Report - webmail.hanz.health.nz/cookieauth.dll?getlogon?curl=z2f&reason=0&formdir=2

Report Overview

Submitted URL
webmail.hanz.health.nz/cookieauth.dll?getlogon?curl=z2f&reason=0&formdir=2
IP
203.97.192.52
ASN
#4768 One New Zealand Group Limited
Submitted
2024-05-07 05:47:16
Access
public
Website Title
Outlook Web App
Final URL
webmail.hanz.health.nz/cookieauth.dll?getlogon?curl=z2f&reason=0&formdir=2
Tags
microsoft phishing
urlquery detections
Phishing - Microsoft

Detections

urlquery
15
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.entrust.net	1208	1997-07-28	2014-01-10	2024-05-06	328 B	2.0 kB	184.24.45.171
webmail.hanz.health.nz	unknown	unknown	2015-05-27	2024-04-08	7.3 kB	46 kB	122.56.53.186

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	unknown	23 B	2023-04-19	2024-05-19
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-19 02:35:45 Last Seen2024-05-19 02:03:48 Times Seen150 Hash 054e877d2edf41b70598e6376d4f66d8 b8bacd603f7a40260d6755e5ef7d873f65a452bd ac05721c88cde9f5041a4722d1f86b6971985645817b1d4a05444c4e78036e0f Loading...

	webmail.hanz.health.nz/CookieAuth.dll?GetPic?formdir=2&image=flogon.js	17 kB	2023-03-07	2024-05-19
Pretty URL webmail.hanz.health.nz/CookieAuth.dll?GetPic?formdir=2&image=flogon.js IP 122.56.53.186 ASN #4648 Global-Gateway Internet Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:12:32 Last Seen2024-05-19 02:03:48 Times Seen153 Hash f26366035bb6bcd3d966bc497df05d8c 4536c3e8ffd066f3c7cc57095285dccd9b1785f9 d87ecfce8a144ca47d88ccf59b11da2cc8813e1aaa2e8d3c79150cbfe4dcd053 Loading...

	webmail.hanz.health.nz/cookieauth.dll?getlogon?curl=z2f&reason=0&formdir=2	512 B	2023-03-07	2024-05-19
Pretty URL webmail.hanz.health.nz/cookieauth.dll?getlogon?curl=z2f&reason=0&formdir=2 IP 122.56.53.186 ASN #4648 Global-Gateway Internet Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:19:42 Last Seen2024-05-19 02:03:48 Times Seen150 Hash c70b1fd16daf4535e1c4ab0fcec832e1 149c457f2182400601fe428f9caf3c53ac45c463 2742d10a8b4b670a85f87dd11eabfa3e0045c9e87eb12b8cc672c0bfed3caeae Loading...

HTTP Transactions (15)

URL IP Response Size

ocsp.entrust.net/

184.24.45.171

1.6 kB

URL
ocsp.entrust.net/
IP
184.24.45.171:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
bcf4336b956712976790b04e0564ee73
242179c4eb0809284fc1679965740bcd17ec9dab
cf0b887fef9bb912acee9fa4d9cc96741a23cb67433c48dae2ce7d63a12c8a5b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "CF0B887FEF9BB912ACEE9FA4D9CC96741A23CB67433C48DAE2CE7D63A12C8A5B"
Last-Modified: Tue, 07 May 2024 03:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3600
Expires: Tue, 07 May 2024 06:46:52 GMT
Date: Tue, 07 May 2024 05:46:52 GMT
Connection: keep-alive

webmail.hanz.health.nz/cookieauth.dll?getlogon?curl=z2f&reason=0&formdir=2

122.56.53.186

200 OK

3.4 kB

URL User Request GET HTTP/1.1
webmail.hanz.health.nz/cookieauth.dll?getlogon?curl=z2f&reason=0&formdir=2
IP
122.56.53.186:443
ASN
#4648 Global-Gateway Internet

Certificate
IssuerEntrust, Inc.
Subject*.hanz.health.nz
Fingerprint30:B7:D3:E3:B8:F4:CB:BD:52:D2:65:43:3F:D3:5D:7B:68:F9:9C:AC
ValidityTue, 13 Jun 2023 02:31:41 GMT - Wed, 19 Jun 2024 02:31:41 GMT

File type
HTML document, ASCII text, with very long lines (470), with CRLF line terminators
Size
3.4 kB (3391 bytes)
Hash
3dd228655b9499d1890d6a6de9310072
da327d85ae504187221ef5d99c32f4edebea738b
f4d525d2cc50c622c2e152bf1f1a858fc42f3bc547b4493d9cca88e799a2dc2d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /cookieauth.dll?getlogon?curl=z2f&reason=0&formdir=2 HTTP/1.1
Host: webmail.hanz.health.nz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Type: text/html
Pragma: no-cache
Cache-control: no-cache,max-age=0,must-revalidate
Content-Encoding: gzip
Vary: Accept-Encoding
Transfer-Encoding: chunked

webmail.hanz.health.nz/CookieAuth.dll?GetPic?formdir=2&image=logon_style.css

122.56.53.186

200 OK

1.3 kB

URL GET HTTP/1.1
webmail.hanz.health.nz/CookieAuth.dll?GetPic?formdir=2&image=logon_style.css
IP
122.56.53.186:443
ASN
#4648 Global-Gateway Internet

Requested by
https://webmail.hanz.health.nz/cookieauth.dll?getlogon?curl=z2f&reason=0&formdir=2
Certificate
IssuerEntrust, Inc.
Subject*.hanz.health.nz
Fingerprint30:B7:D3:E3:B8:F4:CB:BD:52:D2:65:43:3F:D3:5D:7B:68:F9:9C:AC
ValidityTue, 13 Jun 2023 02:31:41 GMT - Wed, 19 Jun 2024 02:31:41 GMT

File type
ASCII text, with CRLF line terminators
Size
1.3 kB (1279 bytes)
Hash
522436367f4545f01a036a770ed1ae79
792ac4884c394f6cfc3850666d9dad8a75abd48f
3b2f457ba3f90541c7bfffef2c89d556d30f4c76108426090ffb0585ad3aa1ac

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /CookieAuth.dll?GetPic?formdir=2&image=logon_style.css HTTP/1.1
Host: webmail.hanz.health.nz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.hanz.health.nz/cookieauth.dll?getlogon?curl=z2f&reason=0&formdir=2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Type: text/css
Cache-control: max-age=604800
Content-Encoding: gzip
Vary: Accept-Encoding
Transfer-Encoding: chunked

webmail.hanz.health.nz/CookieAuth.dll?GetPic?formdir=2&image=owafont.css

122.56.53.186

200 OK

2.0 kB

URL GET HTTP/1.1
webmail.hanz.health.nz/CookieAuth.dll?GetPic?formdir=2&image=owafont.css
IP
122.56.53.186:443
ASN
#4648 Global-Gateway Internet

Requested by
https://webmail.hanz.health.nz/cookieauth.dll?getlogon?curl=z2f&reason=0&formdir=2
Certificate
IssuerEntrust, Inc.
Subject*.hanz.health.nz
Fingerprint30:B7:D3:E3:B8:F4:CB:BD:52:D2:65:43:3F:D3:5D:7B:68:F9:9C:AC
ValidityTue, 13 Jun 2023 02:31:41 GMT - Wed, 19 Jun 2024 02:31:41 GMT

File type
ASCII text, with CRLF line terminators
Size
2.0 kB (2027 bytes)
Hash
9f2219d5b0220a73402c9f4495990900
49716d120f59965e095545a45eb7b4505b36097a
159f4b224ba13a8c9425965294caa598a874e980582c4c3f3f56a4bf0bea294d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /CookieAuth.dll?GetPic?formdir=2&image=owafont.css HTTP/1.1
Host: webmail.hanz.health.nz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.hanz.health.nz/cookieauth.dll?getlogon?curl=z2f&reason=0&formdir=2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Type: text/css
Cache-control: max-age=604800
Content-Encoding: gzip
Vary: Accept-Encoding
Transfer-Encoding: chunked

webmail.hanz.health.nz/CookieAuth.dll?GetPic?formdir=2&image=flogon.js

122.56.53.186

200 OK

17 kB

URL GET HTTP/1.1
webmail.hanz.health.nz/CookieAuth.dll?GetPic?formdir=2&image=flogon.js
IP
122.56.53.186:443
ASN
#4648 Global-Gateway Internet

Requested by
https://webmail.hanz.health.nz/cookieauth.dll?getlogon?curl=z2f&reason=0&formdir=2
Certificate
IssuerEntrust, Inc.
Subject*.hanz.health.nz
Fingerprint30:B7:D3:E3:B8:F4:CB:BD:52:D2:65:43:3F:D3:5D:7B:68:F9:9C:AC
ValidityTue, 13 Jun 2023 02:31:41 GMT - Wed, 19 Jun 2024 02:31:41 GMT

File type
ASCII text, with CRLF line terminators
Size
17 kB (17405 bytes)
Hash
f26366035bb6bcd3d966bc497df05d8c
4536c3e8ffd066f3c7cc57095285dccd9b1785f9
d87ecfce8a144ca47d88ccf59b11da2cc8813e1aaa2e8d3c79150cbfe4dcd053

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /CookieAuth.dll?GetPic?formdir=2&image=flogon.js HTTP/1.1
Host: webmail.hanz.health.nz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.hanz.health.nz/cookieauth.dll?getlogon?curl=z2f&reason=0&formdir=2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Length: 17405
Content-Type: application/x-javascript
Cache-control: max-age=604800

webmail.hanz.health.nz/CookieAuth.dll?GetPic?formdir=2&image=lgnbotl.gif

122.56.53.186

200 OK

9.3 kB

URL GET HTTP/1.1
webmail.hanz.health.nz/CookieAuth.dll?GetPic?formdir=2&image=lgnbotl.gif
IP
122.56.53.186:443
ASN
#4648 Global-Gateway Internet

Requested by
https://webmail.hanz.health.nz/cookieauth.dll?getlogon?curl=z2f&reason=0&formdir=2
Certificate
IssuerEntrust, Inc.
Subject*.hanz.health.nz
Fingerprint30:B7:D3:E3:B8:F4:CB:BD:52:D2:65:43:3F:D3:5D:7B:68:F9:9C:AC
ValidityTue, 13 Jun 2023 02:31:41 GMT - Wed, 19 Jun 2024 02:31:41 GMT

File type
GIF image data, version 89a, 456 x 54
Size
9.3 kB (9311 bytes)
Hash
e0a2c263c6745f251720fe0876d140c4
51b2196c6b10b8c6443e4f91b4c6281134755f33
0e2cda541bf24815df2facd5729d44b70ef4e4bdd160169295944aefc9e51b0b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /CookieAuth.dll?GetPic?formdir=2&image=lgnbotl.gif HTTP/1.1
Host: webmail.hanz.health.nz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.hanz.health.nz/cookieauth.dll?getlogon?curl=z2f&reason=0&formdir=2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Length: 9311
Content-Type: image/gif
Cache-control: max-age=604800

webmail.hanz.health.nz/CookieAuth.dll?GetPic?formdir=2&image=lgntopr.gif

122.56.53.186

200 OK

581 B

URL GET HTTP/1.1
webmail.hanz.health.nz/CookieAuth.dll?GetPic?formdir=2&image=lgntopr.gif
IP
122.56.53.186:443
ASN
#4648 Global-Gateway Internet

Requested by
https://webmail.hanz.health.nz/cookieauth.dll?getlogon?curl=z2f&reason=0&formdir=2
Certificate
IssuerEntrust, Inc.
Subject*.hanz.health.nz
Fingerprint30:B7:D3:E3:B8:F4:CB:BD:52:D2:65:43:3F:D3:5D:7B:68:F9:9C:AC
ValidityTue, 13 Jun 2023 02:31:41 GMT - Wed, 19 Jun 2024 02:31:41 GMT

File type
GIF image data, version 89a, 45 x 115
Size
581 B (581 bytes)
Hash
031bed6f568fbddddf550a97400b273f
69342ba98b1a924ea4f984f5ef6b244ba0177cb3
f27d451896ac6a8b768361e3f07c2adf1ee7ae6bcb92ac6d0bda7fb5cf915301

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /CookieAuth.dll?GetPic?formdir=2&image=lgntopr.gif HTTP/1.1
Host: webmail.hanz.health.nz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.hanz.health.nz/cookieauth.dll?getlogon?curl=z2f&reason=0&formdir=2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Length: 581
Content-Type: image/gif
Cache-control: max-age=604800

webmail.hanz.health.nz/CookieAuth.dll?GetPic?formdir=2&image=lgntopl.gif

122.56.53.186

200 OK

5.9 kB

URL GET HTTP/1.1
webmail.hanz.health.nz/CookieAuth.dll?GetPic?formdir=2&image=lgntopl.gif
IP
122.56.53.186:443
ASN
#4648 Global-Gateway Internet

Requested by
https://webmail.hanz.health.nz/cookieauth.dll?getlogon?curl=z2f&reason=0&formdir=2
Certificate
IssuerEntrust, Inc.
Subject*.hanz.health.nz
Fingerprint30:B7:D3:E3:B8:F4:CB:BD:52:D2:65:43:3F:D3:5D:7B:68:F9:9C:AC
ValidityTue, 13 Jun 2023 02:31:41 GMT - Wed, 19 Jun 2024 02:31:41 GMT

File type
GIF image data, version 89a, 456 x 115
Size
5.9 kB (5938 bytes)
Hash
5fbc803f9c0b41f5993278b602a412dd
3cdc7c8b3524bb4afb5d8526b5ea8b148b2c3a8e
131f36b787379da6468a1ddce90804f55fb00b90851c583a6f4e0fb210f41321

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /CookieAuth.dll?GetPic?formdir=2&image=lgntopl.gif HTTP/1.1
Host: webmail.hanz.health.nz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.hanz.health.nz/cookieauth.dll?getlogon?curl=z2f&reason=0&formdir=2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Length: 5938
Content-Type: image/gif
Cache-control: max-age=604800

webmail.hanz.health.nz/CookieAuth.dll?GetPic?formdir=2&image=lgnexlogo.gif

122.56.53.186

200 OK

61 B

URL GET HTTP/1.1
webmail.hanz.health.nz/CookieAuth.dll?GetPic?formdir=2&image=lgnexlogo.gif
IP
122.56.53.186:443
ASN
#4648 Global-Gateway Internet

Requested by
https://webmail.hanz.health.nz/cookieauth.dll?getlogon?curl=z2f&reason=0&formdir=2
Certificate
IssuerEntrust, Inc.
Subject*.hanz.health.nz
Fingerprint30:B7:D3:E3:B8:F4:CB:BD:52:D2:65:43:3F:D3:5D:7B:68:F9:9C:AC
ValidityTue, 13 Jun 2023 02:31:41 GMT - Wed, 19 Jun 2024 02:31:41 GMT

File type
GIF image data, version 89a, 22 x 22
Size
61 B (61 bytes)
Hash
873c522598fb6da9f70d5dde7ccf6213
c09fdcf5e3933b8efdae4505825e786462cdad51
b125c5f621a199d89bc496740d7dac72f1a8462465a1b61e331727f5d369b2f4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /CookieAuth.dll?GetPic?formdir=2&image=lgnexlogo.gif HTTP/1.1
Host: webmail.hanz.health.nz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.hanz.health.nz/cookieauth.dll?getlogon?curl=z2f&reason=0&formdir=2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Length: 61
Content-Type: image/gif
Cache-control: max-age=604800

webmail.hanz.health.nz/CookieAuth.dll?GetPic?formdir=2&image=lgnbotr.gif

122.56.53.186

200 OK

2.4 kB

URL GET HTTP/1.1
webmail.hanz.health.nz/CookieAuth.dll?GetPic?formdir=2&image=lgnbotr.gif
IP
122.56.53.186:443
ASN
#4648 Global-Gateway Internet

Requested by
https://webmail.hanz.health.nz/cookieauth.dll?getlogon?curl=z2f&reason=0&formdir=2
Certificate
IssuerEntrust, Inc.
Subject*.hanz.health.nz
Fingerprint30:B7:D3:E3:B8:F4:CB:BD:52:D2:65:43:3F:D3:5D:7B:68:F9:9C:AC
ValidityTue, 13 Jun 2023 02:31:41 GMT - Wed, 19 Jun 2024 02:31:41 GMT

File type
GIF image data, version 89a, 45 x 54
Size
2.4 kB (2392 bytes)
Hash
43b7c46b32691aa778c5e49d139db8f5
e72b87c696eed81b71b853ce245a30377dce205e
97305ffb8ff74176df42bcd213e7cdfd7679630e19911a2db7b399c7960aec3e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /CookieAuth.dll?GetPic?formdir=2&image=lgnbotr.gif HTTP/1.1
Host: webmail.hanz.health.nz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.hanz.health.nz/cookieauth.dll?getlogon?curl=z2f&reason=0&formdir=2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Length: 2392
Content-Type: image/gif
Cache-control: max-age=604800

webmail.hanz.health.nz/CookieAuth.dll?GetPic?formdir=2&image=lgnleft.gif

122.56.53.186

200 OK

290 B

URL GET HTTP/1.1
webmail.hanz.health.nz/CookieAuth.dll?GetPic?formdir=2&image=lgnleft.gif
IP
122.56.53.186:443
ASN
#4648 Global-Gateway Internet

Requested by
https://webmail.hanz.health.nz/cookieauth.dll?getlogon?curl=z2f&reason=0&formdir=2
Certificate
IssuerEntrust, Inc.
Subject*.hanz.health.nz
Fingerprint30:B7:D3:E3:B8:F4:CB:BD:52:D2:65:43:3F:D3:5D:7B:68:F9:9C:AC
ValidityTue, 13 Jun 2023 02:31:41 GMT - Wed, 19 Jun 2024 02:31:41 GMT

File type
GIF image data, version 89a, 15 x 200
Size
290 B (290 bytes)
Hash
baf34665612f4d59f7cfc06ea82da21d
2c8cf5f76499e66d609ddaac026720ef28078421
96a4b86c4a5ff1f1aa67c52287be64ebd51598d32cbd1249351e462cae549185

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /CookieAuth.dll?GetPic?formdir=2&image=lgnleft.gif HTTP/1.1
Host: webmail.hanz.health.nz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.hanz.health.nz/CookieAuth.dll?GetPic?formdir=2&image=logon_style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Length: 290
Content-Type: image/gif
Cache-control: max-age=604800

webmail.hanz.health.nz/CookieAuth.dll?GetPic?formdir=2&image=lgnright.gif

122.56.53.186

200 OK

306 B

URL GET HTTP/1.1
webmail.hanz.health.nz/CookieAuth.dll?GetPic?formdir=2&image=lgnright.gif
IP
122.56.53.186:443
ASN
#4648 Global-Gateway Internet

Requested by
https://webmail.hanz.health.nz/cookieauth.dll?getlogon?curl=z2f&reason=0&formdir=2
Certificate
IssuerEntrust, Inc.
Subject*.hanz.health.nz
Fingerprint30:B7:D3:E3:B8:F4:CB:BD:52:D2:65:43:3F:D3:5D:7B:68:F9:9C:AC
ValidityTue, 13 Jun 2023 02:31:41 GMT - Wed, 19 Jun 2024 02:31:41 GMT

File type
GIF image data, version 89a, 15 x 200
Size
306 B (306 bytes)
Hash
391603f1faee60db855bd11650dbbf72
9728452459447efcc7c453c2150139839fa174bc
a9626d4f60b20f2da50f763f20d891a70625dde0dba68116896026c400b8b775

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /CookieAuth.dll?GetPic?formdir=2&image=lgnright.gif HTTP/1.1
Host: webmail.hanz.health.nz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.hanz.health.nz/CookieAuth.dll?GetPic?formdir=2&image=logon_style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Length: 306
Content-Type: image/gif
Cache-control: max-age=604800

webmail.hanz.health.nz/CookieAuth.dll?GetPic?formdir=2&image=lgntopm.gif

122.56.53.186

200 OK

58 B

URL GET HTTP/1.1
webmail.hanz.health.nz/CookieAuth.dll?GetPic?formdir=2&image=lgntopm.gif
IP
122.56.53.186:443
ASN
#4648 Global-Gateway Internet

Requested by
https://webmail.hanz.health.nz/cookieauth.dll?getlogon?curl=z2f&reason=0&formdir=2
Certificate
IssuerEntrust, Inc.
Subject*.hanz.health.nz
Fingerprint30:B7:D3:E3:B8:F4:CB:BD:52:D2:65:43:3F:D3:5D:7B:68:F9:9C:AC
ValidityTue, 13 Jun 2023 02:31:41 GMT - Wed, 19 Jun 2024 02:31:41 GMT

File type
GIF image data, version 89a, 1 x 115
Size
58 B (58 bytes)
Hash
0615717b3645a8573f07347cdb74d69f
b707c5a9ede57d3232138ed7ccdb0b4ee9e56043
9d894a6800fd18d20423c66066097b9653be9eb3796f6a0e216dca220c45d6d6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /CookieAuth.dll?GetPic?formdir=2&image=lgntopm.gif HTTP/1.1
Host: webmail.hanz.health.nz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.hanz.health.nz/CookieAuth.dll?GetPic?formdir=2&image=logon_style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Length: 58
Content-Type: image/gif
Cache-control: max-age=604800

webmail.hanz.health.nz/CookieAuth.dll?GetPic?formdir=2&image=lgnbotm.gif

122.56.53.186

200 OK

276 B

URL GET HTTP/1.1
webmail.hanz.health.nz/CookieAuth.dll?GetPic?formdir=2&image=lgnbotm.gif
IP
122.56.53.186:443
ASN
#4648 Global-Gateway Internet

Requested by
https://webmail.hanz.health.nz/cookieauth.dll?getlogon?curl=z2f&reason=0&formdir=2
Certificate
IssuerEntrust, Inc.
Subject*.hanz.health.nz
Fingerprint30:B7:D3:E3:B8:F4:CB:BD:52:D2:65:43:3F:D3:5D:7B:68:F9:9C:AC
ValidityTue, 13 Jun 2023 02:31:41 GMT - Wed, 19 Jun 2024 02:31:41 GMT

File type
GIF image data, version 89a, 1 x 54
Size
276 B (276 bytes)
Hash
704330b6d293ce2d32780739218696b9
6ebd408ff617f5317595121191a92bd9ba69a01f
6097839fd066f359bbe21fb228714cd33385a6995a060eaa504ee190e3c1178a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /CookieAuth.dll?GetPic?formdir=2&image=lgnbotm.gif HTTP/1.1
Host: webmail.hanz.health.nz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.hanz.health.nz/CookieAuth.dll?GetPic?formdir=2&image=logon_style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Length: 276
Content-Type: image/gif
Cache-control: max-age=604800

webmail.hanz.health.nz/CookieAuth.dll?GetPic?formdir=2&image=favicon.ico

122.56.53.186

200 OK

1.2 kB

URL GET HTTP/1.1
webmail.hanz.health.nz/CookieAuth.dll?GetPic?formdir=2&image=favicon.ico
IP
122.56.53.186:443
ASN
#4648 Global-Gateway Internet

Requested by
https://webmail.hanz.health.nz/cookieauth.dll?getlogon?curl=z2f&reason=0&formdir=2
Certificate
IssuerEntrust, Inc.
Subject*.hanz.health.nz
Fingerprint30:B7:D3:E3:B8:F4:CB:BD:52:D2:65:43:3F:D3:5D:7B:68:F9:9C:AC
ValidityTue, 13 Jun 2023 02:31:41 GMT - Wed, 19 Jun 2024 02:31:41 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
738c26ac73a5817089c30ef2da9a707e
8832d1f0830554f33c62df6f52814410ef950f88
ee6a7f6889908066f36944f85661471d18eb93fa8577e7a719f3ad4b867cf381

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /CookieAuth.dll?GetPic?formdir=2&image=favicon.ico HTTP/1.1
Host: webmail.hanz.health.nz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.hanz.health.nz/cookieauth.dll?getlogon?curl=z2f&reason=0&formdir=2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Length: 1150
Content-Type: image/x-icon
Cache-control: max-age=604800

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (15)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections