Report - aus01.safelinks.protection.outlook.com/?url=https://ad.doubleclick.net/clk;265186560;90846275;t;pc=[TPAS_ID]?//goldenagesage.com/LBG/bernie.ward/YmVybmllLndhcmRAdmxpbmUuY29tLmF1\u0026data=05|02|bernie.ward@vline.com.au|25669eb784a54e94f4d608dc1d428748|d2f5bbdcb3b045d99d723edb76f1308c|0|0|638417418783674564|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|3000|||\u0026sdata=5DQxmaoXKEzVEOQ7LaUIAtLuoSyWP7tlTYgDYt3DK3k=\u0026reserved=0\

Report Overview

Visited public
2024-01-25 09:20:49
Tags
malware suspicious
URL
aus01.safelinks.protection.outlook.com/?url=https://ad.doubleclick.net/clk;265186560;90846275;t;pc=[TPAS_ID]?//goldenagesage.com/LBG/bernie.ward/YmVybmllLndhcmRAdmxpbmUuY29tLmF1\u0026data=05|02|bernie.ward@vline.com.au|25669eb784a54e94f4d608dc1d428748|d2f5bbdcb3b045d99d723edb76f1308c|0|0|638417418783674564|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|3000|||\u0026sdata=5DQxmaoXKEzVEOQ7LaUIAtLuoSyWP7tlTYgDYt3DK3k=\u0026reserved=0\
Finishing URL
aus01.safelinks.protection.outlook.com/?url=https://ad.doubleclick.net/clk;265186560;90846275;t;pc=[TPAS_ID]?//goldenagesage.com/LBG/bernie.ward/YmVybmllLndhcmRAdmxpbmUuY29tLmF1\u0026data=05|02|bernie.ward@vline.com.au|25669eb784a54e94f4d608dc1d428748|d2f5bbdcb3b045d99d723edb76f1308c|0|0|638417418783674564|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|3000|||\u0026sdata=5DQxmaoXKEzVEOQ7LaUIAtLuoSyWP7tlTYgDYt3DK3k=\u0026reserved=0\
IP / ASN
52.102.13.44
#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Title
Error during processing.
Malware - Webshell
Suspicious - Anti-debugging code

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
aus01.safelinks.protection.outlook.com	495709	1994-08-18	2017-05-08 02:24:24	2024-01-24 06:01:44	3.7 kB	30 kB	52.102.12.188

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	aus01.safelinks.protection.outlook.com/Content/Scripts/site.js	ScriptElement	1.6 kB	2023-03-07	2025-04-25
Pretty URL aus01.safelinks.protection.outlook.com/Content/Scripts/site.js IP 52.102.12.204 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:14 Last Seen2025-04-25 19:01 Times Seen477 Hash 3af1fdb9a3f664a6683d212f4787733a 59063d49b723a1988236c8d39c2804c6ebc5ff95 a9ce4840ff0d613b456081dea64e46eb717a1f8bfa5afb05d3bd058f294e416c Loading...

HTTP Transactions (4)

URL IP Response Size

aus01.safelinks.protection.outlook.com/?url=https://ad.doubleclick.net/clk;265186560;90846275;t;pc=[TPAS_ID]?//goldenagesage.com/LBG/bernie.ward/YmVybmllLndhcmRAdmxpbmUuY29tLmF1\u0026data=05|02|bernie.ward@vline.com.au|25669eb784a54e94f4d608dc1d428748|d2f5bbdcb3b045d99d723edb76f1308c|0|0|638417418783674564|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|3000|||\u0026sdata=5DQxmaoXKEzVEOQ7LaUIAtLuoSyWP7tlTYgDYt3DK3k=\u0026reserved=0\

52.102.12.188

1.8 kB

URL
aus01.safelinks.protection.outlook.com/?url=https://ad.doubleclick.net/clk;265186560;90846275;t;pc=[TPAS_ID]?//goldenagesage.com/LBG/bernie.ward/YmVybmllLndhcmRAdmxpbmUuY29tLmF1\u0026data=05|02|bernie.ward@vline.com.au|25669eb784a54e94f4d608dc1d428748|d2f5bbdcb3b045d99d723edb76f1308c|0|0|638417418783674564|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|3000|||\u0026sdata=5DQxmaoXKEzVEOQ7LaUIAtLuoSyWP7tlTYgDYt3DK3k=\u0026reserved=0\
IP
52.102.12.188:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document, ASCII text, with very long lines (786), with CRLF line terminators
Size
1.8 kB (1797 bytes)
Hash
d58922a8fe79d128a252c3b38b676078
633d1ddac4495d6f309070e2efa8495043f9f5f0
05aea3955830946641ca5a443a6fa7edd8de37f28fd5b39fc81dd38cdac856d4

HTTP Headers

GET /?url=https://ad.doubleclick.net/clk;265186560;90846275;t;pc=[TPAS_ID]?//goldenagesage.com/LBG/bernie.ward/YmVybmllLndhcmRAdmxpbmUuY29tLmF1\u0026data=05|02|bernie.ward@vline.com.au|25669eb784a54e94f4d608dc1d428748|d2f5bbdcb3b045d99d723edb76f1308c|0|0|638417418783674564|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|3000|||\u0026sdata=5DQxmaoXKEzVEOQ7LaUIAtLuoSyWP7tlTYgDYt3DK3k=\u0026reserved=0\ HTTP/1.1
Host: aus01.safelinks.protection.outlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 4.0
X-SL-GetUrlReputation-Verdict: Error
SafelinksWebApiErrorCode: 400202
X-Robots-Tag: noindex, nofollow
X-AspNet-Version: 4.0.30319
X-ServerName: SY6AUS01WS0027
X-ServerVersion: 15.20.7202.035
X-ServerLat: 5
X-SafeLinks-Tracking-Id: 82139d94-df68-4af5-c430-08dc1d86dd1a
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
X-UA-Compatible: IE=Edge
Date: Thu, 25 Jan 2024 09:20:24 GMT
Connection: close
Content-Length: 1797

aus01.safelinks.protection.outlook.com/Content/Scripts/safelinksv2.css

52.102.12.204

200 OK

1.1 kB

URL GET HTTP/1.1
aus01.safelinks.protection.outlook.com/Content/Scripts/safelinksv2.css
IP
52.102.12.204:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://aus01.safelinks.protection.outlook.com/?url=https://ad.doubleclick.net/clk;265186560;90846275;t;pc=[TPAS_ID]?//goldenagesage.com/LBG/bernie.ward/YmVybmllLndhcmRAdmxpbmUuY29tLmF1\u0026data=05|02|bernie.ward@vline.com.au|25669eb784a54e94f4d608dc1d428748|d2f5bbdcb3b045d99d723edb76f1308c|0|0|638417418783674564|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|3000|||\u0026sdata=5DQxmaoXKEzVEOQ7LaUIAtLuoSyWP7tlTYgDYt3DK3k=\u0026reserved=0\
Certificate
IssuerDigiCert Inc
Subject*.safelinks.protection.outlook.com
FingerprintAC:D5:5A:BD:B6:35:63:20:02:15:3D:7B:3F:ED:0E:3F:7F:A6:48:EB
ValidityMon, 08 May 2023 00:00:00 GMT - Tue, 07 May 2024 23:59:59 GMT

File type
ASCII text, with CRLF line terminators
Size
1.1 kB (1142 bytes)
Hash
bbad95c4a0be4e5775b7d5b409fbf602
fad598750b15c207dfef6e1fea3c072baeac2b66
41f78d15ae18c36b84c819d9af3511c342c180f0aba8f91dc1ccf4046b56b308

HTTP Headers

GET /Content/Scripts/safelinksv2.css HTTP/1.1
Host: aus01.safelinks.protection.outlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://aus01.safelinks.protection.outlook.com/?url=https://ad.doubleclick.net/clk;265186560;90846275;t;pc=[TPAS_ID]?//goldenagesage.com/LBG/bernie.ward/YmVybmllLndhcmRAdmxpbmUuY29tLmF1\u0026data=05|02|bernie.ward@vline.com.au|25669eb784a54e94f4d608dc1d428748|d2f5bbdcb3b045d99d723edb76f1308c|0|0|638417418783674564|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|3000|||\u0026sdata=5DQxmaoXKEzVEOQ7LaUIAtLuoSyWP7tlTYgDYt3DK3k=\u0026reserved=0\
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Wed, 24 Jan 2024 02:57:54 GMT
Accept-Ranges: bytes
ETag: "0253d20714eda1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-ServerName: ME3AUS01WS0047
X-ServerVersion: 15.20.7202.042
X-ServerLat: 0
X-SafeLinks-Tracking-Id: ae85935a-590e-4e67-c47d-08dc1d86dd8d
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
X-UA-Compatible: IE=Edge
Date: Thu, 25 Jan 2024 09:20:25 GMT
Connection: close
Content-Length: 1142

aus01.safelinks.protection.outlook.com/Content/Scripts/site.js

52.102.12.204

200 OK

854 B

URL GET HTTP/1.1
aus01.safelinks.protection.outlook.com/Content/Scripts/site.js
IP
52.102.12.204:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://aus01.safelinks.protection.outlook.com/?url=https://ad.doubleclick.net/clk;265186560;90846275;t;pc=[TPAS_ID]?//goldenagesage.com/LBG/bernie.ward/YmVybmllLndhcmRAdmxpbmUuY29tLmF1\u0026data=05|02|bernie.ward@vline.com.au|25669eb784a54e94f4d608dc1d428748|d2f5bbdcb3b045d99d723edb76f1308c|0|0|638417418783674564|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|3000|||\u0026sdata=5DQxmaoXKEzVEOQ7LaUIAtLuoSyWP7tlTYgDYt3DK3k=\u0026reserved=0\
Certificate
IssuerDigiCert Inc
Subject*.safelinks.protection.outlook.com
FingerprintAC:D5:5A:BD:B6:35:63:20:02:15:3D:7B:3F:ED:0E:3F:7F:A6:48:EB
ValidityMon, 08 May 2023 00:00:00 GMT - Tue, 07 May 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
854 B (854 bytes)
Hash
3af1fdb9a3f664a6683d212f4787733a
59063d49b723a1988236c8d39c2804c6ebc5ff95
a9ce4840ff0d613b456081dea64e46eb717a1f8bfa5afb05d3bd058f294e416c

Detections

Analyzer	Verdict	Alert
urlquery	malware	Malware - Webshell
urlquery	suspicious	Suspicious - Anti-debugging code

HTTP Headers

GET /Content/Scripts/site.js HTTP/1.1
Host: aus01.safelinks.protection.outlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://aus01.safelinks.protection.outlook.com/?url=https://ad.doubleclick.net/clk;265186560;90846275;t;pc=[TPAS_ID]?//goldenagesage.com/LBG/bernie.ward/YmVybmllLndhcmRAdmxpbmUuY29tLmF1\u0026data=05|02|bernie.ward@vline.com.au|25669eb784a54e94f4d608dc1d428748|d2f5bbdcb3b045d99d723edb76f1308c|0|0|638417418783674564|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|3000|||\u0026sdata=5DQxmaoXKEzVEOQ7LaUIAtLuoSyWP7tlTYgDYt3DK3k=\u0026reserved=0\
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Tue, 23 Jan 2024 23:05:44 GMT
Accept-Ranges: bytes
ETag: "0d44fb1504eda1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-ServerName: ME3AUS01WS0045
X-ServerVersion: 15.20.7202.041
X-ServerLat: 0
X-SafeLinks-Tracking-Id: 7052c189-d1fe-4465-1cb1-08dc1d86de08
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
X-UA-Compatible: IE=Edge
Date: Thu, 25 Jan 2024 09:20:26 GMT
Connection: close
Content-Length: 854

aus01.safelinks.protection.outlook.com/Content/images/scanned.png

52.102.12.204

200 OK

24 kB

URL GET HTTP/1.1
aus01.safelinks.protection.outlook.com/Content/images/scanned.png
IP
52.102.12.204:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://aus01.safelinks.protection.outlook.com/?url=https://ad.doubleclick.net/clk;265186560;90846275;t;pc=[TPAS_ID]?//goldenagesage.com/LBG/bernie.ward/YmVybmllLndhcmRAdmxpbmUuY29tLmF1\u0026data=05|02|bernie.ward@vline.com.au|25669eb784a54e94f4d608dc1d428748|d2f5bbdcb3b045d99d723edb76f1308c|0|0|638417418783674564|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|3000|||\u0026sdata=5DQxmaoXKEzVEOQ7LaUIAtLuoSyWP7tlTYgDYt3DK3k=\u0026reserved=0\
Certificate
IssuerDigiCert Inc
Subject*.safelinks.protection.outlook.com
FingerprintAC:D5:5A:BD:B6:35:63:20:02:15:3D:7B:3F:ED:0E:3F:7F:A6:48:EB
ValidityMon, 08 May 2023 00:00:00 GMT - Tue, 07 May 2024 23:59:59 GMT

File type
PNG image data, 186 x 200, 8-bit/color RGBA, non-interlaced
Size
24 kB (24231 bytes)
Hash
1f6397becea10f3aa7c63671c29b9a79
633d92227b28480cd1b26adb7c259d9208ab0bbb
bf5bd5c4216a18e5cea417d8ef471796eca754cff391d087409a940008d71a25

HTTP Headers

GET /Content/images/scanned.png HTTP/1.1
Host: aus01.safelinks.protection.outlook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://aus01.safelinks.protection.outlook.com/?url=https://ad.doubleclick.net/clk;265186560;90846275;t;pc=[TPAS_ID]?//goldenagesage.com/LBG/bernie.ward/YmVybmllLndhcmRAdmxpbmUuY29tLmF1\u0026data=05|02|bernie.ward@vline.com.au|25669eb784a54e94f4d608dc1d428748|d2f5bbdcb3b045d99d723edb76f1308c|0|0|638417418783674564|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|3000|||\u0026sdata=5DQxmaoXKEzVEOQ7LaUIAtLuoSyWP7tlTYgDYt3DK3k=\u0026reserved=0\
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Tue, 23 Jan 2024 23:07:54 GMT
Accept-Ranges: bytes
ETag: "041ccfe504eda1:0"
Server: Microsoft-IIS/10.0
X-ServerName: ME3AUS01WS0042
X-ServerVersion: 15.20.7202.041
X-ServerLat: 0
X-SafeLinks-Tracking-Id: 3ac8c40c-6996-4f28-519c-08dc1d86de2f
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
X-UA-Compatible: IE=Edge
Date: Thu, 25 Jan 2024 09:20:26 GMT
Connection: close
Content-Length: 24231

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (4)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers