Report - itsupport.corpoutlook.com/6fa00df485e27c34?l=7

Report Overview

Submitted URL
itsupport.corpoutlook.com/6fa00df485e27c34?l=7
IP
44.213.150.88
ASN
#14618 AMAZON-AES
Submitted
2024-04-24 23:48:51
Access
public
Website Title
Outlook Web App
Final URL
itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Tags
microsoft phishing
urlquery detections
Phishing - Microsoft

Detections

urlquery
30
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
	unknown				577 B	0 B	0.0.0.0
itsupport.corpoutlook.com	unknown	unknown	No data	No data	18 kB	175 kB	3.218.83.106
tslp.s3.amazonaws.com	209358	2005-08-18	2013-09-16	2024-03-26	3.4 kB	173 kB	3.5.30.139

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (7)

	URL	Size	First Seen	Last Seen
	unknown	46 B	2023-04-11	2024-05-04
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 22:36:29 Last Seen2024-05-04 12:52:34 Times Seen5954 Hash 5c399557f73fcf0024f42259cf94ee17 d2f46cbd088e9b289e63cc23e2377462c6459e3f 254e737260e5ff4f6043abc4ab52ee1f9ea6e9eab066b5c7ac1665c4cf75692b Loading...

	itsupport.corpoutlook.com/6fa00df485e27c34?l=7	0 B	2023-03-07	2024-05-04
Pretty URL itsupport.corpoutlook.com/6fa00df485e27c34?l=7 IP 3.218.83.106 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-04 17:59:48 Times Seen37340757 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	itsupport.corpoutlook.com/6fa00df485e27c34?l=7	0 B	2023-03-07	2024-05-04
Pretty URL itsupport.corpoutlook.com/6fa00df485e27c34?l=7 IP 3.218.83.106 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-04 17:59:48 Times Seen37340757 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	itsupport.corpoutlook.com/6fa00df485e27c34?l=7	0 B	2023-03-07	2024-05-04
Pretty URL itsupport.corpoutlook.com/6fa00df485e27c34?l=7 IP 3.218.83.106 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-04 17:59:48 Times Seen37340757 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	itsupport.corpoutlook.com/assets/ajax/libs/jquery/1.9.1/jquery.min.js	93 kB	2023-03-07	2024-05-04
Pretty URL itsupport.corpoutlook.com/assets/ajax/libs/jquery/1.9.1/jquery.min.js IP 3.218.83.106 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:08 Last Seen2024-05-04 17:42:36 Times Seen23769 Hash 397754ba49e9e0cf4e7c190da78dda05 ae49e56999d82802727455f0ba83b63acd90a22b c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4 Loading...

	itsupport.corpoutlook.com/assets/all.js?g=a00df5e27c	28 kB	2023-03-07	2024-05-03
Pretty URL itsupport.corpoutlook.com/assets/all.js?g=a00df5e27c IP 3.218.83.106 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 22:34:53 Last Seen2024-05-03 17:53:46 Times Seen531 Hash 097f74fc8f861ece148262a652ab806a 305ecb552c3ff6bd24b56333fab6e731eb81ed30 39b4614f1c87cf0cfd1bc3375642e95825cb2018e0318a36aad766ddb5a8cbe9 Loading...

	tslp.s3.amazonaws.com/detect/plugin_detect.js?guid=a00df5e27c&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830	50 kB	2023-03-07	2024-04-29
Pretty URL tslp.s3.amazonaws.com/detect/plugin_detect.js?guid=a00df5e27c&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 IP 3.5.30.139 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 22:34:53 Last Seen2024-04-29 03:45:02 Times Seen297 Hash 00a513f07603df01e3b99be00f370754 f0c03b1c50f39c95075df687cd55f18861631526 4bab432979d731f8264bcd9d40422ca7dfcfcb0e0e703288db78bbfa555f853a Loading...

HTTP Transactions (37)

URL IP Response Size

itsupport.corpoutlook.com/assets/all.js?g=a00df5e27c

3.218.83.106

200 OK

7.2 kB

URL GET HTTP/2
itsupport.corpoutlook.com/assets/all.js?g=a00df5e27c
IP
3.218.83.106:443
ASN
#14618 AMAZON-AES

Requested by
https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate
IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
7.2 kB (7191 bytes)
Hash
097f74fc8f861ece148262a652ab806a
305ecb552c3ff6bd24b56333fab6e731eb81ed30
39b4614f1c87cf0cfd1bc3375642e95825cb2018e0318a36aad766ddb5a8cbe9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /assets/all.js?g=a00df5e27c HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:26 GMT
content-type: application/javascript
content-length: 7191
last-modified: Thu, 11 Apr 2024 13:01:26 GMT
vary: Accept-Encoding
content-encoding: gzip
server: ThreatSim-Web-Server
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
X-Firefox-Spdy: h2

tslp.s3.amazonaws.com/assets/owa15/2175ac7081e0d4c266371d5ee316ddd2.css

3.5.30.139

200 OK

11 kB

URL GET HTTP/1.1
tslp.s3.amazonaws.com/assets/owa15/2175ac7081e0d4c266371d5ee316ddd2.css
IP
3.5.30.139:443
ASN
#14618 AMAZON-AES

Requested by
https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
FingerprintDC:41:A6:3E:EE:32:6F:36:76:5A:EF:9D:17:AF:14:13:E3:05:C6:D1
ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 03 Jul 2024 23:59:59 GMT

File type
ASCII text, with CRLF line terminators
Size
11 kB (10778 bytes)
Hash
b11023ad332a487aeb9d9f3b19588e0c
a5a2ba9b265de6091491bb52ece41d8bdbdaec7f
7e18e25ab4abaa0bce6977a2eb3a4e56d752eb550a35cda9ccbb431f8cfa42fc

HTTP Headers

GET /assets/owa15/2175ac7081e0d4c266371d5ee316ddd2.css HTTP/1.1
Host: tslp.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: tbG4Oh7c8VFs4Q8v5qsPWfXeCHNgfHWjjZ88rQMiW6JZdxUop2BQo8QUP/Zfnh27HTFUApHd9c6rLdmpKm05bEMqU0sJV/xF
x-amz-request-id: 2GCXFDZVMRGQ0ZKB
Date: Wed, 24 Apr 2024 23:48:27 GMT
Last-Modified: Thu, 21 Aug 2014 16:48:47 GMT
ETag: "b11023ad332a487aeb9d9f3b19588e0c"
x-amz-version-id: null
Accept-Ranges: bytes
Content-Type: text/css
Server: AmazonS3
Content-Length: 10778

tslp.s3.amazonaws.com/detect/plugin_detect.js?guid=a00df5e27c&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830

3.5.30.139

200 OK

50 kB

URL GET HTTP/1.1
tslp.s3.amazonaws.com/detect/plugin_detect.js?guid=a00df5e27c&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP
3.5.30.139:443
ASN
#14618 AMAZON-AES

Requested by
https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
FingerprintDC:41:A6:3E:EE:32:6F:36:76:5A:EF:9D:17:AF:14:13:E3:05:C6:D1
ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 03 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (306)
Size
50 kB (50085 bytes)
Hash
00a513f07603df01e3b99be00f370754
f0c03b1c50f39c95075df687cd55f18861631526
4bab432979d731f8264bcd9d40422ca7dfcfcb0e0e703288db78bbfa555f853a

HTTP Headers

GET /detect/plugin_detect.js?guid=a00df5e27c&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: tslp.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: 9kEItnq2nW+6Qn4Qx8KsYGuYOue+7Pq7G6xSIelYyIDR6/L9L7PHMp9ZyDd1ul3fXsW7id5tBAiihd8ANlXxRamQpw8L7T/S
x-amz-request-id: 2GCY84K5AY0HCFKT
Date: Wed, 24 Apr 2024 23:48:27 GMT
Last-Modified: Wed, 15 Feb 2017 17:56:07 GMT
ETag: "00a513f07603df01e3b99be00f370754"
x-amz-version-id: null
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Content-Length: 50085

tslp.s3.amazonaws.com/assets/owa15/Sign_in_arrow.png

3.5.30.139

200 OK

1.4 kB

URL GET HTTP/1.1
tslp.s3.amazonaws.com/assets/owa15/Sign_in_arrow.png
IP
3.5.30.139:443
ASN
#14618 AMAZON-AES

Requested by
https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
FingerprintDC:41:A6:3E:EE:32:6F:36:76:5A:EF:9D:17:AF:14:13:E3:05:C6:D1
ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 03 Jul 2024 23:59:59 GMT

File type
PNG image data, 22 x 22, 8-bit/color RGBA, non-interlaced
Size
1.4 kB (1441 bytes)
Hash
2fc55ac36211fb6b5a051281cc4898ad
5e2b2882d0bdbe593429a43de72ee3c3652e62ce
07f38b8b8c1f96ed85ecd96988f0454a95d1f665427086a507c72e55ff3ce0e7

HTTP Headers

GET /assets/owa15/Sign_in_arrow.png HTTP/1.1
Host: tslp.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: 4UMYlzuvu9/ly2dS1y83tU7NpWpabZ7Ws+UL0zETI2HATX8Yx7YjRO7ClxyiDi6VIhgjHrnssf4ODVCd9caBvH2MJPxOR1lt
x-amz-request-id: 2GCKYN7K6MDJT643
Date: Wed, 24 Apr 2024 23:48:27 GMT
Last-Modified: Thu, 21 Aug 2014 17:00:22 GMT
ETag: "2fc55ac36211fb6b5a051281cc4898ad"
x-amz-version-id: null
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 1441

tslp.s3.amazonaws.com/assets/owa15/a2670edfb568be55565d23de965f03aa.png

3.5.30.139

200 OK

1.4 kB

URL GET HTTP/1.1
tslp.s3.amazonaws.com/assets/owa15/a2670edfb568be55565d23de965f03aa.png
IP
3.5.30.139:443
ASN
#14618 AMAZON-AES

Requested by
https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
FingerprintDC:41:A6:3E:EE:32:6F:36:76:5A:EF:9D:17:AF:14:13:E3:05:C6:D1
ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 03 Jul 2024 23:59:59 GMT

File type
PNG image data, 10 x 879, 8-bit/color RGBA, non-interlaced
Size
1.4 kB (1434 bytes)
Hash
700528c06d9ba83eebb320059f27443f
9c770679e153e060c880c26a7b4e833ed1502aa3
6710ee6e22d5e3e82f70554804806c37aac5789b110d944383ea393d93eb627a

HTTP Headers

GET /assets/owa15/a2670edfb568be55565d23de965f03aa.png HTTP/1.1
Host: tslp.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: uS3LvJ1VtcrjF8KDNteM0W5xyLH5n5dEFD5FVJ7VctvsLGWd/VZX5f7CXJ1BhcW0422ZoaG4sMR7N1/i5ZVxe0KAPTAMhV9h
x-amz-request-id: 2GCXW6Y53HCH5H6Y
Date: Wed, 24 Apr 2024 23:48:27 GMT
Last-Modified: Thu, 21 Aug 2014 16:45:43 GMT
ETag: "700528c06d9ba83eebb320059f27443f"
x-amz-version-id: null
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 1434

itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=redirect_url%20is%20undefined&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830

3.218.83.106

200 OK

523 B

URL GET HTTP/2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=redirect_url%20is%20undefined&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP
3.218.83.106:443
ASN
#14618 AMAZON-AES

Requested by
https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate
IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT

File type
gzip compressed data, max compression, from Unix
Size
523 B (523 bytes)
Hash
0dfbcd66e1ab47e1802db10f3a0ed7f8
1f7a3bfa3c0c5fa1490cb078df52b94c297468a7
3566838f31798c3649c7441430e9be98625fdcfadda310a5070d072b31d4be41

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /trace?id=a00df5e27c&msg=redirect_url%20is%20undefined&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:27 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: 59526ed7-eeb1-4b71-9220-bce06a18a081
x-runtime: 0.001163
x-host-info: lw-prod-us-i-0249dd4db3d5bbac8, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=Skipping%20quicktime%20detection&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830

3.218.83.106

200 OK

523 B

URL GET HTTP/2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=Skipping%20quicktime%20detection&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP
3.218.83.106:443
ASN
#14618 AMAZON-AES

Requested by
https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate
IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT

File type
gzip compressed data, max compression, from Unix
Size
523 B (523 bytes)
Hash
0dfbcd66e1ab47e1802db10f3a0ed7f8
1f7a3bfa3c0c5fa1490cb078df52b94c297468a7
3566838f31798c3649c7441430e9be98625fdcfadda310a5070d072b31d4be41

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /trace?id=a00df5e27c&msg=Skipping%20quicktime%20detection&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:27 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: ac8f42bd-5940-4365-9044-795e9cde4368
x-runtime: 0.002221
x-host-info: lw-prod-us-i-04e567bbd45ed26b3, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=Skipping%20Silverlight%20detection&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830

3.218.83.106

200 OK

9.5 kB

URL GET HTTP/2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=Skipping%20Silverlight%20detection&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP
3.218.83.106:443
ASN
#14618 AMAZON-AES

Requested by
https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate
IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT

File type
gzip compressed data, max compression, from Unix
Size
9.5 kB (9470 bytes)
Hash
0d8b23979fe48afc2efabbd84701efe6
d998f0e45f1544a72c19292250c637954b2422bb
308dbfa0247e88dc90ee48ffbeb0aeab7a4d63e61146391fa7dc0fb52721c527

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /trace?id=a00df5e27c&msg=Skipping%20Silverlight%20detection&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:27 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: ea9d552b-25a9-4284-8162-accb01778381
x-runtime: 0.001361
x-host-info: lw-prod-us-i-09ea3b3608d2092f7, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=Skipping%20pdf%20detection&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830

3.218.83.106

200 OK

6.1 kB

URL GET HTTP/2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=Skipping%20pdf%20detection&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP
3.218.83.106:443
ASN
#14618 AMAZON-AES

Requested by
https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate
IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT

File type
gzip compressed data, max compression, from Unix
Size
6.1 kB (6123 bytes)
Hash
e56ae7edbeaefc6002656a54c62e4dcb
858275e2e5d70fe79aa984a6a7ef02b7d0200a1c
b9cc3e73d41b575e86b439a21997633acb6c1c269e413cc0d6421f3da9ca6c9c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /trace?id=a00df5e27c&msg=Skipping%20pdf%20detection&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:27 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: e4326a50-13e1-4883-a0f7-5471d6fbadcf
x-runtime: 0.001868
x-host-info: lw-prod-us-i-0249dd4db3d5bbac8, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=Skipping%20WindowsMediaPlayer%20detection&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830

3.218.83.106

200 OK

7.4 kB

URL GET HTTP/2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=Skipping%20WindowsMediaPlayer%20detection&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP
3.218.83.106:443
ASN
#14618 AMAZON-AES

Requested by
https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate
IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT

File type
gzip compressed data, max compression, from Unix
Size
7.4 kB (7430 bytes)
Hash
1bbe9ccfc43008b13378afd7a5b03b7a
8febda10f2e792e4ccb8d97865c612d40e02238d
d840120122c75709d601d3ef610023685139e5b0999cdda28643613c117ed505

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /trace?id=a00df5e27c&msg=Skipping%20WindowsMediaPlayer%20detection&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:27 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: 0c0c7fed-88c9-45b8-a451-832d732c38ed
x-runtime: 0.002276
x-host-info: lw-prod-us-i-0c1d85d7ca1fd3a79, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=Skipping%20flash%20detection&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830

3.218.83.106

200 OK

11 kB

URL GET HTTP/2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=Skipping%20flash%20detection&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP
3.218.83.106:443
ASN
#14618 AMAZON-AES

Requested by
https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate
IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT

File type
gzip compressed data, max compression, from Unix
Size
11 kB (10653 bytes)
Hash
ad70e9e898324ea619681e214b8d56f4
15bc66b8fa6f92ab1930efea233e7fcc715c7731
3dc19836ddb504469111ed4b6c1739a55048a4c015ce380d670a881f714722cd

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /trace?id=a00df5e27c&msg=Skipping%20flash%20detection&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:27 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: 9b26b178-881e-468f-9144-777b26aece72
x-runtime: 0.001454
x-host-info: lw-prod-us-i-0249dd4db3d5bbac8, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20plugin%20WebKit%20built-in%20PDF&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830

3.218.83.106

200 OK

9.1 kB

URL GET HTTP/2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20plugin%20WebKit%20built-in%20PDF&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP
3.218.83.106:443
ASN
#14618 AMAZON-AES

Requested by
https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate
IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT

File type
gzip compressed data, max compression, from Unix
Size
9.1 kB (9081 bytes)
Hash
709db20d7465c30ac96f9c9d296f3fd0
1950c5187c2c8d16a70d74d5ff1ab2e9aae4c16e
05b0dc9eb5935e409ef79a706d06d4217e7ffc1cf85fb8ee1c281cba146508d5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /trace?id=a00df5e27c&msg=BrowserDetect%20-%20plugin%20WebKit%20built-in%20PDF&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:27 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: 96923347-681c-4f53-aeba-5a6d21cfc3eb
x-runtime: 0.002367
x-host-info: lw-prod-us-i-0c1d85d7ca1fd3a79, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

tslp.s3.amazonaws.com/assets/owa15/9452e0fae8e6e985ee2a90b5a9c9edbd.ttf

3.5.30.139

200 OK

42 kB

URL GET HTTP/1.1
tslp.s3.amazonaws.com/assets/owa15/9452e0fae8e6e985ee2a90b5a9c9edbd.ttf
IP
3.5.30.139:443
ASN
#14618 AMAZON-AES

Requested by
https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
FingerprintDC:41:A6:3E:EE:32:6F:36:76:5A:EF:9D:17:AF:14:13:E3:05:C6:D1
ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 03 Jul 2024 23:59:59 GMT

File type
TrueType Font data, 16 tables, 1st "OS/2", 11 names, Microsoft, language 0x409, � 2010 Microsoft Corporation. All Rights Reserved.RegularSegoe UI SemilightVersion 1.00 build 16
Size
42 kB (41560 bytes)
Hash
6c26c24aabe31040657665b1e0d9505c
b3bdc48643752665e3e5798a192b27432a87d234
2d508a6e8979bba74b6fdf804c01a09a620c781e0fea73a8eefda904f5bcab25

HTTP Headers

GET /assets/owa15/9452e0fae8e6e985ee2a90b5a9c9edbd.ttf HTTP/1.1
Host: tslp.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://itsupport.corpoutlook.com
DNT: 1
Connection: keep-alive
Referer: https://tslp.s3.amazonaws.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: TlnSVMRi3h6l0XUt8oOrSAoPMOEeC4m3KH7lO/8GwEA8OK3RFhk/yy5p5uXyWY5yPlfKxGA5OK0hQXln4Cossjfl17NcHTCW
x-amz-request-id: TGM0XQJE0FSCM3HX
Date: Wed, 24 Apr 2024 23:48:28 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Max-Age: 3000
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Last-Modified: Thu, 21 Aug 2014 16:45:42 GMT
ETag: "6c26c24aabe31040657665b1e0d9505c"
Cache-Control: max-age=86400
x-amz-version-id: null
Accept-Ranges: bytes
Content-Type: binary/octet-stream
Server: AmazonS3
Content-Length: 41560

tslp.s3.amazonaws.com/assets/owa15/0c867cdde480e06472325e177d40a9c6.ttf

3.5.30.139

200 OK

57 kB

URL GET HTTP/1.1
tslp.s3.amazonaws.com/assets/owa15/0c867cdde480e06472325e177d40a9c6.ttf
IP
3.5.30.139:443
ASN
#14618 AMAZON-AES

Requested by
https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
FingerprintDC:41:A6:3E:EE:32:6F:36:76:5A:EF:9D:17:AF:14:13:E3:05:C6:D1
ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 03 Jul 2024 23:59:59 GMT

File type
TrueType Font data, 18 tables, 1st "LTSH", 11 names, Microsoft, language 0x409, � 2010 Microsoft Corporation. All Rights Reserved.RegularSegoe UI RegularVersion 0.81 Build 159S
Size
57 kB (56760 bytes)
Hash
8af990b6ad3ba192c2dd6a193890bf5f
4db5bf117ff8f1392fab3b438216d7cff4ae4976
c147c2ec76a8ab8bd5082f1f4d3f80a43c689165cb164cdd812e44048fe38708

HTTP Headers

GET /assets/owa15/0c867cdde480e06472325e177d40a9c6.ttf HTTP/1.1
Host: tslp.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://itsupport.corpoutlook.com
DNT: 1
Connection: keep-alive
Referer: https://tslp.s3.amazonaws.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: 4uxeLTIZV/ewtW7pWe2si9adLOVrf/3RvF2q74lqRbTdUoj0m1uqIa+rre+703PCVmvqnjO1qlvj6A9RWteoWG2B77wl/XCx
x-amz-request-id: TGM5ZVFRZVEV7SV0
Date: Wed, 24 Apr 2024 23:48:28 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Max-Age: 3000
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Last-Modified: Thu, 21 Aug 2014 16:45:43 GMT
ETag: "8af990b6ad3ba192c2dd6a193890bf5f"
Cache-Control: max-age=86400
x-amz-version-id: null
Accept-Ranges: bytes
Content-Type: binary/octet-stream
Server: AmazonS3
Content-Length: 56760

tslp.s3.amazonaws.com/assets/owa15/favicon.ico

3.5.30.139

200 OK

7.9 kB

URL GET HTTP/1.1
tslp.s3.amazonaws.com/assets/owa15/favicon.ico
IP
3.5.30.139:443
ASN
#14618 AMAZON-AES

Requested by
https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
FingerprintDC:41:A6:3E:EE:32:6F:36:76:5A:EF:9D:17:AF:14:13:E3:05:C6:D1
ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 03 Jul 2024 23:59:59 GMT

File type
MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
Size
7.9 kB (7886 bytes)
Hash
759fade9033aa298629e4b000dcd6dde
34a1adf5c7326d7bde5b5735471b5d81e611c189
cf0808a61ec571e0c4975663903b288009d55502ac0445d9948983b339a5cf6e

HTTP Headers

GET /assets/owa15/favicon.ico HTTP/1.1
Host: tslp.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: iYVqUK0C6OI5NAlkE73lrGTUPEQcbjF4ga1VNAaIZNKMNxMGV9SfkbgogQZbKKv6BephmDORDsBq1qyDWuWM/S0SkzeYUcI0
x-amz-request-id: TGMCKVN0QE44184H
Date: Wed, 24 Apr 2024 23:48:28 GMT
Last-Modified: Thu, 21 Aug 2014 16:51:00 GMT
ETag: "759fade9033aa298629e4b000dcd6dde"
Cache-Control: max-age=86400
x-amz-version-id: null
Accept-Ranges: bytes
Content-Type: image/vnd.microsoft.icon
Server: AmazonS3
Content-Length: 7886

itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=Skipping%20RealPlayer%20detection&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830

3.218.83.106

200 OK

9.0 kB

URL GET HTTP/2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=Skipping%20RealPlayer%20detection&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP
3.218.83.106:443
ASN
#14618 AMAZON-AES

Requested by
https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate
IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT

File type
gzip compressed data, max compression, from Unix
Size
9.0 kB (8985 bytes)
Hash
d463e95360c317ce3d2c24d4ed63b3ca
97fadf699e45843883744915c3a1ef58a02899dd
ad94852c86a7f2c165a3646373a508947c60da0114841feb88bd1339dea80e7e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /trace?id=a00df5e27c&msg=Skipping%20RealPlayer%20detection&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:27 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: 6b883d98-0a5c-4628-8eca-97787201e537
x-runtime: 0.002118
x-host-info: lw-prod-us-i-04e567bbd45ed26b3, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

itsupport.corpoutlook.com:49153/alt_pixel_click_a00df5e27c.gif?correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830

0.0.0.0

0 B

URL GET
itsupport.corpoutlook.com:49153/alt_pixel_click_a00df5e27c.gif?correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP
0.0.0.0:0
ASN
#0

Requested by
https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /alt_pixel_click_a00df5e27c.gif?correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com:49153
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20browser_version%20%3D%2096&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830

3.218.83.106

200 OK

0 B

URL GET HTTP/2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20browser_version%20%3D%2096&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP
3.218.83.106:443
ASN
#14618 AMAZON-AES

Requested by
https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate
IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /trace?id=a00df5e27c&msg=BrowserDetect%20-%20browser_version%20%3D%2096&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:26 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: 875a30e2-7c3c-48a2-8a27-db485b7fd530
x-runtime: 0.001717
x-host-info: lw-prod-us-i-0249dd4db3d5bbac8, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20height%20%3D%201024&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830

3.218.83.106

200 OK

0 B

URL GET HTTP/2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20height%20%3D%201024&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP
3.218.83.106:443
ASN
#14618 AMAZON-AES

Requested by
https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate
IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /trace?id=a00df5e27c&msg=BrowserDetect%20-%20height%20%3D%201024&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:27 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: 65739293-40ee-465c-a153-199241a29ff0
x-runtime: 0.002056
x-host-info: lw-prod-us-i-04e567bbd45ed26b3, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20plugin%20PDF%20Viewer&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830

3.218.83.106

200 OK

0 B

URL GET HTTP/2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20plugin%20PDF%20Viewer&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP
3.218.83.106:443
ASN
#14618 AMAZON-AES

Requested by
https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate
IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /trace?id=a00df5e27c&msg=BrowserDetect%20-%20plugin%20PDF%20Viewer&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:27 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: 97090bdc-6eb1-46e4-a965-0557e980f78d
x-runtime: 0.002234
x-host-info: lw-prod-us-i-09ea3b3608d2092f7, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20localStorage%20%3D%20true&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830

3.218.83.106

200 OK

0 B

URL GET HTTP/2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20localStorage%20%3D%20true&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP
3.218.83.106:443
ASN
#14618 AMAZON-AES

Requested by
https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate
IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /trace?id=a00df5e27c&msg=BrowserDetect%20-%20localStorage%20%3D%20true&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:26 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: f05cffbb-7d33-477a-a055-39633c917304
x-runtime: 0.001746
x-host-info: lw-prod-us-i-0249dd4db3d5bbac8, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20plugin%20Chrome%20PDF%20Viewer&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830

3.218.83.106

200 OK

0 B

URL GET HTTP/2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20plugin%20Chrome%20PDF%20Viewer&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP
3.218.83.106:443
ASN
#14618 AMAZON-AES

Requested by
https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate
IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /trace?id=a00df5e27c&msg=BrowserDetect%20-%20plugin%20Chrome%20PDF%20Viewer&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:27 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: b44cc970-a3a7-409e-9d4d-5fe8be48dbc1
x-runtime: 0.001530
x-host-info: lw-prod-us-i-0c1d85d7ca1fd3a79, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=browser_post_successful&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830

3.218.83.106

200 OK

0 B

URL GET HTTP/2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=browser_post_successful&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP
3.218.83.106:443
ASN
#14618 AMAZON-AES

Requested by
https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate
IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /trace?id=a00df5e27c&msg=browser_post_successful&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:27 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: e7664fd8-76cb-499f-91fe-7fad76694fff
x-runtime: 0.001491
x-host-info: lw-prod-us-i-0c1d85d7ca1fd3a79, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20hasCookies%20%3D%20true&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830

3.218.83.106

200 OK

0 B

URL GET HTTP/2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20hasCookies%20%3D%20true&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP
3.218.83.106:443
ASN
#14618 AMAZON-AES

Requested by
https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate
IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /trace?id=a00df5e27c&msg=BrowserDetect%20-%20hasCookies%20%3D%20true&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:26 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: e6745869-08fc-45a2-8c97-0c7832b2984c
x-runtime: 0.001900
x-host-info: lw-prod-us-i-04e567bbd45ed26b3, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20os%20%3D%20Linux&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830

3.218.83.106

200 OK

0 B

URL GET HTTP/2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20os%20%3D%20Linux&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP
3.218.83.106:443
ASN
#14618 AMAZON-AES

Requested by
https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate
IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /trace?id=a00df5e27c&msg=BrowserDetect%20-%20os%20%3D%20Linux&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:26 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: fa96d371-9fc0-4d24-8503-d932cb8c1c0e
x-runtime: 0.001563
x-host-info: lw-prod-us-i-0c1d85d7ca1fd3a79, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20colorDepth%20%3D%2024&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830

3.218.83.106

200 OK

0 B

URL GET HTTP/2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20colorDepth%20%3D%2024&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP
3.218.83.106:443
ASN
#14618 AMAZON-AES

Requested by
https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate
IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /trace?id=a00df5e27c&msg=BrowserDetect%20-%20colorDepth%20%3D%2024&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:26 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: cad4065c-e51b-4e99-8abd-dab83f1f0cba
x-runtime: 0.001429
x-host-info: lw-prod-us-i-0249dd4db3d5bbac8, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

itsupport.corpoutlook.com/secure/browser_post

3.218.83.106

200 OK

0 B

URL POST HTTP/2
itsupport.corpoutlook.com/secure/browser_post
IP
3.218.83.106:443
ASN
#14618 AMAZON-AES

Requested by
https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate
IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

POST /secure/browser_post HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 1846
Origin: https://itsupport.corpoutlook.com
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:27 GMT
content-type: image/gif; charset=utf-8
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
vary: Accept-Encoding, Accept
cache-control: no-cache
x-request-id: 6730f5bd-cc0d-4773-a930-a6cfb1380776
x-runtime: 0.006992
x-host-info: lw-prod-us-i-09ea3b3608d2092f7, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20sessionStorage%20%3D%20true&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830

3.218.83.106

200 OK

0 B

URL GET HTTP/2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20sessionStorage%20%3D%20true&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP
3.218.83.106:443
ASN
#14618 AMAZON-AES

Requested by
https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate
IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /trace?id=a00df5e27c&msg=BrowserDetect%20-%20sessionStorage%20%3D%20true&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:26 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: 96a6901a-eb9d-49a7-aa28-858b62473191
x-runtime: 0.001946
x-host-info: lw-prod-us-i-0c1d85d7ca1fd3a79, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=Skipping%20java%20detection&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830

3.218.83.106

200 OK

0 B

URL GET HTTP/2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=Skipping%20java%20detection&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP
3.218.83.106:443
ASN
#14618 AMAZON-AES

Requested by
https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate
IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /trace?id=a00df5e27c&msg=Skipping%20java%20detection&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:27 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: 88ad4782-62b3-4fa5-b5b0-1a96f1bca2e3
x-runtime: 0.002377
x-host-info: lw-prod-us-i-09ea3b3608d2092f7, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

itsupport.corpoutlook.com/6fa00df485e27c34?l=7

3.218.83.106

200 OK

5.0 kB

URL User Request GET HTTP/2
itsupport.corpoutlook.com/6fa00df485e27c34?l=7
IP
3.218.83.106:443
ASN
#14618 AMAZON-AES

Certificate
IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (5301), with no line terminators
Size
5.0 kB (4999 bytes)
Hash
2c2e048e0cda99db3ac1b12bc7d05215
cefb9d4407d0098d80d0429981b1846372fa3336
14d2a2ff6b9a7430e76d1149e45fc6eba1ddf8ea4889381537e386098438b34f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /6fa00df485e27c34?l=7 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:26 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
etag: W/"7c9da90b66d677e5ef6439000ce82d82"
cache-control: max-age=0, private, must-revalidate
set-cookie: EXFILGUID=a00df5e27c; path=/
link_clicked_a00df5e27c=1; path=/
x-request-id: c9dee7f2-0c07-4c50-9756-44f9f5639405
x-runtime: 0.019219
x-host-info: lw-prod-us-i-09ea3b3608d2092f7, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20os_version%20%3D%20&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830

3.218.83.106

200 OK

0 B

URL GET HTTP/2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20os_version%20%3D%20&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP
3.218.83.106:443
ASN
#14618 AMAZON-AES

Requested by
https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate
IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /trace?id=a00df5e27c&msg=BrowserDetect%20-%20os_version%20%3D%20&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:26 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: 053d1821-b1bb-40c7-a7f6-ca15a105e768
x-runtime: 0.001631
x-host-info: lw-prod-us-i-04e567bbd45ed26b3, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20plugin%20Microsoft%20Edge%20PDF%20Viewer&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830

3.218.83.106

200 OK

0 B

URL GET HTTP/2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20plugin%20Microsoft%20Edge%20PDF%20Viewer&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP
3.218.83.106:443
ASN
#14618 AMAZON-AES

Requested by
https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate
IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /trace?id=a00df5e27c&msg=BrowserDetect%20-%20plugin%20Microsoft%20Edge%20PDF%20Viewer&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:27 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: 89f2c13b-06a0-49e6-86be-8d373d8f9567
x-runtime: 0.001162
x-host-info: lw-prod-us-i-0249dd4db3d5bbac8, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

itsupport.corpoutlook.com/assets/ajax/libs/jquery/1.9.1/jquery.min.js

3.218.83.106

200 OK

93 kB

URL GET HTTP/2
itsupport.corpoutlook.com/assets/ajax/libs/jquery/1.9.1/jquery.min.js
IP
3.218.83.106:443
ASN
#14618 AMAZON-AES

Requested by
https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate
IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (32089)
Size
93 kB (92629 bytes)
Hash
397754ba49e9e0cf4e7c190da78dda05
ae49e56999d82802727455f0ba83b63acd90a22b
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /assets/ajax/libs/jquery/1.9.1/jquery.min.js HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:26 GMT
content-type: application/javascript
last-modified: Thu, 11 Apr 2024 13:01:26 GMT
vary: Accept-Encoding
server: ThreatSim-Web-Server
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20browser%20%3D%20Firefox&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830

3.218.83.106

200 OK

0 B

URL GET HTTP/2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20browser%20%3D%20Firefox&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP
3.218.83.106:443
ASN
#14618 AMAZON-AES

Requested by
https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate
IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /trace?id=a00df5e27c&msg=BrowserDetect%20-%20browser%20%3D%20Firefox&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:26 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: 4504303e-7fbb-4be1-907e-df0bc707f3ae
x-runtime: 0.001757
x-host-info: lw-prod-us-i-09ea3b3608d2092f7, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20width%20%3D%201280&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830

3.218.83.106

200 OK

0 B

URL GET HTTP/2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20width%20%3D%201280&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP
3.218.83.106:443
ASN
#14618 AMAZON-AES

Requested by
https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate
IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /trace?id=a00df5e27c&msg=BrowserDetect%20-%20width%20%3D%201280&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:26 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: 0cf0ac57-ac05-456a-b128-870f7c90eb57
x-runtime: 0.001598
x-host-info: lw-prod-us-i-0c1d85d7ca1fd3a79, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20plugin%20Chromium%20PDF%20Viewer&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830

3.218.83.106

200 OK

0 B

URL GET HTTP/2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20plugin%20Chromium%20PDF%20Viewer&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP
3.218.83.106:443
ASN
#14618 AMAZON-AES

Requested by
https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate
IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /trace?id=a00df5e27c&msg=BrowserDetect%20-%20plugin%20Chromium%20PDF%20Viewer&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:27 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: 12083af8-28f4-42d5-a45b-266a33a4813b
x-runtime: 0.002393
x-host-info: lw-prod-us-i-04e567bbd45ed26b3, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20language%20%3D%20en-US&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830

3.218.83.106

200 OK

0 B

URL GET HTTP/2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20language%20%3D%20en-US&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP
3.218.83.106:443
ASN
#14618 AMAZON-AES

Requested by
https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate
IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /trace?id=a00df5e27c&msg=BrowserDetect%20-%20language%20%3D%20en-US&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:26 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: b3dd2e1a-9ad5-40e6-b5f5-5ffdccff1dab
x-runtime: 0.001486
x-host-info: lw-prod-us-i-09ea3b3608d2092f7, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (37)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size