Report - adclick.g.doubleclick.net/aclk?sa=l&ai=CWNEeFslcZYzoApSYvcAP4fW58AKSivvTb-y43YaLD9vZHhABIIHZ_iFgx92AjoQmoAGDltucKMgBCakCS3F1VgMzbT6oAwHIA8sEqgTLAU_QJupuo6v47Gsnl9wSNwyIzN6vxKB9brFkKlIuprAT_lSL-CGiMwRr7ZzTpz3p6Qssl5TOg-n9cyJlGjaghiRT7rPiA8Ww8js67S5rxLqUQ3hm11CfdIXK0mgez_JZn37_qN49W9AVLSQtVdkKmO0hitL2_UAkOxAZAwkXrl8STytI4QY3ovSV1uIpj0aBlH4sZeVr28fOer-24CYBcILpWEBQzt0njoQFugIC87OmZAYPkL7NccnH1NGmilHyiSN1vkkWaBvt0WzAwATN5uKd7wOIBeD79aI8oAYugAeDzqv8AqgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgGEQARgfMgKKAjoCgEBIvf3BOrEJ9kerr26YtL2ACgGYCwHICwGADAGiDBAqDgoM5LSxAu61sQK1uLECqg0CWkHIDQG4E-QD2BMKiBQN0BUB-BYBgBcB&ae=1&gclid=EAIaIQobChMIjMvS2rDVggMVFEwPAh3heg4uEAEYASAAEgLtdvD_BwE&num=1&cid=CAQSLQDICaaNhZQK7mg2mzzYXOJhkT2rNIIO1ZUYUnXk0ZeD3j2SBMfz0xQ94LvAfhgB&sig=AOD64_3OL0Fb3-AgNN4rO1yivGIB-xw8Og&client=ca-pub-9816945270938969&rf=1&nb=9&adurl=https://jobthikana.com/,/Fwnfd/am9obm1AaHdsLmNvbS5oaw==

Report Overview

Visited public
2023-11-27 07:25:46
Tags
phishing microsoft outlook
Submit Tags
URL
adclick.g.doubleclick.net/aclk?sa=l&ai=CWNEeFslcZYzoApSYvcAP4fW58AKSivvTb-y43YaLD9vZHhABIIHZ_iFgx92AjoQmoAGDltucKMgBCakCS3F1VgMzbT6oAwHIA8sEqgTLAU_QJupuo6v47Gsnl9wSNwyIzN6vxKB9brFkKlIuprAT_lSL-CGiMwRr7ZzTpz3p6Qssl5TOg-n9cyJlGjaghiRT7rPiA8Ww8js67S5rxLqUQ3hm11CfdIXK0mgez_JZn37_qN49W9AVLSQtVdkKmO0hitL2_UAkOxAZAwkXrl8STytI4QY3ovSV1uIpj0aBlH4sZeVr28fOer-24CYBcILpWEBQzt0njoQFugIC87OmZAYPkL7NccnH1NGmilHyiSN1vkkWaBvt0WzAwATN5uKd7wOIBeD79aI8oAYugAeDzqv8AqgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgGEQARgfMgKKAjoCgEBIvf3BOrEJ9kerr26YtL2ACgGYCwHICwGADAGiDBAqDgoM5LSxAu61sQK1uLECqg0CWkHIDQG4E-QD2BMKiBQN0BUB-BYBgBcB&ae=1&gclid=EAIaIQobChMIjMvS2rDVggMVFEwPAh3heg4uEAEYASAAEgLtdvD_BwE&num=1&cid=CAQSLQDICaaNhZQK7mg2mzzYXOJhkT2rNIIO1ZUYUnXk0ZeD3j2SBMfz0xQ94LvAfhgB&sig=AOD64_3OL0Fb3-AgNN4rO1yivGIB-xw8Og&client=ca-pub-9816945270938969&rf=1&nb=9&adurl=https://jobthikana.com/,/Fwnfd/am9obm1AaHdsLmNvbS5oaw==
Finishing URL
cors-app.com/BA/#johnm@hwl.com.hk
IP / ASN
142.250.74.130
#15169 GOOGLE
Title
退出 - 重新登录
Phishing - Microsoft Outlook

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ka-f.fontawesome.com	3598	2012-10-18	2019-12-17 07:36:13	2023-11-26 09:42:00	971 B	152 kB	172.64.204.20
kit.fontawesome.com	1868	2012-10-18	2019-12-16 20:51:31	2023-11-26 05:09:04	445 B	12 kB	104.18.40.68
adclick.g.doubleclick.net	4971	1996-01-16	2012-07-02 20:01:39	2023-11-23 22:00:20	1.4 kB	1.9 kB	142.250.74.130
emudhra.ocsp.sectigo.com	unknown	2018-08-16	2019-10-10 08:13:12	2023-11-21 06:46:37	348 B	963 B	172.64.149.23
jobthikana.com	unknown	2019-10-08	2021-01-30 08:41:08	2023-11-22 23:59:23	575 B	219 B	160.153.247.100
cors-app.com	unknown	unknown	No data	No data	3.6 kB	935 kB	91.194.91.202
www.googleadservices.com	107	2003-06-19	2012-06-26 16:53:06	2023-11-21 21:22:24	1.5 kB	1.1 kB	216.58.207.226
maxcdn.bootstrapcdn.com	724	2012-05-25	2014-06-18 02:37:31	2023-11-26 05:09:34	904 B	196 kB	104.18.10.207
stackpath.bootstrapcdn.com	2467	2012-05-25	2018-06-15 22:36:43	2023-11-26 05:11:41	447 B	52 kB	104.18.10.207

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (8)

	URL	From	Size	First Seen	Last Seen
	stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js	ScriptElement	51 kB	2023-03-07	2025-07-13
Pretty URL stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js IP 104.18.10.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-13 06:39 Times Seen105920 Hash 67176c242e1bdc20603c878dee836df3 27a71b00383d61ef3c489326b3564d698fc1227c 56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4 Loading...

	cors-app.com/BA/js/jquery.min.js	ScriptElement	86 kB	2023-03-07	2025-07-13
Pretty URL cors-app.com/BA/js/jquery.min.js IP 91.194.91.202 ASN #51167 Contabo GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:20 Last Seen2025-07-13 04:09 Times Seen1139 Hash adb784ef9dc257b32965a5da7ee82a8b 7a41c488d820ea08231d1d393e5f4daed4d25041 8e09aa31f396ea41d698f437dc5fc7125e931d400eb2873f5b68ef78c1e6f3a6 Loading...

	kit.fontawesome.com/585b051251.js	ScriptElement	12 kB	2023-05-30	2024-08-21
Pretty URL kit.fontawesome.com/585b051251.js IP 104.18.40.68 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-30 20:41 Last Seen2024-08-21 09:44 Times Seen2785 Hash 4ec685b1e2c1ca5fd6d56e2f4cb0569d a41e1f45db2fbc59562390ba8567ec3373d69510 cac5a0bd86eba50bf4a83d4dc43fe38b759ed39cc8397fdbbaa7ea68b9c63cfa Loading...

	cors-app.com/BA/js/jquery-3.2.1.slim.min.js	ScriptElement	70 kB	2023-03-07	2025-07-11
Pretty URL cors-app.com/BA/js/jquery-3.2.1.slim.min.js IP 91.194.91.202 ASN #51167 Contabo GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:20 Last Seen2025-07-11 18:19 Times Seen377 Hash e4f60e36fb624b3b4dd616ce75a0bf3c 8856754bdf9b102d046b16f91feb203c606b32bd 91a04a5dfe501d54af8a59b942495bd7ab26bb811ab34f460115fc0267f825f1 Loading...

	cors-app.com/BA/#johnm@hwl.com.hk	ScriptElement	0 B	0001-01-01	2025-07-13
Pretty URL cors-app.com/BA/#johnm@hwl.com.hk IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-07-13 06:49 Times Seen5412535 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	cors-app.com/BA/js/jquery-3.1.1.min.js	ScriptElement	87 kB	2023-03-07	2025-07-12
Pretty URL cors-app.com/BA/js/jquery-3.1.1.min.js IP 91.194.91.202 ASN #51167 Contabo GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:20 Last Seen2025-07-12 10:37 Times Seen488 Hash 81ed7a494e1943be2844e95f9770844c b063d0aa57f0c50d9bfb9895b76a9467155df7f1 70dae469f94f214b589d53521b903830a08b4fb589d47a4c269a83c79116886a Loading...

	cors-app.com/BA/js/popper.min.js	ScriptElement	19 kB	2023-03-07	2025-07-12
Pretty URL cors-app.com/BA/js/popper.min.js IP 91.194.91.202 ASN #51167 Contabo GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:20 Last Seen2025-07-12 15:31 Times Seen930 Hash 124bf4d1a7db31dd60d4642dce268035 d3745247363d9cb016aaef057bbf2a363796cc01 5614d21225b2e012e3765c1b32fba0b8762bcecd8863c8705c1bcc0d03ec19de Loading...

	maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js	ScriptElement	49 kB	2023-03-07	2025-07-13
Pretty URL maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js IP 104.18.10.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-13 06:39 Times Seen83411 Hash 14d449eb8876fa55e1ef3c2cc52b0c17 a9545831803b1359cfeed47e3b4d6bae68e40e99 e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b Loading...

HTTP Transactions (18)

URL IP Response Size

adclick.g.doubleclick.net/aclk?sa=l&ai=CWNEeFslcZYzoApSYvcAP4fW58AKSivvTb-y43YaLD9vZHhABIIHZ_iFgx92AjoQmoAGDltucKMgBCakCS3F1VgMzbT6oAwHIA8sEqgTLAU_QJupuo6v47Gsnl9wSNwyIzN6vxKB9brFkKlIuprAT_lSL-CGiMwRr7ZzTpz3p6Qssl5TOg-n9cyJlGjaghiRT7rPiA8Ww8js67S5rxLqUQ3hm11CfdIXK0mgez_JZn37_qN49W9AVLSQtVdkKmO0hitL2_UAkOxAZAwkXrl8STytI4QY3ovSV1uIpj0aBlH4sZeVr28fOer-24CYBcILpWEBQzt0njoQFugIC87OmZAYPkL7NccnH1NGmilHyiSN1vkkWaBvt0WzAwATN5uKd7wOIBeD79aI8oAYugAeDzqv8AqgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgGEQARgfMgKKAjoCgEBIvf3BOrEJ9kerr26YtL2ACgGYCwHICwGADAGiDBAqDgoM5LSxAu61sQK1uLECqg0CWkHIDQG4E-QD2BMKiBQN0BUB-BYBgBcB&ae=1&gclid=EAIaIQobChMIjMvS2rDVggMVFEwPAh3heg4uEAEYASAAEgLtdvD_BwE&num=1&cid=CAQSLQDICaaNhZQK7mg2mzzYXOJhkT2rNIIO1ZUYUnXk0ZeD3j2SBMfz0xQ94LvAfhgB&sig=AOD64_3OL0Fb3-AgNN4rO1yivGIB-xw8Og&client=ca-pub-9816945270938969&rf=1&nb=9&adurl=https://jobthikana.com/,/Fwnfd/am9obm1AaHdsLmNvbS5oaw==

