Report - www.icewireless.ca/localization/switch-language?_locale=en&redirect_url=//wamasolution.com/dev/adobe/2024/shared/sender/bGxhbUB2YWxvcmVwLmNvbQ==//wamasolution.com/dev/adobe/2024/shared/sender/bGxhbUB2YWxvcmVwLmNvbQ==//wamasolution.com/dev/adobe/2024/shared/sender/bGxhbUB2YWxvcmVwLmNvbQ==//wamasolution.com/dev/adobe/2024/shared/sender/bGxhbUB2YWxvcmVwLmNvbQ==

Report Overview

Submitted URL
www.icewireless.ca/localization/switch-language?_locale=en&redirect_url=//wamasolution.com/dev/adobe/2024/shared/sender/bGxhbUB2YWxvcmVwLmNvbQ==//wamasolution.com/dev/adobe/2024/shared/sender/bGxhbUB2YWxvcmVwLmNvbQ==//wamasolution.com/dev/adobe/2024/shared/sender/bGxhbUB2YWxvcmVwLmNvbQ==//wamasolution.com/dev/adobe/2024/shared/sender/bGxhbUB2YWxvcmVwLmNvbQ==
IP
34.193.188.207
ASN
#14618 AMAZON-AES
Submitted
2024-03-28 18:59:26
Access
public
Website Title
Sign in to your account
Final URL
cloudflare-ipfs.com/ipfs/QmUtyY7srcKRCVFZKXu6dzENHCmDcapaoj7hN4iR41pGWe#bGxhbUB2YWxvcmVwLmNvbQ==
Tags
phishing microsoft outlook
urlquery detections
Phishing - Microsoft Outlook

Detections

urlquery
3
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
aadcdn.msftauth.net	1455	unknown	2018-11-19	2024-03-27	1.0 kB	39 kB	152.199.23.37
aadcdn.msauth.net	1421	2018-10-25	2018-11-19	2024-03-28	1.0 kB	22 kB	13.107.213.53
aadcdn.msauthimages.net	4795	2018-11-12	2019-08-14	2024-03-28	1.1 kB	37 kB	152.199.21.175
cloudflare-ipfs.com	75147	2018-05-30	2021-01-20	2024-03-15	527 B	20 kB	104.17.64.14
www.icewireless.ca	unknown	2003-07-15	2013-12-21	2024-03-13	814 B	993 B	3.234.70.165
wamasolution.com	unknown	unknown	No data	No data	740 B	527 B	209.133.196.210
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-03-28	884 B	58 kB	104.17.25.14
bc1qkwkwjxv7m3zhsnrtxmaqlxj.com	unknown	2024-02-24	2024-02-24	2024-03-21	1.1 kB	16 kB	185.216.70.5

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

Scan Date	Severity	Indicator	Alert
2023-05-02	medium	cloudflare-ipfs.com/ipfs/QmUtyY7srcKRCVFZKXu6dzENHCmDcapaoj7hN4iR41pGWe	Other

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-03-28	medium	bc1qkwkwjxv7m3zhsnrtxmaqlxj.com	Sinkholed
2024-03-28	medium	bc1qkwkwjxv7m3zhsnrtxmaqlxj.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (4)

	URL	Size	First Seen	Last Seen
	cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js	90 kB	2023-03-07	2024-04-27
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-04-27 18:10:10 Times Seen262421 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	cloudflare-ipfs.com/ipfs/QmUtyY7srcKRCVFZKXu6dzENHCmDcapaoj7hN4iR41pGWe#bGxhbUB2YWxvcmVwLmNvbQ==	3.9 kB	2024-03-28	2024-04-13
Pretty URL cloudflare-ipfs.com/ipfs/QmUtyY7srcKRCVFZKXu6dzENHCmDcapaoj7hN4iR41pGWe#bGxhbUB2YWxvcmVwLmNvbQ== IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-28 19:58:12 Last Seen2024-04-13 00:00:36 Times Seen24 Hash d825dde69ea1b56fc78521a9c9f712ce 776c959198cb8c5b200f2d8efbbfb2893aa3e992 b74b1b9e4ae051c7fca51a17e35d65eaaf729003364368ebe9bb9fe62718bc98 Loading...

	unknown	6.7 kB	2024-03-28	2024-03-28
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-28 19:59:32 Last Seen2024-03-28 19:59:32 Times Seen1 Hash 43127acf3d74e986ff861d4e3695825e 58546aa05382575f0f16fb9a3f617ccee3b5cb0b f18599b0cd8e737a84017eae7aa19417142a6619d414ae1affb64272eaca509c Loading...

		Size	First Seen	Last Seen
	#1 Write - fcbbc6118c0386366aab555db73f9a5a	15 kB	2024-03-28	2024-03-28
Pretty Observations First Seen2024-03-28 19:59:32 Last Seen2024-03-28 19:59:32 Times Seen1 Hash fcbbc6118c0386366aab555db73f9a5a ddeb902ef6189e4848bc84c4885d6cce264b3b1b c38234014a19237d768f6e544b9e95e379abefb9864d076c82d9f752f8cc1ac8 Loading...

HTTP Transactions (13)

URL IP Response Size

www.icewireless.ca/localization/switch-language?_locale=en&redirect_url=//wamasolution.com/dev/adobe/2024/shared/sender/bGxhbUB2YWxvcmVwLmNvbQ==//wamasolution.com/dev/adobe/2024/shared/sender/bGxhbUB2YWxvcmVwLmNvbQ==//wamasolution.com/dev/adobe/2024/shared/sender/bGxhbUB2YWxvcmVwLmNvbQ==//wamasolution.com/dev/adobe/2024/shared/sender/bGxhbUB2YWxvcmVwLmNvbQ==

3.234.70.165

302 Found

254 B

URL User Request GET HTTP/2
www.icewireless.ca/localization/switch-language?_locale=en&redirect_url=//wamasolution.com/dev/adobe/2024/shared/sender/bGxhbUB2YWxvcmVwLmNvbQ==//wamasolution.com/dev/adobe/2024/shared/sender/bGxhbUB2YWxvcmVwLmNvbQ==//wamasolution.com/dev/adobe/2024/shared/sender/bGxhbUB2YWxvcmVwLmNvbQ==//wamasolution.com/dev/adobe/2024/shared/sender/bGxhbUB2YWxvcmVwLmNvbQ==
IP
3.234.70.165:443
ASN
#14618 AMAZON-AES

Certificate
IssuerAmazon
Subject*.icewireless.com
Fingerprint0C:6C:FF:49:A1:D7:92:3F:7E:B7:56:C7:09:8F:CF:81:9C:5A:5F:41
ValiditySun, 25 Jun 2023 00:00:00 GMT - Tue, 23 Jul 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (615)
Size
254 B (254 bytes)
Hash
86c86e81af2d1c71ef2a639042ccca31
8058241d6d8999d29ad8b9d3c2a66f2dd7593054
68a5ae71b27b45f51415904fb64f2decf4494b8bf51955b27599a97eaf101eab

HTTP Headers

GET /localization/switch-language?_locale=en&redirect_url=//wamasolution.com/dev/adobe/2024/shared/sender/bGxhbUB2YWxvcmVwLmNvbQ==//wamasolution.com/dev/adobe/2024/shared/sender/bGxhbUB2YWxvcmVwLmNvbQ==//wamasolution.com/dev/adobe/2024/shared/sender/bGxhbUB2YWxvcmVwLmNvbQ==//wamasolution.com/dev/adobe/2024/shared/sender/bGxhbUB2YWxvcmVwLmNvbQ== HTTP/1.1
Host: www.icewireless.ca
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Thu, 28 Mar 2024 18:59:01 GMT
content-type: text/html; charset=UTF-8
content-length: 254
server: Apache
cache-control: max-age=0, must-revalidate, private
location: //wamasolution.com/dev/adobe/2024/shared/sender/bGxhbUB2YWxvcmVwLmNvbQ==//wamasolution.com/dev/adobe/2024/shared/sender/bGxhbUB2YWxvcmVwLmNvbQ==//wamasolution.com/dev/adobe/2024/shared/sender/bGxhbUB2YWxvcmVwLmNvbQ==//wamasolution.com/dev/adobe/2024/shared/sender/bGxhbUB2YWxvcmVwLmNvbQ==
set-cookie: PHPSESSID=50lmn1r2c7vhf4bufcantcuek7; path=/; HttpOnly
device_view=full; expires=Sun, 28-Apr-2024 18:59:01 GMT; Max-Age=2678400; path=/; httponly
_locale=en; path=/; httponly
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2

wamasolution.com/dev/adobe/2024/shared/sender/bGxhbUB2YWxvcmVwLmNvbQ==//wamasolution.com/dev/adobe/2024/shared/sender/bGxhbUB2YWxvcmVwLmNvbQ==//wamasolution.com/dev/adobe/2024/shared/sender/bGxhbUB2YWxvcmVwLmNvbQ==//wamasolution.com/dev/adobe/2024/shared/sender/bGxhbUB2YWxvcmVwLmNvbQ==

209.133.196.210

302 Found

73 B

URL User Request GET HTTP/1.1
wamasolution.com/dev/adobe/2024/shared/sender/bGxhbUB2YWxvcmVwLmNvbQ==//wamasolution.com/dev/adobe/2024/shared/sender/bGxhbUB2YWxvcmVwLmNvbQ==//wamasolution.com/dev/adobe/2024/shared/sender/bGxhbUB2YWxvcmVwLmNvbQ==//wamasolution.com/dev/adobe/2024/shared/sender/bGxhbUB2YWxvcmVwLmNvbQ==
IP
209.133.196.210:443
ASN
#29802 HVC-AS

Certificate
IssuerLet's Encrypt
Subject*.wamasolution.com
Fingerprint30:1F:F2:75:C9:3C:09:FC:2A:84:4F:02:B6:8B:72:1A:B8:4D:8D:E3
ValiditySun, 17 Mar 2024 06:47:47 GMT - Sat, 15 Jun 2024 06:47:46 GMT

File type
HTML document, ASCII text, with no line terminators
Size
73 B (73 bytes)
Hash
f53f512956dcdac91a53d12c8df1bc9c
f7183c241f0747834e5a0f01de35df7771b610a4
6adffb54e2eca001c42c4fbd3fcf2bfac1752a186f983d047ceb45de6d7b416c

HTTP Headers

GET /dev/adobe/2024/shared/sender/bGxhbUB2YWxvcmVwLmNvbQ==//wamasolution.com/dev/adobe/2024/shared/sender/bGxhbUB2YWxvcmVwLmNvbQ==//wamasolution.com/dev/adobe/2024/shared/sender/bGxhbUB2YWxvcmVwLmNvbQ==//wamasolution.com/dev/adobe/2024/shared/sender/bGxhbUB2YWxvcmVwLmNvbQ== HTTP/1.1
Host: wamasolution.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 28 Mar 2024 18:59:01 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=949effd72e9f619471b3e830338b05ae; path=/
Location: https://cloudflare-ipfs.com/ipfs/QmUtyY7srcKRCVFZKXu6dzENHCmDcapaoj7hN4iR41pGWe#bGxhbUB2YWxvcmVwLmNvbQ==

cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

104.17.25.14

200 OK

28 kB

URL GET HTTP/3
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cloudflare-ipfs.com/ipfs/QmUtyY7srcKRCVFZKXu6dzENHCmDcapaoj7hN4iR41pGWe#bGxhbUB2YWxvcmVwLmNvbQ==
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
28 kB (27938 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 28 Mar 2024 18:59:02 GMT
content-type: application/javascript; charset=utf-8
content-length: 27938
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "603e8adc-15d9d"
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1177849
expires: Tue, 18 Mar 2025 18:59:02 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sY7bHqOcs5DSoi2GpmNxUF7boFySH5MYb50WOGNCZso1xrba9DwnKDxnatD2VpTHYK1%2F36n%2B9KkFTJVyB2c0mAx0NqOCeKgbO03cxZs44klyLiHqTx1H1p072FMS6ve2SWseSLha"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 86b9dae29b9856bb-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

bc1qkwkwjxv7m3zhsnrtxmaqlxj.com/api/v3/auth

185.216.70.5

200 OK

2 B

URL POST HTTP/1.1
bc1qkwkwjxv7m3zhsnrtxmaqlxj.com/api/v3/auth
IP
185.216.70.5:443
ASN
#216289 Sircrosar Limited

Requested by
https://cloudflare-ipfs.com/ipfs/QmUtyY7srcKRCVFZKXu6dzENHCmDcapaoj7hN4iR41pGWe#bGxhbUB2YWxvcmVwLmNvbQ==
Certificate
IssuerLet's Encrypt
Subjectbc1qkwkwjxv7m3zhsnrtxmaqlxj.com
Fingerprint3E:0F:36:57:65:B4:22:24:78:87:DE:F5:AC:B3:3C:E9:62:74:59:9D
ValiditySat, 24 Feb 2024 20:54:03 GMT - Fri, 24 May 2024 20:54:02 GMT

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /api/v3/auth HTTP/1.1
Host: bc1qkwkwjxv7m3zhsnrtxmaqlxj.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://cloudflare-ipfs.com/
Origin: https://cloudflare-ipfs.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Thu, 28 Mar 2024 18:59:04 GMT
server: uvicorn
vary: Origin
access-control-allow-methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
access-control-max-age: 600
access-control-allow-credentials: true
access-control-allow-origin: https://cloudflare-ipfs.com
access-control-allow-headers: content-type
content-length: 2
content-type: text/plain; charset=utf-8

bc1qkwkwjxv7m3zhsnrtxmaqlxj.com/api/v3/auth

185.216.70.5

200 OK

16 kB

URL POST HTTP/1.1
bc1qkwkwjxv7m3zhsnrtxmaqlxj.com/api/v3/auth
IP
185.216.70.5:443
ASN
#216289 Sircrosar Limited

Requested by
https://cloudflare-ipfs.com/ipfs/QmUtyY7srcKRCVFZKXu6dzENHCmDcapaoj7hN4iR41pGWe#bGxhbUB2YWxvcmVwLmNvbQ==
Certificate
IssuerLet's Encrypt
Subjectbc1qkwkwjxv7m3zhsnrtxmaqlxj.com
Fingerprint3E:0F:36:57:65:B4:22:24:78:87:DE:F5:AC:B3:3C:E9:62:74:59:9D
ValiditySat, 24 Feb 2024 20:54:03 GMT - Fri, 24 May 2024 20:54:02 GMT

File type
JSON text data
Size
16 kB (15671 bytes)
Hash
fd82de618c2ea894d5fb38b46fd97dd1
0e30d01223bdd508395ffbbe0eb829412f006efe
6fc440917c44ec6389509153abdcd9af5ef4ce852b59cfa98eb5269775fd177a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /api/v3/auth HTTP/1.1
Host: bc1qkwkwjxv7m3zhsnrtxmaqlxj.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 168
Origin: https://cloudflare-ipfs.com
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Thu, 28 Mar 2024 18:59:04 GMT
server: uvicorn
content-length: 15671
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true

cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

104.17.25.14

200 OK

28 kB

URL GET HTTP/3
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cloudflare-ipfs.com/ipfs/QmUtyY7srcKRCVFZKXu6dzENHCmDcapaoj7hN4iR41pGWe#bGxhbUB2YWxvcmVwLmNvbQ==
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
28 kB (27938 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 28 Mar 2024 18:59:07 GMT
content-type: application/javascript; charset=utf-8
content-length: 27938
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "603e8adc-15d9d"
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1177854
expires: Tue, 18 Mar 2025 18:59:07 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p%2BUfnNN%2BW18Eqp2O6esqjKxseyr1v9GHycA0sK9yssPO6TvQ9rHC7ebJY2%2FXsGeMhE2D6ZujigmKma5EblPPvhDUJiwj6jg%2B4mhSIcdYBL15z2SGh895F%2FXydXWcVsM4LskQ4vr8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 86b9db0558f4b512-OSL
alt-svc: h3=":443"; ma=86400

aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_8owwt4u-33ps0wawi7tmow2.css

152.199.23.37

200 OK

20 kB

URL GET HTTP/2
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_8owwt4u-33ps0wawi7tmow2.css
IP
152.199.23.37:443
ASN
#15133 EDGECAST

Requested by
https://cloudflare-ipfs.com/ipfs/QmUtyY7srcKRCVFZKXu6dzENHCmDcapaoj7hN4iR41pGWe#bGxhbUB2YWxvcmVwLmNvbQ==
Certificate
IssuerDigiCert Inc
Subjectaadcdn.msftauth.net
Fingerprint3C:9E:70:F5:B3:D1:80:80:8C:97:1C:7B:7E:A8:2C:D8:7B:94:95:0B
ValidityFri, 01 Dec 2023 00:00:00 GMT - Sun, 01 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (61177)
Size
20 kB (19970 bytes)
Hash
f0e5964f8bbedf73d2d3001623bb663b
aadf3504d5e5a93e678487eeb4a63398f2699341
9537f00ca371747a97a2acca388f7b2379a7fa7c59bde18c3d2621c0de8de492

HTTP Headers

GET /ests/2.1/content/cdnbundles/converged.v2.login.min_8owwt4u-33ps0wawi7tmow2.css HTTP/1.1
Host: aadcdn.msftauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 279085
cache-control: public, max-age=31536000
content-md5: 9K2/nGCj75WAmmAI9nZNCA==
content-type: text/css
date: Thu, 28 Mar 2024 18:59:07 GMT
etag: 0x8DA7650B375AC9B
last-modified: Thu, 04 Aug 2022 19:37:00 GMT
server: ECAcc (ska/F7A0)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 8887ee14-601e-0019-5fb8-7e9917000000
x-ms-version: 2009-09-19
content-length: 19970
X-Firefox-Spdy: h2

aadcdn.msauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg

13.107.213.53

200 OK

276 B

URL GET HTTP/2
aadcdn.msauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
IP
13.107.213.53:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://cloudflare-ipfs.com/ipfs/QmUtyY7srcKRCVFZKXu6dzENHCmDcapaoj7hN4iR41pGWe#bGxhbUB2YWxvcmVwLmNvbQ==
Certificate
IssuerDigiCert Inc
Subjectaadcdn.msauth.net
FingerprintEB:7C:D1:4E:EF:B5:D4:72:25:0B:1A:AF:5F:10:3D:EA:13:80:5A:47
ValidityMon, 29 Jan 2024 00:00:00 GMT - Wed, 29 Jan 2025 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
276 B (276 bytes)
Hash
a9cc2824ef3517b6c4160dcf8ff7d410
8db9aebad84ca6e4225bfdd2458ff3821cc4f064
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58

HTTP Headers

GET /shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 28 Mar 2024 18:59:07 GMT
content-type: image/svg+xml
content-length: 276
cache-control: public, max-age=31536000
content-encoding: gzip
last-modified: Fri, 17 Jan 2020 19:28:34 GMT
etag: 0x8D79B8371B97A82
x-ms-request-id: c6ffcdb0-401e-0062-3992-7cf1b8000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20240328T185907Z-srwvnc5u0h5s146ty3uzpy766000000006d0000000006d0h
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_ziytf8dzt9eg1s6-ohhleg2.css

13.107.213.53

200 OK

20 kB

URL GET HTTP/2
aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_ziytf8dzt9eg1s6-ohhleg2.css
IP
13.107.213.53:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://cloudflare-ipfs.com/ipfs/QmUtyY7srcKRCVFZKXu6dzENHCmDcapaoj7hN4iR41pGWe#bGxhbUB2YWxvcmVwLmNvbQ==
Certificate
IssuerDigiCert Inc
Subjectaadcdn.msauth.net
FingerprintEB:7C:D1:4E:EF:B5:D4:72:25:0B:1A:AF:5F:10:3D:EA:13:80:5A:47
ValidityMon, 29 Jan 2024 00:00:00 GMT - Wed, 29 Jan 2025 23:59:59 GMT

File type
ASCII text, with very long lines (61177)
Size
20 kB (19953 bytes)
Hash
ce26137fc0d9b7d7a0d52ebe3a186512
b9d7fb3fe7d08f46c2d1153bb47b13809375c663
1304c5090f063c677a5b3720fe7b97ef4d9ea102e2bdd837ce399df6057fe385

HTTP Headers

GET /ests/2.1/content/cdnbundles/converged.v2.login.min_ziytf8dzt9eg1s6-ohhleg2.css HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cloudflare-ipfs.com
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 28 Mar 2024 18:59:07 GMT
content-type: text/css
content-length: 19953
cache-control: public, max-age=31536000
content-encoding: gzip
last-modified: Mon, 18 Apr 2022 21:18:26 GMT
etag: 0x8DA2180FA29F5AF
x-ms-request-id: edd603ee-e01e-0044-1a3c-819a87000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20240328T185907Z-hrwnrc8cy97x542h9c23tenbh000000009d00000000034d4
x-fd-int-roxy-purgeid: 0
x-cache-info: L1_T2
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico

152.199.23.37

200 OK

17 kB

URL GET HTTP/2
aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
IP
152.199.23.37:443
ASN
#15133 EDGECAST

Requested by
https://cloudflare-ipfs.com/ipfs/QmUtyY7srcKRCVFZKXu6dzENHCmDcapaoj7hN4iR41pGWe#bGxhbUB2YWxvcmVwLmNvbQ==
Certificate
IssuerDigiCert Inc
Subjectaadcdn.msftauth.net
Fingerprint3C:9E:70:F5:B3:D1:80:80:8C:97:1C:7B:7E:A8:2C:D8:7B:94:95:0B
ValidityFri, 01 Dec 2023 00:00:00 GMT - Sun, 01 Dec 2024 23:59:59 GMT

File type
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Size
17 kB (17174 bytes)
Hash
12e3dac858061d088023b2bd48e2fa96
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

HTTP Headers

GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1
Host: aadcdn.msftauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 319126
cache-control: public, max-age=31536000
content-md5: EuPayFgGHQiAI7K9SOL6lg==
content-type: image/x-icon
date: Thu, 28 Mar 2024 18:59:08 GMT
etag: 0x8D8731240E548EB
last-modified: Sun, 18 Oct 2020 03:02:30 GMT
server: ECAcc (ska/F738)
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 582df77a-301e-0028-1b5a-7e9304000000
x-ms-version: 2009-09-19
content-length: 17174
X-Firefox-Spdy: h2

aadcdn.msauthimages.net/dbd5a2dd-vqlvc6g5-tuvustcrwtowwwc-x86xvcaxbkejwjiufi/logintenantbranding/0/bannerlogo?ts=636924210006469978

152.199.21.175

200 OK

4.8 kB

URL GET HTTP/2
aadcdn.msauthimages.net/dbd5a2dd-vqlvc6g5-tuvustcrwtowwwc-x86xvcaxbkejwjiufi/logintenantbranding/0/bannerlogo?ts=636924210006469978
IP
152.199.21.175:443
ASN
#15133 EDGECAST

Requested by
https://cloudflare-ipfs.com/ipfs/QmUtyY7srcKRCVFZKXu6dzENHCmDcapaoj7hN4iR41pGWe#bGxhbUB2YWxvcmVwLmNvbQ==
Certificate
IssuerMicrosoft Corporation
Subjectaadcdn.msauthimages.net
Fingerprint3B:14:C7:84:64:65:A8:46:3C:B4:7E:B7:F2:A1:AF:6B:8F:EF:17:E5
ValidityThu, 11 Jan 2024 12:14:02 GMT - Sun, 05 Jan 2025 12:14:02 GMT

File type
PNG image data, 280 x 60, 8-bit/color RGBA, non-interlaced
Size
4.8 kB (4801 bytes)
Hash
a4e3a74d8c8d146a7cb0099b12ca1b81
12ad58da80c3b6bf2dcb16bf5bc7e4f13caf8b4a
3b0d00674d61f4a99df1e2f8876e7559f7aa09aa277c3e52fe587e754ce3013c

HTTP Headers

GET /dbd5a2dd-vqlvc6g5-tuvustcrwtowwwc-x86xvcaxbkejwjiufi/logintenantbranding/0/bannerlogo?ts=636924210006469978 HTTP/1.1
Host: aadcdn.msauthimages.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
content-md5: pOOnTYyNFGp8sAmbEsobgQ==
content-type: image/*
date: Thu, 28 Mar 2024 18:59:07 GMT
etag: 0x8D6CF31C6923273
last-modified: Thu, 02 May 2019 19:10:01 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 424b9a0b-601e-000a-3842-81e755000000
x-ms-version: 2009-09-19
content-length: 4801
X-Firefox-Spdy: h2

aadcdn.msauthimages.net/dbd5a2dd-vqlvc6g5-tuvustcrwtowwwc-x86xvcaxbkejwjiufi/logintenantbranding/0/illustration?ts=636924212884229382

152.199.21.175

200 OK

31 kB

URL GET HTTP/2
aadcdn.msauthimages.net/dbd5a2dd-vqlvc6g5-tuvustcrwtowwwc-x86xvcaxbkejwjiufi/logintenantbranding/0/illustration?ts=636924212884229382
IP
152.199.21.175:443
ASN
#15133 EDGECAST

Requested by
https://cloudflare-ipfs.com/ipfs/QmUtyY7srcKRCVFZKXu6dzENHCmDcapaoj7hN4iR41pGWe#bGxhbUB2YWxvcmVwLmNvbQ==
Certificate
IssuerMicrosoft Corporation
Subjectaadcdn.msauthimages.net
Fingerprint3B:14:C7:84:64:65:A8:46:3C:B4:7E:B7:F2:A1:AF:6B:8F:EF:17:E5
ValidityThu, 11 Jan 2024 12:14:02 GMT - Sun, 05 Jan 2025 12:14:02 GMT

File type
PNG image data, 1920 x 1080, 8-bit/color RGB, non-interlaced
Size
31 kB (30737 bytes)
Hash
1d937f82fdf59cb5fef3ada5d678b505
4341a1e29ae61c3a5d479135e326d8814ad86ac3
8fa32245a647567f88519fc3c78cac47143dfcfc7cf0c21ba29af4d790ae9374

HTTP Headers

GET /dbd5a2dd-vqlvc6g5-tuvustcrwtowwwc-x86xvcaxbkejwjiufi/logintenantbranding/0/illustration?ts=636924212884229382 HTTP/1.1
Host: aadcdn.msauthimages.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
content-md5: HZN/gv31nLX+862l1ni1BQ==
content-type: image/*
date: Thu, 28 Mar 2024 18:59:08 GMT
etag: 0x8D6CF32721F60FA
last-modified: Thu, 02 May 2019 19:14:48 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 19feb184-e01e-0059-0142-81c461000000
x-ms-version: 2009-09-19
content-length: 30737
X-Firefox-Spdy: h2

cloudflare-ipfs.com/ipfs/QmUtyY7srcKRCVFZKXu6dzENHCmDcapaoj7hN4iR41pGWe

104.17.64.14

200 OK

19 kB

URL User Request GET HTTP/2
cloudflare-ipfs.com/ipfs/QmUtyY7srcKRCVFZKXu6dzENHCmDcapaoj7hN4iR41pGWe
IP
104.17.64.14:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectcloudflare-ipfs.com
Fingerprint18:E5:C9:71:96:8A:A9:48:E2:79:2A:29:91:D2:4E:46:90:B7:5D:9F
ValiditySun, 25 Feb 2024 02:55:05 GMT - Sat, 25 May 2024 02:55:04 GMT

File type
HTML document, ASCII text, with very long lines (3936), with CRLF line terminators
Size
19 kB (19326 bytes)
Hash
9dbe30810d104ff0471dab2fc01f2044
a93dfbc1fd19c2d7fb6049c6215d9fde40a782b0
7b794fb6213f46ac6ba31d3fc78aa19dcd93c9e6d4c41b62a5e5d33a6a989172

Detections

Analyzer	Verdict	Alert
PhishTank	phishing	Other

HTTP Headers

GET /ipfs/QmUtyY7srcKRCVFZKXu6dzENHCmDcapaoj7hN4iR41pGWe HTTP/1.1
Host: cloudflare-ipfs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 28 Mar 2024 18:59:01 GMT
content-type: text/html
cf-ray: 86b9dae0fa87568a-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 78
cache-control: public, max-age=29030400, immutable
etag: W/"QmUtyY7srcKRCVFZKXu6dzENHCmDcapaoj7hN4iR41pGWe"
vary: Accept-Encoding
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
access-control-allow-methods: GET
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
x-cf-ipfs-cache-status: hit
x-ipfs-path: /ipfs/QmUtyY7srcKRCVFZKXu6dzENHCmDcapaoj7hN4iR41pGWe
x-ipfs-roots: QmUtyY7srcKRCVFZKXu6dzENHCmDcapaoj7hN4iR41pGWe
set-cookie: __cf_bm=ro_WVktRZn1C85s_BWABTARa2P3xMvzV2G5e6gs16V4-1711652341-1.0.1.1-zTm3W8qowBRn.JlGxU0UCySyJZcTVt7w5SmAvPg7Ej9bQz.JhMOFCaA5_FINczCDXm5gmXo4iWlhxgn3r70fIw; path=/; expires=Thu, 28-Mar-24 19:29:01 GMT; domain=.cloudflare-ipfs.com; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (13)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL POST HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash