Overview

URL https://tinyurl.com/y9773yma
IP104.20.218.42
ASNAS13335 CloudFlare, Inc.
Location United States
Report completed2018-11-09 16:37:20 CET
StatusLoading report..
urlQuery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2018-11-09 16:36:52 CET 1  94.73.146.167 Client IP ETPRO CURRENT_EVENTS Fedex Javascript Phishing Landing Sept 8 2016
2018-11-09 16:36:46 CET 2  94.73.146.167 Client IP ET CURRENT_EVENTS Microsoft Document Phishing Landing 2018-08-30
2018-11-09 16:36:46 CET 2  94.73.146.167 Client IP ETPRO CURRENT_EVENTS Microsoft Documentation Phishing Landing 2018-01-22


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2018-11-09 2 mamaco.de/images/Office365-K/Microsoftdocs/ Phishing
2018-11-09 2 mamaco.de/images/Office365-K/Microsoftdocs/assets/js/custom.js Phishing
2018-11-09 2 mamaco.de/images/Office365-K/Microsoftdocs/assets/js/theDocs.all.min.js Phishing
2018-11-09 2 mamaco.de/images/Office365-K/Microsoftdocs/assets/fonts/fontawesome-webfont (...) Phishing
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 104.20.218.42

Date UQ / IDS / BL URL IP
2018-11-15 00:28:45 +0100
0 - 0 - 1 https://tinyurl.com/ybwnw4to 104.20.218.42
2018-11-14 15:28:16 +0100
0 - 0 - 0 https://tinyurl.com/jdjhgbg?rid=3btUZyP 104.20.218.42
2018-11-14 06:57:01 +0100
0 - 0 - 1 https://tinyurl.com/y9773yma 104.20.218.42
2018-11-14 01:38:40 +0100
0 - 0 - 0 https://tinyurl.com/yanc2bt4 104.20.218.42
2018-11-13 15:36:33 +0100
0 - 2 - 0 https://tinyurl.com/ya4qjmfr 104.20.218.42
2018-11-12 14:53:34 +0100
0 - 2 - 4 https://tinyurl.com/y757t39v 104.20.218.42
2018-11-12 10:18:59 +0100
0 - 0 - 1 https://tinyurl.com/ycabvkpe?email= 104.20.218.42
2018-11-11 04:39:29 +0100
0 - 0 - 1 https://tinyurl.com/yb6897sm 104.20.218.42
2018-11-11 02:34:24 +0100
0 - 1 - 2 https://tinyurl.com/y9m3b6fy 104.20.218.42
2018-11-11 00:46:27 +0100
0 - 0 - 1 https://tinyurl.com/y8dqceyp 104.20.218.42

Last 10 reports on ASN: AS13335 CloudFlare, Inc.

Date UQ / IDS / BL URL IP
2018-11-15 06:13:09 +0100
0 - 1 - 2 https://www.clanscs.com.br/destaques/south-pa (...) 104.24.97.220
2018-11-15 06:12:47 +0100
0 - 1 - 2 https://www.clanscs.com.br/destaques/operacao (...) 104.24.97.220
2018-11-15 06:12:12 +0100
0 - 1 - 2 https://www.clanscs.com.br/destaques/novo-mod (...) 104.24.97.220
2018-11-15 06:11:04 +0100
2 - 1 - 2 eg-manhg.com/vb/forumdisplay.php?f=192 104.24.97.3
2018-11-15 06:10:31 +0100
0 - 0 - 1 www.cressidacampbell.com/product-category/sho (...) 104.28.17.14
2018-11-15 06:09:31 +0100
0 - 4 - 2 lkhhgj.loan/jec-biced-73588.html 104.28.18.200
2018-11-15 06:08:47 +0100
3 - 2 - 5 https://danden.com/musicdetail.php?id=3548 104.27.174.91
2018-11-15 06:07:17 +0100
2 - 2 - 5 pinkertube.com/video/84019/gang-bang-fisting- (...) 104.28.31.4
2018-11-15 06:07:17 +0100
2 - 2 - 3 pinkertube.com/search/klixen 104.28.30.4
2018-11-15 06:07:17 +0100
2 - 2 - 4 pinkertube.com/category/blowjob/5 104.28.31.4

Last 10 reports on domain: tinyurl.com

Date UQ / IDS / BL URL IP
2018-11-15 00:28:45 +0100
0 - 0 - 1 https://tinyurl.com/ybwnw4to 104.20.218.42
2018-11-14 17:02:29 +0100
0 - 0 - 0 https://tinyurl.com/ycn3yumw 104.20.219.42
2018-11-14 15:28:16 +0100
0 - 0 - 0 https://tinyurl.com/jdjhgbg?rid=3btUZyP 104.20.218.42
2018-11-14 06:57:01 +0100
0 - 0 - 1 https://tinyurl.com/y9773yma 104.20.218.42
2018-11-14 01:38:40 +0100
0 - 0 - 0 https://tinyurl.com/yanc2bt4 104.20.218.42
2018-11-13 21:34:46 +0100
0 - 0 - 0 https://tinyurl.com/y7t9q6ew&c=E,1,jElGIc (...) 104.20.219.42
2018-11-13 16:23:31 +0100
0 - 2 - 0 https://tinyurl.com/yboejdzo 104.20.219.42
2018-11-13 15:36:33 +0100
0 - 2 - 0 https://tinyurl.com/ya4qjmfr 104.20.218.42
2018-11-13 15:10:34 +0100
0 - 0 - 1 tinyurl.com/ydx9y9fc 104.20.219.42
2018-11-13 04:46:57 +0100
0 - 0 - 1 tinyurl.com/yb9q6jkx 104.20.219.42


JavaScript

Executed Scripts (3)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (21)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca4.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 116
Content-Type: application/ocsp-request

                                         
                                         91.135.34.19
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Sat, 03 Nov 2018 09:29:25 GMT
Etag: 409925858167C64943F00B2779E534B6F0DE7C45
X-OCSP-Responder-ID: rmdccaocsp20
Content-Length: 472
Cache-Control: public, no-transform, must-revalidate, max-age=63706
Expires: Sat, 10 Nov 2018 09:18:31 GMT
Date: Fri, 09 Nov 2018 15:36:45 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   472
Md5:    d9f6199ae8b288e9aad1ea9349a40db6
Sha1:   409925858167c64943f00b2779e534b6f0de7c45
Sha256: bf7ac94d28c1bd85335644cf33f12c47dcbbd7cda296460ac51f5a968795dbbe
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca4.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.19
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Mon, 05 Nov 2018 09:27:34 GMT
Etag: F39B2270F941D5546998728E717E21E44102FDE7
X-OCSP-Responder-ID: rmdccaocsp16
Content-Length: 727
Cache-Control: public, no-transform, must-revalidate, max-age=236449
Expires: Mon, 12 Nov 2018 09:17:34 GMT
Date: Fri, 09 Nov 2018 15:36:45 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   727
Md5:    f33d11bb3516dfe9131b3f7b2ded93d9
Sha1:   f39b2270f941d5546998728e717e21e44102fde7
Sha256: 4724060b7fbbcd068c0c818ddcd1e5ed8b30b6d403d4893cc0e9fd43129f355c
                                        
                                            POST / HTTP/1.1 
Host: ocsp.usertrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.19
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Mon, 05 Nov 2018 09:27:34 GMT
Etag: E996CA4E8F395CBDD143B7F450F12B5C2577A315
X-OCSP-Responder-ID: rmdccaocsp28
Content-Length: 471
Cache-Control: public, no-transform, must-revalidate, max-age=236469
Expires: Mon, 12 Nov 2018 09:17:54 GMT
Date: Fri, 09 Nov 2018 15:36:45 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   471
Md5:    d5ad0cdca1daf4ee01f26fac9656846a
Sha1:   e996ca4e8f395cbdd143b7f450f12b5c2577a315
Sha256: 122ba43fb270c723f54d40877fa7bde5bbe7ae02fccda8f0295f7984bd457a21
                                        
                                            GET /y9773yma HTTP/1.1 
Host: tinyurl.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         104.20.219.42
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 09 Nov 2018 15:36:46 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=de4952a4bcf759a9eb9c2518ddd2e939f1541777805; expires=Sat, 09-Nov-19 15:36:45 GMT; path=/; domain=.tinyurl.com; HttpOnly tinyUUID=be5a992327734d28817b0000; expires=Sat, 09-Nov-2019 15:36:45 GMT; Max-Age=31536000; path=/; domain=.tinyurl.com
Location: http://mamaco.de/images/Office365-K/Microsoftdocs/
X-tiny: cache 0.0088582038879395
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 47715b56ac3a4297-OSL


--- Additional Info ---
                                        
                                            GET /images/Office365-K/Microsoftdocs/ HTTP/1.1 
Host: mamaco.de
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         94.73.146.167
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Location: index2.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-email&email=
Content-Length: 0
Date: Fri, 09 Nov 2018 15:36:45 GMT
Accept-Ranges: bytes
Server: LiteSpeed
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
Connection: Keep-Alive


--- Additional Info ---

Alerts:
  Blacklists:
    - fortinet: Phishing
                                        
                                            GET /images/Office365-K/Microsoftdocs/index2.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-email&email= HTTP/1.1 
Host: mamaco.de
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         94.73.146.167
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Content-Length: 1978
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Fri, 09 Nov 2018 15:36:45 GMT
Accept-Ranges: bytes
Server: LiteSpeed
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1978
Md5:    c7ee809194182340d46b6fe9b2c845ed
Sha1:   3b83ef8eaecf152cf9ac6caa3a9dec807c1a4c11
Sha256: 0d71cbb5baf09c443f970054215cf9fedde50f1272739606bc32e7b7bbd1e94d

Alerts:
  IDS:
    - ET CURRENT_EVENTS Microsoft Document Phishing Landing 2018-08-30
    - ETPRO CURRENT_EVENTS Microsoft Documentation Phishing Landing 2018-01-22
                                        
                                            GET /css?family=Raleway:100,300,400,500%7CLato:300,400 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://mamaco.de/images/Office365-K/Microsoftdocs/index2.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-email&email=

                                         
                                         172.217.20.42
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Expires: Fri, 09 Nov 2018 15:36:46 GMT
Date: Fri, 09 Nov 2018 15:36:46 GMT
Cache-Control: private, max-age=86400
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   349
Md5:    b82de49163810e6a938daf9cf8143b3c
Sha1:   dbf414e5066c79ee7ee242a5e9550f25abeb9435
Sha256: 03d864dbe405f2f82015846ff1735672aa16b348b848479875a0f39a58abdfeb
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=106468
Date: Fri, 09 Nov 2018 15:36:46 GMT
Etag: "5be48306-1d7"
Expires: Sat, 10 Nov 2018 21:11:14 GMT
Last-Modified: Thu, 08 Nov 2018 18:40:06 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471


--- Additional Info ---
Magic:  data
Size:   471
Md5:    80e2e7c364ba5b7cbc61c313b60c2162
Sha1:   f41e3f05a25e44d47e8fca4ff0b97d5717193da5
Sha256: 3dac433dde369b2b51156db136701bc39a4e087ff0b7d46f75f18864cbb1fb39
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=87595
Date: Fri, 09 Nov 2018 15:36:46 GMT
Etag: "5be43807-1d7"
Expires: Sat, 10 Nov 2018 15:56:41 GMT
Last-Modified: Thu, 08 Nov 2018 13:20:07 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471


--- Additional Info ---
Magic:  data
Size:   471
Md5:    e275255a54a69bbb77b695c2143899ea
Sha1:   b6de27e04588f9af82bb8d90c541750613075b5c
Sha256: 6c9ee1669dc00ae71ddf353e30a63fb6e7dc0051afa7fb41e29c8e10a14377ca
                                        
                                            GET /images/Office365-K/Microsoftdocs/assets/css/custom.css HTTP/1.1 
Host: mamaco.de
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://mamaco.de/images/Office365-K/Microsoftdocs/index2.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-email&email=

                                         
                                         94.73.146.167
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Cache-Control: public, max-age=604800
Expires: Fri, 16 Nov 2018 15:36:45 GMT
Last-Modified: Fri, 09 Nov 2018 13:20:42 GMT
Content-Length: 627
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Fri, 09 Nov 2018 15:36:45 GMT
Accept-Ranges: bytes
Server: LiteSpeed
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   627
Md5:    7fbd3941bdaa21af080965e8c4efe435
Sha1:   071cf0650e0be6e449f5d41e0bcc3220d4f6c517
Sha256: 150632232551e16a304dbef73ac15380384cc903c4a827887baa48b68bb6ca91
                                        
                                            GET /images/Office365-K/Microsoftdocs/assets/img/word.png HTTP/1.1 
Host: mamaco.de
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://mamaco.de/images/Office365-K/Microsoftdocs/index2.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-email&email=

                                         
                                         94.73.146.167
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Cache-Control: public, max-age=604800
Expires: Fri, 16 Nov 2018 15:36:45 GMT
Last-Modified: Fri, 09 Nov 2018 13:20:42 GMT
Content-Length: 7259
Date: Fri, 09 Nov 2018 15:36:45 GMT
Accept-Ranges: bytes
Server: LiteSpeed
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image, 171 x 180, 8-bit/color RGBA, non-interlaced
Size:   7259
Md5:    1ff9e7219d43babf911841267c439623
Sha1:   d46895b15d78eaf1776a8b55f957c7a31d14acc8
Sha256: 2cbcd235e7bd37011920b82ef900a4c2e87a048faa7345a1af59c1f28bce7188
                                        
                                            GET /images/Office365-K/Microsoftdocs/assets/js/custom.js HTTP/1.1 
Host: mamaco.de
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://mamaco.de/images/Office365-K/Microsoftdocs/index2.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-email&email=

                                         
                                         94.73.146.167
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Cache-Control: public, max-age=604800
Expires: Fri, 16 Nov 2018 15:36:45 GMT
Last-Modified: Fri, 09 Nov 2018 13:20:42 GMT
Content-Length: 1042
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Fri, 09 Nov 2018 15:36:45 GMT
Accept-Ranges: bytes
Server: LiteSpeed
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1042
Md5:    0561ac0bdb72443beba6f4f541e936de
Sha1:   b7965d532b8fa9bf7d0bbb4162ede79132385ab8
Sha256: 8d8e4f029843facb3f6d6aa228ce8cfb75bcb6ca8fa30b4b71c950edc519efba

Alerts:
  Blacklists:
    - fortinet: Phishing
  IDS:
    - ETPRO CURRENT_EVENTS Fedex Javascript Phishing Landing Sept 8 2016
                                        
                                            GET /images/Office365-K/Microsoftdocs/assets/img/logo.png HTTP/1.1 
Host: mamaco.de
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://mamaco.de/images/Office365-K/Microsoftdocs/index2.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-email&email=

                                         
                                         94.73.146.167
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Cache-Control: public, max-age=604800
Expires: Fri, 16 Nov 2018 15:36:45 GMT
Last-Modified: Fri, 09 Nov 2018 13:20:42 GMT
Content-Length: 21171
Date: Fri, 09 Nov 2018 15:36:45 GMT
Accept-Ranges: bytes
Server: LiteSpeed
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image, 222 x 50, 8-bit/color RGBA, non-interlaced
Size:   21171
Md5:    deb9fee33dfcefd47ef7c8386fb579e7
Sha1:   aa6178fc100580ec0283ae39651cc38a8bcec228
Sha256: 3ae10ed925ca3203f6f4907da618fa90061d565b0b38af565b2fc5396477361a
                                        
                                            GET /images/Office365-K/Microsoftdocs/assets/img/favicon.png HTTP/1.1 
Host: mamaco.de
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         94.73.146.167
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Cache-Control: public, max-age=604800
Expires: Fri, 16 Nov 2018 15:36:45 GMT
Last-Modified: Fri, 09 Nov 2018 13:20:42 GMT
Content-Length: 16162
Date: Fri, 09 Nov 2018 15:36:45 GMT
Accept-Ranges: bytes
Server: LiteSpeed
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image, 79 x 79, 8-bit/color RGBA, non-interlaced
Size:   16162
Md5:    3b91f8ad703764af28a70c081ed6db8f
Sha1:   733bcae78a4a8cad621272a1d82e7de066d6f556
Sha256: 506e8b60545bf84e9a230956c809882b8ac60da0bb50e86357c10ae8153f9965
                                        
                                            GET /wikipedia/commons/7/74/Office_365_logo.png HTTP/1.1 
Host: upload.wikimedia.org
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://mamaco.de/images/Office365-K/Microsoftdocs/index2.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-email&email=

                                         
                                         91.198.174.208
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Fri, 09 Nov 2018 15:36:46 GMT
Content-Length: 25171
Connection: keep-alive
X-Object-Meta-Sha1Base36: flhgcao47mncz49pngfpnpocardm4ug
Last-Modified: Sun, 15 Mar 2015 03:26:59 GMT
Etag: 95e1d221f4f2f485c900d7c69d5f8049
X-Timestamp: 1426390018.29420
X-Trans-Id: tx4adb6c443f87435baafad-005be518cb
X-Varnish: 1049080204 1048789260, 72568681 73994619, 205019896 47659403
Via: 1.1 varnish (Varnish/5.1), 1.1 varnish (Varnish/5.1), 1.1 varnish (Varnish/5.1)
Age: 37058
X-Cache: cp1088 hit/6, cp3045 hit/4, cp3036 hit/74
X-Cache-Status: hit-front
Strict-Transport-Security: max-age=106384710; includeSubDomains; preload
X-Analytics: https=1;nocookies=1
X-Client-IP: 77.40.129.123
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache, X-Varnish
Timing-Allow-Origin: *
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image, 1612 x 371, 8-bit/color RGBA, non-interlaced
Size:   25171
Md5:    95e1d221f4f2f485c900d7c69d5f8049
Sha1:   8585812a1331b19204cacfe145da4612b0d9db08
Sha256: 8ae79a4d18eea420af0fd562d43879b569bbd2c622da6deba79f6c202e385361
                                        
                                            GET /images/Office365-K/Microsoftdocs/assets/css/theDocs.all.min.css HTTP/1.1 
Host: mamaco.de
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://mamaco.de/images/Office365-K/Microsoftdocs/index2.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-email&email=

                                         
                                         94.73.146.167
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Cache-Control: public, max-age=604800
Expires: Fri, 16 Nov 2018 15:36:45 GMT
Last-Modified: Fri, 09 Nov 2018 13:20:42 GMT
Content-Length: 36945
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Fri, 09 Nov 2018 15:36:45 GMT
Accept-Ranges: bytes
Server: LiteSpeed
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   36945
Md5:    dfa87962106482d1b9a28fd75baac936
Sha1:   c218efe891e40979793b087b07e0033a283d6c40
Sha256: 63b30e92ceb26412770572d07e798910ac8269b5e8b3d869a639377e85595723
                                        
                                            GET /images/Office365-K/Microsoftdocs/assets/js/theDocs.all.min.js HTTP/1.1 
Host: mamaco.de
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://mamaco.de/images/Office365-K/Microsoftdocs/index2.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-email&email=

                                         
                                         94.73.146.167
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Cache-Control: public, max-age=604800
Expires: Fri, 16 Nov 2018 15:36:45 GMT
Last-Modified: Fri, 09 Nov 2018 13:20:42 GMT
Content-Length: 74465
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Fri, 09 Nov 2018 15:36:45 GMT
Accept-Ranges: bytes
Server: LiteSpeed
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   74465
Md5:    83cfc5773810575ae1d95375113630a1
Sha1:   4a558450497bc32062c0788db516cdab97ff7161
Sha256: c57cc4275a47929312bf9a0c46dfcfaf82174934c41b3a300ff012164743c7ac

Alerts:
  Blacklists:
    - fortinet: Phishing
                                        
                                            GET /s/lato/v14/S6uyw4BMUTPHjx4wWA.woff HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fonts.googleapis.com/css?family=Raleway:100,300,400,500%7CLato:300,400
Origin: http://mamaco.de

                                         
                                         172.217.22.163
HTTP/1.1 200 OK
Content-Type: font/woff
                                        
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Length: 28412
Date: Wed, 07 Nov 2018 06:03:24 GMT
Expires: Thu, 07 Nov 2019 06:03:24 GMT
Last-Modified: Wed, 11 Oct 2017 18:23:15 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 207203


--- Additional Info ---
Magic:  data
Size:   28412
Md5:    62fb51e9e645f63599238881b9de15dd
Sha1:   82b144e3c8b4ff40aeca34ddf7bc35985311b90e
Sha256: 5aeb07f9980663c2501c9620371e11ae7aa6e320d94dd753d0ef56d8308c74b3
                                        
                                            GET /s/raleway/v12/1Ptrg8zYS_SKggPNwIYqWqZPBg.woff HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fonts.googleapis.com/css?family=Raleway:100,300,400,500%7CLato:300,400
Origin: http://mamaco.de

                                         
                                         172.217.22.163
HTTP/1.1 200 OK
Content-Type: font/woff
                                        
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Length: 25008
Date: Mon, 05 Nov 2018 19:05:03 GMT
Expires: Tue, 05 Nov 2019 19:05:03 GMT
Last-Modified: Wed, 11 Oct 2017 18:26:10 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 333104


--- Additional Info ---
Magic:  data
Size:   25008
Md5:    34f26209ba887813c1f5b8aa2c161751
Sha1:   012674ab70958e3da2bdc8a33371c2495446e914
Sha256: b4829af734144cd5464e81607bcc392712639eeeed79a3c9e32635dbe96dc946
                                        
                                            GET /s/raleway/v12/1Ptug8zYS_SKggPNyC0ISQ.woff HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fonts.googleapis.com/css?family=Raleway:100,300,400,500%7CLato:300,400
Origin: http://mamaco.de

                                         
                                         172.217.22.163
HTTP/1.1 200 OK
Content-Type: font/woff
                                        
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Length: 24928
Date: Wed, 07 Nov 2018 06:23:23 GMT
Expires: Thu, 07 Nov 2019 06:23:23 GMT
Last-Modified: Wed, 11 Oct 2017 18:25:44 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 206004


--- Additional Info ---
Magic:  data
Size:   24928
Md5:    bd67f25d9c25994ffde79d2a81b85a66
Sha1:   0384211cf259acf18f12a6508c90d62276f38256
Sha256: 87d3c43afb2e0b0e57ca39121ea5cbfe801099dd9d1cc14e488bbba92305049b
                                        
                                            GET /images/Office365-K/Microsoftdocs/assets/fonts/fontawesome-webfont5b62.woff?v=4.6.3 HTTP/1.1 
Host: mamaco.de
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://mamaco.de/images/Office365-K/Microsoftdocs/assets/css/theDocs.all.min.css

                                         
                                         94.73.146.167
HTTP/1.1 200 OK
Content-Type: font/woff
                                        
Last-Modified: Fri, 09 Nov 2018 13:20:42 GMT
Content-Length: 90412
Date: Fri, 09 Nov 2018 15:36:46 GMT
Accept-Ranges: bytes
Server: LiteSpeed
Connection: Keep-Alive


--- Additional Info ---
Magic:  data
Size:   90412
Md5:    c8ddf1e5e5bf3682bc7bebf30f394148
Sha1:   6d7e6a5fc802b13694d8820fc0138037c0977d2e
Sha256: adbc4f95eb6d7f2738959cf0ecbc374672fce47e856050a8e9791f457623ac2c

Alerts:
  Blacklists:
    - fortinet: Phishing