Report - twinssupplies.com/zt/asdf/aGF5bmVzQG1mcy50ZWFt

Report Overview

Visited public
2024-01-26 16:18:13
Tags
phishing microsoft outlook
URL
twinssupplies.com/zt/asdf/aGF5bmVzQG1mcy50ZWFt
Finishing URL
stingrayltd.com/lo/ginofieezzoffosinnicrosoftonline/offize-bus/uill6mf7vxznzn5tkmilop4zcoc6zdjsykj53vasm7hppbq7lnra4paX5hf1vluW9mpiFufzInC9kaZYUnu6gkz52vDD61xBx3/?cfg=haynes@mfs.team
IP / ASN
174.136.25.26
#36024 AS-TIERP-36024
Title
Sign in to your account
Phishing - Microsoft Outlook

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
aadcdn.msauth.net	1421	2018-10-25	2018-11-19 11:50:03	2024-01-26 05:17:47	1.0 kB	22 kB	13.107.246.53
aadcdn.msauthimages.net	4795	2018-11-12	2019-08-14 20:34:06	2024-01-26 06:19:02	1.1 kB	269 kB	152.199.21.175
twinssupplies.com	unknown	2022-02-18	2022-02-18 18:52:03	2023-11-29 14:26:01	500 B	553 B	174.136.25.26
stingrayltd.com	unknown	2013-12-16	2015-05-22 05:06:25	2024-01-24 01:44:50	636 B	6.3 kB	206.217.202.60
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2024-01-26 07:29:41	876 B	58 kB	104.17.25.14
outlook.office.com	77	1999-04-20	2018-12-21 07:32:30	2019-01-03 14:22:22	430 B	8.9 kB	40.99.215.98
bc1qg8gkjr7lny2wynvd9cfkgrq99n6y95.com	unknown	2024-01-17	2024-01-17 19:47:59	2024-01-23 22:32:48	1.1 kB	16 kB	193.222.96.132
aadcdn.msftauth.net	1455	2018-10-25	2018-11-19 11:50:32	2024-01-26 05:17:46	994 B	38 kB	152.199.23.37

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-01-26	medium	bc1qg8gkjr7lny2wynvd9cfkgrq99n6y95.com	Sinkholed
2024-01-26	medium	bc1qg8gkjr7lny2wynvd9cfkgrq99n6y95.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js	ScriptElement	90 kB	2023-03-07	2025-05-18
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-18 02:54 Times Seen207047 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	stingrayltd.com/lo/ginofieezzoffosinnicrosoftonline/offize-bus/uill6mf7vxznzn5tkmilop4zcoc6zdjsykj53vasm7hppbq7lnra4paX5hf1vluW9mpiFufzInC9kaZYUnu6gkz52vDD61xBx3/?cfg=haynes@mfs.team	ScriptElement	5.5 kB	2024-08-20	2024-08-20
Pretty URL stingrayltd.com/lo/ginofieezzoffosinnicrosoftonline/offize-bus/uill6mf7vxznzn5tkmilop4zcoc6zdjsykj53vasm7hppbq7lnra4paX5hf1vluW9mpiFufzInC9kaZYUnu6gkz52vDD61xBx3/?cfg=haynes@mfs.team IP 206.217.202.60 ASN #13213 UK-2 Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 11:00 Last Seen2024-08-20 11:00 Times Seen50 Hash 241ec6a6442e6a48616f72829e372e57 12adf3fda5ae7afc76a3567c9e10ac7b0fa43a32 f01f40e39151fecc94e237a88b9ff577c1b341a7d495d89c5f1e4a88aee1cd6a Loading...

	unknown	ScriptElement	6.5 kB	2024-08-20	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 11:00 Last Seen2024-08-20 11:00 Times Seen1 Hash b3d69382c7475ae0b7b6f4435c7fdbf8 1ef07dabe076742146f1223bc70cb476788ae26e e0c623dde6e9e94d5050c31cbdec9722462ca00604043eaad49505dd74b69ba4 Loading...

		Size	First Seen	Last Seen
	#1 Write - 87fa54f4b3da9f1f986122ce88877347	15 kB	2024-08-20 11:00	2024-08-20 11:00
Pretty Observations First Seen2024-08-20 11:00 Last Seen2024-08-20 11:00 Times Seen1 Hash 87fa54f4b3da9f1f986122ce88877347 41623d991eeac5a3c74e3301ef028ab4b57de066 0f16a518d1a84bae0560b2e01d9bdd75021091ca6a48943149784e4715f0350a Loading...

HTTP Transactions (13)

URL IP Response Size

twinssupplies.com/zt/asdf/aGF5bmVzQG1mcy50ZWFt

174.136.25.26

0 B

URL
twinssupplies.com/zt/asdf/aGF5bmVzQG1mcy50ZWFt
IP
174.136.25.26:0
ASN
#36024 AS-TIERP-36024

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /zt/asdf/aGF5bmVzQG1mcy50ZWFt HTTP/1.1
Host: twinssupplies.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-powered-by: PHP/7.4.33
refresh: 0;url=https://stingrayltd.com/lo/ginofieezzoffosinnicrosoftonline/offize-bus/uill6mf7vxznzn5tkmilop4zcoc6zdjsykj53vasm7hppbq7lnra4paX5hf1vluW9mpiFufzInC9kaZYUnu6gkz52vDD61xBx3/?cfg=haynes@mfs.team
strict-transport-security: max-age=31536000
x-xss-protection: 1
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
referrer-policy: no-referrer-when-downgrade
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 26 Jan 2024 16:17:47 GMT
server: Apache
X-Firefox-Spdy: h2

stingrayltd.com/lo/ginofieezzoffosinnicrosoftonline/offize-bus/uill6mf7vxznzn5tkmilop4zcoc6zdjsykj53vasm7hppbq7lnra4paX5hf1vluW9mpiFufzInC9kaZYUnu6gkz52vDD61xBx3/?cfg=haynes@mfs.team

206.217.202.60

200 OK

6.0 kB

URL User Request GET HTTP/2
stingrayltd.com/lo/ginofieezzoffosinnicrosoftonline/offize-bus/uill6mf7vxznzn5tkmilop4zcoc6zdjsykj53vasm7hppbq7lnra4paX5hf1vluW9mpiFufzInC9kaZYUnu6gkz52vDD61xBx3/?cfg=haynes@mfs.team
IP
206.217.202.60:443
ASN
#13213 UK-2 Limited

Certificate
IssuerLet's Encrypt
Subjectstingrayltd.com
Fingerprint9C:D2:9F:EA:25:07:8F:94:10:35:31:D2:CD:34:9E:F3:48:F7:A1:D2
ValidityWed, 03 Jan 2024 07:44:02 GMT - Tue, 02 Apr 2024 07:44:01 GMT

File type
HTML document, ASCII text, with very long lines (5505), with CRLF line terminators
Size
6.0 kB (5967 bytes)
Hash
98a1d190b5b5e107b65703a545ac9415
a118ccdb4f7e0701a2b77abd713a7c0f931207d8
94bc5777bca02a304e1a2e69ba7f39f61e94dc489909a35e3d19f448b9f6867f

HTTP Headers

GET /lo/ginofieezzoffosinnicrosoftonline/offize-bus/uill6mf7vxznzn5tkmilop4zcoc6zdjsykj53vasm7hppbq7lnra4paX5hf1vluW9mpiFufzInC9kaZYUnu6gkz52vDD61xBx3/?cfg=haynes@mfs.team HTTP/1.1
Host: stingrayltd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html
content-encoding: br
last-modified: Fri, 26 Jan 2024 16:08:16 GMT
accept-ranges: bytes
etag: "098c7de7150da1:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin
date: Fri, 26 Jan 2024 16:17:47 GMT
content-length: 5967
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

104.17.25.14

200 OK

28 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://stingrayltd.com/lo/ginofieezzoffosinnicrosoftonline/offize-bus/uill6mf7vxznzn5tkmilop4zcoc6zdjsykj53vasm7hppbq7lnra4paX5hf1vluW9mpiFufzInC9kaZYUnu6gkz52vDD61xBx3/?cfg=haynes@mfs.team
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
28 kB (27938 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://stingrayltd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Jan 2024 16:17:48 GMT
content-type: application/javascript; charset=utf-8
content-length: 27938
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "603e8adc-15d9d"
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 5393566
expires: Wed, 15 Jan 2025 16:17:48 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=96prE864sgpZreFiHFycOAAECHq1eVEXXbyWpsY8OLI6EmjlrlXB7XuhAJd2fLC1bwIWDT3YLD3x66sFOSmgar3XtTqj4Kcy2Q6Isgx2Lee1Lg0WJzChBQtWGvimhUAgu70vafK5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 84ba1175292ab518-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

outlook.office.com/mail/favicon.ico

40.99.215.98

200 OK

7.9 kB

URL GET HTTP/2
outlook.office.com/mail/favicon.ico
IP
40.99.215.98:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://stingrayltd.com/lo/ginofieezzoffosinnicrosoftonline/offize-bus/uill6mf7vxznzn5tkmilop4zcoc6zdjsykj53vasm7hppbq7lnra4paX5hf1vluW9mpiFufzInC9kaZYUnu6gkz52vDD61xBx3/?cfg=haynes@mfs.team
Certificate
IssuerDigiCert Inc
Subjectoutlook.com
Fingerprint36:18:F1:AE:4C:1B:9A:B4:43:F1:6E:82:31:48:81:81:E3:2E:45:09
ValidityTue, 31 Oct 2023 00:00:00 GMT - Wed, 30 Oct 2024 23:59:59 GMT

File type
MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
Size
7.9 kB (7886 bytes)
Hash
ac16fa7fc862073b02acd1187fc6def4
f2b9a6255f6293000f30eee272abdd372a14e9d3
e35d94b76894d6eca96ff5b1a12d94dfe73485ef3c52cb5b4395be8ffac1cb45

HTTP Headers

GET /mail/favicon.ico HTTP/1.1
Host: outlook.office.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://stingrayltd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-length: 7886
content-type: image/x-icon
last-modified: Thu, 18 Jan 2024 19:15:20 GMT
accept-ranges: bytes
etag: "1da4a42ad800ace"
server: Microsoft-IIS/10.0
request-id: f68eb426-1a19-69db-9bcf-2fadd0c3bf13
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443",h3-29=":443"
x-preferredroutingkeydiagnostics: 0
x-calculatedfetarget: SV0P279CU001.internal.outlook.com
x-calculatedbetarget: SV0P279MB0561.NORP279.PROD.OUTLOOK.COM
x-backendhttpstatus: 200, 200
x-besku: UNKNOWN
x-rum-validated: 1
x-rum-notupdatequeriedpath: 1
x-rum-notupdatequerieddbcopy: 1
x-proxy-routingcorrectness: 1
x-proxy-backendserverstatus: 200
x-bepartition: Clique/CLNORP279SVG00
x-feproxyinfo: OS6P279CA0079.NORP279.PROD.OUTLOOK.COM
x-feefzinfo: OSL
ms-cv: JrSO9hka22mbzy+t0MO/Ew.1.1
x-firsthopcafeefz: OSL
x-powered-by: ASP.NET
x-feserver: SV0P279CA0017, OS6P279CA0079
date: Fri, 26 Jan 2024 16:17:47 GMT
X-Firefox-Spdy: h2

bc1qg8gkjr7lny2wynvd9cfkgrq99n6y95.com/api/v3/auth

193.222.96.132

200 OK

2 B

URL OPTIONS HTTP/1.1
bc1qg8gkjr7lny2wynvd9cfkgrq99n6y95.com/api/v3/auth
IP
193.222.96.132:443
ASN
#397373 H4Y-TECHNOLOGIES

Requested by
https://stingrayltd.com/lo/ginofieezzoffosinnicrosoftonline/offize-bus/uill6mf7vxznzn5tkmilop4zcoc6zdjsykj53vasm7hppbq7lnra4paX5hf1vluW9mpiFufzInC9kaZYUnu6gkz52vDD61xBx3/?cfg=haynes@mfs.team
Certificate
IssuerLet's Encrypt
Subjectbc1qg8gkjr7lny2wynvd9cfkgrq99n6y95.com
FingerprintD1:F3:2C:97:2D:CF:E8:B6:07:22:99:A1:51:FD:7C:6B:01:8D:25:99
ValidityWed, 17 Jan 2024 17:46:20 GMT - Tue, 16 Apr 2024 17:46:19 GMT

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /api/v3/auth HTTP/1.1
Host: bc1qg8gkjr7lny2wynvd9cfkgrq99n6y95.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://stingrayltd.com/
Origin: https://stingrayltd.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Fri, 26 Jan 2024 16:17:50 GMT
server: uvicorn
vary: Origin
access-control-allow-methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
access-control-max-age: 600
access-control-allow-credentials: true
access-control-allow-origin: https://stingrayltd.com
access-control-allow-headers: content-type
content-length: 2
content-type: text/plain; charset=utf-8

bc1qg8gkjr7lny2wynvd9cfkgrq99n6y95.com/api/v3/auth

193.222.96.132

200 OK

16 kB

URL OPTIONS HTTP/1.1
bc1qg8gkjr7lny2wynvd9cfkgrq99n6y95.com/api/v3/auth
IP
193.222.96.132:443
ASN
#397373 H4Y-TECHNOLOGIES

Requested by
https://stingrayltd.com/lo/ginofieezzoffosinnicrosoftonline/offize-bus/uill6mf7vxznzn5tkmilop4zcoc6zdjsykj53vasm7hppbq7lnra4paX5hf1vluW9mpiFufzInC9kaZYUnu6gkz52vDD61xBx3/?cfg=haynes@mfs.team
Certificate
IssuerLet's Encrypt
Subjectbc1qg8gkjr7lny2wynvd9cfkgrq99n6y95.com
FingerprintD1:F3:2C:97:2D:CF:E8:B6:07:22:99:A1:51:FD:7C:6B:01:8D:25:99
ValidityWed, 17 Jan 2024 17:46:20 GMT - Tue, 16 Apr 2024 17:46:19 GMT

File type
JSON text data
Size
16 kB (15494 bytes)
Hash
4e975954ba1b0961aa1d2279a6d06e74
2609a33be26ad28e853ef9245b8d533c25576317
d012227d3da454822517622f13bc8fd8ab09c8712e10bd2ca3ee215e8916b296

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /api/v3/auth HTTP/1.1
Host: bc1qg8gkjr7lny2wynvd9cfkgrq99n6y95.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 174
Origin: https://stingrayltd.com
DNT: 1
Connection: keep-alive
Referer: https://stingrayltd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Fri, 26 Jan 2024 16:17:50 GMT
server: uvicorn
content-length: 15494
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true

cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

104.17.25.14

200 OK

28 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://stingrayltd.com/lo/ginofieezzoffosinnicrosoftonline/offize-bus/uill6mf7vxznzn5tkmilop4zcoc6zdjsykj53vasm7hppbq7lnra4paX5hf1vluW9mpiFufzInC9kaZYUnu6gkz52vDD61xBx3/?cfg=haynes@mfs.team
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
28 kB (27938 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://stingrayltd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Jan 2024 16:17:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 27938
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "603e8adc-15d9d"
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 5393572
expires: Wed, 15 Jan 2025 16:17:54 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QfDx1eTCTvufGwWAAVta14TXygnCtE5RweUxv3bloTm5ZGWRHy5ZUumQ2VFUL5Uwjz4X5I1pD0nXA3s3UdldHiL45Utd49su2m8Zi5SGXHmFOOC%2BtULxxFaA1dxybYgYz81fyk2v"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 84ba11994afd7131-OSL
alt-svc: h3=":443"; ma=86400

aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_8owwt4u-33ps0wawi7tmow2.css

152.199.23.37

200 OK

20 kB

URL GET HTTP/2
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_8owwt4u-33ps0wawi7tmow2.css
IP
152.199.23.37:443
ASN
#15133 EDGECAST

Requested by
https://stingrayltd.com/lo/ginofieezzoffosinnicrosoftonline/offize-bus/uill6mf7vxznzn5tkmilop4zcoc6zdjsykj53vasm7hppbq7lnra4paX5hf1vluW9mpiFufzInC9kaZYUnu6gkz52vDD61xBx3/?cfg=haynes@mfs.team
Certificate
IssuerDigiCert Inc
Subjectaadcdn.msftauth.net
Fingerprint3C:9E:70:F5:B3:D1:80:80:8C:97:1C:7B:7E:A8:2C:D8:7B:94:95:0B
ValidityFri, 01 Dec 2023 00:00:00 GMT - Sun, 01 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (61177)
Size
20 kB (19970 bytes)
Hash
f0e5964f8bbedf73d2d3001623bb663b
aadf3504d5e5a93e678487eeb4a63398f2699341
9537f00ca371747a97a2acca388f7b2379a7fa7c59bde18c3d2621c0de8de492

HTTP Headers

GET /ests/2.1/content/cdnbundles/converged.v2.login.min_8owwt4u-33ps0wawi7tmow2.css HTTP/1.1
Host: aadcdn.msftauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://stingrayltd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
age: 15026980
cache-control: public, max-age=31536000
content-md5: 9K2/nGCj75WAmmAI9nZNCA==
content-type: text/css
date: Fri, 26 Jan 2024 16:17:54 GMT
etag: 0x8DA7650B375AC9B
last-modified: Thu, 04 Aug 2022 19:37:00 GMT
server: ECAcc (ska/F7A0)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: fa2c5f86-601e-001d-18c7-c75323000000
x-ms-version: 2009-09-19
content-length: 19970
X-Firefox-Spdy: h2

aadcdn.msauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg

13.107.246.53

200 OK

276 B

URL GET HTTP/2
aadcdn.msauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
IP
13.107.246.53:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://stingrayltd.com/lo/ginofieezzoffosinnicrosoftonline/offize-bus/uill6mf7vxznzn5tkmilop4zcoc6zdjsykj53vasm7hppbq7lnra4paX5hf1vluW9mpiFufzInC9kaZYUnu6gkz52vDD61xBx3/?cfg=haynes@mfs.team
Certificate
IssuerDigiCert Inc
Subjectaadcdn.msauth.net
Fingerprint88:95:0C:FA:9D:33:AA:BF:A4:FD:9D:84:A6:E8:02:06:58:50:AD:8C
ValiditySun, 29 Oct 2023 00:00:00 GMT - Tue, 29 Oct 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
276 B (276 bytes)
Hash
a9cc2824ef3517b6c4160dcf8ff7d410
8db9aebad84ca6e4225bfdd2458ff3821cc4f064
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58

HTTP Headers

GET /shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://stingrayltd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 26 Jan 2024 16:17:54 GMT
content-type: image/svg+xml
content-length: 276
cache-control: public, max-age=31536000
content-encoding: gzip
last-modified: Fri, 17 Jan 2020 19:28:34 GMT
etag: 0x8D79B8371B97A82
x-ms-request-id: 5fbdc0fe-001e-006b-4374-4f5046000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20240126T161754Z-dzs0gz6awx1htekn6nnvy9qh4000000000eg00000000wtf1
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_ziytf8dzt9eg1s6-ohhleg2.css

13.107.246.53

200 OK

20 kB

URL GET HTTP/2
aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_ziytf8dzt9eg1s6-ohhleg2.css
IP
13.107.246.53:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://stingrayltd.com/lo/ginofieezzoffosinnicrosoftonline/offize-bus/uill6mf7vxznzn5tkmilop4zcoc6zdjsykj53vasm7hppbq7lnra4paX5hf1vluW9mpiFufzInC9kaZYUnu6gkz52vDD61xBx3/?cfg=haynes@mfs.team
Certificate
IssuerDigiCert Inc
Subjectaadcdn.msauth.net
Fingerprint88:95:0C:FA:9D:33:AA:BF:A4:FD:9D:84:A6:E8:02:06:58:50:AD:8C
ValiditySun, 29 Oct 2023 00:00:00 GMT - Tue, 29 Oct 2024 23:59:59 GMT

File type
ASCII text, with very long lines (61177)
Size
20 kB (19953 bytes)
Hash
ce26137fc0d9b7d7a0d52ebe3a186512
b9d7fb3fe7d08f46c2d1153bb47b13809375c663
1304c5090f063c677a5b3720fe7b97ef4d9ea102e2bdd837ce399df6057fe385

HTTP Headers

GET /ests/2.1/content/cdnbundles/converged.v2.login.min_ziytf8dzt9eg1s6-ohhleg2.css HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://stingrayltd.com
DNT: 1
Connection: keep-alive
Referer: https://stingrayltd.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Jan 2024 16:17:54 GMT
content-type: text/css
content-length: 19953
cache-control: public, max-age=31536000
content-encoding: gzip
last-modified: Mon, 18 Apr 2022 21:18:26 GMT
etag: 0x8DA2180FA29F5AF
x-ms-request-id: ef4b9246-d01e-0016-456e-4f7d5d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20240126T161754Z-qcytaayybp367019ue85t16btw00000008w0000000010rp7
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico

152.199.23.37

200 OK

17 kB

URL GET HTTP/2
aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
IP
152.199.23.37:443
ASN
#15133 EDGECAST

Requested by
https://stingrayltd.com/lo/ginofieezzoffosinnicrosoftonline/offize-bus/uill6mf7vxznzn5tkmilop4zcoc6zdjsykj53vasm7hppbq7lnra4paX5hf1vluW9mpiFufzInC9kaZYUnu6gkz52vDD61xBx3/?cfg=haynes@mfs.team
Certificate
IssuerDigiCert Inc
Subjectaadcdn.msftauth.net
Fingerprint3C:9E:70:F5:B3:D1:80:80:8C:97:1C:7B:7E:A8:2C:D8:7B:94:95:0B
ValidityFri, 01 Dec 2023 00:00:00 GMT - Sun, 01 Dec 2024 23:59:59 GMT

File type
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Size
17 kB (17174 bytes)
Hash
12e3dac858061d088023b2bd48e2fa96
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

HTTP Headers

GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1
Host: aadcdn.msftauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://stingrayltd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
age: 20785366
cache-control: public, max-age=31536000
content-md5: EuPayFgGHQiAI7K9SOL6lg==
content-type: image/x-icon
date: Fri, 26 Jan 2024 16:17:54 GMT
etag: 0x8D8731240E548EB
last-modified: Sun, 18 Oct 2020 03:02:30 GMT
server: ECAcc (ska/F738)
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 003b7cc6-501e-0067-4768-9344ba000000
x-ms-version: 2009-09-19
content-length: 17174
X-Firefox-Spdy: h2

aadcdn.msauthimages.net/dbd5a2dd-yk3faclcbmsbglcdzou63a2eo9kilfwcxz-4vfcezws/logintenantbranding/0/bannerlogo?ts=637551541780306238

152.199.21.175

200 OK

6.7 kB

URL GET HTTP/2
aadcdn.msauthimages.net/dbd5a2dd-yk3faclcbmsbglcdzou63a2eo9kilfwcxz-4vfcezws/logintenantbranding/0/bannerlogo?ts=637551541780306238
IP
152.199.21.175:443
ASN
#15133 EDGECAST

Requested by
https://stingrayltd.com/lo/ginofieezzoffosinnicrosoftonline/offize-bus/uill6mf7vxznzn5tkmilop4zcoc6zdjsykj53vasm7hppbq7lnra4paX5hf1vluW9mpiFufzInC9kaZYUnu6gkz52vDD61xBx3/?cfg=haynes@mfs.team
Certificate
IssuerMicrosoft Corporation
Subjectaadcdn.msauthimages.net
Fingerprint3B:14:C7:84:64:65:A8:46:3C:B4:7E:B7:F2:A1:AF:6B:8F:EF:17:E5
ValidityThu, 11 Jan 2024 12:14:02 GMT - Sun, 05 Jan 2025 12:14:02 GMT

File type
PNG image data, 300 x 92, 8-bit/color RGBA, non-interlaced
Size
6.7 kB (6718 bytes)
Hash
9c1ba89517bbf85ff97eb689cbb973e3
d85faf6ea10d172c134102d9dec47aee738de2cf
1a66535b0e95b86fc757a17579e0e1c2d6084fb6a398047f916ed1409fc84e9c

HTTP Headers

GET /dbd5a2dd-yk3faclcbmsbglcdzou63a2eo9kilfwcxz-4vfcezws/logintenantbranding/0/bannerlogo?ts=637551541780306238 HTTP/1.1
Host: aadcdn.msauthimages.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://stingrayltd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
content-md5: nBuolRe7+F/5fraJy7lz4w==
content-type: image/*
date: Fri, 26 Jan 2024 16:17:54 GMT
etag: 0x8D909BFD60DFBE0
last-modified: Tue, 27 Apr 2021 21:02:58 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: adc5317d-e01e-0066-2d73-500cc2000000
x-ms-version: 2009-09-19
content-length: 6718
X-Firefox-Spdy: h2

aadcdn.msauthimages.net/dbd5a2dd-yk3faclcbmsbglcdzou63a2eo9kilfwcxz-4vfcezws/logintenantbranding/0/illustration?ts=637645728483824418

152.199.21.175

200 OK

261 kB

URL GET HTTP/2
aadcdn.msauthimages.net/dbd5a2dd-yk3faclcbmsbglcdzou63a2eo9kilfwcxz-4vfcezws/logintenantbranding/0/illustration?ts=637645728483824418
IP
152.199.21.175:443
ASN
#15133 EDGECAST

Requested by
https://stingrayltd.com/lo/ginofieezzoffosinnicrosoftonline/offize-bus/uill6mf7vxznzn5tkmilop4zcoc6zdjsykj53vasm7hppbq7lnra4paX5hf1vluW9mpiFufzInC9kaZYUnu6gkz52vDD61xBx3/?cfg=haynes@mfs.team
Certificate
IssuerMicrosoft Corporation
Subjectaadcdn.msauthimages.net
Fingerprint3B:14:C7:84:64:65:A8:46:3C:B4:7E:B7:F2:A1:AF:6B:8F:EF:17:E5
ValidityThu, 11 Jan 2024 12:14:02 GMT - Sun, 05 Jan 2025 12:14:02 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=1816, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=4032], progressive, precision 8, 3197x1440, components 3
Size
261 kB (261113 bytes)
Hash
29e1d6e1785f16f573f4a4e4984f63f5
fa84cc4f9f142ca838f776015371d805c74a2b7e
751143d3276aaaa6465a637ae9ac9fb58cb4a87239b25c413907a503828b662b

HTTP Headers

GET /dbd5a2dd-yk3faclcbmsbglcdzou63a2eo9kilfwcxz-4vfcezws/logintenantbranding/0/illustration?ts=637645728483824418 HTTP/1.1
Host: aadcdn.msauthimages.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://stingrayltd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
content-md5: KeHW4XhfFvVz9KTkmE9j9Q==
content-type: image/*
date: Fri, 26 Jan 2024 16:17:54 GMT
etag: 0x8D95F69631ACEF5
last-modified: Sat, 14 Aug 2021 21:20:48 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 38f06507-e01e-002b-4d73-50c32e000000
x-ms-version: 2009-09-19
content-length: 261113
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (13)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL OPTIONS HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL OPTIONS HTTP/1.1

IP

ASN