Report - 2jt.fce.mywebsitetransfer.com/owaromain/login.php/

Report Overview

Submitted URL
2jt.fce.mywebsitetransfer.com/owaromain/login.php/
IP
208.109.175.198
ASN
#398101 GO-DADDY-COM-LLC
Submitted
2024-04-24 14:16:14
Access
public
Website Title
Sign in to your Microsoft account
Final URL
2jt.fce.mywebsitetransfer.com/owaromain/login.php/#wa=wsignin1.0&rpsnv=13&ct=1539585327&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d715d44a2-2f11-4282-f625-a066679e96e2&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
Tags
microsoft phishing
urlquery detections
Phishing - Microsoft

Detections

urlquery
5
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ajax.googleapis.com	12905	2005-01-25	2013-08-16	2024-04-24	444 B	31 kB	142.250.74.170
maxcdn.bootstrapcdn.com	724	2012-05-25	2014-06-18	2024-04-23	463 B	24 kB	104.18.11.207
2jt.fce.mywebsitetransfer.com	unknown	unknown	No data	No data	2.2 kB	5.5 kB	208.109.175.198
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-04-24	453 B	7.5 kB	104.17.25.14

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	Size	First Seen	Last Seen
	ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js	87 kB	2023-03-07	2024-05-05
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js IP 142.250.74.170 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-05-05 21:55:13 Times Seen108806 Hash a09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Loading...

	cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/popper.min.js	20 kB	2023-03-07	2024-05-05
Pretty URL cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/popper.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:07 Last Seen2024-05-05 20:45:41 Times Seen4567 Hash 83fb8c4d9199dce0224da0206423106f d8503645c17f9856868a7def3dc0505e19a95ec7 f7cbc01a310318defd4e31e4616543e2cf3baef5a47562c73ece4c0b716f157e Loading...

	maxcdn.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js	51 kB	2023-03-07	2024-05-05
Pretty URL maxcdn.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2024-05-05 20:43:56 Times Seen246703 Hash 67176c242e1bdc20603c878dee836df3 27a71b00383d61ef3c489326b3564d698fc1227c 56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4 Loading...

	2jt.fce.mywebsitetransfer.com/owaromain/login.php/	0 B	2023-03-07	2024-05-05
Pretty URL 2jt.fce.mywebsitetransfer.com/owaromain/login.php/ IP 208.109.175.198 ASN #398101 GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-05 22:58:35 Times Seen37371072 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (7)

URL IP Response Size

2jt.fce.mywebsitetransfer.com/owaromain/login.php/

208.109.175.198

1.0 kB

URL
2jt.fce.mywebsitetransfer.com/owaromain/login.php/
IP
208.109.175.198:0
ASN
#398101 GO-DADDY-COM-LLC

File type
HTML document, Unicode text, UTF-8 text
Size
1.0 kB (1018 bytes)
Hash
4aad16a1e71f16a0cbf7e01780bda56f
05dcc8b883da5f25916bbd28cf45dab5fe519864
16e2687009e62f7afbea435416a22fcd4a7928dfd94fe3507b595079cf76498d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owaromain/login.php/ HTTP/1.1
Host: 2jt.fce.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-powered-by: PHP/8.1.27
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=705gn5ia8rh05780hgv1tdh657; path=/
vary: Accept-Encoding
content-encoding: br
content-length: 1018
content-type: text/html; charset=UTF-8
date: Wed, 24 Apr 2024 14:15:49 GMT
server: Apache
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/popper.min.js

104.17.25.14

6.5 kB

URL
cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/popper.min.js
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (20164)
Size
6.5 kB (6451 bytes)
Hash
83fb8c4d9199dce0224da0206423106f
d8503645c17f9856868a7def3dc0505e19a95ec7
f7cbc01a310318defd4e31e4616543e2cf3baef5a47562c73ece4c0b716f157e

HTTP Headers

GET /ajax/libs/popper.js/1.14.3/umd/popper.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2jt.fce.mywebsitetransfer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 14:15:50 GMT
content-type: application/javascript; charset=utf-8
content-length: 6451
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03fa9-4f71"
last-modified: Mon, 04 May 2020 16:15:37 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1183827
expires: Mon, 14 Apr 2025 14:15:50 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E4yh5n65fCJrhWxvgcyh5KxMuzvvy4rgn%2FbbSyRXOMjpN%2FnW%2B%2FAsFhZBmoMk9gDlW9HqPfWod92UJv1FbxYLfW6cteAhwj8fNISEmrbpYoIlG%2FHOgPGxqLF1dpqcdyFhhBXqu5Lx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8796b52b09865684-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js

142.250.74.170

30 kB

URL
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP
142.250.74.170:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
30 kB (30399 bytes)
Hash
a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

HTTP Headers

GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2jt.fce.mywebsitetransfer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 11:06:16 GMT
expires: Fri, 18 Apr 2025 11:06:16 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 529774
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

2jt.fce.mywebsitetransfer.com/owaromain/login.php/assets/css/login.css

208.109.175.198

1.0 kB

URL
2jt.fce.mywebsitetransfer.com/owaromain/login.php/assets/css/login.css
IP
208.109.175.198:0
ASN
#398101 GO-DADDY-COM-LLC

File type
HTML document, Unicode text, UTF-8 text
Size
1.0 kB (1018 bytes)
Hash
4aad16a1e71f16a0cbf7e01780bda56f
05dcc8b883da5f25916bbd28cf45dab5fe519864
16e2687009e62f7afbea435416a22fcd4a7928dfd94fe3507b595079cf76498d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owaromain/login.php/assets/css/login.css HTTP/1.1
Host: 2jt.fce.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2jt.fce.mywebsitetransfer.com/owaromain/login.php/
Cookie: PHPSESSID=705gn5ia8rh05780hgv1tdh657
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-powered-by: PHP/8.1.27
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
content-encoding: br
content-length: 1018
content-type: text/html; charset=UTF-8
date: Wed, 24 Apr 2024 14:15:50 GMT
server: Apache
X-Firefox-Spdy: h2

2jt.fce.mywebsitetransfer.com/owaromain/login.php/assets/images/logo.svg

208.109.175.198

1.0 kB

URL
2jt.fce.mywebsitetransfer.com/owaromain/login.php/assets/images/logo.svg
IP
208.109.175.198:0
ASN
#398101 GO-DADDY-COM-LLC

File type
HTML document, Unicode text, UTF-8 text
Size
1.0 kB (1018 bytes)
Hash
4aad16a1e71f16a0cbf7e01780bda56f
05dcc8b883da5f25916bbd28cf45dab5fe519864
16e2687009e62f7afbea435416a22fcd4a7928dfd94fe3507b595079cf76498d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owaromain/login.php/assets/images/logo.svg HTTP/1.1
Host: 2jt.fce.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2jt.fce.mywebsitetransfer.com/owaromain/login.php/
Cookie: PHPSESSID=705gn5ia8rh05780hgv1tdh657
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-powered-by: PHP/8.1.27
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
content-encoding: br
content-length: 1018
content-type: text/html; charset=UTF-8
date: Wed, 24 Apr 2024 14:15:50 GMT
server: Apache
X-Firefox-Spdy: h2

2jt.fce.mywebsitetransfer.com/owaromain/login.php/assets/images/ellipsis_white.svg

208.109.175.198

1.0 kB

URL
2jt.fce.mywebsitetransfer.com/owaromain/login.php/assets/images/ellipsis_white.svg
IP
208.109.175.198:0
ASN
#398101 GO-DADDY-COM-LLC

File type
HTML document, Unicode text, UTF-8 text
Size
1.0 kB (1018 bytes)
Hash
4aad16a1e71f16a0cbf7e01780bda56f
05dcc8b883da5f25916bbd28cf45dab5fe519864
16e2687009e62f7afbea435416a22fcd4a7928dfd94fe3507b595079cf76498d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owaromain/login.php/assets/images/ellipsis_white.svg HTTP/1.1
Host: 2jt.fce.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2jt.fce.mywebsitetransfer.com/owaromain/login.php/
Cookie: PHPSESSID=705gn5ia8rh05780hgv1tdh657
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-powered-by: PHP/8.1.27
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
content-encoding: br
content-length: 1018
content-type: text/html; charset=UTF-8
date: Wed, 24 Apr 2024 14:15:50 GMT
server: Apache
X-Firefox-Spdy: h2

maxcdn.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css

104.18.11.207

23 kB

URL
maxcdn.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css
IP
104.18.11.207:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65324)
Size
23 kB (23193 bytes)
Hash
04aca1f4cd3ec3c05a75a879f3be75a3
675fcf28f9fbf37139d3b2c0b676f96f601a4203
7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11

HTTP Headers

GET /bootstrap/4.1.3/css/bootstrap.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2jt.fce.mywebsitetransfer.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 14:15:50 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"04aca1f4cd3ec3c05a75a879f3be75a3"
last-modified: Mon, 25 Jan 2021 22:04:06 GMT
cdn-cachedat: 10/31/2023 18:48:38
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 756
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: d92760ed6a1dac63dec1fb1d76198f43
cdn-cache: HIT
cf-cache-status: HIT
age: 3400407
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 8796b52b0d377127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (7)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN