Report - cloudflare-ipfs.com/ipfs/bafybeige7hnaour62sjqnxxjebtz22legdqm4znvplpgskol5fhvb2c2aa/yankke.html

Report Overview

Submitted URL
cloudflare-ipfs.com/ipfs/bafybeige7hnaour62sjqnxxjebtz22legdqm4znvplpgskol5fhvb2c2aa/yankke.html
IP
104.17.96.13
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-20 16:29:46
Access
public
Website Title
Outlook Web App
Final URL
cloudflare-ipfs.com/ipfs/bafybeige7hnaour62sjqnxxjebtz22legdqm4znvplpgskol5fhvb2c2aa/yankke.html
Tags
microsoft phishing
urlquery detections
Phishing - Microsoft

Detections

urlquery
5
Network Intrusion Detection
1
Threat Detection Systems
10

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ajax.googleapis.com	12905	2005-01-25	2013-08-16	2024-04-20	434 B	32 kB	172.217.21.170
www.google.com	7	1997-09-15	2015-05-10	2024-03-23	448 B	818 B	142.250.74.164
cloudflare-ipfs.com	75147	2018-05-30	2021-01-20	2024-03-15	2.8 kB	79 kB	104.17.64.14
webmail.bourbon-online.com	unknown	2005-02-07	2017-02-06	2024-04-17	1.7 kB	32 kB	40.68.95.2
t1.gstatic.com	unknown	2008-02-11	2013-05-07	2024-04-19	1.0 kB	2.0 kB	142.250.74.68
image.thum.io	282725	2016-02-04	2017-02-03	2024-04-16	498 B	25 kB	3.224.156.130

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-04-20 16:29:21	low	Client IP	104.17.64.14	ET INFO Peer to Peer File Sharing Service Domain in TLS SNI (cloudflare-ipfs .com)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-20	medium	cloudflare-ipfs.com/ipfs/bafybeige7hnaour62sjqnxxjebtz22legdqm4znvplpgskol5fhvb2c2aa/yankke.html	Outlook

PhishTank

Scan Date	Severity	Indicator	Alert
2023-05-02	medium	cloudflare-ipfs.com/ipfs/bafybeidlficx7iqagdxetiwziqdy3dsemp4ms3i27w73vufq4be3ow4qvi	Other
2024-03-22	medium	cloudflare-ipfs.com/ipfs/bafybeige7hnaour62sjqnxxjebtz22legdqm4znvplpgskol5fhvb2c2aa/yankke.html	Other
2023-05-02	medium	cloudflare-ipfs.com/ipfs/bafybeige7hnaour62sjqnxxjebtz22legdqm4znvplpgskol5fhvb2c2aa/Outlook%20Web%20App_files/lgnbotr.gif	Other
2023-05-02	medium	cloudflare-ipfs.com/ipfs/bafybeige7hnaour62sjqnxxjebtz22legdqm4znvplpgskol5fhvb2c2aa/Outlook%20Web%20App_files/lgnexlogo.gif	Other

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	Size	First Seen	Last Seen
	cloudflare-ipfs.com/ipfs/bafybeidlficx7iqagdxetiwziqdy3dsemp4ms3i27w73vufq4be3ow4qvi	276 kB	2024-04-20	2024-04-20
Pretty URL cloudflare-ipfs.com/ipfs/bafybeidlficx7iqagdxetiwziqdy3dsemp4ms3i27w73vufq4be3ow4qvi IP 104.17.64.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-20 18:29:47 Last Seen2024-04-20 18:29:47 Times Seen2 Hash a8916795af8897f13bb4f6367d9f77fb 8d54ddbf4e0eac4677599e286a73e42314fc6c12 b88146f1baa6f52ea877023f3f036fdb607c368edc55bcc9b0f36469c9c724bf Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js	90 kB	2023-03-07	2024-05-03
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js IP 172.217.21.170 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-05-03 22:06:25 Times Seen141249 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	unknown	5.3 kB	2024-04-20	2024-04-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-20 18:29:47 Last Seen2024-04-20 18:29:47 Times Seen1 Hash d30951bcd84e376b5771864ba7f1ae05 e3babf61810d65a0d0e11be3a05db65530dc8343 ecc3a90a6bfe7dd3c554794956d48e192a23308de601ebad486506ac2b532833 Loading...

		Size	First Seen	Last Seen
	#1 Write - 45822f0e342c6aae038a0f8a88d87d2a	47 kB	2024-04-20	2024-04-20
Pretty Observations First Seen2024-04-20 18:29:47 Last Seen2024-04-20 18:29:47 Times Seen1 Hash 45822f0e342c6aae038a0f8a88d87d2a eece305ea7bbf86527b538a9877576360622bcc4 3ea0795de7ca599db12653881b066f2261ab11627fdc4f65d753e769ccd874be Loading...

HTTP Transactions (11)

URL IP Response Size

ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

172.217.21.170

200 OK

31 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP
172.217.21.170:443
ASN
#15169 GOOGLE

Requested by
https://cloudflare-ipfs.com/ipfs/bafybeige7hnaour62sjqnxxjebtz22legdqm4znvplpgskol5fhvb2c2aa/yankke.html
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2
ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
31 kB (31021 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31021
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 09:56:44 GMT
expires: Wed, 16 Apr 2025 09:56:44 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 369158
last-modified: Fri, 08 May 2020 07:05:03 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.com/s2/favicons?domain=undefined&sz=64

142.250.74.164

301 Moved Permanently

329 B

URL GET HTTP/2
www.google.com/s2/favicons?domain=undefined&sz=64
IP
142.250.74.164:443
ASN
#15169 GOOGLE

Requested by
https://cloudflare-ipfs.com/ipfs/bafybeige7hnaour62sjqnxxjebtz22legdqm4znvplpgskol5fhvb2c2aa/yankke.html
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintCD:48:2A:0C:60:1D:37:5A:D4:D5:A9:F7:DE:A0:2B:5E:2F:29:76:73
ValidityMon, 18 Mar 2024 20:38:49 GMT - Mon, 10 Jun 2024 20:38:48 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
329 B (329 bytes)
Hash
2bd5b1b09e239bbafd089789ca5f6560
2a1a2a7da9937a598fade07f58b7c69ca50feb02
23b5f34a5987f3eac6dc90e66a7d44b387e7b3fa6fa676662ea25b82d83873c6

HTTP Headers

GET /s2/favicons?domain=undefined&sz=64 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
location: https://t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://undefined&size=64
x-content-type-options: nosniff
server: sffe
content-length: 329
x-xss-protection: 0
date: Sat, 20 Apr 2024 16:01:56 GMT
expires: Sat, 20 Apr 2024 16:31:56 GMT
cache-control: public, max-age=1800
content-type: text/html; charset=UTF-8
age: 1646
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cloudflare-ipfs.com/ipfs/bafybeidlficx7iqagdxetiwziqdy3dsemp4ms3i27w73vufq4be3ow4qvi

104.17.64.14

200 OK

75 kB

URL GET HTTP/3
cloudflare-ipfs.com/ipfs/bafybeidlficx7iqagdxetiwziqdy3dsemp4ms3i27w73vufq4be3ow4qvi
IP
104.17.64.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cloudflare-ipfs.com/ipfs/bafybeige7hnaour62sjqnxxjebtz22legdqm4znvplpgskol5fhvb2c2aa/yankke.html
Certificate
IssuerLet's Encrypt
Subjectcloudflare-ipfs.com
Fingerprint18:E5:C9:71:96:8A:A9:48:E2:79:2A:29:91:D2:4E:46:90:B7:5D:9F
ValiditySun, 25 Feb 2024 02:55:05 GMT - Sat, 25 May 2024 02:55:04 GMT

File type
ASCII text
Size
75 kB (75076 bytes)
Hash
a8916795af8897f13bb4f6367d9f77fb
8d54ddbf4e0eac4677599e286a73e42314fc6c12
b88146f1baa6f52ea877023f3f036fdb607c368edc55bcc9b0f36469c9c724bf

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
PhishTank	phishing	Other

HTTP Headers

GET /ipfs/bafybeidlficx7iqagdxetiwziqdy3dsemp4ms3i27w73vufq4be3ow4qvi HTTP/1.1
Host: cloudflare-ipfs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/ipfs/bafybeige7hnaour62sjqnxxjebtz22legdqm4znvplpgskol5fhvb2c2aa/yankke.html
Cookie: __cf_bm=UNJ2dcHrRQ3UeNAn6v.7VxgFxN.RpIQwxuIhRguxAZc-1713630561-1.0.1.1-bapWr4hl3Vbe_rMjQL_qH9GEKjbHu25ovR1OgLMGJ_t3lnatKE5p6N3QvvjF3KskhzAi2QdXQy.Kx3f0mVxBTQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 20 Apr 2024 16:29:22 GMT
content-type: text/plain; charset=utf-8
cf-ray: 87768341cff956a8-OSL
cf-cache-status: MISS
access-control-allow-origin: *
cache-control: public, max-age=29030400, immutable
etag: W/"bafybeidlficx7iqagdxetiwziqdy3dsemp4ms3i27w73vufq4be3ow4qvi"
vary: Accept-Encoding
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
access-control-allow-methods: GET
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
x-cf-ipfs-cache-status: miss
x-ipfs-path: /ipfs/bafybeidlficx7iqagdxetiwziqdy3dsemp4ms3i27w73vufq4be3ow4qvi
x-ipfs-roots: bafybeidlficx7iqagdxetiwziqdy3dsemp4ms3i27w73vufq4be3ow4qvi
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400

webmail.bourbon-online.com/owa/14.3.513.0/themes/resources/favicon.ico

40.68.95.2

302 Found

283 B

URL GET HTTP/1.1
webmail.bourbon-online.com/owa/14.3.513.0/themes/resources/favicon.ico
IP
40.68.95.2:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://cloudflare-ipfs.com/ipfs/bafybeige7hnaour62sjqnxxjebtz22legdqm4znvplpgskol5fhvb2c2aa/yankke.html
Certificate
IssuerGlobalSign nv-sa
Subject*.bourbon-online.com
FingerprintDD:05:12:FD:78:C8:65:A1:61:70:99:C5:2F:3D:1B:D5:88:13:22:6E
ValidityThu, 30 Mar 2023 13:38:32 GMT - Tue, 30 Apr 2024 13:38:31 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
283 B (283 bytes)
Hash
3118fe47da7f59ed3f952f1054020688
7f2261accf953c38b9389dd4c3be401ef2f5ab05
64304be82c90b33e86841f091bf41dc8620ee94c7594e0356b5072e66eda7d73

HTTP Headers

GET /owa/14.3.513.0/themes/resources/favicon.ico HTTP/1.1
Host: webmail.bourbon-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Content-Length: 283
Content-Type: text/html; charset=utf-8
Location: https://webmail.bourbon-online.com/owa/auth/logon.aspx?url=https%3a%2f%2fwebmail.bourbon-online.com%2fowa%2f14.3.513.0%2fthemes%2fresources%2ffavicon.ico&reason=0
x-ms-proxy-app-id: 2fae948a-2e1b-443c-a062-e3f3eec07536
x-ms-proxy-group-id: cf763f30-62e8-43e4-b3aa-abc5f7c8224a
x-ms-proxy-subscription-id: d30c28fe-0ba2-40bd-b498-76d8fa33a04d
x-ms-proxy-transaction-id: 090077cd-2d40-469e-99f1-1346534d614e
x-ms-proxy-service-name: proxy-appproxy-WEUR-AMS02P-2
x-ms-proxy-data-center: WEUR
x-ms-proxy-connector-id: a705a5e9-bb98-4974-9868-bc8c215b2a5f
request-id: 35839cf0-2b82-4f33-80f3-459af88015d3
X-FEServer: MRSEXC12
X-OWA-Version: 15.1.2507.27
X-Powered-By: ASP.NET
Nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.2,"failure_fraction":1.0}
Report-To: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://ffde.nelreports.net/api/report?cat=proxy-appproxy-WEUR-AMS02P-2"}]}
Set-Cookie: AzureAppProxyAnalyticCookie_2fae948a-2e1b-443c-a062-e3f3eec07536_https_1.3=MGD:MIIBwAYJKoZIhvcNAQcDoIIBsTCCAa0CAQIxggEzooIBLwIBBDCB8gRUTAAAAAAAAAABAAAAS0RTSwIAAABqAQAACwAAABIAAACQzkM4rtqVel8AakHaL5XlIAAAAGnbvYiRF54PYzTwURkux+E3GctUUmuLojyLPXET55ZLMIGZBgkrBgEEAYI3SgEwgYsGCisGAQQBgjdKAQ0wfTB7MHkMBERTVFMMcWV1cm9wZXdlc3QtZGtkcy5ka2RzLmNvcmUud2luZG93cy5uZXQ7aHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNS9pZGVudGl0eS9jbGFpbXMvbmFtZTtjd2FwcHJveHlka2RzZXVyMAsGCWCGSAFlAwQBLQQoE80ZgDB/EEyyLWsrH4nnI7KwKA1CpSmN/Rqy3Y+j1ChY45P+3E/liDBxBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDAX5DD/Uwsdd4CetbQIBEIBEQKeHCuSf2nYx9o4+wggcE0Vtm+TnQViUt49BIsHg17BMe+7cF1ct1khPMzbho5pK8ZKFHIMCmz6dNQB8hySlNfI5pzU=; path=/; Secure; SameSite=None
Date: Sat, 20 Apr 2024 16:29:21 GMT

t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://undefined&size=64

142.250.74.68

726 B

URL
t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://undefined&size=64
IP
142.250.74.68:0
ASN
#15169 GOOGLE

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
726 B (726 bytes)
Hash
b8a0bf372c762e966cc99ede8682bc71
2d7c9b60d1e2b4f4726141de2e4ab738110b9287
59bfe9bc385ad69f50793ce4a53397316d7a875a7148a63c16df9b674c6cda64

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://undefined&size=64 HTTP/1.1
Host: t1.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cloudflare-ipfs.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
cross-origin-resource-policy: cross-origin
content-type: image/png
x-content-type-options: nosniff
date: Sat, 20 Apr 2024 16:29:22 GMT
server: sffe
content-length: 726
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

webmail.bourbon-online.com/owa/auth/logon.aspx?url=https%3a%2f%2fwebmail.bourbon-online.com%2fowa%2f14.3.513.0%2fthemes%2fresources%2ffavicon.ico&reason=0

40.68.95.2

200 OK

29 kB

URL GET HTTP/1.1
webmail.bourbon-online.com/owa/auth/logon.aspx?url=https%3a%2f%2fwebmail.bourbon-online.com%2fowa%2f14.3.513.0%2fthemes%2fresources%2ffavicon.ico&reason=0
IP
40.68.95.2:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://cloudflare-ipfs.com/ipfs/bafybeige7hnaour62sjqnxxjebtz22legdqm4znvplpgskol5fhvb2c2aa/yankke.html
Certificate
IssuerGlobalSign nv-sa
Subject*.bourbon-online.com
FingerprintDD:05:12:FD:78:C8:65:A1:61:70:99:C5:2F:3D:1B:D5:88:13:22:6E
ValidityThu, 30 Mar 2023 13:38:32 GMT - Tue, 30 Apr 2024 13:38:31 GMT

File type
HTML document, ASCII text, with very long lines (1062), with CRLF, LF line terminators
Size
29 kB (28935 bytes)
Hash
6dcded9fbe29b037092745cc5beaa333
0122e34eae0266bc7a66e9e2545c38fe8542bb78
a02dc0833c5dd43ddfe30bbe9daa62b59f693a3e9d37a95ca56614280f5be3b6

HTTP Headers

GET /owa/auth/logon.aspx?url=https%3a%2f%2fwebmail.bourbon-online.com%2fowa%2f14.3.513.0%2fthemes%2fresources%2ffavicon.ico&reason=0 HTTP/1.1
Host: webmail.bourbon-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cloudflare-ipfs.com/
DNT: 1
Connection: keep-alive
Cookie: AzureAppProxyAnalyticCookie_2fae948a-2e1b-443c-a062-e3f3eec07536_https_1.3=MGD:MIIBwAYJKoZIhvcNAQcDoIIBsTCCAa0CAQIxggEzooIBLwIBBDCB8gRUTAAAAAAAAAABAAAAS0RTSwIAAABqAQAACwAAABIAAACQzkM4rtqVel8AakHaL5XlIAAAAGnbvYiRF54PYzTwURkux+E3GctUUmuLojyLPXET55ZLMIGZBgkrBgEEAYI3SgEwgYsGCisGAQQBgjdKAQ0wfTB7MHkMBERTVFMMcWV1cm9wZXdlc3QtZGtkcy5ka2RzLmNvcmUud2luZG93cy5uZXQ7aHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNS9pZGVudGl0eS9jbGFpbXMvbmFtZTtjd2FwcHJveHlka2RzZXVyMAsGCWCGSAFlAwQBLQQoE80ZgDB/EEyyLWsrH4nnI7KwKA1CpSmN/Rqy3Y+j1ChY45P+3E/liDBxBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDAX5DD/Uwsdd4CetbQIBEIBEQKeHCuSf2nYx9o4+wggcE0Vtm+TnQViUt49BIsHg17BMe+7cF1ct1khPMzbho5pK8ZKFHIMCmz6dNQB8hySlNfI5pzU=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 28935
Content-Type: text/html; charset=utf-8
Expires: -1
x-ms-proxy-app-id: 2fae948a-2e1b-443c-a062-e3f3eec07536
x-ms-proxy-group-id: cf763f30-62e8-43e4-b3aa-abc5f7c8224a
x-ms-proxy-subscription-id: d30c28fe-0ba2-40bd-b498-76d8fa33a04d
x-ms-proxy-transaction-id: 9853e258-b9d1-419e-a098-e6f9a4b6e07f
x-ms-proxy-service-name: proxy-appproxy-WEUR-AMS02P-2
x-ms-proxy-data-center: WEUR
x-ms-proxy-connector-id: a705a5e9-bb98-4974-9868-bc8c215b2a5f
request-id: 36c55077-5368-4ef3-a380-7c1166cbbcca
X-AspNet-Version: 4.0.30319
X-Frame-Options: SAMEORIGIN
X-Powered-By: ASP.NET
Nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.2,"failure_fraction":1.0}
Report-To: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://ffde.nelreports.net/api/report?cat=proxy-appproxy-WEUR-AMS02P-2"}]}
Date: Sat, 20 Apr 2024 16:29:21 GMT

image.thum.io/get/65490-1671030344805-37a36e07674665dbe1105f1044aab44d/width/1200/https://undefined

3.224.156.130

403 Forbidden

25 kB

URL GET HTTP/2
image.thum.io/get/65490-1671030344805-37a36e07674665dbe1105f1044aab44d/width/1200/https://undefined
IP
3.224.156.130:443
ASN
#14618 AMAZON-AES

Requested by
https://cloudflare-ipfs.com/ipfs/bafybeige7hnaour62sjqnxxjebtz22legdqm4znvplpgskol5fhvb2c2aa/yankke.html
Certificate
IssuerAmazon
Subject*.thum.io
Fingerprint07:A3:2D:21:8F:4E:98:41:CF:71:06:8A:8A:92:CF:EA:7F:05:ED:03
ValiditySun, 24 Sep 2023 00:00:00 GMT - Tue, 22 Oct 2024 23:59:59 GMT

File type
PNG image data, 1200 x 1200, 8-bit/color RGBA, non-interlaced
Size
25 kB (24648 bytes)
Hash
63d20b75d315e809137936e768f2d38b
2498fcd9045e4c642f918d6655e80efff338405c
2b6af623a5f8bf5665184cd95968fcfc0e11dee88adececdc22b95aab7ad69d1

HTTP Headers

GET /get/65490-1671030344805-37a36e07674665dbe1105f1044aab44d/width/1200/https://undefined HTTP/1.1
Host: image.thum.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Sat, 20 Apr 2024 16:29:22 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT
thum_status_code: 0
content-disposition: inline; filename= "undefined.png"
pragma: no-cache
X-Firefox-Spdy: h2

t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://undefined&size=64

142.250.74.68

404 Not Found

726 B

URL GET HTTP/2
t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://undefined&size=64
IP
142.250.74.68:443
ASN
#15169 GOOGLE

Requested by
https://cloudflare-ipfs.com/ipfs/bafybeige7hnaour62sjqnxxjebtz22legdqm4znvplpgskol5fhvb2c2aa/yankke.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74
ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
726 B (726 bytes)
Hash
b8a0bf372c762e966cc99ede8682bc71
2d7c9b60d1e2b4f4726141de2e4ab738110b9287
59bfe9bc385ad69f50793ce4a53397316d7a875a7148a63c16df9b674c6cda64

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://undefined&size=64 HTTP/1.1
Host: t1.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cloudflare-ipfs.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
cross-origin-resource-policy: cross-origin
content-type: image/png
x-content-type-options: nosniff
date: Sat, 20 Apr 2024 16:29:22 GMT
server: sffe
content-length: 726
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cloudflare-ipfs.com/ipfs/bafybeige7hnaour62sjqnxxjebtz22legdqm4znvplpgskol5fhvb2c2aa/yankke.html

104.17.64.14

200 OK

140 B

URL User Request GET HTTP/2
cloudflare-ipfs.com/ipfs/bafybeige7hnaour62sjqnxxjebtz22legdqm4znvplpgskol5fhvb2c2aa/yankke.html
IP
104.17.64.14:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectcloudflare-ipfs.com
Fingerprint18:E5:C9:71:96:8A:A9:48:E2:79:2A:29:91:D2:4E:46:90:B7:5D:9F
ValiditySun, 25 Feb 2024 02:55:05 GMT - Sat, 25 May 2024 02:55:04 GMT

File type
HTML document, ASCII text, with no line terminators
Size
140 B (140 bytes)
Hash
87dc4dbf414c198f6246777663bde2d8
560e058f6a5eebdffb92d75fa2b9c4d24925e3b4
ebee00d5c0f739f6b7779e33ba6243d14fe059e3bacae97064ad44f0f4758f80

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
OpenPhish	phishing	Outlook
PhishTank	phishing	Other

HTTP Headers

GET /ipfs/bafybeige7hnaour62sjqnxxjebtz22legdqm4znvplpgskol5fhvb2c2aa/yankke.html HTTP/1.1
Host: cloudflare-ipfs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 20 Apr 2024 16:29:21 GMT
content-type: text/html
cf-ray: 877683401d7db50b-OSL
cf-cache-status: MISS
access-control-allow-origin: *
cache-control: public, max-age=29030400, immutable
etag: W/"bafkreifwws47ao5vlinuoydehjom62qmn5xafnswxtilyvgb3ag7p24jam"
vary: Accept-Encoding
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
access-control-allow-methods: GET
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
x-cf-ipfs-cache-status: miss
x-ipfs-path: /ipfs/bafybeige7hnaour62sjqnxxjebtz22legdqm4znvplpgskol5fhvb2c2aa/yankke.html
x-ipfs-roots: bafybeige7hnaour62sjqnxxjebtz22legdqm4znvplpgskol5fhvb2c2aa,bafkreifwws47ao5vlinuoydehjom62qmn5xafnswxtilyvgb3ag7p24jam
set-cookie: __cf_bm=UNJ2dcHrRQ3UeNAn6v.7VxgFxN.RpIQwxuIhRguxAZc-1713630561-1.0.1.1-bapWr4hl3Vbe_rMjQL_qH9GEKjbHu25ovR1OgLMGJ_t3lnatKE5p6N3QvvjF3KskhzAi2QdXQy.Kx3f0mVxBTQ; path=/; expires=Sat, 20-Apr-24 16:59:21 GMT; domain=.cloudflare-ipfs.com; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cloudflare-ipfs.com/ipfs/bafybeige7hnaour62sjqnxxjebtz22legdqm4znvplpgskol5fhvb2c2aa/Outlook%20Web%20App_files/lgnbotr.gif

104.17.64.14

404 Not Found

223 B

URL GET HTTP/3
cloudflare-ipfs.com/ipfs/bafybeige7hnaour62sjqnxxjebtz22legdqm4znvplpgskol5fhvb2c2aa/Outlook%20Web%20App_files/lgnbotr.gif
IP
104.17.64.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cloudflare-ipfs.com/ipfs/bafybeige7hnaour62sjqnxxjebtz22legdqm4znvplpgskol5fhvb2c2aa/yankke.html
Certificate
IssuerLet's Encrypt
Subjectcloudflare-ipfs.com
Fingerprint18:E5:C9:71:96:8A:A9:48:E2:79:2A:29:91:D2:4E:46:90:B7:5D:9F
ValiditySun, 25 Feb 2024 02:55:05 GMT - Sat, 25 May 2024 02:55:04 GMT

File type
ASCII text, with no line terminators
Size
223 B (223 bytes)
Hash
c3dde9b86679f8cab1cf44f09efd473b
24da4f91738f50e4bc56a65b5be983eafb8def06
c56678e941590d3724fd429627e4276d5ed085d8d26fed310cd90e5bb721379e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
PhishTank	phishing	Other

HTTP Headers

GET /ipfs/bafybeige7hnaour62sjqnxxjebtz22legdqm4znvplpgskol5fhvb2c2aa/Outlook%20Web%20App_files/lgnbotr.gif HTTP/1.1
Host: cloudflare-ipfs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/ipfs/bafybeige7hnaour62sjqnxxjebtz22legdqm4znvplpgskol5fhvb2c2aa/yankke.html
Cookie: __cf_bm=UNJ2dcHrRQ3UeNAn6v.7VxgFxN.RpIQwxuIhRguxAZc-1713630561-1.0.1.1-bapWr4hl3Vbe_rMjQL_qH9GEKjbHu25ovR1OgLMGJ_t3lnatKE5p6N3QvvjF3KskhzAi2QdXQy.Kx3f0mVxBTQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Sat, 20 Apr 2024 16:29:22 GMT
content-type: text/plain; charset=utf-8
cf-ray: 877683455b1756a8-OSL
cf-cache-status: HIT
access-control-allow-origin: *
cache-control: no-store
vary: Accept-Encoding
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
access-control-allow-methods: GET
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
x-cf-ipfs-cache-status: miss
x-content-type-options: nosniff
x-ipfs-path: /ipfs/bafybeige7hnaour62sjqnxxjebtz22legdqm4znvplpgskol5fhvb2c2aa/Outlook Web App_files/lgnbotr.gif
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400

cloudflare-ipfs.com/ipfs/bafybeige7hnaour62sjqnxxjebtz22legdqm4znvplpgskol5fhvb2c2aa/Outlook%20Web%20App_files/lgnexlogo.gif

104.17.64.14

404 Not Found

225 B

URL GET HTTP/3
cloudflare-ipfs.com/ipfs/bafybeige7hnaour62sjqnxxjebtz22legdqm4znvplpgskol5fhvb2c2aa/Outlook%20Web%20App_files/lgnexlogo.gif
IP
104.17.64.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cloudflare-ipfs.com/ipfs/bafybeige7hnaour62sjqnxxjebtz22legdqm4znvplpgskol5fhvb2c2aa/yankke.html
Certificate
IssuerLet's Encrypt
Subjectcloudflare-ipfs.com
Fingerprint18:E5:C9:71:96:8A:A9:48:E2:79:2A:29:91:D2:4E:46:90:B7:5D:9F
ValiditySun, 25 Feb 2024 02:55:05 GMT - Sat, 25 May 2024 02:55:04 GMT

File type
ASCII text, with no line terminators
Size
225 B (225 bytes)
Hash
6636bc3761ca62995d38ca83bfdc48f3
bfc9d70f708420c7000c7df0685861a0677f4d0b
d217d6a274cb62c8ed170e33b6fdf29bac79678475d99153e1ea538f0958daea

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
PhishTank	phishing	Other

HTTP Headers

GET /ipfs/bafybeige7hnaour62sjqnxxjebtz22legdqm4znvplpgskol5fhvb2c2aa/Outlook%20Web%20App_files/lgnexlogo.gif HTTP/1.1
Host: cloudflare-ipfs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/ipfs/bafybeige7hnaour62sjqnxxjebtz22legdqm4znvplpgskol5fhvb2c2aa/yankke.html
Cookie: __cf_bm=UNJ2dcHrRQ3UeNAn6v.7VxgFxN.RpIQwxuIhRguxAZc-1713630561-1.0.1.1-bapWr4hl3Vbe_rMjQL_qH9GEKjbHu25ovR1OgLMGJ_t3lnatKE5p6N3QvvjF3KskhzAi2QdXQy.Kx3f0mVxBTQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Sat, 20 Apr 2024 16:29:22 GMT
content-type: text/plain; charset=utf-8
cf-ray: 877683455b1656a8-OSL
cf-cache-status: HIT
access-control-allow-origin: *
cache-control: no-store
vary: Accept-Encoding
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
access-control-allow-methods: GET
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
x-cf-ipfs-cache-status: miss
x-content-type-options: nosniff
x-ipfs-path: /ipfs/bafybeige7hnaour62sjqnxxjebtz22legdqm4znvplpgskol5fhvb2c2aa/Outlook Web App_files/lgnexlogo.gif
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (11)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate