Report - linklock.titanhq.com/analyse?url=https://Prestagefarms.oliviagerden.com/tjohnson46525523fessdGpvaG5zb25AcHJlc3RhZ2VmYXJtcy5jb20=70416493?3538747334532680=6196749014251598%23dGpvaG5zb25AcHJlc3RhZ2VmYXJtcy5jb20=&data=eJyNjL1OwzAURp_GGZF9r68TDx6qohZ1QIgBCltqO4lL_mS7EfD0pEIMiAXpWz6do2ONEq4CrgTWJenCmTn6lOvWN3Uc0o2dhmIwbfP8tj3eAy0yFsm4GBYfmeTuEv17P7Uh5WC_5WjyeerGNI0r_9u6mC7nOTHcMNite_hlTH1Ywvqi8-NVX4WfmlQERICNT8nt56Xe0-cJaGPvDr3Fx-4VnoaX4yHbDzqfgDO8LbkUSmpkuEPCqpQloiQEVV2pElqVUnMhgQTpigH-L

Report Overview

Submitted URL
linklock.titanhq.com/analyse?url=https://Prestagefarms.oliviagerden.com/tjohnson46525523fessdGpvaG5zb25AcHJlc3RhZ2VmYXJtcy5jb20=70416493?3538747334532680=6196749014251598%23dGpvaG5zb25AcHJlc3RhZ2VmYXJtcy5jb20=&data=eJyNjL1OwzAURp_GGZF9r68TDx6qohZ1QIgBCltqO4lL_mS7EfD0pEIMiAXpWz6do2ONEq4CrgTWJenCmTn6lOvWN3Uc0o2dhmIwbfP8tj3eAy0yFsm4GBYfmeTuEv17P7Uh5WC_5WjyeerGNI0r_9u6mC7nOTHcMNite_hlTH1Ywvqi8-NVX4WfmlQERICNT8nt56Xe0-cJaGPvDr3Fx-4VnoaX4yHbDzqfgDO8LbkUSmpkuEPCqpQloiQEVV2pElqVUnMhgQTpigH-L_sFlnNhtQ%25%25
IP
3.124.33.45
ASN
#16509 AMAZON-02
Submitted
2024-04-16 11:16:09
Access
public
Website Title
Outlook Web App
Final URL
online.dfgy3p2et5no4.amplifyapp.com/#tjohnson@prestagefarms.com
Tags
microsoft phishing
urlquery detections
Phishing - Microsoft

Detections

urlquery
2
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
linklock.titanhq.com	165916	2013-05-03	2021-08-20	2024-04-15	957 B	549 B	3.124.33.45
prestagefarms.oliviagerden.com	unknown	unknown	No data	No data	583 B	867 B	172.67.160.169
flowcode.com	71563	2010-06-16	2017-04-21	2024-03-28	512 B	1.6 kB	172.64.145.98
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21	2024-04-16	676 B	1.7 kB	143.204.53.97
bannedbookslist.com	unknown	2023-07-01	2015-06-26	2024-04-16	462 B	724 B	192.254.187.85
online.dfgy3p2et5no4.amplifyapp.com	unknown	unknown	No data	No data	531 B	88 kB	54.230.111.27

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (1)

	URL	Size	First Seen	Last Seen
	online.dfgy3p2et5no4.amplifyapp.com/#tjohnson@prestagefarms.com	14 kB	2023-11-21	2024-04-17
Pretty URL online.dfgy3p2et5no4.amplifyapp.com/#tjohnson@prestagefarms.com IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-21 02:38:12 Last Seen2024-04-17 07:40:53 Times Seen60 Hash d66044841e5d14d457b573b9139ea76f d80a5de4c76615f86bf288176910a56943233bcb 52990ee9adf4706286f86d94fa73c522d04e8d12fc8d1dfa6337df34f9a8a031 Loading...

HTTP Transactions (7)

URL IP Response Size

linklock.titanhq.com/analyse?url=https://Prestagefarms.oliviagerden.com/tjohnson46525523fessdGpvaG5zb25AcHJlc3RhZ2VmYXJtcy5jb20=70416493?3538747334532680=6196749014251598%23dGpvaG5zb25AcHJlc3RhZ2VmYXJtcy5jb20=&data=eJyNjL1OwzAURp_GGZF9r68TDx6qohZ1QIgBCltqO4lL_mS7EfD0pEIMiAXpWz6do2ONEq4CrgTWJenCmTn6lOvWN3Uc0o2dhmIwbfP8tj3eAy0yFsm4GBYfmeTuEv17P7Uh5WC_5WjyeerGNI0r_9u6mC7nOTHcMNite_hlTH1Ywvqi8-NVX4WfmlQERICNT8nt56Xe0-cJaGPvDr3Fx-4VnoaX4yHbDzqfgDO8LbkUSmpkuEPCqpQloiQEVV2pElqVUnMhgQTpigH-L_sFlnNhtQ%25%25

3.124.33.45

209 B

URL
linklock.titanhq.com/analyse?url=https://Prestagefarms.oliviagerden.com/tjohnson46525523fessdGpvaG5zb25AcHJlc3RhZ2VmYXJtcy5jb20=70416493?3538747334532680=6196749014251598%23dGpvaG5zb25AcHJlc3RhZ2VmYXJtcy5jb20=&data=eJyNjL1OwzAURp_GGZF9r68TDx6qohZ1QIgBCltqO4lL_mS7EfD0pEIMiAXpWz6do2ONEq4CrgTWJenCmTn6lOvWN3Uc0o2dhmIwbfP8tj3eAy0yFsm4GBYfmeTuEv17P7Uh5WC_5WjyeerGNI0r_9u6mC7nOTHcMNite_hlTH1Ywvqi8-NVX4WfmlQERICNT8nt56Xe0-cJaGPvDr3Fx-4VnoaX4yHbDzqfgDO8LbkUSmpkuEPCqpQloiQEVV2pElqVUnMhgQTpigH-L_sFlnNhtQ%25%25
IP
3.124.33.45:0
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text
Size
209 B (209 bytes)
Hash
def9863e66a2a7c4f73bc50a4827a0db
2a5a3d2be1ca8566625ab1bf8b43de4866463aa3
d5dfe3b41c0d8bf6550c5b53f7dad5c98001fa95b2aea45198e78ee43937f661

HTTP Headers

GET /analyse?url=https://Prestagefarms.oliviagerden.com/tjohnson46525523fessdGpvaG5zb25AcHJlc3RhZ2VmYXJtcy5jb20=70416493?3538747334532680=6196749014251598%23dGpvaG5zb25AcHJlc3RhZ2VmYXJtcy5jb20=&data=eJyNjL1OwzAURp_GGZF9r68TDx6qohZ1QIgBCltqO4lL_mS7EfD0pEIMiAXpWz6do2ONEq4CrgTWJenCmTn6lOvWN3Uc0o2dhmIwbfP8tj3eAy0yFsm4GBYfmeTuEv17P7Uh5WC_5WjyeerGNI0r_9u6mC7nOTHcMNite_hlTH1Ywvqi8-NVX4WfmlQERICNT8nt56Xe0-cJaGPvDr3Fx-4VnoaX4yHbDzqfgDO8LbkUSmpkuEPCqpQloiQEVV2pElqVUnMhgQTpigH-L_sFlnNhtQ%25%25 HTTP/1.1
Host: linklock.titanhq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Tue, 16 Apr 2024 11:15:45 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 209
Connection: keep-alive
Location: https://Prestagefarms.oliviagerden.com/tjohnson46525523fessdGpvaG5zb25AcHJlc3RhZ2VmYXJtcy5jb20=70416493?3538747334532680=6196749014251598#dGpvaG5zb25AcHJlc3RhZ2VmYXJtcy5jb20=

prestagefarms.oliviagerden.com/tjohnson46525523fessdGpvaG5zb25AcHJlc3RhZ2VmYXJtcy5jb20=70416493?3538747334532680=6196749014251598

172.67.160.169

167 B

URL
prestagefarms.oliviagerden.com/tjohnson46525523fessdGpvaG5zb25AcHJlc3RhZ2VmYXJtcy5jb20=70416493?3538747334532680=6196749014251598
IP
172.67.160.169:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with CRLF line terminators
Size
167 B (167 bytes)
Hash
0104c301c5e02bd6148b8703d19b3a73
7436e0b4b1f8c222c38069890b75fa2baf9ca620
446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f

HTTP Headers

GET /tjohnson46525523fessdGpvaG5zb25AcHJlc3RhZ2VmYXJtcy5jb20=70416493?3538747334532680=6196749014251598 HTTP/1.1
Host: prestagefarms.oliviagerden.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Tue, 16 Apr 2024 11:15:45 GMT
content-type: text/html
content-length: 167
location: https://flowcode.com/p/H75J8ePKt?3538747334532680=6196749014251598
cache-control: max-age=3600
expires: Tue, 16 Apr 2024 12:15:45 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4OXOxLPwCf0y4PDh%2BKHPAvV3yN7RAM7pmX90OSDWST6ligHMfBqfthIQw%2BfoPEMpj4UaJuIlAx90pB6NpCoHGQjeJGTcRZ9nq0BhVgx1Em%2BhpXGcWiMWHl9cMQdOvUmW4haz4eQq8P9%2F3giPqlLgZig%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8753c2612d6e0b45-OSL
X-Firefox-Spdy: h2

flowcode.com/p/H75J8ePKt?3538747334532680=6196749014251598

172.64.145.98

657 B

URL
flowcode.com/p/H75J8ePKt?3538747334532680=6196749014251598
IP
172.64.145.98:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
657 B (657 bytes)
Hash
cad4eb9cc94e0011fdd8150a083f81d9
45a8176949f8002878f090bc455f990c743fa7d6
cafdc8dee7aff2783f55256afeadcb59039a57d60abdbb15589d4a46d6fdfed8

HTTP Headers

GET /p/H75J8ePKt?3538747334532680=6196749014251598 HTTP/1.1
Host: flowcode.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Tue, 16 Apr 2024 11:15:45 GMT
content-type: text/html; charset=utf-8
location: https://bannedbookslist.com/access/index.html
expires: Thu, 01 Jan 1970 00:00:00 UTC
pragma: no-cache
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: DYNAMIC
set-cookie: rdservice=72a2134a-22ab-4aee-b6da-18665e0ffe7c-SSE:1713266145; Path=/; Domain=flowcode.com; Expires=Sun, 16 Apr 2034 11:15:45 GMT; Secure; SameSite=None
__cf_bm=bGQQrtqVkHmy6.b1HXavIKHbi_JFW8rQueUbi_sv53w-1713266145-1.0.1.1-abTibaeCT7tRQ91hCIxPdv1pUi4pyo73FsgoowJYkMaQ69M1Ghc9pX1p8GcLMTO2yda4jajVxukjRecSgpx4uQ; path=/; expires=Tue, 16-Apr-24 11:45:45 GMT; domain=.flowcode.com; HttpOnly; Secure; SameSite=None
_cfuvid=4y6YyVI23MFEeOYwQhyPv1Q7HlhZaDusbJOUA5fuP24-1713266145710-0.0.1.1-604800000; path=/; domain=.flowcode.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 8753c261efa2b517-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.r2m03.amazontrust.com/

143.204.53.97

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
143.204.53.97:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
a4018e5f5eac4e2f489b31f16995ae57
1d46ccfb68978d15559d75ede9f11eeca12d4cd0
49f24410b396ee36ca6fad57a8b78a42a629cf08052711942dce4513c6281b36

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: max-age=7200
Date: Tue, 16 Apr 2024 11:15:47 GMT
Server: ECAcc (amb/6B64)
X-Cache: Miss from cloudfront
Via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: _9RA75X3dscZeM2POr1ruG6LkvgC7ApuyA1Mng-uijfzEBTE0qbwjA==

bannedbookslist.com/favicon.ico

192.254.187.85

462 B

URL
bannedbookslist.com/favicon.ico
IP
192.254.187.85:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document, ASCII text
Size
462 B (462 bytes)
Hash
dbf8ec3db1d4b93b848197591827939c
2e12f671d6101f52060133c32f8d359af756f9b2
63c52aa99ca361b59a27e7f51fe5fadffef99e671f8b4f9560fab204219e0666

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: bannedbookslist.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bannedbookslist.com/access/index.html
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
date: Tue, 16 Apr 2024 11:15:47 GMT
server: nginx/1.21.6
content-type: text/html
content-length: 462
last-modified: Tue, 07 Jan 2020 01:46:40 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

ocsp.r2m03.amazontrust.com/

143.204.53.97

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
143.204.53.97:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
a4018e5f5eac4e2f489b31f16995ae57
1d46ccfb68978d15559d75ede9f11eeca12d4cd0
49f24410b396ee36ca6fad57a8b78a42a629cf08052711942dce4513c6281b36

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: max-age=7200
Date: Tue, 16 Apr 2024 11:15:47 GMT
Server: ECAcc (amb/6B43)
X-Cache: Miss from cloudfront
Via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: xw3e7f8rFOte_54kKSJr810OJOtmME9UBPa-iJPAT0CfzffkKtWezg==

online.dfgy3p2et5no4.amplifyapp.com/

54.230.111.27

200 OK

87 kB

URL User Request GET HTTP/2
online.dfgy3p2et5no4.amplifyapp.com/
IP
54.230.111.27:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subject*.dfgy3p2et5no4.amplifyapp.com
FingerprintE7:F6:44:2B:8B:EB:42:E8:76:6E:F1:57:C0:88:6B:27:3B:07:24:58
ValidityTue, 16 Apr 2024 00:00:00 GMT - Thu, 15 May 2025 23:59:59 GMT

File type

Size
87 kB (86947 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET / HTTP/1.1
Host: online.dfgy3p2et5no4.amplifyapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bannedbookslist.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html
date: Tue, 16 Apr 2024 11:15:47 GMT
server: AmazonS3
etag: W/"1c24ebcf949041e343d3359e31414ab4"
last-modified: Tue, 16 Apr 2024 07:22:53 GMT
cache-control: public, max-age=0, s-maxage=2
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: SwFIZNoCCt9NNwfVWhmGMOKG5m1UTDx3kj6DwjWnsKjiPN0wXqefIQ==
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (7)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate