itsupport.corpoutlook.com/assets/all.js?g=a00df5e27c
3.218.83.106200 OK 7.2 kB URL GET HTTP/2 itsupport.corpoutlook.com/assets/all.js?g=a00df5e27c
IP 3.218.83.106:443
Requested by https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT
File type JavaScript source, ASCII text
Hash 097f74fc8f861ece148262a652ab806a
305ecb552c3ff6bd24b56333fab6e731eb81ed30
39b4614f1c87cf0cfd1bc3375642e95825cb2018e0318a36aad766ddb5a8cbe9
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /assets/all.js?g=a00df5e27c HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:26 GMT
content-type: application/javascript
content-length: 7191
last-modified: Thu, 11 Apr 2024 13:01:26 GMT
vary: Accept-Encoding
content-encoding: gzip
server: ThreatSim-Web-Server
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
X-Firefox-Spdy: h2
tslp.s3.amazonaws.com/assets/owa15/2175ac7081e0d4c266371d5ee316ddd2.css
3.5.30.139200 OK 11 kB URL GET HTTP/1.1 tslp.s3.amazonaws.com/assets/owa15/2175ac7081e0d4c266371d5ee316ddd2.css
IP 3.5.30.139:443
Requested by https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate IssuerAmazon
Subject*.s3.amazonaws.com
FingerprintDC:41:A6:3E:EE:32:6F:36:76:5A:EF:9D:17:AF:14:13:E3:05:C6:D1
ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 03 Jul 2024 23:59:59 GMT
File type ASCII text, with CRLF line terminators
Hash b11023ad332a487aeb9d9f3b19588e0c
a5a2ba9b265de6091491bb52ece41d8bdbdaec7f
7e18e25ab4abaa0bce6977a2eb3a4e56d752eb550a35cda9ccbb431f8cfa42fc
GET /assets/owa15/2175ac7081e0d4c266371d5ee316ddd2.css HTTP/1.1
Host: tslp.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: tbG4Oh7c8VFs4Q8v5qsPWfXeCHNgfHWjjZ88rQMiW6JZdxUop2BQo8QUP/Zfnh27HTFUApHd9c6rLdmpKm05bEMqU0sJV/xF
x-amz-request-id: 2GCXFDZVMRGQ0ZKB
Date: Wed, 24 Apr 2024 23:48:27 GMT
Last-Modified: Thu, 21 Aug 2014 16:48:47 GMT
ETag: "b11023ad332a487aeb9d9f3b19588e0c"
x-amz-version-id: null
Accept-Ranges: bytes
Content-Type: text/css
Server: AmazonS3
Content-Length: 10778
tslp.s3.amazonaws.com/detect/plugin_detect.js?guid=a00df5e27c&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
3.5.30.139200 OK 50 kB URL GET HTTP/1.1 tslp.s3.amazonaws.com/detect/plugin_detect.js?guid=a00df5e27c&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP 3.5.30.139:443
Requested by https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate IssuerAmazon
Subject*.s3.amazonaws.com
FingerprintDC:41:A6:3E:EE:32:6F:36:76:5A:EF:9D:17:AF:14:13:E3:05:C6:D1
ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 03 Jul 2024 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (306)
Hash 00a513f07603df01e3b99be00f370754
f0c03b1c50f39c95075df687cd55f18861631526
4bab432979d731f8264bcd9d40422ca7dfcfcb0e0e703288db78bbfa555f853a
GET /detect/plugin_detect.js?guid=a00df5e27c&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: tslp.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: 9kEItnq2nW+6Qn4Qx8KsYGuYOue+7Pq7G6xSIelYyIDR6/L9L7PHMp9ZyDd1ul3fXsW7id5tBAiihd8ANlXxRamQpw8L7T/S
x-amz-request-id: 2GCY84K5AY0HCFKT
Date: Wed, 24 Apr 2024 23:48:27 GMT
Last-Modified: Wed, 15 Feb 2017 17:56:07 GMT
ETag: "00a513f07603df01e3b99be00f370754"
x-amz-version-id: null
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Content-Length: 50085
tslp.s3.amazonaws.com/assets/owa15/Sign_in_arrow.png
3.5.30.139200 OK 1.4 kB URL GET HTTP/1.1 tslp.s3.amazonaws.com/assets/owa15/Sign_in_arrow.png
IP 3.5.30.139:443
Requested by https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate IssuerAmazon
Subject*.s3.amazonaws.com
FingerprintDC:41:A6:3E:EE:32:6F:36:76:5A:EF:9D:17:AF:14:13:E3:05:C6:D1
ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 03 Jul 2024 23:59:59 GMT
File type PNG image data, 22 x 22, 8-bit/color RGBA, non-interlaced
Hash 2fc55ac36211fb6b5a051281cc4898ad
5e2b2882d0bdbe593429a43de72ee3c3652e62ce
07f38b8b8c1f96ed85ecd96988f0454a95d1f665427086a507c72e55ff3ce0e7
GET /assets/owa15/Sign_in_arrow.png HTTP/1.1
Host: tslp.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: 4UMYlzuvu9/ly2dS1y83tU7NpWpabZ7Ws+UL0zETI2HATX8Yx7YjRO7ClxyiDi6VIhgjHrnssf4ODVCd9caBvH2MJPxOR1lt
x-amz-request-id: 2GCKYN7K6MDJT643
Date: Wed, 24 Apr 2024 23:48:27 GMT
Last-Modified: Thu, 21 Aug 2014 17:00:22 GMT
ETag: "2fc55ac36211fb6b5a051281cc4898ad"
x-amz-version-id: null
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 1441
tslp.s3.amazonaws.com/assets/owa15/a2670edfb568be55565d23de965f03aa.png
3.5.30.139200 OK 1.4 kB URL GET HTTP/1.1 tslp.s3.amazonaws.com/assets/owa15/a2670edfb568be55565d23de965f03aa.png
IP 3.5.30.139:443
Requested by https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate IssuerAmazon
Subject*.s3.amazonaws.com
FingerprintDC:41:A6:3E:EE:32:6F:36:76:5A:EF:9D:17:AF:14:13:E3:05:C6:D1
ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 03 Jul 2024 23:59:59 GMT
File type PNG image data, 10 x 879, 8-bit/color RGBA, non-interlaced
Hash 700528c06d9ba83eebb320059f27443f
9c770679e153e060c880c26a7b4e833ed1502aa3
6710ee6e22d5e3e82f70554804806c37aac5789b110d944383ea393d93eb627a
GET /assets/owa15/a2670edfb568be55565d23de965f03aa.png HTTP/1.1
Host: tslp.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: uS3LvJ1VtcrjF8KDNteM0W5xyLH5n5dEFD5FVJ7VctvsLGWd/VZX5f7CXJ1BhcW0422ZoaG4sMR7N1/i5ZVxe0KAPTAMhV9h
x-amz-request-id: 2GCXW6Y53HCH5H6Y
Date: Wed, 24 Apr 2024 23:48:27 GMT
Last-Modified: Thu, 21 Aug 2014 16:45:43 GMT
ETag: "700528c06d9ba83eebb320059f27443f"
x-amz-version-id: null
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 1434
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=redirect_url%20is%20undefined&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
3.218.83.106200 OK 523 B URL GET HTTP/2 itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=redirect_url%20is%20undefined&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP 3.218.83.106:443
Requested by https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT
File type gzip compressed data, max compression, from Unix
Hash 0dfbcd66e1ab47e1802db10f3a0ed7f8
1f7a3bfa3c0c5fa1490cb078df52b94c297468a7
3566838f31798c3649c7441430e9be98625fdcfadda310a5070d072b31d4be41
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /trace?id=a00df5e27c&msg=redirect_url%20is%20undefined&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:27 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: 59526ed7-eeb1-4b71-9220-bce06a18a081
x-runtime: 0.001163
x-host-info: lw-prod-us-i-0249dd4db3d5bbac8, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=Skipping%20quicktime%20detection&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
3.218.83.106200 OK 523 B URL GET HTTP/2 itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=Skipping%20quicktime%20detection&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP 3.218.83.106:443
Requested by https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT
File type gzip compressed data, max compression, from Unix
Hash 0dfbcd66e1ab47e1802db10f3a0ed7f8
1f7a3bfa3c0c5fa1490cb078df52b94c297468a7
3566838f31798c3649c7441430e9be98625fdcfadda310a5070d072b31d4be41
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /trace?id=a00df5e27c&msg=Skipping%20quicktime%20detection&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:27 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: ac8f42bd-5940-4365-9044-795e9cde4368
x-runtime: 0.002221
x-host-info: lw-prod-us-i-04e567bbd45ed26b3, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=Skipping%20Silverlight%20detection&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
3.218.83.106200 OK 9.5 kB URL GET HTTP/2 itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=Skipping%20Silverlight%20detection&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP 3.218.83.106:443
Requested by https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT
File type gzip compressed data, max compression, from Unix
Hash 0d8b23979fe48afc2efabbd84701efe6
d998f0e45f1544a72c19292250c637954b2422bb
308dbfa0247e88dc90ee48ffbeb0aeab7a4d63e61146391fa7dc0fb52721c527
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /trace?id=a00df5e27c&msg=Skipping%20Silverlight%20detection&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:27 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: ea9d552b-25a9-4284-8162-accb01778381
x-runtime: 0.001361
x-host-info: lw-prod-us-i-09ea3b3608d2092f7, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=Skipping%20pdf%20detection&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
3.218.83.106200 OK 6.1 kB URL GET HTTP/2 itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=Skipping%20pdf%20detection&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP 3.218.83.106:443
Requested by https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT
File type gzip compressed data, max compression, from Unix
Hash e56ae7edbeaefc6002656a54c62e4dcb
858275e2e5d70fe79aa984a6a7ef02b7d0200a1c
b9cc3e73d41b575e86b439a21997633acb6c1c269e413cc0d6421f3da9ca6c9c
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /trace?id=a00df5e27c&msg=Skipping%20pdf%20detection&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:27 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: e4326a50-13e1-4883-a0f7-5471d6fbadcf
x-runtime: 0.001868
x-host-info: lw-prod-us-i-0249dd4db3d5bbac8, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=Skipping%20WindowsMediaPlayer%20detection&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
3.218.83.106200 OK 7.4 kB URL GET HTTP/2 itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=Skipping%20WindowsMediaPlayer%20detection&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP 3.218.83.106:443
Requested by https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT
File type gzip compressed data, max compression, from Unix
Hash 1bbe9ccfc43008b13378afd7a5b03b7a
8febda10f2e792e4ccb8d97865c612d40e02238d
d840120122c75709d601d3ef610023685139e5b0999cdda28643613c117ed505
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /trace?id=a00df5e27c&msg=Skipping%20WindowsMediaPlayer%20detection&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:27 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: 0c0c7fed-88c9-45b8-a451-832d732c38ed
x-runtime: 0.002276
x-host-info: lw-prod-us-i-0c1d85d7ca1fd3a79, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=Skipping%20flash%20detection&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
3.218.83.106200 OK 11 kB URL GET HTTP/2 itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=Skipping%20flash%20detection&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP 3.218.83.106:443
Requested by https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT
File type gzip compressed data, max compression, from Unix
Hash ad70e9e898324ea619681e214b8d56f4
15bc66b8fa6f92ab1930efea233e7fcc715c7731
3dc19836ddb504469111ed4b6c1739a55048a4c015ce380d670a881f714722cd
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /trace?id=a00df5e27c&msg=Skipping%20flash%20detection&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:27 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: 9b26b178-881e-468f-9144-777b26aece72
x-runtime: 0.001454
x-host-info: lw-prod-us-i-0249dd4db3d5bbac8, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20plugin%20WebKit%20built-in%20PDF&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
3.218.83.106200 OK 9.1 kB URL GET HTTP/2 itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20plugin%20WebKit%20built-in%20PDF&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP 3.218.83.106:443
Requested by https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT
File type gzip compressed data, max compression, from Unix
Hash 709db20d7465c30ac96f9c9d296f3fd0
1950c5187c2c8d16a70d74d5ff1ab2e9aae4c16e
05b0dc9eb5935e409ef79a706d06d4217e7ffc1cf85fb8ee1c281cba146508d5
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /trace?id=a00df5e27c&msg=BrowserDetect%20-%20plugin%20WebKit%20built-in%20PDF&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:27 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: 96923347-681c-4f53-aeba-5a6d21cfc3eb
x-runtime: 0.002367
x-host-info: lw-prod-us-i-0c1d85d7ca1fd3a79, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
tslp.s3.amazonaws.com/assets/owa15/9452e0fae8e6e985ee2a90b5a9c9edbd.ttf
3.5.30.139200 OK 42 kB URL GET HTTP/1.1 tslp.s3.amazonaws.com/assets/owa15/9452e0fae8e6e985ee2a90b5a9c9edbd.ttf
IP 3.5.30.139:443
Requested by https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate IssuerAmazon
Subject*.s3.amazonaws.com
FingerprintDC:41:A6:3E:EE:32:6F:36:76:5A:EF:9D:17:AF:14:13:E3:05:C6:D1
ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 03 Jul 2024 23:59:59 GMT
File type TrueType Font data, 16 tables, 1st "OS/2", 11 names, Microsoft, language 0x409, � 2010 Microsoft Corporation. All Rights Reserved.RegularSegoe UI SemilightVersion 1.00 build 16
Hash 6c26c24aabe31040657665b1e0d9505c
b3bdc48643752665e3e5798a192b27432a87d234
2d508a6e8979bba74b6fdf804c01a09a620c781e0fea73a8eefda904f5bcab25
GET /assets/owa15/9452e0fae8e6e985ee2a90b5a9c9edbd.ttf HTTP/1.1
Host: tslp.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://itsupport.corpoutlook.com
DNT: 1
Connection: keep-alive
Referer: https://tslp.s3.amazonaws.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: TlnSVMRi3h6l0XUt8oOrSAoPMOEeC4m3KH7lO/8GwEA8OK3RFhk/yy5p5uXyWY5yPlfKxGA5OK0hQXln4Cossjfl17NcHTCW
x-amz-request-id: TGM0XQJE0FSCM3HX
Date: Wed, 24 Apr 2024 23:48:28 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Max-Age: 3000
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Last-Modified: Thu, 21 Aug 2014 16:45:42 GMT
ETag: "6c26c24aabe31040657665b1e0d9505c"
Cache-Control: max-age=86400
x-amz-version-id: null
Accept-Ranges: bytes
Content-Type: binary/octet-stream
Server: AmazonS3
Content-Length: 41560
tslp.s3.amazonaws.com/assets/owa15/0c867cdde480e06472325e177d40a9c6.ttf
3.5.30.139200 OK 57 kB URL GET HTTP/1.1 tslp.s3.amazonaws.com/assets/owa15/0c867cdde480e06472325e177d40a9c6.ttf
IP 3.5.30.139:443
Requested by https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate IssuerAmazon
Subject*.s3.amazonaws.com
FingerprintDC:41:A6:3E:EE:32:6F:36:76:5A:EF:9D:17:AF:14:13:E3:05:C6:D1
ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 03 Jul 2024 23:59:59 GMT
File type TrueType Font data, 18 tables, 1st "LTSH", 11 names, Microsoft, language 0x409, � 2010 Microsoft Corporation. All Rights Reserved.RegularSegoe UI RegularVersion 0.81 Build 159S
Hash 8af990b6ad3ba192c2dd6a193890bf5f
4db5bf117ff8f1392fab3b438216d7cff4ae4976
c147c2ec76a8ab8bd5082f1f4d3f80a43c689165cb164cdd812e44048fe38708
GET /assets/owa15/0c867cdde480e06472325e177d40a9c6.ttf HTTP/1.1
Host: tslp.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://itsupport.corpoutlook.com
DNT: 1
Connection: keep-alive
Referer: https://tslp.s3.amazonaws.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: 4uxeLTIZV/ewtW7pWe2si9adLOVrf/3RvF2q74lqRbTdUoj0m1uqIa+rre+703PCVmvqnjO1qlvj6A9RWteoWG2B77wl/XCx
x-amz-request-id: TGM5ZVFRZVEV7SV0
Date: Wed, 24 Apr 2024 23:48:28 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Max-Age: 3000
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Last-Modified: Thu, 21 Aug 2014 16:45:43 GMT
ETag: "8af990b6ad3ba192c2dd6a193890bf5f"
Cache-Control: max-age=86400
x-amz-version-id: null
Accept-Ranges: bytes
Content-Type: binary/octet-stream
Server: AmazonS3
Content-Length: 56760
tslp.s3.amazonaws.com/assets/owa15/favicon.ico
3.5.30.139200 OK 7.9 kB URL GET HTTP/1.1 tslp.s3.amazonaws.com/assets/owa15/favicon.ico
IP 3.5.30.139:443
Requested by https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate IssuerAmazon
Subject*.s3.amazonaws.com
FingerprintDC:41:A6:3E:EE:32:6F:36:76:5A:EF:9D:17:AF:14:13:E3:05:C6:D1
ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 03 Jul 2024 23:59:59 GMT
File type MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
Hash 759fade9033aa298629e4b000dcd6dde
34a1adf5c7326d7bde5b5735471b5d81e611c189
cf0808a61ec571e0c4975663903b288009d55502ac0445d9948983b339a5cf6e
GET /assets/owa15/favicon.ico HTTP/1.1
Host: tslp.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: iYVqUK0C6OI5NAlkE73lrGTUPEQcbjF4ga1VNAaIZNKMNxMGV9SfkbgogQZbKKv6BephmDORDsBq1qyDWuWM/S0SkzeYUcI0
x-amz-request-id: TGMCKVN0QE44184H
Date: Wed, 24 Apr 2024 23:48:28 GMT
Last-Modified: Thu, 21 Aug 2014 16:51:00 GMT
ETag: "759fade9033aa298629e4b000dcd6dde"
Cache-Control: max-age=86400
x-amz-version-id: null
Accept-Ranges: bytes
Content-Type: image/vnd.microsoft.icon
Server: AmazonS3
Content-Length: 7886
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=Skipping%20RealPlayer%20detection&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
3.218.83.106200 OK 9.0 kB URL GET HTTP/2 itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=Skipping%20RealPlayer%20detection&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP 3.218.83.106:443
Requested by https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT
File type gzip compressed data, max compression, from Unix
Hash d463e95360c317ce3d2c24d4ed63b3ca
97fadf699e45843883744915c3a1ef58a02899dd
ad94852c86a7f2c165a3646373a508947c60da0114841feb88bd1339dea80e7e
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /trace?id=a00df5e27c&msg=Skipping%20RealPlayer%20detection&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:27 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: 6b883d98-0a5c-4628-8eca-97787201e537
x-runtime: 0.002118
x-host-info: lw-prod-us-i-04e567bbd45ed26b3, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
itsupport.corpoutlook.com:49153/alt_pixel_click_a00df5e27c.gif?correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
0.0.0.0 0 B URL GET itsupport.corpoutlook.com:49153/alt_pixel_click_a00df5e27c.gif?correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP 0.0.0.0:0
Requested by https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /alt_pixel_click_a00df5e27c.gif?correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com:49153
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20browser_version%20%3D%2096&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
3.218.83.106200 OK 0 B URL GET HTTP/2 itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20browser_version%20%3D%2096&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP 3.218.83.106:443
Requested by https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /trace?id=a00df5e27c&msg=BrowserDetect%20-%20browser_version%20%3D%2096&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:26 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: 875a30e2-7c3c-48a2-8a27-db485b7fd530
x-runtime: 0.001717
x-host-info: lw-prod-us-i-0249dd4db3d5bbac8, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20height%20%3D%201024&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
3.218.83.106200 OK 0 B URL GET HTTP/2 itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20height%20%3D%201024&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP 3.218.83.106:443
Requested by https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /trace?id=a00df5e27c&msg=BrowserDetect%20-%20height%20%3D%201024&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:27 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: 65739293-40ee-465c-a153-199241a29ff0
x-runtime: 0.002056
x-host-info: lw-prod-us-i-04e567bbd45ed26b3, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20plugin%20PDF%20Viewer&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
3.218.83.106200 OK 0 B URL GET HTTP/2 itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20plugin%20PDF%20Viewer&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP 3.218.83.106:443
Requested by https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /trace?id=a00df5e27c&msg=BrowserDetect%20-%20plugin%20PDF%20Viewer&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:27 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: 97090bdc-6eb1-46e4-a965-0557e980f78d
x-runtime: 0.002234
x-host-info: lw-prod-us-i-09ea3b3608d2092f7, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20localStorage%20%3D%20true&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
3.218.83.106200 OK 0 B URL GET HTTP/2 itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20localStorage%20%3D%20true&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP 3.218.83.106:443
Requested by https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /trace?id=a00df5e27c&msg=BrowserDetect%20-%20localStorage%20%3D%20true&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:26 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: f05cffbb-7d33-477a-a055-39633c917304
x-runtime: 0.001746
x-host-info: lw-prod-us-i-0249dd4db3d5bbac8, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20plugin%20Chrome%20PDF%20Viewer&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
3.218.83.106200 OK 0 B URL GET HTTP/2 itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20plugin%20Chrome%20PDF%20Viewer&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP 3.218.83.106:443
Requested by https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /trace?id=a00df5e27c&msg=BrowserDetect%20-%20plugin%20Chrome%20PDF%20Viewer&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:27 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: b44cc970-a3a7-409e-9d4d-5fe8be48dbc1
x-runtime: 0.001530
x-host-info: lw-prod-us-i-0c1d85d7ca1fd3a79, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=browser_post_successful&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
3.218.83.106200 OK 0 B URL GET HTTP/2 itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=browser_post_successful&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP 3.218.83.106:443
Requested by https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /trace?id=a00df5e27c&msg=browser_post_successful&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:27 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: e7664fd8-76cb-499f-91fe-7fad76694fff
x-runtime: 0.001491
x-host-info: lw-prod-us-i-0c1d85d7ca1fd3a79, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20hasCookies%20%3D%20true&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
3.218.83.106200 OK 0 B URL GET HTTP/2 itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20hasCookies%20%3D%20true&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP 3.218.83.106:443
Requested by https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /trace?id=a00df5e27c&msg=BrowserDetect%20-%20hasCookies%20%3D%20true&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:26 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: e6745869-08fc-45a2-8c97-0c7832b2984c
x-runtime: 0.001900
x-host-info: lw-prod-us-i-04e567bbd45ed26b3, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20os%20%3D%20Linux&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
3.218.83.106200 OK 0 B URL GET HTTP/2 itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20os%20%3D%20Linux&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP 3.218.83.106:443
Requested by https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /trace?id=a00df5e27c&msg=BrowserDetect%20-%20os%20%3D%20Linux&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:26 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: fa96d371-9fc0-4d24-8503-d932cb8c1c0e
x-runtime: 0.001563
x-host-info: lw-prod-us-i-0c1d85d7ca1fd3a79, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20colorDepth%20%3D%2024&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
3.218.83.106200 OK 0 B URL GET HTTP/2 itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20colorDepth%20%3D%2024&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP 3.218.83.106:443
Requested by https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /trace?id=a00df5e27c&msg=BrowserDetect%20-%20colorDepth%20%3D%2024&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:26 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: cad4065c-e51b-4e99-8abd-dab83f1f0cba
x-runtime: 0.001429
x-host-info: lw-prod-us-i-0249dd4db3d5bbac8, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
itsupport.corpoutlook.com/secure/browser_post
3.218.83.106200 OK 0 B URL POST HTTP/2 itsupport.corpoutlook.com/secure/browser_post
IP 3.218.83.106:443
Requested by https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
POST /secure/browser_post HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 1846
Origin: https://itsupport.corpoutlook.com
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:27 GMT
content-type: image/gif; charset=utf-8
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
vary: Accept-Encoding, Accept
cache-control: no-cache
x-request-id: 6730f5bd-cc0d-4773-a930-a6cfb1380776
x-runtime: 0.006992
x-host-info: lw-prod-us-i-09ea3b3608d2092f7, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20sessionStorage%20%3D%20true&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
3.218.83.106200 OK 0 B URL GET HTTP/2 itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20sessionStorage%20%3D%20true&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP 3.218.83.106:443
Requested by https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /trace?id=a00df5e27c&msg=BrowserDetect%20-%20sessionStorage%20%3D%20true&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:26 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: 96a6901a-eb9d-49a7-aa28-858b62473191
x-runtime: 0.001946
x-host-info: lw-prod-us-i-0c1d85d7ca1fd3a79, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=Skipping%20java%20detection&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
3.218.83.106200 OK 0 B URL GET HTTP/2 itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=Skipping%20java%20detection&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP 3.218.83.106:443
Requested by https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /trace?id=a00df5e27c&msg=Skipping%20java%20detection&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:27 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: 88ad4782-62b3-4fa5-b5b0-1a96f1bca2e3
x-runtime: 0.002377
x-host-info: lw-prod-us-i-09ea3b3608d2092f7, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
itsupport.corpoutlook.com/6fa00df485e27c34?l=7
3.218.83.106200 OK 5.0 kB URL User Request GET HTTP/2 itsupport.corpoutlook.com/6fa00df485e27c34?l=7
IP 3.218.83.106:443
Certificate IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT
File type HTML document, Unicode text, UTF-8 text, with very long lines (5301), with no line terminators
Hash 2c2e048e0cda99db3ac1b12bc7d05215
cefb9d4407d0098d80d0429981b1846372fa3336
14d2a2ff6b9a7430e76d1149e45fc6eba1ddf8ea4889381537e386098438b34f
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /6fa00df485e27c34?l=7 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:26 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
etag: W/"7c9da90b66d677e5ef6439000ce82d82"
cache-control: max-age=0, private, must-revalidate
set-cookie: EXFILGUID=a00df5e27c; path=/
link_clicked_a00df5e27c=1; path=/
x-request-id: c9dee7f2-0c07-4c50-9756-44f9f5639405
x-runtime: 0.019219
x-host-info: lw-prod-us-i-09ea3b3608d2092f7, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20os_version%20%3D%20&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
3.218.83.106200 OK 0 B URL GET HTTP/2 itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20os_version%20%3D%20&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP 3.218.83.106:443
Requested by https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /trace?id=a00df5e27c&msg=BrowserDetect%20-%20os_version%20%3D%20&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:26 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: 053d1821-b1bb-40c7-a7f6-ca15a105e768
x-runtime: 0.001631
x-host-info: lw-prod-us-i-04e567bbd45ed26b3, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20plugin%20Microsoft%20Edge%20PDF%20Viewer&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
3.218.83.106200 OK 0 B URL GET HTTP/2 itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20plugin%20Microsoft%20Edge%20PDF%20Viewer&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP 3.218.83.106:443
Requested by https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /trace?id=a00df5e27c&msg=BrowserDetect%20-%20plugin%20Microsoft%20Edge%20PDF%20Viewer&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:27 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: 89f2c13b-06a0-49e6-86be-8d373d8f9567
x-runtime: 0.001162
x-host-info: lw-prod-us-i-0249dd4db3d5bbac8, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
itsupport.corpoutlook.com/assets/ajax/libs/jquery/1.9.1/jquery.min.js
3.218.83.106200 OK 93 kB URL GET HTTP/2 itsupport.corpoutlook.com/assets/ajax/libs/jquery/1.9.1/jquery.min.js
IP 3.218.83.106:443
Requested by https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (32089)
Hash 397754ba49e9e0cf4e7c190da78dda05
ae49e56999d82802727455f0ba83b63acd90a22b
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /assets/ajax/libs/jquery/1.9.1/jquery.min.js HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:26 GMT
content-type: application/javascript
last-modified: Thu, 11 Apr 2024 13:01:26 GMT
vary: Accept-Encoding
server: ThreatSim-Web-Server
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20browser%20%3D%20Firefox&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
3.218.83.106200 OK 0 B URL GET HTTP/2 itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20browser%20%3D%20Firefox&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP 3.218.83.106:443
Requested by https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /trace?id=a00df5e27c&msg=BrowserDetect%20-%20browser%20%3D%20Firefox&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:26 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: 4504303e-7fbb-4be1-907e-df0bc707f3ae
x-runtime: 0.001757
x-host-info: lw-prod-us-i-09ea3b3608d2092f7, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20width%20%3D%201280&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
3.218.83.106200 OK 0 B URL GET HTTP/2 itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20width%20%3D%201280&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP 3.218.83.106:443
Requested by https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /trace?id=a00df5e27c&msg=BrowserDetect%20-%20width%20%3D%201280&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:26 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: 0cf0ac57-ac05-456a-b128-870f7c90eb57
x-runtime: 0.001598
x-host-info: lw-prod-us-i-0c1d85d7ca1fd3a79, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20plugin%20Chromium%20PDF%20Viewer&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
3.218.83.106200 OK 0 B URL GET HTTP/2 itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20plugin%20Chromium%20PDF%20Viewer&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP 3.218.83.106:443
Requested by https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /trace?id=a00df5e27c&msg=BrowserDetect%20-%20plugin%20Chromium%20PDF%20Viewer&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:27 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: 12083af8-28f4-42d5-a45b-266a33a4813b
x-runtime: 0.002393
x-host-info: lw-prod-us-i-04e567bbd45ed26b3, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20language%20%3D%20en-US&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
3.218.83.106200 OK 0 B URL GET HTTP/2 itsupport.corpoutlook.com/trace?id=a00df5e27c&msg=BrowserDetect%20-%20language%20%3D%20en-US&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830
IP 3.218.83.106:443
Requested by https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
Certificate IssuerAmazon
Subjectbreaking-news-now.com
FingerprintB5:9F:65:CF:CB:9F:62:06:21:6A:E7:7B:9D:1A:F8:6F:08:39:86:48
ValidityTue, 19 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /trace?id=a00df5e27c&msg=BrowserDetect%20-%20language%20%3D%20en-US&correlation_id=8dc7d9c3-afec-460c-a8bc-132380873830 HTTP/1.1
Host: itsupport.corpoutlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://itsupport.corpoutlook.com/6fa00df485e27c34?l=7
DNT: 1
Connection: keep-alive
Cookie: EXFILGUID=a00df5e27c; link_clicked_a00df5e27c=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:48:26 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
x-request-id: b3dd2e1a-9ad5-40e6-b5f5-5ffdccff1dab
x-runtime: 0.001486
x-host-info: lw-prod-us-i-09ea3b3608d2092f7, ; 7ab042967e623923e817fbc8931e097004f737c7
server: ThreatSim-Web-Server
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2