webexchange.nu/wp-login.php/
212.237.249.78 135 B URL webexchange.nu/wp-login.php/
IP 212.237.249.78:0
ASN #48854 team.blue Denmark A/S
File type HTML document, ASCII text, with CRLF line terminators
Hash 66ff1eee4d3e729ec389e4db2e051796
8a0ff8625d3700b774a13ba167a259dce1696df4
30dca02ee60a82c3addeb58173faa72e1c981d56ed8505af8d974791ca42a181
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /wp-login.php/ HTTP/1.1
Host: webexchange.nu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: text/html; charset=utf-8
location: /owa/wp-login.php/
server: Microsoft-IIS/10.0
date: Fri, 26 Apr 2024 02:17:27 GMT
content-length: 135
X-Firefox-Spdy: h2
webexchange.nu/owa/wp-login.php/
212.237.249.78 229 B URL webexchange.nu/owa/wp-login.php/
IP 212.237.249.78:0
ASN #48854 team.blue Denmark A/S
File type HTML document, ASCII text, with CRLF line terminators
Hash 096cb4025bb25390f2e35fdb1924cb12
df0c5dfc5e4640c25b65a83b5b3b672ccec4d6e8
7cf4bff9f42f3f2bf4cbc054e3978d1007ede101243459ae3afcac80b5be2e6e
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /owa/wp-login.php/ HTTP/1.1
Host: webexchange.nu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
content-type: text/html; charset=utf-8
location: https://webexchange.nu/owa/auth/logon.aspx?url=https%3a%2f%2fwebexchange.nu%2fowa%2fwp-login.php%2f&reason=0
server: Microsoft-IIS/10.0
request-id: 5db3cc93-6061-4ce1-b11d-ac6f8a11c038
x-owa-version: 15.2.1258.34
x-powered-by: ASP.NET
x-feserver: EX32
date: Fri, 26 Apr 2024 02:17:27 GMT
content-length: 229
X-Firefox-Spdy: h2
webexchange.nu/owa/auth/logon.aspx?url=https%3a%2f%2fwebexchange.nu%2fowa%2fwp-login.php%2f&reason=0
212.237.249.78 28 kB URL webexchange.nu/owa/auth/logon.aspx?url=https%3a%2f%2fwebexchange.nu%2fowa%2fwp-login.php%2f&reason=0
IP 212.237.249.78:0
ASN #48854 team.blue Denmark A/S
File type HTML document, ASCII text, with very long lines (1062), with CRLF, LF line terminators
Hash 3663bf3d24d8b5f6cda430633acc71f2
7b10f5a02eea8cb7ba8755c3eea943a97d5bce44
84a6b465d8e7ae1375a2d8424a4e4c1bd748fd287e2d3514d3dd9e6455181b9c
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /owa/auth/logon.aspx?url=https%3a%2f%2fwebexchange.nu%2fowa%2fwp-login.php%2f&reason=0 HTTP/1.1
Host: webexchange.nu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: no-cache, no-store
pragma: no-cache
content-type: text/html; charset=utf-8
expires: -1
server: Microsoft-IIS/10.0
request-id: 08e3b6f4-a123-444c-ba88-c86be3ded6ac
x-frame-options: SAMEORIGIN
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Fri, 26 Apr 2024 02:17:27 GMT
content-length: 27989
X-Firefox-Spdy: h2
webexchange.nu/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebexchange.nu%2fowa%2fwp-login.php%2f
212.237.249.78200 OK 59 kB URL User Request GET HTTP/2 webexchange.nu/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebexchange.nu%2fowa%2fwp-login.php%2f
IP 212.237.249.78:443
ASN #48854 team.blue Denmark A/S
Certificate IssuerSectigo Limited
Subjectwww.webexchange.nu
Fingerprint8F:AA:81:F9:D7:68:50:D0:02:A6:BC:24:5C:9F:BE:AF:C1:CF:B5:C2
ValidityTue, 01 Aug 2023 00:00:00 GMT - Thu, 08 Aug 2024 23:59:59 GMT
File type HTML document, ASCII text, with very long lines (10414), with CRLF, LF line terminators
Hash 651c7539f4eabc1ad8f06ec64e8ca257
47247d07c1b2d20b362bf5059a7493826eec6b3b
d41d50fb43d064d4a7113c3074d03b2e3e0c2ce15e8101211f2f44402d55ebe0
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebexchange.nu%2fowa%2fwp-login.php%2f HTTP/1.1
Host: webexchange.nu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webexchange.nu/owa/auth/logon.aspx?url=https%3a%2f%2fwebexchange.nu%2fowa%2fwp-login.php%2f&reason=0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: no-cache, no-store
pragma: no-cache
content-type: text/html; charset=utf-8
expires: -1
server: Microsoft-IIS/10.0
request-id: e627ea0a-2bbe-4f70-ac39-813ba93ddea9
x-frame-options: SAMEORIGIN
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Fri, 26 Apr 2024 02:17:28 GMT
content-length: 58792
X-Firefox-Spdy: h2
webexchange.nu/owa/auth/15.2.1258/themes/resources/segoeui-regular.ttf
212.237.249.78200 OK 57 kB URL GET HTTP/2 webexchange.nu/owa/auth/15.2.1258/themes/resources/segoeui-regular.ttf
IP 212.237.249.78:443
ASN #48854 team.blue Denmark A/S
Requested by https://webexchange.nu/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebexchange.nu%2fowa%2fwp-login.php%2f
Certificate IssuerSectigo Limited
Subjectwww.webexchange.nu
Fingerprint8F:AA:81:F9:D7:68:50:D0:02:A6:BC:24:5C:9F:BE:AF:C1:CF:B5:C2
ValidityTue, 01 Aug 2023 00:00:00 GMT - Thu, 08 Aug 2024 23:59:59 GMT
File type TrueType Font data, 18 tables, 1st "LTSH", 11 names, Microsoft, language 0x409, � 2010 Microsoft Corporation. All Rights Reserved.RegularSegoe UI RegularVersion 0.81 Build 159S
Hash 8af990b6ad3ba192c2dd6a193890bf5f
4db5bf117ff8f1392fab3b438216d7cff4ae4976
c147c2ec76a8ab8bd5082f1f4d3f80a43c689165cb164cdd812e44048fe38708
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /owa/auth/15.2.1258/themes/resources/segoeui-regular.ttf HTTP/1.1
Host: webexchange.nu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webexchange.nu/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebexchange.nu%2fowa%2fwp-login.php%2f
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public,max-age=2592000
content-type: application/octet-stream
last-modified: Tue, 12 Feb 2019 16:46:18 GMT
accept-ranges: bytes
etag: "069af79f2c2d41:0"
server: Microsoft-IIS/10.0
request-id: abd79f1f-426b-432e-a434-42dbaa386e17
x-powered-by: ASP.NET
date: Fri, 26 Apr 2024 02:17:28 GMT
content-length: 56760
X-Firefox-Spdy: h2
webexchange.nu/owa/auth/15.2.1258/themes/resources/segoeui-semilight.ttf
212.237.249.78200 OK 42 kB URL GET HTTP/2 webexchange.nu/owa/auth/15.2.1258/themes/resources/segoeui-semilight.ttf
IP 212.237.249.78:443
ASN #48854 team.blue Denmark A/S
Requested by https://webexchange.nu/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebexchange.nu%2fowa%2fwp-login.php%2f
Certificate IssuerSectigo Limited
Subjectwww.webexchange.nu
Fingerprint8F:AA:81:F9:D7:68:50:D0:02:A6:BC:24:5C:9F:BE:AF:C1:CF:B5:C2
ValidityTue, 01 Aug 2023 00:00:00 GMT - Thu, 08 Aug 2024 23:59:59 GMT
File type TrueType Font data, 16 tables, 1st "OS/2", 11 names, Microsoft, language 0x409, � 2010 Microsoft Corporation. All Rights Reserved.RegularSegoe UI SemilightVersion 1.00 build 16
Hash 6c26c24aabe31040657665b1e0d9505c
b3bdc48643752665e3e5798a192b27432a87d234
2d508a6e8979bba74b6fdf804c01a09a620c781e0fea73a8eefda904f5bcab25
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /owa/auth/15.2.1258/themes/resources/segoeui-semilight.ttf HTTP/1.1
Host: webexchange.nu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webexchange.nu/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebexchange.nu%2fowa%2fwp-login.php%2f
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public,max-age=2592000
content-type: application/octet-stream
last-modified: Fri, 11 May 2018 18:11:29 GMT
accept-ranges: bytes
etag: "805ea77b53e9d31:0"
server: Microsoft-IIS/10.0
request-id: 59fd6a6f-7fa1-4d8f-b684-d9944d78abbf
x-powered-by: ASP.NET
date: Fri, 26 Apr 2024 02:17:28 GMT
content-length: 41560
X-Firefox-Spdy: h2
webexchange.nu/owa/auth/15.2.1258/themes/resources/favicon.ico
212.237.249.78200 OK 7.9 kB URL GET HTTP/2 webexchange.nu/owa/auth/15.2.1258/themes/resources/favicon.ico
IP 212.237.249.78:443
ASN #48854 team.blue Denmark A/S
Requested by https://webexchange.nu/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebexchange.nu%2fowa%2fwp-login.php%2f
Certificate IssuerSectigo Limited
Subjectwww.webexchange.nu
Fingerprint8F:AA:81:F9:D7:68:50:D0:02:A6:BC:24:5C:9F:BE:AF:C1:CF:B5:C2
ValidityTue, 01 Aug 2023 00:00:00 GMT - Thu, 08 Aug 2024 23:59:59 GMT
File type MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
Hash 759fade9033aa298629e4b000dcd6dde
34a1adf5c7326d7bde5b5735471b5d81e611c189
cf0808a61ec571e0c4975663903b288009d55502ac0445d9948983b339a5cf6e
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /owa/auth/15.2.1258/themes/resources/favicon.ico HTTP/1.1
Host: webexchange.nu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webexchange.nu/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebexchange.nu%2fowa%2fwp-login.php%2f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public,max-age=2592000
content-type: image/x-icon
last-modified: Wed, 01 Mar 2023 18:24:57 GMT
accept-ranges: bytes
etag: "80a239206b4cd91:0"
server: Microsoft-IIS/10.0
request-id: 107b7183-3a79-46f2-879d-48a7b88921f0
x-powered-by: ASP.NET
date: Fri, 26 Apr 2024 02:17:28 GMT
content-length: 7886
X-Firefox-Spdy: h2