Report - authorized-notifications.com/landing/form/373fe989-1905-4c5d-a635-87317523ef49/

Report Overview

Visited public
2024-01-17 03:23:49
Tags
URL
authorized-notifications.com/landing/form/373fe989-1905-4c5d-a635-87317523ef49/
Finishing URL
authorized-notifications.com/landing/form/373fe989-1905-4c5d-a635-87317523ef49/
IP / ASN
107.22.247.63
#14618 AMAZON-AES
Title
Outlook 365 Login

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
authorized-notifications.com	unknown	2020-07-20	2022-06-16 20:00:20	2024-01-17 01:11:25	1.3 kB	6.0 kB	23.20.142.96
s3.amazonaws.com	unknown	2005-08-18	2020-05-13 22:53:44	2024-01-15 17:00:49	1.4 kB	210 kB	52.216.58.232

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-01-16	medium	authorized-notifications.com/landing/form/373fe989-1905-4c5d-a635-87317523ef49/	Office365

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	authorized-notifications.com/landing/form/373fe989-1905-4c5d-a635-87317523ef49/	ScriptElement	0 B	0001-01-01	2025-05-24
Pretty URL authorized-notifications.com/landing/form/373fe989-1905-4c5d-a635-87317523ef49/ IP 23.20.142.96 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-24 03:05 Times Seen4753789 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (6)

URL IP Response Size

authorized-notifications.com/landing/form/373fe989-1905-4c5d-a635-87317523ef49/

23.20.142.96

1.2 kB

URL User Request GET
authorized-notifications.com/landing/form/373fe989-1905-4c5d-a635-87317523ef49/
IP
23.20.142.96:0
ASN
#14618 AMAZON-AES

File type
HTML document, ASCII text, with very long lines (549)
Size
1.2 kB (1159 bytes)
Hash
ecf66aaf0a64093f2cc12fb609b22673
cdfd55d8553b2213b45af3a105bb890a4cf0cf4a
14c3be6b2cb5f13e38f89cc230b6265981f0ccf6f29cfd0d21332f077b4249e8

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Office365

HTTP Headers

GET /landing/form/373fe989-1905-4c5d-a635-87317523ef49/ HTTP/1.1
Host: authorized-notifications.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 17 Jan 2024 03:23:24 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
X-Frame-Options: SAMEORIGIN
Referrer-Policy: unsafe-url
Set-Cookie: csrf=xe%2BHpvEZkGSbWkJRZaHzJDMyMTcxOTY5Mzg4ZGNlYmZkNTgwMjAzMDJlNjgyMTVjYTFkN2VkYTU%3D; path=/; secure
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Encoding: gzip

authorized-notifications.com/css/data-entry.8ecb8bdcfcf4e732.css

23.20.142.96

200 OK

3.6 kB

URL GET HTTP/1.1
authorized-notifications.com/css/data-entry.8ecb8bdcfcf4e732.css
IP
23.20.142.96:80
ASN
#14618 AMAZON-AES

Requested by
http://authorized-notifications.com/landing/form/373fe989-1905-4c5d-a635-87317523ef49/

File type
ASCII text, with very long lines (3511)
Size
3.6 kB (3555 bytes)
Hash
8ecb8bdcfcf4e73226e8368c39295396
25586bdd2a472da70d81e2b897fb0589f2512881
30bda66ee6cdb4f4c92eab68e513be2c22677c3fead22008ea5a3bef44f590b6

HTTP Headers

GET /css/data-entry.8ecb8bdcfcf4e732.css HTTP/1.1
Host: authorized-notifications.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://authorized-notifications.com/landing/form/373fe989-1905-4c5d-a635-87317523ef49/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 17 Jan 2024 03:23:24 GMT
Content-Type: text/css
Content-Length: 3555
Connection: keep-alive
Server: nginx
Last-Modified: Fri, 12 Jan 2024 20:49:50 GMT
ETag: "65a1a5ee-de3"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=63072000; includeSubDomains
Accept-Ranges: bytes

s3.amazonaws.com/securityiq/phishing-templates/Outlook+365/logo-outlook365.png

52.216.58.232

200 OK

4.6 kB

URL GET HTTP/1.1
s3.amazonaws.com/securityiq/phishing-templates/Outlook+365/logo-outlook365.png
IP
52.216.58.232:443
ASN
#0

Requested by
http://authorized-notifications.com/landing/form/373fe989-1905-4c5d-a635-87317523ef49/
Certificate
IssuerAmazon
Subjects3.amazonaws.com
FingerprintA6:0A:22:E1:56:35:ED:0D:1D:46:99:79:4D:17:07:70:1F:EE:1D:B6
ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 10 Jul 2024 23:59:59 GMT

File type
PNG image data, 159 x 35, 8-bit/color RGBA, non-interlaced
Size
4.6 kB (4585 bytes)
Hash
9f09a27d4f69b3557c7433574a29d726
a3097972d16e6d5768086f3f126e8d07edcc5976
fc5c3d7d2b298a42ec44dad2d8cd227b734db966b4afa68c0254a497e805f603

HTTP Headers

GET /securityiq/phishing-templates/Outlook+365/logo-outlook365.png HTTP/1.1
Host: s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://authorized-notifications.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: FLoU3c580UI8sg1njIHHEXgUKVIVCGYeMWaI5MtnHu1/YsMCDJpm5nMEMU+LKKUMuA1EcZaLh/I=
x-amz-request-id: NXF3YQ9T68W19Q61
Date: Wed, 17 Jan 2024 03:23:25 GMT
Last-Modified: Tue, 21 Feb 2017 14:16:38 GMT
ETag: "9f09a27d4f69b3557c7433574a29d726"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 4585

s3.amazonaws.com/securityiq/phishing-templates/Outlook+365/logo-microsoft.png

52.216.58.232

200 OK

1.0 kB

URL GET HTTP/1.1
s3.amazonaws.com/securityiq/phishing-templates/Outlook+365/logo-microsoft.png
IP
52.216.58.232:443
ASN
#0

Requested by
http://authorized-notifications.com/landing/form/373fe989-1905-4c5d-a635-87317523ef49/
Certificate
IssuerAmazon
Subjects3.amazonaws.com
FingerprintA6:0A:22:E1:56:35:ED:0D:1D:46:99:79:4D:17:07:70:1F:EE:1D:B6
ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 10 Jul 2024 23:59:59 GMT

File type
PNG image data, 100 x 22, 8-bit/color RGBA, non-interlaced
Size
1.0 kB (1040 bytes)
Hash
e4b675007dc6492ee590131d1f7dfbb3
9397e98e13074c09072f6a50e7267c612738c455
988e349f2bf4e87154738c7b2c1fa86618713a8cfa0cef60a046f5add89bd9de

HTTP Headers

GET /securityiq/phishing-templates/Outlook+365/logo-microsoft.png HTTP/1.1
Host: s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://authorized-notifications.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: J5wphcBzgf9xEDRqjn/PfZs63wBAiGXwPedcCixFtS/AjWpLFpX3I0U2jsrqqReA7xNCmCG+Pmo=
x-amz-request-id: NXF87Q4W0GTETDZP
Date: Wed, 17 Jan 2024 03:23:25 GMT
Last-Modified: Tue, 21 Feb 2017 14:16:38 GMT
ETag: "e4b675007dc6492ee590131d1f7dfbb3"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 1040

authorized-notifications.com/favicon.ico

23.20.142.96

404 Not Found

107 B

URL GET HTTP/1.1
authorized-notifications.com/favicon.ico
IP
23.20.142.96:80
ASN
#14618 AMAZON-AES

Requested by
http://authorized-notifications.com/landing/form/373fe989-1905-4c5d-a635-87317523ef49/

File type
HTML document, ASCII text, with CRLF line terminators
Size
107 B (107 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: authorized-notifications.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://authorized-notifications.com/landing/form/373fe989-1905-4c5d-a635-87317523ef49/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Wed, 17 Jan 2024 03:23:24 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Encoding: gzip

s3.amazonaws.com/securityiq/phishing-templates/Outlook+365/background.jpg

52.216.58.232

200 OK

203 kB

URL GET HTTP/1.1
s3.amazonaws.com/securityiq/phishing-templates/Outlook+365/background.jpg
IP
52.216.58.232:443
ASN
#0

Requested by
http://authorized-notifications.com/landing/form/373fe989-1905-4c5d-a635-87317523ef49/
Certificate
IssuerAmazon
Subjects3.amazonaws.com
FingerprintA6:0A:22:E1:56:35:ED:0D:1D:46:99:79:4D:17:07:70:1F:EE:1D:B6
ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 10 Jul 2024 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1420x1080, components 3
Size
203 kB (203294 bytes)
Hash
65283b123eb235e6176ae98c02ac5b1c
c50ca32b13a2dcbde0cb6eb2d4f72c252f14ac3f
7e50e406688bd898803f653058d14ca384734cb9b39ba900bc5e2734b59c073b

HTTP Headers

GET /securityiq/phishing-templates/Outlook+365/background.jpg HTTP/1.1
Host: s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://authorized-notifications.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: /bAQaLZ4EHDxIU9y1prJKkvMYatSAKLlaoyDj4nAzg6UIhd5ZL82TabxJZT457sDvD9m6v2JoJA=
x-amz-request-id: NXFA30XC9AQ1C37G
Date: Wed, 17 Jan 2024 03:23:25 GMT
Last-Modified: Tue, 21 Feb 2017 14:16:38 GMT
ETag: "65283b123eb235e6176ae98c02ac5b1c"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 203294

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (6)

URL User Request GET

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers