Report - mail.nativehealth.org/

Report Overview

Submitted URL
mail.nativehealth.org/
IP
12.199.5.101
ASN
#7018 ATT-INTERNET4
Submitted
2024-05-08 16:58:15
Access
public
Website Title
Outlook
Final URL
mail.nativehealth.org/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.nativehealth.org%2fowa%2f
Tags
microsoft phishing
urlquery detections
Phishing - Microsoft

Detections

urlquery
8
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
mail.nativehealth.org	unknown	2001-11-08	2013-11-13	2023-05-21	4.0 kB	196 kB	12.199.5.101

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (6)

	URL	Size	First Seen	Last Seen
	mail.nativehealth.org/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.nativehealth.org%2fowa%2f	14 kB	2023-03-07	2024-05-20
Pretty URL mail.nativehealth.org/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.nativehealth.org%2fowa%2f IP 12.199.5.101 ASN #7018 ATT-INTERNET4 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:58 Last Seen2024-05-20 00:16:24 Times Seen580 Hash 8e2bc1b488831cdc5841d3abfb0ba6bb 50aed9715e2a5c3018ae336875294f64a202eaf2 b7cd8d9758300e4190d07cfc88be4aabadff6e837e68d93eb73648dbcd89351b Loading...

	mail.nativehealth.org/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.nativehealth.org%2fowa%2f	1.4 kB	2023-03-07	2024-05-20
Pretty URL mail.nativehealth.org/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.nativehealth.org%2fowa%2f IP 12.199.5.101 ASN #7018 ATT-INTERNET4 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:58 Last Seen2024-05-20 00:16:24 Times Seen496 Hash 97eb9cc59146b048bdf9f61b499bf16f 3bcf316328c997d9768a59393894a989052e5198 d656711ef4d2a655d04b516c9dbafbe90bc4b24b57b0c3bc3c197ef4d287b641 Loading...

	mail.nativehealth.org/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.nativehealth.org%2fowa%2f	1.8 kB	2023-03-07	2024-05-19
Pretty URL mail.nativehealth.org/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.nativehealth.org%2fowa%2f IP 12.199.5.101 ASN #7018 ATT-INTERNET4 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:34:50 Last Seen2024-05-19 00:29:12 Times Seen173 Hash 25162df66169bb02d171cefb0705b9aa d14d0b165804e5bc0af701aab04c896206f99189 a581e957006f4ce637991baad1381f69785a4a9f183afbf67602b22eb3ab6a7a Loading...

	mail.nativehealth.org/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.nativehealth.org%2fowa%2f	19 B	2023-03-07	2024-05-20
Pretty URL mail.nativehealth.org/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.nativehealth.org%2fowa%2f IP 12.199.5.101 ASN #7018 ATT-INTERNET4 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:54 Last Seen2024-05-20 00:16:24 Times Seen1784 Hash 24f6a9c606199b766addcdaf630a6f4a e25cfd579629e6e410927500f3e9a728261c0553 e74b3de0ef4501689fdd96e8ecf0f120e7761bb3d9bfe6544e38790c0d386bf0 Loading...

	mail.nativehealth.org/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.nativehealth.org%2fowa%2f	137 B	2023-03-07	2024-05-20
Pretty URL mail.nativehealth.org/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.nativehealth.org%2fowa%2f IP 12.199.5.101 ASN #7018 ATT-INTERNET4 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:54 Last Seen2024-05-20 00:16:24 Times Seen1797 Hash 3012703a3a5c709a38f2cba896e8e5e6 d574b12ce7043b1ee47eb6934c39f19379fcf0ec 2c65e217804431e380651ce713d311bd5b5a5fb81cebc58392505cb35c854cdc Loading...

	mail.nativehealth.org/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.nativehealth.org%2fowa%2f	68 B	2023-03-07	2024-05-20
Pretty URL mail.nativehealth.org/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.nativehealth.org%2fowa%2f IP 12.199.5.101 ASN #7018 ATT-INTERNET4 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:58 Last Seen2024-05-20 00:16:24 Times Seen1078 Hash db8216e217de9a14420fa187142b00b5 50f9fdaa34b7caa061db879baa23a7d75f048e9e ebc3102ee92075887df69ec8c18ca2c24015e728566d302598a63c06697754ed Loading...

HTTP Transactions (7)

URL IP Response Size

mail.nativehealth.org/

12.199.5.101

0 B

URL
mail.nativehealth.org/
IP
12.199.5.101:0
ASN
#7018 ATT-INTERNET4

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET / HTTP/1.1
Host: mail.nativehealth.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
cache-control: no-cache
pragma: no-cache
location: https://mail.nativehealth.org/owa/
server: Microsoft-IIS/10.0
x-feserver: NAHC-EXCH-2019
x-requestid: 14693686-7a5c-49f7-9688-b433b6f6bb37
date: Wed, 08 May 2024 16:57:44 GMT
content-length: 0
X-Firefox-Spdy: h2

mail.nativehealth.org/owa/

12.199.5.101

228 B

URL
mail.nativehealth.org/owa/
IP
12.199.5.101:0
ASN
#7018 ATT-INTERNET4

File type
HTML document, ASCII text, with CRLF line terminators
Size
228 B (228 bytes)
Hash
31a70f2bba185fecced8e338f51c4f61
f956b4c2805cfa5f8b5b69bda20d52f099c6a11f
46765e1fcdb1a802ad0d0e7098207647558a28e3d2abd599326c5f7005763a83

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/ HTTP/1.1
Host: mail.nativehealth.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
content-type: text/html; charset=utf-8
location: https://mail.nativehealth.org/owa/auth/logon.aspx?url=https%3a%2f%2fmail.nativehealth.org%2fowa%2f&reason=0
server: Microsoft-IIS/10.0
request-id: 020d26a1-1cc4-48fc-8f45-58f8a5ca41cd
x-owa-version: 15.2.1258.12
x-powered-by: ASP.NET
x-feserver: NAHC-EXCH-2019
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 08 May 2024 16:57:44 GMT
content-length: 228
X-Firefox-Spdy: h2

mail.nativehealth.org/owa/auth/logon.aspx?url=https%3a%2f%2fmail.nativehealth.org%2fowa%2f&reason=0

12.199.5.101

28 kB

URL
mail.nativehealth.org/owa/auth/logon.aspx?url=https%3a%2f%2fmail.nativehealth.org%2fowa%2f&reason=0
IP
12.199.5.101:0
ASN
#7018 ATT-INTERNET4

File type
HTML document, ASCII text, with very long lines (1062), with CRLF, LF line terminators
Size
28 kB (27988 bytes)
Hash
413f1292df490a8f73fa42c1eb37b33e
f24e814b9c47eddb3a3813bdb683941bdcbdbe97
beec47d084f8d7bdbddb242d090cf253f118ecf0b16dd16373a31945ca4ff337

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/auth/logon.aspx?url=https%3a%2f%2fmail.nativehealth.org%2fowa%2f&reason=0 HTTP/1.1
Host: mail.nativehealth.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: no-cache, no-store
pragma: no-cache
content-type: text/html; charset=utf-8
expires: -1
server: Microsoft-IIS/10.0
request-id: cbe1a78f-4686-4ec6-b95f-26e84d82f60f
x-frame-options: SAMEORIGIN
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 08 May 2024 16:57:44 GMT
content-length: 27988
X-Firefox-Spdy: h2

mail.nativehealth.org/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.nativehealth.org%2fowa%2f

12.199.5.101

200 OK

59 kB

URL User Request GET HTTP/2
mail.nativehealth.org/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.nativehealth.org%2fowa%2f
IP
12.199.5.101:443
ASN
#7018 ATT-INTERNET4

Certificate
IssuerLet's Encrypt
Subject*.nativehealth.org
Fingerprint7B:F5:58:B0:2F:52:43:70:D1:8C:AB:5B:C1:AB:74:83:36:98:42:B4
ValidityMon, 29 Apr 2024 21:01:29 GMT - Sun, 28 Jul 2024 21:01:28 GMT

File type
HTML document, ASCII text, with very long lines (10414), with CRLF, LF line terminators
Size
59 kB (58793 bytes)
Hash
6ecb0b28973d337843cc879ae562b2b9
79225676703346aac2c900d97c1d54b01e253c1e
e29184613327e9b979bf7e85745f4593a4fdd4b170ecb1cc98558c6f4b71c075

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.nativehealth.org%2fowa%2f HTTP/1.1
Host: mail.nativehealth.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mail.nativehealth.org/owa/auth/logon.aspx?url=https%3a%2f%2fmail.nativehealth.org%2fowa%2f&reason=0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: no-cache, no-store
pragma: no-cache
content-type: text/html; charset=utf-8
expires: -1
server: Microsoft-IIS/10.0
request-id: f34a5bcf-c953-4b87-8832-3d66b13c02af
x-frame-options: SAMEORIGIN
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 08 May 2024 16:57:44 GMT
content-length: 58793
X-Firefox-Spdy: h2

mail.nativehealth.org/owa/auth/15.2.1258/themes/resources/segoeui-regular.ttf

12.199.5.101

200 OK

57 kB

URL GET HTTP/2
mail.nativehealth.org/owa/auth/15.2.1258/themes/resources/segoeui-regular.ttf
IP
12.199.5.101:443
ASN
#7018 ATT-INTERNET4

Requested by
https://mail.nativehealth.org/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.nativehealth.org%2fowa%2f
Certificate
IssuerLet's Encrypt
Subject*.nativehealth.org
Fingerprint7B:F5:58:B0:2F:52:43:70:D1:8C:AB:5B:C1:AB:74:83:36:98:42:B4
ValidityMon, 29 Apr 2024 21:01:29 GMT - Sun, 28 Jul 2024 21:01:28 GMT

File type
TrueType Font data, 18 tables, 1st "LTSH", 11 names, Microsoft, language 0x409, � 2010 Microsoft Corporation. All Rights Reserved.RegularSegoe UI RegularVersion 0.81 Build 159S
Size
57 kB (56760 bytes)
Hash
8af990b6ad3ba192c2dd6a193890bf5f
4db5bf117ff8f1392fab3b438216d7cff4ae4976
c147c2ec76a8ab8bd5082f1f4d3f80a43c689165cb164cdd812e44048fe38708

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/auth/15.2.1258/themes/resources/segoeui-regular.ttf HTTP/1.1
Host: mail.nativehealth.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mail.nativehealth.org/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.nativehealth.org%2fowa%2f
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public,max-age=2592000
content-type: application/octet-stream
last-modified: Tue, 12 Feb 2019 16:46:18 GMT
accept-ranges: bytes
etag: "069af79f2c2d41:0"
server: Microsoft-IIS/10.0
request-id: 3b200a29-1ac5-458a-a4c0-f008eca009ae
x-powered-by: ASP.NET
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 08 May 2024 16:57:45 GMT
content-length: 56760
X-Firefox-Spdy: h2

mail.nativehealth.org/owa/auth/15.2.1258/themes/resources/segoeui-semilight.ttf

12.199.5.101

200 OK

42 kB

URL GET HTTP/2
mail.nativehealth.org/owa/auth/15.2.1258/themes/resources/segoeui-semilight.ttf
IP
12.199.5.101:443
ASN
#7018 ATT-INTERNET4

Requested by
https://mail.nativehealth.org/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.nativehealth.org%2fowa%2f
Certificate
IssuerLet's Encrypt
Subject*.nativehealth.org
Fingerprint7B:F5:58:B0:2F:52:43:70:D1:8C:AB:5B:C1:AB:74:83:36:98:42:B4
ValidityMon, 29 Apr 2024 21:01:29 GMT - Sun, 28 Jul 2024 21:01:28 GMT

File type
TrueType Font data, 16 tables, 1st "OS/2", 11 names, Microsoft, language 0x409, � 2010 Microsoft Corporation. All Rights Reserved.RegularSegoe UI SemilightVersion 1.00 build 16
Size
42 kB (41560 bytes)
Hash
6c26c24aabe31040657665b1e0d9505c
b3bdc48643752665e3e5798a192b27432a87d234
2d508a6e8979bba74b6fdf804c01a09a620c781e0fea73a8eefda904f5bcab25

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/auth/15.2.1258/themes/resources/segoeui-semilight.ttf HTTP/1.1
Host: mail.nativehealth.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mail.nativehealth.org/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.nativehealth.org%2fowa%2f
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public,max-age=2592000
content-type: application/octet-stream
last-modified: Fri, 11 May 2018 18:11:29 GMT
accept-ranges: bytes
etag: "805ea77b53e9d31:0"
server: Microsoft-IIS/10.0
request-id: dc194ede-d22d-4247-919e-928a91f5a1c5
x-powered-by: ASP.NET
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 08 May 2024 16:57:45 GMT
content-length: 41560
X-Firefox-Spdy: h2

mail.nativehealth.org/owa/auth/15.2.1258/themes/resources/favicon.ico

12.199.5.101

200 OK

7.9 kB

URL GET HTTP/2
mail.nativehealth.org/owa/auth/15.2.1258/themes/resources/favicon.ico
IP
12.199.5.101:443
ASN
#7018 ATT-INTERNET4

Requested by
https://mail.nativehealth.org/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.nativehealth.org%2fowa%2f
Certificate
IssuerLet's Encrypt
Subject*.nativehealth.org
Fingerprint7B:F5:58:B0:2F:52:43:70:D1:8C:AB:5B:C1:AB:74:83:36:98:42:B4
ValidityMon, 29 Apr 2024 21:01:29 GMT - Sun, 28 Jul 2024 21:01:28 GMT

File type
MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
Size
7.9 kB (7886 bytes)
Hash
759fade9033aa298629e4b000dcd6dde
34a1adf5c7326d7bde5b5735471b5d81e611c189
cf0808a61ec571e0c4975663903b288009d55502ac0445d9948983b339a5cf6e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/auth/15.2.1258/themes/resources/favicon.ico HTTP/1.1
Host: mail.nativehealth.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mail.nativehealth.org/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.nativehealth.org%2fowa%2f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public,max-age=2592000
content-type: image/x-icon
last-modified: Wed, 01 Mar 2023 18:24:57 GMT
accept-ranges: bytes
etag: "80a239206b4cd91:0"
server: Microsoft-IIS/10.0
request-id: c545caca-a13b-4dbc-a600-cad263a3cd91
x-powered-by: ASP.NET
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 08 May 2024 16:57:45 GMT
content-length: 7886
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (7)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN