| m.exactag.com/ai.aspx?tc=d9867210bc40b07205bbd26a23a8d2e6b6b4f9&url=http:c98labs.com/winner/70735//dGl6aWFuby5jZWNjYXJhbmlAbXVuZHlzLmNvbQ== |  85.14.248.72 | | 0 B |
URL m.exactag.com/ai.aspx?tc=d9867210bc40b07205bbd26a23a8d2e6b6b4f9&url=http:c98labs.com/winner/70735//dGl6aWFuby5jZWNjYXJhbmlAbXVuZHlzLmNvbQ== IP85.14.248.72:0 ASN#24961 myLoc managed IT AG
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ai.aspx?tc=d9867210bc40b07205bbd26a23a8d2e6b6b4f9&url=http:c98labs.com/winner/70735//dGl6aWFuby5jZWNjYXJhbmlAbXVuZHlzLmNvbQ== HTTP/1.1
Host: m.exactag.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Cache-Control: max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=iso-8859-1
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Di, 30 Apr 2024 03:33:46 GMT
Location: http:c98labs.com/winner/70735//dGl6aWFuby5jZWNjYXJhbmlAbXVuZHlzLmNvbQ==
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Max-Age: 1000
Access-Control-Allow-Headers: *
X-ET-Code: 20
X-ET-Camp: 0
X-ET-Monitoring: 1
Accept-CH: sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
Strict-Transport-Security: max-age=31536000
Date: Tue, 30 Apr 2024 15:33:46 GMT
Connection: close
Content-Length: 0
cross-origin-resource-policy: cross-origin
X-Xss-Protection: 0
X-Content-Type-Options: nosniff
|
|
| c98labs.com/winner/70735//dGl6aWFuby5jZWNjYXJhbmlAbXVuZHlzLmNvbQ== |  162.241.120.242 | | 0 B |
URL c98labs.com/winner/70735//dGl6aWFuby5jZWNjYXJhbmlAbXVuZHlzLmNvbQ== IP162.241.120.242:0 ASN#19871 NETWORK-SOLUTIONS-HOSTING
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /winner/70735//dGl6aWFuby5jZWNjYXJhbmlAbXVuZHlzLmNvbQ== HTTP/1.1
Host: c98labs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 30 Apr 2024 15:33:46 GMT
Server: Apache
refresh: 0;url=https://f4aba89c.e1ec315c2713e1dc37b7b50a.workers.dev?qrc=tiziano.ceccarani@mundys.com
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback |  104.17.2.184 | | 0 B |
URL challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback IP104.17.2.184:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://f4aba89c.e1ec315c2713e1dc37b7b50a.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Tue, 30 Apr 2024 15:33:47 GMT
content-length: 0
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: max-age=300, public
location: /turnstile/v0/g/d0ff3ebede6b/api.js
vary: Accept-Encoding
server: cloudflare
cf-ray: 87c8979ded9656aa-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D | 104.17.2.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D IP104.17.2.184:0
File typePNG image data, 2 x 2, 8-bit/color RGB, non-interlaced Hash9246cca8fc3c00f50035f28e9f6b7f7d 3aa538440f70873b574f40cd793060f53ec17a5d c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84
GET /cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/qi8qm/0x4AAAAAAAYx2FSs3SqL9J3N/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 30 Apr 2024 15:33:48 GMT
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 87c8979fc8cb56c7-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/667876476:1714490001:GLgTwJttO1no6AhH5yEkI3bxeb8tWq3bgFhY9IWzBnU/87c8979edf7f56c7/982ca5e4f4d765d | 104.17.2.184 | | 122 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/667876476:1714490001:GLgTwJttO1no6AhH5yEkI3bxeb8tWq3bgFhY9IWzBnU/87c8979edf7f56c7/982ca5e4f4d765d IP104.17.2.184:0
File typeASCII text, with very long lines (65536), with no line terminators Size122 kB (122191 bytes) Hashe6aaf9515f449b7e1eb178c069034278 a4e02ebf69f8c44f1af8258c7de9e32265e1d625 8576b418e5bc2186d38979044220e07da1f2986cf7c1e1fb7fb47a7dafb71037
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/667876476:1714490001:GLgTwJttO1no6AhH5yEkI3bxeb8tWq3bgFhY9IWzBnU/87c8979edf7f56c7/982ca5e4f4d765d HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/qi8qm/0x4AAAAAAAYx2FSs3SqL9J3N/auto/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 982ca5e4f4d765d
Content-Length: 2640
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 30 Apr 2024 15:33:48 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: 1DQxg1MjA9AlEr2kRGtGiz3PUx/oV2k1iMp5Il+twncg6c6WW8fDljYHUyD0+0mLev/dFhRkldiadnzdz4pIyI/PTlqzRTi1b5YHAOTEkDOBq6K5Vi6dZOqwlnwAnbncTp6ZmXONOm4pLKNNzlA9rH7EeCpx+tVrrEjKtj/GGxwpwrSgOMfCW/RC1WHKk2DzBG+t1E1C9WUtOVqfSulOtUd/mTLOYf0zFmQ+Jvyx2UelhepkhkUoqhuD4bgI4FPQwBtxu+APIpiitMEZPABFjggtrf7/T/8umsRlHS4hgaEThTbgRTSRyHILh8J9dvqTkVPjssewKjrmT3DHx2KPo2/Dww0+JmbM9Sle6Zcq73lFoolZXfk4kfuqpq9sUDUyrkhZPN6Dz07boHp+sTyJb1nPixksL6pNoXv2s47GZjNJfBqOety5L3eZx9yaSdP/FJlkdzXEpUiWzA9ufv9lRDFZ2jpA4GIBZqgYI8dkU6M=$BCOEFPiBhUKBoNRtJ13ybA==
vary: accept-encoding
server: cloudflare
cf-ray: 87c897a1bbb856c7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/87c8979edf7f56c7/1714491228452/ed4396537fde24fd5734e940e3ef7928b47b5a0d367b22b64e09d019fd6dd5d7/krcrx3lIw_9dGsB | 104.17.2.184 | | 1 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/87c8979edf7f56c7/1714491228452/ed4396537fde24fd5734e940e3ef7928b47b5a0d367b22b64e09d019fd6dd5d7/krcrx3lIw_9dGsB IP104.17.2.184:0
File typevery short file (no magic) Hashff44570aca8241914870afbc310cdb85 58668e7669fd564d99db5d581fcdb6a5618440b5 6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5
GET /cdn-cgi/challenge-platform/h/g/pat/87c8979edf7f56c7/1714491228452/ed4396537fde24fd5734e940e3ef7928b47b5a0d367b22b64e09d019fd6dd5d7/krcrx3lIw_9dGsB HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/qi8qm/0x4AAAAAAAYx2FSs3SqL9J3N/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 401 Unauthorized
date: Tue, 30 Apr 2024 15:33:49 GMT
content-type: text/plain; charset=UTF-8
content-length: 1
www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20g7UOWU3_eJP1XNOlA4-95KLR7Wg02eyK2TgnQGf1t1dcAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEApc5PUXcXSrXwpeNe3kT6EaAJPDsPBMfFZc7M608yW3JV6YSHiGBLoFiLtNHD3Yj8UsOtWbQeFa2uvS_dYz5MBsoSW4-RbOY-WCB2aGEB-eoRbXl4lJRl0UNGi00lNBgNTil_mTTSNV3ssSkmSY8kwM-5GqBNfJ2kmJPKo02MWiXn1pwc4YXbeATUrYDRvvXUXYZrgaarjDyvHFhnYpD3mqr5qOj_TS_1SCUZ0HIp8ywDX06Xc59cKjzFHEUzD3gWutoK4apMxNt9bWWxcH3D_UL1a1llCxh-knMwTxgvRXS-XHap_ymO2zCuAPNgo1SDCTl4lTQZbVX7VvpDZwMaiQIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tIO1DllN_3iT9VzTpQOPveSi0e1oNNnsitk4J0Bn9bdXXABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEA1FEYykHcK8H9rb_u0aFz3CmWgYloQw4YhedoEOAjJ0vy2Axa4f9UG9Dzs4uXS34_h8l6MDo2nRCvLI9lvebilMnTjCn-6D77bewqYxJKUFZW1z2jBIdu03TrETczfEg7kxgKtJE9NXGDjYJcF_iMgzgNA0PEAVM89tUYXXlFy4cUAGlqU2mPpIEOxm5ARsXC-zlLK60fkJ4cOsZRkZa6EExdhmgdwQ0fEJuSOHrBO_-zJn4hUP8q9g4yqkxW2UrfJgD07F4HaHGBEiei06sGDvH2NEPvswEl5dTGxutNrxlU7W24iYhNa2nhjlc53nNb0mKtszv-czVE9UhXyJ7-RQIDAQAB", max-age=20
server: cloudflare
cf-ray: 87c897ab79ed56c7-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/87c8979edf7f56c7/1714491228460/cJ9_I8hKmo6Mwjn | 104.17.2.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/87c8979edf7f56c7/1714491228460/cJ9_I8hKmo6Mwjn IP104.17.2.184:0
File typePNG image data, 47 x 82, 8-bit/color RGB, non-interlaced Hashd5f4d0f9850f6c5392a274f11a078002 64c3b431d859a5b204df58a640d006b81a08c091 14e341b4f85d92265b0cd955e40e85a770b7b40b651f2eb9634503628f981357
GET /cdn-cgi/challenge-platform/h/g/i/87c8979edf7f56c7/1714491228460/cJ9_I8hKmo6Mwjn HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/qi8qm/0x4AAAAAAAYx2FSs3SqL9J3N/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 30 Apr 2024 15:33:51 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 87c897b23d3956c7-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/667876476:1714490001:GLgTwJttO1no6AhH5yEkI3bxeb8tWq3bgFhY9IWzBnU/87c8979edf7f56c7/982ca5e4f4d765d | 104.17.2.184 | | 22 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/667876476:1714490001:GLgTwJttO1no6AhH5yEkI3bxeb8tWq3bgFhY9IWzBnU/87c8979edf7f56c7/982ca5e4f4d765d IP104.17.2.184:0
File typeASCII text, with very long lines (22344), with no line terminators Hashf70b3d034a9f961bf802fc08fa2850ae e6ca62e5a51412735b29d99a9e7370612b2be480 6982714ca42a1181a1e217cd3bc13464e4776a6d92bf67de2fea9d3f24101b85
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/667876476:1714490001:GLgTwJttO1no6AhH5yEkI3bxeb8tWq3bgFhY9IWzBnU/87c8979edf7f56c7/982ca5e4f4d765d HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/qi8qm/0x4AAAAAAAYx2FSs3SqL9J3N/auto/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 982ca5e4f4d765d
Content-Length: 27901
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 30 Apr 2024 15:33:51 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: P2WBaIXJnTLbZXh1XRD95l0vo0dmKopWdMnyd2SyHU/wzcCadM8J5itGwQOaFijW$Rgib/lgmMLsIz91JxMqmnQ==
vary: accept-encoding
server: cloudflare
cf-ray: 87c897b36eec56c7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/667876476:1714490001:GLgTwJttO1no6AhH5yEkI3bxeb8tWq3bgFhY9IWzBnU/87c8979edf7f56c7/982ca5e4f4d765d | 104.17.2.184 | | 3.3 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/667876476:1714490001:GLgTwJttO1no6AhH5yEkI3bxeb8tWq3bgFhY9IWzBnU/87c8979edf7f56c7/982ca5e4f4d765d IP104.17.2.184:0
File typeASCII text, with very long lines (3488), with no line terminators Hash47c3f428f49ca13b133156e7da675926 e0ec151782f49e5c690f056d41c8dfcdae783e0b 02c0fb6fe4f1089bc24675a82b4f6e0480496f505a34ea09c15c03607ec93965
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/667876476:1714490001:GLgTwJttO1no6AhH5yEkI3bxeb8tWq3bgFhY9IWzBnU/87c8979edf7f56c7/982ca5e4f4d765d HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/qi8qm/0x4AAAAAAAYx2FSs3SqL9J3N/auto/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 982ca5e4f4d765d
Content-Length: 37725
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 30 Apr 2024 15:33:56 GMT
content-type: text/html; charset=UTF-8
cf-chl-out-s: Ad7XNWnwTXaofh4dy5+/qw==$ky641VkKcs9mXj+N3+0pSw==
cf-chl-out: l+IddpHsZC3X9Hl0Vr8j+Ie0lhVVP57T4Zyqf9bbXne6Tucudg40fQ/BX3jmcm7Qaym90ZObOYeT9LFBbVlabX8FgrL4VvPoZ2iNJhEIjJoy6m/qhucRHVaM0JdmtWKb$qpAc/YF8dMV5+tMa009beA==
vary: accept-encoding
server: cloudflare
cf-ray: 87c897d49b1656c7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| betarlaudimbinc.com/owa/?login_hint=tiziano.ceccarani%40mundys.com |  51.89.72.178 | 302 Found | 1.4 kB |
URL GET HTTP/1.1betarlaudimbinc.com/owa/?login_hint=tiziano.ceccarani%40mundys.com IP51.89.72.178:443
Requested byhttps://f4aba89c.e1ec315c2713e1dc37b7b50a.workers.dev/?qrc=tiziano.ceccarani@mundys.com CertificateIssuerLet's Encrypt Subjectbetarlaudimbinc.com Fingerprint71:C4:90:DB:66:67:1F:BD:E0:DD:8C:19:9C:6A:60:18:FA:FB:AF:77 ValidityTue, 30 Apr 2024 06:19:04 GMT - Mon, 29 Jul 2024 06:19:03 GMT
File typeHTML document, ASCII text, with very long lines (808), with CRLF, LF line terminators Hash23d3074c05db2203ab13654b41549aa7 a1ebd475d154a759ff8cb63aef79267fd3a5fafc b953901ade274058019a9371364f289980dbdd5b415efc434a5c3c8ba233dc81
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /owa/?login_hint=tiziano.ceccarani%40mundys.com HTTP/1.1
Host: betarlaudimbinc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://f4aba89c.e1ec315c2713e1dc37b7b50a.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=8FqdEArM7svM; qPdM.sig=waQsngsiy9bN2-Pw1-MjWavlIa8
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
content-length: 1388
Content-Type: text/html; charset=utf-8
Location: https://betarlaudimbinc.com/?fwu0iwdwi=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10aXppYW5vLmNlY2NhcmFuaSU0MG11bmR5cy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9NTAyMWE0OWYtNTMwMC00NWIzLTU3OTctNmZlYWFmMDZiNzczJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUwMDg4MDM4MTE1OTQzOC4zMzc1ODc1MC05MGI3LTQyMDUtOGJmZS1jZDk0OGI3NTg1MWQmc3RhdGU9RFl2TERzSWdFQURCZm90SFlCRldsa1BqcHhnZVZUZXhrTlFhbzE4dmg1bkxaS1FRWWhvY0JoS0dSRGc3UWdBaWNHUXRSdTlJT3hlUUFvS0trSVB5SjBCRi1iYW9VcU9uUEJyYUtzZHJUUDhrYzNuMk83ZnJnOXMtN196ajFMb3VTeWxwUzQyUEh0WjNxOS1YTG4zOUF3
Server: Microsoft-IIS/10.0
request-id: 5021a49f-5300-45b3-5797-6feaaf06b773
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Alt-Svc: h3=":443";ma=2592000,h3-29=":443";ma=2592000
X-CalculatedFETarget: PR3P191CU002.internal.outlook.com
X-BackEndHttpStatus: 302, 302
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: ClientId=D3BE02C74A41455D95A3F9B6FC860DAA; expires=Wed, 30-Apr-2025 15:33:58 GMT; path=/;SameSite=None; secure
ClientId=D3BE02C74A41455D95A3F9B6FC860DAA; expires=Wed, 30-Apr-2025 15:33:58 GMT; path=/;SameSite=None; secure
OIDC=1; expires=Wed, 30-Oct-2024 15:33:58 GMT; path=/;SameSite=None; secure; HttpOnly
RoutingKeyCookie=; expires=Sat, 30-Apr-1994 15:33:58 GMT; path=/; secure
OpenIdConnect.token.v1=; expires=Sat, 30-Apr-1994 15:33:58 GMT; path=/; secure
OpenIdConnect.token.v1=; domain=betarlaudimbinc.com; expires=Sat, 30-Apr-1994 15:33:58 GMT; path=/; secure
OpenIdConnect.id_token.v1=; expires=Sat, 30-Apr-1994 15:33:58 GMT; path=/; secure
OpenIdConnect.code.v1=; expires=Sat, 30-Apr-1994 15:33:58 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; expires=Sat, 30-Apr-1994 15:33:58 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; expires=Sat, 30-Apr-1994 15:33:58 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; expires=Sat, 30-Apr-1994 15:33:58 GMT; path=/; secure
OpenIdConnect.id_token.v1=; domain=betarlaudimbinc.com; expires=Sat, 30-Apr-1994 15:33:58 GMT; path=/; secure
OpenIdConnect.code.v1=; domain=betarlaudimbinc.com; expires=Sat, 30-Apr-1994 15:33:58 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; domain=betarlaudimbinc.com; expires=Sat, 30-Apr-1994 15:33:58 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; domain=betarlaudimbinc.com; expires=Sat, 30-Apr-1994 15:33:58 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; domain=betarlaudimbinc.com; expires=Sat, 30-Apr-1994 15:33:58 GMT; path=/; secure
OpenIdConnect.nonce.v3.poKXyAMnDlfTH5eMXGHVOqFvsyn2khCC_G4TXFu2bQI=638500880381159438.33758750-90b7-4205-8bfe-cd948b75851d; expires=Tue, 30-Apr-2024 16:33:58 GMT; path=/;SameSite=None; secure; HttpOnly
HostSwitchPrg=; expires=Sat, 30-Apr-1994 15:33:58 GMT; path=/; secure
OptInPrg=; expires=Sat, 30-Apr-1994 15:33:58 GMT; path=/; secure
SuiteServiceProxyKey=; expires=Sat, 30-Apr-1994 15:33:58 GMT; path=/; secure
ClientId=D3BE02C74A41455D95A3F9B6FC860DAA; expires=Wed, 30-Apr-2025 15:33:58 GMT; path=/;SameSite=None; secure
OIDC=1; expires=Wed, 30-Oct-2024 15:33:58 GMT; path=/;SameSite=None; secure; HttpOnly
RoutingKeyCookie=; expires=Sat, 30-Apr-1994 15:33:58 GMT; path=/; secure
OpenIdConnect.token.v1=; expires=Sat, 30-Apr-1994 15:33:58 GMT; path=/; secure
OpenIdConnect.token.v1=; domain=betarlaudimbinc.com; expires=Sat, 30-Apr-1994 15:33:58 GMT; path=/; secure
OpenIdConnect.id_token.v1=; expires=Sat, 30-Apr-1994 15:33:58 GMT; path=/; secure
OpenIdConnect.code.v1=; expires=Sat, 30-Apr-1994 15:33:58 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; expires=Sat, 30-Apr-1994 15:33:58 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; expires=Sat, 30-Apr-1994 15:33:58 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; expires=Sat, 30-Apr-1994 15:33:58 GMT; path=/; secure
OpenIdConnect.id_token.v1=; domain=betarlaudimbinc.com; expires=Sat, 30-Apr-1994 15:33:58 GMT; path=/; secure
OpenIdConnect.code.v1=; domain=betarlaudimbinc.com; expires=Sat, 30-Apr-1994 15:33:58 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; domain=betarlaudimbinc.com; expires=Sat, 30-Apr-1994 15:33:58 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; domain=betarlaudimbinc.com; expires=Sat, 30-Apr-1994 15:33:58 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; domain=betarlaudimbinc.com; expires=Sat, 30-Apr-1994 15:33:58 GMT; path=/; secure
OpenIdConnect.nonce.v3.poKXyAMnDlfTH5eMXGHVOqFvsyn2khCC_G4TXFu2bQI=638500880381159438.33758750-90b7-4205-8bfe-cd948b75851d; expires=Tue, 30-Apr-2024 16:33:58 GMT; path=/;SameSite=None; secure; HttpOnly
HostSwitchPrg=; expires=Sat, 30-Apr-1994 15:33:58 GMT; path=/; secure
OptInPrg=; expires=Sat, 30-Apr-1994 15:33:58 GMT; path=/; secure
SuiteServiceProxyKey=; expires=Sat, 30-Apr-1994 15:33:58 GMT; path=/; secure
X-OWA-RedirectHistory=ArLym14BDqjk8ypp3Ag; expires=Tue, 30-Apr-2024 21:35:58 GMT; path=/;SameSite=None; secure; HttpOnly
X-CalculatedBETarget: PR0P264MB2613.FRAP264.PROD.OUTLOOK.COM
X-RUM-Validated: 1
X-RUM-NotUpdateQueriedPath: 1
X-RUM-NotUpdateQueriedDbCopy: 1
X-BeSku: WCS6
X-OWA-DiagnosticsInfo: 1;0;0
X-IIDs: 0
X-BackEnd-Begin: 2024-04-30T15:33:58.115
X-BackEnd-End: 2024-04-30T15:33:58.115
X-DiagInfo: PR0P264MB2613
X-BEServer: PR0P264MB2613
X-UA-Compatible: IE=EmulateIE7
X-Proxy-RoutingCorrectness: 1
X-Proxy-BackendServerStatus: 302
X-FEProxyInfo: PAYP264CA0009.FRAP264.PROD.OUTLOOK.COM
X-FEEFZInfo: ORY
X-FEServer: PR3P191CA0039, PAYP264CA0009
NEL: {"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
X-FirstHopCafeEFZ: ORY
Date: Tue, 30 Apr 2024 15:33:57 GMT
Connection: close
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|
| betarlaudimbinc.com/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css | 51.89.72.178 | 200 OK | 20 kB |
URL GET HTTP/1.1betarlaudimbinc.com/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css IP51.89.72.178:443
Requested byhttps://betarlaudimbinc.com/?fwu0iwdwi=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10aXppYW5vLmNlY2NhcmFuaSU0MG11bmR5cy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9NTAyMWE0OWYtNTMwMC00NWIzLTU3OTctNmZlYWFmMDZiNzczJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUwMDg4MDM4MTE1OTQzOC4zMzc1ODc1MC05MGI3LTQyMDUtOGJmZS1jZDk0OGI3NTg1MWQmc3RhdGU9RFl2TERzSWdFQURCZm90SFlCRldsa1BqcHhnZVZUZXhrTlFhbzE4dmg1bkxaS1FRWWhvY0JoS0dSRGc3UWdBaWNHUXRSdTlJT3hlUUFvS0trSVB5SjBCRi1iYW9VcU9uUEJyYUtzZHJUUDhrYzNuMk83ZnJnOXMtN196ajFMb3VTeWxwUzQyUEh0WjNxOS1YTG4zOUF3 CertificateIssuerLet's Encrypt Subjectbetarlaudimbinc.com Fingerprint71:C4:90:DB:66:67:1F:BD:E0:DD:8C:19:9C:6A:60:18:FA:FB:AF:77 ValidityTue, 30 Apr 2024 06:19:04 GMT - Mon, 29 Jul 2024 06:19:03 GMT
File typeASCII text, with very long lines (61177) Hashd62b4edeb512b07abef4688e27ecdde3 981a7825da5e29938ab6fe0cbfe2db622f7b8333 4b01a0a34ce8ed4bc8a8713be0442d49da6a756236b7b4424622ca3dee820f41
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css HTTP/1.1
Host: betarlaudimbinc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://betarlaudimbinc.com/?fwu0iwdwi=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10aXppYW5vLmNlY2NhcmFuaSU0MG11bmR5cy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9NTAyMWE0OWYtNTMwMC00NWIzLTU3OTctNmZlYWFmMDZiNzczJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUwMDg4MDM4MTE1OTQzOC4zMzc1ODc1MC05MGI3LTQyMDUtOGJmZS1jZDk0OGI3NTg1MWQmc3RhdGU9RFl2TERzSWdFQURCZm90SFlCRldsa1BqcHhnZVZUZXhrTlFhbzE4dmg1bkxaS1FRWWhvY0JoS0dSRGc3UWdBaWNHUXRSdTlJT3hlUUFvS0trSVB5SjBCRi1iYW9VcU9uUEJyYUtzZHJUUDhrYzNuMk83ZnJnOXMtN196ajFMb3VTeWxwUzQyUEh0WjNxOS1YTG4zOUF3
DNT: 1
Connection: keep-alive
Cookie: qPdM=8FqdEArM7svM; qPdM.sig=waQsngsiy9bN2-Pw1-MjWavlIa8; ClientId=D3BE02C74A41455D95A3F9B6FC860DAA; OIDC=1; OpenIdConnect.nonce.v3.poKXyAMnDlfTH5eMXGHVOqFvsyn2khCC_G4TXFu2bQI=638500880381159438.33758750-90b7-4205-8bfe-cd948b75851d; X-OWA-RedirectHistory=ArLym14BDqjk8ypp3Ag; buid=0.AYIAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8VSY7PVuSIjYAz6fHzO5r1hAcs8WOrat6BMDwQSjSYyhBdTMYqXiHf23y2HR55tQIRAeWMjy0engfUv5dak2n6jaBmAcCQnTdy2YcLJmtbhUgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8h9XcH6yYYzollWaHsaFCW7AgbBj1Ry88lebMZbk6lduuNBcLQPHD_Q2poVfCKgSSsUR_NmN5_ni0gS549qARdzJkbnN097SseVUCtee54sz5Q8Vvpr9spbZLHkA91nJgzIe7akBYR0SCdrFe4EmlS15cKgXd0BcQRxo9K4DX2icgAA; esctx-YxlhWHckdOk=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8aflXVnPjdBNhHWrqRmTpybgsnUm_-PBhyKSrwuvPg61L6VCLRM_UVugq9XbvIRnXfav7BqZg_E5Cj1wVEDCyWpMRqzGwdYeV6NQY-X9-6o1J5kWTUGPXlp2TKSC934hQ274vVUJIx4T_M_PodMlU8iAA; fpc=AsC_YxzkoE1Mq3XCydU8bmCerOTJAQAAAGUGw90OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Encoding: gzip
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Age: 3157228
Cache-Control: public, max-age=31536000
Content-MD5: kqhA3D0Xczna4D/t8ioitQ==
Content-Type: text/css
Date: Tue, 30 Apr 2024 15:33:58 GMT
Etag: 0x8DC070858CA028D
Last-Modified: Wed, 27 Dec 2023 18:19:21 GMT
Server: ECAcc (paa/6F4D)
Vary: Accept-Encoding
X-Cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 1e5369c2-201e-00a5-355c-7e1b4a000000
x-ms-version: 2009-09-19
Content-Length: 20314
Connection: close
|
|
| betarlaudimbinc.com/aadcdn.msftauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_4aBF4cdky--I3Cpch7JoPw2.js | 51.89.72.178 | 200 OK | 689 kB |
URL GET HTTP/1.1betarlaudimbinc.com/aadcdn.msftauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_4aBF4cdky--I3Cpch7JoPw2.js IP51.89.72.178:443
Requested byhttps://betarlaudimbinc.com/?fwu0iwdwi=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10aXppYW5vLmNlY2NhcmFuaSU0MG11bmR5cy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9NTAyMWE0OWYtNTMwMC00NWIzLTU3OTctNmZlYWFmMDZiNzczJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUwMDg4MDM4MTE1OTQzOC4zMzc1ODc1MC05MGI3LTQyMDUtOGJmZS1jZDk0OGI3NTg1MWQmc3RhdGU9RFl2TERzSWdFQURCZm90SFlCRldsa1BqcHhnZVZUZXhrTlFhbzE4dmg1bkxaS1FRWWhvY0JoS0dSRGc3UWdBaWNHUXRSdTlJT3hlUUFvS0trSVB5SjBCRi1iYW9VcU9uUEJyYUtzZHJUUDhrYzNuMk83ZnJnOXMtN196ajFMb3VTeWxwUzQyUEh0WjNxOS1YTG4zOUF3 CertificateIssuerLet's Encrypt Subjectbetarlaudimbinc.com Fingerprint71:C4:90:DB:66:67:1F:BD:E0:DD:8C:19:9C:6A:60:18:FA:FB:AF:77 ValidityTue, 30 Apr 2024 06:19:04 GMT - Mon, 29 Jul 2024 06:19:03 GMT
File typeJavaScript source, ASCII text Size689 kB (689017 bytes) Hash3e89ae909c6a8d8c56396830471f3373 2632f95a5be7e4c589402bf76e800a8151cd036b 6665ca6a09f770c6679556eb86cf4234c8bdb0271049620e03199b34b4a16099
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /aadcdn.msftauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_4aBF4cdky--I3Cpch7JoPw2.js HTTP/1.1
Host: betarlaudimbinc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://betarlaudimbinc.com/?fwu0iwdwi=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10aXppYW5vLmNlY2NhcmFuaSU0MG11bmR5cy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9NTAyMWE0OWYtNTMwMC00NWIzLTU3OTctNmZlYWFmMDZiNzczJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUwMDg4MDM4MTE1OTQzOC4zMzc1ODc1MC05MGI3LTQyMDUtOGJmZS1jZDk0OGI3NTg1MWQmc3RhdGU9RFl2TERzSWdFQURCZm90SFlCRldsa1BqcHhnZVZUZXhrTlFhbzE4dmg1bkxaS1FRWWhvY0JoS0dSRGc3UWdBaWNHUXRSdTlJT3hlUUFvS0trSVB5SjBCRi1iYW9VcU9uUEJyYUtzZHJUUDhrYzNuMk83ZnJnOXMtN196ajFMb3VTeWxwUzQyUEh0WjNxOS1YTG4zOUF3
DNT: 1
Connection: keep-alive
Cookie: qPdM=8FqdEArM7svM; qPdM.sig=waQsngsiy9bN2-Pw1-MjWavlIa8; ClientId=D3BE02C74A41455D95A3F9B6FC860DAA; OIDC=1; OpenIdConnect.nonce.v3.poKXyAMnDlfTH5eMXGHVOqFvsyn2khCC_G4TXFu2bQI=638500880381159438.33758750-90b7-4205-8bfe-cd948b75851d; X-OWA-RedirectHistory=ArLym14BDqjk8ypp3Ag; buid=0.AYIAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8VSY7PVuSIjYAz6fHzO5r1hAcs8WOrat6BMDwQSjSYyhBdTMYqXiHf23y2HR55tQIRAeWMjy0engfUv5dak2n6jaBmAcCQnTdy2YcLJmtbhUgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8h9XcH6yYYzollWaHsaFCW7AgbBj1Ry88lebMZbk6lduuNBcLQPHD_Q2poVfCKgSSsUR_NmN5_ni0gS549qARdzJkbnN097SseVUCtee54sz5Q8Vvpr9spbZLHkA91nJgzIe7akBYR0SCdrFe4EmlS15cKgXd0BcQRxo9K4DX2icgAA; esctx-YxlhWHckdOk=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8aflXVnPjdBNhHWrqRmTpybgsnUm_-PBhyKSrwuvPg61L6VCLRM_UVugq9XbvIRnXfav7BqZg_E5Cj1wVEDCyWpMRqzGwdYeV6NQY-X9-6o1J5kWTUGPXlp2TKSC934hQ274vVUJIx4T_M_PodMlU8iAA; fpc=AsC_YxzkoE1Mq3XCydU8bmCerOTJAQAAAGUGw90OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 689017
Content-Type: application/x-javascript
Date: Tue, 30 Apr 2024 15:33:58 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
|
| outlook.office365.com/owa/prefetch.aspx |  40.99.215.50 | 200 OK | 1.2 kB |
URL GET HTTP/2outlook.office365.com/owa/prefetch.aspx IP40.99.215.50:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://betarlaudimbinc.com/?fwu0iwdwi=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10aXppYW5vLmNlY2NhcmFuaSU0MG11bmR5cy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9NTAyMWE0OWYtNTMwMC00NWIzLTU3OTctNmZlYWFmMDZiNzczJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUwMDg4MDM4MTE1OTQzOC4zMzc1ODc1MC05MGI3LTQyMDUtOGJmZS1jZDk0OGI3NTg1MWQmc3RhdGU9RFl2TERzSWdFQURCZm90SFlCRldsa1BqcHhnZVZUZXhrTlFhbzE4dmg1bkxaS1FRWWhvY0JoS0dSRGc3UWdBaWNHUXRSdTlJT3hlUUFvS0trSVB5SjBCRi1iYW9VcU9uUEJyYUtzZHJUUDhrYzNuMk83ZnJnOXMtN196ajFMb3VTeWxwUzQyUEh0WjNxOS1YTG4zOUF3 CertificateIssuerDigiCert Inc Subjectoutlook.com Fingerprint2C:61:C5:26:BC:9A:1C:E6:BE:6B:92:00:FC:AF:29:2A:23:84:5E:5C ValidityMon, 22 Jan 2024 00:00:00 GMT - Tue, 21 Jan 2025 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (1188), with CRLF line terminators Hash2a2e8860680c20ef4f620fad46dd6b26 e941d84237153f8531052f598239043d48edd791 6b254b2b2a036cd22bf01e2afda7332b695d4a747e83557cf94486d6ef928cbe
GET /owa/prefetch.aspx HTTP/1.1
Host: outlook.office365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://betarlaudimbinc.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: private, no-store
content-length: 1236
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
server: Microsoft-IIS/10.0
request-id: 3d3b16e9-4927-ed7f-11bf-42fcf7580bdc
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443";ma=2592000,h3-29=":443";ma=2592000
x-calculatedbetarget: OS5P279MB0798.NORP279.PROD.OUTLOOK.COM
x-backendhttpstatus: 200
set-cookie: ClientId=C1BD1E5B1CBF434F98986C949D15AE37; expires=Wed, 30-Apr-2025 15:33:59 GMT; path=/;SameSite=None; secure
ClientId=C1BD1E5B1CBF434F98986C949D15AE37; expires=Wed, 30-Apr-2025 15:33:59 GMT; path=/;SameSite=None; secure
OIDC=1; expires=Wed, 30-Oct-2024 15:33:59 GMT; path=/;SameSite=None; secure; HttpOnly
OWAPF=v:15.20.7519.36&l:mouse; path=/; secure; HttpOnly
x-rum-validated: 1
x-rum-notupdatequeriedpath: 1
x-rum-notupdatequerieddbcopy: 1
x-content-type-options: nosniff
x-besku: WCS7
x-owa-version: 15.20.7519.35
x-owa-diagnosticsinfo: 2;0;0
x-iids: 0
x-backend-begin: 2024-04-30T15:33:59.397
x-backend-end: 2024-04-30T15:33:59.397
x-diaginfo: OS5P279MB0798
x-beserver: OS5P279MB0798
x-ua-compatible: IE=EmulateIE7
x-proxy-routingcorrectness: 1
report-to: {"group":"NelOfficeUpload1","max_age":7200,"endpoints":[{"url":"https://exo.nel.measure.office.net/api/report?TenantId=&FrontEnd=Cafe&DestinationEndpoint=OSL&RemoteIP=91.90.42.0"}],"include_subdomains":true}
nel: {"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
x-proxy-backendserverstatus: 200
x-firsthopcafeefz: OSL
x-feproxyinfo: OS6P279CA0128.NORP279.PROD.OUTLOOK.COM
x-feefzinfo: OSL
x-feserver: OS6P279CA0128
date: Tue, 30 Apr 2024 15:33:58 GMT
X-Firefox-Spdy: h2
|
|
| r4.res.office365.com/owa/prem/15.20.7519.36/scripts/boot.worldwide.0.mouse.js | 23.36.79.43 | 200 OK | 180 kB |
URL GET HTTP/2r4.res.office365.com/owa/prem/15.20.7519.36/scripts/boot.worldwide.0.mouse.js IP23.36.79.43:443 ASN#20940 Akamai International B.V.
Requested byhttps://outlook.office365.com/owa/prefetch.aspx CertificateIssuerDigiCert Inc Subject*.res.outlook.com Fingerprint21:55:DF:8C:D8:DA:80:F2:04:7A:B9:66:BA:AC:C0:DC:D7:DB:46:D5 ValidityTue, 20 Feb 2024 00:00:00 GMT - Thu, 20 Feb 2025 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 (with BOM) text, with very long lines (59783), with CRLF line terminators Size180 kB (179692 bytes) Hash761ce9e68c8d14f49b8bf1a0257b69d6 8cf5d714d35effa54f3686065cb62cce028e2c77 beaa65ad34340e61e9e701458e2ccff8f9073fdebbc3593a2c7ec8afeacb69c1
GET /owa/prem/15.20.7519.36/scripts/boot.worldwide.0.mouse.js HTTP/1.1
Host: r4.res.office365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://outlook.office365.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
last-modified: Mon, 29 Apr 2024 01:35:22 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 179692
cache-control: public,max-age=630720000, s-maxage=630720000
date: Tue, 30 Apr 2024 15:33:59 GMT
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
|
|
| r4.res.office365.com/owa/prem/15.20.7519.36/scripts/boot.worldwide.1.mouse.js | 23.36.79.43 | 200 OK | 163 kB |
URL GET HTTP/2r4.res.office365.com/owa/prem/15.20.7519.36/scripts/boot.worldwide.1.mouse.js IP23.36.79.43:443 ASN#20940 Akamai International B.V.
Requested byhttps://outlook.office365.com/owa/prefetch.aspx CertificateIssuerDigiCert Inc Subject*.res.outlook.com Fingerprint21:55:DF:8C:D8:DA:80:F2:04:7A:B9:66:BA:AC:C0:DC:D7:DB:46:D5 ValidityTue, 20 Feb 2024 00:00:00 GMT - Thu, 20 Feb 2025 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators Size163 kB (163064 bytes) Hash9786d38346567e5e93c7d03b06e3ea2d 23ef8c59c5c9aa5290865933b29c9c56ab62e3b0 263307e3fe285c85cb77cf5ba69092531ce07b7641bf316ef496dcb5733af76c
GET /owa/prem/15.20.7519.36/scripts/boot.worldwide.1.mouse.js HTTP/1.1
Host: r4.res.office365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://outlook.office365.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
last-modified: Mon, 29 Apr 2024 01:35:16 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 163064
cache-control: public,max-age=630720000, s-maxage=630720000
date: Tue, 30 Apr 2024 15:34:00 GMT
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
|
|
| r4.res.office365.com/owa/prem/15.20.7519.36/scripts/boot.worldwide.2.mouse.js | 23.36.79.43 | 200 OK | 170 kB |
URL GET HTTP/2r4.res.office365.com/owa/prem/15.20.7519.36/scripts/boot.worldwide.2.mouse.js IP23.36.79.43:443 ASN#20940 Akamai International B.V.
Requested byhttps://outlook.office365.com/owa/prefetch.aspx CertificateIssuerDigiCert Inc Subject*.res.outlook.com Fingerprint21:55:DF:8C:D8:DA:80:F2:04:7A:B9:66:BA:AC:C0:DC:D7:DB:46:D5 ValidityTue, 20 Feb 2024 00:00:00 GMT - Thu, 20 Feb 2025 23:59:59 GMT
File typeUnicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators Size170 kB (169666 bytes) Hash12204899d75fc019689a92ed57559b94 ccf6271c6565495b18c1ced2f7273d5875dbfb1f 39dafd5aca286717d9515f24cf9be0c594dfd1ddf746e6973b1ce5de8b2dd21b
GET /owa/prem/15.20.7519.36/scripts/boot.worldwide.2.mouse.js HTTP/1.1
Host: r4.res.office365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://outlook.office365.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
last-modified: Mon, 29 Apr 2024 01:35:23 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 169666
cache-control: public,max-age=630720000, s-maxage=630720000
date: Tue, 30 Apr 2024 15:34:00 GMT
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
|
|
| r4.res.office365.com/owa/prem/15.20.7519.36/scripts/boot.worldwide.3.mouse.js | 23.36.79.43 | 200 OK | 146 kB |
URL GET HTTP/2r4.res.office365.com/owa/prem/15.20.7519.36/scripts/boot.worldwide.3.mouse.js IP23.36.79.43:443 ASN#20940 Akamai International B.V.
Requested byhttps://outlook.office365.com/owa/prefetch.aspx CertificateIssuerDigiCert Inc Subject*.res.outlook.com Fingerprint21:55:DF:8C:D8:DA:80:F2:04:7A:B9:66:BA:AC:C0:DC:D7:DB:46:D5 ValidityTue, 20 Feb 2024 00:00:00 GMT - Thu, 20 Feb 2025 23:59:59 GMT
File typeUnicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators Size146 kB (145599 bytes) Hashd9e3d2ce0228d2a5079478aae5759698 412f45951c6aeda5f3df2c52533171fc7bdd5961 7041d585609800051e4f451792aec2b8bd06a4f2d29ed6f5ad8841aae5107502
GET /owa/prem/15.20.7519.36/scripts/boot.worldwide.3.mouse.js HTTP/1.1
Host: r4.res.office365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://outlook.office365.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
last-modified: Mon, 29 Apr 2024 01:35:17 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 145599
cache-control: public,max-age=630720000, s-maxage=630720000
date: Tue, 30 Apr 2024 15:34:00 GMT
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
|
|
| r4.res.office365.com/owa/prem/15.20.7519.36/resources/images/0/sprite1.mouse.png | 23.36.79.43 | 200 OK | 132 B |
URL GET HTTP/2r4.res.office365.com/owa/prem/15.20.7519.36/resources/images/0/sprite1.mouse.png IP23.36.79.43:443 ASN#20940 Akamai International B.V.
Requested byhttps://outlook.office365.com/owa/prefetch.aspx CertificateIssuerDigiCert Inc Subject*.res.outlook.com Fingerprint21:55:DF:8C:D8:DA:80:F2:04:7A:B9:66:BA:AC:C0:DC:D7:DB:46:D5 ValidityTue, 20 Feb 2024 00:00:00 GMT - Thu, 20 Feb 2025 23:59:59 GMT
File typePNG image data, 600 x 1, 8-bit/color RGBA, non-interlaced Hash3eda15637afeac6078f56c9dcc9bbdb8 97b900884183cb8cf99ba069eedc280c599c1b74 68c66d144855ba2bc8b8bee88bb266047367708c1e281a21b9d729b1fbd23429
GET /owa/prem/15.20.7519.36/resources/images/0/sprite1.mouse.png HTTP/1.1
Host: r4.res.office365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://outlook.office365.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-length: 132
content-type: image/png
last-modified: Mon, 29 Apr 2024 01:45:33 GMT
server: AkamaiNetStorage
cache-control: public,max-age=630720000, s-maxage=630720000
date: Tue, 30 Apr 2024 15:34:00 GMT
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
|
|
| r4.res.office365.com/owa/prem/15.20.7519.36/resources/images/0/sprite1.mouse.css | 23.36.79.43 | 200 OK | 288 B |
URL GET HTTP/2r4.res.office365.com/owa/prem/15.20.7519.36/resources/images/0/sprite1.mouse.css IP23.36.79.43:443 ASN#20940 Akamai International B.V.
Requested byhttps://outlook.office365.com/owa/prefetch.aspx CertificateIssuerDigiCert Inc Subject*.res.outlook.com Fingerprint21:55:DF:8C:D8:DA:80:F2:04:7A:B9:66:BA:AC:C0:DC:D7:DB:46:D5 ValidityTue, 20 Feb 2024 00:00:00 GMT - Thu, 20 Feb 2025 23:59:59 GMT
File typeASCII text, with very long lines (994), with no line terminators Hashe2110b813f02736a4726197271108119 d7ac10cc425a7b67bf16dda0aaef1feb00a79857 6d1be7ed96dd494447f348986317faf64728ccf788be551f2a621b31ddc929ac
GET /owa/prem/15.20.7519.36/resources/images/0/sprite1.mouse.css HTTP/1.1
Host: r4.res.office365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://outlook.office365.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: text/css
last-modified: Mon, 29 Apr 2024 01:45:31 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 288
cache-control: public,max-age=630720000, s-maxage=630720000
date: Tue, 30 Apr 2024 15:34:00 GMT
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
|
|
| r4.res.office365.com/owa/prem/15.20.7519.36/resources/styles/0/boot.worldwide.mouse.css | 23.36.79.43 | 200 OK | 44 kB |
URL GET HTTP/2r4.res.office365.com/owa/prem/15.20.7519.36/resources/styles/0/boot.worldwide.mouse.css IP23.36.79.43:443 ASN#20940 Akamai International B.V.
Requested byhttps://outlook.office365.com/owa/prefetch.aspx CertificateIssuerDigiCert Inc Subject*.res.outlook.com Fingerprint21:55:DF:8C:D8:DA:80:F2:04:7A:B9:66:BA:AC:C0:DC:D7:DB:46:D5 ValidityTue, 20 Feb 2024 00:00:00 GMT - Thu, 20 Feb 2025 23:59:59 GMT
File typeASCII text, with very long lines (65536), with no line terminators Hashaf8d946b64d139a380cf3a1c27bdbeb0 c76845b6ffeaf14450795c550260eb618abd60ab 37619b16288166cc76403f0b7df6586349b2d5628de00d5850c815d019b17904
GET /owa/prem/15.20.7519.36/resources/styles/0/boot.worldwide.mouse.css HTTP/1.1
Host: r4.res.office365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://outlook.office365.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: text/css
last-modified: Mon, 29 Apr 2024 01:46:02 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 44144
cache-control: public,max-age=630720000, s-maxage=630720000
date: Tue, 30 Apr 2024 15:34:00 GMT
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
|
|
| r4.res.office365.com/owa/prem/15.20.7519.36/resources/styles/fonts/office365icons.woff | 23.36.79.43 | 200 OK | 78 kB |
URL GET HTTP/2r4.res.office365.com/owa/prem/15.20.7519.36/resources/styles/fonts/office365icons.woff IP23.36.79.43:443 ASN#20940 Akamai International B.V.
Requested byhttps://outlook.office365.com/owa/prefetch.aspx CertificateIssuerDigiCert Inc Subject*.res.outlook.com Fingerprint21:55:DF:8C:D8:DA:80:F2:04:7A:B9:66:BA:AC:C0:DC:D7:DB:46:D5 ValidityTue, 20 Feb 2024 00:00:00 GMT - Thu, 20 Feb 2025 23:59:59 GMT
File typeWeb Open Font Format, TrueType, length 77596, version 1.0 Hash343f04165d332680874f4dc072e86cf7 d42b7257282b914c976c00c5024f1cc96759da57 d689295b1e30160484089417c94a24292d734ef091942ef091899fafe62b2b6a
GET /owa/prem/15.20.7519.36/resources/styles/fonts/office365icons.woff HTTP/1.1
Host: r4.res.office365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://outlook.office365.com
DNT: 1
Connection: keep-alive
Referer: https://r4.res.office365.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
last-modified: Mon, 29 Apr 2024 01:46:24 GMT
server: AkamaiNetStorage
content-length: 77596
cache-control: public,max-age=630720000, s-maxage=630720000
date: Tue, 30 Apr 2024 15:34:00 GMT
timing-allow-origin: *
access-control-allow-origin: *
content-type: application/font-woff
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
|
|
| r4.res.office365.com/owa/prem/15.20.7519.36/resources/styles/fonts/office365icons.woff | 23.36.79.43 | 200 OK | 78 kB |
URL GET HTTP/2r4.res.office365.com/owa/prem/15.20.7519.36/resources/styles/fonts/office365icons.woff IP23.36.79.43:443 ASN#20940 Akamai International B.V.
Requested byhttps://outlook.office365.com/owa/prefetch.aspx CertificateIssuerDigiCert Inc Subject*.res.outlook.com Fingerprint21:55:DF:8C:D8:DA:80:F2:04:7A:B9:66:BA:AC:C0:DC:D7:DB:46:D5 ValidityTue, 20 Feb 2024 00:00:00 GMT - Thu, 20 Feb 2025 23:59:59 GMT
File typeWeb Open Font Format, TrueType, length 77596, version 1.0 Hash343f04165d332680874f4dc072e86cf7 d42b7257282b914c976c00c5024f1cc96759da57 d689295b1e30160484089417c94a24292d734ef091942ef091899fafe62b2b6a
GET /owa/prem/15.20.7519.36/resources/styles/fonts/office365icons.woff HTTP/1.1
Host: r4.res.office365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://outlook.office365.com
DNT: 1
Connection: keep-alive
Referer: https://outlook.office365.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
last-modified: Mon, 29 Apr 2024 01:46:24 GMT
server: AkamaiNetStorage
content-length: 77596
cache-control: public,max-age=630720000, s-maxage=630720000
date: Tue, 30 Apr 2024 15:34:00 GMT
timing-allow-origin: *
access-control-allow-origin: *
content-type: application/font-woff
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
|
|
| betarlaudimbinc.com/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_0lriinjhzchre9aqecvmpg2.js | 51.89.72.178 | 200 OK | 55 kB |
URL GET HTTP/1.1betarlaudimbinc.com/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_0lriinjhzchre9aqecvmpg2.js IP51.89.72.178:443
Requested byhttps://betarlaudimbinc.com/?fwu0iwdwi=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10aXppYW5vLmNlY2NhcmFuaSU0MG11bmR5cy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9NTAyMWE0OWYtNTMwMC00NWIzLTU3OTctNmZlYWFmMDZiNzczJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUwMDg4MDM4MTE1OTQzOC4zMzc1ODc1MC05MGI3LTQyMDUtOGJmZS1jZDk0OGI3NTg1MWQmc3RhdGU9RFl2TERzSWdFQURCZm90SFlCRldsa1BqcHhnZVZUZXhrTlFhbzE4dmg1bkxaS1FRWWhvY0JoS0dSRGc3UWdBaWNHUXRSdTlJT3hlUUFvS0trSVB5SjBCRi1iYW9VcU9uUEJyYUtzZHJUUDhrYzNuMk83ZnJnOXMtN196ajFMb3VTeWxwUzQyUEh0WjNxOS1YTG4zOUF3 CertificateIssuerLet's Encrypt Subjectbetarlaudimbinc.com Fingerprint71:C4:90:DB:66:67:1F:BD:E0:DD:8C:19:9C:6A:60:18:FA:FB:AF:77 ValidityTue, 30 Apr 2024 06:19:04 GMT - Mon, 29 Jul 2024 06:19:03 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_0lriinjhzchre9aqecvmpg2.js HTTP/1.1
Host: betarlaudimbinc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://betarlaudimbinc.com/?fwu0iwdwi=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10aXppYW5vLmNlY2NhcmFuaSU0MG11bmR5cy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9NTAyMWE0OWYtNTMwMC00NWIzLTU3OTctNmZlYWFmMDZiNzczJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUwMDg4MDM4MTE1OTQzOC4zMzc1ODc1MC05MGI3LTQyMDUtOGJmZS1jZDk0OGI3NTg1MWQmc3RhdGU9RFl2TERzSWdFQURCZm90SFlCRldsa1BqcHhnZVZUZXhrTlFhbzE4dmg1bkxaS1FRWWhvY0JoS0dSRGc3UWdBaWNHUXRSdTlJT3hlUUFvS0trSVB5SjBCRi1iYW9VcU9uUEJyYUtzZHJUUDhrYzNuMk83ZnJnOXMtN196ajFMb3VTeWxwUzQyUEh0WjNxOS1YTG4zOUF3
DNT: 1
Connection: keep-alive
Cookie: qPdM=8FqdEArM7svM; qPdM.sig=waQsngsiy9bN2-Pw1-MjWavlIa8; ClientId=D3BE02C74A41455D95A3F9B6FC860DAA; OIDC=1; OpenIdConnect.nonce.v3.poKXyAMnDlfTH5eMXGHVOqFvsyn2khCC_G4TXFu2bQI=638500880381159438.33758750-90b7-4205-8bfe-cd948b75851d; X-OWA-RedirectHistory=ArLym14BDqjk8ypp3Ag; buid=0.AYIAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8VSY7PVuSIjYAz6fHzO5r1hAcs8WOrat6BMDwQSjSYyhBdTMYqXiHf23y2HR55tQIRAeWMjy0engfUv5dak2n6jaBmAcCQnTdy2YcLJmtbhUgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8h9XcH6yYYzollWaHsaFCW7AgbBj1Ry88lebMZbk6lduuNBcLQPHD_Q2poVfCKgSSsUR_NmN5_ni0gS549qARdzJkbnN097SseVUCtee54sz5Q8Vvpr9spbZLHkA91nJgzIe7akBYR0SCdrFe4EmlS15cKgXd0BcQRxo9K4DX2icgAA; esctx-YxlhWHckdOk=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8aflXVnPjdBNhHWrqRmTpybgsnUm_-PBhyKSrwuvPg61L6VCLRM_UVugq9XbvIRnXfav7BqZg_E5Cj1wVEDCyWpMRqzGwdYeV6NQY-X9-6o1J5kWTUGPXlp2TKSC934hQ274vVUJIx4T_M_PodMlU8iAA; fpc=AsC_YxzkoE1Mq3XCydU8bmCerOTJAQAAAGUGw90OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Encoding: gzip
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Age: 2368265
Cache-Control: public, max-age=31536000
Content-MD5: CY0A6RVMGkhI2gFiBcGc6Q==
Content-Type: application/x-javascript
Date: Tue, 30 Apr 2024 15:33:59 GMT
Etag: 0x8DC535BDA2DB838
Last-Modified: Tue, 02 Apr 2024 21:28:34 GMT
Server: ECAcc (paa/6F10)
Vary: Accept-Encoding
X-Cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: a0bad7e5-701e-0054-0b89-85951d000000
x-ms-version: 2009-09-19
content-length: 55037
Connection: close
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|
| betarlaudimbinc.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2JldGFybGF1ZGltYmluYy5jb20iLCJkb21haW4iOiJiZXRhcmxhdWRpbWJpbmMuY29tIiwia2V5IjoiOEZxZEVBck03c3ZNIiwicXJjIjoidGl6aWFuby5jZWNjYXJhbmlAbXVuZHlzLmNvbSIsImlhdCI6MTcxNDQ5MTIzNywiZXhwIjoxNzE0NDkxMzU3fQ.HumSWjBWyEkRraM1LaMB_YdD2GOw9Z9LNutATB-Lmu8 | 51.89.72.178 | 302 Found | 39 kB |
URL GET HTTP/1.1betarlaudimbinc.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2JldGFybGF1ZGltYmluYy5jb20iLCJkb21haW4iOiJiZXRhcmxhdWRpbWJpbmMuY29tIiwia2V5IjoiOEZxZEVBck03c3ZNIiwicXJjIjoidGl6aWFuby5jZWNjYXJhbmlAbXVuZHlzLmNvbSIsImlhdCI6MTcxNDQ5MTIzNywiZXhwIjoxNzE0NDkxMzU3fQ.HumSWjBWyEkRraM1LaMB_YdD2GOw9Z9LNutATB-Lmu8 IP51.89.72.178:443
Requested byhttps://f4aba89c.e1ec315c2713e1dc37b7b50a.workers.dev/?qrc=tiziano.ceccarani@mundys.com CertificateIssuerLet's Encrypt Subjectbetarlaudimbinc.com Fingerprint71:C4:90:DB:66:67:1F:BD:E0:DD:8C:19:9C:6A:60:18:FA:FB:AF:77 ValidityTue, 30 Apr 2024 06:19:04 GMT - Mon, 29 Jul 2024 06:19:03 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2JldGFybGF1ZGltYmluYy5jb20iLCJkb21haW4iOiJiZXRhcmxhdWRpbWJpbmMuY29tIiwia2V5IjoiOEZxZEVBck03c3ZNIiwicXJjIjoidGl6aWFuby5jZWNjYXJhbmlAbXVuZHlzLmNvbSIsImlhdCI6MTcxNDQ5MTIzNywiZXhwIjoxNzE0NDkxMzU3fQ.HumSWjBWyEkRraM1LaMB_YdD2GOw9Z9LNutATB-Lmu8 HTTP/1.1
Host: betarlaudimbinc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://f4aba89c.e1ec315c2713e1dc37b7b50a.workers.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Set-Cookie: qPdM=8FqdEArM7svM; path=/; samesite=none; secure; httponly
qPdM.sig=waQsngsiy9bN2-Pw1-MjWavlIa8; path=/; samesite=none; secure; httponly
location: /?qrc=tiziano.ceccarani%40mundys.com
Date: Tue, 30 Apr 2024 15:33:57 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked
|
|
| f4aba89c.e1ec315c2713e1dc37b7b50a.workers.dev/favicon.ico | 104.21.30.74 | 200 OK | 3.3 kB |
URL GET HTTP/3f4aba89c.e1ec315c2713e1dc37b7b50a.workers.dev/favicon.ico IP104.21.30.74:443
Requested byhttps://f4aba89c.e1ec315c2713e1dc37b7b50a.workers.dev/?qrc=tiziano.ceccarani@mundys.com CertificateIssuerGoogle Trust Services LLC Subjecte1ec315c2713e1dc37b7b50a.workers.dev FingerprintE9:97:E1:60:02:E7:45:84:D1:5F:62:DB:9E:9E:19:53:DF:71:12:04 ValidityTue, 30 Apr 2024 06:37:57 GMT - Mon, 29 Jul 2024 06:37:56 GMT
File typeHTML document, ASCII text, with very long lines (3271), with no line terminators Hash94c63c2ccc1328b9c56186b615d4a6f7 3efc98d654febd7ea27271b6cef3f4ae3fd4d82f f6b46f5ab335a24c14abc9b71759e0bfb33102a340625f2b6ea7504b0f6c65ae
GET /favicon.ico HTTP/1.1
Host: f4aba89c.e1ec315c2713e1dc37b7b50a.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://f4aba89c.e1ec315c2713e1dc37b7b50a.workers.dev/?qrc=tiziano.ceccarani@mundys.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 30 Apr 2024 15:33:57 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=595HXR1i1HTzNx5tPxh4YZFoKfkWzannoz%2Bb9utbn9Ck8Fj%2FAWcPkZyml3PyX1JddPWoTBPamGjkY0FBqBXOf%2BLKZwBJH6%2FOBFyly%2FsFcLystRbBEC5YxF5vjRRjb4Z4ivLwSE1xpV%2FQWa%2BOFUCeZMZWx6nJUVU7GXoW3swUQgs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87c897d948031c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| f4aba89c.e1ec315c2713e1dc37b7b50a.workers.dev/?qrc=tiziano.ceccarani@mundys.com | 104.21.30.74 | 200 OK | 1.2 kB |
URL User Request POST HTTP/3f4aba89c.e1ec315c2713e1dc37b7b50a.workers.dev/?qrc=tiziano.ceccarani@mundys.com IP104.21.30.74:443
CertificateIssuerGoogle Trust Services LLC Subjecte1ec315c2713e1dc37b7b50a.workers.dev FingerprintE9:97:E1:60:02:E7:45:84:D1:5F:62:DB:9E:9E:19:53:DF:71:12:04 ValidityTue, 30 Apr 2024 06:37:57 GMT - Mon, 29 Jul 2024 06:37:56 GMT
File typeHTML document, ASCII text, with very long lines (1204), with no line terminators Hash23a9a7d89759add73d80fc78e942ed8c c7b06bb70689b8e1d3c7cc2996aba24384b2f601 30b8b036b9b1fd7ae71760d0e45c59bdf0c33f267527e14f5da46b3c34886535
POST /?qrc=tiziano.ceccarani@mundys.com HTTP/1.1
Host: f4aba89c.e1ec315c2713e1dc37b7b50a.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 582
Origin: https://f4aba89c.e1ec315c2713e1dc37b7b50a.workers.dev
DNT: 1
Connection: keep-alive
Referer: https://f4aba89c.e1ec315c2713e1dc37b7b50a.workers.dev/?qrc=tiziano.ceccarani@mundys.com
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 30 Apr 2024 15:33:57 GMT
content-type: text/html;
status: 200
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NJJZhgYx6ZvKwXuEvhcDXdv2RD1K2%2F9DjAfZu85bUXkMBy4pdR2MSHXGTrRqsFUJoWcVAwrU50HdjrEeVtbJxJTB10vnDdE%2FXGbo3W2Ed46xav4%2B5YTS3cYmBnkMRUu9Fa2mS5%2FuRkxgQAcikK0rHnjdwXnr7M5w4ib7bG4xr28%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87c897d55c761c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| betarlaudimbinc.com/?qrc=tiziano.ceccarani%40mundys.com | 51.89.72.178 | 302 Moved Temporarily | 39 kB |
URL GET HTTP/1.1betarlaudimbinc.com/?qrc=tiziano.ceccarani%40mundys.com IP51.89.72.178:443
Requested byhttps://f4aba89c.e1ec315c2713e1dc37b7b50a.workers.dev/?qrc=tiziano.ceccarani@mundys.com CertificateIssuerLet's Encrypt Subjectbetarlaudimbinc.com Fingerprint71:C4:90:DB:66:67:1F:BD:E0:DD:8C:19:9C:6A:60:18:FA:FB:AF:77 ValidityTue, 30 Apr 2024 06:19:04 GMT - Mon, 29 Jul 2024 06:19:03 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /?qrc=tiziano.ceccarani%40mundys.com HTTP/1.1
Host: betarlaudimbinc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://f4aba89c.e1ec315c2713e1dc37b7b50a.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=8FqdEArM7svM; qPdM.sig=waQsngsiy9bN2-Pw1-MjWavlIa8
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache
Pragma: no-cache
Location: https://betarlaudimbinc.com/owa/?login_hint=tiziano.ceccarani%40mundys.com
Server: Microsoft-IIS/10.0
request-id: 643fcf74-9bd4-f991-8ce5-d70f686ffc7e
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-FEServer: PAZP264CA0047, PAZP264CA0047
X-RequestId: 2c51ca02-2ddf-41b4-8644-cf2ef3dcbc6c
X-FEProxyInfo: PAZP264CA0047.FRAP264.PROD.OUTLOOK.COM
X-FEEFZInfo: ORY
MS-CV: dM8/ZNSbkfmM5dcPaG/8fg.0
X-Powered-By: ASP.NET
Date: Tue, 30 Apr 2024 15:33:57 GMT
Connection: close
Content-Length: 0
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|
| betarlaudimbinc.com/aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js | 0.0.0.0 | | 0 B |
URL GET betarlaudimbinc.com/aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js IP0.0.0.0:0
Requested byhttps://betarlaudimbinc.com/?fwu0iwdwi=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10aXppYW5vLmNlY2NhcmFuaSU0MG11bmR5cy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9NTAyMWE0OWYtNTMwMC00NWIzLTU3OTctNmZlYWFmMDZiNzczJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUwMDg4MDM4MTE1OTQzOC4zMzc1ODc1MC05MGI3LTQyMDUtOGJmZS1jZDk0OGI3NTg1MWQmc3RhdGU9RFl2TERzSWdFQURCZm90SFlCRldsa1BqcHhnZVZUZXhrTlFhbzE4dmg1bkxaS1FRWWhvY0JoS0dSRGc3UWdBaWNHUXRSdTlJT3hlUUFvS0trSVB5SjBCRi1iYW9VcU9uUEJyYUtzZHJUUDhrYzNuMk83ZnJnOXMtN196ajFMb3VTeWxwUzQyUEh0WjNxOS1YTG4zOUF3 CertificateIssuerLet's Encrypt Subjectbetarlaudimbinc.com Fingerprint71:C4:90:DB:66:67:1F:BD:E0:DD:8C:19:9C:6A:60:18:FA:FB:AF:77 ValidityTue, 30 Apr 2024 06:19:04 GMT - Mon, 29 Jul 2024 06:19:03 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js HTTP/1.1
Host: betarlaudimbinc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://betarlaudimbinc.com/?fwu0iwdwi=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10aXppYW5vLmNlY2NhcmFuaSU0MG11bmR5cy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9NTAyMWE0OWYtNTMwMC00NWIzLTU3OTctNmZlYWFmMDZiNzczJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUwMDg4MDM4MTE1OTQzOC4zMzc1ODc1MC05MGI3LTQyMDUtOGJmZS1jZDk0OGI3NTg1MWQmc3RhdGU9RFl2TERzSWdFQURCZm90SFlCRldsa1BqcHhnZVZUZXhrTlFhbzE4dmg1bkxaS1FRWWhvY0JoS0dSRGc3UWdBaWNHUXRSdTlJT3hlUUFvS0trSVB5SjBCRi1iYW9VcU9uUEJyYUtzZHJUUDhrYzNuMk83ZnJnOXMtN196ajFMb3VTeWxwUzQyUEh0WjNxOS1YTG4zOUF3
DNT: 1
Connection: keep-alive
Cookie: qPdM=8FqdEArM7svM; qPdM.sig=waQsngsiy9bN2-Pw1-MjWavlIa8; ClientId=D3BE02C74A41455D95A3F9B6FC860DAA; OIDC=1; OpenIdConnect.nonce.v3.poKXyAMnDlfTH5eMXGHVOqFvsyn2khCC_G4TXFu2bQI=638500880381159438.33758750-90b7-4205-8bfe-cd948b75851d; X-OWA-RedirectHistory=ArLym14BDqjk8ypp3Ag; buid=0.AYIAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8VSY7PVuSIjYAz6fHzO5r1hAcs8WOrat6BMDwQSjSYyhBdTMYqXiHf23y2HR55tQIRAeWMjy0engfUv5dak2n6jaBmAcCQnTdy2YcLJmtbhUgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8h9XcH6yYYzollWaHsaFCW7AgbBj1Ry88lebMZbk6lduuNBcLQPHD_Q2poVfCKgSSsUR_NmN5_ni0gS549qARdzJkbnN097SseVUCtee54sz5Q8Vvpr9spbZLHkA91nJgzIe7akBYR0SCdrFe4EmlS15cKgXd0BcQRxo9K4DX2icgAA; esctx-YxlhWHckdOk=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8aflXVnPjdBNhHWrqRmTpybgsnUm_-PBhyKSrwuvPg61L6VCLRM_UVugq9XbvIRnXfav7BqZg_E5Cj1wVEDCyWpMRqzGwdYeV6NQY-X9-6o1J5kWTUGPXlp2TKSC934hQ274vVUJIx4T_M_PodMlU8iAA; fpc=AsC_YxzkoE1Mq3XCydU8bmCerOTJAQAAAGUGw90OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; brcap=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
|
|
| betarlaudimbinc.com/?fwu0iwdwi=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10aXppYW5vLmNlY2NhcmFuaSU0MG11bmR5cy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9NTAyMWE0OWYtNTMwMC00NWIzLTU3OTctNmZlYWFmMDZiNzczJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUwMDg4MDM4MTE1OTQzOC4zMzc1ODc1MC05MGI3LTQyMDUtOGJmZS1jZDk0OGI3NTg1MWQmc3RhdGU9RFl2TERzSWdFQURCZm90SFlCRldsa1BqcHhnZVZUZXhrTlFhbzE4dmg1bkxaS1FRWWhvY0JoS0dSRGc3UWdBaWNHUXRSdTlJT3hlUUFvS0trSVB5SjBCRi1iYW9VcU9uUEJyYUtzZHJUUDhrYzNuMk83ZnJnOXMtN196ajFMb3VTeWxwUzQyUEh0WjNxOS1YTG4zOUF3 | 51.89.72.178 | 200 OK | 39 kB |
URL GET HTTP/1.1betarlaudimbinc.com/?fwu0iwdwi=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10aXppYW5vLmNlY2NhcmFuaSU0MG11bmR5cy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9NTAyMWE0OWYtNTMwMC00NWIzLTU3OTctNmZlYWFmMDZiNzczJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUwMDg4MDM4MTE1OTQzOC4zMzc1ODc1MC05MGI3LTQyMDUtOGJmZS1jZDk0OGI3NTg1MWQmc3RhdGU9RFl2TERzSWdFQURCZm90SFlCRldsa1BqcHhnZVZUZXhrTlFhbzE4dmg1bkxaS1FRWWhvY0JoS0dSRGc3UWdBaWNHUXRSdTlJT3hlUUFvS0trSVB5SjBCRi1iYW9VcU9uUEJyYUtzZHJUUDhrYzNuMk83ZnJnOXMtN196ajFMb3VTeWxwUzQyUEh0WjNxOS1YTG4zOUF3 IP51.89.72.178:443
Requested byhttps://f4aba89c.e1ec315c2713e1dc37b7b50a.workers.dev/?qrc=tiziano.ceccarani@mundys.com CertificateIssuerLet's Encrypt Subjectbetarlaudimbinc.com Fingerprint71:C4:90:DB:66:67:1F:BD:E0:DD:8C:19:9C:6A:60:18:FA:FB:AF:77 ValidityTue, 30 Apr 2024 06:19:04 GMT - Mon, 29 Jul 2024 06:19:03 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /?fwu0iwdwi=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10aXppYW5vLmNlY2NhcmFuaSU0MG11bmR5cy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9NTAyMWE0OWYtNTMwMC00NWIzLTU3OTctNmZlYWFmMDZiNzczJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUwMDg4MDM4MTE1OTQzOC4zMzc1ODc1MC05MGI3LTQyMDUtOGJmZS1jZDk0OGI3NTg1MWQmc3RhdGU9RFl2TERzSWdFQURCZm90SFlCRldsa1BqcHhnZVZUZXhrTlFhbzE4dmg1bkxaS1FRWWhvY0JoS0dSRGc3UWdBaWNHUXRSdTlJT3hlUUFvS0trSVB5SjBCRi1iYW9VcU9uUEJyYUtzZHJUUDhrYzNuMk83ZnJnOXMtN196ajFMb3VTeWxwUzQyUEh0WjNxOS1YTG4zOUF3 HTTP/1.1
Host: betarlaudimbinc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://f4aba89c.e1ec315c2713e1dc37b7b50a.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=8FqdEArM7svM; qPdM.sig=waQsngsiy9bN2-Pw1-MjWavlIa8; ClientId=D3BE02C74A41455D95A3F9B6FC860DAA; OIDC=1; OpenIdConnect.nonce.v3.poKXyAMnDlfTH5eMXGHVOqFvsyn2khCC_G4TXFu2bQI=638500880381159438.33758750-90b7-4205-8bfe-cd948b75851d; X-OWA-RedirectHistory=ArLym14BDqjk8ypp3Ag
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Link: <https://aadcdn.msftauth.net>; rel=preconnect; crossorigin,<https://aadcdn.msftauth.net>; rel=dns-prefetch,<https://aadcdn.msauth.net>; rel=dns-prefetch
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 5127898d-84ad-4c02-b46a-73de1be67f00
x-ms-ests-server: 2.1.17910.13 - NEULR1 ProdSlices
x-ms-srs: 1.P
Referrer-Policy: strict-origin-when-cross-origin
Set-Cookie: buid=0.AYIAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8VSY7PVuSIjYAz6fHzO5r1hAcs8WOrat6BMDwQSjSYyhBdTMYqXiHf23y2HR55tQIRAeWMjy0engfUv5dak2n6jaBmAcCQnTdy2YcLJmtbhUgAA; expires=Thu, 30-May-2024 15:33:58 GMT; path=/; secure; HttpOnly; SameSite=None
esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8h9XcH6yYYzollWaHsaFCW7AgbBj1Ry88lebMZbk6lduuNBcLQPHD_Q2poVfCKgSSsUR_NmN5_ni0gS549qARdzJkbnN097SseVUCtee54sz5Q8Vvpr9spbZLHkA91nJgzIe7akBYR0SCdrFe4EmlS15cKgXd0BcQRxo9K4DX2icgAA; domain=betarlaudimbinc.com; path=/; secure; HttpOnly; SameSite=None
esctx-YxlhWHckdOk=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8aflXVnPjdBNhHWrqRmTpybgsnUm_-PBhyKSrwuvPg61L6VCLRM_UVugq9XbvIRnXfav7BqZg_E5Cj1wVEDCyWpMRqzGwdYeV6NQY-X9-6o1J5kWTUGPXlp2TKSC934hQ274vVUJIx4T_M_PodMlU8iAA; domain=betarlaudimbinc.com; path=/; secure; HttpOnly; SameSite=None
fpc=AsC_YxzkoE1Mq3XCydU8bmCerOTJAQAAAGUGw90OAAAA; expires=Thu, 30-May-2024 15:33:58 GMT; path=/; secure; HttpOnly; SameSite=None
x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
stsservicecookie=estsfd; path=/; secure; samesite=none; httponly
Date: Tue, 30 Apr 2024 15:33:57 GMT
Connection: close
content-length: 39317
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|
0.0.0.0