
Fri, 12 Mar 2021 23:09:47 GMT
server
ECAcc (frc/8E91)
etag
0x8D8E5ABEE379310
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
73b27239-201e-0019-4bcb-88b88f000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
convergedlogin_ppassword_a2ba3dd02980047bb0fe.js
aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/ 		18 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_a2ba3dd02980047bb0fe.js
Requested by
Host: quarantine-service.vipservicesllc.net
URL: https://quarantine-service.vipservicesllc.net/ri9yWdmanq0Hfri9yWdmanprr7Pp9yWrti9yWsa7XB8xr7Pm/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (lhd/35AA) /
Resource Hash
ea6a8d0d2d04007d289d2718d82411cbae6472b6a34a3469eff1e86840a59452

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://quarantine-service.vipservicesllc.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 24 Nov 2021 13:29:59 GMT
content-encoding
gzip
content-md5
wToX8VpzufoyU07HST4W1Q==
age
24160457
x-cache
HIT
content-length
5157
x-ms-lease-status
unlocked
last-modified
Fri, 12 Feb 2021 23:42:16 GMT
server
ECAcc (lhd/35AA)
etag
0x8D8CFAFD4695F99
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
61b16bb3-f01e-0076-2d7a-05059f000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
deka.de
logo.clearbit.com/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://logo.clearbit.com/deka.de
Requested by
Host: quarantine-service.vipservicesllc.net
URL: https://quarantine-service.vipservicesllc.net/ri9yWdmanq0Hfri9yWdmanprr7Pp9yWrti9yWsa7XB8xr7Pm/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-21.fra50.r.cloudfront.net
Software
envoy /
Resource Hash
c3a66fc31ba4da94328e7399a0c48174b5e26f57ad060d70d4273af9ac3bcbd6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://quarantine-service.vipservicesllc.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 17 Nov 2021 09:43:22 GMT
via
1.1 baaf38f0a0d54e4834bf934fa5189ceb.cloudfront.net (CloudFront)
server
envoy
age
618397
x-cache
Hit from cloudfront
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=2592000
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
UstVUB7uL-Vw02Ltr2ZUgQPXoORDYkN74YqYmdSmhWkhhRAgiNpw3A==
arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
aadcdn.msftauth.net/shared/1.0/content/images/ 		513 B
440 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
Requested by
Host: quarantine-service.vipservicesllc.net
URL: https://quarantine-service.vipservicesllc.net/ri9yWdmanq0Hfri9yWdmanprr7Pp9yWrti9yWsa7XB8xr7Pm/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (lhd/3729) /
Resource Hash
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://quarantine-service.vipservicesllc.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 24 Nov 2021 13:29:59 GMT
content-encoding
gzip
content-md5
TjUQkZ0p0Y7rbj6LJofS9Q==
age
30368366
x-cache
HIT
content-length
276
x-ms-lease-status
unlocked
last-modified
Thu, 16 Jan 2020 00:32:45 GMT
server
ECAcc (lhd/3729)
etag
0x8D79A1B9B05915D
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
395a59d1-d01e-0027-6c04-cdb818000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
Me.htm?v=3
login.live.com/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://login.live.com/Me.htm?v=3
Requested by
Host: quarantine-service.vipservicesllc.net
URL: https://quarantine-service.vipservicesllc.net/ri9yWdmanq0Hfri9yWdmanprr7Pp9yWrti9yWsa7XB8xr7Pm/login.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.190.160.71 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://quarantine-service.vipservicesllc.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers
converged.v2.login.min_kb8fbtudybay5t8ts3k87g2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 		0
19 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_kb8fbtudybay5t8ts3k87g2.css
Requested by
Host: quarantine-service.vipservicesllc.net
URL: https://quarantine-service.vipservicesllc.net/ri9yWdmanq0Hfri9yWdmanprr7Pp9yWrti9yWsa7XB8xr7Pm/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (lhd/371C) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://quarantine-service.vipservicesllc.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 24 Nov 2021 13:29:59 GMT
content-encoding
gzip
content-md5
77s7HX/qO+HbHX0PjIhH1A==
age
24639431
x-cache
HIT
content-length
19615
x-ms-lease-status
unlocked
last-modified
Thu, 11 Feb 2021 19:27:28 GMT
server
ECAcc (lhd/371C)
etag
0x8D8CEC311CB1846
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
8a081d76-e01e-0094-231f-017244000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
ux.converged.login.strings-en-gb.min_dy6zu1br07b27dynemrfsg2.js
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 		0
12 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en-gb.min_dy6zu1br07b27dynemrfsg2.js
Requested by
Host: quarantine-service.vipservicesllc.net
URL: https://quarantine-service.vipservicesllc.net/ri9yWdmanq0Hfri9yWdmanprr7Pp9yWrti9yWsa7XB8xr7Pm/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (lhd/35B1) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://quarantine-service.vipservicesllc.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 24 Nov 2021 13:29:59 GMT
content-encoding
gzip
content-md5
3NbIbf1MJFrM7z7J3e4PDw==
age
21833657
x-cache
HIT
content-length
12553
x-ms-lease-status
unlocked
last-modified
Fri, 12 Mar 2021 23:09:47 GMT
server
ECAcc (lhd/35B1)
etag
0x8D8E5ABEE379310
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
b4af5bb9-101e-0001-58a3-1a2088000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg
aadcdn.msftauth.net/shared/1.0/content/images/appbackgrounds/ 		987 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg
Requested by
Host: quarantine-service.vipservicesllc.net
URL: https://quarantine-service.vipservicesllc.net/ri9yWdmanq0Hfri9yWdmanprr7Pp9yWrti9yWsa7XB8xr7Pm/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (lhd/358B) /
Resource Hash
8b34a475187302935336bf43a2bf2a4e0adb9a1e87953ea51f6fcf0ef52a4a1d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://quarantine-service.vipservicesllc.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 24 Nov 2021 13:29:59 GMT
content-md5
5YqvyYBhSpzXeWvqe16o8A==
age
30368359
x-cache
HIT
content-length
987
x-ms-lease-status
unlocked
last-modified
Fri, 27 Mar 2020 19:42:36 GMT
server
ECAcc (lhd/358B)
etag
0x8D7D287001BC861
content-type
image/jpeg
access-control-allow-origin
*
x-ms-request-id
6e9a83be-b01e-0016-1804-cd876c000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
49_7916a894ebde7d29c2cc29b267f1299f.jpg
aadcdn.msftauth.net/shared/1.0/content/images/appbackgrounds/ 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/images/appbackgrounds/49_7916a894ebde7d29c2cc29b267f1299f.jpg
Requested by
Host: quarantine-service.vipservicesllc.net
URL: https://quarantine-service.vipservicesllc.net/ri9yWdmanq0Hfri9yWdmanprr7Pp9yWrti9yWsa7XB8xr7Pm/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (lhd/35DF) /
Resource Hash
d8f5ab3e00202fd3b45be1acd95d677b137064001e171bc79b06826d98f1e1d3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://quarantine-service.vipservicesllc.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 24 Nov 2021 13:29:59 GMT
content-md5
eRaolOvefSnCzCmyZ/Epnw==
age
30368363
x-cache
HIT
content-length
17453
x-ms-lease-status
unlocked
last-modified
Fri, 27 Mar 2020 19:42:36 GMT
server
ECAcc (lhd/35DF)
etag
0x8D7D2870015D3DE
content-type
image/jpeg
access-control-allow-origin
*
x-ms-request-id
bbbb728f-901e-0004-5804-cd3529000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
prefetch.aspx
outlook.office365.com/owa/ Frame E85A 		3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://outlook.office365.com/owa/prefetch.aspx
Requested by
Host: quarantine-service.vipservicesllc.net
URL: https://quarantine-service.vipservicesllc.net/ri9yWdmanq0Hfri9yWdmanprr7Pp9yWrti9yWsa7XB8xr7Pm/login.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2603:1026:205:14::2 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
c9ed6c1952feff0f2cbf0ef3c382dbc51da6d349f6c26519b65493d4ac74edfa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://quarantine-service.vipservicesllc.net/

Response headers

Cache-Control
private, no-store
Content-Length
1236
Content-Type
text/html; charset=utf-8
Content-Encoding
gzip
Vary
Accept-Encoding
Server
Microsoft-IIS/10.0
request-id
8e1c6e42-59c5-56e8-747e-fad29fbcdce3
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Alt-Svc
h3=":443",h3-29=":443"
X-CalculatedFETarget
DB6PR0802CU002.internal.outlook.com
X-BackEndHttpStatus
200 200
X-FEProxyInfo
DB6PR0802CA0028.EURPRD08.PROD.OUTLOOK.COM
X-CalculatedBETarget
DB8PR03MB6139.EURPRD03.PROD.OUTLOOK.COM
X-RUM-Validated
1
X-Content-Type-Options
nosniff
X-BeSku
WCS6
X-OWA-Version
15.20.4713.26
X-OWA-DiagnosticsInfo
0;0;0
X-IIDs
0
X-BackEnd-Begin
2021-11-24T13:29:59.613
X-BackEnd-End
2021-11-24T13:29:59.614
X-DiagInfo
DB8PR03MB6139
X-BEServer
DB8PR03MB6139
X-UA-Compatible
IE=EmulateIE7
X-Proxy-RoutingCorrectness
1
X-Proxy-BackendServerStatus
200
X-FEServer
DB6PR0802CA0028 AM5PR0301CA0015
Report-To
{"group":"NelOfficeUpload1","max_age":7200,"endpoints":[{"url":"https://exo.nel.measure.office.net/api/report?TenantId=&FrontEnd=Cafe&DestinationEndpoint=DHR"}],"include_subdomains":true}
NEL
{"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
X-FirstHopCafeEFZ
DHR
Date
Wed, 24 Nov 2021 13:29:59 GMT
privatkunden
www.deka.de/ Frame DB56
Redirect Chain
  • https://www.deka.de/
  • https://www.deka.de/privatkunden
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.deka.de/privatkunden
Requested by
Host: quarantine-service.vipservicesllc.net
URL: https://quarantine-service.vipservicesllc.net/ri9yWdmanq0Hfri9yWdmanprr7Pp9yWrti9yWsa7XB8xr7Pm/login.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.166.111.131 , Germany, ASN12316 (FITSNET FITS Internet Backbone, DE),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://quarantine-service.vipservicesllc.net/

Response headers

Date
Wed, 24 Nov 2021 13:29:59 GMT
Server
Apache
Strict-Transport-Security
max-age=15552000
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
Pragma
no-cache
Content-Type
text/html;charset=UTF-8
Content-Language
de-
Vary
Accept-Encoding,User-Agent
X-UA-Compatible
IE=Edge,chrome=1
Keep-Alive
timeout=15, max=2
Connection
Keep-Alive
Transfer-Encoding
chunked
X-Cache-Control-Orig
no-store, must-revalidate, max-age=0, private
Cache-Control
max-age=0, must-revalidate, private, no-store
X-Expires-Orig
Wed, 31 Dec 1969 23:59:59 GMT
Expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date
Wed, 24 Nov 2021 13:29:59 GMT
Server
Apache
Strict-Transport-Security
max-age=15552000
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
Location
https://www.deka.de/privatkunden
Keep-Alive
timeout=15, max=74
Connection
Keep-Alive
Content-Type
text/html; charset=iso-8859-1
X-Cache-Control-Orig
Cache-Control
max-age=0, must-revalidate, private
X-Expires-Orig
None
Transfer-Encoding
chunked
boot.worldwide.0.mouse.js
r4.res.office365.com/owa/prem/15.20.4713.22/scripts/ Frame E85A 		648 KB
176 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r4.res.office365.com/owa/prem/15.20.4713.22/scripts/boot.worldwide.0.mouse.js
Requested by
Host: outlook.office365.com
URL: https://outlook.office365.com/owa/prefetch.aspx
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:29b::753 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
331d8bdccc50291d6598c40a737eae1fc20e5072005e22c88a7f84be94fdbfc1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://outlook.office365.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 13:29:59 GMT
content-encoding
gzip
last-modified
Wed, 17 Nov 2021 12:22:12 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public,max-age=630720000, s-maxage=630720000
strict-transport-security
max-age=31536000; includeSubDomains
accept-ranges
bytes
timing-allow-origin
*
content-length
179693
boot.worldwide.1.mouse.js
r4.res.office365.com/owa/prem/15.20.4713.22/scripts/ Frame E85A 		644 KB
160 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r4.res.office365.com/owa/prem/15.20.4713.22/scripts/boot.worldwide.1.mouse.js
Requested by
Host: outlook.office365.com
URL: https://outlook.office365.com/owa/prefetch.aspx
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:29b::753 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
9e2fa5b1c0ba4c91d9afc33f57886a37ad853ed1a4ebb3e302ff36a416c73d04
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://outlook.office365.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 13:29:59 GMT
content-encoding
gzip
last-modified
Wed, 17 Nov 2021 12:22:08 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public,max-age=630720000, s-maxage=630720000
strict-transport-security
max-age=31536000; includeSubDomains
accept-ranges
bytes
timing-allow-origin
*
content-length
163070
boot.worldwide.2.mouse.js
r4.res.office365.com/owa/prem/15.20.4713.22/scripts/ Frame E85A 		647 KB
166 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r4.res.office365.com/owa/prem/15.20.4713.22/scripts/boot.worldwide.2.mouse.js
Requested by
Host: outlook.office365.com
URL: https://outlook.office365.com/owa/prefetch.aspx
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:29b::753 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
57c47f2938f0311134363cf0fec95f3e8f5575e4f486dd680fa8f027a26abd30
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://outlook.office365.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 13:29:59 GMT
content-encoding
gzip
last-modified
Wed, 17 Nov 2021 12:22:13 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public,max-age=630720000, s-maxage=630720000
strict-transport-security
max-age=31536000; includeSubDomains
accept-ranges
bytes
timing-allow-origin
*
content-length
169702
boot.worldwide.3.mouse.js
r4.res.office365.com/owa/prem/15.20.4713.22/scripts/ Frame E85A 		645 KB
143 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r4.res.office365.com/owa/prem/15.20.4713.22/scripts/boot.worldwide.3.mouse.js
Requested by
Host: outlook.office365.com
URL: https://outlook.office365.com/owa/prefetch.aspx
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:29b::753 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
7153a36766832d1d43c6c1d0ceda5b7afcedc0b2c5be4beaa924929ef651b809
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://outlook.office365.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 13:29:59 GMT
content-encoding
gzip
last-modified
Wed, 17 Nov 2021 12:22:08 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public,max-age=630720000, s-maxage=630720000
strict-transport-security
max-age=31536000; includeSubDomains
accept-ranges
bytes
timing-allow-origin
*
content-length
145614
sprite1.mouse.png
r4.res.office365.com/owa/prem/15.20.4713.22/resources/images/0/ Frame E85A 		132 B
336 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r4.res.office365.com/owa/prem/15.20.4713.22/resources/images/0/sprite1.mouse.png
Requested by
Host: outlook.office365.com
URL: https://outlook.office365.com/owa/prefetch.aspx
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:29b::753 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
3ab09a213eedd51a0eb0e4bc5e6e96c472032dd937420e7e233ea54775c7e024
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://outlook.office365.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 13:29:59 GMT
last-modified
Wed, 17 Nov 2021 12:29:33 GMT
server
AkamaiNetStorage
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=630720000, s-maxage=630720000
accept-ranges
bytes
timing-allow-origin
*
content-length
132
sprite1.mouse.css
r4.res.office365.com/owa/prem/15.20.4713.22/resources/images/0/ Frame E85A 		994 B
512 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r4.res.office365.com/owa/prem/15.20.4713.22/resources/images/0/sprite1.mouse.css
Requested by
Host: outlook.office365.com
URL: https://outlook.office365.com/owa/prefetch.aspx
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:29b::753 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
6d1be7ed96dd494447f348986317faf64728ccf788be551f2a621b31ddc929ac
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://outlook.office365.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 13:29:59 GMT
content-encoding
gzip
last-modified
Wed, 17 Nov 2021 12:29:24 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public,max-age=630720000, s-maxage=630720000
strict-transport-security
max-age=31536000; includeSubDomains
accept-ranges
bytes
timing-allow-origin
*
content-length
288
boot.worldwide.mouse.css
r4.res.office365.com/owa/prem/15.20.4713.22/resources/styles/0/ Frame E85A 		227 KB
43 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r4.res.office365.com/owa/prem/15.20.4713.22/resources/styles/0/boot.worldwide.mouse.css
Requested by
Host: outlook.office365.com
URL: https://outlook.office365.com/owa/prefetch.aspx
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:29b::753 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
37619b16288166cc76403f0b7df6586349b2d5628de00d5850c815d019b17904
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://outlook.office365.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 13:29:59 GMT
content-encoding
gzip
last-modified
Wed, 17 Nov 2021 12:29:48 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public,max-age=630720000, s-maxage=630720000
strict-transport-security
max-age=31536000; includeSubDomains
accept-ranges
bytes
timing-allow-origin
*
content-length
44144
converged.v2.login.min_kb8fbtudybay5t8ts3k87g2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 		0
19 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_kb8fbtudybay5t8ts3k87g2.css
Requested by
Host: quarantine-service.vipservicesllc.net
URL: https://quarantine-service.vipservicesllc.net/ri9yWdmanq0Hfri9yWdmanprr7Pp9yWrti9yWsa7XB8xr7Pm/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (lhd/371C) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://quarantine-service.vipservicesllc.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 24 Nov 2021 13:29:59 GMT
content-encoding
gzip
content-md5
77s7HX/qO+HbHX0PjIhH1A==
age
24639431
x-cache
HIT
content-length
19615
x-ms-lease-status
unlocked
last-modified
Thu, 11 Feb 2021 19:27:28 GMT
server
ECAcc (lhd/371C)
etag
0x8D8CEC311CB1846
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
8a081d76-e01e-0094-231f-017244000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
ux.converged.login.strings-en-gb.min_dy6zu1br07b27dynemrfsg2.js
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 		0
12 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en-gb.min_dy6zu1br07b27dynemrfsg2.js
Requested by
Host: quarantine-service.vipservicesllc.net
URL: https://quarantine-service.vipservicesllc.net/ri9yWdmanq0Hfri9yWdmanprr7Pp9yWrti9yWsa7XB8xr7Pm/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (lhd/35B1) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://quarantine-service.vipservicesllc.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 24 Nov 2021 13:29:59 GMT
content-encoding
gzip
content-md5
3NbIbf1MJFrM7z7J3e4PDw==
age
21833657
x-cache
HIT
content-length
12553
x-ms-lease-status
unlocked
last-modified
Fri, 12 Mar 2021 23:09:47 GMT
server
ECAcc (lhd/35B1)
etag
0x8D8E5ABEE379310
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
b4af5bb9-101e-0001-58a3-1a2088000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler object| $Debug object| $Do function| $Loader function| GetString function| GetErrorString function| GetUrl object| $B object| webpackJsonp object| StringRepository object| PROOF boolean| __ boolean| __convergedlogin_ppassword_a2ba3dd02980047bb0fe

5 Cookies

Domain/Path Name / Value
quarantine-service.vipservicesllc.net/ Name: PHPSESSID
Value: 40c428ebf335f837018b5cff7cd9344d
.login.live.com/ Name: uaid
Value: 13be84dfe5f4495181b32daa5d5e954a
.login.live.com/ Name: MSPRequ
Value: id=N&lt=1637760599&co=1
outlook.office365.com/ Name: ClientId
Value: 3197D1FAF45C4A1997B7810471687DD7
outlook.office365.com/ Name: OIDC
Value: 1

1 Console Messages

Source Level URL
Text
other error URL: chrome-error://chromewebdata/
Message:
Refused to display 'https://www.deka.de/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aadcdn.msftauth.net
login.live.com
logo.clearbit.com
outlook.office365.com
quarantine-service.vipservicesllc.net
r4.res.office365.com
rowangibson.com
www.deka.de
107.161.181.50
143.204.98.21
152.199.23.37
162.214.101.243
192.166.111.131
20.190.160.71
2603:1026:205:14::2
2a02:26f0:6c00:29b::753
10a120d27978a7f702f7700ada4c265f5e0aa0564b3b50aa542a611a7217fcf1
194b80ca3d4d40425984bb7900c623a05d932fd2b7d42f99f4071a2e9c85b292
1b31b0ffabf72e2545aaad397417ba58f66eb3d57a232e115085136a497ffb34
30b58107171fb6fde6c159ccbd8464a5d65ce834a48124492060112a85bfbf69
331d8bdccc50291d6598c40a737eae1fc20e5072005e22c88a7f84be94fdbfc1
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
37619b16288166cc76403f0b7df6586349b2d5628de00d5850c815d019b17904
3ab09a213eedd51a0eb0e4bc5e6e96c472032dd937420e7e233ea54775c7e024
57c47f2938f0311134363cf0fec95f3e8f5575e4f486dd680fa8f027a26abd30
6d1be7ed96dd494447f348986317faf64728ccf788be551f2a621b31ddc929ac
7153a36766832d1d43c6c1d0ceda5b7afcedc0b2c5be4beaa924929ef651b809
8b34a475187302935336bf43a2bf2a4e0adb9a1e87953ea51f6fcf0ef52a4a1d
9e2fa5b1c0ba4c91d9afc33f57886a37ad853ed1a4ebb3e302ff36a416c73d04
c3a66fc31ba4da94328e7399a0c48174b5e26f57ad060d70d4273af9ac3bcbd6
c9ed6c1952feff0f2cbf0ef3c382dbc51da6d349f6c26519b65493d4ac74edfa
d8f5ab3e00202fd3b45be1acd95d677b137064001e171bc79b06826d98f1e1d3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea6a8d0d2d04007d289d2718d82411cbae6472b6a34a3469eff1e86840a59452