owa.dsi.com/owa/redir.aspx?C=V7R0K3xqg0CsolGU8ZDI3Zpe0RpjD9IIttgmDNcf8C2dqQxgqCqFXu6Cc4ztI0_ZVoo_W1Fveoo.&URL=www.dsi.com
63.137.36.200 321 B URL owa.dsi.com/owa/redir.aspx?C=V7R0K3xqg0CsolGU8ZDI3Zpe0RpjD9IIttgmDNcf8C2dqQxgqCqFXu6Cc4ztI0_ZVoo_W1Fveoo.&URL=www.dsi.com
IP 63.137.36.200:0
ASN #3561 CENTURYLINK-LEGACY-SAVVIS
File type HTML document, ASCII text, with CRLF line terminators
Hash 6abbe637f2e04dd71a4095dbd431b307
114676206115847969c1a8e948071de4ea844890
bf2877d5b95422b3c2c691660606369270e374c5510bfc776a52ce06feb8d31b
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /owa/redir.aspx?C=V7R0K3xqg0CsolGU8ZDI3Zpe0RpjD9IIttgmDNcf8C2dqQxgqCqFXu6Cc4ztI0_ZVoo_W1Fveoo.&URL=www.dsi.com HTTP/1.1
Host: owa.dsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: text/html; charset=utf-8
location: https://owa.dsi.com/owa/auth/logon.aspx?url=https%3a%2f%2fowa.dsi.com%2fowa%2fredir.aspx%3fURL%3dwww.dsi.com%23C%3dV7R0K3xqg0CsolGU8ZDI3Zpe0RpjD9IIttgmDNcf8C2dqQxgqCqFXu6Cc4ztI0_ZVoo_W1Fveoo.&reason=0
server: Microsoft-IIS/10.0
request-id: 7ae68dca-496a-4763-a97f-d0d2ec1091e7
x-owa-version: 15.1.2507.37
x-powered-by: ASP.NET
x-feserver: NJ3EXCH01
date: Thu, 18 Apr 2024 07:27:42 GMT
content-length: 321
X-Firefox-Spdy: h2
owa.dsi.com/owa/auth/logon.aspx?url=https%3a%2f%2fowa.dsi.com%2fowa%2fredir.aspx%3fURL%3dwww.dsi.com%23C%3dV7R0K3xqg0CsolGU8ZDI3Zpe0RpjD9IIttgmDNcf8C2dqQxgqCqFXu6Cc4ztI0_ZVoo_W1Fveoo.&reason=0
63.137.36.200 28 kB URL owa.dsi.com/owa/auth/logon.aspx?url=https%3a%2f%2fowa.dsi.com%2fowa%2fredir.aspx%3fURL%3dwww.dsi.com%23C%3dV7R0K3xqg0CsolGU8ZDI3Zpe0RpjD9IIttgmDNcf8C2dqQxgqCqFXu6Cc4ztI0_ZVoo_W1Fveoo.&reason=0
IP 63.137.36.200:0
ASN #3561 CENTURYLINK-LEGACY-SAVVIS
File type HTML document, ASCII text, with very long lines (1062), with CRLF, LF line terminators
Hash 005e1c36138345c65233f3bfad6d8d54
dd78fd8dfcfad797ba85540cc92c495aa8237eee
2e9fa782cc645d0b5abdbb9db53f2614f6fc4dcaff12827d67da1fb6242efcd2
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /owa/auth/logon.aspx?url=https%3a%2f%2fowa.dsi.com%2fowa%2fredir.aspx%3fURL%3dwww.dsi.com%23C%3dV7R0K3xqg0CsolGU8ZDI3Zpe0RpjD9IIttgmDNcf8C2dqQxgqCqFXu6Cc4ztI0_ZVoo_W1Fveoo.&reason=0 HTTP/1.1
Host: owa.dsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: no-cache, no-store
pragma: no-cache
content-type: text/html; charset=utf-8
expires: -1
server: Microsoft-IIS/10.0
request-id: 8caa4876-b7b8-4457-8456-558e05563f69
x-frame-options: SAMEORIGIN
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Thu, 18 Apr 2024 07:27:42 GMT
content-length: 28081
X-Firefox-Spdy: h2
owa.dsi.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fowa.dsi.com%2fowa%2fredir.aspx%3fURL%3dwww.dsi.com%23C%3dV7R0K3xqg0CsolGU8ZDI3Zpe0RpjD9IIttgmDNcf8C2dqQxgqCqFXu6Cc4ztI0_ZVoo_W1Fveoo.
63.137.36.200200 OK 59 kB URL User Request GET HTTP/2 owa.dsi.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fowa.dsi.com%2fowa%2fredir.aspx%3fURL%3dwww.dsi.com%23C%3dV7R0K3xqg0CsolGU8ZDI3Zpe0RpjD9IIttgmDNcf8C2dqQxgqCqFXu6Cc4ztI0_ZVoo_W1Fveoo.
IP 63.137.36.200:443
ASN #3561 CENTURYLINK-LEGACY-SAVVIS
Certificate IssuerDigiCert Inc
Subjectautodiscover.dsi.com
Fingerprint29:9B:78:EF:EA:6C:98:E0:F9:FE:B1:91:8E:F4:CA:88:4F:72:D9:B1
ValidityTue, 05 Dec 2023 00:00:00 GMT - Sat, 04 Jan 2025 23:59:59 GMT
File type HTML document, ASCII text, with very long lines (10414), with CRLF, LF line terminators
Hash 8771692ea5735389bf89695937dbd776
29c9960e4e2b79f796021916b07023117f87094f
0349cb39fa607a13a2635826854fb784d7046d49d28a62e898a06e7242465f16
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fowa.dsi.com%2fowa%2fredir.aspx%3fURL%3dwww.dsi.com%23C%3dV7R0K3xqg0CsolGU8ZDI3Zpe0RpjD9IIttgmDNcf8C2dqQxgqCqFXu6Cc4ztI0_ZVoo_W1Fveoo. HTTP/1.1
Host: owa.dsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://owa.dsi.com/owa/auth/logon.aspx?url=https%3a%2f%2fowa.dsi.com%2fowa%2fredir.aspx%3fURL%3dwww.dsi.com%23C%3dV7R0K3xqg0CsolGU8ZDI3Zpe0RpjD9IIttgmDNcf8C2dqQxgqCqFXu6Cc4ztI0_ZVoo_W1Fveoo.&reason=0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: no-cache, no-store
pragma: no-cache
content-type: text/html; charset=utf-8
expires: -1
server: Microsoft-IIS/10.0
request-id: 7bbe1840-9db3-4f44-ac24-b3d9f77f3b1b
x-frame-options: SAMEORIGIN
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Thu, 18 Apr 2024 07:27:43 GMT
content-length: 58888
X-Firefox-Spdy: h2
owa.dsi.com/owa/auth/15.1.2507/themes/resources/segoeui-regular.ttf
63.137.36.200200 OK 57 kB URL GET HTTP/2 owa.dsi.com/owa/auth/15.1.2507/themes/resources/segoeui-regular.ttf
IP 63.137.36.200:443
ASN #3561 CENTURYLINK-LEGACY-SAVVIS
Requested by https://owa.dsi.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fowa.dsi.com%2fowa%2fredir.aspx%3fURL%3dwww.dsi.com%23C%3dV7R0K3xqg0CsolGU8ZDI3Zpe0RpjD9IIttgmDNcf8C2dqQxgqCqFXu6Cc4ztI0_ZVoo_W1Fveoo.
Certificate IssuerDigiCert Inc
Subjectautodiscover.dsi.com
Fingerprint29:9B:78:EF:EA:6C:98:E0:F9:FE:B1:91:8E:F4:CA:88:4F:72:D9:B1
ValidityTue, 05 Dec 2023 00:00:00 GMT - Sat, 04 Jan 2025 23:59:59 GMT
File type TrueType Font data, 18 tables, 1st "LTSH", 11 names, Microsoft, language 0x409, � 2010 Microsoft Corporation. All Rights Reserved.RegularSegoe UI RegularVersion 0.81 Build 159S
Hash 8af990b6ad3ba192c2dd6a193890bf5f
4db5bf117ff8f1392fab3b438216d7cff4ae4976
c147c2ec76a8ab8bd5082f1f4d3f80a43c689165cb164cdd812e44048fe38708
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /owa/auth/15.1.2507/themes/resources/segoeui-regular.ttf HTTP/1.1
Host: owa.dsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://owa.dsi.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fowa.dsi.com%2fowa%2fredir.aspx%3fURL%3dwww.dsi.com%23C%3dV7R0K3xqg0CsolGU8ZDI3Zpe0RpjD9IIttgmDNcf8C2dqQxgqCqFXu6Cc4ztI0_ZVoo_W1Fveoo.
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public,max-age=2592000
content-type: application/octet-stream
last-modified: Sun, 20 Mar 2022 14:39:34 GMT
accept-ranges: bytes
etag: "017f650683cd81:0"
server: Microsoft-IIS/10.0
request-id: 657b20be-4431-4b4d-aeec-f56cbf8831f4
x-powered-by: ASP.NET
date: Thu, 18 Apr 2024 07:27:43 GMT
content-length: 56760
X-Firefox-Spdy: h2
owa.dsi.com/owa/auth/15.1.2507/themes/resources/segoeui-semilight.ttf
63.137.36.200200 OK 42 kB URL GET HTTP/2 owa.dsi.com/owa/auth/15.1.2507/themes/resources/segoeui-semilight.ttf
IP 63.137.36.200:443
ASN #3561 CENTURYLINK-LEGACY-SAVVIS
Requested by https://owa.dsi.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fowa.dsi.com%2fowa%2fredir.aspx%3fURL%3dwww.dsi.com%23C%3dV7R0K3xqg0CsolGU8ZDI3Zpe0RpjD9IIttgmDNcf8C2dqQxgqCqFXu6Cc4ztI0_ZVoo_W1Fveoo.
Certificate IssuerDigiCert Inc
Subjectautodiscover.dsi.com
Fingerprint29:9B:78:EF:EA:6C:98:E0:F9:FE:B1:91:8E:F4:CA:88:4F:72:D9:B1
ValidityTue, 05 Dec 2023 00:00:00 GMT - Sat, 04 Jan 2025 23:59:59 GMT
File type TrueType Font data, 16 tables, 1st "OS/2", 11 names, Microsoft, language 0x409, � 2010 Microsoft Corporation. All Rights Reserved.RegularSegoe UI SemilightVersion 1.00 build 16
Hash 6c26c24aabe31040657665b1e0d9505c
b3bdc48643752665e3e5798a192b27432a87d234
2d508a6e8979bba74b6fdf804c01a09a620c781e0fea73a8eefda904f5bcab25
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /owa/auth/15.1.2507/themes/resources/segoeui-semilight.ttf HTTP/1.1
Host: owa.dsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://owa.dsi.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fowa.dsi.com%2fowa%2fredir.aspx%3fURL%3dwww.dsi.com%23C%3dV7R0K3xqg0CsolGU8ZDI3Zpe0RpjD9IIttgmDNcf8C2dqQxgqCqFXu6Cc4ztI0_ZVoo_W1Fveoo.
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public,max-age=2592000
content-type: application/octet-stream
last-modified: Sun, 20 Mar 2022 14:41:26 GMT
accept-ranges: bytes
etag: "0efb793683cd81:0"
server: Microsoft-IIS/10.0
request-id: b1401f66-1bce-4760-a3af-fdf20f8b855a
x-powered-by: ASP.NET
date: Thu, 18 Apr 2024 07:27:43 GMT
content-length: 41560
X-Firefox-Spdy: h2
owa.dsi.com/owa/auth/15.1.2507/themes/resources/favicon.ico
63.137.36.200200 OK 7.9 kB URL GET HTTP/2 owa.dsi.com/owa/auth/15.1.2507/themes/resources/favicon.ico
IP 63.137.36.200:443
ASN #3561 CENTURYLINK-LEGACY-SAVVIS
Requested by https://owa.dsi.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fowa.dsi.com%2fowa%2fredir.aspx%3fURL%3dwww.dsi.com%23C%3dV7R0K3xqg0CsolGU8ZDI3Zpe0RpjD9IIttgmDNcf8C2dqQxgqCqFXu6Cc4ztI0_ZVoo_W1Fveoo.
Certificate IssuerDigiCert Inc
Subjectautodiscover.dsi.com
Fingerprint29:9B:78:EF:EA:6C:98:E0:F9:FE:B1:91:8E:F4:CA:88:4F:72:D9:B1
ValidityTue, 05 Dec 2023 00:00:00 GMT - Sat, 04 Jan 2025 23:59:59 GMT
File type MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
Hash 759fade9033aa298629e4b000dcd6dde
34a1adf5c7326d7bde5b5735471b5d81e611c189
cf0808a61ec571e0c4975663903b288009d55502ac0445d9948983b339a5cf6e
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /owa/auth/15.1.2507/themes/resources/favicon.ico HTTP/1.1
Host: owa.dsi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://owa.dsi.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fowa.dsi.com%2fowa%2fredir.aspx%3fURL%3dwww.dsi.com%23C%3dV7R0K3xqg0CsolGU8ZDI3Zpe0RpjD9IIttgmDNcf8C2dqQxgqCqFXu6Cc4ztI0_ZVoo_W1Fveoo.
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public,max-age=2592000
content-type: image/x-icon
last-modified: Sat, 26 Mar 2022 18:40:39 GMT
accept-ranges: bytes
etag: "806d40fd4041d81:0"
server: Microsoft-IIS/10.0
request-id: 21c89f66-2fdd-4ea3-ae08-00765185b568
x-powered-by: ASP.NET
date: Thu, 18 Apr 2024 07:27:43 GMT
content-length: 7886
X-Firefox-Spdy: h2