| r20.rs6.net/tn.jsp?f=001rhu1yD1ESg_0SRbCjqkKZVY0dWa5Gghe88Jh72TSbGq0qCXgeFlQ1F4O_rxQ9bwJiGlPgp3hwR7Ul8ik9bbbmzjAk849OyAye1K4f5SUGJsTL3l3_2HEU1b7sqxWz1hoBLgpt6EvcSrF_6PhAlaDt1e9TX3Lg7NPvXuqSd7HK9Y=&c=&ch=&__=/YWluaS5vbmdAZm9udGVycmEuY29t |  208.75.122.11 | 302 Found | 0 B |
URL User Request GET HTTP/1.1r20.rs6.net/tn.jsp?f=001rhu1yD1ESg_0SRbCjqkKZVY0dWa5Gghe88Jh72TSbGq0qCXgeFlQ1F4O_rxQ9bwJiGlPgp3hwR7Ul8ik9bbbmzjAk849OyAye1K4f5SUGJsTL3l3_2HEU1b7sqxWz1hoBLgpt6EvcSrF_6PhAlaDt1e9TX3Lg7NPvXuqSd7HK9Y=&c=&ch=&__=/YWluaS5vbmdAZm9udGVycmEuY29t IP208.75.122.11:443
CertificateIssuerGlobalSign nv-sa Subjectrs6.net Fingerprint65:B1:9F:36:97:C2:7B:17:26:C1:6E:96:16:90:70:A8:E5:22:D1:78 ValidityWed, 17 May 2023 21:06:28 GMT - Mon, 17 Jun 2024 21:06:27 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tn.jsp?f=001rhu1yD1ESg_0SRbCjqkKZVY0dWa5Gghe88Jh72TSbGq0qCXgeFlQ1F4O_rxQ9bwJiGlPgp3hwR7Ul8ik9bbbmzjAk849OyAye1K4f5SUGJsTL3l3_2HEU1b7sqxWz1hoBLgpt6EvcSrF_6PhAlaDt1e9TX3Lg7NPvXuqSd7HK9Y=&c=&ch=&__=/YWluaS5vbmdAZm9udGVycmEuY29t HTTP/1.1
Host: r20.rs6.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Thu, 18 Jan 2024 16:05:26 GMT
Server: Apache
P3P: CP="CAO DSP TAIa OUR NOR UNI"
Location: https://lightworker.net.au/amoo/asdf//YWluaS5vbmdAZm9udGVycmEuY29t
Content-Length: 0
Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate, no-cache="Set-Cookie"
Pragma: no-cache
Connection: close
Content-Type: text/html;charset=ISO-8859-1
|
|
| lightworker.net.au/amoo/asdf//YWluaS5vbmdAZm9udGVycmEuY29t |  103.9.170.115 | 200 OK | 95 B |
URL User Request GET HTTP/2lightworker.net.au/amoo/asdf//YWluaS5vbmdAZm9udGVycmEuY29t IP103.9.170.115:443 ASN#45638 SYNERGY WHOLESALE PTY LTD
CertificateIssuercPanel, Inc. Subjectlightworker.net.au FingerprintAA:E5:EB:C2:95:5C:8F:36:EB:20:4B:A9:3A:69:3C:77:6C:DA:FB:EE ValiditySun, 03 Dec 2023 00:00:00 GMT - Sat, 02 Mar 2024 23:59:59 GMT
File typeHTML document, ASCII text Hash34b6b9150f8dbcbc37e74b20c01a9382 da279e0974bc229223f67ace9b6a396244e8e9e0 425dd2a1a7837a338fe8aa3f2a9bac8d9859bf4458da7b8f78534245f0d3b129
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /amoo/asdf//YWluaS5vbmdAZm9udGVycmEuY29t HTTP/1.1
Host: lightworker.net.au
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
x-powered-by: PHP/5.6.40
content-type: text/html; charset=UTF-8
content-length: 95
content-encoding: br
vary: Accept-Encoding
date: Thu, 18 Jan 2024 16:05:28 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=847814681fe60b45 |  104.17.2.184 | 200 OK | 185 kB |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=847814681fe60b45 IP104.17.2.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bmovt/0x4AAAAAAADnPIDROrmt1Wwj/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeASCII text, with very long lines (65536), with no line terminators Size185 kB (185117 bytes) Hash2370ec1d2b063b0abf716500784809d1 5e2faf4294cd23e7ea8aa1991aacdf3c4614880d fb9d711378e01d4a022bc7275a93e54fc4ca906ae0cc8dd92830e093eb71731f
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=847814681fe60b45 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bmovt/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Jan 2024 16:05:29 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
server: cloudflare
cf-ray: 8478146898db0b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| microsoft-verify.ofisuu.com/mails/inbox | 172.67.146.41 | 403 Forbidden | 6.7 kB |
URL User Request GET HTTP/2microsoft-verify.ofisuu.com/mails/inbox IP172.67.146.41:443
CertificateIssuerGoogle Trust Services LLC Subjectofisuu.com Fingerprint7C:A9:39:FA:30:91:12:E6:A1:78:9D:01:51:97:B9:CC:4C:9C:CD:CB ValidityTue, 02 Jan 2024 21:19:46 GMT - Mon, 01 Apr 2024 21:19:45 GMT
File typeHTML document, ASCII text, with very long lines (6786), with no line terminators Hash88cfadd493df4f511a48ffb62ecb8ac4 7159df2e91d993b0cfe23063aa66775db967aee9 378f734d48b610229f489e46eed0d73055d753ceedc593c883a8a03975b3449f
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /mails/inbox HTTP/1.1
Host: microsoft-verify.ofisuu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lightworker.net.au/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 403 Forbidden
date: Thu, 18 Jan 2024 16:05:28 GMT
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6tp%2FhVC83SGjOqU%2BrPVXUBYqI5QbOb8Nne5Y1khUArv%2BPQnrxQ6cKdDWASt7m%2BI4Nn4JFvKvHDlvRCnL5gc1xo7eRFWQ07mt7TZzlTcEJ0jsdN1jHMILttlksxNi3Glph6zSt8xFO0Df4Yo6hp8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 84781465dd2f1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| microsoft-verify.ofisuu.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=84781465dd2f1bfe | 172.67.146.41 | 200 OK | 176 kB |
URL GET HTTP/3microsoft-verify.ofisuu.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=84781465dd2f1bfe IP172.67.146.41:443
Requested byhttps://microsoft-verify.ofisuu.com/mails/inbox#aini.ong@fonterra.com CertificateIssuerGoogle Trust Services LLC Subjectofisuu.com Fingerprint7C:A9:39:FA:30:91:12:E6:A1:78:9D:01:51:97:B9:CC:4C:9C:CD:CB ValidityTue, 02 Jan 2024 21:19:46 GMT - Mon, 01 Apr 2024 21:19:45 GMT
File typeASCII text, with very long lines (65536), with no line terminators Size176 kB (176495 bytes) Hash47be505f2b11a29702ce2077e7f35c97 58b3fb6b824824ffbde84956484531264e19fedb c89dfe52ba62324c7944a6a31f254ed2b00d5b351658ce405324cc399006ac9d
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=84781465dd2f1bfe HTTP/1.1
Host: microsoft-verify.ofisuu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://microsoft-verify.ofisuu.com/mails/inbox?__cf_chl_rt_tk=5uVexfGSNDN.j64K5HSJCARpXUb.VhIaYewKrTyinb4-1705593928-0-gaNycGzNDfs
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Jan 2024 16:05:28 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=myUTjvLhMcs6lyPEWuXTQHQJtyike%2FwTGmf7eW6H%2BNoVd%2BxZSMZJnYn8WNsFXRMoeEJUXOY%2Fn3jyvBaYrr1s96sqdyUelT7chmKniolGtnrmR6gVnPAt%2BMI0zwTnr6FVcuvilMGyZHlXMwRCHWY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 847814668ed07130-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| microsoft-verify.ofisuu.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1119149299:1705592117:wEgtW2gId7TjQwpHUcLNDyP0_i6vlKjMhqrh-59bOsk/84781465dd2f1bfe/835c9da6531a4bf | 172.67.146.41 | 200 OK | 13 kB |
URL POST HTTP/3microsoft-verify.ofisuu.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1119149299:1705592117:wEgtW2gId7TjQwpHUcLNDyP0_i6vlKjMhqrh-59bOsk/84781465dd2f1bfe/835c9da6531a4bf IP172.67.146.41:443
Requested byhttps://microsoft-verify.ofisuu.com/mails/inbox#aini.ong@fonterra.com CertificateIssuerGoogle Trust Services LLC Subjectofisuu.com Fingerprint7C:A9:39:FA:30:91:12:E6:A1:78:9D:01:51:97:B9:CC:4C:9C:CD:CB ValidityTue, 02 Jan 2024 21:19:46 GMT - Mon, 01 Apr 2024 21:19:45 GMT
File typeASCII text, with very long lines (13112), with no line terminators Hasheb630821c18ae488275ac11c2ed10ca1 8f8d7bad10d5a8f19d86ea80702598f5ac792df7 7122f7df7031f3624443874d19eef573ef03c3e2f4bca167c21c5f5f92dcf3b8
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1119149299:1705592117:wEgtW2gId7TjQwpHUcLNDyP0_i6vlKjMhqrh-59bOsk/84781465dd2f1bfe/835c9da6531a4bf HTTP/1.1
Host: microsoft-verify.ofisuu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://microsoft-verify.ofisuu.com/mails/inbox
Content-type: application/x-www-form-urlencoded
CF-Challenge: 835c9da6531a4bf
Content-Length: 1690
Origin: https://microsoft-verify.ofisuu.com
DNT: 1
Connection: keep-alive
Cookie: cf_chl_3=835c9da6531a4bf
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Jan 2024 16:05:28 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: CKfH71/V8qIPZEeEf9EpO3ij/n6DkELt25xvDoxSuRFyl10U5ro3+N+3TYGs2KHx$EviVDwwDiPf1U9OcKeMEVQ==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ImjcHvTLVsJFzl885p5rQNAUicSz89pJJgmQVBnLTbz6xnL4EaIdfbYG2T1mVhkbcprE3BQ%2Bv4xq1imsQJGFcIuBd3JnTYiJxjCDddrFxeaCEuXsOkGshoTalfh8EMKVqX0y87RxcyrR3%2Fj4sSU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 84781467a95a7130-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/847814681fe60b45/1705593929313/ClcMnkVrgKbsnyt | 104.17.2.184 | 200 OK | 61 B |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/847814681fe60b45/1705593929313/ClcMnkVrgKbsnyt IP104.17.2.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bmovt/0x4AAAAAAADnPIDROrmt1Wwj/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typePNG image data, 83 x 62, 8-bit/color RGB, non-interlaced Hash08b75c11bad1124037d24806f528ed36 79cddc1fc8b1f1ca6e2ffbcdec515fde79946574 f983b4356d361cad401b3377936c85dad5c8eff2035b2d2372c6051d696a6054
GET /cdn-cgi/challenge-platform/h/b/i/847814681fe60b45/1705593929313/ClcMnkVrgKbsnyt HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bmovt/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Jan 2024 16:05:30 GMT
content-type: image/png
server: cloudflare
cf-ray: 847814720a060b45-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/908245670:1705592304:hb6A_N4-w6mniLzq2ATrCWfI7CCWT0YKaIlSVC_QLII/847814681fe60b45/9a4374e32ac02aa | 104.17.2.184 | 200 OK | 18 kB |
URL POST HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/908245670:1705592304:hb6A_N4-w6mniLzq2ATrCWfI7CCWT0YKaIlSVC_QLII/847814681fe60b45/9a4374e32ac02aa IP104.17.2.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bmovt/0x4AAAAAAADnPIDROrmt1Wwj/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeASCII text, with very long lines (18272), with no line terminators Hashf66ab2e87852900bd3df1419a96bf4c9 94a1edf0e4b109c0fd23aaf327ceb3f93b7e97d8 6792a5ddf712b23f48bb9f9bc76da4a62cc1c64bb746f22a06e496a8d5b0e6d4
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/908245670:1705592304:hb6A_N4-w6mniLzq2ATrCWfI7CCWT0YKaIlSVC_QLII/847814681fe60b45/9a4374e32ac02aa HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bmovt/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 9a4374e32ac02aa
Content-Length: 25850
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Jan 2024 16:05:31 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: 3v95wJLES2Z6HBSokEzMWsRg2DnuMqwRIVAQHrzHLaXmODPevk0Cl0/j2oWh763m$ZH+PBSlm0NpUMm+/aJco5w==
server: cloudflare
cf-ray: 8478147538470b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| microsoft-verify.ofisuu.com/cdn-cgi/styles/challenges.css | 172.67.146.41 | 200 OK | 6.6 kB |
URL GET HTTP/3microsoft-verify.ofisuu.com/cdn-cgi/styles/challenges.css IP172.67.146.41:443
Requested byhttps://microsoft-verify.ofisuu.com/mails/inbox#aini.ong@fonterra.com CertificateIssuerGoogle Trust Services LLC Subjectofisuu.com Fingerprint7C:A9:39:FA:30:91:12:E6:A1:78:9D:01:51:97:B9:CC:4C:9C:CD:CB ValidityTue, 02 Jan 2024 21:19:46 GMT - Mon, 01 Apr 2024 21:19:45 GMT
File typeASCII text, with very long lines (6608), with no line terminators Hashf0fd80732479959c893cfd7380f594bd 04111102f46bc02c195561743b3f41b4d5a349ca 704e70fc0fd54cb83a1100d48093680b73e0d3c45a32dc326c38355185aaf37f
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /cdn-cgi/styles/challenges.css HTTP/1.1
Host: microsoft-verify.ofisuu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://microsoft-verify.ofisuu.com/mails/inbox
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Jan 2024 16:05:28 GMT
content-type: text/css
last-modified: Fri, 05 Jan 2024 17:29:47 GMT
etag: W/"65983c8b-19c8"
server: cloudflare
cf-ray: 847814665e947130-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Thu, 18 Jan 2024 18:05:28 GMT
cache-control: max-age=7200, public
content-encoding: gzip
|
|
| challenges.cloudflare.com/turnstile/v0/b/c8377512/api.js?onload=ILIdiM9&render=explicit | 104.17.2.184 | 200 OK | 35 kB |
URL GET HTTP/2challenges.cloudflare.com/turnstile/v0/b/c8377512/api.js?onload=ILIdiM9&render=explicit IP104.17.2.184:443
Requested byhttps://microsoft-verify.ofisuu.com/mails/inbox#aini.ong@fonterra.com CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeASCII text, with very long lines (35311) Hash99dd2e64e7ba345a3b2f7d34c465258a ee3bc947d6f6828ae4df6bf14a77e4c7cc62a310 850e587a96f9cad84206169720be046f289fa015e4b76b6ae79610c9d73c7eef
GET /turnstile/v0/b/c8377512/api.js?onload=ILIdiM9&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://microsoft-verify.ofisuu.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Jan 2024 16:05:28 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Accept-Encoding
server: cloudflare
cf-ray: 847814670dcd5695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bmovt/0x4AAAAAAADnPIDROrmt1Wwj/light/normal | 104.17.2.184 | 200 OK | 75 kB |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bmovt/0x4AAAAAAADnPIDROrmt1Wwj/light/normal IP104.17.2.184:443
Requested byhttps://microsoft-verify.ofisuu.com/mails/inbox#aini.ong@fonterra.com CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (40811) Hash0fdc527659f27f2fa7d46913c1fcf37e ba646bc0d4baec0fe1fcd8371e7176d8ccceff2b 16d4ae3b153502b8e69c0c6018a7b80db17e89ba370675a1fe71f80b5c32706d
GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bmovt/0x4AAAAAAADnPIDROrmt1Wwj/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Jan 2024 16:05:28 GMT
content-type: text/html; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
document-policy: js-profiling
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare
cf-ray: 847814681fe60b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D | 104.17.2.184 | 200 OK | 61 B |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D IP104.17.2.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bmovt/0x4AAAAAAADnPIDROrmt1Wwj/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typePNG image data, 2 x 2, 8-bit/color RGB, non-interlaced Hash9246cca8fc3c00f50035f28e9f6b7f7d 3aa538440f70873b574f40cd793060f53ec17a5d c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84
GET /cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bmovt/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Jan 2024 16:05:29 GMT
content-type: image/png
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 8478146898cb0b45-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/847814681fe60b45/1705593929311/dc6e34aba970bffdac744bec735e40226cecf120ec31e9d1374302e0d9497eac/UJ-DXeVW5N-qcME | 104.17.2.184 | 401 Unauthorized | 1 B |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/847814681fe60b45/1705593929311/dc6e34aba970bffdac744bec735e40226cecf120ec31e9d1374302e0d9497eac/UJ-DXeVW5N-qcME IP104.17.2.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bmovt/0x4AAAAAAADnPIDROrmt1Wwj/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typevery short file (no magic) Hashff44570aca8241914870afbc310cdb85 58668e7669fd564d99db5d581fcdb6a5618440b5 6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5
GET /cdn-cgi/challenge-platform/h/b/pat/847814681fe60b45/1705593929311/dc6e34aba970bffdac744bec735e40226cecf120ec31e9d1374302e0d9497eac/UJ-DXeVW5N-qcME HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bmovt/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 401 Unauthorized
date: Thu, 18 Jan 2024 16:05:29 GMT
content-type: text/plain; charset=UTF-8
www-authenticate: PrivateToken challenge=AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20g3G40q6lwv_2sdEvsc15AImzs8SDsMenRN0MC4NlJfqwAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=, token-key=MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEApngNcbf9QbEMYpdNGF-Ak3H9ytauJ6q008ba8GUyzTK2vIk-9PViRj_DT_XHgNQmwnlSpAKI9BZQy0mvvbs_kGAjMfcw-IXmKkFX9h1WlyO_XqnUwu7EoujyC1ed_8xMrijH_L_Dn6dXBoOx2C0TOqw_LY325GbicZciJPyaT-LMK9dPB363XkBV2e96xXTR1FBGwZC6_1wzSNgGKxTy5rWkQdkkGR9aiNQzuWiugED2eGDzROZumPEU7RRc_uiruDQaZ6tXnvzEke8BmzX7hsK4D52-cQShu8OEVbKsjLeBxuF1fFPyZfSAJ9_95CTRP_lfjk0uYNsyS9GxkZ0AlQIDAQAB, max-age=20, PrivateToken challenge=AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tINxuNKupcL_9rHRL7HNeQCJs7PEg7DHp0TdDAuDZSX6sABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t, token-key=MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAyAcIyqXWj0XAym0z5V844rFA0WOzLVwj0uCwmVj6zC4qOH40oBiGHrMNMBnDyk95jvnBAuHeEs855e7nA4l4DPJ4jUWKZbua8BxGAzjn74A1BV81a52F1zvBPUm-VEJXPAPXQehXphSv51uR7HKtfcM5oaS33TGDSy-6xv0r84xjMuTBvwPgXGehxpi1MCGGE5yWkzKN5Zzllk7m6Nkiv6learV-Uz7tzaoPbdZkBk1bFXxm2q07jWavoBZ-JEuEJyjQ00PSTz2Zjpbct6AlR3eCS9sbmXtb5XxSs7JMsvoa8uojD7a5m2SEJIwaf8xKL6wtxkaPonUfvsLj4JoJZQIDAQAB, max-age=20
server: cloudflare
cf-ray: 8478146dea7a0b45-OSL
alt-svc: h3=":443"; ma=86400
|
|
| microsoft-verify.ofisuu.com/favicon.ico | 172.67.146.41 | 200 OK | 164 B |
URL GET HTTP/3microsoft-verify.ofisuu.com/favicon.ico IP172.67.146.41:443
Requested byhttps://microsoft-verify.ofisuu.com/mails/inbox#aini.ong@fonterra.com CertificateIssuerGoogle Trust Services LLC Subjectofisuu.com Fingerprint7C:A9:39:FA:30:91:12:E6:A1:78:9D:01:51:97:B9:CC:4C:9C:CD:CB ValidityTue, 02 Jan 2024 21:19:46 GMT - Mon, 01 Apr 2024 21:19:45 GMT
File typeHTML document, ASCII text, with no line terminators Hash4099f87eae70c7f4d5de13c5987ac6c3 d08f9155d7fe3985de8aad34b72b8eef5df4ae33 3d0c2b7c63e5fae1ce26455c228495e5cf705d2fdd427d241b6f253c39ce5195
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /favicon.ico HTTP/1.1
Host: microsoft-verify.ofisuu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://microsoft-verify.ofisuu.com/mails/inbox
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Jan 2024 16:05:28 GMT
content-type: text/html
access-control-allow-credentials: true
cache-control: no-cache, no-store
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OzWlIIc%2F54jMO0%2FwpNqRhNJcyuIVGIJeGKeJOw2NFX6SL8onwHnWVF17zRfhgwfQo9IqZiIVQDKZct9Ntt5FneiFOyU9NjqPzyYgPdN8C8g8ru5YlqqJAplnzuiZoSKcs1xhrKwkwoaXVHnwrkY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 84781466af187130-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| microsoft-verify.ofisuu.com/favicon.ico | 172.67.146.41 | 200 OK | 164 B |
URL GET HTTP/3microsoft-verify.ofisuu.com/favicon.ico IP172.67.146.41:443
Requested byhttps://microsoft-verify.ofisuu.com/mails/inbox#aini.ong@fonterra.com CertificateIssuerGoogle Trust Services LLC Subjectofisuu.com Fingerprint7C:A9:39:FA:30:91:12:E6:A1:78:9D:01:51:97:B9:CC:4C:9C:CD:CB ValidityTue, 02 Jan 2024 21:19:46 GMT - Mon, 01 Apr 2024 21:19:45 GMT
File typeHTML document, ASCII text, with no line terminators Hash4099f87eae70c7f4d5de13c5987ac6c3 d08f9155d7fe3985de8aad34b72b8eef5df4ae33 3d0c2b7c63e5fae1ce26455c228495e5cf705d2fdd427d241b6f253c39ce5195
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /favicon.ico HTTP/1.1
Host: microsoft-verify.ofisuu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://microsoft-verify.ofisuu.com/mails/inbox
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Jan 2024 16:05:28 GMT
content-type: text/html
access-control-allow-credentials: true
cache-control: no-cache, no-store
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K5el%2FlGS3AvKjyKrnGejbFwh5GIqjU%2Bxx48K%2FO%2B5pI%2BL%2BNUeOX%2BnVjjDS2arKUEy6YjNLQfPBjzH5bqAQvlXMyJKNvQB00hEuuOXMmMIa2u%2B698wVYMDoA6iPMnCv5V7o5Ws78vAgWK1KHVCWnQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 84781466ef977130-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/908245670:1705592304:hb6A_N4-w6mniLzq2ATrCWfI7CCWT0YKaIlSVC_QLII/847814681fe60b45/9a4374e32ac02aa | 104.17.2.184 | 200 OK | 94 kB |
URL POST HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/908245670:1705592304:hb6A_N4-w6mniLzq2ATrCWfI7CCWT0YKaIlSVC_QLII/847814681fe60b45/9a4374e32ac02aa IP104.17.2.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bmovt/0x4AAAAAAADnPIDROrmt1Wwj/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeASCII text, with very long lines (65536), with no line terminators Hashed1c92d646e2c1e875e4b1d6fd911c07 5017af9ae061b3446cdbcee5896166605af16812 3c12aedf766995d876c73174e318a38a48961ad691bd815a039fbf29f2b4a9b3
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/908245670:1705592304:hb6A_N4-w6mniLzq2ATrCWfI7CCWT0YKaIlSVC_QLII/847814681fe60b45/9a4374e32ac02aa HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bmovt/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 9a4374e32ac02aa
Content-Length: 3115
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Jan 2024 16:05:29 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: uiGRJXDRchhLPapdOEYGvWNSEbX8dp3GDH0c/nIyvCnf3KHAC43tgxzZeB9Z3hFc2AEYZlrcJZkPx8sLsGRyUQjLhgvB7Bv2XjB+YmCf3ngGyjqBQplytFzqkYlJWngmZntjQ3olf+bDYz+sPCkWiaHrlaanAHnZlqa2YDydzQsoi5mUi2BrW5HMu4Oy32lRwgwXykPQ8JVqH6eIDb4YhxiEW7xGSpi0qd046gd/n7krjkLlP2gUTjk/+MzeE/VeAM8pTuJ5XQVeFrhjbrb0avKTg5uFQhhD3//4PD3cDCblOq/29I2mU2SbHU5JYmnmMiyITz0Xs+y/qnaWzyqDWV0FkoIoOQk36Ndn0RrNZUzAWAvbws0IO0LVMLmP4/94ta8xU5XxeJl77cmCf+iztKxKTpCtCUg7gU9zlxkKGv8=$vQ624nMdXQQu/RZDjqqb/w==
server: cloudflare
cf-ray: 8478146a1b5e0b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
0.0.0.0