| microsftteams.com/?em=4a836357-e3f3-4825-969f-9ebfa837cd27&id=bbe9668a-0db5-424f-a24f-cadbff6a74f5 | 18.134.38.40 | 200 OK | 78 B |
URL User Request GET HTTP/2microsftteams.com/?em=4a836357-e3f3-4825-969f-9ebfa837cd27&id=bbe9668a-0db5-424f-a24f-cadbff6a74f5 IP18.134.38.40:443
CertificateIssuerAmazon Subjectmicrosftteams.com Fingerprint86:18:67:FC:EE:C7:97:FF:DC:41:32:EA:CF:37:F5:FA:55:03:8B:45 ValiditySun, 24 Sep 2023 00:00:00 GMT - Tue, 22 Oct 2024 23:59:59 GMT
File typeHTML document, ASCII text, with no line terminators Hashffc33652bf5052c444683b2f67093a38 e7ed4889633a42bc2bb3e0e6ff1197a6ddcda5ef 0a93577f7cee0650b28defe2bbd2cb7c6d83420fc78539e4d5c4cce62932176e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?em=4a836357-e3f3-4825-969f-9ebfa837cd27&id=bbe9668a-0db5-424f-a24f-cadbff6a74f5 HTTP/1.1
Host: microsftteams.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 18:49:09 GMT
content-type: text/html; charset=UTF-8
server: nginx
vary: Accept-Encoding
cache-control: no-cache, private
content-language: en_US
set-cookie: phishing_session=eyJpdiI6ImlQQ2s4SVBqa3NaMUgvN2M1NmhOT0E9PSIsInZhbHVlIjoiTzNnNzJvc2ZpTVAwMW9EMlZFa2pndzg0SGw1WWFlTmFMSFVzSllLSkVjQWZSNjVYTWQ5d1hsT2kxYVg2SHg1dHpyK1ExYi9RamxNcFFseVdxQVAyWkJkckthcGR6WVFvMUxQcy8vSm5LeDdMTDlZeEtKNFdFZWZHa05XRUNkcnAiLCJtYWMiOiIwNTYwMThmOTg4NDEyNGE3ZDcyNTI2YjhiMTM4NWE4NzlkODlhMzQwOWFkNWY1M2Y4NmE2M2JjYzdmNTM4NjY0IiwidGFnIjoiIn0%3D; path=/; secure; httponly; samesite=lax
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
content-encoding: gzip
X-Firefox-Spdy: h2
|
| microsftteams.com/favicon.ico | 18.134.38.40 | 200 OK | 78 B |
URL GET HTTP/2microsftteams.com/favicon.ico IP18.134.38.40:443
Requested byhttps://microsftteams.com/?em=4a836357-e3f3-4825-969f-9ebfa837cd27&id=bbe9668a-0db5-424f-a24f-cadbff6a74f5 CertificateIssuerAmazon Subjectmicrosftteams.com Fingerprint86:18:67:FC:EE:C7:97:FF:DC:41:32:EA:CF:37:F5:FA:55:03:8B:45 ValiditySun, 24 Sep 2023 00:00:00 GMT - Tue, 22 Oct 2024 23:59:59 GMT
File typeHTML document, ASCII text, with no line terminators Hashffc33652bf5052c444683b2f67093a38 e7ed4889633a42bc2bb3e0e6ff1197a6ddcda5ef 0a93577f7cee0650b28defe2bbd2cb7c6d83420fc78539e4d5c4cce62932176e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: microsftteams.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://microsftteams.com/?em=4a836357-e3f3-4825-969f-9ebfa837cd27&id=bbe9668a-0db5-424f-a24f-cadbff6a74f5
Cookie: phishing_session=eyJpdiI6ImlQQ2s4SVBqa3NaMUgvN2M1NmhOT0E9PSIsInZhbHVlIjoiTzNnNzJvc2ZpTVAwMW9EMlZFa2pndzg0SGw1WWFlTmFMSFVzSllLSkVjQWZSNjVYTWQ5d1hsT2kxYVg2SHg1dHpyK1ExYi9RamxNcFFseVdxQVAyWkJkckthcGR6WVFvMUxQcy8vSm5LeDdMTDlZeEtKNFdFZWZHa05XRUNkcnAiLCJtYWMiOiIwNTYwMThmOTg4NDEyNGE3ZDcyNTI2YjhiMTM4NWE4NzlkODlhMzQwOWFkNWY1M2Y4NmE2M2JjYzdmNTM4NjY0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 18:49:09 GMT
content-type: text/html; charset=UTF-8
server: nginx
vary: Accept-Encoding
cache-control: no-cache, private
content-language: en_US
set-cookie: phishing_session=eyJpdiI6IkF0ZUFoRVBZQWtLdHROMTYvK0hLSXc9PSIsInZhbHVlIjoia1lWaWZvcXlvLzdERUIweFJISUNuSlEyOTROc0pKTDdHYzVZNFh3WDNFdVdnTnp4bkJ5V29KUzZqSDIzeHpkOWZ3RUYvbGRxOHdxcWprLzRjS0IxQXNtYnhwY1Urc0dVa29DUlU2WXRwL00rbEQ4MkI3TGRTanJKVU1IYXdkUGYiLCJtYWMiOiJmMDEyZDVlZDYzZTgwYWMxYWVlZjBmZDNmZGNiMmFkNjUwZDhkZTAyNmY1ZjkyMDM1MGYzMzlhOTM1MzkyNDU5IiwidGFnIjoiIn0%3D; path=/; secure; httponly; samesite=lax
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
content-encoding: gzip
X-Firefox-Spdy: h2
|