Report - r20.rs6.net/tn.jsp?f=001XMx9iZmFLCPiFwujmXbcqx1vBQuAg9Nbc2VcI2EIFYK5quX3Ce7vq7vVnryy6LnC9wNo1k1hvoSLkUgG89EDB3kPSJ-0eL9ZgJyMXJNEorX0wXFaGHrYu9ka6hDfgYa72ENpr20SilrjcT7h5btC1_Oo6y4iqxN1qpsL6jfXqYLjSvHaH11mWXuHd-XAuruZMIWkQpo4pyE3tMzNJnws6Q==&c=DetcA1QUM5cjqLQdgHEg9gXJUTAAPBCI7jVKaxtWDjzN1x2k4TXdww==&ch=OlkuZJWsb-KBFi2bOHwwTtxU5nWOp8jfe6dCm5RKKKGdUy1_MKQ92A=&=&__=/fsdft/c2hhcm9uLmJvb2tAaWNsLWdyb3VwLmNvbQ==

Report Overview

Visitedpublic

2024-01-12 01:12:29

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
espdepot.biz.id	unknown	2023-09-01	2023-09-04 06:34:34	2024-01-11 17:51:20	1.2 kB	1.1 kB	162.241.71.126
navkargum.com	unknown	2019-02-25	2019-06-02 21:42:30	2024-01-12 01:14:53	566 B	275 B	162.215.131.131
c.s-microsoft.com	10166	2012-02-07	2013-11-06 16:56:27	2024-01-11 07:31:25	476 B	1.3 kB	23.38.201.156
code.jquery.com	634	2005-12-10	2012-05-21 19:28:02	2024-01-11 08:05:55	1.5 kB	136 kB	151.101.194.137
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2024-01-11 08:00:54	555 B	7.2 kB	104.17.24.14
aadcdn.msftauth.net	1455	2018-10-25	2018-11-19 11:50:32	2024-01-11 18:14:35	540 B	1.5 kB	152.199.23.37
maxcdn.bootstrapcdn.com	724	2012-05-25	2014-06-18 02:37:31	2024-01-11 08:05:55	551 B	50 kB	104.18.11.207
r20.rs6.net	6735	2001-12-21	2014-04-18 19:30:06	2024-01-11 06:35:30	873 B	424 B	208.75.122.11
ajax.googleapis.com	12905	2005-01-25	2013-08-16 11:51:31	2024-01-11 14:49:48	972 B	62 kB	216.58.211.10
use.fontawesome.com	942	2012-10-18	2017-01-30 05:43:25	2024-01-11 05:10:54	551 B	14 kB	172.64.140.13
myeverything750411-1322272810.cos.na-toronto.myqcloud.com	unknown	2013-04-24	2023-11-14 16:41:51	2024-01-11 17:51:18	496 B	620 kB	49.51.54.104
aadcdn.msauth.net	1421	2018-10-25	2018-11-19 11:50:03	2024-01-11 05:43:07	1.1 kB	19 kB	13.107.213.53
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2024-01-11 09:53:18	496 B	18 kB	142.250.74.42
ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com	unknown	2013-04-24	2023-12-22 19:02:45	2024-01-11 17:51:16	564 B	8.3 kB	43.135.205.241

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (12)

	URL	From	Size	First Seen	Last Seen
	code.jquery.com/jquery-3.2.1.slim.min.js	ScriptElement	70 kB	2023-03-07	2025-08-02
URL code.jquery.com/jquery-3.2.1.slim.min.js IP / ASN 151.101.194.137 #54113 FASTLY Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-02 Times Seen 65864 Size 70 kB (69597 bytes) MD5 5f48fc77cac90c4778fa24ec9c57f37d SHA1 9e89d1515bc4c371b86f4cb1002fd8e377c1829f SHA256 9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398 Format Code Loading...

	myeverything750411-1322272810.cos.na-toronto.myqcloud.com/bootstrap.min.js	ScriptElement	620 kB	2023-11-15	2024-08-20
URL myeverything750411-1322272810.cos.na-toronto.myqcloud.com/bootstrap.min.js IP / ASN 49.51.54.104 #132203 Tencent Building, Kejizhongyi Avenue Introduced by ScriptElement Embedded false Resource Info First Seen 2023-11-15 Last Seen 2024-08-20 Times Seen 2257 Size 620 kB (619905 bytes) MD5 2f6e41e42790a7d2457262804f31a7ec SHA1 4e5bd95bedc29dc34e5d76d570703a480f2ee7b1 SHA256 68967362bbf88ff0417e6cc64e5bb969d3bb1af336ed87b935cc3a3b7355f730 Format Code Loading...

	ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js	ScriptElement	86 kB	2023-03-07	2025-08-02
URL ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js IP / ASN 216.58.211.10 #15169 GOOGLE Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-02 Times Seen 192107 Size 86 kB (85578 bytes) MD5 2f6b11a7e914718e0290410e85366fe9 SHA1 69bb69e25ca7d5ef0935317584e6153f3fd9a88c SHA256 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Format Code Loading...

	code.jquery.com/jquery-3.1.1.min.js	ScriptElement	87 kB	2023-03-07	2025-08-02
URL code.jquery.com/jquery-3.1.1.min.js IP / ASN 151.101.194.137 #54113 FASTLY Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-02 Times Seen 119807 Size 87 kB (86709 bytes) MD5 e071abda8fe61194711cfc2ab99fe104 SHA1 f647a6d37dc4ca055ced3cf64bbc1f490070acba SHA256 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf Format Code Loading...

	code.jquery.com/jquery-3.3.1.js	ScriptElement	272 kB	2023-03-07	2025-08-02
URL code.jquery.com/jquery-3.3.1.js IP / ASN 151.101.194.137 #54113 FASTLY Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-02 Times Seen 43243 Size 272 kB (271751 bytes) MD5 6a07da9fae934baf3f749e876bbfdd96 SHA1 46a436eba01c79acdb225757ed80bf54bad6416b SHA256 d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad Format Code Loading...

	unknown	ScriptElement	423 B	2023-06-21	2025-04-01
URL IP / ASN 0.0.0.0 #0 Introduced by ScriptElement Embedded false Resource Info First Seen 2023-06-21 Last Seen 2025-04-01 Times Seen 6884 Size 423 B (423 bytes) MD5 ffcfa8101b1851b542a0120d11337dba SHA1 ec39293dbd304f65316bcd4e2bfc02c57a44b6fc SHA256 08337fbf88109aa9bb8256f8d994fefa02e63dfc1a5595607f86a835f5a277ef Format Code Loading...

	cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js	ScriptElement	19 kB	2023-03-07	2025-08-02
URL cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js IP / ASN 104.17.24.14 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-02 Times Seen 84667 Size 19 kB (19188 bytes) MD5 70d3fda195602fe8b75e0097eed74dde SHA1 c3b977aa4b8dfb69d651e07015031d385ded964b SHA256 a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66 Format Code Loading...

	ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com/ok8jfhwu49sb.html?e=sharon.book@icl-group.com	ScriptElement	0 B	0001-01-01	2025-08-02
URL ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com/ok8jfhwu49sb.html?e=sharon.book@icl-group.com IP / ASN 43.135.205.241 #132203 Tencent Building, Kejizhongyi Avenue Introduced by ScriptElement Embedded true Resource Info First Seen 0001-01-01 Last Seen 2025-08-02 Times Seen 5606288 Size 0 B (0 bytes) MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Format Code Loading...

	maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js	ScriptElement	49 kB	2023-03-07	2025-08-02
URL maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js IP / ASN 104.18.11.207 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-02 Times Seen 85294 Size 49 kB (48944 bytes) MD5 14d449eb8876fa55e1ef3c2cc52b0c17 SHA1 a9545831803b1359cfeed47e3b4d6bae68e40e99 SHA256 e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b Format Code Loading...

	HASH	FROM	Size	First Seen	Last Seen
	7d1facc72353ea7ad62361e17a8d74e7	DocumentWrite	2.3 kB	2023-11-15	2025-01-19
Introduced by DocumentWrite First Seen 2023-11-15 Last Seen 2025-01-19 Times Seen 2289 Size 2.3 kB (2265 bytes) MD5 7d1facc72353ea7ad62361e17a8d74e7 SHA1 9f82837f7a5d018e8db403801b1c30a2873c6e7c SHA256 9c87aeda56eb0e1364523ed166acbf2aabffc474ccdd9a5ac8367e92c2314ff4 Format Code Loading...

HTTP Transactions (19)

URL IP Response Size

208.75.122.11

0 B

URL

IP / ASN

208.75.122.11

#40444 ASN-CC

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5606288

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /tn.jsp?f=001XMx9iZmFLCPiFwujmXbcqx1vBQuAg9Nbc2VcI2EIFYK5quX3Ce7vq7vVnryy6LnC9wNo1k1hvoSLkUgG89EDB3kPSJ-0eL9ZgJyMXJNEorX0wXFaGHrYu9ka6hDfgYa72ENpr20SilrjcT7h5btC1_Oo6y4iqxN1qpsL6jfXqYLjSvHaH11mWXuHd-XAuruZMIWkQpo4pyE3tMzNJnws6Q==&c=DetcA1QUM5cjqLQdgHEg9gXJUTAAPBCI7jVKaxtWDjzN1x2k4TXdww==&ch=OlkuZJWsb-KBFi2bOHwwTtxU5nWOp8jfe6dCm5RKKKGdUy1_MKQ92A=&=&__=/fsdft/c2hhcm9uLmJvb2tAaWNsLWdyb3VwLmNvbQ== HTTP/1.1
Host: r20.rs6.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Fri, 12 Jan 2024 01:11:57 GMT
Server: Apache
P3P: CP="CAO DSP TAIa OUR NOR UNI"
Location: https://navkargum.com/restore/maden/manual/skip/backend/level/dev/fsdft/c2hhcm9uLmJvb2tAaWNsLWdyb3VwLmNvbQ==
Content-Length: 0
Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate, no-cache="Set-Cookie"
Pragma: no-cache
Connection: close
Content-Type: text/html;charset=ISO-8859-1

navkargum.com/restore/maden/manual/skip/backend/level/dev/fsdft/c2hhcm9uLmJvb2tAaWNsLWdyb3VwLmNvbQ==

162.215.131.131

0 B

URL

navkargum.com/restore/maden/manual/skip/backend/level/dev/fsdft/c2hhcm9uLmJvb2tAaWNsLWdyb3VwLmNvbQ==

IP / ASN

162.215.131.131

#46606 UNIFIEDLAYER-AS-1

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5606288

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /restore/maden/manual/skip/backend/level/dev/fsdft/c2hhcm9uLmJvb2tAaWNsLWdyb3VwLmNvbQ== HTTP/1.1
Host: navkargum.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 12 Jan 2024 01:11:58 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
refresh: 0;url=https://ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com/ok8jfhwu49sb.html?e=sharon.book@icl-group.com

GET ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com/ok8jfhwu49sb.html?e=sharon.book@icl-group.com

43.135.205.241

200 OK

7.9 kB

URL

ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com/ok8jfhwu49sb.html?e=sharon.book@icl-group.com

IP / ASN

43.135.205.241

#132203 Tencent Building, Kejizhongyi Avenue

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (6959), with CRLF line terminators

First Seen2023-11-16

Last Seen2024-08-20

Times Seen1413

Size7.9 kB (7932 bytes)

MD5ff79cab2db9539a98cf9af432b925ea9

SHA18473fc9a437d7792b3b35de09f8f7ef42c95a1fd

SHA256152e7fa56cd8afb2fe96e033cfdb44da829e399e90c51b6e8ba33d37b9b4bb25

Certificate Info

IssuerGlobalSign nv-sa

Subject*.cos.sa-saopaulo.myqcloud.com

Fingerprint14:BA:22:2E:FB:E3:4A:4C:F2:C0:4D:65:3A:9D:C1:57:CD:5F:93:8D

ValidityFri, 03 Mar 2023 09:01:11 GMT - Wed, 03 Apr 2024 09:01:10 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /ok8jfhwu49sb.html?e=sharon.book@icl-group.com HTTP/1.1
Host: ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 7932
Connection: keep-alive
Accept-Ranges: bytes
Date: Fri, 12 Jan 2024 01:11:59 GMT
ETag: "ff79cab2db9539a98cf9af432b925ea9"
Last-Modified: Thu, 21 Dec 2023 14:34:22 GMT
Server: tencent-cos
x-cos-hash-crc64ecma: 9091515229774282626
x-cos-request-id: NjVhMDkxZGZfODQ0YzU5MGJfMjY0MV8yM2RlMTFl

GET cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js

104.17.24.14

200 OK

6.2 kB

URL

cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js

IP / ASN

104.17.24.14

#13335 CLOUDFLARENET

Requested byhttps://ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com/ok8jfhwu49sb.html?e=sharon.book@icl-group.com

Resource Info

File typeASCII text, with very long lines (19015)

First Seen2023-03-07

Last Seen2025-08-02

Times Seen84667

Size6.2 kB (6157 bytes)

MD570d3fda195602fe8b75e0097eed74dde

SHA1c3b977aa4b8dfb69d651e07015031d385ded964b

SHA256a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66

Certificate Info

IssuerCloudflare, Inc.

Subjectsni.cloudflaressl.com

Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D

ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

HTTP Headers

GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com
DNT: 1
Connection: keep-alive
Referer: https://ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 12 Jan 2024 01:11:59 GMT
content-type: application/javascript; charset=utf-8
content-length: 6157
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03fa9-4af4"
last-modified: Mon, 04 May 2020 16:15:37 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 33122
expires: Wed, 01 Jan 2025 01:11:59 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w9KWfsJ86iQNntiXAKjjisMtmNsvHX4z%2Baae1%2FBkTM8lBZAU2Arcn0gcqpVohmXh1zV1uFPHjteM%2Bo4yWiz1jyAKm4Au5nvOKPJOtxqBdXEYdwd3sNEx1i%2BYEr4x6SMTLObTUmeS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 844187562b9b5694-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET code.jquery.com/jquery-3.1.1.min.js

151.101.194.137

200 OK

30 kB

URL

code.jquery.com/jquery-3.1.1.min.js

IP / ASN

151.101.194.137

#54113 FASTLY

Requested byhttps://ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com/ok8jfhwu49sb.html?e=sharon.book@icl-group.com

Resource Info

File typeASCII text, with very long lines (32030)

First Seen2023-03-07

Last Seen2025-08-02

Times Seen119807

Size30 kB (30070 bytes)

MD5e071abda8fe61194711cfc2ab99fe104

SHA1f647a6d37dc4ca055ced3cf64bbc1f490070acba

SHA25685556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

Certificate Info

IssuerSectigo Limited

Subject*.jquery.com

FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D

ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

HTTP Headers

GET /jquery-3.1.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-152b5"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Fri, 12 Jan 2024 01:11:59 GMT
age: 10221319
x-served-by: cache-lga21947-LGA, cache-hel1410020-HEL
x-cache: HIT, HIT
x-cache-hits: 118, 81913
x-timer: S1705021920.728867,VS0,VE0
vary: Accept-Encoding
content-length: 30070
X-Firefox-Spdy: h2

GET code.jquery.com/jquery-3.3.1.js

151.101.194.137

200 OK

80 kB

URL

code.jquery.com/jquery-3.3.1.js

IP / ASN

151.101.194.137

#54113 FASTLY

Requested byhttps://ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com/ok8jfhwu49sb.html?e=sharon.book@icl-group.com

Resource Info

File typeASCII text

First Seen2023-03-07

Last Seen2025-08-02

Times Seen43243

Size80 kB (80268 bytes)

MD56a07da9fae934baf3f749e876bbfdd96

SHA146a436eba01c79acdb225757ed80bf54bad6416b

SHA256d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad

Certificate Info

IssuerSectigo Limited

Subject*.jquery.com

FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D

ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

HTTP Headers

GET /jquery-3.3.1.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com
DNT: 1
Connection: keep-alive
Referer: https://ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-42587"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Fri, 12 Jan 2024 01:11:59 GMT
age: 10221270
x-served-by: cache-lga21980-LGA, cache-hel1410034-HEL
x-cache: HIT, HIT
x-cache-hits: 99, 9573
x-timer: S1705021920.723006,VS0,VE0
vary: Accept-Encoding
content-length: 80268
X-Firefox-Spdy: h2

GET code.jquery.com/jquery-3.2.1.slim.min.js

151.101.194.137

200 OK

24 kB

URL

code.jquery.com/jquery-3.2.1.slim.min.js

IP / ASN

151.101.194.137

#54113 FASTLY

Requested byhttps://ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com/ok8jfhwu49sb.html?e=sharon.book@icl-group.com

Resource Info

File typeASCII text, with very long lines (32012)

First Seen2023-03-07

Last Seen2025-08-02

Times Seen65864

Size24 kB (23856 bytes)

MD55f48fc77cac90c4778fa24ec9c57f37d

SHA19e89d1515bc4c371b86f4cb1002fd8e377c1829f

SHA2569365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398

Certificate Info

IssuerSectigo Limited

Subject*.jquery.com

FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D

ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

HTTP Headers

GET /jquery-3.2.1.slim.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com
DNT: 1
Connection: keep-alive
Referer: https://ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-10fdd"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Fri, 12 Jan 2024 01:11:59 GMT
age: 10118118
x-served-by: cache-lga21963-LGA, cache-hel1410034-HEL
x-cache: HIT, HIT
x-cache-hits: 13, 63170
x-timer: S1705021920.728400,VS0,VE0
vary: Accept-Encoding
content-length: 23856
X-Firefox-Spdy: h2

GET ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

216.58.211.10

200 OK

30 kB

URL

ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

IP / ASN

216.58.211.10

#15169 GOOGLE

Requested byhttps://ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com/ok8jfhwu49sb.html?e=sharon.book@icl-group.com

Resource Info

File typeASCII text, with very long lines (32065)

First Seen2023-03-07

Last Seen2025-08-02

Times Seen192107

Size30 kB (30028 bytes)

MD52f6b11a7e914718e0290410e85366fe9

SHA169bb69e25ca7d5ef0935317584e6153f3fd9a88c

SHA25605b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Certificate Info

IssuerGoogle Trust Services LLC

Subjectupload.video.google.com

Fingerprint10:D0:ED:9A:F4:53:C8:99:DE:B6:5E:5C:04:E6:20:0B:68:7D:46:EC

ValidityMon, 20 Nov 2023 08:08:50 GMT - Mon, 12 Feb 2024 08:08:49 GMT

HTTP Headers

GET /ajax/libs/jquery/2.2.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30028
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 11 Jan 2024 03:07:33 GMT
expires: Fri, 10 Jan 2025 03:07:33 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 79466
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET use.fontawesome.com/releases/v5.8.1/css/all.css

172.64.140.13

200 OK

14 kB

URL

use.fontawesome.com/releases/v5.8.1/css/all.css

IP / ASN

172.64.140.13

#13335 CLOUDFLARENET

Requested byhttps://ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com/ok8jfhwu49sb.html?e=sharon.book@icl-group.com

Resource Info

File typeASCII text, with very long lines (54926)

First Seen2023-04-05

Last Seen2025-08-01

Times Seen17961

Size14 kB (13520 bytes)

MD5e4c542a7f6bf6f74fdd8cdf6e8096396

SHA13a0571a695a35f238026b9398386dc99d9a0c56d

SHA256eeb17a45a48aca1d7adbcf04de155dcd0b47cb36ad036310446bb471fea9aaa3

Certificate Info

IssuerCloudflare, Inc.

Subjectuse.fontawesome.com

FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78

ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

HTTP Headers

GET /releases/v5.8.1/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com
DNT: 1
Connection: keep-alive
Referer: https://ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 12 Jan 2024 01:11:59 GMT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
etag: W/"e4c542a7f6bf6f74fdd8cdf6e8096396"
last-modified: Fri, 22 Sep 2023 01:45:55 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 30103
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qP2bCHH6XVFa79vhdxt7wqJ1tY8ofsssVSlv1netz04vCstPHfTlPRQwuh4JYLOVDttd7lrLerIl8dIm03mIjr%2BdpGyeDxZAD9rPMdfoYVIbvVGxQewqesV1bgvx%2FvrSAHGX7p%2BT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 844187577d2d413a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

216.58.211.10

200 OK

30 kB

URL

ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

IP / ASN

216.58.211.10

#15169 GOOGLE

Requested byhttps://ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com/ok8jfhwu49sb.html?e=sharon.book@icl-group.com

Resource Info

File typeASCII text, with very long lines (32065)

First Seen2023-03-07

Last Seen2025-08-02

Times Seen192107

Size30 kB (30028 bytes)

MD52f6b11a7e914718e0290410e85366fe9

SHA169bb69e25ca7d5ef0935317584e6153f3fd9a88c

SHA25605b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Certificate Info

IssuerGoogle Trust Services LLC

Subjectupload.video.google.com

Fingerprint10:D0:ED:9A:F4:53:C8:99:DE:B6:5E:5C:04:E6:20:0B:68:7D:46:EC

ValidityMon, 20 Nov 2023 08:08:50 GMT - Mon, 12 Feb 2024 08:08:49 GMT

HTTP Headers

GET /ajax/libs/jquery/2.2.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30028
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 11 Jan 2024 03:07:33 GMT
expires: Fri, 10 Jan 2025 03:07:33 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 79467
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET myeverything750411-1322272810.cos.na-toronto.myqcloud.com/bootstrap.min.js

49.51.54.104

200 OK

620 kB

URL

myeverything750411-1322272810.cos.na-toronto.myqcloud.com/bootstrap.min.js

IP / ASN

49.51.54.104

#132203 Tencent Building, Kejizhongyi Avenue

Requested byhttps://ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com/ok8jfhwu49sb.html?e=sharon.book@icl-group.com

Resource Info

File typeASCII text, with very long lines (65476), with CRLF line terminators

First Seen2023-11-15

Last Seen2024-08-20

Times Seen2253

Size620 kB (619899 bytes)

MD50c73390b2265e8f5a8049a2c80e0f255

SHA172c0268952e3518915326bbf083d1224c9f44184

SHA25631037ff35bcee326282703cce723d8d558f7a90a010dad89f467c7e478ae5484

Certificate Info

IssuerGlobalSign nv-sa

Subject*.cos.na-toronto.myqcloud.com

Fingerprint35:FE:CD:A6:0E:ED:28:0B:E5:8E:50:19:E7:C1:9C:13:37:4D:53:F0

ValidityMon, 27 Feb 2023 02:45:55 GMT - Sat, 30 Mar 2024 02:45:54 GMT

HTTP Headers

GET /bootstrap.min.js HTTP/1.1
Host: myeverything750411-1322272810.cos.na-toronto.myqcloud.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 619899
Connection: keep-alive
Accept-Ranges: bytes
Date: Fri, 12 Jan 2024 01:12:00 GMT
ETag: "0c73390b2265e8f5a8049a2c80e0f255"
Last-Modified: Fri, 10 Nov 2023 12:44:02 GMT
Server: tencent-cos
x-cos-hash-crc64ecma: 5257719611049645913
x-cos-request-id: NjVhMDkxZTBfM2Q1MTA2MDlfNmVjYV85YjViNTY=

GET c.s-microsoft.com/favicon.ico?v2

23.38.201.156

540 B

URL

c.s-microsoft.com/favicon.ico?v2

IP / ASN

23.38.201.156

#16625 AKAMAI-AS

Requested byhttps://ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com/ok8jfhwu49sb.html?e=sharon.book@icl-group.com

Resource Info

File typeMS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors

First Seen2023-04-05

Last Seen2025-08-02

Times Seen156736

Size540 B (540 bytes)

MD512e3dac858061d088023b2bd48e2fa96

SHA1e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

SHA25690cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

Certificate Info

IssuerMicrosoft Corporation

Subjectwww.microsoft.com

FingerprintE1:57:9B:A5:51:25:CE:C3:A7:8E:39:F5:5C:F8:1D:A8:BF:A9:4F:88

ValidityThu, 14 Sep 2023 17:24:20 GMT - Sun, 08 Sep 2024 17:24:20 GMT

HTTP Headers

GET /favicon.ico?v2 HTTP/1.1
Host: c.s-microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/x-icon
last-modified: Thu, 16 Nov 2023 19:34:12 GMT
etag: "1DA18C3E0335200"
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-credentials: true
x-frame-options: SAMEORIGIN
x-sitemuse-origin: Azure
x-azure-ref: 20231202T055608Z-bg7x7m27q90sbdyfydgy9dtqsg000000041g00000002ahh3
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 540
cache-control: public, max-age=162540
expires: Sat, 13 Jan 2024 22:21:01 GMT
date: Fri, 12 Jan 2024 01:12:01 GMT
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2

POST espdepot.biz.id/next.php

162.241.71.126

200 OK

16 B

URL

espdepot.biz.id/next.php

IP / ASN

162.241.71.126

#46606 UNIFIEDLAYER-AS-1

Requested byhttps://ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com/ok8jfhwu49sb.html?e=sharon.book@icl-group.com

Resource Info

File typeJSON data

First Seen2023-04-05

Last Seen2025-08-02

Times Seen16244

Size16 B (16 bytes)

MD51f57cbd1f1a1ced8f62d34242408414c

SHA152279c54b16f0a88d43d57b4cbb9813ea3cc39ab

SHA256c462d460eab61de19f36cc384c99666e5bf65eaeba0c12b8f594c5410c01f220

Certificate Info

IssuerLet's Encrypt

Subjectespdepot.biz.id

Fingerprint9B:8A:7D:06:F5:0D:8D:A7:8F:E9:76:DA:69:9A:D3:10:1A:03:91:99

ValidityWed, 27 Dec 2023 19:32:38 GMT - Tue, 26 Mar 2024 19:32:37 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

POST /next.php HTTP/1.1
Host: espdepot.biz.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com/
Content-Type: application/x-www-form-urlencoded
Content-Length: 13
Origin: https://ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 12 Jan 2024 01:12:00 GMT
Server: Apache
Access-Control-Allow-Origin: https://ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 86400
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg

152.199.23.37

200 OK

673 B

URL

aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg

IP / ASN

152.199.23.37

#15133 EDGECAST

Requested byhttps://ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com/ok8jfhwu49sb.html?e=sharon.book@icl-group.com

Resource Info

File typeSVG Scalable Vector Graphics image

First Seen2023-04-12

Last Seen2025-08-02

Times Seen84797

Size673 B (673 bytes)

MD5bc3d32a696895f78c19df6c717586a5d

SHA19191cb156a30a3ed79c44c0a16c95159e8ff689d

SHA2560e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msftauth.net

Fingerprint3C:9E:70:F5:B3:D1:80:80:8C:97:1C:7B:7E:A8:2C:D8:7B:94:95:0B

ValidityFri, 01 Dec 2023 00:00:00 GMT - Sun, 01 Dec 2024 23:59:59 GMT

HTTP Headers

GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1
Host: aadcdn.msftauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 18245881
cache-control: public, max-age=31536000
content-md5: DhdidjYrlCeaRJJRG/y9mA==
content-type: image/svg+xml
date: Fri, 12 Jan 2024 01:12:02 GMT
etag: 0x8D7B007297AE131
last-modified: Wed, 12 Feb 2020 22:01:50 GMT
server: ECAcc (ska/F732)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 68d21ab8-f01e-0076-6702-9f059f000000
x-ms-version: 2009-09-19
content-length: 673
X-Firefox-Spdy: h2

GET aadcdn.msauth.net/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg

13.107.213.53

200 OK

621 B

URL

aadcdn.msauth.net/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg

IP / ASN

13.107.213.53

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byhttps://ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com/ok8jfhwu49sb.html?e=sharon.book@icl-group.com

Resource Info

File typeSVG Scalable Vector Graphics image

First Seen2023-04-14

Last Seen2025-08-02

Times Seen45847

Size621 B (621 bytes)

MD54e48046ce74f4b89d45037c90576bfac

SHA14a41b3b51ed787f7b33294202da72220c7cd2c32

SHA2568e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msauth.net

Fingerprint88:95:0C:FA:9D:33:AA:BF:A4:FD:9D:84:A6:E8:02:06:58:50:AD:8C

ValiditySun, 29 Oct 2023 00:00:00 GMT - Tue, 29 Oct 2024 23:59:59 GMT

HTTP Headers

GET /shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 12 Jan 2024 01:12:02 GMT
content-type: image/svg+xml
content-length: 621
cache-control: public, max-age=31536000
content-encoding: gzip
last-modified: Tue, 10 Nov 2020 03:41:24 GMT
etag: 0x8D8852A7FA6B761
x-ms-request-id: 9ffd0f72-a01e-0035-60ef-439168000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20240112T011202Z-tmp5rac0ph2utb5xyh6sx75n7w0000000bpg0000000021un
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET fonts.googleapis.com/css?family=Archivo+Narrow&display=swap

142.250.74.42

200 OK

18 kB

URL

fonts.googleapis.com/css?family=Archivo+Narrow&display=swap

IP / ASN

142.250.74.42

#15169 GOOGLE

Requested byhttps://ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com/ok8jfhwu49sb.html?e=sharon.book@icl-group.com

Resource Info

File typegzip compressed data, max compression

First Seen2023-10-28

Last Seen2024-08-20

Times Seen178

Size18 kB (17640 bytes)

MD59bd4bcbf47de921ecd7db16895168f26

SHA178867cf71e0e8e76bfc20c51f3d45d42e65e5759

SHA2568e5ea623b839c3e5424c222a62ba4dab71b55af60b6f6381e0bd7fe7b41a6eba

Certificate Info

IssuerGoogle Trust Services LLC

Subjectupload.video.google.com

Fingerprint10:D0:ED:9A:F4:53:C8:99:DE:B6:5E:5C:04:E6:20:0B:68:7D:46:EC

ValidityMon, 20 Nov 2023 08:08:50 GMT - Mon, 12 Feb 2024 08:08:49 GMT

HTTP Headers

GET /css?family=Archivo+Narrow&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 12 Jan 2024 01:11:59 GMT
date: Fri, 12 Jan 2024 01:11:59 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

POST espdepot.biz.id/next.php

162.241.71.126

200 OK

354 B

URL

espdepot.biz.id/next.php

IP / ASN

162.241.71.126

#46606 UNIFIEDLAYER-AS-1

Requested byhttps://ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com/ok8jfhwu49sb.html?e=sharon.book@icl-group.com

Resource Info

File typeJSON data

First Seen2023-12-06

Last Seen2024-08-20

Times Seen8

Size354 B (354 bytes)

MD54902fc2fcb808715c9c3a6cb48f543e3

SHA168c79f733517a56143b848bca3e449275de365ad

SHA25668cdda2bf500a2e4b534b4ee88ab083fdc29353bb354d551f6b6d6d49e5a4820

Certificate Info

IssuerLet's Encrypt

Subjectespdepot.biz.id

Fingerprint9B:8A:7D:06:F5:0D:8D:A7:8F:E9:76:DA:69:9A:D3:10:1A:03:91:99

ValidityWed, 27 Dec 2023 19:32:38 GMT - Tue, 26 Mar 2024 19:32:37 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

POST /next.php HTTP/1.1
Host: espdepot.biz.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 40
Origin: https://ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com
DNT: 1
Connection: keep-alive
Referer: https://ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 12 Jan 2024 01:12:01 GMT
Server: Apache
Access-Control-Allow-Origin: https://ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 86400
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js

104.18.11.207

200 OK

49 kB

URL

maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js

IP / ASN

104.18.11.207

#13335 CLOUDFLARENET

Requested byhttps://ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com/ok8jfhwu49sb.html?e=sharon.book@icl-group.com

Resource Info

File typeASCII text, with very long lines (48664)

First Seen2023-03-07

Last Seen2025-08-02

Times Seen85294

Size49 kB (48944 bytes)

MD514d449eb8876fa55e1ef3c2cc52b0c17

SHA1a9545831803b1359cfeed47e3b4d6bae68e40e99

SHA256e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b

Certificate Info

IssuerGoogle Trust Services LLC

Subjectbootstrapcdn.com

Fingerprint34:BC:91:5F:B9:EC:32:2C:D9:73:C7:88:C3:6C:FB:77:E7:70:8D:04

ValidityThu, 30 Nov 2023 00:15:17 GMT - Wed, 28 Feb 2024 00:15:16 GMT

HTTP Headers

GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com
DNT: 1
Connection: keep-alive
Referer: https://ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 12 Jan 2024 01:11:59 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"14d449eb8876fa55e1ef3c2cc52b0c17"
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-cachedat: 12/21/2023 20:03:03
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 865
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: cafd57411f7a9a0f1b77ab5a22c2a1c7
cdn-cache: HIT
cf-cache-status: HIT
age: 30042
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 844187562a71b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico

13.107.213.53

200 OK

17 kB

URL

aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico

IP / ASN

13.107.213.53

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byhttps://ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com/ok8jfhwu49sb.html?e=sharon.book@icl-group.com

Resource Info

File typeMS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors

First Seen2023-04-05

Last Seen2025-08-02

Times Seen156736

Size17 kB (17174 bytes)

MD512e3dac858061d088023b2bd48e2fa96

SHA1e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

SHA25690cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msauth.net

Fingerprint88:95:0C:FA:9D:33:AA:BF:A4:FD:9D:84:A6:E8:02:06:58:50:AD:8C

ValiditySun, 29 Oct 2023 00:00:00 GMT - Tue, 29 Oct 2024 23:59:59 GMT

HTTP Headers

GET /ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ok8jfhwu49sb-1323053341.cos.sa-saopaulo.myqcloud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 12 Jan 2024 01:12:02 GMT
content-type: image/x-icon
content-length: 17174
cache-control: public, max-age=604800
last-modified: Fri, 02 Nov 2018 20:25:25 GMT
etag: 0x8D6410152A9D7E1
x-ms-request-id: 31053c6a-c01e-004b-1863-44c175000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20240112T011202Z-tmp5rac0ph2utb5xyh6sx75n7w0000000bpg0000000021up
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2