Report - jerfm.com/gkvd/hGhk/89098b8e3b63e405ef60f87965cd1e2a/bDWxeV/cGF1bC5oZWlzc0BvbmNvci5jb20=

Report Overview

Submitted URL
jerfm.com/gkvd/hGhk/89098b8e3b63e405ef60f87965cd1e2a/bDWxeV/cGF1bC5oZWlzc0BvbmNvci5jb20=
IP
192.99.71.92
ASN
#16276 OVH SAS
Submitted
2024-04-16 18:15:01
Access
public
Website Title
94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=paul.heiss@oncor.com
Final URL
94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=paul.heiss@oncor.com
Tags
phishing microsoft outlook
urlquery detections
Phishing - Microsoft Outlook

Detections

urlquery
8
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
jerfm.com	unknown	2023-06-27	2015-02-06	2024-04-16	542 B	290 B	192.99.71.92
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20	2024-04-16	1.3 kB	85 kB	104.17.3.184
94e6f5a7.58598891ef09ac737cee0cf3.workers.dev	unknown	2019-02-08	2024-04-12	2024-04-16	1.0 kB	4.4 kB	188.114.96.1
legacywhf.com	unknown	2024-01-18	2024-02-19	2024-04-14	7.1 kB	104 kB	5.230.40.9
logincdn.msftauth.net	unknown	2018-10-25	2020-04-24	2024-04-16	1.4 kB	264 kB	192.229.221.185

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-14	medium	94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/	Office365
2024-04-14	medium	94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/	Office365

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (22)

	URL	Size	First Seen	Last Seen
	data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX0pKTtkb2N1bWVudC5kb2N1bWVudEVsZW1lbnQuc3R5bGUuZmlsdGVyPSJodWUtcm90YXRlKDRkZWcpIjtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImciXX0pKTtzZXRUaW1lb3V0KGMsMWUzKX19YygpOwo=	341 B	2023-10-02	2024-05-01
Pretty URL data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX0pKTtkb2N1bWVudC5kb2N1bWVudEVsZW1lbnQuc3R5bGUuZmlsdGVyPSJodWUtcm90YXRlKDRkZWcpIjtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImciXX0pKTtzZXRUaW1lb3V0KGMsMWUzKX19YygpOwo= IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-02 01:17:43 Last Seen2024-05-01 23:32:05 Times Seen33080 Hash d6f18bfe02b31db3664d5d27f03ea142 aae6f850e8ea4ff74dcd6213ad6a4565cbd6802e 90682803943448f3acffc81014c87fdd71f30d8cf97335fcea451fac1e568221 Loading...

	legacywhf.com/?khwxgq2e6=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/c2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwrb2ZmbGluZV9hY2Nlc3MmcmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD01MTQ4MzM0Mi0wODVjLTRkODYtYmY4OC1jZjUwYzcyNTIwNzgmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3QmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmbG9naW4ubWljcm9zb2Z0b25saW5lLmNvbSUyZmNvbW1vbiUyZmZlZGVyYXRpb24lMmZvYXV0aDJtc2Emc3RhdGU9clFRSUFSQUFqVkU5YUJOeEhNMF9sNTVOYlcwcDdzTGhWTDBrOTVWY0lnVnp6WGViWEd2NllTTnkzbWZ1MHN2OXJfZVZwS1dyQ29LMGdnanRwbHNYaTR0U1FSekZxWXRMUVhBc0hZbzRGWEV3cVl1YnZ1SHg0TUh2OTNodkNpRmlST1o2NGc5SWZNQjRRdE1JWEZZSDZpODRreU1UWjFqOHp2TzlMd2N0NVBXcjZON1B0N3NnS3BoR29NWmsyTjRIMTNUUHM5MU1QQTU5ejRSd0xRWTF6WkF2ekRqc2lQRjNBQndCY0FMQXNfQlZXX1RObUs0YXJuc2JXakowTGk2RVUwbUtwZGstRWl6RnNDUkpKSm1Zck5McHRKaEs0eEl0a1RpZEZrbWNUU3I5YkVrcFNUS3NxdENNZEJ3ZTU3Ty1wNU1EZ282eG9mNElSelhvdEFVYnV0NHU4aFRrVmowdTU1YWItV3lPQzl4bHV1bFhTQ2dISE00dDVNeUNVZV9wdGtNTG1sSmZhZmlRV2E0M3FXYmRhX0NRWC1ybEt6bERuTThXNUdaS05WZGgxMjRaalJZSHE5Mm1XT3p3ZkcwbTU4X1ljNzZ4WVFaeWp6WHdXcG9tTldkUldDRWNuRkkySU9uM002ZElKVUZsUFVIaVMzZExuWDNrdnlwX2c2RDlXdHJRLW95ZzBGWXRRem1LZ0c4UmNCb0pKNGJQSS1EbFVILVRKN2Nlam84OXFIR1B2aG83Ulo4TGZSNkttOVZsVXF5NENTWlA5S1NxNkhUWDVwSldqWnBkQ1BocWRhbFlLaS11cjVhNW5sLXd5dE4waHRoR3dUYUtIcUxSWVdRaWhDRXo4OFFKQ3I2ajRQR2wwR0gwWDZNZVhRWUhvLUI0bEI1QlpWTTAydTdrMUNabUtJSUgxMVFMeTJ4aTNiWXJ5UEpBQmFMcHF5Nld1WWYxWDJEM3Q3YTJQbzZGenFfOC1yRF9mdWZUaTdQUzZmak5XYmRXWlIybE0wZVZtTUJxNWZYR2pVSkhsOGh5a1d3c2RaVjFycjNlRGF5S0Rsdnk5TUZFNkRjMSZsb2dpbl9oaW50PXBhdWwuaGVpc3MlNDBvbmNvci5jb20mZXN0c2ZlZD0xJnVhaWQ9NTIyZjIyZWU5Yjk1YjBkNTZhMDNhZmEzMDk5YmZhYjcmY29icmFuZGlkPWRlYjNmNzRhLWVkNWItNGVmMS04ZDNjLTkyYjg1ZGQ0NzM1MiZmY2k9MDAwMDAwMDItMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwIw==	250 B	2023-03-07	2024-05-01
Pretty URL legacywhf.com/?khwxgq2e6=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/c2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwrb2ZmbGluZV9hY2Nlc3MmcmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD01MTQ4MzM0Mi0wODVjLTRkODYtYmY4OC1jZjUwYzcyNTIwNzgmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3QmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmbG9naW4ubWljcm9zb2Z0b25saW5lLmNvbSUyZmNvbW1vbiUyZmZlZGVyYXRpb24lMmZvYXV0aDJtc2Emc3RhdGU9clFRSUFSQUFqVkU5YUJOeEhNMF9sNTVOYlcwcDdzTGhWTDBrOTVWY0lnVnp6WGViWEd2NllTTnkzbWZ1MHN2OXJfZVZwS1dyQ29LMGdnanRwbHNYaTR0U1FSekZxWXRMUVhBc0hZbzRGWEV3cVl1YnZ1SHg0TUh2OTNodkNpRmlST1o2NGc5SWZNQjRRdE1JWEZZSDZpODRreU1UWjFqOHp2TzlMd2N0NVBXcjZON1B0N3NnS3BoR29NWmsyTjRIMTNUUHM5MU1QQTU5ejRSd0xRWTF6WkF2ekRqc2lQRjNBQndCY0FMQXNfQlZXX1RObUs0YXJuc2JXakowTGk2RVUwbUtwZGstRWl6RnNDUkpKSm1Zck5McHRKaEs0eEl0a1RpZEZrbWNUU3I5YkVrcFNUS3NxdENNZEJ3ZTU3Ty1wNU1EZ282eG9mNElSelhvdEFVYnV0NHU4aFRrVmowdTU1YWItV3lPQzl4bHV1bFhTQ2dISE00dDVNeUNVZV9wdGtNTG1sSmZhZmlRV2E0M3FXYmRhX0NRWC1ybEt6bERuTThXNUdaS05WZGgxMjRaalJZSHE5Mm1XT3p3ZkcwbTU4X1ljNzZ4WVFaeWp6WHdXcG9tTldkUldDRWNuRkkySU9uM002ZElKVUZsUFVIaVMzZExuWDNrdnlwX2c2RDlXdHJRLW95ZzBGWXRRem1LZ0c4UmNCb0pKNGJQSS1EbFVILVRKN2Nlam84OXFIR1B2aG83Ulo4TGZSNkttOVZsVXF5NENTWlA5S1NxNkhUWDVwSldqWnBkQ1BocWRhbFlLaS11cjVhNW5sLXd5dE4waHRoR3dUYUtIcUxSWVdRaWhDRXo4OFFKQ3I2ajRQR2wwR0gwWDZNZVhRWUhvLUI0bEI1QlpWTTAydTdrMUNabUtJSUgxMVFMeTJ4aTNiWXJ5UEpBQmFMcHF5Nld1WWYxWDJEM3Q3YTJQbzZGenFfOC1yRF9mdWZUaTdQUzZmak5XYmRXWlIybE0wZVZtTUJxNWZYR2pVSkhsOGh5a1d3c2RaVjFycjNlRGF5S0Rsdnk5TUZFNkRjMSZsb2dpbl9oaW50PXBhdWwuaGVpc3MlNDBvbmNvci5jb20mZXN0c2ZlZD0xJnVhaWQ9NTIyZjIyZWU5Yjk1YjBkNTZhMDNhZmEzMDk5YmZhYjcmY29icmFuZGlkPWRlYjNmNzRhLWVkNWItNGVmMS04ZDNjLTkyYjg1ZGQ0NzM1MiZmY2k9MDAwMDAwMDItMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwIw== IP 5.230.40.9 ASN #12586 GHOSTnet GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:25:33 Last Seen2024-05-01 20:33:06 Times Seen1037 Hash 31726b85324d5d02fb7c6d8ea96988e3 e25a6e3372944a3788df8f36982700d9a7c552c4 6bb4231b11dd1282c63397c375c3b33bf2e35e61012989d98945f4046a8652ee Loading...

	logincdn.msftauth.net/shared/5/js/login_en_R9cd1P-sU5i6N1WyJUoyQA2.js	895 kB	2024-04-11	2024-04-19
Pretty URL logincdn.msftauth.net/shared/5/js/login_en_R9cd1P-sU5i6N1WyJUoyQA2.js IP 192.229.221.185 ASN #15133 EDGECAST Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-11 02:24:08 Last Seen2024-04-19 07:44:18 Times Seen14 Hash 47d71dd4ffac5398ba3755b2254a3240 6cc4345699a7c93ebc5feaa6a9f038b009084057 255874c4c3b796c4f5da10b736c043847be2b3bfa47c662bf49ff9e7f0f4ca0c Loading...

	legacywhf.com/?khwxgq2e6=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/c2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwrb2ZmbGluZV9hY2Nlc3MmcmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD01MTQ4MzM0Mi0wODVjLTRkODYtYmY4OC1jZjUwYzcyNTIwNzgmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3QmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmbG9naW4ubWljcm9zb2Z0b25saW5lLmNvbSUyZmNvbW1vbiUyZmZlZGVyYXRpb24lMmZvYXV0aDJtc2Emc3RhdGU9clFRSUFSQUFqVkU5YUJOeEhNMF9sNTVOYlcwcDdzTGhWTDBrOTVWY0lnVnp6WGViWEd2NllTTnkzbWZ1MHN2OXJfZVZwS1dyQ29LMGdnanRwbHNYaTR0U1FSekZxWXRMUVhBc0hZbzRGWEV3cVl1YnZ1SHg0TUh2OTNodkNpRmlST1o2NGc5SWZNQjRRdE1JWEZZSDZpODRreU1UWjFqOHp2TzlMd2N0NVBXcjZON1B0N3NnS3BoR29NWmsyTjRIMTNUUHM5MU1QQTU5ejRSd0xRWTF6WkF2ekRqc2lQRjNBQndCY0FMQXNfQlZXX1RObUs0YXJuc2JXakowTGk2RVUwbUtwZGstRWl6RnNDUkpKSm1Zck5McHRKaEs0eEl0a1RpZEZrbWNUU3I5YkVrcFNUS3NxdENNZEJ3ZTU3Ty1wNU1EZ282eG9mNElSelhvdEFVYnV0NHU4aFRrVmowdTU1YWItV3lPQzl4bHV1bFhTQ2dISE00dDVNeUNVZV9wdGtNTG1sSmZhZmlRV2E0M3FXYmRhX0NRWC1ybEt6bERuTThXNUdaS05WZGgxMjRaalJZSHE5Mm1XT3p3ZkcwbTU4X1ljNzZ4WVFaeWp6WHdXcG9tTldkUldDRWNuRkkySU9uM002ZElKVUZsUFVIaVMzZExuWDNrdnlwX2c2RDlXdHJRLW95ZzBGWXRRem1LZ0c4UmNCb0pKNGJQSS1EbFVILVRKN2Nlam84OXFIR1B2aG83Ulo4TGZSNkttOVZsVXF5NENTWlA5S1NxNkhUWDVwSldqWnBkQ1BocWRhbFlLaS11cjVhNW5sLXd5dE4waHRoR3dUYUtIcUxSWVdRaWhDRXo4OFFKQ3I2ajRQR2wwR0gwWDZNZVhRWUhvLUI0bEI1QlpWTTAydTdrMUNabUtJSUgxMVFMeTJ4aTNiWXJ5UEpBQmFMcHF5Nld1WWYxWDJEM3Q3YTJQbzZGenFfOC1yRF9mdWZUaTdQUzZmak5XYmRXWlIybE0wZVZtTUJxNWZYR2pVSkhsOGh5a1d3c2RaVjFycjNlRGF5S0Rsdnk5TUZFNkRjMSZsb2dpbl9oaW50PXBhdWwuaGVpc3MlNDBvbmNvci5jb20mZXN0c2ZlZD0xJnVhaWQ9NTIyZjIyZWU5Yjk1YjBkNTZhMDNhZmEzMDk5YmZhYjcmY29icmFuZGlkPWRlYjNmNzRhLWVkNWItNGVmMS04ZDNjLTkyYjg1ZGQ0NzM1MiZmY2k9MDAwMDAwMDItMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwIw==	19 kB	2024-04-16	2024-04-16
Pretty URL legacywhf.com/?khwxgq2e6=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/c2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwrb2ZmbGluZV9hY2Nlc3MmcmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD01MTQ4MzM0Mi0wODVjLTRkODYtYmY4OC1jZjUwYzcyNTIwNzgmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3QmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmbG9naW4ubWljcm9zb2Z0b25saW5lLmNvbSUyZmNvbW1vbiUyZmZlZGVyYXRpb24lMmZvYXV0aDJtc2Emc3RhdGU9clFRSUFSQUFqVkU5YUJOeEhNMF9sNTVOYlcwcDdzTGhWTDBrOTVWY0lnVnp6WGViWEd2NllTTnkzbWZ1MHN2OXJfZVZwS1dyQ29LMGdnanRwbHNYaTR0U1FSekZxWXRMUVhBc0hZbzRGWEV3cVl1YnZ1SHg0TUh2OTNodkNpRmlST1o2NGc5SWZNQjRRdE1JWEZZSDZpODRreU1UWjFqOHp2TzlMd2N0NVBXcjZON1B0N3NnS3BoR29NWmsyTjRIMTNUUHM5MU1QQTU5ejRSd0xRWTF6WkF2ekRqc2lQRjNBQndCY0FMQXNfQlZXX1RObUs0YXJuc2JXakowTGk2RVUwbUtwZGstRWl6RnNDUkpKSm1Zck5McHRKaEs0eEl0a1RpZEZrbWNUU3I5YkVrcFNUS3NxdENNZEJ3ZTU3Ty1wNU1EZ282eG9mNElSelhvdEFVYnV0NHU4aFRrVmowdTU1YWItV3lPQzl4bHV1bFhTQ2dISE00dDVNeUNVZV9wdGtNTG1sSmZhZmlRV2E0M3FXYmRhX0NRWC1ybEt6bERuTThXNUdaS05WZGgxMjRaalJZSHE5Mm1XT3p3ZkcwbTU4X1ljNzZ4WVFaeWp6WHdXcG9tTldkUldDRWNuRkkySU9uM002ZElKVUZsUFVIaVMzZExuWDNrdnlwX2c2RDlXdHJRLW95ZzBGWXRRem1LZ0c4UmNCb0pKNGJQSS1EbFVILVRKN2Nlam84OXFIR1B2aG83Ulo4TGZSNkttOVZsVXF5NENTWlA5S1NxNkhUWDVwSldqWnBkQ1BocWRhbFlLaS11cjVhNW5sLXd5dE4waHRoR3dUYUtIcUxSWVdRaWhDRXo4OFFKQ3I2ajRQR2wwR0gwWDZNZVhRWUhvLUI0bEI1QlpWTTAydTdrMUNabUtJSUgxMVFMeTJ4aTNiWXJ5UEpBQmFMcHF5Nld1WWYxWDJEM3Q3YTJQbzZGenFfOC1yRF9mdWZUaTdQUzZmak5XYmRXWlIybE0wZVZtTUJxNWZYR2pVSkhsOGh5a1d3c2RaVjFycjNlRGF5S0Rsdnk5TUZFNkRjMSZsb2dpbl9oaW50PXBhdWwuaGVpc3MlNDBvbmNvci5jb20mZXN0c2ZlZD0xJnVhaWQ9NTIyZjIyZWU5Yjk1YjBkNTZhMDNhZmEzMDk5YmZhYjcmY29icmFuZGlkPWRlYjNmNzRhLWVkNWItNGVmMS04ZDNjLTkyYjg1ZGQ0NzM1MiZmY2k9MDAwMDAwMDItMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwIw== IP 5.230.40.9 ASN #12586 GHOSTnet GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-16 20:15:02 Last Seen2024-04-16 20:15:02 Times Seen1 Hash 3354b3657c407814051f75c5c37a5203 a62a518acbd421f0115e12da1c54b91d2db2e69a 7ddb10e639ef90f6099a6e689684873ad0bd32ae654ca5d0c2ee9a38add8bc89 Loading...

	legacywhf.com/?khwxgq2e6=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/c2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwrb2ZmbGluZV9hY2Nlc3MmcmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD01MTQ4MzM0Mi0wODVjLTRkODYtYmY4OC1jZjUwYzcyNTIwNzgmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3QmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmbG9naW4ubWljcm9zb2Z0b25saW5lLmNvbSUyZmNvbW1vbiUyZmZlZGVyYXRpb24lMmZvYXV0aDJtc2Emc3RhdGU9clFRSUFSQUFqVkU5YUJOeEhNMF9sNTVOYlcwcDdzTGhWTDBrOTVWY0lnVnp6WGViWEd2NllTTnkzbWZ1MHN2OXJfZVZwS1dyQ29LMGdnanRwbHNYaTR0U1FSekZxWXRMUVhBc0hZbzRGWEV3cVl1YnZ1SHg0TUh2OTNodkNpRmlST1o2NGc5SWZNQjRRdE1JWEZZSDZpODRreU1UWjFqOHp2TzlMd2N0NVBXcjZON1B0N3NnS3BoR29NWmsyTjRIMTNUUHM5MU1QQTU5ejRSd0xRWTF6WkF2ekRqc2lQRjNBQndCY0FMQXNfQlZXX1RObUs0YXJuc2JXakowTGk2RVUwbUtwZGstRWl6RnNDUkpKSm1Zck5McHRKaEs0eEl0a1RpZEZrbWNUU3I5YkVrcFNUS3NxdENNZEJ3ZTU3Ty1wNU1EZ282eG9mNElSelhvdEFVYnV0NHU4aFRrVmowdTU1YWItV3lPQzl4bHV1bFhTQ2dISE00dDVNeUNVZV9wdGtNTG1sSmZhZmlRV2E0M3FXYmRhX0NRWC1ybEt6bERuTThXNUdaS05WZGgxMjRaalJZSHE5Mm1XT3p3ZkcwbTU4X1ljNzZ4WVFaeWp6WHdXcG9tTldkUldDRWNuRkkySU9uM002ZElKVUZsUFVIaVMzZExuWDNrdnlwX2c2RDlXdHJRLW95ZzBGWXRRem1LZ0c4UmNCb0pKNGJQSS1EbFVILVRKN2Nlam84OXFIR1B2aG83Ulo4TGZSNkttOVZsVXF5NENTWlA5S1NxNkhUWDVwSldqWnBkQ1BocWRhbFlLaS11cjVhNW5sLXd5dE4waHRoR3dUYUtIcUxSWVdRaWhDRXo4OFFKQ3I2ajRQR2wwR0gwWDZNZVhRWUhvLUI0bEI1QlpWTTAydTdrMUNabUtJSUgxMVFMeTJ4aTNiWXJ5UEpBQmFMcHF5Nld1WWYxWDJEM3Q3YTJQbzZGenFfOC1yRF9mdWZUaTdQUzZmak5XYmRXWlIybE0wZVZtTUJxNWZYR2pVSkhsOGh5a1d3c2RaVjFycjNlRGF5S0Rsdnk5TUZFNkRjMSZsb2dpbl9oaW50PXBhdWwuaGVpc3MlNDBvbmNvci5jb20mZXN0c2ZlZD0xJnVhaWQ9NTIyZjIyZWU5Yjk1YjBkNTZhMDNhZmEzMDk5YmZhYjcmY29icmFuZGlkPWRlYjNmNzRhLWVkNWItNGVmMS04ZDNjLTkyYjg1ZGQ0NzM1MiZmY2k9MDAwMDAwMDItMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwIw==	5.0 kB	2024-03-29	2024-05-01
Pretty URL legacywhf.com/?khwxgq2e6=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/c2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwrb2ZmbGluZV9hY2Nlc3MmcmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD01MTQ4MzM0Mi0wODVjLTRkODYtYmY4OC1jZjUwYzcyNTIwNzgmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3QmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmbG9naW4ubWljcm9zb2Z0b25saW5lLmNvbSUyZmNvbW1vbiUyZmZlZGVyYXRpb24lMmZvYXV0aDJtc2Emc3RhdGU9clFRSUFSQUFqVkU5YUJOeEhNMF9sNTVOYlcwcDdzTGhWTDBrOTVWY0lnVnp6WGViWEd2NllTTnkzbWZ1MHN2OXJfZVZwS1dyQ29LMGdnanRwbHNYaTR0U1FSekZxWXRMUVhBc0hZbzRGWEV3cVl1YnZ1SHg0TUh2OTNodkNpRmlST1o2NGc5SWZNQjRRdE1JWEZZSDZpODRreU1UWjFqOHp2TzlMd2N0NVBXcjZON1B0N3NnS3BoR29NWmsyTjRIMTNUUHM5MU1QQTU5ejRSd0xRWTF6WkF2ekRqc2lQRjNBQndCY0FMQXNfQlZXX1RObUs0YXJuc2JXakowTGk2RVUwbUtwZGstRWl6RnNDUkpKSm1Zck5McHRKaEs0eEl0a1RpZEZrbWNUU3I5YkVrcFNUS3NxdENNZEJ3ZTU3Ty1wNU1EZ282eG9mNElSelhvdEFVYnV0NHU4aFRrVmowdTU1YWItV3lPQzl4bHV1bFhTQ2dISE00dDVNeUNVZV9wdGtNTG1sSmZhZmlRV2E0M3FXYmRhX0NRWC1ybEt6bERuTThXNUdaS05WZGgxMjRaalJZSHE5Mm1XT3p3ZkcwbTU4X1ljNzZ4WVFaeWp6WHdXcG9tTldkUldDRWNuRkkySU9uM002ZElKVUZsUFVIaVMzZExuWDNrdnlwX2c2RDlXdHJRLW95ZzBGWXRRem1LZ0c4UmNCb0pKNGJQSS1EbFVILVRKN2Nlam84OXFIR1B2aG83Ulo4TGZSNkttOVZsVXF5NENTWlA5S1NxNkhUWDVwSldqWnBkQ1BocWRhbFlLaS11cjVhNW5sLXd5dE4waHRoR3dUYUtIcUxSWVdRaWhDRXo4OFFKQ3I2ajRQR2wwR0gwWDZNZVhRWUhvLUI0bEI1QlpWTTAydTdrMUNabUtJSUgxMVFMeTJ4aTNiWXJ5UEpBQmFMcHF5Nld1WWYxWDJEM3Q3YTJQbzZGenFfOC1yRF9mdWZUaTdQUzZmak5XYmRXWlIybE0wZVZtTUJxNWZYR2pVSkhsOGh5a1d3c2RaVjFycjNlRGF5S0Rsdnk5TUZFNkRjMSZsb2dpbl9oaW50PXBhdWwuaGVpc3MlNDBvbmNvci5jb20mZXN0c2ZlZD0xJnVhaWQ9NTIyZjIyZWU5Yjk1YjBkNTZhMDNhZmEzMDk5YmZhYjcmY29icmFuZGlkPWRlYjNmNzRhLWVkNWItNGVmMS04ZDNjLTkyYjg1ZGQ0NzM1MiZmY2k9MDAwMDAwMDItMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwIw== IP 5.230.40.9 ASN #12586 GHOSTnet GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-29 15:29:19 Last Seen2024-05-01 20:33:06 Times Seen33 Hash 7d9450d3c6f4b25d1400e5019889d490 4888c339bd522661b1836df19cbd2b28aa405dfe 762c609442c6bb5070e36d1d488fa8420f7b77bdc90cc76d765f1f5a46370d3e Loading...

	unknown	23 B	2023-04-10	2024-05-01
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-10 20:39:00 Last Seen2024-05-01 20:33:06 Times Seen1431 Hash a34459a777b4853cc0b6b99c1b519ed8 a114e3509ea887cb8b532a7da24f3dc5de66d219 096e484edb287943f6455826128e4cc9721e410f75f521ad6fc886dba56d1963 Loading...

	legacywhf.com/?khwxgq2e6=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/c2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwrb2ZmbGluZV9hY2Nlc3MmcmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD01MTQ4MzM0Mi0wODVjLTRkODYtYmY4OC1jZjUwYzcyNTIwNzgmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3QmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmbG9naW4ubWljcm9zb2Z0b25saW5lLmNvbSUyZmNvbW1vbiUyZmZlZGVyYXRpb24lMmZvYXV0aDJtc2Emc3RhdGU9clFRSUFSQUFqVkU5YUJOeEhNMF9sNTVOYlcwcDdzTGhWTDBrOTVWY0lnVnp6WGViWEd2NllTTnkzbWZ1MHN2OXJfZVZwS1dyQ29LMGdnanRwbHNYaTR0U1FSekZxWXRMUVhBc0hZbzRGWEV3cVl1YnZ1SHg0TUh2OTNodkNpRmlST1o2NGc5SWZNQjRRdE1JWEZZSDZpODRreU1UWjFqOHp2TzlMd2N0NVBXcjZON1B0N3NnS3BoR29NWmsyTjRIMTNUUHM5MU1QQTU5ejRSd0xRWTF6WkF2ekRqc2lQRjNBQndCY0FMQXNfQlZXX1RObUs0YXJuc2JXakowTGk2RVUwbUtwZGstRWl6RnNDUkpKSm1Zck5McHRKaEs0eEl0a1RpZEZrbWNUU3I5YkVrcFNUS3NxdENNZEJ3ZTU3Ty1wNU1EZ282eG9mNElSelhvdEFVYnV0NHU4aFRrVmowdTU1YWItV3lPQzl4bHV1bFhTQ2dISE00dDVNeUNVZV9wdGtNTG1sSmZhZmlRV2E0M3FXYmRhX0NRWC1ybEt6bERuTThXNUdaS05WZGgxMjRaalJZSHE5Mm1XT3p3ZkcwbTU4X1ljNzZ4WVFaeWp6WHdXcG9tTldkUldDRWNuRkkySU9uM002ZElKVUZsUFVIaVMzZExuWDNrdnlwX2c2RDlXdHJRLW95ZzBGWXRRem1LZ0c4UmNCb0pKNGJQSS1EbFVILVRKN2Nlam84OXFIR1B2aG83Ulo4TGZSNkttOVZsVXF5NENTWlA5S1NxNkhUWDVwSldqWnBkQ1BocWRhbFlLaS11cjVhNW5sLXd5dE4waHRoR3dUYUtIcUxSWVdRaWhDRXo4OFFKQ3I2ajRQR2wwR0gwWDZNZVhRWUhvLUI0bEI1QlpWTTAydTdrMUNabUtJSUgxMVFMeTJ4aTNiWXJ5UEpBQmFMcHF5Nld1WWYxWDJEM3Q3YTJQbzZGenFfOC1yRF9mdWZUaTdQUzZmak5XYmRXWlIybE0wZVZtTUJxNWZYR2pVSkhsOGh5a1d3c2RaVjFycjNlRGF5S0Rsdnk5TUZFNkRjMSZsb2dpbl9oaW50PXBhdWwuaGVpc3MlNDBvbmNvci5jb20mZXN0c2ZlZD0xJnVhaWQ9NTIyZjIyZWU5Yjk1YjBkNTZhMDNhZmEzMDk5YmZhYjcmY29icmFuZGlkPWRlYjNmNzRhLWVkNWItNGVmMS04ZDNjLTkyYjg1ZGQ0NzM1MiZmY2k9MDAwMDAwMDItMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwIw==	181 B	2023-03-07	2024-05-01
Pretty URL legacywhf.com/?khwxgq2e6=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/c2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwrb2ZmbGluZV9hY2Nlc3MmcmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD01MTQ4MzM0Mi0wODVjLTRkODYtYmY4OC1jZjUwYzcyNTIwNzgmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3QmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmbG9naW4ubWljcm9zb2Z0b25saW5lLmNvbSUyZmNvbW1vbiUyZmZlZGVyYXRpb24lMmZvYXV0aDJtc2Emc3RhdGU9clFRSUFSQUFqVkU5YUJOeEhNMF9sNTVOYlcwcDdzTGhWTDBrOTVWY0lnVnp6WGViWEd2NllTTnkzbWZ1MHN2OXJfZVZwS1dyQ29LMGdnanRwbHNYaTR0U1FSekZxWXRMUVhBc0hZbzRGWEV3cVl1YnZ1SHg0TUh2OTNodkNpRmlST1o2NGc5SWZNQjRRdE1JWEZZSDZpODRreU1UWjFqOHp2TzlMd2N0NVBXcjZON1B0N3NnS3BoR29NWmsyTjRIMTNUUHM5MU1QQTU5ejRSd0xRWTF6WkF2ekRqc2lQRjNBQndCY0FMQXNfQlZXX1RObUs0YXJuc2JXakowTGk2RVUwbUtwZGstRWl6RnNDUkpKSm1Zck5McHRKaEs0eEl0a1RpZEZrbWNUU3I5YkVrcFNUS3NxdENNZEJ3ZTU3Ty1wNU1EZ282eG9mNElSelhvdEFVYnV0NHU4aFRrVmowdTU1YWItV3lPQzl4bHV1bFhTQ2dISE00dDVNeUNVZV9wdGtNTG1sSmZhZmlRV2E0M3FXYmRhX0NRWC1ybEt6bERuTThXNUdaS05WZGgxMjRaalJZSHE5Mm1XT3p3ZkcwbTU4X1ljNzZ4WVFaeWp6WHdXcG9tTldkUldDRWNuRkkySU9uM002ZElKVUZsUFVIaVMzZExuWDNrdnlwX2c2RDlXdHJRLW95ZzBGWXRRem1LZ0c4UmNCb0pKNGJQSS1EbFVILVRKN2Nlam84OXFIR1B2aG83Ulo4TGZSNkttOVZsVXF5NENTWlA5S1NxNkhUWDVwSldqWnBkQ1BocWRhbFlLaS11cjVhNW5sLXd5dE4waHRoR3dUYUtIcUxSWVdRaWhDRXo4OFFKQ3I2ajRQR2wwR0gwWDZNZVhRWUhvLUI0bEI1QlpWTTAydTdrMUNabUtJSUgxMVFMeTJ4aTNiWXJ5UEpBQmFMcHF5Nld1WWYxWDJEM3Q3YTJQbzZGenFfOC1yRF9mdWZUaTdQUzZmak5XYmRXWlIybE0wZVZtTUJxNWZYR2pVSkhsOGh5a1d3c2RaVjFycjNlRGF5S0Rsdnk5TUZFNkRjMSZsb2dpbl9oaW50PXBhdWwuaGVpc3MlNDBvbmNvci5jb20mZXN0c2ZlZD0xJnVhaWQ9NTIyZjIyZWU5Yjk1YjBkNTZhMDNhZmEzMDk5YmZhYjcmY29icmFuZGlkPWRlYjNmNzRhLWVkNWItNGVmMS04ZDNjLTkyYjg1ZGQ0NzM1MiZmY2k9MDAwMDAwMDItMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwIw== IP 5.230.40.9 ASN #12586 GHOSTnet GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:25:33 Last Seen2024-05-01 20:33:06 Times Seen1112 Hash e139c6c6a0ac0f3ce81b88b4cae154e7 584d4e57fcb53ddadf45b358c0e54921b4fa16af 9caac3eac998cfada6982c3751066c50b72b40abc446789e791f760e9a89b730 Loading...

	legacywhf.com/?khwxgq2e6=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/c2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwrb2ZmbGluZV9hY2Nlc3MmcmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD01MTQ4MzM0Mi0wODVjLTRkODYtYmY4OC1jZjUwYzcyNTIwNzgmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3QmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmbG9naW4ubWljcm9zb2Z0b25saW5lLmNvbSUyZmNvbW1vbiUyZmZlZGVyYXRpb24lMmZvYXV0aDJtc2Emc3RhdGU9clFRSUFSQUFqVkU5YUJOeEhNMF9sNTVOYlcwcDdzTGhWTDBrOTVWY0lnVnp6WGViWEd2NllTTnkzbWZ1MHN2OXJfZVZwS1dyQ29LMGdnanRwbHNYaTR0U1FSekZxWXRMUVhBc0hZbzRGWEV3cVl1YnZ1SHg0TUh2OTNodkNpRmlST1o2NGc5SWZNQjRRdE1JWEZZSDZpODRreU1UWjFqOHp2TzlMd2N0NVBXcjZON1B0N3NnS3BoR29NWmsyTjRIMTNUUHM5MU1QQTU5ejRSd0xRWTF6WkF2ekRqc2lQRjNBQndCY0FMQXNfQlZXX1RObUs0YXJuc2JXakowTGk2RVUwbUtwZGstRWl6RnNDUkpKSm1Zck5McHRKaEs0eEl0a1RpZEZrbWNUU3I5YkVrcFNUS3NxdENNZEJ3ZTU3Ty1wNU1EZ282eG9mNElSelhvdEFVYnV0NHU4aFRrVmowdTU1YWItV3lPQzl4bHV1bFhTQ2dISE00dDVNeUNVZV9wdGtNTG1sSmZhZmlRV2E0M3FXYmRhX0NRWC1ybEt6bERuTThXNUdaS05WZGgxMjRaalJZSHE5Mm1XT3p3ZkcwbTU4X1ljNzZ4WVFaeWp6WHdXcG9tTldkUldDRWNuRkkySU9uM002ZElKVUZsUFVIaVMzZExuWDNrdnlwX2c2RDlXdHJRLW95ZzBGWXRRem1LZ0c4UmNCb0pKNGJQSS1EbFVILVRKN2Nlam84OXFIR1B2aG83Ulo4TGZSNkttOVZsVXF5NENTWlA5S1NxNkhUWDVwSldqWnBkQ1BocWRhbFlLaS11cjVhNW5sLXd5dE4waHRoR3dUYUtIcUxSWVdRaWhDRXo4OFFKQ3I2ajRQR2wwR0gwWDZNZVhRWUhvLUI0bEI1QlpWTTAydTdrMUNabUtJSUgxMVFMeTJ4aTNiWXJ5UEpBQmFMcHF5Nld1WWYxWDJEM3Q3YTJQbzZGenFfOC1yRF9mdWZUaTdQUzZmak5XYmRXWlIybE0wZVZtTUJxNWZYR2pVSkhsOGh5a1d3c2RaVjFycjNlRGF5S0Rsdnk5TUZFNkRjMSZsb2dpbl9oaW50PXBhdWwuaGVpc3MlNDBvbmNvci5jb20mZXN0c2ZlZD0xJnVhaWQ9NTIyZjIyZWU5Yjk1YjBkNTZhMDNhZmEzMDk5YmZhYjcmY29icmFuZGlkPWRlYjNmNzRhLWVkNWItNGVmMS04ZDNjLTkyYjg1ZGQ0NzM1MiZmY2k9MDAwMDAwMDItMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwIw==	896 B	2023-04-26	2024-05-01
Pretty URL legacywhf.com/?khwxgq2e6=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/c2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwrb2ZmbGluZV9hY2Nlc3MmcmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD01MTQ4MzM0Mi0wODVjLTRkODYtYmY4OC1jZjUwYzcyNTIwNzgmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3QmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmbG9naW4ubWljcm9zb2Z0b25saW5lLmNvbSUyZmNvbW1vbiUyZmZlZGVyYXRpb24lMmZvYXV0aDJtc2Emc3RhdGU9clFRSUFSQUFqVkU5YUJOeEhNMF9sNTVOYlcwcDdzTGhWTDBrOTVWY0lnVnp6WGViWEd2NllTTnkzbWZ1MHN2OXJfZVZwS1dyQ29LMGdnanRwbHNYaTR0U1FSekZxWXRMUVhBc0hZbzRGWEV3cVl1YnZ1SHg0TUh2OTNodkNpRmlST1o2NGc5SWZNQjRRdE1JWEZZSDZpODRreU1UWjFqOHp2TzlMd2N0NVBXcjZON1B0N3NnS3BoR29NWmsyTjRIMTNUUHM5MU1QQTU5ejRSd0xRWTF6WkF2ekRqc2lQRjNBQndCY0FMQXNfQlZXX1RObUs0YXJuc2JXakowTGk2RVUwbUtwZGstRWl6RnNDUkpKSm1Zck5McHRKaEs0eEl0a1RpZEZrbWNUU3I5YkVrcFNUS3NxdENNZEJ3ZTU3Ty1wNU1EZ282eG9mNElSelhvdEFVYnV0NHU4aFRrVmowdTU1YWItV3lPQzl4bHV1bFhTQ2dISE00dDVNeUNVZV9wdGtNTG1sSmZhZmlRV2E0M3FXYmRhX0NRWC1ybEt6bERuTThXNUdaS05WZGgxMjRaalJZSHE5Mm1XT3p3ZkcwbTU4X1ljNzZ4WVFaeWp6WHdXcG9tTldkUldDRWNuRkkySU9uM002ZElKVUZsUFVIaVMzZExuWDNrdnlwX2c2RDlXdHJRLW95ZzBGWXRRem1LZ0c4UmNCb0pKNGJQSS1EbFVILVRKN2Nlam84OXFIR1B2aG83Ulo4TGZSNkttOVZsVXF5NENTWlA5S1NxNkhUWDVwSldqWnBkQ1BocWRhbFlLaS11cjVhNW5sLXd5dE4waHRoR3dUYUtIcUxSWVdRaWhDRXo4OFFKQ3I2ajRQR2wwR0gwWDZNZVhRWUhvLUI0bEI1QlpWTTAydTdrMUNabUtJSUgxMVFMeTJ4aTNiWXJ5UEpBQmFMcHF5Nld1WWYxWDJEM3Q3YTJQbzZGenFfOC1yRF9mdWZUaTdQUzZmak5XYmRXWlIybE0wZVZtTUJxNWZYR2pVSkhsOGh5a1d3c2RaVjFycjNlRGF5S0Rsdnk5TUZFNkRjMSZsb2dpbl9oaW50PXBhdWwuaGVpc3MlNDBvbmNvci5jb20mZXN0c2ZlZD0xJnVhaWQ9NTIyZjIyZWU5Yjk1YjBkNTZhMDNhZmEzMDk5YmZhYjcmY29icmFuZGlkPWRlYjNmNzRhLWVkNWItNGVmMS04ZDNjLTkyYjg1ZGQ0NzM1MiZmY2k9MDAwMDAwMDItMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwIw== IP 5.230.40.9 ASN #12586 GHOSTnet GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-26 12:31:37 Last Seen2024-05-01 20:33:06 Times Seen762 Hash ed29b41cd32630404de0543de80d90d8 073cb3f448b2fdd7698471e6d92139098ae83f99 8c164c01fdcd10655364bfbef29ea1940630c8800d294085fd43b01dca510e70 Loading...

	logincdn.msftauth.net/shared/5/chunks/oneds-analytics-js_54b1724af1b05e2ba3db_en.js	91 kB	2024-04-11	2024-05-01
Pretty URL logincdn.msftauth.net/shared/5/chunks/oneds-analytics-js_54b1724af1b05e2ba3db_en.js IP 192.229.221.185 ASN #15133 EDGECAST Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-11 02:24:08 Last Seen2024-05-01 20:33:07 Times Seen36 Hash d390aa6a6d257834d807d8e7ddc90968 6a6efd105dbbeb099d25998a38875808d83af5c8 d755d7ce744425dee51a3bd8cba9b2a789d96c584c9958082b557feb70f226d9 Loading...

		Size	First Seen	Last Seen
	#1 Eval - d7b34b51090511c948f2acad52688929	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 20:15:02 Last Seen2024-04-16 20:15:02 Times Seen1 Hash d7b34b51090511c948f2acad52688929 77583614240b8a25b1686f2bfefcd17c8c4f563c 4b00c1edc96616f129d2212846e46ac46b61d7eac3dedf81a6507c47ce66ab58 Loading...

	#2 Eval - af65ec624e63268bc545d9e162800e9c	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 20:15:02 Last Seen2024-04-16 20:15:02 Times Seen1 Hash af65ec624e63268bc545d9e162800e9c ab2eb9625a36d9fa555f2332d268d42d0c9bcd49 05a74f46719d12e8a8423485b7dc48d5670ec52585908dbe4624ce4c8e09fd46 Loading...

	#3 Eval - 9e925e9341b490bfd3b4c4ca3b0c1ef2	4 B	2023-03-07	2024-05-02
Pretty Observations First Seen2023-03-07 01:03:43 Last Seen2024-05-02 01:27:08 Times Seen351062 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	#4 Eval - 0533c27650029e2700272843a1f46dec	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 20:15:02 Last Seen2024-04-16 20:15:02 Times Seen1 Hash 0533c27650029e2700272843a1f46dec a455155e86c78f64e1dfe67a9c922616f6ef7419 e2652d05a9fe494c619c901aa842fd7617496d2861283ab035186e37864a2b15 Loading...

	#5 Eval - 20c1604dcc175300c08bcd0a585f1d84	1.1 kB	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 20:14:42 Last Seen2024-04-16 20:15:02 Times Seen2 Hash 20c1604dcc175300c08bcd0a585f1d84 128664c260754c406ded601308d2eeaf359653ac 84f9c4d8f57dfb6917d58645844c958c818accd5572b22becbff6ca58079d142 Loading...

	#6 Eval - 2f2ae6b4e2aa32561412a7e226b1fb03	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 20:15:02 Last Seen2024-04-16 20:15:02 Times Seen1 Hash 2f2ae6b4e2aa32561412a7e226b1fb03 465f28cc603e1c0ffb707162abeae2ae6f81064a 77ea2a4be9cf9b131d474bffba1322a3134a0d366aab654d3392856339b21d10 Loading...

	#7 Eval - 9b3f624f4ae4ecb1ddce858e95376650	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 20:15:02 Last Seen2024-04-16 20:15:02 Times Seen1 Hash 9b3f624f4ae4ecb1ddce858e95376650 3ae3fde8068c20ab4b8d6b9f2c58345fb72eb3b3 e062b78f97f2ccd54b23d890a36755717ccd0ea099ca93cc59230ce9682b9553 Loading...

	#8 Eval - 95c64f20fb9541c86e9b24a37313a3b2	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 20:15:02 Last Seen2024-04-16 20:15:02 Times Seen1 Hash 95c64f20fb9541c86e9b24a37313a3b2 395ac7b7a5df7edc278a7ef10720ed6bf42e374a 167d75da9d9560903c95ba915d856aa28a791145b2eb5adb2c1a721c73944465 Loading...

	#9 Eval - 3938728971e7c1d33fa4281097aa7672	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 20:15:02 Last Seen2024-04-16 20:15:02 Times Seen1 Hash 3938728971e7c1d33fa4281097aa7672 bedb18aa5e5ca1140c68540bba6588454a7b64fb 5561c43f79a9e3af47941f48a6b7c1d5bf2b0f49f4b2444dc7fc6ba4ed16aa81 Loading...

	#10 Eval - cf98516dcd134356decc86ba4bb36343	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 20:15:02 Last Seen2024-04-16 20:15:02 Times Seen1 Hash cf98516dcd134356decc86ba4bb36343 399441dfe65bcb4727af32ec5b2120d46531716a 7160ffc6cdd124f47caae6bfdd79ed2ecf8ea35fe20dcf75856917c95420e49e Loading...

	#11 Eval - 7a2e802b6425a6dcdf4ba8e6caf2786c	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 20:15:02 Last Seen2024-04-16 20:15:02 Times Seen1 Hash 7a2e802b6425a6dcdf4ba8e6caf2786c 6c4623e55590081c0ab2b46f2c8ccadac80fb3f7 2bc5693c3311e46e4c52f3a544180297724432105e76a7500185e3cf1187c2be Loading...

	#12 Eval - c596cba40a389242c7b4676b52862f56	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 20:15:02 Last Seen2024-04-16 20:15:02 Times Seen1 Hash c596cba40a389242c7b4676b52862f56 3acd5605b0536743df55e0a739cb7b17908e5bb5 39afe7fe618dfa9fb75eafe81d1d60578258d347da55652fe6e75e3f27d7766e Loading...

	#13 Eval - ac6d43b49aec2f87daf340337b6a7882	60 B	2024-04-04	2024-04-17
Pretty Observations First Seen2024-04-04 12:28:09 Last Seen2024-04-17 16:04:31 Times Seen3428 Hash ac6d43b49aec2f87daf340337b6a7882 d3874a31a6b7fe11121edc3ed80fdc8b66f6589a 1af55b64e0b39e0f5f760a8050b284a66fe404ddff945697590f8240798311b2 Loading...

HTTP Transactions (13)

URL IP Response Size

jerfm.com/gkvd/hGhk/89098b8e3b63e405ef60f87965cd1e2a/bDWxeV/cGF1bC5oZWlzc0BvbmNvci5jb20=

192.99.71.92

0 B

URL
jerfm.com/gkvd/hGhk/89098b8e3b63e405ef60f87965cd1e2a/bDWxeV/cGF1bC5oZWlzc0BvbmNvci5jb20=
IP
192.99.71.92:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /gkvd/hGhk/89098b8e3b63e405ef60f87965cd1e2a/bDWxeV/cGF1bC5oZWlzc0BvbmNvci5jb20= HTTP/1.1
Host: jerfm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 18:14:35 GMT
Server: Apache
refresh: 0;url=https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=paul.heiss@oncor.com
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback

104.17.3.184

0 B

URL
challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Tue, 16 Apr 2024 18:14:36 GMT
content-length: 0
cross-origin-resource-policy: cross-origin
location: /turnstile/v0/b/bcc5fb0a8815/api.js?onload=onloadTurnstileCallback
access-control-allow-origin: *
cache-control: max-age=300, public
vary: Accept-Encoding
server: cloudflare
cf-ray: 875627edfaeeb500-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=paul.heiss@oncor.com

188.114.96.1

200 OK

1.9 kB

URL User Request POST HTTP/3
94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=paul.heiss@oncor.com
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subject58598891ef09ac737cee0cf3.workers.dev
FingerprintD0:7E:0D:A9:25:22:78:7A:45:69:2E:89:48:E8:33:A8:4A:15:BD:DF
ValidityFri, 12 Apr 2024 13:36:58 GMT - Thu, 11 Jul 2024 13:36:57 GMT

File type
HTML document, ASCII text, with very long lines (3255), with no line terminators
Size
1.9 kB (1851 bytes)
Hash
27a21d95b21c86ff67d170a4a775f1d8
1768764bf90726bc090971dbe0fd6eef1477e49d
4b35a01d5d3493c6cc57d5692e65b3a1678c345b3f45057804e5ad94c174e9a9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook
OpenPhish	phishing	Office365

HTTP Headers

GET /?qrc=paul.heiss@oncor.com HTTP/1.1
Host: 94e6f5a7.58598891ef09ac737cee0cf3.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 16 Apr 2024 18:14:36 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kEZuQitj0Kw52o0TjBuhVUSiSH4SVci8kr6W2MYElv4aBTWGmHylKWKi88SHRwesgCAytOlo8MIFuyi%2BsLElHUuGDzifUrKGgdv8XhDwzOYtqiY51aZZNuIFToePAl80e%2Biin%2F7aW4sii%2FazKnyDb4zzqnX%2BDC7YszFDLCOTvow%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875627ec6abbb529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

legacywhf.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2xlZ2FjeXdoZi5jb20iLCJkb21haW4iOiJsZWdhY3l3aGYuY29tIiwia2V5IjoiSlpRc2F6U1RNZHFNIiwicXJjIjoicGF1bC5oZWlzc0BvbmNvci5jb20iLCJpYXQiOjE3MTMyOTEyODMsImV4cCI6MTcxMzI5MTQwM30.hlgGJVXNtHjXz6_l8uj85YHg6TtRqfSf_c4pgfD7Sbo

5.230.40.9

302 Found

0 B

URL GET HTTP/1.1
legacywhf.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2xlZ2FjeXdoZi5jb20iLCJkb21haW4iOiJsZWdhY3l3aGYuY29tIiwia2V5IjoiSlpRc2F6U1RNZHFNIiwicXJjIjoicGF1bC5oZWlzc0BvbmNvci5jb20iLCJpYXQiOjE3MTMyOTEyODMsImV4cCI6MTcxMzI5MTQwM30.hlgGJVXNtHjXz6_l8uj85YHg6TtRqfSf_c4pgfD7Sbo
IP
5.230.40.9:443
ASN
#12586 GHOSTnet GmbH

Requested by
https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=paul.heiss@oncor.com
Certificate
IssuerLet's Encrypt
Subjectlegacywhf.com
FingerprintDC:C3:92:81:63:DF:55:02:58:A9:B6:8A:44:A6:99:69:5D:F7:BB:07
ValidityFri, 12 Apr 2024 13:09:49 GMT - Thu, 11 Jul 2024 13:09:48 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2xlZ2FjeXdoZi5jb20iLCJkb21haW4iOiJsZWdhY3l3aGYuY29tIiwia2V5IjoiSlpRc2F6U1RNZHFNIiwicXJjIjoicGF1bC5oZWlzc0BvbmNvci5jb20iLCJpYXQiOjE3MTMyOTEyODMsImV4cCI6MTcxMzI5MTQwM30.hlgGJVXNtHjXz6_l8uj85YHg6TtRqfSf_c4pgfD7Sbo HTTP/1.1
Host: legacywhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Set-Cookie: qPdM=JZQsazSTMdqM; path=/; samesite=none; secure; httponly
qPdM.sig=EHfAgidMx0vrJjN6lWAQkqNegG0; path=/; samesite=none; secure; httponly
location: /?qrc=paul.heiss%40oncor.com
Date: Tue, 16 Apr 2024 18:14:43 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked

94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/favicon.ico

188.114.96.1

200 OK

1.3 kB

URL GET HTTP/3
94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/favicon.ico
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=paul.heiss@oncor.com
Certificate
IssuerGoogle Trust Services LLC
Subject58598891ef09ac737cee0cf3.workers.dev
FingerprintD0:7E:0D:A9:25:22:78:7A:45:69:2E:89:48:E8:33:A8:4A:15:BD:DF
ValidityFri, 12 Apr 2024 13:36:58 GMT - Thu, 11 Jul 2024 13:36:57 GMT

File type
HTML document, ASCII text, with very long lines (3255), with no line terminators
Size
1.3 kB (1348 bytes)
Hash
27a21d95b21c86ff67d170a4a775f1d8
1768764bf90726bc090971dbe0fd6eef1477e49d
4b35a01d5d3493c6cc57d5692e65b3a1678c345b3f45057804e5ad94c174e9a9

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Office365

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 94e6f5a7.58598891ef09ac737cee0cf3.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=paul.heiss@oncor.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 18:14:43 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZaeIkEmv4iYJeTWuXZ76NIXtNgL1W0zqVE%2BhLW%2Fpzl6BUqg7u9mfMPuaAG1dynr1fgG6cAf%2BwohH6JGe3EL%2B4Fw8zuQ8eb0W%2FSJQbImU2TueZMCtUdwpaSQv5Fw9ODqTLyaEDDxpUKY27UZ5gUww5eR%2BBoaE8cM7NmywLl9MMnc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875628186c7b56be-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

legacywhf.com/owa/?login_hint=paul.heiss%40oncor.com

5.230.40.9

302 Found

1.4 kB

URL GET HTTP/1.1
legacywhf.com/owa/?login_hint=paul.heiss%40oncor.com
IP
5.230.40.9:443
ASN
#12586 GHOSTnet GmbH

Requested by
https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=paul.heiss@oncor.com
Certificate
IssuerLet's Encrypt
Subjectlegacywhf.com
FingerprintDC:C3:92:81:63:DF:55:02:58:A9:B6:8A:44:A6:99:69:5D:F7:BB:07
ValidityFri, 12 Apr 2024 13:09:49 GMT - Thu, 11 Jul 2024 13:09:48 GMT

File type
HTML document, ASCII text, with very long lines (780), with CRLF, LF line terminators
Size
1.4 kB (1360 bytes)
Hash
4b0927763b445091f6ace12923c296da
ee058d3b7db619e3e593c63525f9308bdbf4e1c3
3bea02880b714e020c7b134d0eaded0a41d77e0ddfbdf63fbe50a9967c5da390

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /owa/?login_hint=paul.heiss%40oncor.com HTTP/1.1
Host: legacywhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=JZQsazSTMdqM; qPdM.sig=EHfAgidMx0vrJjN6lWAQkqNegG0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
content-length: 1360
Content-Type: text/html; charset=utf-8
Location: https://legacywhf.com/?khwxgq2e6=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1wYXVsLmhlaXNzJTQwb25jb3IuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTUyMmYyMmVlLTliOTUtYjBkNS02YTAzLWFmYTMwOTliZmFiNyZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg0ODg4ODA4MzU4MjIxNjUuY2U0OTlhNzktYjRiMi00OWEyLTg2ZDAtMDZiNjI1OGVkNDViJnN0YXRlPURZdEJEc0lnRUFEQnZzVjRndUoyb2N2Qi1CUURsRmlTeWhwcjRfZmRTV1p1bzVWU2czZ1N0Wk9vT1V5RUpEaWFQQUZjZzdlbFlveHBqaVpqQm9NeGdhR3dPT05DRHVDcEx1aXpsdmN5OGktTjk0MmZyVF9XMXItM2R6bzJ1OWEyNzJkMDNBdF9iT0hYSHc=
Server: Microsoft-IIS/10.0
request-id: 522f22ee-9b95-b0d5-6a03-afa3099bfab7
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Alt-Svc: h3=":443";ma=2592000,h3-29=":443";ma=2592000
X-CalculatedFETarget: BE1P281CU026.internal.outlook.com
X-BackEndHttpStatus: 302, 302
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: ClientId=D03562DBE8A147E7B1DF3258852ED31C; expires=Wed, 16-Apr-2025 18:14:43 GMT; path=/;SameSite=None; secure
ClientId=D03562DBE8A147E7B1DF3258852ED31C; expires=Wed, 16-Apr-2025 18:14:43 GMT; path=/;SameSite=None; secure
OIDC=1; expires=Wed, 16-Oct-2024 18:14:43 GMT; path=/;SameSite=None; secure; HttpOnly
RoutingKeyCookie=; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.token.v1=; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.token.v1=; domain=legacywhf.com; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.id_token.v1=; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.code.v1=; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.id_token.v1=; domain=legacywhf.com; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.code.v1=; domain=legacywhf.com; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; domain=legacywhf.com; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; domain=legacywhf.com; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; domain=legacywhf.com; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.nonce.v3.PRvro1gjkp8SGS5Ox6XsTxDg6vq4tP_tE4rku7l9B-U=638488880835822165.ce499a79-b4b2-49a2-86d0-06b6258ed45b; expires=Tue, 16-Apr-2024 19:14:43 GMT; path=/;SameSite=None; secure; HttpOnly
HostSwitchPrg=; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OptInPrg=; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
SuiteServiceProxyKey=; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
ClientId=D03562DBE8A147E7B1DF3258852ED31C; expires=Wed, 16-Apr-2025 18:14:43 GMT; path=/;SameSite=None; secure
OIDC=1; expires=Wed, 16-Oct-2024 18:14:43 GMT; path=/;SameSite=None; secure; HttpOnly
RoutingKeyCookie=; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.token.v1=; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.token.v1=; domain=legacywhf.com; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.id_token.v1=; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.code.v1=; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.id_token.v1=; domain=legacywhf.com; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.code.v1=; domain=legacywhf.com; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; domain=legacywhf.com; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; domain=legacywhf.com; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; domain=legacywhf.com; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.nonce.v3.PRvro1gjkp8SGS5Ox6XsTxDg6vq4tP_tE4rku7l9B-U=638488880835822165.ce499a79-b4b2-49a2-86d0-06b6258ed45b; expires=Tue, 16-Apr-2024 19:14:43 GMT; path=/;SameSite=None; secure; HttpOnly
HostSwitchPrg=; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OptInPrg=; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
SuiteServiceProxyKey=; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
X-OWA-RedirectHistory=ArLym14BVYJBF0Fe3Ag; expires=Wed, 17-Apr-2024 00:16:43 GMT; path=/;SameSite=None; secure; HttpOnly
X-CalculatedBETarget: BEXP281MB0056.DEUP281.PROD.OUTLOOK.COM
X-RUM-Validated: 1
X-RUM-NotUpdateQueriedPath: 1
X-RUM-NotUpdateQueriedDbCopy: 1
X-BeSku: WCS6
X-OWA-DiagnosticsInfo: 2;0;0
X-IIDs: 0
X-BackEnd-Begin: 2024-04-16T18:14:43.582
X-BackEnd-End: 2024-04-16T18:14:43.582
X-DiagInfo: BEXP281MB0056
X-BEServer: BEXP281MB0056
X-UA-Compatible: IE=EmulateIE7
X-Proxy-RoutingCorrectness: 1
X-Proxy-BackendServerStatus: 302
X-FEProxyInfo: FR3P281CA0143.DEUP281.PROD.OUTLOOK.COM
X-FEEFZInfo: HHN
X-FEServer: BE1P281CA0339, FR3P281CA0143
NEL: {"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
X-FirstHopCafeEFZ: HHN
Date: Tue, 16 Apr 2024 18:14:43 GMT
Connection: close
Content-Security-Policy: default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1237528446:1713289162:C3u9vmCsd2KqyQcandJKjilLF5ssXnFn5k_--kPHahw/875627ef3ae0b517/f4fe6a0a1542db8

104.17.3.184

84 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1237528446:1713289162:C3u9vmCsd2KqyQcandJKjilLF5ssXnFn5k_--kPHahw/875627ef3ae0b517/f4fe6a0a1542db8
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
84 kB (83800 bytes)
Hash
f871d8c1e1c7de7ed6d134f737541d3a
623a750ecf30e9e5be0c2d4dbe203d70ff34134f
7ea68296be21089a2e0423b13edb154859bf7235ffe340eb5e18e24c241eaf39

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1237528446:1713289162:C3u9vmCsd2KqyQcandJKjilLF5ssXnFn5k_--kPHahw/875627ef3ae0b517/f4fe6a0a1542db8 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/vn1a5/0x4AAAAAAAW-lbDQI7I0Z-Zf/auto/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: f4fe6a0a1542db8
Content-Length: 2579
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 18:14:37 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: lUc3FW4aatYSI7Z+j8YhyR5J5CVO827XAazCigPTp3yELYcJ7sa/dX/ALA3N//fZfh1OZfp+wsiZyMW4VtVFRR9T0MF200rUFdDPDmBrNQmEaaq4Bk1aEmfRUG3ROY3+JaeKlaM3hhqOweUHEp064MB6IpNwr4KMKz3Uso4UvLtM1sa6iZLpb+zFUYRPxhHf+RzRCp4nqSfgWdr1tePXYNR2YuvlzjSlBvTSOxX9H5mgYT9kKnLhZqcCS2Vo9LDuXzsZYR1zglhavs71N97xYPr9ydzmsZRWKQhv71n1amrvBkfxvFfwLain+u3LjF4ZKgcQA9g2VXQ8cH0rkUt4a0xsJ/SReX406gatKZ2Z2e/t+FLz8SsYXztf7gt0xTEvme2QdRyQCIhVBh11lVZxcoEGptkedgniyeapAcY2mY6X/CzR6QB4XTPyXhGQs1XJpf7n3zb6/U5l+5aSVQrbO0KRQDzFnMvhpuWIjYIZKhQ=$qTY7wFikfLSC//9gFOJv8g==
server: cloudflare
cf-ray: 875627f19f76b517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

logincdn.msftauth.net/shared/5/js/login_en_R9cd1P-sU5i6N1WyJUoyQA2.js

192.229.221.185

200 OK

227 kB

URL GET HTTP/2
logincdn.msftauth.net/shared/5/js/login_en_R9cd1P-sU5i6N1WyJUoyQA2.js
IP
192.229.221.185:443
ASN
#15133 EDGECAST

Requested by
https://legacywhf.com/?khwxgq2e6=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/c2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwrb2ZmbGluZV9hY2Nlc3MmcmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD01MTQ4MzM0Mi0wODVjLTRkODYtYmY4OC1jZjUwYzcyNTIwNzgmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3QmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmbG9naW4ubWljcm9zb2Z0b25saW5lLmNvbSUyZmNvbW1vbiUyZmZlZGVyYXRpb24lMmZvYXV0aDJtc2Emc3RhdGU9clFRSUFSQUFqVkU5YUJOeEhNMF9sNTVOYlcwcDdzTGhWTDBrOTVWY0lnVnp6WGViWEd2NllTTnkzbWZ1MHN2OXJfZVZwS1dyQ29LMGdnanRwbHNYaTR0U1FSekZxWXRMUVhBc0hZbzRGWEV3cVl1YnZ1SHg0TUh2OTNodkNpRmlST1o2NGc5SWZNQjRRdE1JWEZZSDZpODRreU1UWjFqOHp2TzlMd2N0NVBXcjZON1B0N3NnS3BoR29NWmsyTjRIMTNUUHM5MU1QQTU5ejRSd0xRWTF6WkF2ekRqc2lQRjNBQndCY0FMQXNfQlZXX1RObUs0YXJuc2JXakowTGk2RVUwbUtwZGstRWl6RnNDUkpKSm1Zck5McHRKaEs0eEl0a1RpZEZrbWNUU3I5YkVrcFNUS3NxdENNZEJ3ZTU3Ty1wNU1EZ282eG9mNElSelhvdEFVYnV0NHU4aFRrVmowdTU1YWItV3lPQzl4bHV1bFhTQ2dISE00dDVNeUNVZV9wdGtNTG1sSmZhZmlRV2E0M3FXYmRhX0NRWC1ybEt6bERuTThXNUdaS05WZGgxMjRaalJZSHE5Mm1XT3p3ZkcwbTU4X1ljNzZ4WVFaeWp6WHdXcG9tTldkUldDRWNuRkkySU9uM002ZElKVUZsUFVIaVMzZExuWDNrdnlwX2c2RDlXdHJRLW95ZzBGWXRRem1LZ0c4UmNCb0pKNGJQSS1EbFVILVRKN2Nlam84OXFIR1B2aG83Ulo4TGZSNkttOVZsVXF5NENTWlA5S1NxNkhUWDVwSldqWnBkQ1BocWRhbFlLaS11cjVhNW5sLXd5dE4waHRoR3dUYUtIcUxSWVdRaWhDRXo4OFFKQ3I2ajRQR2wwR0gwWDZNZVhRWUhvLUI0bEI1QlpWTTAydTdrMUNabUtJSUgxMVFMeTJ4aTNiWXJ5UEpBQmFMcHF5Nld1WWYxWDJEM3Q3YTJQbzZGenFfOC1yRF9mdWZUaTdQUzZmak5XYmRXWlIybE0wZVZtTUJxNWZYR2pVSkhsOGh5a1d3c2RaVjFycjNlRGF5S0Rsdnk5TUZFNkRjMSZsb2dpbl9oaW50PXBhdWwuaGVpc3MlNDBvbmNvci5jb20mZXN0c2ZlZD0xJnVhaWQ9NTIyZjIyZWU5Yjk1YjBkNTZhMDNhZmEzMDk5YmZhYjcmY29icmFuZGlkPWRlYjNmNzRhLWVkNWItNGVmMS04ZDNjLTkyYjg1ZGQ0NzM1MiZmY2k9MDAwMDAwMDItMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwIw==
Certificate
IssuerMicrosoft Corporation
Subjectidentitycdn.msauth.net
FingerprintAF:EB:E8:D6:8A:D6:D5:DF:17:8C:0E:CB:4E:EA:B9:23:51:37:24:F6
ValidityThu, 02 Nov 2023 23:14:23 GMT - Sun, 27 Oct 2024 23:14:23 GMT

File type
JavaScript source, ASCII text, with very long lines (65470)
Size
227 kB (226968 bytes)
Hash
47d71dd4ffac5398ba3755b2254a3240
6cc4345699a7c93ebc5feaa6a9f038b009084057
255874c4c3b796c4f5da10b736c043847be2b3bfa47c662bf49ff9e7f0f4ca0c

HTTP Headers

GET /shared/5/js/login_en_R9cd1P-sU5i6N1WyJUoyQA2.js HTTP/1.1
Host: logincdn.msftauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://legacywhf.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 622958
cache-control: public, max-age=31536000
content-md5: vBPgx2sY8h1TASssZ18Z9Q==
content-type: application/x-javascript
date: Tue, 16 Apr 2024 18:14:44 GMT
etag: 0x8DC53D47ED187E6
last-modified: Wed, 03 Apr 2024 11:52:10 GMT
server: ECAcc (ska/F79C)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 4d1c1dba-c01e-0097-1f7f-8a6c5f000000
x-ms-version: 2009-09-19
content-length: 226968
X-Firefox-Spdy: h2

logincdn.msftauth.net/shared/5/chunks/oneds-analytics-js_54b1724af1b05e2ba3db_en.js

192.229.221.185

200 OK

33 kB

URL GET HTTP/2
logincdn.msftauth.net/shared/5/chunks/oneds-analytics-js_54b1724af1b05e2ba3db_en.js
IP
192.229.221.185:443
ASN
#15133 EDGECAST

Requested by
https://legacywhf.com/?khwxgq2e6=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/c2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwrb2ZmbGluZV9hY2Nlc3MmcmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD01MTQ4MzM0Mi0wODVjLTRkODYtYmY4OC1jZjUwYzcyNTIwNzgmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3QmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmbG9naW4ubWljcm9zb2Z0b25saW5lLmNvbSUyZmNvbW1vbiUyZmZlZGVyYXRpb24lMmZvYXV0aDJtc2Emc3RhdGU9clFRSUFSQUFqVkU5YUJOeEhNMF9sNTVOYlcwcDdzTGhWTDBrOTVWY0lnVnp6WGViWEd2NllTTnkzbWZ1MHN2OXJfZVZwS1dyQ29LMGdnanRwbHNYaTR0U1FSekZxWXRMUVhBc0hZbzRGWEV3cVl1YnZ1SHg0TUh2OTNodkNpRmlST1o2NGc5SWZNQjRRdE1JWEZZSDZpODRreU1UWjFqOHp2TzlMd2N0NVBXcjZON1B0N3NnS3BoR29NWmsyTjRIMTNUUHM5MU1QQTU5ejRSd0xRWTF6WkF2ekRqc2lQRjNBQndCY0FMQXNfQlZXX1RObUs0YXJuc2JXakowTGk2RVUwbUtwZGstRWl6RnNDUkpKSm1Zck5McHRKaEs0eEl0a1RpZEZrbWNUU3I5YkVrcFNUS3NxdENNZEJ3ZTU3Ty1wNU1EZ282eG9mNElSelhvdEFVYnV0NHU4aFRrVmowdTU1YWItV3lPQzl4bHV1bFhTQ2dISE00dDVNeUNVZV9wdGtNTG1sSmZhZmlRV2E0M3FXYmRhX0NRWC1ybEt6bERuTThXNUdaS05WZGgxMjRaalJZSHE5Mm1XT3p3ZkcwbTU4X1ljNzZ4WVFaeWp6WHdXcG9tTldkUldDRWNuRkkySU9uM002ZElKVUZsUFVIaVMzZExuWDNrdnlwX2c2RDlXdHJRLW95ZzBGWXRRem1LZ0c4UmNCb0pKNGJQSS1EbFVILVRKN2Nlam84OXFIR1B2aG83Ulo4TGZSNkttOVZsVXF5NENTWlA5S1NxNkhUWDVwSldqWnBkQ1BocWRhbFlLaS11cjVhNW5sLXd5dE4waHRoR3dUYUtIcUxSWVdRaWhDRXo4OFFKQ3I2ajRQR2wwR0gwWDZNZVhRWUhvLUI0bEI1QlpWTTAydTdrMUNabUtJSUgxMVFMeTJ4aTNiWXJ5UEpBQmFMcHF5Nld1WWYxWDJEM3Q3YTJQbzZGenFfOC1yRF9mdWZUaTdQUzZmak5XYmRXWlIybE0wZVZtTUJxNWZYR2pVSkhsOGh5a1d3c2RaVjFycjNlRGF5S0Rsdnk5TUZFNkRjMSZsb2dpbl9oaW50PXBhdWwuaGVpc3MlNDBvbmNvci5jb20mZXN0c2ZlZD0xJnVhaWQ9NTIyZjIyZWU5Yjk1YjBkNTZhMDNhZmEzMDk5YmZhYjcmY29icmFuZGlkPWRlYjNmNzRhLWVkNWItNGVmMS04ZDNjLTkyYjg1ZGQ0NzM1MiZmY2k9MDAwMDAwMDItMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwIw==
Certificate
IssuerMicrosoft Corporation
Subjectidentitycdn.msauth.net
FingerprintAF:EB:E8:D6:8A:D6:D5:DF:17:8C:0E:CB:4E:EA:B9:23:51:37:24:F6
ValidityThu, 02 Nov 2023 23:14:23 GMT - Sun, 27 Oct 2024 23:14:23 GMT

File type
JavaScript source, ASCII text, with very long lines (65436)
Size
33 kB (32821 bytes)
Hash
d390aa6a6d257834d807d8e7ddc90968
6a6efd105dbbeb099d25998a38875808d83af5c8
d755d7ce744425dee51a3bd8cba9b2a789d96c584c9958082b557feb70f226d9

HTTP Headers

GET /shared/5/chunks/oneds-analytics-js_54b1724af1b05e2ba3db_en.js HTTP/1.1
Host: logincdn.msftauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://legacywhf.com/
Origin: https://legacywhf.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 1210067
cache-control: public, max-age=31536000
content-md5: Hlt2WzLF9llz2DXp7j6/IA==
content-type: application/x-javascript
date: Tue, 16 Apr 2024 18:14:45 GMT
etag: 0x8DC5057934D08E4
last-modified: Sat, 30 Mar 2024 01:20:24 GMT
server: ECAcc (ska/F799)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 41d13ae9-201e-0021-5b28-85e017000000
x-ms-version: 2009-09-19
content-length: 32821
X-Firefox-Spdy: h2

logincdn.msftauth.net/shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg

192.229.221.185

200 OK

1.4 kB

URL GET HTTP/2
logincdn.msftauth.net/shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg
IP
192.229.221.185:443
ASN
#15133 EDGECAST

Requested by
https://legacywhf.com/?khwxgq2e6=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/c2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwrb2ZmbGluZV9hY2Nlc3MmcmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD01MTQ4MzM0Mi0wODVjLTRkODYtYmY4OC1jZjUwYzcyNTIwNzgmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3QmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmbG9naW4ubWljcm9zb2Z0b25saW5lLmNvbSUyZmNvbW1vbiUyZmZlZGVyYXRpb24lMmZvYXV0aDJtc2Emc3RhdGU9clFRSUFSQUFqVkU5YUJOeEhNMF9sNTVOYlcwcDdzTGhWTDBrOTVWY0lnVnp6WGViWEd2NllTTnkzbWZ1MHN2OXJfZVZwS1dyQ29LMGdnanRwbHNYaTR0U1FSekZxWXRMUVhBc0hZbzRGWEV3cVl1YnZ1SHg0TUh2OTNodkNpRmlST1o2NGc5SWZNQjRRdE1JWEZZSDZpODRreU1UWjFqOHp2TzlMd2N0NVBXcjZON1B0N3NnS3BoR29NWmsyTjRIMTNUUHM5MU1QQTU5ejRSd0xRWTF6WkF2ekRqc2lQRjNBQndCY0FMQXNfQlZXX1RObUs0YXJuc2JXakowTGk2RVUwbUtwZGstRWl6RnNDUkpKSm1Zck5McHRKaEs0eEl0a1RpZEZrbWNUU3I5YkVrcFNUS3NxdENNZEJ3ZTU3Ty1wNU1EZ282eG9mNElSelhvdEFVYnV0NHU4aFRrVmowdTU1YWItV3lPQzl4bHV1bFhTQ2dISE00dDVNeUNVZV9wdGtNTG1sSmZhZmlRV2E0M3FXYmRhX0NRWC1ybEt6bERuTThXNUdaS05WZGgxMjRaalJZSHE5Mm1XT3p3ZkcwbTU4X1ljNzZ4WVFaeWp6WHdXcG9tTldkUldDRWNuRkkySU9uM002ZElKVUZsUFVIaVMzZExuWDNrdnlwX2c2RDlXdHJRLW95ZzBGWXRRem1LZ0c4UmNCb0pKNGJQSS1EbFVILVRKN2Nlam84OXFIR1B2aG83Ulo4TGZSNkttOVZsVXF5NENTWlA5S1NxNkhUWDVwSldqWnBkQ1BocWRhbFlLaS11cjVhNW5sLXd5dE4waHRoR3dUYUtIcUxSWVdRaWhDRXo4OFFKQ3I2ajRQR2wwR0gwWDZNZVhRWUhvLUI0bEI1QlpWTTAydTdrMUNabUtJSUgxMVFMeTJ4aTNiWXJ5UEpBQmFMcHF5Nld1WWYxWDJEM3Q3YTJQbzZGenFfOC1yRF9mdWZUaTdQUzZmak5XYmRXWlIybE0wZVZtTUJxNWZYR2pVSkhsOGh5a1d3c2RaVjFycjNlRGF5S0Rsdnk5TUZFNkRjMSZsb2dpbl9oaW50PXBhdWwuaGVpc3MlNDBvbmNvci5jb20mZXN0c2ZlZD0xJnVhaWQ9NTIyZjIyZWU5Yjk1YjBkNTZhMDNhZmEzMDk5YmZhYjcmY29icmFuZGlkPWRlYjNmNzRhLWVkNWItNGVmMS04ZDNjLTkyYjg1ZGQ0NzM1MiZmY2k9MDAwMDAwMDItMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwIw==
Certificate
IssuerMicrosoft Corporation
Subjectidentitycdn.msauth.net
FingerprintAF:EB:E8:D6:8A:D6:D5:DF:17:8C:0E:CB:4E:EA:B9:23:51:37:24:F6
ValidityThu, 02 Nov 2023 23:14:23 GMT - Sun, 27 Oct 2024 23:14:23 GMT

File type
SVG Scalable Vector Graphics image
Size
1.4 kB (1435 bytes)
Hash
ee5c8d9fb6248c938fd0dc19370e90bd
d01a22720918b781338b5bbf9202b241a5f99ee4
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

HTTP Headers

GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1
Host: logincdn.msftauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://legacywhf.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 1958187
cache-control: public, max-age=31536000
content-md5: nzaLxFgP7ZB3dfMcaybWzw==
content-type: image/svg+xml
date: Tue, 16 Apr 2024 18:14:45 GMT
etag: 0x8DB77257FFE6B4E
last-modified: Tue, 27 Jun 2023 15:45:14 GMT
server: ECAcc (ska/F6EE)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 0cd422c0-a01e-0081-675a-7e2671000000
x-ms-version: 2009-09-19
content-length: 1435
X-Firefox-Spdy: h2

legacywhf.com/?khwxgq2e6=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1wYXVsLmhlaXNzJTQwb25jb3IuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTUyMmYyMmVlLTliOTUtYjBkNS02YTAzLWFmYTMwOTliZmFiNyZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg0ODg4ODA4MzU4MjIxNjUuY2U0OTlhNzktYjRiMi00OWEyLTg2ZDAtMDZiNjI1OGVkNDViJnN0YXRlPURZdEJEc0lnRUFEQnZzVjRndUoyb2N2Qi1CUURsRmlTeWhwcjRfZmRTV1p1bzVWU2czZ1N0Wk9vT1V5RUpEaWFQQUZjZzdlbFlveHBqaVpqQm9NeGdhR3dPT05DRHVDcEx1aXpsdmN5OGktTjk0MmZyVF9XMXItM2R6bzJ1OWEyNzJkMDNBdF9iT0hYSHc=

5.230.40.9

302 Found

29 kB

URL GET HTTP/1.1
legacywhf.com/?khwxgq2e6=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1wYXVsLmhlaXNzJTQwb25jb3IuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTUyMmYyMmVlLTliOTUtYjBkNS02YTAzLWFmYTMwOTliZmFiNyZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg0ODg4ODA4MzU4MjIxNjUuY2U0OTlhNzktYjRiMi00OWEyLTg2ZDAtMDZiNjI1OGVkNDViJnN0YXRlPURZdEJEc0lnRUFEQnZzVjRndUoyb2N2Qi1CUURsRmlTeWhwcjRfZmRTV1p1bzVWU2czZ1N0Wk9vT1V5RUpEaWFQQUZjZzdlbFlveHBqaVpqQm9NeGdhR3dPT05DRHVDcEx1aXpsdmN5OGktTjk0MmZyVF9XMXItM2R6bzJ1OWEyNzJkMDNBdF9iT0hYSHc=
IP
5.230.40.9:443
ASN
#12586 GHOSTnet GmbH

Requested by
https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=paul.heiss@oncor.com
Certificate
IssuerLet's Encrypt
Subjectlegacywhf.com
FingerprintDC:C3:92:81:63:DF:55:02:58:A9:B6:8A:44:A6:99:69:5D:F7:BB:07
ValidityFri, 12 Apr 2024 13:09:49 GMT - Thu, 11 Jul 2024 13:09:48 GMT

File type

Size
29 kB (28697 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /?khwxgq2e6=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1wYXVsLmhlaXNzJTQwb25jb3IuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTUyMmYyMmVlLTliOTUtYjBkNS02YTAzLWFmYTMwOTliZmFiNyZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg0ODg4ODA4MzU4MjIxNjUuY2U0OTlhNzktYjRiMi00OWEyLTg2ZDAtMDZiNjI1OGVkNDViJnN0YXRlPURZdEJEc0lnRUFEQnZzVjRndUoyb2N2Qi1CUURsRmlTeWhwcjRfZmRTV1p1bzVWU2czZ1N0Wk9vT1V5RUpEaWFQQUZjZzdlbFlveHBqaVpqQm9NeGdhR3dPT05DRHVDcEx1aXpsdmN5OGktTjk0MmZyVF9XMXItM2R6bzJ1OWEyNzJkMDNBdF9iT0hYSHc= HTTP/1.1
Host: legacywhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=JZQsazSTMdqM; qPdM.sig=EHfAgidMx0vrJjN6lWAQkqNegG0; ClientId=D03562DBE8A147E7B1DF3258852ED31C; OIDC=1; OpenIdConnect.nonce.v3.PRvro1gjkp8SGS5Ox6XsTxDg6vq4tP_tE4rku7l9B-U=638488880835822165.ce499a79-b4b2-49a2-86d0-06b6258ed45b; X-OWA-RedirectHistory=ArLym14BVYJBF0Fe3Ag
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Location: https://legacywhf.com/?khwxgq2e6=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/c2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwrb2ZmbGluZV9hY2Nlc3MmcmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD01MTQ4MzM0Mi0wODVjLTRkODYtYmY4OC1jZjUwYzcyNTIwNzgmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3QmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmbG9naW4ubWljcm9zb2Z0b25saW5lLmNvbSUyZmNvbW1vbiUyZmZlZGVyYXRpb24lMmZvYXV0aDJtc2Emc3RhdGU9clFRSUFSQUFqVkU5YUJOeEhNMF9sNTVOYlcwcDdzTGhWTDBrOTVWY0lnVnp6WGViWEd2NllTTnkzbWZ1MHN2OXJfZVZwS1dyQ29LMGdnanRwbHNYaTR0U1FSekZxWXRMUVhBc0hZbzRGWEV3cVl1YnZ1SHg0TUh2OTNodkNpRmlST1o2NGc5SWZNQjRRdE1JWEZZSDZpODRreU1UWjFqOHp2TzlMd2N0NVBXcjZON1B0N3NnS3BoR29NWmsyTjRIMTNUUHM5MU1QQTU5ejRSd0xRWTF6WkF2ekRqc2lQRjNBQndCY0FMQXNfQlZXX1RObUs0YXJuc2JXakowTGk2RVUwbUtwZGstRWl6RnNDUkpKSm1Zck5McHRKaEs0eEl0a1RpZEZrbWNUU3I5YkVrcFNUS3NxdENNZEJ3ZTU3Ty1wNU1EZ282eG9mNElSelhvdEFVYnV0NHU4aFRrVmowdTU1YWItV3lPQzl4bHV1bFhTQ2dISE00dDVNeUNVZV9wdGtNTG1sSmZhZmlRV2E0M3FXYmRhX0NRWC1ybEt6bERuTThXNUdaS05WZGgxMjRaalJZSHE5Mm1XT3p3ZkcwbTU4X1ljNzZ4WVFaeWp6WHdXcG9tTldkUldDRWNuRkkySU9uM002ZElKVUZsUFVIaVMzZExuWDNrdnlwX2c2RDlXdHJRLW95ZzBGWXRRem1LZ0c4UmNCb0pKNGJQSS1EbFVILVRKN2Nlam84OXFIR1B2aG83Ulo4TGZSNkttOVZsVXF5NENTWlA5S1NxNkhUWDVwSldqWnBkQ1BocWRhbFlLaS11cjVhNW5sLXd5dE4waHRoR3dUYUtIcUxSWVdRaWhDRXo4OFFKQ3I2ajRQR2wwR0gwWDZNZVhRWUhvLUI0bEI1QlpWTTAydTdrMUNabUtJSUgxMVFMeTJ4aTNiWXJ5UEpBQmFMcHF5Nld1WWYxWDJEM3Q3YTJQbzZGenFfOC1yRF9mdWZUaTdQUzZmak5XYmRXWlIybE0wZVZtTUJxNWZYR2pVSkhsOGh5a1d3c2RaVjFycjNlRGF5S0Rsdnk5TUZFNkRjMSZsb2dpbl9oaW50PXBhdWwuaGVpc3MlNDBvbmNvci5jb20mZXN0c2ZlZD0xJnVhaWQ9NTIyZjIyZWU5Yjk1YjBkNTZhMDNhZmEzMDk5YmZhYjcmY29icmFuZGlkPWRlYjNmNzRhLWVkNWItNGVmMS04ZDNjLTkyYjg1ZGQ0NzM1MiZmY2k9MDAwMDAwMDItMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwIw==
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 0f863b8b-600d-424e-87dd-699147754200
x-ms-ests-server: 2.1.17750.6 - EUS ProdSlices
x-ms-srs: 1.P
Referrer-Policy: strict-origin-when-cross-origin
Set-Cookie: buid=0.AQ0AMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8BnAXYtz8wbYdediZwS3LwxY45uSLNOHka89DTleh8L6AnEU2smOBxCrmGZPt6ZQubdh_IYWjK6Rdn9sZw1WOUpaJ64cSKUFcYYCeZZUXnEAgAA; expires=Thu, 16-May-2024 18:14:43 GMT; path=/; secure; HttpOnly; SameSite=None
esctx-w58J60dOFYE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8-pK4lGiw0F1yOxUi3L1tHhkGN6ShjlNkBerFQ4rgp_YH8RNiuTq8wZ_T0N0jrTJzDDhobAK10IsCQEyKjuwZTHDIRGbaE4OOiyMEdw5IG52BEd8okrSaaniP0_Vsv8UbOZrDaNT_cGzHNmOMiSQ6oCAA; domain=legacywhf.com; path=/; secure; HttpOnly; SameSite=None
fpc=AtuAy-QcRxVCtiLDHUMphBCerOTJAQAAABO3sN0OAAAA; expires=Thu, 16-May-2024 18:14:43 GMT; path=/; secure; HttpOnly; SameSite=None
esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8OS0EkWeLCAAU-T__kgbbY_dkbafpySRq7nJgNcghxyIlH8aXcBGKPXz0nW_mraDgVKu5slF9SmoFoUK8jPvLHV3wete_T1zGdXpfHU-cpOnj3xuuLID7rfMc46ILc_lnhIwXglyekGQVl5vnwWQTe6J3anvE2qWrs01yqGI9gYQgAA; domain=legacywhf.com; path=/; secure; HttpOnly; SameSite=None
cltm=CgAQABoAIgQIDBAF; domain=legacywhf.com; path=/; secure; HttpOnly; SameSite=None
x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
stsservicecookie=estsfd; path=/; secure; samesite=none; httponly
Date: Tue, 16 Apr 2024 18:14:43 GMT
Connection: close
content-length: 1902
Content-Security-Policy: default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

legacywhf.com/?qrc=paul.heiss%40oncor.com

5.230.40.9

302 Moved Temporarily

29 kB

URL GET HTTP/1.1
legacywhf.com/?qrc=paul.heiss%40oncor.com
IP
5.230.40.9:443
ASN
#12586 GHOSTnet GmbH

Requested by
https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=paul.heiss@oncor.com
Certificate
IssuerLet's Encrypt
Subjectlegacywhf.com
FingerprintDC:C3:92:81:63:DF:55:02:58:A9:B6:8A:44:A6:99:69:5D:F7:BB:07
ValidityFri, 12 Apr 2024 13:09:49 GMT - Thu, 11 Jul 2024 13:09:48 GMT

File type

Size
29 kB (28697 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /?qrc=paul.heiss%40oncor.com HTTP/1.1
Host: legacywhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=JZQsazSTMdqM; qPdM.sig=EHfAgidMx0vrJjN6lWAQkqNegG0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache
Pragma: no-cache
Location: https://legacywhf.com/owa/?login_hint=paul.heiss%40oncor.com
Server: Microsoft-IIS/10.0
request-id: 20b8e5bb-faa7-edc0-2c78-92086901bfa2
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-FEServer: FR4P281CA0152, FR4P281CA0152
X-RequestId: 11b1ced0-ab49-4029-826a-3f380459cdb2
X-FEProxyInfo: FR4P281CA0152.DEUP281.PROD.OUTLOOK.COM
X-FEEFZInfo: FRA
MS-CV: u+W4IKf6wO0seJIIaQG/og.0
X-Powered-By: ASP.NET
Date: Tue, 16 Apr 2024 18:14:42 GMT
Connection: close
Content-Length: 0
Content-Security-Policy: default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

legacywhf.com/?khwxgq2e6=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/c2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwrb2ZmbGluZV9hY2Nlc3MmcmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD01MTQ4MzM0Mi0wODVjLTRkODYtYmY4OC1jZjUwYzcyNTIwNzgmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3QmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmbG9naW4ubWljcm9zb2Z0b25saW5lLmNvbSUyZmNvbW1vbiUyZmZlZGVyYXRpb24lMmZvYXV0aDJtc2Emc3RhdGU9clFRSUFSQUFqVkU5YUJOeEhNMF9sNTVOYlcwcDdzTGhWTDBrOTVWY0lnVnp6WGViWEd2NllTTnkzbWZ1MHN2OXJfZVZwS1dyQ29LMGdnanRwbHNYaTR0U1FSekZxWXRMUVhBc0hZbzRGWEV3cVl1YnZ1SHg0TUh2OTNodkNpRmlST1o2NGc5SWZNQjRRdE1JWEZZSDZpODRreU1UWjFqOHp2TzlMd2N0NVBXcjZON1B0N3NnS3BoR29NWmsyTjRIMTNUUHM5MU1QQTU5ejRSd0xRWTF6WkF2ekRqc2lQRjNBQndCY0FMQXNfQlZXX1RObUs0YXJuc2JXakowTGk2RVUwbUtwZGstRWl6RnNDUkpKSm1Zck5McHRKaEs0eEl0a1RpZEZrbWNUU3I5YkVrcFNUS3NxdENNZEJ3ZTU3Ty1wNU1EZ282eG9mNElSelhvdEFVYnV0NHU4aFRrVmowdTU1YWItV3lPQzl4bHV1bFhTQ2dISE00dDVNeUNVZV9wdGtNTG1sSmZhZmlRV2E0M3FXYmRhX0NRWC1ybEt6bERuTThXNUdaS05WZGgxMjRaalJZSHE5Mm1XT3p3ZkcwbTU4X1ljNzZ4WVFaeWp6WHdXcG9tTldkUldDRWNuRkkySU9uM002ZElKVUZsUFVIaVMzZExuWDNrdnlwX2c2RDlXdHJRLW95ZzBGWXRRem1LZ0c4UmNCb0pKNGJQSS1EbFVILVRKN2Nlam84OXFIR1B2aG83Ulo4TGZSNkttOVZsVXF5NENTWlA5S1NxNkhUWDVwSldqWnBkQ1BocWRhbFlLaS11cjVhNW5sLXd5dE4waHRoR3dUYUtIcUxSWVdRaWhDRXo4OFFKQ3I2ajRQR2wwR0gwWDZNZVhRWUhvLUI0bEI1QlpWTTAydTdrMUNabUtJSUgxMVFMeTJ4aTNiWXJ5UEpBQmFMcHF5Nld1WWYxWDJEM3Q3YTJQbzZGenFfOC1yRF9mdWZUaTdQUzZmak5XYmRXWlIybE0wZVZtTUJxNWZYR2pVSkhsOGh5a1d3c2RaVjFycjNlRGF5S0Rsdnk5TUZFNkRjMSZsb2dpbl9oaW50PXBhdWwuaGVpc3MlNDBvbmNvci5jb20mZXN0c2ZlZD0xJnVhaWQ9NTIyZjIyZWU5Yjk1YjBkNTZhMDNhZmEzMDk5YmZhYjcmY29icmFuZGlkPWRlYjNmNzRhLWVkNWItNGVmMS04ZDNjLTkyYjg1ZGQ0NzM1MiZmY2k9MDAwMDAwMDItMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwIw==

5.230.40.9

200 OK

29 kB

URL GET HTTP/1.1
legacywhf.com/?khwxgq2e6=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/c2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwrb2ZmbGluZV9hY2Nlc3MmcmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD01MTQ4MzM0Mi0wODVjLTRkODYtYmY4OC1jZjUwYzcyNTIwNzgmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3QmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmbG9naW4ubWljcm9zb2Z0b25saW5lLmNvbSUyZmNvbW1vbiUyZmZlZGVyYXRpb24lMmZvYXV0aDJtc2Emc3RhdGU9clFRSUFSQUFqVkU5YUJOeEhNMF9sNTVOYlcwcDdzTGhWTDBrOTVWY0lnVnp6WGViWEd2NllTTnkzbWZ1MHN2OXJfZVZwS1dyQ29LMGdnanRwbHNYaTR0U1FSekZxWXRMUVhBc0hZbzRGWEV3cVl1YnZ1SHg0TUh2OTNodkNpRmlST1o2NGc5SWZNQjRRdE1JWEZZSDZpODRreU1UWjFqOHp2TzlMd2N0NVBXcjZON1B0N3NnS3BoR29NWmsyTjRIMTNUUHM5MU1QQTU5ejRSd0xRWTF6WkF2ekRqc2lQRjNBQndCY0FMQXNfQlZXX1RObUs0YXJuc2JXakowTGk2RVUwbUtwZGstRWl6RnNDUkpKSm1Zck5McHRKaEs0eEl0a1RpZEZrbWNUU3I5YkVrcFNUS3NxdENNZEJ3ZTU3Ty1wNU1EZ282eG9mNElSelhvdEFVYnV0NHU4aFRrVmowdTU1YWItV3lPQzl4bHV1bFhTQ2dISE00dDVNeUNVZV9wdGtNTG1sSmZhZmlRV2E0M3FXYmRhX0NRWC1ybEt6bERuTThXNUdaS05WZGgxMjRaalJZSHE5Mm1XT3p3ZkcwbTU4X1ljNzZ4WVFaeWp6WHdXcG9tTldkUldDRWNuRkkySU9uM002ZElKVUZsUFVIaVMzZExuWDNrdnlwX2c2RDlXdHJRLW95ZzBGWXRRem1LZ0c4UmNCb0pKNGJQSS1EbFVILVRKN2Nlam84OXFIR1B2aG83Ulo4TGZSNkttOVZsVXF5NENTWlA5S1NxNkhUWDVwSldqWnBkQ1BocWRhbFlLaS11cjVhNW5sLXd5dE4waHRoR3dUYUtIcUxSWVdRaWhDRXo4OFFKQ3I2ajRQR2wwR0gwWDZNZVhRWUhvLUI0bEI1QlpWTTAydTdrMUNabUtJSUgxMVFMeTJ4aTNiWXJ5UEpBQmFMcHF5Nld1WWYxWDJEM3Q3YTJQbzZGenFfOC1yRF9mdWZUaTdQUzZmak5XYmRXWlIybE0wZVZtTUJxNWZYR2pVSkhsOGh5a1d3c2RaVjFycjNlRGF5S0Rsdnk5TUZFNkRjMSZsb2dpbl9oaW50PXBhdWwuaGVpc3MlNDBvbmNvci5jb20mZXN0c2ZlZD0xJnVhaWQ9NTIyZjIyZWU5Yjk1YjBkNTZhMDNhZmEzMDk5YmZhYjcmY29icmFuZGlkPWRlYjNmNzRhLWVkNWItNGVmMS04ZDNjLTkyYjg1ZGQ0NzM1MiZmY2k9MDAwMDAwMDItMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwIw==
IP
5.230.40.9:443
ASN
#12586 GHOSTnet GmbH

Requested by
https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=paul.heiss@oncor.com
Certificate
IssuerLet's Encrypt
Subjectlegacywhf.com
FingerprintDC:C3:92:81:63:DF:55:02:58:A9:B6:8A:44:A6:99:69:5D:F7:BB:07
ValidityFri, 12 Apr 2024 13:09:49 GMT - Thu, 11 Jul 2024 13:09:48 GMT

File type

Size
29 kB (28697 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /?khwxgq2e6=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/c2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwrb2ZmbGluZV9hY2Nlc3MmcmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD01MTQ4MzM0Mi0wODVjLTRkODYtYmY4OC1jZjUwYzcyNTIwNzgmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3QmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmbG9naW4ubWljcm9zb2Z0b25saW5lLmNvbSUyZmNvbW1vbiUyZmZlZGVyYXRpb24lMmZvYXV0aDJtc2Emc3RhdGU9clFRSUFSQUFqVkU5YUJOeEhNMF9sNTVOYlcwcDdzTGhWTDBrOTVWY0lnVnp6WGViWEd2NllTTnkzbWZ1MHN2OXJfZVZwS1dyQ29LMGdnanRwbHNYaTR0U1FSekZxWXRMUVhBc0hZbzRGWEV3cVl1YnZ1SHg0TUh2OTNodkNpRmlST1o2NGc5SWZNQjRRdE1JWEZZSDZpODRreU1UWjFqOHp2TzlMd2N0NVBXcjZON1B0N3NnS3BoR29NWmsyTjRIMTNUUHM5MU1QQTU5ejRSd0xRWTF6WkF2ekRqc2lQRjNBQndCY0FMQXNfQlZXX1RObUs0YXJuc2JXakowTGk2RVUwbUtwZGstRWl6RnNDUkpKSm1Zck5McHRKaEs0eEl0a1RpZEZrbWNUU3I5YkVrcFNUS3NxdENNZEJ3ZTU3Ty1wNU1EZ282eG9mNElSelhvdEFVYnV0NHU4aFRrVmowdTU1YWItV3lPQzl4bHV1bFhTQ2dISE00dDVNeUNVZV9wdGtNTG1sSmZhZmlRV2E0M3FXYmRhX0NRWC1ybEt6bERuTThXNUdaS05WZGgxMjRaalJZSHE5Mm1XT3p3ZkcwbTU4X1ljNzZ4WVFaeWp6WHdXcG9tTldkUldDRWNuRkkySU9uM002ZElKVUZsUFVIaVMzZExuWDNrdnlwX2c2RDlXdHJRLW95ZzBGWXRRem1LZ0c4UmNCb0pKNGJQSS1EbFVILVRKN2Nlam84OXFIR1B2aG83Ulo4TGZSNkttOVZsVXF5NENTWlA5S1NxNkhUWDVwSldqWnBkQ1BocWRhbFlLaS11cjVhNW5sLXd5dE4waHRoR3dUYUtIcUxSWVdRaWhDRXo4OFFKQ3I2ajRQR2wwR0gwWDZNZVhRWUhvLUI0bEI1QlpWTTAydTdrMUNabUtJSUgxMVFMeTJ4aTNiWXJ5UEpBQmFMcHF5Nld1WWYxWDJEM3Q3YTJQbzZGenFfOC1yRF9mdWZUaTdQUzZmak5XYmRXWlIybE0wZVZtTUJxNWZYR2pVSkhsOGh5a1d3c2RaVjFycjNlRGF5S0Rsdnk5TUZFNkRjMSZsb2dpbl9oaW50PXBhdWwuaGVpc3MlNDBvbmNvci5jb20mZXN0c2ZlZD0xJnVhaWQ9NTIyZjIyZWU5Yjk1YjBkNTZhMDNhZmEzMDk5YmZhYjcmY29icmFuZGlkPWRlYjNmNzRhLWVkNWItNGVmMS04ZDNjLTkyYjg1ZGQ0NzM1MiZmY2k9MDAwMDAwMDItMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwIw== HTTP/1.1
Host: legacywhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=JZQsazSTMdqM; qPdM.sig=EHfAgidMx0vrJjN6lWAQkqNegG0; ClientId=D03562DBE8A147E7B1DF3258852ED31C; OIDC=1; OpenIdConnect.nonce.v3.PRvro1gjkp8SGS5Ox6XsTxDg6vq4tP_tE4rku7l9B-U=638488880835822165.ce499a79-b4b2-49a2-86d0-06b6258ed45b; X-OWA-RedirectHistory=ArLym14BVYJBF0Fe3Ag; buid=0.AQ0AMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8BnAXYtz8wbYdediZwS3LwxY45uSLNOHka89DTleh8L6AnEU2smOBxCrmGZPt6ZQubdh_IYWjK6Rdn9sZw1WOUpaJ64cSKUFcYYCeZZUXnEAgAA; esctx-w58J60dOFYE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8-pK4lGiw0F1yOxUi3L1tHhkGN6ShjlNkBerFQ4rgp_YH8RNiuTq8wZ_T0N0jrTJzDDhobAK10IsCQEyKjuwZTHDIRGbaE4OOiyMEdw5IG52BEd8okrSaaniP0_Vsv8UbOZrDaNT_cGzHNmOMiSQ6oCAA; fpc=AtuAy-QcRxVCtiLDHUMphBCerOTJAQAAABO3sN0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8OS0EkWeLCAAU-T__kgbbY_dkbafpySRq7nJgNcghxyIlH8aXcBGKPXz0nW_mraDgVKu5slF9SmoFoUK8jPvLHV3wete_T1zGdXpfHU-cpOnj3xuuLID7rfMc46ILc_lnhIwXglyekGQVl5vnwWQTe6J3anvE2qWrs01yqGI9gYQgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: Tue, 16 Apr 2024 18:13:44 GMT
Vary: Accept-Encoding
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Link: <https://logincdn.msftauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msftauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msauth.net/>; rel=dns-prefetch, <https://acctcdn.msftauth.net/>; rel=dns-prefetch, <https://acctcdnmsftuswe2.azureedge.net/>; rel=dns-prefetch, <https://acctcdnvzeuno.azureedge.net/>; rel=dns-prefetch, <https://logincdn.msauth.net/>; rel=dns-prefetch, <https://logincdn.msftauth.net/>; rel=dns-prefetch, <https://lgincdnvzeuno.azureedge.net/>; rel=dns-prefetch, <https://lgincdnmsftuswe2.azureedge.net/>; rel=dns-prefetch
FdrTelemetry: &481=1001&59=5&213=293577&215=-2147217396&315=1&256=-2147217399&481=1001&215=-2147217396&315=1&214=15216&288=16.0.30171.7
Referrer-Policy: strict-origin-when-cross-origin
x-ms-route-info: C504_SN1
x-ms-request-id: a8d93014-e75b-47d2-a5c8-353ed96fb475
PPServer: PPV: 30 H: SN1PEPF0002F03C V: 0
Strict-Transport-Security: max-age=31536000
Set-Cookie: MSPRequ=id=N&lt=1713291284&co=1; domain=legacywhf.com; Secure; path=/; SameSite=None; HttpOnly
uaid=522f22ee9b95b0d56a03afa3099bfab7; domain=legacywhf.com; Secure; path=/; SameSite=None; HttpOnly
cltm=; expires=Thu, 30-Oct-1980 16:00:00 GMT; domain=legacywhf.com; Secure; path=/; SameSite=None; HttpOnly
MSCC=5.230.40.9-DE; expires=Sun, 11-May-2025 18:14:44 GMT; domain=legacywhf.com; Secure; path=/; SameSite=None; HttpOnly
MSPOK=$uuid-1f4a54b3-e90d-44f8-a204-c1cf1cd91297; domain=legacywhf.com; Secure; path=/; SameSite=None; HttpOnly
OParams=11O.DjUpaLM4qxEj0*xAkcjFDRT9s3xBrz*yQYCuvk66zRM*xR1y7IiccZ7fT6Xb2ryQDDsm7y7JnbBI*H2ohJf1qFH9TBc5QWR5PZzTqP8WaN!IvjUy5xomANghAkyn9GN6o**TCv669IivMTXaX7TdV0S!Pr3vZ7B9bEsUH3gsjNQFz2yIruQ2OXp0gZIm3rv!6kJ1JT5h5P!j2VCjJD*GsTAe6Yk40PS0mp119lpppgMGg8wd6GqOX!a2u1129c4lYIksPxINHIRTsNXGNWL0rL*lNRrGXu1TRTf2Yhf90rAC7KBErViaLsoDry78U0Yppu8zPsIOZzXrvmkfuNM5k6m*6ZVQ4jX4T81Tgly7Xg9aAuQI3tX7FrosGVDYUGfKxL5oXWFPGjUnhdey1!Yg2bAKr0ufwPvU2rR!gUPbnFjARUdEZ6OlukA0MH4Ty6XJj9mrX*fdcQHfUXs2LOb!ilw7x2i7QXPTMAdF84XqgjRRDxeiZm4Zb8YyKDCiytcRC8fHqKJiNA904TlJo5W6WrLSduE3LaQlFbcl1WEu6hBz7pDiZmx!qgImRNXI85uSJ2LlqW3gyLHkJrB1veM1RDtaNdNe4BCEydw7D8KNBcfiBw*pAm*8RPhbDDTXpfHgKeuCMze!on*6qxrGZ6cpNzUXPIJuytFyhmcNRcgTbSttgPQq6uBfJpQse*sw6F!BVoDQQoPdpVUUXfLd*p79jfQkWhaTbxlSaRtifLgYAG9A!WnNXpa2Gw2oMYA6q!bVfmtqOpWkWICI7BY1NLq5GlNPRVBjGizViQe9sgzbcnPGSDLKlJkLP0H24Z7v4XkukS*FH5llWgcYsTB33RHFmtSsU68N7PtmpmhYwD77KlUFrQVEuwcx93MRr6HKqDfjpeuhhCsakjUdTzJJE19YP*kXGf1a2FTi1TOPRX2D2qP2mwTvDjb1nq0B4F3CqZLvCG0VZfu!hn9NT80r8al5Ue2txfz7sGT2SA13nOXsMfDJKOjIAk5kFXcsA5CB3hwavfP7ic5gYmZedUWUkFR*gwXdUkytrJtXI2nD5MZQ1kjdlTQvatFJ7*Ir!XPGlulmkvavuoKfqzeAOhhEp1F77adItkYuD1rLwMPxruBBFdBnG4qmI5g*U!DHnfbCJIY7Dq2lkzmgjgtyn5X8t0tcDbFciNe68J25xcQipT!0HdmpM*aHWRzqh2juboEYDOlhdeNqAEAOSHdSA3xykBDUg8fvoDoYF8vLS8ZphUv1JDvSmHUaXwYO3xOrgkNKkIFf4zlICWjB6f5gVAtp!UQkPi65Shjp73QKKfxwKXxtcGOpSxlfO0W*VmOZ6euicYh0LJjABMCjDaLWhfgO6StedzkpPUCWhKdrpjyh2dEFG0Yg; domain=legacywhf.com; Secure; path=/; SameSite=None; HttpOnly
Date: Tue, 16 Apr 2024 18:14:43 GMT
Connection: close
content-length: 28697
Content-Security-Policy: default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (22)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL