| abramson.cc/xazaoppo/kazkooigfde/felioppre/WzRxMk/dnNoZXJpZGFuQHRjY20ub3Jn | 192.185.76.91 | | 946 B |
URL abramson.cc/xazaoppo/kazkooigfde/felioppre/WzRxMk/dnNoZXJpZGFuQHRjY20ub3Jn IP192.185.76.91:0 ASN#19871 NETWORK-SOLUTIONS-HOSTING
File typeHTML document, Unicode text, UTF-8 text, with very long lines (628) Hasha50c83840c02af8de86e42a6a11b39a5 882a0f425ea3d4e3d32d314e81263c47d82ca5ab 5b88a0dc7d5cfab4f67e4d31deb39ababefa93cd45c64d5ad0a9ad159ccd6d99
GET /xazaoppo/kazkooigfde/felioppre/WzRxMk/dnNoZXJpZGFuQHRjY20ub3Jn HTTP/1.1
Host: abramson.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=07c5eede7afb91a6954b42c0d50c186c; path=/
vary: Accept-Encoding
content-encoding: gzip
content-length: 946
content-type: text/html;charset=UTF-8
date: Tue, 23 Apr 2024 11:43:36 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| abramson.cc/xazaoppo/kazkooigfde/felioppre/WzRxMk/site.js | 192.185.76.91 | | 148 B |
URL abramson.cc/xazaoppo/kazkooigfde/felioppre/WzRxMk/site.js IP192.185.76.91:0 ASN#19871 NETWORK-SOLUTIONS-HOSTING
File typeHTML document, ASCII text Hash25993b38cc38f4c9f17b0fb7ec7c2800 125c67a8e04e1773ba004b98f8fc429c4f1dd683 fb45ce024f55b2bb1de5540be1bb24d3aa07587bf22ed9d30a75ab42459bd18f
GET /xazaoppo/kazkooigfde/felioppre/WzRxMk/site.js HTTP/1.1
Host: abramson.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://abramson.cc/xazaoppo/kazkooigfde/felioppre/WzRxMk/dnNoZXJpZGFuQHRjY20ub3Jn
Cookie: PHPSESSID=07c5eede7afb91a6954b42c0d50c186c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
content-encoding: gzip
content-length: 148
content-type: text/html;charset=UTF-8
date: Tue, 23 Apr 2024 11:43:37 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback | 104.17.3.184 | | 0 B |
URL challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback IP104.17.3.184:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6347e135.cdaaf2bc902c005246e781ba.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Tue, 23 Apr 2024 11:43:38 GMT
content-length: 0
cache-control: max-age=300, public
location: /turnstile/v0/b/471dc2adc340/api.js?onload=onloadTurnstileCallback
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
vary: Accept-Encoding
server: cloudflare
cf-ray: 878d98d6cc1d56c9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D | 104.17.3.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D IP104.17.3.184:0
File typePNG image data, 2 x 2, 8-bit/color RGB, non-interlaced Hash9246cca8fc3c00f50035f28e9f6b7f7d 3aa538440f70873b574f40cd793060f53ec17a5d c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84
GET /cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/vud7y/0x4AAAAAAAX9wxD2JhUuUgpL/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 23 Apr 2024 11:43:38 GMT
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 878d98d7fd1d5693-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/878d98d78cb85693/1713872618539/p8sGnjIYxF-r7q5 | 104.17.3.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/878d98d78cb85693/1713872618539/p8sGnjIYxF-r7q5 IP104.17.3.184:0
File typePNG image data, 1 x 72, 8-bit/color RGB, non-interlaced Hash06d7a210bf2b162f5db8277fb7157311 a365f3f0a1fd1610308f6bafdfa428e5c0c886b8 660c7899934462217eb4c75899054a1ef128077a89d4b285c5120e147dbac4af
GET /cdn-cgi/challenge-platform/h/b/i/878d98d78cb85693/1713872618539/p8sGnjIYxF-r7q5 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/vud7y/0x4AAAAAAAX9wxD2JhUuUgpL/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 23 Apr 2024 11:43:39 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 878d98e15f4c5693-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/878d98d78cb85693/1713872618541/04ddf1b593d35889a2eb4c22eda05c123bfd477681705dab716a5f20ee508ba6/JomEfgQLFQHtbSp | 104.17.3.184 | | 1 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/878d98d78cb85693/1713872618541/04ddf1b593d35889a2eb4c22eda05c123bfd477681705dab716a5f20ee508ba6/JomEfgQLFQHtbSp IP104.17.3.184:0
File typevery short file (no magic) Hashff44570aca8241914870afbc310cdb85 58668e7669fd564d99db5d581fcdb6a5618440b5 6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5
GET /cdn-cgi/challenge-platform/h/b/pat/878d98d78cb85693/1713872618541/04ddf1b593d35889a2eb4c22eda05c123bfd477681705dab716a5f20ee508ba6/JomEfgQLFQHtbSp HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/vud7y/0x4AAAAAAAX9wxD2JhUuUgpL/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 401 Unauthorized
date: Tue, 23 Apr 2024 11:43:39 GMT
content-type: text/plain; charset=UTF-8
content-length: 1
www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gBN3xtZPTWImi60wi7aBcEjv9R3aBcF2rcWpfIO5Qi6YAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEArny_u1wyrVg8e-Kmwxyfb2WoiwwZ2VR7QAnot_CrcySq56Rui-jZM9090K9_dW6HmpAKhOjYXLCJ7g4U74G4z6SRM_YRj-GLp3EaBxay798DZIeAtv_N7Z9CHI_0VTYiqNXVm2z1bF5VtFasnv3JDaWb4yIjBd8vMfNUM4Y4nXXIeMIyXdVK2hlzVO8VxBkXca7UzhCq51WDKlSYPWUy9ieZTdwNf5Q49DwdF9woTnuKPY26TxVlEHMcf8JJiXLUR2bbdG-Qv1fqbwQloSjintj5uXWLsZd84bMpNedRNJBV22T0PgKNeip6oalvdYbaiHiyDATsKlA6-8KJ-CUQTQIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tIATd8bWT01iJoutMIu2gXBI7_Ud2gXBdq3FqXyDuUIumABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEA1FEYykHcK8H9rb_u0aFz3CmWgYloQw4YhedoEOAjJ0vy2Axa4f9UG9Dzs4uXS34_h8l6MDo2nRCvLI9lvebilMnTjCn-6D77bewqYxJKUFZW1z2jBIdu03TrETczfEg7kxgKtJE9NXGDjYJcF_iMgzgNA0PEAVM89tUYXXlFy4cUAGlqU2mPpIEOxm5ARsXC-zlLK60fkJ4cOsZRkZa6EExdhmgdwQ0fEJuSOHrBO_-zJn4hUP8q9g4yqkxW2UrfJgD07F4HaHGBEiei06sGDvH2NEPvswEl5dTGxutNrxlU7W24iYhNa2nhjlc53nNb0mKtszv-czVE9UhXyJ7-RQIDAQAB", max-age=20
server: cloudflare
cf-ray: 878d98e228405693-OSL
alt-svc: h3=":443"; ma=86400
|
|
| 5vgo13xac4f.eurometal-eg.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovLzV2Z28xM3hhYzRmLmV1cm9tZXRhbC1lZy5jb20iLCJkb21haW4iOiI1dmdvMTN4YWM0Zi5ldXJvbWV0YWwtZWcuY29tIiwia2V5IjoiQXl1NmZOOFlRUHd3IiwicXJjIjoidnNoZXJpZGFuQHRjY20ub3JnIiwiaWF0IjoxNzEzODcyNjIzLCJleHAiOjE3MTM4NzI3NDN9.i8xlxEM95ViYEfTWg32jFCxnkvN0fPyFVLPcN-2qTE0 | 5.230.74.74 | 302 Found | 0 B |
URL GET HTTP/1.15vgo13xac4f.eurometal-eg.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovLzV2Z28xM3hhYzRmLmV1cm9tZXRhbC1lZy5jb20iLCJkb21haW4iOiI1dmdvMTN4YWM0Zi5ldXJvbWV0YWwtZWcuY29tIiwia2V5IjoiQXl1NmZOOFlRUHd3IiwicXJjIjoidnNoZXJpZGFuQHRjY20ub3JnIiwiaWF0IjoxNzEzODcyNjIzLCJleHAiOjE3MTM4NzI3NDN9.i8xlxEM95ViYEfTWg32jFCxnkvN0fPyFVLPcN-2qTE0 IP5.230.74.74:443
Requested byhttps://6347e135.cdaaf2bc902c005246e781ba.workers.dev/?qrc=vsheridan@tccm.org CertificateIssuerLet's Encrypt Subjecteurometal-eg.com Fingerprint5B:F1:17:70:60:A0:91:CC:62:D9:86:3B:B9:55:62:6B:B7:75:A4:AA ValiditySat, 20 Apr 2024 10:53:44 GMT - Fri, 19 Jul 2024 10:53:43 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Microsoft Outlook |
GET /?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovLzV2Z28xM3hhYzRmLmV1cm9tZXRhbC1lZy5jb20iLCJkb21haW4iOiI1dmdvMTN4YWM0Zi5ldXJvbWV0YWwtZWcuY29tIiwia2V5IjoiQXl1NmZOOFlRUHd3IiwicXJjIjoidnNoZXJpZGFuQHRjY20ub3JnIiwiaWF0IjoxNzEzODcyNjIzLCJleHAiOjE3MTM4NzI3NDN9.i8xlxEM95ViYEfTWg32jFCxnkvN0fPyFVLPcN-2qTE0 HTTP/1.1
Host: 5vgo13xac4f.eurometal-eg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6347e135.cdaaf2bc902c005246e781ba.workers.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Set-Cookie: qPdM=Ayu6fN8YQPww; path=/; samesite=none; secure; httponly
qPdM.sig=XueZM2qLsKiYqKEphQSM9f6oT3A; path=/; samesite=none; secure; httponly
location: /?qrc=vsheridan%40tccm.org
Date: Tue, 23 Apr 2024 11:43:43 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked
|
|
| 6347e135.cdaaf2bc902c005246e781ba.workers.dev/?qrc=vsheridan@tccm.org | 104.21.12.162 | 200 OK | 2.0 kB |
URL User Request POST HTTP/36347e135.cdaaf2bc902c005246e781ba.workers.dev/?qrc=vsheridan@tccm.org IP104.21.12.162:443
CertificateIssuerGoogle Trust Services LLC Subjectcdaaf2bc902c005246e781ba.workers.dev Fingerprint89:3D:9A:54:18:03:81:14:07:3F:E5:F7:E0:AB:2D:D0:9F:68:0D:43 ValidityTue, 16 Apr 2024 12:51:36 GMT - Mon, 15 Jul 2024 12:51:35 GMT
File typeHTML document, ASCII text, with very long lines (1203), with no line terminators Hash5d94eeed0069a30fe61b48732d3b36a7 d80829d142c9298b4a204d001bea63e764d48ff6 5e7c4fbdc9dcb0a86ac5cd49422ce0dc9e27a8254f4ca08b942d3fef158aab99
POST /?qrc=vsheridan@tccm.org HTTP/1.1
Host: 6347e135.cdaaf2bc902c005246e781ba.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 582
Origin: https://6347e135.cdaaf2bc902c005246e781ba.workers.dev
DNT: 1
Connection: keep-alive
Referer: https://6347e135.cdaaf2bc902c005246e781ba.workers.dev/?qrc=vsheridan@tccm.org
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 23 Apr 2024 11:43:43 GMT
content-type: text/html;
status: 200
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5fmJyxV%2Fsa2FzMwGw%2BKMUfXGjzT9pc8JxL9ew0ydGAp323uxtK0Mkmzz7FNTwEE9rmcF6uc7O8Mz%2FBbj%2BVHA4jQ5bsUUa6jPdiPUoA7R1TvO%2FcHy0dOiQYT0%2BhCrCT9PnCOGB%2B4ZeH9pf2Zc1Fs5PFAs6l%2BP9pyjPf7VzTpwUEQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 878d98f85c7056b9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| 5vgo13xac4f.eurometal-eg.com/owa/?login_hint=vsheridan%40tccm.org | 5.230.74.74 | 302 Found | 1.4 kB |
URL GET HTTP/1.15vgo13xac4f.eurometal-eg.com/owa/?login_hint=vsheridan%40tccm.org IP5.230.74.74:443
Requested byhttps://6347e135.cdaaf2bc902c005246e781ba.workers.dev/?qrc=vsheridan@tccm.org CertificateIssuerLet's Encrypt Subjecteurometal-eg.com Fingerprint5B:F1:17:70:60:A0:91:CC:62:D9:86:3B:B9:55:62:6B:B7:75:A4:AA ValiditySat, 20 Apr 2024 10:53:44 GMT - Fri, 19 Jul 2024 10:53:43 GMT
File typeHTML document, ASCII text, with very long lines (806), with CRLF, LF line terminators Hash47fdfccdbc2e662085f9ee0eaa755acb 650a02df5d75b083bf8d84a9fe611fde7e4ab6d0 73db7b9d99d3a1edd86135b29e0284c4715056f054790673b85899b000c8e1bd
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Microsoft Outlook |
GET /owa/?login_hint=vsheridan%40tccm.org HTTP/1.1
Host: 5vgo13xac4f.eurometal-eg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://6347e135.cdaaf2bc902c005246e781ba.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=Ayu6fN8YQPww; qPdM.sig=XueZM2qLsKiYqKEphQSM9f6oT3A
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
content-length: 1386
Content-Type: text/html; charset=utf-8
Location: https://5vgo13xac4f.eurometal-eg.com/?2owinjimx=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD12c2hlcmlkYW4lNDB0Y2NtLm9yZyZjbGllbnQtcmVxdWVzdC1pZD05MmU4MzVmMi1mOGEyLTAwNmItMjhmYi01NjlmMDZjOTA3ZmMmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NDk0Njk0MjQxMDU4MDc5LjBjMDBkZDE0LWU5ZTUtNDM1OS05NGQ0LThhNTcyY2U4NzI4OCZzdGF0ZT1EY3RCRG9NZ0VFWmhhTV9pRWgzeFIyWVdUWV9TRUNCSzBrS2lwcjEtV1h4djk3UlM2dDdkT2swOXlxOExRN0FLTEdaeVRGNUdpa1FwelRCWnNqTlluQmhCZ3VIZ3ZJMlp2V1hXX1IybTlndlQ4OTIyVWw5N3FkZmplLTc1S0NuVUFYVEYtQm5ic2YwQg==
Server: Microsoft-IIS/10.0
request-id: 92e835f2-f8a2-006b-28fb-569f06c907fc
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Alt-Svc: h3=":443";ma=2592000,h3-29=":443";ma=2592000
X-CalculatedFETarget: BE1P281CU032.internal.outlook.com
X-BackEndHttpStatus: 302, 302
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: ClientId=E65FCEC302BB4736B59541E6D9503BFF; expires=Wed, 23-Apr-2025 11:43:44 GMT; path=/;SameSite=None; secure
ClientId=E65FCEC302BB4736B59541E6D9503BFF; expires=Wed, 23-Apr-2025 11:43:44 GMT; path=/;SameSite=None; secure
OIDC=1; expires=Wed, 23-Oct-2024 11:43:44 GMT; path=/;SameSite=None; secure; HttpOnly
RoutingKeyCookie=; expires=Sat, 23-Apr-1994 11:43:44 GMT; path=/; secure
OpenIdConnect.token.v1=; expires=Sat, 23-Apr-1994 11:43:44 GMT; path=/; secure
OpenIdConnect.token.v1=; domain=5vgo13xac4f.eurometal-eg.com; expires=Sat, 23-Apr-1994 11:43:44 GMT; path=/; secure
OpenIdConnect.id_token.v1=; expires=Sat, 23-Apr-1994 11:43:44 GMT; path=/; secure
OpenIdConnect.code.v1=; expires=Sat, 23-Apr-1994 11:43:44 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; expires=Sat, 23-Apr-1994 11:43:44 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; expires=Sat, 23-Apr-1994 11:43:44 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; expires=Sat, 23-Apr-1994 11:43:44 GMT; path=/; secure
OpenIdConnect.id_token.v1=; domain=5vgo13xac4f.eurometal-eg.com; expires=Sat, 23-Apr-1994 11:43:44 GMT; path=/; secure
OpenIdConnect.code.v1=; domain=5vgo13xac4f.eurometal-eg.com; expires=Sat, 23-Apr-1994 11:43:44 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; domain=5vgo13xac4f.eurometal-eg.com; expires=Sat, 23-Apr-1994 11:43:44 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; domain=5vgo13xac4f.eurometal-eg.com; expires=Sat, 23-Apr-1994 11:43:44 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; domain=5vgo13xac4f.eurometal-eg.com; expires=Sat, 23-Apr-1994 11:43:44 GMT; path=/; secure
OpenIdConnect.nonce.v3.xob9Wyc4NWyPw9i2Wzi8swmlVnCV_IDqG0t9LSO8aew=638494694241058079.0c00dd14-e9e5-4359-94d4-8a572ce87288; expires=Tue, 23-Apr-2024 12:43:44 GMT; path=/;SameSite=None; secure; HttpOnly
HostSwitchPrg=; expires=Sat, 23-Apr-1994 11:43:44 GMT; path=/; secure
OptInPrg=; expires=Sat, 23-Apr-1994 11:43:44 GMT; path=/; secure
SuiteServiceProxyKey=; expires=Sat, 23-Apr-1994 11:43:44 GMT; path=/; secure
ClientId=E65FCEC302BB4736B59541E6D9503BFF; expires=Wed, 23-Apr-2025 11:43:44 GMT; path=/;SameSite=None; secure
OIDC=1; expires=Wed, 23-Oct-2024 11:43:44 GMT; path=/;SameSite=None; secure; HttpOnly
RoutingKeyCookie=; expires=Sat, 23-Apr-1994 11:43:44 GMT; path=/; secure
OpenIdConnect.token.v1=; expires=Sat, 23-Apr-1994 11:43:44 GMT; path=/; secure
OpenIdConnect.token.v1=; domain=5vgo13xac4f.eurometal-eg.com; expires=Sat, 23-Apr-1994 11:43:44 GMT; path=/; secure
OpenIdConnect.id_token.v1=; expires=Sat, 23-Apr-1994 11:43:44 GMT; path=/; secure
OpenIdConnect.code.v1=; expires=Sat, 23-Apr-1994 11:43:44 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; expires=Sat, 23-Apr-1994 11:43:44 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; expires=Sat, 23-Apr-1994 11:43:44 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; expires=Sat, 23-Apr-1994 11:43:44 GMT; path=/; secure
OpenIdConnect.id_token.v1=; domain=5vgo13xac4f.eurometal-eg.com; expires=Sat, 23-Apr-1994 11:43:44 GMT; path=/; secure
OpenIdConnect.code.v1=; domain=5vgo13xac4f.eurometal-eg.com; expires=Sat, 23-Apr-1994 11:43:44 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; domain=5vgo13xac4f.eurometal-eg.com; expires=Sat, 23-Apr-1994 11:43:44 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; domain=5vgo13xac4f.eurometal-eg.com; expires=Sat, 23-Apr-1994 11:43:44 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; domain=5vgo13xac4f.eurometal-eg.com; expires=Sat, 23-Apr-1994 11:43:44 GMT; path=/; secure
OpenIdConnect.nonce.v3.xob9Wyc4NWyPw9i2Wzi8swmlVnCV_IDqG0t9LSO8aew=638494694241058079.0c00dd14-e9e5-4359-94d4-8a572ce87288; expires=Tue, 23-Apr-2024 12:43:44 GMT; path=/;SameSite=None; secure; HttpOnly
HostSwitchPrg=; expires=Sat, 23-Apr-1994 11:43:44 GMT; path=/; secure
OptInPrg=; expires=Sat, 23-Apr-1994 11:43:44 GMT; path=/; secure
SuiteServiceProxyKey=; expires=Sat, 23-Apr-1994 11:43:44 GMT; path=/; secure
X-OWA-RedirectHistory=ArLym14BH701oYpj3Ag; expires=Tue, 23-Apr-2024 17:45:44 GMT; path=/;SameSite=None; secure; HttpOnly
X-CalculatedBETarget: BE1P281MB2004.DEUP281.PROD.OUTLOOK.COM
X-RUM-Validated: 1
X-RUM-NotUpdateQueriedPath: 1
X-RUM-NotUpdateQueriedDbCopy: 1
X-BeSku: WCS6
X-OWA-DiagnosticsInfo: 2;0;0
X-IIDs: 0
X-BackEnd-Begin: 2024-04-23T11:43:44.105
X-BackEnd-End: 2024-04-23T11:43:44.105
X-DiagInfo: BE1P281MB2004
X-BEServer: BE1P281MB2004
X-UA-Compatible: IE=EmulateIE7
X-Proxy-RoutingCorrectness: 1
X-Proxy-BackendServerStatus: 302
X-FEProxyInfo: FR2P281CA0173.DEUP281.PROD.OUTLOOK.COM
X-FEEFZInfo: FRA
X-FEServer: BE1P281CA0482, FR2P281CA0173
NEL: {"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
X-FirstHopCafeEFZ: FRA
Date: Tue, 23 Apr 2024 11:43:43 GMT
Connection: close
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1834677822:1713870678:xTETB0CFf5q5HnmP2OjuJs19l8ZVgHgEth2UKty84JU/878d98d78cb85693/ee90e8720d4d861 | 104.17.3.184 | | 6.7 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1834677822:1713870678:xTETB0CFf5q5HnmP2OjuJs19l8ZVgHgEth2UKty84JU/878d98d78cb85693/ee90e8720d4d861 IP104.17.3.184:0
File typeASCII text, with very long lines (3504), with no line terminators Hashda42243d7cccc8570c17a72b93db4ae8 f40e32870dd261df2f902dbb1bae17b836f551f6 231fbf9cd169dabf3d7704aa10110f9f808748fbe41a47c50e64f0383986faa8
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1834677822:1713870678:xTETB0CFf5q5HnmP2OjuJs19l8ZVgHgEth2UKty84JU/878d98d78cb85693/ee90e8720d4d861 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/vud7y/0x4AAAAAAAX9wxD2JhUuUgpL/auto/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: ee90e8720d4d861
Content-Length: 36237
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 23 Apr 2024 11:43:43 GMT
content-type: text/html; charset=UTF-8
cf-chl-out: gIsU0kWiQAG+TaQvTzLlzgKpO6pVpeRyplkkSlTVIfbg3Ug6f7Gq9zVYuBBbH4MwGzhImHdCzr/JTHBULSJOtPNd70GWs46uRmvo5PAZS3spX7G6wyuU+j8lVI8Ou43o$Nx/UEnHvLUDOWPx1JK/bzA==
cf-chl-out-s: VObW1WXkufENN5WL4O0D4UG8iH3Y7y95njik7l8v7PDazkAxdIOYznvdiLXkUK+RLsSlWcaMeltZwFFx/g/MpOYDOuNMDyj7OhBRXkMpD31Myj5/unQP/Ue8BLxCZ+AacYhQtPYsR0xBZ8JJam1oknpeLOPCfK2Xi8QyCUE4byoTTYGDfcXi5WOt9OupFaz0rOA0GOe0RtyIxuEMZiWI/dlURh3STbLUejln2lJWKKeINgtMG78lhY7/dS4xCxxJ8y/occjasQmI+V31ss813UGPWlFfw13EWxG5MHyjUhOJ8i6rQ9RVtMrAxeKQTHwWXPKrEjkjKRj2SE6w1Mrz59E07tXoYB6L+aw9u7b+p+/bE3RLrkz6A9gNsifU8VZe7lDrLk7nn6ThKmkXYYeTYF6idXhGDi5yCnk7ZuOTikNhVtuvBHJ+SCjZNQcyCPe+gy+foKHGLA9P9C7Wdo5LhHO/ARXyWUgMZ7vMKSE8T1ZBTNb/LKcuoczG/h4uwQlfIXAho4iy6k7gZjsgc0Z+YGUHYVSAmug1CJkkXJOOsokSDbFgyhXdyNzUGQsckYPDFxSMcMEmj3ca/JRaYZF+zD9IdEiHRPITj2a5OzxOv2HKZQx5K05p05FMZqCKUguk$qxTTRSNAZSPgbupXFyHJyg==
vary: accept-encoding
server: cloudflare
cf-ray: 878d98f7ee6a5693-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| 5vgo13xac4f.eurometal-eg.com/?2owinjimx=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD12c2hlcmlkYW4lNDB0Y2NtLm9yZyZjbGllbnQtcmVxdWVzdC1pZD05MmU4MzVmMi1mOGEyLTAwNmItMjhmYi01NjlmMDZjOTA3ZmMmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NDk0Njk0MjQxMDU4MDc5LjBjMDBkZDE0LWU5ZTUtNDM1OS05NGQ0LThhNTcyY2U4NzI4OCZzdGF0ZT1EY3RCRG9NZ0VFWmhhTV9pRWgzeFIyWVdUWV9TRUNCSzBrS2lwcjEtV1h4djk3UlM2dDdkT2swOXlxOExRN0FLTEdaeVRGNUdpa1FwelRCWnNqTlluQmhCZ3VIZ3ZJMlp2V1hXX1IybTlndlQ4OTIyVWw5N3FkZmplLTc1S0NuVUFYVEYtQm5ic2YwQg== | 5.230.74.74 | 302 Found | 26 kB |
URL GET HTTP/1.15vgo13xac4f.eurometal-eg.com/?2owinjimx=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD12c2hlcmlkYW4lNDB0Y2NtLm9yZyZjbGllbnQtcmVxdWVzdC1pZD05MmU4MzVmMi1mOGEyLTAwNmItMjhmYi01NjlmMDZjOTA3ZmMmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NDk0Njk0MjQxMDU4MDc5LjBjMDBkZDE0LWU5ZTUtNDM1OS05NGQ0LThhNTcyY2U4NzI4OCZzdGF0ZT1EY3RCRG9NZ0VFWmhhTV9pRWgzeFIyWVdUWV9TRUNCSzBrS2lwcjEtV1h4djk3UlM2dDdkT2swOXlxOExRN0FLTEdaeVRGNUdpa1FwelRCWnNqTlluQmhCZ3VIZ3ZJMlp2V1hXX1IybTlndlQ4OTIyVWw5N3FkZmplLTc1S0NuVUFYVEYtQm5ic2YwQg== IP5.230.74.74:443
Requested byhttps://6347e135.cdaaf2bc902c005246e781ba.workers.dev/?qrc=vsheridan@tccm.org CertificateIssuerLet's Encrypt Subjecteurometal-eg.com Fingerprint5B:F1:17:70:60:A0:91:CC:62:D9:86:3B:B9:55:62:6B:B7:75:A4:AA ValiditySat, 20 Apr 2024 10:53:44 GMT - Fri, 19 Jul 2024 10:53:43 GMT
File typegzip compressed data, from Unix Hash9f1d04968c721c313f7a0837fc5a586a fd4cdeffc9a86a1fab1c0b6a64e483a240cc4f16 4a08635e3d68b9c1f2ab5b3a855fb04dbcf844240501e847f7135723daccea2f
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Microsoft Outlook |
GET /?2owinjimx=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD12c2hlcmlkYW4lNDB0Y2NtLm9yZyZjbGllbnQtcmVxdWVzdC1pZD05MmU4MzVmMi1mOGEyLTAwNmItMjhmYi01NjlmMDZjOTA3ZmMmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NDk0Njk0MjQxMDU4MDc5LjBjMDBkZDE0LWU5ZTUtNDM1OS05NGQ0LThhNTcyY2U4NzI4OCZzdGF0ZT1EY3RCRG9NZ0VFWmhhTV9pRWgzeFIyWVdUWV9TRUNCSzBrS2lwcjEtV1h4djk3UlM2dDdkT2swOXlxOExRN0FLTEdaeVRGNUdpa1FwelRCWnNqTlluQmhCZ3VIZ3ZJMlp2V1hXX1IybTlndlQ4OTIyVWw5N3FkZmplLTc1S0NuVUFYVEYtQm5ic2YwQg== HTTP/1.1
Host: 5vgo13xac4f.eurometal-eg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://6347e135.cdaaf2bc902c005246e781ba.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=Ayu6fN8YQPww; qPdM.sig=XueZM2qLsKiYqKEphQSM9f6oT3A; ClientId=E65FCEC302BB4736B59541E6D9503BFF; OIDC=1; OpenIdConnect.nonce.v3.xob9Wyc4NWyPw9i2Wzi8swmlVnCV_IDqG0t9LSO8aew=638494694241058079.0c00dd14-e9e5-4359-94d4-8a572ce87288; X-OWA-RedirectHistory=ArLym14BH701oYpj3Ag
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Location: https://5vgo13xac4f.eurometal-eg.com/?2owinjimx=aHR0cHM6Ly9hZGZzLnRjY20ub3JnL2FkZnMvbHMvP2xvZ2luX2hpbnQ9dnNoZXJpZGFuJTQwdGNjbS5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9OTJlODM1ZjItZjhhMi0wMDZiLTI4ZmItNTY5ZjA2YzkwN2ZjJnVzZXJuYW1lPXZzaGVyaWRhbiU0MHRjY20ub3JnJndhPXdzaWduaW4xLjAmd3RyZWFsbT11cm4lM2FmZWRlcmF0aW9uJTNhTWljcm9zb2Z0T25saW5lJndjdHg9ZXN0c3JlZGlyZWN0JTNkMiUyNmVzdHNyZXF1ZXN0JTNkclFRSUFSQUFqWkU5YUJOaEFJYno1ZEpyVV85SzNCVU9CNGxjY25lNXk5MFhFTXlsYVZPU3RxWkpUUk9SY0wzN0xybmN6NWZlWFM3OW9hTW82QkE2aVl2UU1TQ0tMbEljWE8xVWNPc2dqc1doYUtlZ0RqYTR1T2s3dkR6VE96eHZuR0FUYk9ZRzh5Y2NQVzZhMFhXV1Z0R1lfb29ibTU0NUUwNzI5a2RtNk9iUGV5X0lqNU9faHVCNjJfZTdYaWFaeEQzZnd0aE1ZRjAzVkpSUXNaM0VmU1g1RG9BakFFNEEyQXZIQXEtTlhFTlRuRHUtcXRvSjdMYUdZVEdka25qSXB5SFA4U3dqU0l3SUU0ektNSnJHOGpTQ1NLRDVsQUJweUdzOExTbUN5S2xJRWpsSk9nNWZXYzcyX0RZM0x1d2EyLWdzSE5XeGF6ZTcyUE9mRTBfQnJPckxzM2l4bGM4MzJzcGkwOGkzVTVzclhMMVdyVGNyLVp4Y1pNeWkwWFZadXJhMkdVQnhwWkwyUlczWlpPRFdobFFxaTlsaWFiNnhWWjBUNWcyejNOMnV5ZzJ2czFSMzVMYmM2aFZhd1FMWENHcHJ0ZVlLWjhOV1VKVWd4NjFhVU56UTlBNmlSYUdZYzFhemE5VTVXbmJXUFoyUmg4Ul9LWDVEa09mZWJPd2NFaVR1SXNmUWppTGdTd1I4allTWnFWRUU3RS1jZnhEXzVGNTdHWDJmR3dUaTI0Y19yb1lPSjVKV1g3THNWQ25aUVdWSDdtMVgta1ZyZVIwcHVVcUJXOUlYYnNFZ3IycFp6UXRXb1hrYlp0Z0JDUVlrZVVCR3A0aVpFRVhrN3JJbkpQaEdnc2VUb1lQb3Z3NDl1Z0NPTF9MVHBHb3BodTNGNGp1VW9UVjliQ0tIeXV4UW03YlhWTlV4QllyVlF4NlZ1VS1kNzFNUGRuZDNQMXdLalM0Xy12enF5ZkQ3czlQQzY1blFidzIj
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 1e72d32a-09ad-43bc-9076-37b385fa1300
x-ms-ests-server: 2.1.17910.10 - EUS ProdSlices
x-ms-srs: 1.P
Referrer-Policy: strict-origin-when-cross-origin
Set-Cookie: buid=0.AX0AMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8V_ZqC9SlCm1NHo9S1ZR7C_gIvZ9u3fUtzmpAO3MAmv-O4C1MdexJNcsciakVF5j7KTb2KZoaBFUpTFDoBCESKAI4CVmOePFU0hFj4drYPCwgAA; expires=Thu, 23-May-2024 11:43:44 GMT; path=/; secure; HttpOnly; SameSite=None
fpc=AnThUI6qYbhEtlLVSRMhvmyerOTJAQAAAPCVud0OAAAA; expires=Thu, 23-May-2024 11:43:44 GMT; path=/; secure; HttpOnly; SameSite=None
esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8wNPiL86t56a3NC2NoN-zKAEeqPb3fMmlQDmohVxj6MMWdN675oad4AdpUqeSJarMswOm3wa6CBPsy1Ixg_-wzNZ6J2tYT7J1rHuhEzWGyZlCwF1R1qz4jxkV1q-7_hz-IZDsnNF_J1UYsuiJgkuesncMk9z_rqNDieaRgORVEEkgAA; domain=5vgo13xac4f.eurometal-eg.com; path=/; secure; HttpOnly; SameSite=None
cltm=CgAQABoAIgQIDBAF; domain=5vgo13xac4f.eurometal-eg.com; path=/; secure; HttpOnly; SameSite=None
x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
stsservicecookie=estsfd; path=/; secure; samesite=none; httponly
Date: Tue, 23 Apr 2024 11:43:44 GMT
Connection: close
content-length: 1636
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|
| 5vgo13xac4f.eurometal-eg.com/adfs/portal/css/style.css?id=3B1A0C704CDAE8ECD48AA8F0D50409D981CEF21D7AE6DC85B0797D270101B151 | 5.230.74.74 | 200 OK | 10 kB |
URL GET HTTP/1.15vgo13xac4f.eurometal-eg.com/adfs/portal/css/style.css?id=3B1A0C704CDAE8ECD48AA8F0D50409D981CEF21D7AE6DC85B0797D270101B151 IP5.230.74.74:443
Requested byhttps://5vgo13xac4f.eurometal-eg.com/?2owinjimx=aHR0cHM6Ly9hZGZzLnRjY20ub3JnL2FkZnMvbHMvP2xvZ2luX2hpbnQ9dnNoZXJpZGFuJTQwdGNjbS5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9OTJlODM1ZjItZjhhMi0wMDZiLTI4ZmItNTY5ZjA2YzkwN2ZjJnVzZXJuYW1lPXZzaGVyaWRhbiU0MHRjY20ub3JnJndhPXdzaWduaW4xLjAmd3RyZWFsbT11cm4lM2FmZWRlcmF0aW9uJTNhTWljcm9zb2Z0T25saW5lJndjdHg9ZXN0c3JlZGlyZWN0JTNkMiUyNmVzdHNyZXF1ZXN0JTNkclFRSUFSQUFqWkU5YUJOaEFJYno1ZEpyVV85SzNCVU9CNGxjY25lNXk5MFhFTXlsYVZPU3RxWkpUUk9SY0wzN0xybmN6NWZlWFM3OW9hTW82QkE2aVl2UU1TQ0tMbEljWE8xVWNPc2dqc1doYUtlZ0RqYTR1T2s3dkR6VE96eHZuR0FUYk9ZRzh5Y2NQVzZhMFhXV1Z0R1lfb29ibTU0NUUwNzI5a2RtNk9iUGV5X0lqNU9faHVCNjJfZTdYaWFaeEQzZnd0aE1ZRjAzVkpSUXNaM0VmU1g1RG9BakFFNEEyQXZIQXEtTlhFTlRuRHUtcXRvSjdMYUdZVEdka25qSXB5SFA4U3dqU0l3SUU0ektNSnJHOGpTQ1NLRDVsQUJweUdzOExTbUN5S2xJRWpsSk9nNWZXYzcyX0RZM0x1d2EyLWdzSE5XeGF6ZTcyUE9mRTBfQnJPckxzM2l4bGM4MzJzcGkwOGkzVTVzclhMMVdyVGNyLVp4Y1pNeWkwWFZadXJhMkdVQnhwWkwyUlczWlpPRFdobFFxaTlsaWFiNnhWWjBUNWcyejNOMnV5ZzJ2czFSMzVMYmM2aFZhd1FMWENHcHJ0ZVlLWjhOV1VKVWd4NjFhVU56UTlBNmlSYUdZYzFhemE5VTVXbmJXUFoyUmg4Ul9LWDVEa09mZWJPd2NFaVR1SXNmUWppTGdTd1I4allTWnFWRUU3RS1jZnhEXzVGNTdHWDJmR3dUaTI0Y19yb1lPSjVKV1g3THNWQ25aUVdWSDdtMVgta1ZyZVIwcHVVcUJXOUlYYnNFZ3IycFp6UXRXb1hrYlp0Z0JDUVlrZVVCR3A0aVpFRVhrN3JJbkpQaEdnc2VUb1lQb3Z3NDl1Z0NPTF9MVHBHb3BodTNGNGp1VW9UVjliQ0tIeXV4UW03YlhWTlV4QllyVlF4NlZ1VS1kNzFNUGRuZDNQMXdLalM0Xy12enF5ZkQ3czlQQzY1blFidzIj CertificateIssuerLet's Encrypt Subjecteurometal-eg.com Fingerprint5B:F1:17:70:60:A0:91:CC:62:D9:86:3B:B9:55:62:6B:B7:75:A4:AA ValiditySat, 20 Apr 2024 10:53:44 GMT - Fri, 19 Jul 2024 10:53:43 GMT
File typeUnicode text, UTF-8 text, with CRLF line terminators Hashf9e310a2456d1ca811823640aef5776c 44fa1e6141f53d04dbe199532d6f620ae5d8d9b2 3b1a0c704cdae8ecd48aa8f0d50409d981cef21d7ae6dc85b0797d270101b151
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Microsoft Outlook |
GET /adfs/portal/css/style.css?id=3B1A0C704CDAE8ECD48AA8F0D50409D981CEF21D7AE6DC85B0797D270101B151 HTTP/1.1
Host: 5vgo13xac4f.eurometal-eg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5vgo13xac4f.eurometal-eg.com/?2owinjimx=aHR0cHM6Ly9hZGZzLnRjY20ub3JnL2FkZnMvbHMvP2xvZ2luX2hpbnQ9dnNoZXJpZGFuJTQwdGNjbS5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9OTJlODM1ZjItZjhhMi0wMDZiLTI4ZmItNTY5ZjA2YzkwN2ZjJnVzZXJuYW1lPXZzaGVyaWRhbiU0MHRjY20ub3JnJndhPXdzaWduaW4xLjAmd3RyZWFsbT11cm4lM2FmZWRlcmF0aW9uJTNhTWljcm9zb2Z0T25saW5lJndjdHg9ZXN0c3JlZGlyZWN0JTNkMiUyNmVzdHNyZXF1ZXN0JTNkclFRSUFSQUFqWkU5YUJOaEFJYno1ZEpyVV85SzNCVU9CNGxjY25lNXk5MFhFTXlsYVZPU3RxWkpUUk9SY0wzN0xybmN6NWZlWFM3OW9hTW82QkE2aVl2UU1TQ0tMbEljWE8xVWNPc2dqc1doYUtlZ0RqYTR1T2s3dkR6VE96eHZuR0FUYk9ZRzh5Y2NQVzZhMFhXV1Z0R1lfb29ibTU0NUUwNzI5a2RtNk9iUGV5X0lqNU9faHVCNjJfZTdYaWFaeEQzZnd0aE1ZRjAzVkpSUXNaM0VmU1g1RG9BakFFNEEyQXZIQXEtTlhFTlRuRHUtcXRvSjdMYUdZVEdka25qSXB5SFA4U3dqU0l3SUU0ektNSnJHOGpTQ1NLRDVsQUJweUdzOExTbUN5S2xJRWpsSk9nNWZXYzcyX0RZM0x1d2EyLWdzSE5XeGF6ZTcyUE9mRTBfQnJPckxzM2l4bGM4MzJzcGkwOGkzVTVzclhMMVdyVGNyLVp4Y1pNeWkwWFZadXJhMkdVQnhwWkwyUlczWlpPRFdobFFxaTlsaWFiNnhWWjBUNWcyejNOMnV5ZzJ2czFSMzVMYmM2aFZhd1FMWENHcHJ0ZVlLWjhOV1VKVWd4NjFhVU56UTlBNmlSYUdZYzFhemE5VTVXbmJXUFoyUmg4Ul9LWDVEa09mZWJPd2NFaVR1SXNmUWppTGdTd1I4allTWnFWRUU3RS1jZnhEXzVGNTdHWDJmR3dUaTI0Y19yb1lPSjVKV1g3THNWQ25aUVdWSDdtMVgta1ZyZVIwcHVVcUJXOUlYYnNFZ3IycFp6UXRXb1hrYlp0Z0JDUVlrZVVCR3A0aVpFRVhrN3JJbkpQaEdnc2VUb1lQb3Z3NDl1Z0NPTF9MVHBHb3BodTNGNGp1VW9UVjliQ0tIeXV4UW03YlhWTlV4QllyVlF4NlZ1VS1kNzFNUGRuZDNQMXdLalM0Xy12enF5ZkQ3czlQQzY1blFidzIj
Cookie: qPdM=Ayu6fN8YQPww; qPdM.sig=XueZM2qLsKiYqKEphQSM9f6oT3A; ClientId=E65FCEC302BB4736B59541E6D9503BFF; OIDC=1; OpenIdConnect.nonce.v3.xob9Wyc4NWyPw9i2Wzi8swmlVnCV_IDqG0t9LSO8aew=638494694241058079.0c00dd14-e9e5-4359-94d4-8a572ce87288; X-OWA-RedirectHistory=ArLym14BH701oYpj3Ag; buid=0.AX0AMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8V_ZqC9SlCm1NHo9S1ZR7C_gIvZ9u3fUtzmpAO3MAmv-O4C1MdexJNcsciakVF5j7KTb2KZoaBFUpTFDoBCESKAI4CVmOePFU0hFj4drYPCwgAA; fpc=AnThUI6qYbhEtlLVSRMhvmyerOTJAQAAAPCVud0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8wNPiL86t56a3NC2NoN-zKAEeqPb3fMmlQDmohVxj6MMWdN675oad4AdpUqeSJarMswOm3wa6CBPsy1Ixg_-wzNZ6J2tYT7J1rHuhEzWGyZlCwF1R1qz4jxkV1q-7_hz-IZDsnNF_J1UYsuiJgkuesncMk9z_rqNDieaRgORVEEkgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 10462
Content-Type: text/css
Expires: Thu, 23 May 2024 11:43:46 GMT
ETag: 3B1A0C704CDAE8ECD48AA8F0D50409D981CEF21D7AE6DC85B0797D270101B151
Server: Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age = 31536000
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src api-d568a5be.duosecurity.com
Date: Tue, 23 Apr 2024 11:43:45 GMT
Connection: close
|
|
| 5vgo13xac4f.eurometal-eg.com/adfs/portal/illustration/illustration.png?id=183128A3C941EDE3D9199FA37D6AA90E0A7DFE101B37D10B4FEDA0CF35E11AFD | 5.230.74.74 | 200 OK | 117 kB |
URL GET HTTP/1.15vgo13xac4f.eurometal-eg.com/adfs/portal/illustration/illustration.png?id=183128A3C941EDE3D9199FA37D6AA90E0A7DFE101B37D10B4FEDA0CF35E11AFD IP5.230.74.74:443
Requested byhttps://5vgo13xac4f.eurometal-eg.com/?2owinjimx=aHR0cHM6Ly9hZGZzLnRjY20ub3JnL2FkZnMvbHMvP2xvZ2luX2hpbnQ9dnNoZXJpZGFuJTQwdGNjbS5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9OTJlODM1ZjItZjhhMi0wMDZiLTI4ZmItNTY5ZjA2YzkwN2ZjJnVzZXJuYW1lPXZzaGVyaWRhbiU0MHRjY20ub3JnJndhPXdzaWduaW4xLjAmd3RyZWFsbT11cm4lM2FmZWRlcmF0aW9uJTNhTWljcm9zb2Z0T25saW5lJndjdHg9ZXN0c3JlZGlyZWN0JTNkMiUyNmVzdHNyZXF1ZXN0JTNkclFRSUFSQUFqWkU5YUJOaEFJYno1ZEpyVV85SzNCVU9CNGxjY25lNXk5MFhFTXlsYVZPU3RxWkpUUk9SY0wzN0xybmN6NWZlWFM3OW9hTW82QkE2aVl2UU1TQ0tMbEljWE8xVWNPc2dqc1doYUtlZ0RqYTR1T2s3dkR6VE96eHZuR0FUYk9ZRzh5Y2NQVzZhMFhXV1Z0R1lfb29ibTU0NUUwNzI5a2RtNk9iUGV5X0lqNU9faHVCNjJfZTdYaWFaeEQzZnd0aE1ZRjAzVkpSUXNaM0VmU1g1RG9BakFFNEEyQXZIQXEtTlhFTlRuRHUtcXRvSjdMYUdZVEdka25qSXB5SFA4U3dqU0l3SUU0ektNSnJHOGpTQ1NLRDVsQUJweUdzOExTbUN5S2xJRWpsSk9nNWZXYzcyX0RZM0x1d2EyLWdzSE5XeGF6ZTcyUE9mRTBfQnJPckxzM2l4bGM4MzJzcGkwOGkzVTVzclhMMVdyVGNyLVp4Y1pNeWkwWFZadXJhMkdVQnhwWkwyUlczWlpPRFdobFFxaTlsaWFiNnhWWjBUNWcyejNOMnV5ZzJ2czFSMzVMYmM2aFZhd1FMWENHcHJ0ZVlLWjhOV1VKVWd4NjFhVU56UTlBNmlSYUdZYzFhemE5VTVXbmJXUFoyUmg4Ul9LWDVEa09mZWJPd2NFaVR1SXNmUWppTGdTd1I4allTWnFWRUU3RS1jZnhEXzVGNTdHWDJmR3dUaTI0Y19yb1lPSjVKV1g3THNWQ25aUVdWSDdtMVgta1ZyZVIwcHVVcUJXOUlYYnNFZ3IycFp6UXRXb1hrYlp0Z0JDUVlrZVVCR3A0aVpFRVhrN3JJbkpQaEdnc2VUb1lQb3Z3NDl1Z0NPTF9MVHBHb3BodTNGNGp1VW9UVjliQ0tIeXV4UW03YlhWTlV4QllyVlF4NlZ1VS1kNzFNUGRuZDNQMXdLalM0Xy12enF5ZkQ3czlQQzY1blFidzIj CertificateIssuerLet's Encrypt Subjecteurometal-eg.com Fingerprint5B:F1:17:70:60:A0:91:CC:62:D9:86:3B:B9:55:62:6B:B7:75:A4:AA ValiditySat, 20 Apr 2024 10:53:44 GMT - Fri, 19 Jul 2024 10:53:43 GMT
File typePNG image data, 1420 x 1080, 8-bit/color RGB, non-interlaced Size117 kB (116699 bytes) Hash1aee2235cc822dc6527bb377a4b363db e36089f29546687061f2ef30e2498a1e9744416d 183128a3c941ede3d9199fa37d6aa90e0a7dfe101b37d10b4feda0cf35e11afd
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Microsoft Outlook |
GET /adfs/portal/illustration/illustration.png?id=183128A3C941EDE3D9199FA37D6AA90E0A7DFE101B37D10B4FEDA0CF35E11AFD HTTP/1.1
Host: 5vgo13xac4f.eurometal-eg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5vgo13xac4f.eurometal-eg.com/?2owinjimx=aHR0cHM6Ly9hZGZzLnRjY20ub3JnL2FkZnMvbHMvP2xvZ2luX2hpbnQ9dnNoZXJpZGFuJTQwdGNjbS5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9OTJlODM1ZjItZjhhMi0wMDZiLTI4ZmItNTY5ZjA2YzkwN2ZjJnVzZXJuYW1lPXZzaGVyaWRhbiU0MHRjY20ub3JnJndhPXdzaWduaW4xLjAmd3RyZWFsbT11cm4lM2FmZWRlcmF0aW9uJTNhTWljcm9zb2Z0T25saW5lJndjdHg9ZXN0c3JlZGlyZWN0JTNkMiUyNmVzdHNyZXF1ZXN0JTNkclFRSUFSQUFqWkU5YUJOaEFJYno1ZEpyVV85SzNCVU9CNGxjY25lNXk5MFhFTXlsYVZPU3RxWkpUUk9SY0wzN0xybmN6NWZlWFM3OW9hTW82QkE2aVl2UU1TQ0tMbEljWE8xVWNPc2dqc1doYUtlZ0RqYTR1T2s3dkR6VE96eHZuR0FUYk9ZRzh5Y2NQVzZhMFhXV1Z0R1lfb29ibTU0NUUwNzI5a2RtNk9iUGV5X0lqNU9faHVCNjJfZTdYaWFaeEQzZnd0aE1ZRjAzVkpSUXNaM0VmU1g1RG9BakFFNEEyQXZIQXEtTlhFTlRuRHUtcXRvSjdMYUdZVEdka25qSXB5SFA4U3dqU0l3SUU0ektNSnJHOGpTQ1NLRDVsQUJweUdzOExTbUN5S2xJRWpsSk9nNWZXYzcyX0RZM0x1d2EyLWdzSE5XeGF6ZTcyUE9mRTBfQnJPckxzM2l4bGM4MzJzcGkwOGkzVTVzclhMMVdyVGNyLVp4Y1pNeWkwWFZadXJhMkdVQnhwWkwyUlczWlpPRFdobFFxaTlsaWFiNnhWWjBUNWcyejNOMnV5ZzJ2czFSMzVMYmM2aFZhd1FMWENHcHJ0ZVlLWjhOV1VKVWd4NjFhVU56UTlBNmlSYUdZYzFhemE5VTVXbmJXUFoyUmg4Ul9LWDVEa09mZWJPd2NFaVR1SXNmUWppTGdTd1I4allTWnFWRUU3RS1jZnhEXzVGNTdHWDJmR3dUaTI0Y19yb1lPSjVKV1g3THNWQ25aUVdWSDdtMVgta1ZyZVIwcHVVcUJXOUlYYnNFZ3IycFp6UXRXb1hrYlp0Z0JDUVlrZVVCR3A0aVpFRVhrN3JJbkpQaEdnc2VUb1lQb3Z3NDl1Z0NPTF9MVHBHb3BodTNGNGp1VW9UVjliQ0tIeXV4UW03YlhWTlV4QllyVlF4NlZ1VS1kNzFNUGRuZDNQMXdLalM0Xy12enF5ZkQ3czlQQzY1blFidzIj
Cookie: qPdM=Ayu6fN8YQPww; qPdM.sig=XueZM2qLsKiYqKEphQSM9f6oT3A; ClientId=E65FCEC302BB4736B59541E6D9503BFF; OIDC=1; OpenIdConnect.nonce.v3.xob9Wyc4NWyPw9i2Wzi8swmlVnCV_IDqG0t9LSO8aew=638494694241058079.0c00dd14-e9e5-4359-94d4-8a572ce87288; X-OWA-RedirectHistory=ArLym14BH701oYpj3Ag; buid=0.AX0AMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8V_ZqC9SlCm1NHo9S1ZR7C_gIvZ9u3fUtzmpAO3MAmv-O4C1MdexJNcsciakVF5j7KTb2KZoaBFUpTFDoBCESKAI4CVmOePFU0hFj4drYPCwgAA; fpc=AnThUI6qYbhEtlLVSRMhvmyerOTJAQAAAPCVud0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8wNPiL86t56a3NC2NoN-zKAEeqPb3fMmlQDmohVxj6MMWdN675oad4AdpUqeSJarMswOm3wa6CBPsy1Ixg_-wzNZ6J2tYT7J1rHuhEzWGyZlCwF1R1qz4jxkV1q-7_hz-IZDsnNF_J1UYsuiJgkuesncMk9z_rqNDieaRgORVEEkgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 116699
Content-Type: image/png
Expires: Thu, 23 May 2024 11:43:47 GMT
ETag: 183128A3C941EDE3D9199FA37D6AA90E0A7DFE101B37D10B4FEDA0CF35E11AFD
Server: Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age = 31536000
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src api-d568a5be.duosecurity.com
Date: Tue, 23 Apr 2024 11:43:47 GMT
Connection: close
|
|
| 5vgo13xac4f.eurometal-eg.com/?2owinjimx=aHR0cHM6Ly9hZGZzLnRjY20ub3JnL2FkZnMvbHMvP2xvZ2luX2hpbnQ9dnNoZXJpZGFuJTQwdGNjbS5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9OTJlODM1ZjItZjhhMi0wMDZiLTI4ZmItNTY5ZjA2YzkwN2ZjJnVzZXJuYW1lPXZzaGVyaWRhbiU0MHRjY20ub3JnJndhPXdzaWduaW4xLjAmd3RyZWFsbT11cm4lM2FmZWRlcmF0aW9uJTNhTWljcm9zb2Z0T25saW5lJndjdHg9ZXN0c3JlZGlyZWN0JTNkMiUyNmVzdHNyZXF1ZXN0JTNkclFRSUFSQUFqWkU5YUJOaEFJYno1ZEpyVV85SzNCVU9CNGxjY25lNXk5MFhFTXlsYVZPU3RxWkpUUk9SY0wzN0xybmN6NWZlWFM3OW9hTW82QkE2aVl2UU1TQ0tMbEljWE8xVWNPc2dqc1doYUtlZ0RqYTR1T2s3dkR6VE96eHZuR0FUYk9ZRzh5Y2NQVzZhMFhXV1Z0R1lfb29ibTU0NUUwNzI5a2RtNk9iUGV5X0lqNU9faHVCNjJfZTdYaWFaeEQzZnd0aE1ZRjAzVkpSUXNaM0VmU1g1RG9BakFFNEEyQXZIQXEtTlhFTlRuRHUtcXRvSjdMYUdZVEdka25qSXB5SFA4U3dqU0l3SUU0ektNSnJHOGpTQ1NLRDVsQUJweUdzOExTbUN5S2xJRWpsSk9nNWZXYzcyX0RZM0x1d2EyLWdzSE5XeGF6ZTcyUE9mRTBfQnJPckxzM2l4bGM4MzJzcGkwOGkzVTVzclhMMVdyVGNyLVp4Y1pNeWkwWFZadXJhMkdVQnhwWkwyUlczWlpPRFdobFFxaTlsaWFiNnhWWjBUNWcyejNOMnV5ZzJ2czFSMzVMYmM2aFZhd1FMWENHcHJ0ZVlLWjhOV1VKVWd4NjFhVU56UTlBNmlSYUdZYzFhemE5VTVXbmJXUFoyUmg4Ul9LWDVEa09mZWJPd2NFaVR1SXNmUWppTGdTd1I4allTWnFWRUU3RS1jZnhEXzVGNTdHWDJmR3dUaTI0Y19yb1lPSjVKV1g3THNWQ25aUVdWSDdtMVgta1ZyZVIwcHVVcUJXOUlYYnNFZ3IycFp6UXRXb1hrYlp0Z0JDUVlrZVVCR3A0aVpFRVhrN3JJbkpQaEdnc2VUb1lQb3Z3NDl1Z0NPTF9MVHBHb3BodTNGNGp1VW9UVjliQ0tIeXV4UW03YlhWTlV4QllyVlF4NlZ1VS1kNzFNUGRuZDNQMXdLalM0Xy12enF5ZkQ3czlQQzY1blFidzIj | 5.230.74.74 | 200 OK | 25 kB |
URL GET HTTP/1.15vgo13xac4f.eurometal-eg.com/?2owinjimx=aHR0cHM6Ly9hZGZzLnRjY20ub3JnL2FkZnMvbHMvP2xvZ2luX2hpbnQ9dnNoZXJpZGFuJTQwdGNjbS5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9OTJlODM1ZjItZjhhMi0wMDZiLTI4ZmItNTY5ZjA2YzkwN2ZjJnVzZXJuYW1lPXZzaGVyaWRhbiU0MHRjY20ub3JnJndhPXdzaWduaW4xLjAmd3RyZWFsbT11cm4lM2FmZWRlcmF0aW9uJTNhTWljcm9zb2Z0T25saW5lJndjdHg9ZXN0c3JlZGlyZWN0JTNkMiUyNmVzdHNyZXF1ZXN0JTNkclFRSUFSQUFqWkU5YUJOaEFJYno1ZEpyVV85SzNCVU9CNGxjY25lNXk5MFhFTXlsYVZPU3RxWkpUUk9SY0wzN0xybmN6NWZlWFM3OW9hTW82QkE2aVl2UU1TQ0tMbEljWE8xVWNPc2dqc1doYUtlZ0RqYTR1T2s3dkR6VE96eHZuR0FUYk9ZRzh5Y2NQVzZhMFhXV1Z0R1lfb29ibTU0NUUwNzI5a2RtNk9iUGV5X0lqNU9faHVCNjJfZTdYaWFaeEQzZnd0aE1ZRjAzVkpSUXNaM0VmU1g1RG9BakFFNEEyQXZIQXEtTlhFTlRuRHUtcXRvSjdMYUdZVEdka25qSXB5SFA4U3dqU0l3SUU0ektNSnJHOGpTQ1NLRDVsQUJweUdzOExTbUN5S2xJRWpsSk9nNWZXYzcyX0RZM0x1d2EyLWdzSE5XeGF6ZTcyUE9mRTBfQnJPckxzM2l4bGM4MzJzcGkwOGkzVTVzclhMMVdyVGNyLVp4Y1pNeWkwWFZadXJhMkdVQnhwWkwyUlczWlpPRFdobFFxaTlsaWFiNnhWWjBUNWcyejNOMnV5ZzJ2czFSMzVMYmM2aFZhd1FMWENHcHJ0ZVlLWjhOV1VKVWd4NjFhVU56UTlBNmlSYUdZYzFhemE5VTVXbmJXUFoyUmg4Ul9LWDVEa09mZWJPd2NFaVR1SXNmUWppTGdTd1I4allTWnFWRUU3RS1jZnhEXzVGNTdHWDJmR3dUaTI0Y19yb1lPSjVKV1g3THNWQ25aUVdWSDdtMVgta1ZyZVIwcHVVcUJXOUlYYnNFZ3IycFp6UXRXb1hrYlp0Z0JDUVlrZVVCR3A0aVpFRVhrN3JJbkpQaEdnc2VUb1lQb3Z3NDl1Z0NPTF9MVHBHb3BodTNGNGp1VW9UVjliQ0tIeXV4UW03YlhWTlV4QllyVlF4NlZ1VS1kNzFNUGRuZDNQMXdLalM0Xy12enF5ZkQ3czlQQzY1blFidzIj IP5.230.74.74:443
Requested byhttps://6347e135.cdaaf2bc902c005246e781ba.workers.dev/?qrc=vsheridan@tccm.org CertificateIssuerLet's Encrypt Subjecteurometal-eg.com Fingerprint5B:F1:17:70:60:A0:91:CC:62:D9:86:3B:B9:55:62:6B:B7:75:A4:AA ValiditySat, 20 Apr 2024 10:53:44 GMT - Fri, 19 Jul 2024 10:53:43 GMT
File typeJavaScript source, ASCII text, with very long lines (1137), with CRLF, LF line terminators Hashcc66536d9191965d94b8f7128a7a2bf6 7c9314d71a4dd97f5d53842c25d0886f93e34fb7 28ebcb5f0fb6ac51e8044e62aa8de15087327b6828d0c66d226b3338d10435ab
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Microsoft Outlook |
GET /?2owinjimx=aHR0cHM6Ly9hZGZzLnRjY20ub3JnL2FkZnMvbHMvP2xvZ2luX2hpbnQ9dnNoZXJpZGFuJTQwdGNjbS5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9OTJlODM1ZjItZjhhMi0wMDZiLTI4ZmItNTY5ZjA2YzkwN2ZjJnVzZXJuYW1lPXZzaGVyaWRhbiU0MHRjY20ub3JnJndhPXdzaWduaW4xLjAmd3RyZWFsbT11cm4lM2FmZWRlcmF0aW9uJTNhTWljcm9zb2Z0T25saW5lJndjdHg9ZXN0c3JlZGlyZWN0JTNkMiUyNmVzdHNyZXF1ZXN0JTNkclFRSUFSQUFqWkU5YUJOaEFJYno1ZEpyVV85SzNCVU9CNGxjY25lNXk5MFhFTXlsYVZPU3RxWkpUUk9SY0wzN0xybmN6NWZlWFM3OW9hTW82QkE2aVl2UU1TQ0tMbEljWE8xVWNPc2dqc1doYUtlZ0RqYTR1T2s3dkR6VE96eHZuR0FUYk9ZRzh5Y2NQVzZhMFhXV1Z0R1lfb29ibTU0NUUwNzI5a2RtNk9iUGV5X0lqNU9faHVCNjJfZTdYaWFaeEQzZnd0aE1ZRjAzVkpSUXNaM0VmU1g1RG9BakFFNEEyQXZIQXEtTlhFTlRuRHUtcXRvSjdMYUdZVEdka25qSXB5SFA4U3dqU0l3SUU0ektNSnJHOGpTQ1NLRDVsQUJweUdzOExTbUN5S2xJRWpsSk9nNWZXYzcyX0RZM0x1d2EyLWdzSE5XeGF6ZTcyUE9mRTBfQnJPckxzM2l4bGM4MzJzcGkwOGkzVTVzclhMMVdyVGNyLVp4Y1pNeWkwWFZadXJhMkdVQnhwWkwyUlczWlpPRFdobFFxaTlsaWFiNnhWWjBUNWcyejNOMnV5ZzJ2czFSMzVMYmM2aFZhd1FMWENHcHJ0ZVlLWjhOV1VKVWd4NjFhVU56UTlBNmlSYUdZYzFhemE5VTVXbmJXUFoyUmg4Ul9LWDVEa09mZWJPd2NFaVR1SXNmUWppTGdTd1I4allTWnFWRUU3RS1jZnhEXzVGNTdHWDJmR3dUaTI0Y19yb1lPSjVKV1g3THNWQ25aUVdWSDdtMVgta1ZyZVIwcHVVcUJXOUlYYnNFZ3IycFp6UXRXb1hrYlp0Z0JDUVlrZVVCR3A0aVpFRVhrN3JJbkpQaEdnc2VUb1lQb3Z3NDl1Z0NPTF9MVHBHb3BodTNGNGp1VW9UVjliQ0tIeXV4UW03YlhWTlV4QllyVlF4NlZ1VS1kNzFNUGRuZDNQMXdLalM0Xy12enF5ZkQ3czlQQzY1blFidzIj HTTP/1.1
Host: 5vgo13xac4f.eurometal-eg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://6347e135.cdaaf2bc902c005246e781ba.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=Ayu6fN8YQPww; qPdM.sig=XueZM2qLsKiYqKEphQSM9f6oT3A; ClientId=E65FCEC302BB4736B59541E6D9503BFF; OIDC=1; OpenIdConnect.nonce.v3.xob9Wyc4NWyPw9i2Wzi8swmlVnCV_IDqG0t9LSO8aew=638494694241058079.0c00dd14-e9e5-4359-94d4-8a572ce87288; X-OWA-RedirectHistory=ArLym14BH701oYpj3Ag; buid=0.AX0AMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8V_ZqC9SlCm1NHo9S1ZR7C_gIvZ9u3fUtzmpAO3MAmv-O4C1MdexJNcsciakVF5j7KTb2KZoaBFUpTFDoBCESKAI4CVmOePFU0hFj4drYPCwgAA; fpc=AnThUI6qYbhEtlLVSRMhvmyerOTJAQAAAPCVud0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8wNPiL86t56a3NC2NoN-zKAEeqPb3fMmlQDmohVxj6MMWdN675oad4AdpUqeSJarMswOm3wa6CBPsy1Ixg_-wzNZ6J2tYT7J1rHuhEzWGyZlCwF1R1qz4jxkV1q-7_hz-IZDsnNF_J1UYsuiJgkuesncMk9z_rqNDieaRgORVEEkgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store
Pragma: no-cache
content-length: 25272
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age = 31536000
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Date: Tue, 23 Apr 2024 11:43:45 GMT
Connection: close
|
|
| 6347e135.cdaaf2bc902c005246e781ba.workers.dev/favicon.ico | 104.21.12.162 | 200 OK | 3.3 kB |
URL GET HTTP/36347e135.cdaaf2bc902c005246e781ba.workers.dev/favicon.ico IP104.21.12.162:443
Requested byhttps://6347e135.cdaaf2bc902c005246e781ba.workers.dev/?qrc=vsheridan@tccm.org CertificateIssuerGoogle Trust Services LLC Subjectcdaaf2bc902c005246e781ba.workers.dev Fingerprint89:3D:9A:54:18:03:81:14:07:3F:E5:F7:E0:AB:2D:D0:9F:68:0D:43 ValidityTue, 16 Apr 2024 12:51:36 GMT - Mon, 15 Jul 2024 12:51:35 GMT
File typeHTML document, ASCII text, with very long lines (3271), with no line terminators Hash7bfeee95de02d8baa9387254750d1a9d 465014795f16ab99f232678a02f2f9bdb3da0596 1ee236e6810d25f116e18bd384a29de9e9e2b83556f3b1ef4d7fa00aed42a77c
GET /favicon.ico HTTP/1.1
Host: 6347e135.cdaaf2bc902c005246e781ba.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6347e135.cdaaf2bc902c005246e781ba.workers.dev/?qrc=vsheridan@tccm.org
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 23 Apr 2024 11:43:43 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hsy704x3GiehtP5PsR5gxl26sf94%2Bdn2LAbviQdkRW8DHg4nQaTneBP8fHHmoUtKIiphOfULumvA2Lmom5sb%2FxthaKCW4jWjttNz%2F90B6Iugt%2BapeJlZ2tDpy2X2%2BUkv9vzZcSF7JQfAdHYvZWpTaPQTgpRY%2Fp9za4JG5QqinO4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 878d98fa7e5956b9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| 5vgo13xac4f.eurometal-eg.com/?qrc=vsheridan%40tccm.org | 5.230.74.74 | 302 Moved Temporarily | 25 kB |
URL GET HTTP/1.15vgo13xac4f.eurometal-eg.com/?qrc=vsheridan%40tccm.org IP5.230.74.74:443
Requested byhttps://6347e135.cdaaf2bc902c005246e781ba.workers.dev/?qrc=vsheridan@tccm.org CertificateIssuerLet's Encrypt Subjecteurometal-eg.com Fingerprint5B:F1:17:70:60:A0:91:CC:62:D9:86:3B:B9:55:62:6B:B7:75:A4:AA ValiditySat, 20 Apr 2024 10:53:44 GMT - Fri, 19 Jul 2024 10:53:43 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Microsoft Outlook |
GET /?qrc=vsheridan%40tccm.org HTTP/1.1
Host: 5vgo13xac4f.eurometal-eg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://6347e135.cdaaf2bc902c005246e781ba.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=Ayu6fN8YQPww; qPdM.sig=XueZM2qLsKiYqKEphQSM9f6oT3A
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache
Pragma: no-cache
Location: https://5vgo13xac4f.eurometal-eg.com/owa/?login_hint=vsheridan%40tccm.org
Server: Microsoft-IIS/10.0
request-id: ee481250-ab42-bb07-7d41-afde7dcf1e9a
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-FEServer: FR2P281CA0175, FR2P281CA0175
X-RequestId: a3d0d80f-9e7c-45e7-a43e-43ad27d312f8
X-FEProxyInfo: FR2P281CA0175.DEUP281.PROD.OUTLOOK.COM
X-FEEFZInfo: FRA
MS-CV: UBJI7kKrB7t9Qa/efc8emg.0
X-Powered-By: ASP.NET
Date: Tue, 23 Apr 2024 11:43:43 GMT
Connection: close
Content-Length: 0
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|