Report - mail.findim.ch/

Report Overview

Submitted URL
mail.findim.ch/
IP
212.243.65.58
ASN
#3303 Bluewin
Submitted
2024-04-18 22:53:35
Access
public
Website Title
Outlook Web App
Final URL
mail.findim.ch/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.findim.ch%2fowa%2f
Tags
microsoft phishing
urlquery detections
Phishing - Microsoft

Detections

urlquery
11
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
mail.findim.ch	unknown	unknown	2020-09-15	2023-09-23	4.0 kB	193 kB	212.243.65.58

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (6)

	URL	Size	First Seen	Last Seen
	mail.findim.ch/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.findim.ch%2fowa%2f	14 kB	2023-03-07	2024-05-02
Pretty URL mail.findim.ch/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.findim.ch%2fowa%2f IP 212.243.65.58 ASN #3303 Bluewin Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:58 Last Seen2024-05-02 05:49:10 Times Seen528 Hash 8e2bc1b488831cdc5841d3abfb0ba6bb 50aed9715e2a5c3018ae336875294f64a202eaf2 b7cd8d9758300e4190d07cfc88be4aabadff6e837e68d93eb73648dbcd89351b Loading...

	mail.findim.ch/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.findim.ch%2fowa%2f	1.4 kB	2023-03-07	2024-05-02
Pretty URL mail.findim.ch/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.findim.ch%2fowa%2f IP 212.243.65.58 ASN #3303 Bluewin Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:58 Last Seen2024-05-02 05:49:10 Times Seen452 Hash 97eb9cc59146b048bdf9f61b499bf16f 3bcf316328c997d9768a59393894a989052e5198 d656711ef4d2a655d04b516c9dbafbe90bc4b24b57b0c3bc3c197ef4d287b641 Loading...

	mail.findim.ch/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.findim.ch%2fowa%2f	1.8 kB	2023-03-07	2024-05-02
Pretty URL mail.findim.ch/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.findim.ch%2fowa%2f IP 212.243.65.58 ASN #3303 Bluewin Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:34:50 Last Seen2024-05-02 05:49:10 Times Seen160 Hash 25162df66169bb02d171cefb0705b9aa d14d0b165804e5bc0af701aab04c896206f99189 a581e957006f4ce637991baad1381f69785a4a9f183afbf67602b22eb3ab6a7a Loading...

	mail.findim.ch/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.findim.ch%2fowa%2f	19 B	2023-03-07	2024-05-02
Pretty URL mail.findim.ch/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.findim.ch%2fowa%2f IP 212.243.65.58 ASN #3303 Bluewin Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:54 Last Seen2024-05-02 11:47:43 Times Seen1558 Hash 24f6a9c606199b766addcdaf630a6f4a e25cfd579629e6e410927500f3e9a728261c0553 e74b3de0ef4501689fdd96e8ecf0f120e7761bb3d9bfe6544e38790c0d386bf0 Loading...

	mail.findim.ch/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.findim.ch%2fowa%2f	137 B	2023-03-07	2024-05-02
Pretty URL mail.findim.ch/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.findim.ch%2fowa%2f IP 212.243.65.58 ASN #3303 Bluewin Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:54 Last Seen2024-05-02 05:49:10 Times Seen1581 Hash 3012703a3a5c709a38f2cba896e8e5e6 d574b12ce7043b1ee47eb6934c39f19379fcf0ec 2c65e217804431e380651ce713d311bd5b5a5fb81cebc58392505cb35c854cdc Loading...

	mail.findim.ch/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.findim.ch%2fowa%2f	68 B	2023-03-07	2024-05-02
Pretty URL mail.findim.ch/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.findim.ch%2fowa%2f IP 212.243.65.58 ASN #3303 Bluewin Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:58 Last Seen2024-05-02 11:47:43 Times Seen1008 Hash db8216e217de9a14420fa187142b00b5 50f9fdaa34b7caa061db879baa23a7d75f048e9e ebc3102ee92075887df69ec8c18ca2c24015e728566d302598a63c06697754ed Loading...

HTTP Transactions (7)

URL IP Response Size

mail.findim.ch/

212.243.65.58

0 B

URL
mail.findim.ch/
IP
212.243.65.58:0
ASN
#3303 Bluewin

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET / HTTP/1.1
Host: mail.findim.ch
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache
Pragma: no-cache
Location: https://mail.findim.ch/owa/
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Thu, 18 Apr 2024 22:53:10 GMT
Connection: close
Content-Length: 0

mail.findim.ch/owa/

212.243.65.58

214 B

URL
mail.findim.ch/owa/
IP
212.243.65.58:0
ASN
#3303 Bluewin

File type
HTML document, ASCII text, with CRLF line terminators
Size
214 B (214 bytes)
Hash
89dfaeda3249c366b92386e704a5feb4
2f547de92c636082d9ac244b8df83e3545cbe43a
887ab9230a8353fb1b696a1b20c07969f144db81da26a455fc39b9e9bdcea859

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/ HTTP/1.1
Host: mail.findim.ch
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
Location: https://mail.findim.ch/owa/auth/logon.aspx?url=https%3a%2f%2fmail.findim.ch%2fowa%2f&reason=0
Server: Microsoft-IIS/8.5
request-id: 34fdb6d6-2c24-4de2-aaca-522791a3834d
Set-Cookie: ClientId=VVUSOYUNKKZUAVVSYJMG; expires=Fri, 18-Apr-2025 22:53:10 GMT; path=/; HttpOnly
X-OWA-Version: 15.0.1497.36
X-Powered-By: ASP.NET
X-FEServer: FGEX200
Date: Thu, 18 Apr 2024 22:53:10 GMT
Content-Length: 214

mail.findim.ch/owa/auth/logon.aspx?url=https%3a%2f%2fmail.findim.ch%2fowa%2f&reason=0

212.243.65.58

28 kB

URL
mail.findim.ch/owa/auth/logon.aspx?url=https%3a%2f%2fmail.findim.ch%2fowa%2f&reason=0
IP
212.243.65.58:0
ASN
#3303 Bluewin

File type
HTML document, ASCII text, with very long lines (1062), with CRLF, LF line terminators
Size
28 kB (27983 bytes)
Hash
2017487ae189caa8b17f167d63cd5665
f4c88405956c86d78290c17c978d97fc2195cdcd
fe5ee2e469eacdad562037bfa213d0237075c11d40850e562e21752d7448a6f9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/auth/logon.aspx?url=https%3a%2f%2fmail.findim.ch%2fowa%2f&reason=0 HTTP/1.1
Host: mail.findim.ch
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: ClientId=VVUSOYUNKKZUAVVSYJMG
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.5
request-id: 8e48fdf7-d7ab-4a19-8054-34b8770d5c13
X-Frame-Options: SAMEORIGIN
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Thu, 18 Apr 2024 22:53:10 GMT
Content-Length: 27983

mail.findim.ch/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.findim.ch%2fowa%2f

212.243.65.58

200 OK

56 kB

URL User Request GET HTTP/1.1
mail.findim.ch/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.findim.ch%2fowa%2f
IP
212.243.65.58:443
ASN
#3303 Bluewin

Certificate
IssuerGoDaddy.com, Inc.
Subjectmail.findim.ch
FingerprintFC:C4:15:51:9D:7A:0B:5B:2C:7B:C4:17:DB:79:C5:28:E9:0B:7E:8E
ValiditySat, 23 Sep 2023 06:14:34 GMT - Mon, 26 Aug 2024 18:56:35 GMT

File type
HTML document, ASCII text, with very long lines (7903), with CRLF, LF line terminators
Size
56 kB (56328 bytes)
Hash
1545b4f33443bc93e1f2fe0a902cfdef
713c3a49a29430b3a9c564a989f7c4e6bbe16acb
7dc3b685e7d970438992d750b0519975f27e3a39825ca946fc18d48d1a89d63a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.findim.ch%2fowa%2f HTTP/1.1
Host: mail.findim.ch
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mail.findim.ch/owa/auth/logon.aspx?url=https%3a%2f%2fmail.findim.ch%2fowa%2f&reason=0
Cookie: ClientId=VVUSOYUNKKZUAVVSYJMG
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.5
request-id: fa1b94ca-e75c-41f8-9360-d0f64f9febf9
X-Frame-Options: SAMEORIGIN
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Thu, 18 Apr 2024 22:53:10 GMT
Content-Length: 56328

mail.findim.ch/owa/auth/15.0.1497/themes/resources/segoeui-regular.ttf

212.243.65.58

200 OK

57 kB

URL GET HTTP/1.1
mail.findim.ch/owa/auth/15.0.1497/themes/resources/segoeui-regular.ttf
IP
212.243.65.58:443
ASN
#3303 Bluewin

Requested by
https://mail.findim.ch/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.findim.ch%2fowa%2f
Certificate
IssuerGoDaddy.com, Inc.
Subjectmail.findim.ch
FingerprintFC:C4:15:51:9D:7A:0B:5B:2C:7B:C4:17:DB:79:C5:28:E9:0B:7E:8E
ValiditySat, 23 Sep 2023 06:14:34 GMT - Mon, 26 Aug 2024 18:56:35 GMT

File type
TrueType Font data, 18 tables, 1st "LTSH", 11 names, Microsoft, language 0x409, � 2010 Microsoft Corporation. All Rights Reserved.RegularSegoe UI RegularVersion 0.81 Build 159S
Size
57 kB (56760 bytes)
Hash
8af990b6ad3ba192c2dd6a193890bf5f
4db5bf117ff8f1392fab3b438216d7cff4ae4976
c147c2ec76a8ab8bd5082f1f4d3f80a43c689165cb164cdd812e44048fe38708

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/auth/15.0.1497/themes/resources/segoeui-regular.ttf HTTP/1.1
Host: mail.findim.ch
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mail.findim.ch/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.findim.ch%2fowa%2f
Cookie: ClientId=VVUSOYUNKKZUAVVSYJMG
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public,max-age=2592000
Content-Type: application/octet-stream
Last-Modified: Wed, 29 May 2019 00:02:58 GMT
Accept-Ranges: bytes
ETag: "0e579dfb115d51:0"
Server: Microsoft-IIS/8.5
request-id: 0c591350-f401-4415-bbc4-88c54ce49553
X-Powered-By: ASP.NET
Date: Thu, 18 Apr 2024 22:53:10 GMT
Content-Length: 56760

mail.findim.ch/owa/auth/15.0.1497/themes/resources/segoeui-semilight.ttf

212.243.65.58

200 OK

42 kB

URL GET HTTP/1.1
mail.findim.ch/owa/auth/15.0.1497/themes/resources/segoeui-semilight.ttf
IP
212.243.65.58:443
ASN
#3303 Bluewin

Requested by
https://mail.findim.ch/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.findim.ch%2fowa%2f
Certificate
IssuerGoDaddy.com, Inc.
Subjectmail.findim.ch
FingerprintFC:C4:15:51:9D:7A:0B:5B:2C:7B:C4:17:DB:79:C5:28:E9:0B:7E:8E
ValiditySat, 23 Sep 2023 06:14:34 GMT - Mon, 26 Aug 2024 18:56:35 GMT

File type
TrueType Font data, 16 tables, 1st "OS/2", 11 names, Microsoft, language 0x409, � 2010 Microsoft Corporation. All Rights Reserved.RegularSegoe UI SemilightVersion 1.00 build 16
Size
42 kB (41560 bytes)
Hash
6c26c24aabe31040657665b1e0d9505c
b3bdc48643752665e3e5798a192b27432a87d234
2d508a6e8979bba74b6fdf804c01a09a620c781e0fea73a8eefda904f5bcab25

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/auth/15.0.1497/themes/resources/segoeui-semilight.ttf HTTP/1.1
Host: mail.findim.ch
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mail.findim.ch/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.findim.ch%2fowa%2f
Cookie: ClientId=VVUSOYUNKKZUAVVSYJMG
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public,max-age=2592000
Content-Type: application/octet-stream
Last-Modified: Wed, 29 May 2019 00:02:58 GMT
Accept-Ranges: bytes
ETag: "0e579dfb115d51:0"
Server: Microsoft-IIS/8.5
request-id: d9d63001-d5b0-4889-b7a7-bfb8a4306547
X-Powered-By: ASP.NET
Date: Thu, 18 Apr 2024 22:53:10 GMT
Content-Length: 41560

mail.findim.ch/owa/auth/15.0.1497/themes/resources/favicon.ico

212.243.65.58

200 OK

7.9 kB

URL GET HTTP/1.1
mail.findim.ch/owa/auth/15.0.1497/themes/resources/favicon.ico
IP
212.243.65.58:443
ASN
#3303 Bluewin

Requested by
https://mail.findim.ch/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.findim.ch%2fowa%2f
Certificate
IssuerGoDaddy.com, Inc.
Subjectmail.findim.ch
FingerprintFC:C4:15:51:9D:7A:0B:5B:2C:7B:C4:17:DB:79:C5:28:E9:0B:7E:8E
ValiditySat, 23 Sep 2023 06:14:34 GMT - Mon, 26 Aug 2024 18:56:35 GMT

File type
MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
Size
7.9 kB (7886 bytes)
Hash
759fade9033aa298629e4b000dcd6dde
34a1adf5c7326d7bde5b5735471b5d81e611c189
cf0808a61ec571e0c4975663903b288009d55502ac0445d9948983b339a5cf6e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/auth/15.0.1497/themes/resources/favicon.ico HTTP/1.1
Host: mail.findim.ch
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mail.findim.ch/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.findim.ch%2fowa%2f
Cookie: ClientId=VVUSOYUNKKZUAVVSYJMG
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public,max-age=2592000
Content-Type: image/x-icon
Last-Modified: Wed, 29 May 2019 00:02:58 GMT
Accept-Ranges: bytes
ETag: "0e579dfb115d51:0"
Server: Microsoft-IIS/8.5
request-id: 286feae7-d203-4105-822d-4d562634decb
X-Powered-By: ASP.NET
Date: Thu, 18 Apr 2024 22:53:10 GMT
Content-Length: 7886

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (7)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN