Report - tracker.club-os.com/campaign/click?qDomYmsgId=d738c6bd137e6a03157c6c728cbc659e734fc398&test=false&target=jerfm.com/gkvd/hGhk/befb03e274dfd25d4255e84468727cd0/CfSWAm/ZXVmZW1pYS5sZW50aW5pQGRqb2dsb2JhbC5jb20=

Report Overview

Submitted URL
tracker.club-os.com/campaign/click?qDomYmsgId=d738c6bd137e6a03157c6c728cbc659e734fc398&test=false&target=jerfm.com/gkvd/hGhk/befb03e274dfd25d4255e84468727cd0/CfSWAm/ZXVmZW1pYS5sZW50aW5pQGRqb2dsb2JhbC5jb20=
IP
52.0.248.145
ASN
#14618 AMAZON-AES
Submitted
2024-04-16 07:34:33
Access
public
Website Title
94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=eufemia.lentini@djoglobal.com
Final URL
94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=eufemia.lentini@djoglobal.com
Tags
phishing microsoft outlook
urlquery detections
Phishing - Microsoft Outlook

Detections

urlquery
7
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
jerfm.com	unknown	2023-06-27	2015-02-06	2024-04-15	1.0 kB	942 B	192.99.71.92
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20	2024-04-15	2.5 kB	170 kB	104.17.2.184
legacywhf.com	unknown	2024-01-18	2024-02-19	2024-04-14	3.9 kB	9.6 kB	5.230.40.9
94e6f5a7.58598891ef09ac737cee0cf3.workers.dev	unknown	2019-02-08	2024-04-12	2024-04-14	1.3 kB	5.6 kB	104.21.88.101
tracker.club-os.com	870552	2011-01-10	2014-02-20	2024-04-16	659 B	263 B	52.0.248.145

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-14	medium	94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/	Office365
2024-04-14	medium	94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/	Office365

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (37)

		Size	First Seen	Last Seen
	#1 Eval - c74db720ff59de657ae590cb85dab9fc	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 09:34:33 Last Seen2024-04-16 09:34:33 Times Seen1 Hash c74db720ff59de657ae590cb85dab9fc d33c90df89bfdae3858ae5c185f87ead9a89a50d 8c644c36d547a11ac6f3a0dc67f2b4c28fb7bc0cabbf02bf9b8404361747e945 Loading...

	#2 Eval - 79c7cbd9185caf5dc004688bfdcb8890	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 09:34:33 Last Seen2024-04-16 09:34:33 Times Seen1 Hash 79c7cbd9185caf5dc004688bfdcb8890 4a69b7728bb4c7f73d46582659721a49904c8211 73198bdcde02fcda2f633362c7f617b64a690d3b0cbcf372a2db3e96b05b871a Loading...

	#3 Eval - 3c3dc03706b98254e8c86dd9ed5ebd61	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 09:34:33 Last Seen2024-04-16 09:34:33 Times Seen1 Hash 3c3dc03706b98254e8c86dd9ed5ebd61 45c0717c38db98dac20c1701e99edcf9d2851b40 0279c945cf131df560c1a37c6f31fab60e26805de6878b9872608573e2c9dcc4 Loading...

	#4 Eval - ac6d43b49aec2f87daf340337b6a7882	60 B	2024-04-04	2024-04-17
Pretty Observations First Seen2024-04-04 12:28:09 Last Seen2024-04-17 16:04:31 Times Seen3428 Hash ac6d43b49aec2f87daf340337b6a7882 d3874a31a6b7fe11121edc3ed80fdc8b66f6589a 1af55b64e0b39e0f5f760a8050b284a66fe404ddff945697590f8240798311b2 Loading...

	#5 Eval - d41c686ccadf27cfe2c4f48ddfc7338b	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 09:34:33 Last Seen2024-04-16 09:34:33 Times Seen1 Hash d41c686ccadf27cfe2c4f48ddfc7338b 274674eec0066c0be1967a0801c0eff0a61a19c2 6280137dcd38ac180b13539df195956ed11dfd8719d273534a0c6a62f62b21c3 Loading...

	#6 Eval - d64af02f84b3b341ac7361a3f2682c6a	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 09:34:33 Last Seen2024-04-16 09:34:33 Times Seen1 Hash d64af02f84b3b341ac7361a3f2682c6a e91797ed19c61c0d78a38c3e638267e63d1d84b3 740fdce56daa8d8731f42345afba032b2adf5a521dd4b6022cf226cbd3ed1aa2 Loading...

	#7 Eval - 673a3f199b28ecbc0cf5552f6b578710	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 09:34:33 Last Seen2024-04-16 09:34:33 Times Seen1 Hash 673a3f199b28ecbc0cf5552f6b578710 c67d02b6fb9231df3fda263d38fa0daa5cbfeeda c3b903c7a2bf3310de1b8e43a23e292375e4d39eda19f7cced74fcdde62a492e Loading...

	#8 Eval - d104e37d72ae644bede56a1f184694d8	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 09:34:33 Last Seen2024-04-16 09:34:33 Times Seen1 Hash d104e37d72ae644bede56a1f184694d8 3b397d0d45eda101efd1fe59cc2e0ae742862bff 82240aae2de8020520a234b7ebf5ca3f6023dfaa5ccf47c17020bb2e5e845c72 Loading...

	#9 Eval - 12f558cc00db0cdf8b326fd5669a0740	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 09:34:33 Last Seen2024-04-16 09:34:33 Times Seen1 Hash 12f558cc00db0cdf8b326fd5669a0740 98ac737c22b27b7438d55626d9ff1bd3fbf731ea a2335b4a3a33beac0251c4a57ac5863a3d84ffbe9c13899ea7543c3a7bcc778c Loading...

	#10 Eval - 81b39fd7fcf04b97d3cc56cab7b0b3a6	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 09:34:33 Last Seen2024-04-16 09:34:33 Times Seen1 Hash 81b39fd7fcf04b97d3cc56cab7b0b3a6 10fcd6d02477696857b9b7df23dda915603ed899 a1f5ee1f99481e85285de88f7a63df7dfbb82f5728e7d908c3d34c7330379d39 Loading...

	#11 Eval - 6264d88c98eef86bcccf23b6e983cb81	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 09:34:33 Last Seen2024-04-16 09:34:33 Times Seen1 Hash 6264d88c98eef86bcccf23b6e983cb81 75222d0142c397b1478d5e8d37322320d50c5ecc 5886c601776a275155a97c772aad3501b65d540d0fddd0449700783319b559e9 Loading...

	#12 Eval - f0e1c65663607d5970c5c282531903fb	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 09:34:33 Last Seen2024-04-16 09:34:33 Times Seen1 Hash f0e1c65663607d5970c5c282531903fb 2f6ca3460a3796a1f7d35d65d5028895299cd23b edfa18d9bde316d0fb2e0c638f503fa0d00ed008675dfda5273417e0667073ff Loading...

	#13 Eval - 42b25838051587e4096ff9244597293d	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 09:34:33 Last Seen2024-04-16 09:34:33 Times Seen1 Hash 42b25838051587e4096ff9244597293d b1d888a7474b65082a7c805a2a091910a15bcf1b 3c92a1b5c00c6cd84b3c4742436aa95d598aec12957d9c252c3a2ae4566753f1 Loading...

	#14 Eval - 3eb4a31bfc5ff9d0f427918bc4c95cde	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 09:34:33 Last Seen2024-04-16 09:34:33 Times Seen1 Hash 3eb4a31bfc5ff9d0f427918bc4c95cde b339a1cbb4de5a1dee2343b99eebe1521d02424d 8b39b85dc9aa077809f1db666dc5dc1ea3b6c1854ef0440c337fdc1be6719d5e Loading...

	#15 Eval - 14eb016f2dc159d6e714f72c634dba1e	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 09:34:33 Last Seen2024-04-16 09:34:33 Times Seen1 Hash 14eb016f2dc159d6e714f72c634dba1e 347ec3a9ea513dae7b063744c6b8b03e1253c020 d49f174ef92a605d35f6540ccf16051ce80c2466ee1b1a91db59c9efa0ea93b4 Loading...

	#16 Eval - 8a3678b7c27c6cf1bb79b6b99a8ca94d	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 09:34:33 Last Seen2024-04-16 09:34:33 Times Seen1 Hash 8a3678b7c27c6cf1bb79b6b99a8ca94d 624a4de846594cfebc836bddb49e55bead4fdf47 533ac4b7fdbda0c3228f2796694d3bc3dc190399953a865424181bd2014795b0 Loading...

	#17 Eval - d526e4c01e13e439e07157f8dfc85ec4	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 09:34:33 Last Seen2024-04-16 09:34:34 Times Seen1 Hash d526e4c01e13e439e07157f8dfc85ec4 ac4f2ce06699347723791d8efc745967ecb60c24 0792e25db45a46d5ffde5ebc7667d24e0dd3f4b183642f0856a4c2c64df49dce Loading...

	#18 Eval - 9e925e9341b490bfd3b4c4ca3b0c1ef2	4 B	2023-03-07	2024-04-29
Pretty Observations First Seen2023-03-07 01:03:43 Last Seen2024-04-29 21:19:11 Times Seen350642 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	#19 Eval - acc79ec4c7e05df0a089d088a3a728a3	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 09:34:34 Last Seen2024-04-16 09:34:34 Times Seen1 Hash acc79ec4c7e05df0a089d088a3a728a3 2362cfc075733b8a285c3ecd210953538f710ed8 c860232e471f4be9919362bf5288ab04ea84313988079d136eff3f490f86520a Loading...

	#20 Eval - 44b87b46fb6fa498fa3c311fcf9fe28e	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 09:34:34 Last Seen2024-04-16 09:34:34 Times Seen1 Hash 44b87b46fb6fa498fa3c311fcf9fe28e a6e771c8b8e2bca6178f05d56a4f433081a835c9 5df3ff64d7695d6734bff847fa9d2b804c3f96b7961f98c18aadbe3222e731c5 Loading...

	#21 Eval - 6dbb265af6d8a8eb4ea392e1daf2d6e3	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 09:34:34 Last Seen2024-04-16 09:34:34 Times Seen1 Hash 6dbb265af6d8a8eb4ea392e1daf2d6e3 b5217fc6135101d1e8205c797b002cf2bb367e28 44a9c7c96a699a2d3403a93e73cc5696ba73469c278774c1661bcc62001c5115 Loading...

	#22 Eval - d8377feb2faa355bd2fb507520bdc49b	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 09:34:34 Last Seen2024-04-16 09:34:34 Times Seen1 Hash d8377feb2faa355bd2fb507520bdc49b 57c86e81c39bf12dcc4ecd6ab48cf71185725f81 5c16ad56af1f824d0775051d8a59e467458cf66042006f869a7ae2f0491a045c Loading...

	#23 Eval - 06290d22604db356ab1358aae193c948	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 09:34:34 Last Seen2024-04-16 09:34:34 Times Seen1 Hash 06290d22604db356ab1358aae193c948 075227f3ec9155bdd65c50a127b1520126057310 f6a50afdeb7fdf1cb4139007c0ca255a25679752ca42f613b2e86bf3683eb7eb Loading...

	#24 Eval - b974fcd170b801031066b4633024ed3c	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 09:34:34 Last Seen2024-04-16 09:34:34 Times Seen1 Hash b974fcd170b801031066b4633024ed3c be2597cc6b17e7b02d6208200d2a4faedd4fdf7a 15f3d31dfa6bad9f8292402ee8fe430510b9f45f117497c835ef300b562d54b3 Loading...

	#25 Eval - 9f4b5afdf0117434b66f32e01344d121	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 09:34:34 Last Seen2024-04-16 09:34:34 Times Seen1 Hash 9f4b5afdf0117434b66f32e01344d121 bbde44a222cc00b4e1222d012a1e10731ab1cf97 ca1c0a20f0a27f936213da3193334b04fe72edbe6ef9c24cf0c0f9b716b490ac Loading...

	#26 Eval - 79be165ea9754e04979601b05c4fc0d0	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 09:34:34 Last Seen2024-04-16 09:34:34 Times Seen1 Hash 79be165ea9754e04979601b05c4fc0d0 4be434c21d60b89f3e90f98ba7edf73629636c4a 20140d2b1ae2d6875f2424c83ff077fec9b59ca742c68ccbb3032f2881f7b2bb Loading...

	#27 Eval - fd222cba9290774e921c9be6a8892e17	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 09:34:34 Last Seen2024-04-16 09:34:34 Times Seen1 Hash fd222cba9290774e921c9be6a8892e17 288c67968fcc7fd41545b3b9c730dc39ad07e50a ea8074228fa8a17e1600a5294fb756d09399cc69c62176c3546791bf6d2c340c Loading...

	#28 Eval - 14bdea3b294bb3b7b035f4dc9dc81f90	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 09:34:34 Last Seen2024-04-16 09:34:34 Times Seen1 Hash 14bdea3b294bb3b7b035f4dc9dc81f90 fd840a37fb831f5c8aed73d15d4be730248df20a 88014cafaf4d83b2af7148ad82fcd6db000bae0ddcbd4e38d5e1a8b140d7508f Loading...

	#29 Eval - b8b4bec5a3b7ec870bb5fbf967baa5f2	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 09:34:34 Last Seen2024-04-16 09:34:34 Times Seen1 Hash b8b4bec5a3b7ec870bb5fbf967baa5f2 aebc7d3f7e4addf046d9567afd4753f4e5b7fb27 92916bc0dcf3a95c1b5fd11f518595bb275f92038ff7ec2c79cfb53931b7fe58 Loading...

	#30 Eval - e96f4980415d1c046b1a1c76abbac4a7	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 09:34:34 Last Seen2024-04-16 09:34:34 Times Seen1 Hash e96f4980415d1c046b1a1c76abbac4a7 c33eb2efc8ca54111209d4a0fca072dd1a80fe7e 085420b5034562bfbdf4e2873bbd559dc9b3f3abd5f43877de568fb4af23d93c Loading...

	#31 Eval - 27afdc31db1ba819879bbbf62573f64d	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 09:34:34 Last Seen2024-04-16 09:34:34 Times Seen1 Hash 27afdc31db1ba819879bbbf62573f64d b0edad15b210641e54907a347cc9bab0262ebef5 bb2ed93bb0b8f9f1804a96b352435962798adc2f4fcdb42b522bf1c44124ec6b Loading...

	#32 Eval - f87be9b35ca8984910b96eff15de67a0	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 09:34:34 Last Seen2024-04-16 09:34:34 Times Seen1 Hash f87be9b35ca8984910b96eff15de67a0 e6ad1d0c8e5e00ab7b651357132342cb6667f8a0 1dbb369481e8dbce43e250cbbd6643520ec926852657f3c709f7d7772946934c Loading...

	#33 Eval - 74d1782ee9d933efc219d57a40122af9	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 09:34:34 Last Seen2024-04-16 09:34:34 Times Seen1 Hash 74d1782ee9d933efc219d57a40122af9 44a8820a94f3b3045aaae6e156e35800a5f8ff89 570e529507e956cccbfc3a5249dceeadcdac8ca9ef5f59fccbd323a91ebe201d Loading...

	#34 Eval - f6f8ac80ba3bdb6a0174a8fc1be410ae	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 09:34:34 Last Seen2024-04-16 09:34:34 Times Seen1 Hash f6f8ac80ba3bdb6a0174a8fc1be410ae c8fabeb4795a2a49f4a0e2309c9c9cbbec16303e 9fe0c3f9e226e218220736a81f18dc5358348b8cc47e0c10fe5d8cf8fe0f4f61 Loading...

	#35 Eval - ca41e0067a740d9a1fb9fd3a31232b54	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 09:34:34 Last Seen2024-04-16 09:34:34 Times Seen1 Hash ca41e0067a740d9a1fb9fd3a31232b54 33547970ee77488e7991b180ff5ee6c16aa5a9fa 378f667c7707e7285bd99241dcf9a853996ad1e2ceaa940dfd7dc152b2afd35e Loading...

	#36 Eval - f91f0d28d864a0fa234d7ad8b34ed2ce	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 09:34:34 Last Seen2024-04-16 09:34:34 Times Seen1 Hash f91f0d28d864a0fa234d7ad8b34ed2ce 332163565c9575922fb2d517c0de83e1b0751c00 7f2ae3390702093f831cb62403527e4ec8b4b22df25abf3a8be95729d38108ce Loading...

		Size	First Seen	Last Seen
	#1 Write - 086707e4369f60afedcafb16050a7618	39 B	2023-03-07	2024-04-29
Pretty Observations First Seen2023-03-07 01:03:24 Last Seen2024-04-29 21:17:39 Times Seen44667 Hash 086707e4369f60afedcafb16050a7618 8216b0cc6876cbd44f01c158e7dff3833ceccd41 a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e Loading...

HTTP Transactions (13)

URL IP Response Size

tracker.club-os.com/campaign/click?qDomYmsgId=d738c6bd137e6a03157c6c728cbc659e734fc398&test=false&target=jerfm.com/gkvd/hGhk/befb03e274dfd25d4255e84468727cd0/CfSWAm/ZXVmZW1pYS5sZW50aW5pQGRqb2dsb2JhbC5jb20=

52.0.248.145

0 B

URL
tracker.club-os.com/campaign/click?qDomYmsgId=d738c6bd137e6a03157c6c728cbc659e734fc398&test=false&target=jerfm.com/gkvd/hGhk/befb03e274dfd25d4255e84468727cd0/CfSWAm/ZXVmZW1pYS5sZW50aW5pQGRqb2dsb2JhbC5jb20=
IP
52.0.248.145:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /campaign/click?qDomYmsgId=d738c6bd137e6a03157c6c728cbc659e734fc398&test=false&target=jerfm.com/gkvd/hGhk/befb03e274dfd25d4255e84468727cd0/CfSWAm/ZXVmZW1pYS5sZW50aW5pQGRqb2dsb2JhbC5jb20= HTTP/1.1
Host: tracker.club-os.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 303 See Other
date: Tue, 16 Apr 2024 07:34:08 GMT
content-length: 0
location: http://jerfm.com/gkvd/hGhk/befb03e274dfd25d4255e84468727cd0/CfSWAm/ZXVmZW1pYS5sZW50aW5pQGRqb2dsb2JhbC5jb20=
server: Apache/2.4.57 () OpenSSL/1.0.2k-fips
X-Firefox-Spdy: h2

jerfm.com/gkvd/hGhk/befb03e274dfd25d4255e84468727cd0/CfSWAm/ZXVmZW1pYS5sZW50aW5pQGRqb2dsb2JhbC5jb20=

192.99.71.92

316 B

URL
jerfm.com/gkvd/hGhk/befb03e274dfd25d4255e84468727cd0/CfSWAm/ZXVmZW1pYS5sZW50aW5pQGRqb2dsb2JhbC5jb20=
IP
192.99.71.92:0
ASN
#16276 OVH SAS

File type
HTML document, ASCII text
Size
316 B (316 bytes)
Hash
ebc9a23ddb415682f0c38308269a3bea
2baf7e766f1440d1b0119806be91c11e3e673aea
4abfdbb7eb2b20aa6f5e6bfb7f848c69495fe02b93bab2d044e3994e5a095463

HTTP Headers

GET /gkvd/hGhk/befb03e274dfd25d4255e84468727cd0/CfSWAm/ZXVmZW1pYS5sZW50aW5pQGRqb2dsb2JhbC5jb20= HTTP/1.1
Host: jerfm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Tue, 16 Apr 2024 07:34:08 GMT
Server: Apache
Location: https://jerfm.com/gkvd/hGhk/befb03e274dfd25d4255e84468727cd0/CfSWAm/ZXVmZW1pYS5sZW50aW5pQGRqb2dsb2JhbC5jb20=
Content-Length: 316
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

jerfm.com/gkvd/hGhk/befb03e274dfd25d4255e84468727cd0/CfSWAm/ZXVmZW1pYS5sZW50aW5pQGRqb2dsb2JhbC5jb20=

192.99.71.92

0 B

URL
jerfm.com/gkvd/hGhk/befb03e274dfd25d4255e84468727cd0/CfSWAm/ZXVmZW1pYS5sZW50aW5pQGRqb2dsb2JhbC5jb20=
IP
192.99.71.92:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /gkvd/hGhk/befb03e274dfd25d4255e84468727cd0/CfSWAm/ZXVmZW1pYS5sZW50aW5pQGRqb2dsb2JhbC5jb20= HTTP/1.1
Host: jerfm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 07:34:08 GMT
Server: Apache
refresh: 0;url=https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=eufemia.lentini@djoglobal.com
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback

104.17.2.184

0 B

URL
challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Tue, 16 Apr 2024 07:34:09 GMT
content-length: 0
cache-control: max-age=300, public
access-control-allow-origin: *
location: /turnstile/v0/b/bcc5fb0a8815/api.js?onload=onloadTurnstileCallback
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 87527dc3cd4e5695-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ql36i/0x4AAAAAAAW-lbDQI7I0Z-Zf/auto/normal

104.17.2.184

24 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ql36i/0x4AAAAAAAW-lbDQI7I0Z-Zf/auto/normal
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (41919)
Size
24 kB (24139 bytes)
Hash
660722e3f216f547e7e7b68832b94aa5
2931b103d2facc61efc386e041905848c0aa1898
1ed61dcd994cefd5ff1e31c42a130a9dbb1895c4620f43a2e315e90f0295bceb

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ql36i/0x4AAAAAAAW-lbDQI7I0Z-Zf/auto/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 07:34:09 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
document-policy: js-profiling
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare
cf-ray: 87527dc48ddd568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/625521429:1713249297:bIBIcTQZruBfqETFbuwRvZkHXcB4pP0tKzSYoMlzZKw/87527dc48ddd568b/dbb7e45fa5c385e

104.17.2.184

25 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/625521429:1713249297:bIBIcTQZruBfqETFbuwRvZkHXcB4pP0tKzSYoMlzZKw/87527dc48ddd568b/dbb7e45fa5c385e
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (22544), with no line terminators
Size
25 kB (24568 bytes)
Hash
578a1f907ae544851c8e99c998c7450d
5c41f292df15405ff2cfa512ad5e49c8e54bf696
8f55fa2a6ec6a842bc1e63cae65cc958d7811954c79d018786f524db973dcf6f

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/625521429:1713249297:bIBIcTQZruBfqETFbuwRvZkHXcB4pP0tKzSYoMlzZKw/87527dc48ddd568b/dbb7e45fa5c385e HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ql36i/0x4AAAAAAAW-lbDQI7I0Z-Zf/auto/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: dbb7e45fa5c385e
Content-Length: 25800
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 07:34:11 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: 2otBs+PrEBLPgF/+hhofnzcwHWIddqwVftn3ThoYIbFMZEIOAPhRzGLKGKLW64SI$vKwIHC7ry75jhtG7rDqfcA==
server: cloudflare
cf-ray: 87527dcfeb1a568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87527dc48ddd568b

104.17.2.184

119 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87527dc48ddd568b
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
119 kB (118910 bytes)
Hash
95e74b797763298974960d3c8c396c13
77e14fa4d0e16c71f533093a33eb07034202945d
c820ddbf9e391dca175f5c95d1b98d1b81e80f7628e4a8d93fe557845bc69b32

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87527dc48ddd568b HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ql36i/0x4AAAAAAAW-lbDQI7I0Z-Zf/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 07:34:09 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
server: cloudflare
cf-ray: 87527dc4eeab568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

legacywhf.com/?qrc=eufemia.lentini%40djoglobal.com

5.230.40.9

0 B

URL GET
legacywhf.com/?qrc=eufemia.lentini%40djoglobal.com
IP
5.230.40.9:0
ASN
#12586 GHOSTnet GmbH

Requested by
https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=eufemia.lentini@djoglobal.com

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /?qrc=eufemia.lentini%40djoglobal.com HTTP/1.1
Host: legacywhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=wNTOV09sAjPz; qPdM.sig=MvYUWkgkmHj3CXBgHavJ8UzpvAc
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache
Pragma: no-cache
Location: https://legacywhf.com/owa/?login_hint=eufemia.lentini%40djoglobal.com
Server: Microsoft-IIS/10.0
request-id: cf25eff4-136f-9c33-632c-3bfb895306ff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-FEServer: FR0P281CA0076, FR0P281CA0076
X-RequestId: 05ecff55-67f8-4f1c-a82f-43bc551a923c
X-FEProxyInfo: FR0P281CA0076.DEUP281.PROD.OUTLOOK.COM
X-FEEFZInfo: HHN
MS-CV: 9O8lz28TM5xjLDv7iVMG/w.0
X-Powered-By: ASP.NET
Date: Tue, 16 Apr 2024 07:34:29 GMT
Connection: close
Content-Length: 0
Content-Security-Policy: default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

legacywhf.com/owa/?login_hint=eufemia.lentini%40djoglobal.com

5.230.40.9

1.4 kB

URL GET
legacywhf.com/owa/?login_hint=eufemia.lentini%40djoglobal.com
IP
5.230.40.9:0
ASN
#12586 GHOSTnet GmbH

Requested by
https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=eufemia.lentini@djoglobal.com

File type
HTML document, ASCII text, with very long lines (794), with CRLF, LF line terminators
Size
1.4 kB (1374 bytes)
Hash
fe203e0b1ddd2671fc8450ade3bb1a0a
c9586d18f84c7b6024a5807db490765053f8e337
aaec2e5f25f05b77b5d8150cb37aa30ecfd7c2e9e36d81955e03a68057de9c99

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /owa/?login_hint=eufemia.lentini%40djoglobal.com HTTP/1.1
Host: legacywhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=wNTOV09sAjPz; qPdM.sig=MvYUWkgkmHj3CXBgHavJ8UzpvAc
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
content-length: 1374
Content-Type: text/html; charset=utf-8
Location: https://legacywhf.com/?626386rqs=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1ldWZlbWlhLmxlbnRpbmklNDBkam9nbG9iYWwuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTNkNWMyNzZkLWRhMWItNjFmNy1iZDdkLThhODk2OWQzNGZmZCZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg0ODg0OTY3MDExNTA1OTUuYjg1MTA0ZmYtMjlhNy00NTExLTk0ZTktZjlmNzE5YWNhZTgxJnN0YXRlPURjdEJFc0lnREVCUjBMTzRoQ1lhQ2xrNEhzVkphNmc0RkRaMXZMNHMzdDk5YTR3NUQ2ZkJ3b2lKOHkxUlNzUnpCTVFBZ1lOZlVrQ2duTjJWSlRvS2lJNUoyV1hPRVZsVzBZUjJ2REQxbjB5UDJyZlNudV9TanJ0LXMtNUZmTlYybEZZdUJLOVAzMnBmcFBxMTczOA==
Server: Microsoft-IIS/10.0
request-id: 3d5c276d-da1b-61f7-bd7d-8a8969d34ffd
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Alt-Svc: h3=":443";ma=2592000,h3-29=":443";ma=2592000
X-CalculatedFETarget: BE1P281CU009.internal.outlook.com
X-BackEndHttpStatus: 302, 302
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: ClientId=A504FFFDAAC944628B0CBC20E9B60BAA; expires=Wed, 16-Apr-2025 07:34:30 GMT; path=/;SameSite=None; secure
ClientId=A504FFFDAAC944628B0CBC20E9B60BAA; expires=Wed, 16-Apr-2025 07:34:30 GMT; path=/;SameSite=None; secure
OIDC=1; expires=Wed, 16-Oct-2024 07:34:30 GMT; path=/;SameSite=None; secure; HttpOnly
RoutingKeyCookie=; expires=Sat, 16-Apr-1994 07:34:30 GMT; path=/; secure
OpenIdConnect.token.v1=; expires=Sat, 16-Apr-1994 07:34:30 GMT; path=/; secure
OpenIdConnect.token.v1=; domain=legacywhf.com; expires=Sat, 16-Apr-1994 07:34:30 GMT; path=/; secure
OpenIdConnect.id_token.v1=; expires=Sat, 16-Apr-1994 07:34:30 GMT; path=/; secure
OpenIdConnect.code.v1=; expires=Sat, 16-Apr-1994 07:34:30 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; expires=Sat, 16-Apr-1994 07:34:30 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; expires=Sat, 16-Apr-1994 07:34:30 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; expires=Sat, 16-Apr-1994 07:34:30 GMT; path=/; secure
OpenIdConnect.id_token.v1=; domain=legacywhf.com; expires=Sat, 16-Apr-1994 07:34:30 GMT; path=/; secure
OpenIdConnect.code.v1=; domain=legacywhf.com; expires=Sat, 16-Apr-1994 07:34:30 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; domain=legacywhf.com; expires=Sat, 16-Apr-1994 07:34:30 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; domain=legacywhf.com; expires=Sat, 16-Apr-1994 07:34:30 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; domain=legacywhf.com; expires=Sat, 16-Apr-1994 07:34:30 GMT; path=/; secure
OpenIdConnect.nonce.v3.580qiT1zGnF6fXz-C1ehHMblwhjkQ1cpt-qaryThhmo=638488496701150595.b85104ff-29a7-4511-94e9-f9f719acae81; expires=Tue, 16-Apr-2024 08:34:30 GMT; path=/;SameSite=None; secure; HttpOnly
HostSwitchPrg=; expires=Sat, 16-Apr-1994 07:34:30 GMT; path=/; secure
OptInPrg=; expires=Sat, 16-Apr-1994 07:34:30 GMT; path=/; secure
SuiteServiceProxyKey=; expires=Sat, 16-Apr-1994 07:34:30 GMT; path=/; secure
ClientId=A504FFFDAAC944628B0CBC20E9B60BAA; expires=Wed, 16-Apr-2025 07:34:30 GMT; path=/;SameSite=None; secure
OIDC=1; expires=Wed, 16-Oct-2024 07:34:30 GMT; path=/;SameSite=None; secure; HttpOnly
RoutingKeyCookie=; expires=Sat, 16-Apr-1994 07:34:30 GMT; path=/; secure
OpenIdConnect.token.v1=; expires=Sat, 16-Apr-1994 07:34:30 GMT; path=/; secure
OpenIdConnect.token.v1=; domain=legacywhf.com; expires=Sat, 16-Apr-1994 07:34:30 GMT; path=/; secure
OpenIdConnect.id_token.v1=; expires=Sat, 16-Apr-1994 07:34:30 GMT; path=/; secure
OpenIdConnect.code.v1=; expires=Sat, 16-Apr-1994 07:34:30 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; expires=Sat, 16-Apr-1994 07:34:30 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; expires=Sat, 16-Apr-1994 07:34:30 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; expires=Sat, 16-Apr-1994 07:34:30 GMT; path=/; secure
OpenIdConnect.id_token.v1=; domain=legacywhf.com; expires=Sat, 16-Apr-1994 07:34:30 GMT; path=/; secure
OpenIdConnect.code.v1=; domain=legacywhf.com; expires=Sat, 16-Apr-1994 07:34:30 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; domain=legacywhf.com; expires=Sat, 16-Apr-1994 07:34:30 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; domain=legacywhf.com; expires=Sat, 16-Apr-1994 07:34:30 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; domain=legacywhf.com; expires=Sat, 16-Apr-1994 07:34:30 GMT; path=/; secure
OpenIdConnect.nonce.v3.580qiT1zGnF6fXz-C1ehHMblwhjkQ1cpt-qaryThhmo=638488496701150595.b85104ff-29a7-4511-94e9-f9f719acae81; expires=Tue, 16-Apr-2024 08:34:30 GMT; path=/;SameSite=None; secure; HttpOnly
HostSwitchPrg=; expires=Sat, 16-Apr-1994 07:34:30 GMT; path=/; secure
OptInPrg=; expires=Sat, 16-Apr-1994 07:34:30 GMT; path=/; secure
SuiteServiceProxyKey=; expires=Sat, 16-Apr-1994 07:34:30 GMT; path=/; secure
X-OWA-RedirectHistory=ArLym14Bg5ULp-dd3Ag; expires=Tue, 16-Apr-2024 13:36:30 GMT; path=/;SameSite=None; secure; HttpOnly
X-CalculatedBETarget: BE1P281MB1489.DEUP281.PROD.OUTLOOK.COM
X-RUM-Validated: 1
X-RUM-NotUpdateQueriedPath: 1
X-RUM-NotUpdateQueriedDbCopy: 1
X-BeSku: WCS7
X-OWA-DiagnosticsInfo: 2;0;0
X-IIDs: 0
X-BackEnd-Begin: 2024-04-16T07:34:30.115
X-BackEnd-End: 2024-04-16T07:34:30.115
X-DiagInfo: BE1P281MB1489
X-BEServer: BE1P281MB1489
X-UA-Compatible: IE=EmulateIE7
X-Proxy-RoutingCorrectness: 1
X-Proxy-BackendServerStatus: 302
X-FEProxyInfo: FR0P281CA0078.DEUP281.PROD.OUTLOOK.COM
X-FEEFZInfo: HHN
X-FEServer: BE1P281CA0089, FR0P281CA0078
NEL: {"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
X-FirstHopCafeEFZ: HHN
Date: Tue, 16 Apr 2024 07:34:30 GMT
Connection: close
Content-Security-Policy: default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

legacywhf.com/?626386rqs=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1ldWZlbWlhLmxlbnRpbmklNDBkam9nbG9iYWwuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTNkNWMyNzZkLWRhMWItNjFmNy1iZDdkLThhODk2OWQzNGZmZCZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg0ODg0OTY3MDExNTA1OTUuYjg1MTA0ZmYtMjlhNy00NTExLTk0ZTktZjlmNzE5YWNhZTgxJnN0YXRlPURjdEJFc0lnREVCUjBMTzRoQ1lhQ2xrNEhzVkphNmc0RkRaMXZMNHMzdDk5YTR3NUQ2ZkJ3b2lKOHkxUlNzUnpCTVFBZ1lOZlVrQ2duTjJWSlRvS2lJNUoyV1hPRVZsVzBZUjJ2REQxbjB5UDJyZlNudV9TanJ0LXMtNUZmTlYybEZZdUJLOVAzMnBmcFBxMTczOA==

0.0.0.0

0 B

URL GET
legacywhf.com/?626386rqs=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1ldWZlbWlhLmxlbnRpbmklNDBkam9nbG9iYWwuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTNkNWMyNzZkLWRhMWItNjFmNy1iZDdkLThhODk2OWQzNGZmZCZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg0ODg0OTY3MDExNTA1OTUuYjg1MTA0ZmYtMjlhNy00NTExLTk0ZTktZjlmNzE5YWNhZTgxJnN0YXRlPURjdEJFc0lnREVCUjBMTzRoQ1lhQ2xrNEhzVkphNmc0RkRaMXZMNHMzdDk5YTR3NUQ2ZkJ3b2lKOHkxUlNzUnpCTVFBZ1lOZlVrQ2duTjJWSlRvS2lJNUoyV1hPRVZsVzBZUjJ2REQxbjB5UDJyZlNudV9TanJ0LXMtNUZmTlYybEZZdUJLOVAzMnBmcFBxMTczOA==
IP
0.0.0.0:0
ASN
#0

Requested by
https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=eufemia.lentini@djoglobal.com

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /?626386rqs=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1ldWZlbWlhLmxlbnRpbmklNDBkam9nbG9iYWwuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTNkNWMyNzZkLWRhMWItNjFmNy1iZDdkLThhODk2OWQzNGZmZCZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg0ODg0OTY3MDExNTA1OTUuYjg1MTA0ZmYtMjlhNy00NTExLTk0ZTktZjlmNzE5YWNhZTgxJnN0YXRlPURjdEJFc0lnREVCUjBMTzRoQ1lhQ2xrNEhzVkphNmc0RkRaMXZMNHMzdDk5YTR3NUQ2ZkJ3b2lKOHkxUlNzUnpCTVFBZ1lOZlVrQ2duTjJWSlRvS2lJNUoyV1hPRVZsVzBZUjJ2REQxbjB5UDJyZlNudV9TanJ0LXMtNUZmTlYybEZZdUJLOVAzMnBmcFBxMTczOA== HTTP/1.1
Host: legacywhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=wNTOV09sAjPz; qPdM.sig=MvYUWkgkmHj3CXBgHavJ8UzpvAc; ClientId=A504FFFDAAC944628B0CBC20E9B60BAA; OIDC=1; OpenIdConnect.nonce.v3.580qiT1zGnF6fXz-C1ehHMblwhjkQ1cpt-qaryThhmo=638488496701150595.b85104ff-29a7-4511-94e9-f9f719acae81; X-OWA-RedirectHistory=ArLym14Bg5ULp-dd3Ag
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

legacywhf.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2xlZ2FjeXdoZi5jb20iLCJkb21haW4iOiJsZWdhY3l3aGYuY29tIiwia2V5Ijoid05UT1YwOXNBalB6IiwicXJjIjoiZXVmZW1pYS5sZW50aW5pQGRqb2dsb2JhbC5jb20iLCJpYXQiOjE3MTMyNTI4NjksImV4cCI6MTcxMzI1Mjk4OX0.9ZC5itmwMYbSLDKQ_8dF4ehDaUQgbyTdTRcgI_vcdek

0.0.0.0

0 B

URL GET
legacywhf.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2xlZ2FjeXdoZi5jb20iLCJkb21haW4iOiJsZWdhY3l3aGYuY29tIiwia2V5Ijoid05UT1YwOXNBalB6IiwicXJjIjoiZXVmZW1pYS5sZW50aW5pQGRqb2dsb2JhbC5jb20iLCJpYXQiOjE3MTMyNTI4NjksImV4cCI6MTcxMzI1Mjk4OX0.9ZC5itmwMYbSLDKQ_8dF4ehDaUQgbyTdTRcgI_vcdek
IP
0.0.0.0:0
ASN
#0

Requested by
https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=eufemia.lentini@djoglobal.com

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2xlZ2FjeXdoZi5jb20iLCJkb21haW4iOiJsZWdhY3l3aGYuY29tIiwia2V5Ijoid05UT1YwOXNBalB6IiwicXJjIjoiZXVmZW1pYS5sZW50aW5pQGRqb2dsb2JhbC5jb20iLCJpYXQiOjE3MTMyNTI4NjksImV4cCI6MTcxMzI1Mjk4OX0.9ZC5itmwMYbSLDKQ_8dF4ehDaUQgbyTdTRcgI_vcdek HTTP/1.1
Host: legacywhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Set-Cookie: qPdM=wNTOV09sAjPz; path=/; samesite=none; secure; httponly
qPdM.sig=MvYUWkgkmHj3CXBgHavJ8UzpvAc; path=/; samesite=none; secure; httponly
location: /?qrc=eufemia.lentini%40djoglobal.com
Date: Tue, 16 Apr 2024 07:34:29 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked

94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=eufemia.lentini@djoglobal.com

104.21.88.101

200 OK

1.2 kB

URL User Request POST HTTP/3
94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=eufemia.lentini@djoglobal.com
IP
104.21.88.101:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subject58598891ef09ac737cee0cf3.workers.dev
FingerprintD0:7E:0D:A9:25:22:78:7A:45:69:2E:89:48:E8:33:A8:4A:15:BD:DF
ValidityFri, 12 Apr 2024 13:36:58 GMT - Thu, 11 Jul 2024 13:36:57 GMT

File type
HTML document, ASCII text, with very long lines (1183), with no line terminators
Size
1.2 kB (1163 bytes)
Hash
78836a83272c65b49cd458643907c3c4
f68da7522ec73d97de865b7a3f5a6a6043d0a407
7674f2146758b39c87963b57cb263e1dae66d9033f59317271742ad39fcc861c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook
OpenPhish	phishing	Office365

HTTP Headers

POST /?qrc=eufemia.lentini@djoglobal.com HTTP/1.1
Host: 94e6f5a7.58598891ef09ac737cee0cf3.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 582
Origin: https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev
DNT: 1
Connection: keep-alive
Referer: https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=eufemia.lentini@djoglobal.com
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 07:34:29 GMT
content-type: text/html;
status: 200
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bqIVujv36%2FI%2BBxQ6K3Klolzl5ab7bkdvWmhE9v18LuoSgr73D5tqVlpO3xGapefPgc1mvukMBgEXNP09a%2F5IN5mcp17MoaK5hdENJzmF%2BdR7nQpAw6EVYTiFbZCeT5Hd7SB%2F74V0MDq6a%2FI%2BoM3VtFRs2EKlXmB21lfpzFVmeuY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87527e3f7bfb56ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/favicon.ico

104.21.88.101

200 OK

3.3 kB

URL GET HTTP/3
94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/favicon.ico
IP
104.21.88.101:443
ASN
#13335 CLOUDFLARENET

Requested by
https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=eufemia.lentini@djoglobal.com
Certificate
IssuerGoogle Trust Services LLC
Subject58598891ef09ac737cee0cf3.workers.dev
FingerprintD0:7E:0D:A9:25:22:78:7A:45:69:2E:89:48:E8:33:A8:4A:15:BD:DF
ValidityFri, 12 Apr 2024 13:36:58 GMT - Thu, 11 Jul 2024 13:36:57 GMT

File type
HTML document, ASCII text, with very long lines (3271), with no line terminators
Size
3.3 kB (3255 bytes)
Hash
47234cb372fd223e370a6bf1c38942d1
06d24783cdd2b5206b9e5ab999519ebdd4abc656
7920553c5a5aa9de58ebe3934c2759bab7c7bc30ba35a6949cc6ed8a8c7158f4

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Office365

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 94e6f5a7.58598891ef09ac737cee0cf3.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=eufemia.lentini@djoglobal.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 07:34:29 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GTqohN7J1%2F%2FATvxKBd0JRvEvwsoUVOJpMRA6x2KQ4DUcz01b9uWYXoTCAch1G9bYdCqQ0LY3YfR9RUrV%2BErBb3UY6OC%2BsmEwBOEPdAzddlWD3k1djH05XGYQCCGLPe5nke60iX3SREXcEyWQ3s%2FTzzfCMDTiepJAubHoPqJ8g%2FA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87527e436a1156ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (37)

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash