Report - rhubarb-crisp-74846-78272222a897.herokuapp.com/

Report Overview

Submitted URL
rhubarb-crisp-74846-78272222a897.herokuapp.com/
IP
18.208.60.216
ASN
#14618 AMAZON-AES
Submitted
2024-04-16 06:59:12
Access
public
Website Title
Sign in to your Microsoft account
Final URL
rhubarb-crisp-74846-78272222a897.herokuapp.com/
Tags
microsoft phishing
urlquery detections
Phishing - Microsoft

Detections

urlquery
2
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
logincdn.msauth.net	2330	2018-10-25	2019-04-23	2024-04-15	2.1 kB	42 kB	13.107.213.53
rhubarb-crisp-74846-78272222a897.herokuapp.com	unknown	2010-09-19	2024-04-15	2024-04-16	501 B	52 kB	54.165.58.209

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-15	medium	rhubarb-crisp-74846-78272222a897.herokuapp.com/	Outlook

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (2)

	URL	Size	First Seen	Last Seen
	unknown	23 B	2023-04-10	2024-04-29
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-10 20:39:00 Last Seen2024-04-29 19:37:07 Times Seen1422 Hash a34459a777b4853cc0b6b99c1b519ed8 a114e3509ea887cb8b532a7da24f3dc5de66d219 096e484edb287943f6455826128e4cc9721e410f75f521ad6fc886dba56d1963 Loading...

	rhubarb-crisp-74846-78272222a897.herokuapp.com/	75 B	2024-04-16	2024-04-16
Pretty URL rhubarb-crisp-74846-78272222a897.herokuapp.com/ IP 54.165.58.209 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-16 08:59:13 Last Seen2024-04-16 08:59:13 Times Seen1 Hash 790376cdb3150ea6dc173007e9d8b398 abe66f577f85710c43fd79f788b4801ab0680234 1a682c2d4fc2e8734840acfc4cb12e3f650a06755b1832136184de30a44b9b75 Loading...

HTTP Transactions (5)

URL IP Response Size

rhubarb-crisp-74846-78272222a897.herokuapp.com/

54.165.58.209

200 OK

50 kB

URL User Request GET HTTP/1.1
rhubarb-crisp-74846-78272222a897.herokuapp.com/
IP
54.165.58.209:443
ASN
#14618 AMAZON-AES

Certificate
IssuerAmazon
Subject*.herokuapp.com
Fingerprint77:46:4D:BD:4B:2B:CC:64:39:0B:3B:28:A2:A0:DA:15:80:5B:C4:95
ValiditySat, 02 Mar 2024 00:00:00 GMT - Mon, 31 Mar 2025 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (509)
Size
50 kB (50456 bytes)
Hash
552035d3e95ad9e1dd9fd41660e1d880
cd321360e38f03354683f27947d59777f761a037
0160e0f2febeeb983b298d71eaf7c0d4047ab7fba3f93222ad46bd6e358c5816

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
OpenPhish	phishing	Outlook

HTTP Headers

GET / HTTP/1.1
Host: rhubarb-crisp-74846-78272222a897.herokuapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Report-To: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1713250727&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=g2OAuFdp8pJdQUqxYD2vlBZ2rmCG5OBDQMkeiCcOj5c%3D"}]}
Reporting-Endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1713250727&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=g2OAuFdp8pJdQUqxYD2vlBZ2rmCG5OBDQMkeiCcOj5c%3D
Nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Connection: keep-alive
Date: Tue, 16 Apr 2024 06:58:47 GMT
Server: Apache
Cache-Control: no-cache, private
Set-Cookie: XSRF-TOKEN=eyJpdiI6Im9hWUZhYU91VlhaU2tvd3hiVEVrbEE9PSIsInZhbHVlIjoiYXlYTkNLZXpQWmNuNW1yeGFvRFlLL1lEbCtCdnlQbThWQlJKZk8xbGNmZEZZb2xRbFR4ZXJjSjhrUi9veFZWYW9nbDVSVjJLUVA5dXNMVnNIQlREcmJUNHRtbzFYQ3EydTlVSE9EWDVxTGpCVi90V1YvSndvNS9IYTAwK1F2NDUiLCJtYWMiOiJkNTU3YTA3YTNmYjNmMGE1MWJmNzZhMGI4NWM1MDRiNDJkYWY0ZGNiNDUzZDY3MWRiZGNlODQzNTQ0OTZhZmM1IiwidGFnIjoiIn0%3D; expires=Tue, 16 Apr 2024 08:58:47 GMT; Max-Age=7200; path=/; samesite=lax
microsoft_session=eyJpdiI6IlhjbzAyMTlaMG5DZDVGVUUzOXVEOWc9PSIsInZhbHVlIjoiMnN6aXNsTG5yQnh2MkJ5MUJmMmErdS9xaE5qS004aVNxZW9yaVM1WVV4SmlsaXNTaHFVeUFVRkxMWlRBMlBZVWhQcllIMmRJRStuV1p4QjFLVU9FOStXcDNHNkxNSzZwMEFxdDVud2lVcnF3MmZHTVdiTWIxdi80NUVFTTlpQnoiLCJtYWMiOiIxYTBhYjE2ZDdkOGMyYjlhYjVmMmY5MjRmMmQxNDI4MGZjYWU4YjY0YTU3NTViY2QxYTVlYTBkYzg5NmY5NmVmIiwidGFnIjoiIn0%3D; expires=Tue, 16 Apr 2024 08:58:47 GMT; Max-Age=7200; path=/; httponly; samesite=lax
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Via: 1.1 vegur

logincdn.msauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg

13.107.213.53

200 OK

1.4 kB

URL GET HTTP/2
logincdn.msauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
IP
13.107.213.53:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://rhubarb-crisp-74846-78272222a897.herokuapp.com/
Certificate
IssuerMicrosoft Corporation
Subjectidentitycdn.msauth.net
Fingerprint15:1B:3E:26:F4:4A:EE:1C:C2:40:74:BB:BD:AE:20:E4:35:B0:40:40
ValidityWed, 17 Jan 2024 06:03:21 GMT - Sat, 11 Jan 2025 06:03:21 GMT

File type
SVG Scalable Vector Graphics image
Size
1.4 kB (1435 bytes)
Hash
ee5c8d9fb6248c938fd0dc19370e90bd
d01a22720918b781338b5bbf9202b241a5f99ee4
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

HTTP Headers

GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1
Host: logincdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rhubarb-crisp-74846-78272222a897.herokuapp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 16 Apr 2024 06:58:47 GMT
content-type: image/svg+xml
content-length: 1435
cache-control: public, max-age=31536000
content-encoding: gzip
last-modified: Wed, 22 Jan 2020 00:38:07 GMT
etag: 0x8D79ED359808AB6
x-ms-request-id: cf6dd14c-701e-0045-322a-8eb185000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20240416T065847Z-16c87f56bf7n8ktrg1rd4pyxn000000007k000000000298g
x-fd-int-roxy-purgeid: 67912908
x-cache: TCP_HIT
x-cache-info: L1_T2
accept-ranges: bytes
X-Firefox-Spdy: h2

logincdn.msauth.net/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg

13.107.213.53

200 OK

621 B

URL GET HTTP/2
logincdn.msauth.net/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg
IP
13.107.213.53:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://rhubarb-crisp-74846-78272222a897.herokuapp.com/
Certificate
IssuerMicrosoft Corporation
Subjectidentitycdn.msauth.net
Fingerprint15:1B:3E:26:F4:4A:EE:1C:C2:40:74:BB:BD:AE:20:E4:35:B0:40:40
ValidityWed, 17 Jan 2024 06:03:21 GMT - Sat, 11 Jan 2025 06:03:21 GMT

File type
SVG Scalable Vector Graphics image
Size
621 B (621 bytes)
Hash
4e48046ce74f4b89d45037c90576bfac
4a41b3b51ed787f7b33294202da72220c7cd2c32
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93

HTTP Headers

GET /shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1
Host: logincdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rhubarb-crisp-74846-78272222a897.herokuapp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 16 Apr 2024 06:58:48 GMT
content-type: image/svg+xml
content-length: 621
cache-control: public, max-age=31536000
content-encoding: gzip
last-modified: Tue, 10 Nov 2020 03:41:24 GMT
etag: 0x8D8852A7F48993A
x-ms-request-id: e076cb34-101e-003b-0fcb-8fe198000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20240416T065847Z-16c87f56bf7n8ktrg1rd4pyxn000000007k000000000298f
x-fd-int-roxy-purgeid: 67912908
x-cache: TCP_MISS
accept-ranges: bytes
X-Firefox-Spdy: h2

logincdn.msauth.net/16.000/Converged_v21033_rgar1csHGvkg9KmRssrhFQ2.css

13.107.213.53

200 OK

20 kB

URL GET HTTP/2
logincdn.msauth.net/16.000/Converged_v21033_rgar1csHGvkg9KmRssrhFQ2.css
IP
13.107.213.53:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://rhubarb-crisp-74846-78272222a897.herokuapp.com/
Certificate
IssuerMicrosoft Corporation
Subjectidentitycdn.msauth.net
Fingerprint15:1B:3E:26:F4:4A:EE:1C:C2:40:74:BB:BD:AE:20:E4:35:B0:40:40
ValidityWed, 17 Jan 2024 06:03:21 GMT - Sat, 11 Jan 2025 06:03:21 GMT

File type
ASCII text, with very long lines (61112)
Size
20 kB (20144 bytes)
Hash
ae06abd5cb071af920f4a991b2cae115
1067cf9202fc9084caf036923600b6cc511df061
c349d716f6d8401c8befe008df511ed44505d081124effcb9637212a488f564c

HTTP Headers

GET /16.000/Converged_v21033_rgar1csHGvkg9KmRssrhFQ2.css HTTP/1.1
Host: logincdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rhubarb-crisp-74846-78272222a897.herokuapp.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 16 Apr 2024 06:58:48 GMT
content-type: text/css
content-length: 20144
cache-control: public, max-age=31536000
content-encoding: gzip
last-modified: Sat, 10 Dec 2022 06:19:22 GMT
etag: 0x8DADA767ACC3F55
x-ms-request-id: 7a2707a1-001e-0066-29cb-8f5db0000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20240416T065847Z-16c87f56bf7n8ktrg1rd4pyxn000000007k000000000298h
x-fd-int-roxy-purgeid: 67912908
x-cache: TCP_MISS
accept-ranges: bytes
X-Firefox-Spdy: h2

logincdn.msauth.net/16.000.29717.1/images/favicon.ico

13.107.213.53

200 OK

17 kB

URL GET HTTP/2
logincdn.msauth.net/16.000.29717.1/images/favicon.ico
IP
13.107.213.53:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://rhubarb-crisp-74846-78272222a897.herokuapp.com/
Certificate
IssuerMicrosoft Corporation
Subjectidentitycdn.msauth.net
Fingerprint15:1B:3E:26:F4:4A:EE:1C:C2:40:74:BB:BD:AE:20:E4:35:B0:40:40
ValidityWed, 17 Jan 2024 06:03:21 GMT - Sat, 11 Jan 2025 06:03:21 GMT

File type
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Size
17 kB (17174 bytes)
Hash
12e3dac858061d088023b2bd48e2fa96
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

HTTP Headers

GET /16.000.29717.1/images/favicon.ico HTTP/1.1
Host: logincdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rhubarb-crisp-74846-78272222a897.herokuapp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 16 Apr 2024 06:58:49 GMT
content-type: image/x-icon
content-length: 17174
cache-control: public, max-age=31536000
last-modified: Sat, 04 Feb 2023 02:06:57 GMT
etag: 0x8DB06547ED31006
x-ms-request-id: 3cfc0f80-201e-0030-13cb-8fc48f000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20240416T065848Z-16c87f56bf7n8ktrg1rd4pyxn000000007k000000000299h
x-fd-int-roxy-purgeid: 67912908
x-cache: TCP_MISS
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (5)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type