142.250.74.130

0 B

URL
adclick.g.doubleclick.net/aclk?sa=l&ai=CWNEeFslcZYzoApSYvcAP4fW58AKSivvTb-y43YaLD9vZHhABIIHZ_iFgx92AjoQmoAGDltucKMgBCakCS3F1VgMzbT6oAwHIA8sEqgTLAU_QJupuo6v47Gsnl9wSNwyIzN6vxKB9brFkKlIuprAT_lSL-CGiMwRr7ZzTpz3p6Qssl5TOg-n9cyJlGjaghiRT7rPiA8Ww8js67S5rxLqUQ3hm11CfdIXK0mgez_JZn37_qN49W9AVLSQtVdkKmO0hitL2_UAkOxAZAwkXrl8STytI4QY3ovSV1uIpj0aBlH4sZeVr28fOer-24CYBcILpWEBQzt0njoQFugIC87OmZAYPkL7NccnH1NGmilHyiSN1vkkWaBvt0WzAwATN5uKd7wOIBeD79aI8oAYugAeDzqv8AqgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgGEQARgfMgKKAjoCgEBIvf3BOrEJ9kerr26YtL2ACgGYCwHICwGADAGiDBAqDgoM5LSxAu61sQK1uLECqg0CWkHIDQG4E-QD2BMKiBQN0BUB-BYBgBcB&ae=1&gclid=EAIaIQobChMIjMvS2rDVggMVFEwPAh3heg4uEAEYASAAEgLtdvD_BwE&num=1&cid=CAQSLQDICaaNhZQK7mg2mzzYXOJhkT2rNIIO1ZUYUnXk0ZeD3j2SBMfz0xQ94LvAfhgB&sig=AOD64_3OL0Fb3-AgNN4rO1yivGIB-xw8Og&client=ca-pub-9816945270938969&rf=1&nb=9&adurl=https://jobthikana.com/,/Fwnfd/am9obm1AaHdsLmNvbS5oaw==
IP
142.250.74.130:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /aclk?sa=l&ai=CWNEeFslcZYzoApSYvcAP4fW58AKSivvTb-y43YaLD9vZHhABIIHZ_iFgx92AjoQmoAGDltucKMgBCakCS3F1VgMzbT6oAwHIA8sEqgTLAU_QJupuo6v47Gsnl9wSNwyIzN6vxKB9brFkKlIuprAT_lSL-CGiMwRr7ZzTpz3p6Qssl5TOg-n9cyJlGjaghiRT7rPiA8Ww8js67S5rxLqUQ3hm11CfdIXK0mgez_JZn37_qN49W9AVLSQtVdkKmO0hitL2_UAkOxAZAwkXrl8STytI4QY3ovSV1uIpj0aBlH4sZeVr28fOer-24CYBcILpWEBQzt0njoQFugIC87OmZAYPkL7NccnH1NGmilHyiSN1vkkWaBvt0WzAwATN5uKd7wOIBeD79aI8oAYugAeDzqv8AqgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgGEQARgfMgKKAjoCgEBIvf3BOrEJ9kerr26YtL2ACgGYCwHICwGADAGiDBAqDgoM5LSxAu61sQK1uLECqg0CWkHIDQG4E-QD2BMKiBQN0BUB-BYBgBcB&ae=1&gclid=EAIaIQobChMIjMvS2rDVggMVFEwPAh3heg4uEAEYASAAEgLtdvD_BwE&num=1&cid=CAQSLQDICaaNhZQK7mg2mzzYXOJhkT2rNIIO1ZUYUnXk0ZeD3j2SBMfz0xQ94LvAfhgB&sig=AOD64_3OL0Fb3-AgNN4rO1yivGIB-xw8Og&client=ca-pub-9816945270938969&rf=1&nb=9&adurl=https://jobthikana.com/,/Fwnfd/am9obm1AaHdsLmNvbS5oaw== HTTP/1.1
Host: adclick.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
p3p: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Mon, 27 Nov 2023 07:25:27 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
location: https://www.googleadservices.com/pagead/aclk?sa=L&ai=CmeR3FslcZYzoApSYvcAP4fW58AKSivvTb-y43YaLD9vZHhABIIHZ_iFgx92AjoQmoAGDltucKMgBCakCS3F1VgMzbT6oAwHIA8sEqgTLAU_QJupuo6v47Gsnl9wSNwyIzN6vxKB9brFkKlIuprAT_lSL-CGiMwRr7ZzTpz3p6Qssl5TOg-n9cyJlGjaghiRT7rPiA8Ww8js67S5rxLqUQ3hm11CfdIXK0mgez_JZn37_qN49W9AVLSQtVdkKmO0hitL2_UAkOxAZAwkXrl8STytI4QY3ovSV1uIpj0aBlH4sZeVr28fOer-24CYBcILpWEBQzt0njoQFugIC87OmZAYPkL7NccnH1NGmilHyiSN1vkkWaBvt0WzAwATN5uKd7wOIBeD79aI8oAYugAeDzqv8AqgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgGEQARgfMgKKAjoCgEBIvf3BOpoJN2h0dHBzOi8vam9idGhpa2FuYS5jb20vLC9Gd25mZC9hbTlvYm0xQWFIZHNMbU52YlM1b2F3PT2xCfZHq69umLS9gAoBmAsByAsBgAwBogwQKg4KDOS0sQLutbECtbixAqoNAlpByA0BuBPkA9gTCogUDdAVAfgWAYAXAQ&ae=1&gclid=EAIaIQobChMIjMvS2rDVggMVFEwPAh3heg4uEAEYASAAEgLtdvD_BwE&num=1&cid=CAQSLQDICaaNhZQK7mg2mzzYXOJhkT2rNIIO1ZUYUnXk0ZeD3j2SBMfz0xQ94LvAfhgB&client=ca-pub-9816945270938969&rf=1&nb=9&dblrd=1&sig=AOD64_2bSzwYwTC9jXOve_xNXH0eUjIeLA&adurl=https://jobthikana.com/,/Fwnfd/am9obm1AaHdsLmNvbS5oaw%3D%3D
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: adclick_server
content-length: 0
x-xss-protection: 0
set-cookie: IDE=AHWqTUldmueyLnJ3JLEhHdaqkmIm8V4xf0VJl9Wr6Mj6td3uqkwUyCIi7fNQoBlp; expires=Wed, 26-Nov-2025 07:25:27 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googleadservices.com/pagead/aclk?sa=L&ai=CmeR3FslcZYzoApSYvcAP4fW58AKSivvTb-y43YaLD9vZHhABIIHZ_iFgx92AjoQmoAGDltucKMgBCakCS3F1VgMzbT6oAwHIA8sEqgTLAU_QJupuo6v47Gsnl9wSNwyIzN6vxKB9brFkKlIuprAT_lSL-CGiMwRr7ZzTpz3p6Qssl5TOg-n9cyJlGjaghiRT7rPiA8Ww8js67S5rxLqUQ3hm11CfdIXK0mgez_JZn37_qN49W9AVLSQtVdkKmO0hitL2_UAkOxAZAwkXrl8STytI4QY3ovSV1uIpj0aBlH4sZeVr28fOer-24CYBcILpWEBQzt0njoQFugIC87OmZAYPkL7NccnH1NGmilHyiSN1vkkWaBvt0WzAwATN5uKd7wOIBeD79aI8oAYugAeDzqv8AqgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgGEQARgfMgKKAjoCgEBIvf3BOpoJN2h0dHBzOi8vam9idGhpa2FuYS5jb20vLC9Gd25mZC9hbTlvYm0xQWFIZHNMbU52YlM1b2F3PT2xCfZHq69umLS9gAoBmAsByAsBgAwBogwQKg4KDOS0sQLutbECtbixAqoNAlpByA0BuBPkA9gTCogUDdAVAfgWAYAXAQ&ae=1&gclid=EAIaIQobChMIjMvS2rDVggMVFEwPAh3heg4uEAEYASAAEgLtdvD_BwE&num=1&cid=CAQSLQDICaaNhZQK7mg2mzzYXOJhkT2rNIIO1ZUYUnXk0ZeD3j2SBMfz0xQ94LvAfhgB&client=ca-pub-9816945270938969&rf=1&nb=9&dblrd=1&sig=AOD64_2bSzwYwTC9jXOve_xNXH0eUjIeLA&adurl=https://jobthikana.com/,/Fwnfd/am9obm1AaHdsLmNvbS5oaw%3D%3D

216.58.207.226

0 B

URL
www.googleadservices.com/pagead/aclk?sa=L&ai=CmeR3FslcZYzoApSYvcAP4fW58AKSivvTb-y43YaLD9vZHhABIIHZ_iFgx92AjoQmoAGDltucKMgBCakCS3F1VgMzbT6oAwHIA8sEqgTLAU_QJupuo6v47Gsnl9wSNwyIzN6vxKB9brFkKlIuprAT_lSL-CGiMwRr7ZzTpz3p6Qssl5TOg-n9cyJlGjaghiRT7rPiA8Ww8js67S5rxLqUQ3hm11CfdIXK0mgez_JZn37_qN49W9AVLSQtVdkKmO0hitL2_UAkOxAZAwkXrl8STytI4QY3ovSV1uIpj0aBlH4sZeVr28fOer-24CYBcILpWEBQzt0njoQFugIC87OmZAYPkL7NccnH1NGmilHyiSN1vkkWaBvt0WzAwATN5uKd7wOIBeD79aI8oAYugAeDzqv8AqgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgGEQARgfMgKKAjoCgEBIvf3BOpoJN2h0dHBzOi8vam9idGhpa2FuYS5jb20vLC9Gd25mZC9hbTlvYm0xQWFIZHNMbU52YlM1b2F3PT2xCfZHq69umLS9gAoBmAsByAsBgAwBogwQKg4KDOS0sQLutbECtbixAqoNAlpByA0BuBPkA9gTCogUDdAVAfgWAYAXAQ&ae=1&gclid=EAIaIQobChMIjMvS2rDVggMVFEwPAh3heg4uEAEYASAAEgLtdvD_BwE&num=1&cid=CAQSLQDICaaNhZQK7mg2mzzYXOJhkT2rNIIO1ZUYUnXk0ZeD3j2SBMfz0xQ94LvAfhgB&client=ca-pub-9816945270938969&rf=1&nb=9&dblrd=1&sig=AOD64_2bSzwYwTC9jXOve_xNXH0eUjIeLA&adurl=https://jobthikana.com/,/Fwnfd/am9obm1AaHdsLmNvbS5oaw%3D%3D
IP
216.58.207.226:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pagead/aclk?sa=L&ai=CmeR3FslcZYzoApSYvcAP4fW58AKSivvTb-y43YaLD9vZHhABIIHZ_iFgx92AjoQmoAGDltucKMgBCakCS3F1VgMzbT6oAwHIA8sEqgTLAU_QJupuo6v47Gsnl9wSNwyIzN6vxKB9brFkKlIuprAT_lSL-CGiMwRr7ZzTpz3p6Qssl5TOg-n9cyJlGjaghiRT7rPiA8Ww8js67S5rxLqUQ3hm11CfdIXK0mgez_JZn37_qN49W9AVLSQtVdkKmO0hitL2_UAkOxAZAwkXrl8STytI4QY3ovSV1uIpj0aBlH4sZeVr28fOer-24CYBcILpWEBQzt0njoQFugIC87OmZAYPkL7NccnH1NGmilHyiSN1vkkWaBvt0WzAwATN5uKd7wOIBeD79aI8oAYugAeDzqv8AqgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgGEQARgfMgKKAjoCgEBIvf3BOpoJN2h0dHBzOi8vam9idGhpa2FuYS5jb20vLC9Gd25mZC9hbTlvYm0xQWFIZHNMbU52YlM1b2F3PT2xCfZHq69umLS9gAoBmAsByAsBgAwBogwQKg4KDOS0sQLutbECtbixAqoNAlpByA0BuBPkA9gTCogUDdAVAfgWAYAXAQ&ae=1&gclid=EAIaIQobChMIjMvS2rDVggMVFEwPAh3heg4uEAEYASAAEgLtdvD_BwE&num=1&cid=CAQSLQDICaaNhZQK7mg2mzzYXOJhkT2rNIIO1ZUYUnXk0ZeD3j2SBMfz0xQ94LvAfhgB&client=ca-pub-9816945270938969&rf=1&nb=9&dblrd=1&sig=AOD64_2bSzwYwTC9jXOve_xNXH0eUjIeLA&adurl=https://jobthikana.com/,/Fwnfd/am9obm1AaHdsLmNvbS5oaw%3D%3D HTTP/1.1
Host: www.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
p3p: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Mon, 27 Nov 2023 07:25:27 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
location: https://jobthikana.com/,/Fwnfd/am9obm1AaHdsLmNvbS5oaw==?gclid=EAIaIQobChMIjMvS2rDVggMVFEwPAh3heg4uEAEYASAAEgLtdvD_BwE
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: adclick_server
content-length: 0
x-xss-protection: 0
set-cookie: Conversion=EgwIABUAAAAAHQAAAAAYASCF_uag5sTP3C9IAWo3RUFJYUlRb2JDaE1Jak12UzJyRFZnZ01WRkV3UEFoM2hlZzR1RUFFWUFTQUFFZ0x0ZHZEX0J3RXCpre6j0-OCA5AB7LjdhosPmAEB; expires=Sun, 25-Feb-2024 07:25:22 GMT; path=/pagead/conversion/10797632259/; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

emudhra.ocsp.sectigo.com/

172.64.149.23

471 B

URL
emudhra.ocsp.sectigo.com/
IP
172.64.149.23:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
882fd489f09bc03ce515bbecf66819da
4e23754ffc536b3e612530c4b0cd1c83628665cb
53abb665c80d06f1c1869ad0263b0912bbe6b92bea46fd2a844b48e0c481cb5c

HTTP Headers

POST / HTTP/1.1
Host: emudhra.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 27 Nov 2023 07:25:28 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 27 Nov 2023 03:02:11 GMT
Expires: Mon, 04 Dec 2023 03:02:10 GMT
Etag: "4e23754ffc536b3e612530c4b0cd1c83628665cb"
Cache-Control: max-age=588401,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 82c8a3298fcd5689-OSL

jobthikana.com/,/Fwnfd/am9obm1AaHdsLmNvbS5oaw==?gclid=EAIaIQobChMIjMvS2rDVggMVFEwPAh3heg4uEAEYASAAEgLtdvD_BwE

160.153.247.100

0 B

URL
jobthikana.com/,/Fwnfd/am9obm1AaHdsLmNvbS5oaw==?gclid=EAIaIQobChMIjMvS2rDVggMVFEwPAh3heg4uEAEYASAAEgLtdvD_BwE
IP
160.153.247.100:0
ASN
#21501 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /,/Fwnfd/am9obm1AaHdsLmNvbS5oaw==?gclid=EAIaIQobChMIjMvS2rDVggMVFEwPAh3heg4uEAEYASAAEgLtdvD_BwE HTTP/1.1
Host: jobthikana.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Nov 2023 07:25:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
refresh: 0;url=https://cors-app.com/BA/#johnm@hwl.com.hk

GET cors-app.com/BA/js/jquery.min.js

91.194.91.202

200 OK

86 kB

URL GET HTTP/2
cors-app.com/BA/js/jquery.min.js
IP
91.194.91.202:443
ASN
#51167 Contabo GmbH

Requested by
https://cors-app.com/BA/#johnm@hwl.com.hk
Certificate
IssuerLet's Encrypt
Subjectcors-app.com
Fingerprint44:5F:BA:F8:BD:6C:5B:A1:CC:A2:67:73:2C:6D:62:05:95:23:BE:D1
ValidityFri, 10 Nov 2023 01:29:48 GMT - Thu, 08 Feb 2024 01:29:47 GMT

File type
ASCII text, with very long lines (32065), with CRLF line terminators
Size
86 kB (85580 bytes)
Hash
adb784ef9dc257b32965a5da7ee82a8b
7a41c488d820ea08231d1d393e5f4daed4d25041
8e09aa31f396ea41d698f437dc5fc7125e931d400eb2873f5b68ef78c1e6f3a6

HTTP Headers

GET /BA/js/jquery.min.js HTTP/1.1
Host: cors-app.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cors-app.com/BA/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 28 Jun 2022 06:01:58 GMT
accept-ranges: bytes
content-length: 85580
content-type: application/javascript
date: Mon, 27 Nov 2023 07:25:29 GMT
server: Apache
X-Firefox-Spdy: h2

GET cors-app.com/BA/js/jquery-3.1.1.min.js

91.194.91.202

200 OK

87 kB

URL GET HTTP/2
cors-app.com/BA/js/jquery-3.1.1.min.js
IP
91.194.91.202:443
ASN
#51167 Contabo GmbH

Requested by
https://cors-app.com/BA/#johnm@hwl.com.hk
Certificate
IssuerLet's Encrypt
Subjectcors-app.com
Fingerprint44:5F:BA:F8:BD:6C:5B:A1:CC:A2:67:73:2C:6D:62:05:95:23:BE:D1
ValidityFri, 10 Nov 2023 01:29:48 GMT - Thu, 08 Feb 2024 01:29:47 GMT

File type
ASCII text, with very long lines (32030), with CRLF line terminators
Size
87 kB (86711 bytes)
Hash
81ed7a494e1943be2844e95f9770844c
b063d0aa57f0c50d9bfb9895b76a9467155df7f1
70dae469f94f214b589d53521b903830a08b4fb589d47a4c269a83c79116886a

HTTP Headers

GET /BA/js/jquery-3.1.1.min.js HTTP/1.1
Host: cors-app.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cors-app.com/BA/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 28 Jun 2022 06:01:58 GMT
accept-ranges: bytes
content-length: 86711
content-type: application/javascript
date: Mon, 27 Nov 2023 07:25:29 GMT
server: Apache
X-Firefox-Spdy: h2

GET cors-app.com/BA/js/popper.min.js

91.194.91.202

200 OK

19 kB

URL GET HTTP/2
cors-app.com/BA/js/popper.min.js
IP
91.194.91.202:443
ASN
#51167 Contabo GmbH

Requested by
https://cors-app.com/BA/#johnm@hwl.com.hk
Certificate
IssuerLet's Encrypt
Subjectcors-app.com
Fingerprint44:5F:BA:F8:BD:6C:5B:A1:CC:A2:67:73:2C:6D:62:05:95:23:BE:D1
ValidityFri, 10 Nov 2023 01:29:48 GMT - Thu, 08 Feb 2024 01:29:47 GMT

File type
ASCII text, with very long lines (19015)
Size
19 kB (19187 bytes)
Hash
124bf4d1a7db31dd60d4642dce268035
d3745247363d9cb016aaef057bbf2a363796cc01
5614d21225b2e012e3765c1b32fba0b8762bcecd8863c8705c1bcc0d03ec19de

HTTP Headers

GET /BA/js/popper.min.js HTTP/1.1
Host: cors-app.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cors-app.com/BA/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 28 Jun 2022 06:01:58 GMT
accept-ranges: bytes
content-length: 19187
content-type: application/javascript
date: Mon, 27 Nov 2023 07:25:29 GMT
server: Apache
X-Firefox-Spdy: h2

GET cors-app.com/BA/js/jquery-3.3.1.js

91.194.91.202

404 Not Found

315 B

URL GET HTTP/2
cors-app.com/BA/js/jquery-3.3.1.js
IP
91.194.91.202:443
ASN
#51167 Contabo GmbH

Requested by
https://cors-app.com/BA/#johnm@hwl.com.hk
Certificate
IssuerLet's Encrypt
Subjectcors-app.com
Fingerprint44:5F:BA:F8:BD:6C:5B:A1:CC:A2:67:73:2C:6D:62:05:95:23:BE:D1
ValidityFri, 10 Nov 2023 01:29:48 GMT - Thu, 08 Feb 2024 01:29:47 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

HTTP Headers

GET /BA/js/jquery-3.3.1.js HTTP/1.1
Host: cors-app.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cors-app.com/BA/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
content-length: 315
content-type: text/html; charset=iso-8859-1
date: Mon, 27 Nov 2023 07:25:29 GMT
server: Apache
X-Firefox-Spdy: h2

GET cors-app.com/BA/js/jquery-3.2.1.slim.min.js

91.194.91.202

200 OK

70 kB

URL GET HTTP/2
cors-app.com/BA/js/jquery-3.2.1.slim.min.js
IP
91.194.91.202:443
ASN
#51167 Contabo GmbH

Requested by
https://cors-app.com/BA/#johnm@hwl.com.hk
Certificate
IssuerLet's Encrypt
Subjectcors-app.com
Fingerprint44:5F:BA:F8:BD:6C:5B:A1:CC:A2:67:73:2C:6D:62:05:95:23:BE:D1
ValidityFri, 10 Nov 2023 01:29:48 GMT - Thu, 08 Feb 2024 01:29:47 GMT

File type
ASCII text, with very long lines (32012)
Size
70 kB (69596 bytes)
Hash
e4f60e36fb624b3b4dd616ce75a0bf3c
8856754bdf9b102d046b16f91feb203c606b32bd
91a04a5dfe501d54af8a59b942495bd7ab26bb811ab34f460115fc0267f825f1

HTTP Headers

GET /BA/js/jquery-3.2.1.slim.min.js HTTP/1.1
Host: cors-app.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cors-app.com/BA/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 28 Jun 2022 06:01:58 GMT
accept-ranges: bytes
content-length: 69596
content-type: application/javascript
date: Mon, 27 Nov 2023 07:25:29 GMT
server: Apache
X-Firefox-Spdy: h2

GET cors-app.com/BA/images/bg.png

91.194.91.202

200 OK

663 kB

URL GET HTTP/2
cors-app.com/BA/images/bg.png
IP
91.194.91.202:443
ASN
#51167 Contabo GmbH

Requested by
https://cors-app.com/BA/#johnm@hwl.com.hk
Certificate
IssuerLet's Encrypt
Subjectcors-app.com
Fingerprint44:5F:BA:F8:BD:6C:5B:A1:CC:A2:67:73:2C:6D:62:05:95:23:BE:D1
ValidityFri, 10 Nov 2023 01:29:48 GMT - Thu, 08 Feb 2024 01:29:47 GMT

File type
PNG image data, 1920 x 890, 8-bit/color RGBA, non-interlaced\012- data
Size
663 kB (662884 bytes)
Hash
178a2b750c2062ce92489e80baaad437
62b372067d74ed102aa9062189a2ab335db55513
8b9a3e8d66e153b960241ff900b69c2126a803f98abf2cab5967983cbdb90b7f

HTTP Headers

GET /BA/images/bg.png HTTP/1.1
Host: cors-app.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cors-app.com/BA/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 28 Jun 2022 09:29:30 GMT
accept-ranges: bytes
content-length: 662884
content-type: image/png
date: Mon, 27 Nov 2023 07:25:29 GMT
server: Apache
X-Firefox-Spdy: h2

GET ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=585b051251

172.64.204.20

200 OK

90 kB

URL GET HTTP/2
ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=585b051251
IP
172.64.204.20:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cors-app.com/BA/#johnm@hwl.com.hk
Certificate
IssuerGoogle Trust Services LLC
Subjectka-f.fontawesome.com
FingerprintBC:9B:12:21:8D:67:FE:B5:D3:76:65:FC:D3:F7:91:AE:B4:65:CA:81
ValidityWed, 08 Nov 2023 07:11:36 GMT - Tue, 06 Feb 2024 07:11:35 GMT

File type
ASCII text, with very long lines (26500)
Size
90 kB (89760 bytes)
Hash
76f34b71fc9fb641507ff6a822cc07f5
73ed2f8f21cd40fb496e61306acbb5849d4dbff4
6dea47458a4cd7cd7312cc780a53c62e0c8b3ccc8d0b13c1ac0ea6e3dfcecea8

HTTP Headers

GET /releases/v5.15.4/css/free-v4-shims.min.css?token=585b051251 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cors-app.com/
Origin: https://cors-app.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 27 Nov 2023 07:25:30 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
etag: W/"76f34b71fc9fb641507ff6a822cc07f5"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 76cca2ef798b9dc955bb151bf3bff218.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: iUG1MtbOHAgWBPzyIg0JaCev04wrCoOeh0aDwIWwN5RmIEbOyMDBwA==
age: 9409
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e7h2siVc6Ea%2Bh7x6h46nFj1%2B591DsvYVcCm718klIseC2GplaP8erwyjlOy0vK6sSrqU%2BveJtrAUAvfLeXtlK6VtzX5Y23%2FYnEm1jGt%2BADsZbOoahSgCq1uICv1tSSt6gPdrK8mnuw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82c8a336ce026556-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET cors-app.com/BA/images/lin.ico

91.194.91.202

200 OK

1.4 kB

URL GET HTTP/2
cors-app.com/BA/images/lin.ico
IP
91.194.91.202:443
ASN
#51167 Contabo GmbH

Requested by
https://cors-app.com/BA/#johnm@hwl.com.hk
Certificate
IssuerLet's Encrypt
Subjectcors-app.com
Fingerprint44:5F:BA:F8:BD:6C:5B:A1:CC:A2:67:73:2C:6D:62:05:95:23:BE:D1
ValidityFri, 10 Nov 2023 01:29:48 GMT - Thu, 08 Feb 2024 01:29:47 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 8 bits/pixel\012- data
Size
1.4 kB (1406 bytes)
Hash
7b7ce9977e05d1236f1997397a679c93
4ffbef9b6044c62cd6c8b1ee0913ba93e6e80072
12a8e74153c9331dfb091e086a88a20f8b417399d86adf5d18202b095e4d15b5

HTTP Headers

GET /BA/images/lin.ico HTTP/1.1
Host: cors-app.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cors-app.com/BA/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 28 Jun 2022 09:31:56 GMT
accept-ranges: bytes
content-length: 1406
content-type: image/x-icon
date: Mon, 27 Nov 2023 07:25:30 GMT
server: Apache
X-Firefox-Spdy: h2

GET cors-app.com/BA/

91.194.91.202

200 OK

7.8 kB

URL User Request GET HTTP/2
cors-app.com/BA/
IP
91.194.91.202:443
ASN
#51167 Contabo GmbH

Certificate
IssuerLet's Encrypt
Subjectcors-app.com
Fingerprint44:5F:BA:F8:BD:6C:5B:A1:CC:A2:67:73:2C:6D:62:05:95:23:BE:D1
ValidityFri, 10 Nov 2023 01:29:48 GMT - Thu, 08 Feb 2024 01:29:47 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8099), with no line terminators
Size
7.8 kB (7816 bytes)
Hash
4a8d1f419b89062e1207c673b433f7db
d51a58c4ea26a2a7b20f53c4c61a388883646eaa
b3ba655bdb9fc7464b82e305a3530133dc515fabd4f33e08324c7b74f3255be5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /BA/ HTTP/1.1
Host: cors-app.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Mon, 27 Nov 2023 07:25:29 GMT
server: Apache
X-Firefox-Spdy: h2

GET maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js

104.18.10.207

200 OK

49 kB

URL GET HTTP/2
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
IP
104.18.10.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cors-app.com/BA/#johnm@hwl.com.hk
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint5B:F7:8F:50:AD:E5:5B:5E:8C:4A:39:3D:0C:98:E8:8C:18:4B:3D:8A
ValidityFri, 30 Dec 2022 00:00:00 GMT - Sat, 30 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (48664)
Size
49 kB (48944 bytes)
Hash
14d449eb8876fa55e1ef3c2cc52b0c17
a9545831803b1359cfeed47e3b4d6bae68e40e99
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b

HTTP Headers

GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cors-app.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 27 Nov 2023 07:25:29 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: US
cdn-edgestorageid: 617, 617, 617
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-cachedat: 2021-06-08 14:29:21
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: 395e10f82368220a7b7579d8f1c28956
cdn-cache: HIT
cf-cache-status: HIT
age: 444262
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 82c8a333b9f10b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=585b051251

172.64.204.20

200 OK

60 kB

URL GET HTTP/2
ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=585b051251
IP
172.64.204.20:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cors-app.com/BA/#johnm@hwl.com.hk
Certificate
IssuerGoogle Trust Services LLC
Subjectka-f.fontawesome.com
FingerprintBC:9B:12:21:8D:67:FE:B5:D3:76:65:FC:D3:F7:91:AE:B4:65:CA:81
ValidityWed, 08 Nov 2023 07:11:36 GMT - Tue, 06 Feb 2024 07:11:35 GMT

File type
ASCII text, with very long lines (60130)
Size
60 kB (60312 bytes)
Hash
a12ec7ebe75a4d59a5dd6b79e2ba2e16
28f5dcc595ee6d4163481ef64170180502c8629b
fc5128dfdcdfa0c3a9967a6d2f19399d7bf1aaae6ad7571b96b03915a1f30dda

HTTP Headers

GET /releases/v5.15.4/css/free.min.css?token=585b051251 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cors-app.com/
Origin: https://cors-app.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 27 Nov 2023 07:25:30 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
etag: W/"a12ec7ebe75a4d59a5dd6b79e2ba2e16"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 24639548230786af4bba1a9e26c6080e.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: N4xDB2ijn_EBknTSxKH5FOqLtmMWboDiO0ymUxgOZKybvyXXRi9Gqg==
age: 34007
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8hpDUhmndcFw7Y7ijBYD%2FbNwz6RvFb0YSMnvM%2Bh1jk9gaixCuZ4LIqqO2TIi25lVmb7j40WVE7AvO15dqVpu8sAHq%2F5%2BOs59jI2YC4Blk8wtPyFk8avbqW4cZMRKlze%2FbcMP7RwUdw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82c8a336cdff6556-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css

104.18.10.207

200 OK

145 kB

URL GET HTTP/2
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
IP
104.18.10.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cors-app.com/BA/#johnm@hwl.com.hk
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint5B:F7:8F:50:AD:E5:5B:5E:8C:4A:39:3D:0C:98:E8:8C:18:4B:3D:8A
ValidityFri, 30 Dec 2022 00:00:00 GMT - Sat, 30 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65325)
Size
145 kB (144877 bytes)
Hash
450fc463b8b1a349df717056fbb3e078
895125a4522a3b10ee7ada06ee6503587cbf95c5
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d

HTTP Headers

GET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cors-app.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 27 Nov 2023 07:25:29 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"450fc463b8b1a349df717056fbb3e078"
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-cachedat: 10/31/2023 18:48:44
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 752
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 6f2d14e9436097e66447b103aa0360de
cdn-cache: HIT
cf-cache-status: HIT
age: 180252
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 82c8a333b9ef0b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET kit.fontawesome.com/585b051251.js

104.18.40.68

200 OK

12 kB

URL GET HTTP/2
kit.fontawesome.com/585b051251.js
IP
104.18.40.68:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cors-app.com/BA/#johnm@hwl.com.hk
Certificate
IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (11213)
Size
12 kB (11645 bytes)
Hash
4ec685b1e2c1ca5fd6d56e2f4cb0569d
a41e1f45db2fbc59562390ba8567ec3373d69510
cac5a0bd86eba50bf4a83d4dc43fe38b759ed39cc8397fdbbaa7ea68b9c63cfa

HTTP Headers

GET /585b051251.js HTTP/1.1
Host: kit.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cors-app.com
DNT: 1
Connection: keep-alive
Referer: https://cors-app.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 27 Nov 2023 07:25:29 GMT
content-type: text/javascript
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, stale-while-revalidate=30
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: F5tOA9tx479_1saQtFMC
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 82c8a334191656a5-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

GET stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js

104.18.10.207

200 OK

51 kB

URL GET HTTP/3
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
IP
104.18.10.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cors-app.com/BA/#johnm@hwl.com.hk
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint5B:F7:8F:50:AD:E5:5B:5E:8C:4A:39:3D:0C:98:E8:8C:18:4B:3D:8A
ValidityFri, 30 Dec 2022 00:00:00 GMT - Sat, 30 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (50758)
Size
51 kB (51039 bytes)
Hash
67176c242e1bdc20603c878dee836df3
27a71b00383d61ef3c489326b3564d698fc1227c
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

HTTP Headers

GET /bootstrap/4.1.3/js/bootstrap.min.js HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cors-app.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 27 Nov 2023 07:25:29 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: US
cdn-edgestorageid: 674, 718, 718
last-modified: Mon, 25 Jan 2021 22:04:06 GMT
cdn-cachedat: 2021-06-08 05:11:08
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: d57b249fbc897a386cb949167a1340aa
cdn-cache: HIT
cf-cache-status: HIT
age: 1708770
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 82c8a333ec2256c7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (18)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN