| jerfm.com/gkvd/hGhk/89098b8e3b63e405ef60f87965cd1e2a/bDWxeV/cGF1bC5oZWlzc0BvbmNvci5jb20= | 192.99.71.92 | | 0 B |
URL jerfm.com/gkvd/hGhk/89098b8e3b63e405ef60f87965cd1e2a/bDWxeV/cGF1bC5oZWlzc0BvbmNvci5jb20= IP192.99.71.92:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Microsoft Outlook |
GET /gkvd/hGhk/89098b8e3b63e405ef60f87965cd1e2a/bDWxeV/cGF1bC5oZWlzc0BvbmNvci5jb20= HTTP/1.1
Host: jerfm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 18:14:35 GMT
Server: Apache
refresh: 0;url=https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=paul.heiss@oncor.com
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
|
|
| challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback | 104.17.3.184 | | 0 B |
URL challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback IP104.17.3.184:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Tue, 16 Apr 2024 18:14:36 GMT
content-length: 0
cross-origin-resource-policy: cross-origin
location: /turnstile/v0/b/bcc5fb0a8815/api.js?onload=onloadTurnstileCallback
access-control-allow-origin: *
cache-control: max-age=300, public
vary: Accept-Encoding
server: cloudflare
cf-ray: 875627edfaeeb500-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=paul.heiss@oncor.com | 188.114.96.1 | 200 OK | 1.9 kB |
URL User Request POST HTTP/394e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=paul.heiss@oncor.com IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject58598891ef09ac737cee0cf3.workers.dev FingerprintD0:7E:0D:A9:25:22:78:7A:45:69:2E:89:48:E8:33:A8:4A:15:BD:DF ValidityFri, 12 Apr 2024 13:36:58 GMT - Thu, 11 Jul 2024 13:36:57 GMT
File typeHTML document, ASCII text, with very long lines (3255), with no line terminators Hash27a21d95b21c86ff67d170a4a775f1d8 1768764bf90726bc090971dbe0fd6eef1477e49d 4b35a01d5d3493c6cc57d5692e65b3a1678c345b3f45057804e5ad94c174e9a9
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Microsoft Outlook | OpenPhish | phishing | Office365 |
GET /?qrc=paul.heiss@oncor.com HTTP/1.1
Host: 94e6f5a7.58598891ef09ac737cee0cf3.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 16 Apr 2024 18:14:36 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kEZuQitj0Kw52o0TjBuhVUSiSH4SVci8kr6W2MYElv4aBTWGmHylKWKi88SHRwesgCAytOlo8MIFuyi%2BsLElHUuGDzifUrKGgdv8XhDwzOYtqiY51aZZNuIFToePAl80e%2Biin%2F7aW4sii%2FazKnyDb4zzqnX%2BDC7YszFDLCOTvow%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875627ec6abbb529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| legacywhf.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2xlZ2FjeXdoZi5jb20iLCJkb21haW4iOiJsZWdhY3l3aGYuY29tIiwia2V5IjoiSlpRc2F6U1RNZHFNIiwicXJjIjoicGF1bC5oZWlzc0BvbmNvci5jb20iLCJpYXQiOjE3MTMyOTEyODMsImV4cCI6MTcxMzI5MTQwM30.hlgGJVXNtHjXz6_l8uj85YHg6TtRqfSf_c4pgfD7Sbo | 5.230.40.9 | 302 Found | 0 B |
URL GET HTTP/1.1legacywhf.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2xlZ2FjeXdoZi5jb20iLCJkb21haW4iOiJsZWdhY3l3aGYuY29tIiwia2V5IjoiSlpRc2F6U1RNZHFNIiwicXJjIjoicGF1bC5oZWlzc0BvbmNvci5jb20iLCJpYXQiOjE3MTMyOTEyODMsImV4cCI6MTcxMzI5MTQwM30.hlgGJVXNtHjXz6_l8uj85YHg6TtRqfSf_c4pgfD7Sbo IP5.230.40.9:443
Requested byhttps://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=paul.heiss@oncor.com CertificateIssuerLet's Encrypt Subjectlegacywhf.com FingerprintDC:C3:92:81:63:DF:55:02:58:A9:B6:8A:44:A6:99:69:5D:F7:BB:07 ValidityFri, 12 Apr 2024 13:09:49 GMT - Thu, 11 Jul 2024 13:09:48 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Microsoft Outlook |
GET /?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2xlZ2FjeXdoZi5jb20iLCJkb21haW4iOiJsZWdhY3l3aGYuY29tIiwia2V5IjoiSlpRc2F6U1RNZHFNIiwicXJjIjoicGF1bC5oZWlzc0BvbmNvci5jb20iLCJpYXQiOjE3MTMyOTEyODMsImV4cCI6MTcxMzI5MTQwM30.hlgGJVXNtHjXz6_l8uj85YHg6TtRqfSf_c4pgfD7Sbo HTTP/1.1
Host: legacywhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Set-Cookie: qPdM=JZQsazSTMdqM; path=/; samesite=none; secure; httponly
qPdM.sig=EHfAgidMx0vrJjN6lWAQkqNegG0; path=/; samesite=none; secure; httponly
location: /?qrc=paul.heiss%40oncor.com
Date: Tue, 16 Apr 2024 18:14:43 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked
|
|
| 94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/favicon.ico | 188.114.96.1 | 200 OK | 1.3 kB |
URL GET HTTP/394e6f5a7.58598891ef09ac737cee0cf3.workers.dev/favicon.ico IP188.114.96.1:443
Requested byhttps://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=paul.heiss@oncor.com CertificateIssuerGoogle Trust Services LLC Subject58598891ef09ac737cee0cf3.workers.dev FingerprintD0:7E:0D:A9:25:22:78:7A:45:69:2E:89:48:E8:33:A8:4A:15:BD:DF ValidityFri, 12 Apr 2024 13:36:58 GMT - Thu, 11 Jul 2024 13:36:57 GMT
File typeHTML document, ASCII text, with very long lines (3255), with no line terminators Hash27a21d95b21c86ff67d170a4a775f1d8 1768764bf90726bc090971dbe0fd6eef1477e49d 4b35a01d5d3493c6cc57d5692e65b3a1678c345b3f45057804e5ad94c174e9a9
Analyzer | Verdict | Alert | OpenPhish | phishing | Office365 |
GET /favicon.ico HTTP/1.1
Host: 94e6f5a7.58598891ef09ac737cee0cf3.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=paul.heiss@oncor.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 16 Apr 2024 18:14:43 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZaeIkEmv4iYJeTWuXZ76NIXtNgL1W0zqVE%2BhLW%2Fpzl6BUqg7u9mfMPuaAG1dynr1fgG6cAf%2BwohH6JGe3EL%2B4Fw8zuQ8eb0W%2FSJQbImU2TueZMCtUdwpaSQv5Fw9ODqTLyaEDDxpUKY27UZ5gUww5eR%2BBoaE8cM7NmywLl9MMnc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875628186c7b56be-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| legacywhf.com/owa/?login_hint=paul.heiss%40oncor.com | 5.230.40.9 | 302 Found | 1.4 kB |
URL GET HTTP/1.1legacywhf.com/owa/?login_hint=paul.heiss%40oncor.com IP5.230.40.9:443
Requested byhttps://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=paul.heiss@oncor.com CertificateIssuerLet's Encrypt Subjectlegacywhf.com FingerprintDC:C3:92:81:63:DF:55:02:58:A9:B6:8A:44:A6:99:69:5D:F7:BB:07 ValidityFri, 12 Apr 2024 13:09:49 GMT - Thu, 11 Jul 2024 13:09:48 GMT
File typeHTML document, ASCII text, with very long lines (780), with CRLF, LF line terminators Hash4b0927763b445091f6ace12923c296da ee058d3b7db619e3e593c63525f9308bdbf4e1c3 3bea02880b714e020c7b134d0eaded0a41d77e0ddfbdf63fbe50a9967c5da390
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Microsoft Outlook |
GET /owa/?login_hint=paul.heiss%40oncor.com HTTP/1.1
Host: legacywhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=JZQsazSTMdqM; qPdM.sig=EHfAgidMx0vrJjN6lWAQkqNegG0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
content-length: 1360
Content-Type: text/html; charset=utf-8
Location: https://legacywhf.com/?khwxgq2e6=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1wYXVsLmhlaXNzJTQwb25jb3IuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTUyMmYyMmVlLTliOTUtYjBkNS02YTAzLWFmYTMwOTliZmFiNyZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg0ODg4ODA4MzU4MjIxNjUuY2U0OTlhNzktYjRiMi00OWEyLTg2ZDAtMDZiNjI1OGVkNDViJnN0YXRlPURZdEJEc0lnRUFEQnZzVjRndUoyb2N2Qi1CUURsRmlTeWhwcjRfZmRTV1p1bzVWU2czZ1N0Wk9vT1V5RUpEaWFQQUZjZzdlbFlveHBqaVpqQm9NeGdhR3dPT05DRHVDcEx1aXpsdmN5OGktTjk0MmZyVF9XMXItM2R6bzJ1OWEyNzJkMDNBdF9iT0hYSHc=
Server: Microsoft-IIS/10.0
request-id: 522f22ee-9b95-b0d5-6a03-afa3099bfab7
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Alt-Svc: h3=":443";ma=2592000,h3-29=":443";ma=2592000
X-CalculatedFETarget: BE1P281CU026.internal.outlook.com
X-BackEndHttpStatus: 302, 302
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: ClientId=D03562DBE8A147E7B1DF3258852ED31C; expires=Wed, 16-Apr-2025 18:14:43 GMT; path=/;SameSite=None; secure
ClientId=D03562DBE8A147E7B1DF3258852ED31C; expires=Wed, 16-Apr-2025 18:14:43 GMT; path=/;SameSite=None; secure
OIDC=1; expires=Wed, 16-Oct-2024 18:14:43 GMT; path=/;SameSite=None; secure; HttpOnly
RoutingKeyCookie=; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.token.v1=; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.token.v1=; domain=legacywhf.com; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.id_token.v1=; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.code.v1=; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.id_token.v1=; domain=legacywhf.com; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.code.v1=; domain=legacywhf.com; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; domain=legacywhf.com; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; domain=legacywhf.com; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; domain=legacywhf.com; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.nonce.v3.PRvro1gjkp8SGS5Ox6XsTxDg6vq4tP_tE4rku7l9B-U=638488880835822165.ce499a79-b4b2-49a2-86d0-06b6258ed45b; expires=Tue, 16-Apr-2024 19:14:43 GMT; path=/;SameSite=None; secure; HttpOnly
HostSwitchPrg=; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OptInPrg=; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
SuiteServiceProxyKey=; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
ClientId=D03562DBE8A147E7B1DF3258852ED31C; expires=Wed, 16-Apr-2025 18:14:43 GMT; path=/;SameSite=None; secure
OIDC=1; expires=Wed, 16-Oct-2024 18:14:43 GMT; path=/;SameSite=None; secure; HttpOnly
RoutingKeyCookie=; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.token.v1=; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.token.v1=; domain=legacywhf.com; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.id_token.v1=; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.code.v1=; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.id_token.v1=; domain=legacywhf.com; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.code.v1=; domain=legacywhf.com; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; domain=legacywhf.com; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; domain=legacywhf.com; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; domain=legacywhf.com; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OpenIdConnect.nonce.v3.PRvro1gjkp8SGS5Ox6XsTxDg6vq4tP_tE4rku7l9B-U=638488880835822165.ce499a79-b4b2-49a2-86d0-06b6258ed45b; expires=Tue, 16-Apr-2024 19:14:43 GMT; path=/;SameSite=None; secure; HttpOnly
HostSwitchPrg=; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
OptInPrg=; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
SuiteServiceProxyKey=; expires=Sat, 16-Apr-1994 18:14:43 GMT; path=/; secure
X-OWA-RedirectHistory=ArLym14BVYJBF0Fe3Ag; expires=Wed, 17-Apr-2024 00:16:43 GMT; path=/;SameSite=None; secure; HttpOnly
X-CalculatedBETarget: BEXP281MB0056.DEUP281.PROD.OUTLOOK.COM
X-RUM-Validated: 1
X-RUM-NotUpdateQueriedPath: 1
X-RUM-NotUpdateQueriedDbCopy: 1
X-BeSku: WCS6
X-OWA-DiagnosticsInfo: 2;0;0
X-IIDs: 0
X-BackEnd-Begin: 2024-04-16T18:14:43.582
X-BackEnd-End: 2024-04-16T18:14:43.582
X-DiagInfo: BEXP281MB0056
X-BEServer: BEXP281MB0056
X-UA-Compatible: IE=EmulateIE7
X-Proxy-RoutingCorrectness: 1
X-Proxy-BackendServerStatus: 302
X-FEProxyInfo: FR3P281CA0143.DEUP281.PROD.OUTLOOK.COM
X-FEEFZInfo: HHN
X-FEServer: BE1P281CA0339, FR3P281CA0143
NEL: {"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
X-FirstHopCafeEFZ: HHN
Date: Tue, 16 Apr 2024 18:14:43 GMT
Connection: close
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1237528446:1713289162:C3u9vmCsd2KqyQcandJKjilLF5ssXnFn5k_--kPHahw/875627ef3ae0b517/f4fe6a0a1542db8 | 104.17.3.184 | | 84 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1237528446:1713289162:C3u9vmCsd2KqyQcandJKjilLF5ssXnFn5k_--kPHahw/875627ef3ae0b517/f4fe6a0a1542db8 IP104.17.3.184:0
File typeASCII text, with very long lines (65536), with no line terminators Hashf871d8c1e1c7de7ed6d134f737541d3a 623a750ecf30e9e5be0c2d4dbe203d70ff34134f 7ea68296be21089a2e0423b13edb154859bf7235ffe340eb5e18e24c241eaf39
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1237528446:1713289162:C3u9vmCsd2KqyQcandJKjilLF5ssXnFn5k_--kPHahw/875627ef3ae0b517/f4fe6a0a1542db8 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/vn1a5/0x4AAAAAAAW-lbDQI7I0Z-Zf/auto/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: f4fe6a0a1542db8
Content-Length: 2579
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 16 Apr 2024 18:14:37 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: lUc3FW4aatYSI7Z+j8YhyR5J5CVO827XAazCigPTp3yELYcJ7sa/dX/ALA3N//fZfh1OZfp+wsiZyMW4VtVFRR9T0MF200rUFdDPDmBrNQmEaaq4Bk1aEmfRUG3ROY3+JaeKlaM3hhqOweUHEp064MB6IpNwr4KMKz3Uso4UvLtM1sa6iZLpb+zFUYRPxhHf+RzRCp4nqSfgWdr1tePXYNR2YuvlzjSlBvTSOxX9H5mgYT9kKnLhZqcCS2Vo9LDuXzsZYR1zglhavs71N97xYPr9ydzmsZRWKQhv71n1amrvBkfxvFfwLain+u3LjF4ZKgcQA9g2VXQ8cH0rkUt4a0xsJ/SReX406gatKZ2Z2e/t+FLz8SsYXztf7gt0xTEvme2QdRyQCIhVBh11lVZxcoEGptkedgniyeapAcY2mY6X/CzR6QB4XTPyXhGQs1XJpf7n3zb6/U5l+5aSVQrbO0KRQDzFnMvhpuWIjYIZKhQ=$qTY7wFikfLSC//9gFOJv8g==
server: cloudflare
cf-ray: 875627f19f76b517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| logincdn.msftauth.net/shared/5/js/login_en_R9cd1P-sU5i6N1WyJUoyQA2.js | 192.229.221.185 | 200 OK | 227 kB |
URL GET HTTP/2logincdn.msftauth.net/shared/5/js/login_en_R9cd1P-sU5i6N1WyJUoyQA2.js IP192.229.221.185:443
Requested byhttps://legacywhf.com/?khwxgq2e6=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/c2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwrb2ZmbGluZV9hY2Nlc3MmcmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD01MTQ4MzM0Mi0wODVjLTRkODYtYmY4OC1jZjUwYzcyNTIwNzgmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3QmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmbG9naW4ubWljcm9zb2Z0b25saW5lLmNvbSUyZmNvbW1vbiUyZmZlZGVyYXRpb24lMmZvYXV0aDJtc2Emc3RhdGU9clFRSUFSQUFqVkU5YUJOeEhNMF9sNTVOYlcwcDdzTGhWTDBrOTVWY0lnVnp6WGViWEd2NllTTnkzbWZ1MHN2OXJfZVZwS1dyQ29LMGdnanRwbHNYaTR0U1FSekZxWXRMUVhBc0hZbzRGWEV3cVl1YnZ1SHg0TUh2OTNodkNpRmlST1o2NGc5SWZNQjRRdE1JWEZZSDZpODRreU1UWjFqOHp2TzlMd2N0NVBXcjZON1B0N3NnS3BoR29NWmsyTjRIMTNUUHM5MU1QQTU5ejRSd0xRWTF6WkF2ekRqc2lQRjNBQndCY0FMQXNfQlZXX1RObUs0YXJuc2JXakowTGk2RVUwbUtwZGstRWl6RnNDUkpKSm1Zck5McHRKaEs0eEl0a1RpZEZrbWNUU3I5YkVrcFNUS3NxdENNZEJ3ZTU3Ty1wNU1EZ282eG9mNElSelhvdEFVYnV0NHU4aFRrVmowdTU1YWItV3lPQzl4bHV1bFhTQ2dISE00dDVNeUNVZV9wdGtNTG1sSmZhZmlRV2E0M3FXYmRhX0NRWC1ybEt6bERuTThXNUdaS05WZGgxMjRaalJZSHE5Mm1XT3p3ZkcwbTU4X1ljNzZ4WVFaeWp6WHdXcG9tTldkUldDRWNuRkkySU9uM002ZElKVUZsUFVIaVMzZExuWDNrdnlwX2c2RDlXdHJRLW95ZzBGWXRRem1LZ0c4UmNCb0pKNGJQSS1EbFVILVRKN2Nlam84OXFIR1B2aG83Ulo4TGZSNkttOVZsVXF5NENTWlA5S1NxNkhUWDVwSldqWnBkQ1BocWRhbFlLaS11cjVhNW5sLXd5dE4waHRoR3dUYUtIcUxSWVdRaWhDRXo4OFFKQ3I2ajRQR2wwR0gwWDZNZVhRWUhvLUI0bEI1QlpWTTAydTdrMUNabUtJSUgxMVFMeTJ4aTNiWXJ5UEpBQmFMcHF5Nld1WWYxWDJEM3Q3YTJQbzZGenFfOC1yRF9mdWZUaTdQUzZmak5XYmRXWlIybE0wZVZtTUJxNWZYR2pVSkhsOGh5a1d3c2RaVjFycjNlRGF5S0Rsdnk5TUZFNkRjMSZsb2dpbl9oaW50PXBhdWwuaGVpc3MlNDBvbmNvci5jb20mZXN0c2ZlZD0xJnVhaWQ9NTIyZjIyZWU5Yjk1YjBkNTZhMDNhZmEzMDk5YmZhYjcmY29icmFuZGlkPWRlYjNmNzRhLWVkNWItNGVmMS04ZDNjLTkyYjg1ZGQ0NzM1MiZmY2k9MDAwMDAwMDItMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwIw== CertificateIssuerMicrosoft Corporation Subjectidentitycdn.msauth.net FingerprintAF:EB:E8:D6:8A:D6:D5:DF:17:8C:0E:CB:4E:EA:B9:23:51:37:24:F6 ValidityThu, 02 Nov 2023 23:14:23 GMT - Sun, 27 Oct 2024 23:14:23 GMT
File typeJavaScript source, ASCII text, with very long lines (65470) Size227 kB (226968 bytes) Hash47d71dd4ffac5398ba3755b2254a3240 6cc4345699a7c93ebc5feaa6a9f038b009084057 255874c4c3b796c4f5da10b736c043847be2b3bfa47c662bf49ff9e7f0f4ca0c
GET /shared/5/js/login_en_R9cd1P-sU5i6N1WyJUoyQA2.js HTTP/1.1
Host: logincdn.msftauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://legacywhf.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 622958
cache-control: public, max-age=31536000
content-md5: vBPgx2sY8h1TASssZ18Z9Q==
content-type: application/x-javascript
date: Tue, 16 Apr 2024 18:14:44 GMT
etag: 0x8DC53D47ED187E6
last-modified: Wed, 03 Apr 2024 11:52:10 GMT
server: ECAcc (ska/F79C)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 4d1c1dba-c01e-0097-1f7f-8a6c5f000000
x-ms-version: 2009-09-19
content-length: 226968
X-Firefox-Spdy: h2
|
|
| logincdn.msftauth.net/shared/5/chunks/oneds-analytics-js_54b1724af1b05e2ba3db_en.js | 192.229.221.185 | 200 OK | 33 kB |
URL GET HTTP/2logincdn.msftauth.net/shared/5/chunks/oneds-analytics-js_54b1724af1b05e2ba3db_en.js IP192.229.221.185:443
Requested byhttps://legacywhf.com/?khwxgq2e6=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/c2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwrb2ZmbGluZV9hY2Nlc3MmcmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD01MTQ4MzM0Mi0wODVjLTRkODYtYmY4OC1jZjUwYzcyNTIwNzgmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3QmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmbG9naW4ubWljcm9zb2Z0b25saW5lLmNvbSUyZmNvbW1vbiUyZmZlZGVyYXRpb24lMmZvYXV0aDJtc2Emc3RhdGU9clFRSUFSQUFqVkU5YUJOeEhNMF9sNTVOYlcwcDdzTGhWTDBrOTVWY0lnVnp6WGViWEd2NllTTnkzbWZ1MHN2OXJfZVZwS1dyQ29LMGdnanRwbHNYaTR0U1FSekZxWXRMUVhBc0hZbzRGWEV3cVl1YnZ1SHg0TUh2OTNodkNpRmlST1o2NGc5SWZNQjRRdE1JWEZZSDZpODRreU1UWjFqOHp2TzlMd2N0NVBXcjZON1B0N3NnS3BoR29NWmsyTjRIMTNUUHM5MU1QQTU5ejRSd0xRWTF6WkF2ekRqc2lQRjNBQndCY0FMQXNfQlZXX1RObUs0YXJuc2JXakowTGk2RVUwbUtwZGstRWl6RnNDUkpKSm1Zck5McHRKaEs0eEl0a1RpZEZrbWNUU3I5YkVrcFNUS3NxdENNZEJ3ZTU3Ty1wNU1EZ282eG9mNElSelhvdEFVYnV0NHU4aFRrVmowdTU1YWItV3lPQzl4bHV1bFhTQ2dISE00dDVNeUNVZV9wdGtNTG1sSmZhZmlRV2E0M3FXYmRhX0NRWC1ybEt6bERuTThXNUdaS05WZGgxMjRaalJZSHE5Mm1XT3p3ZkcwbTU4X1ljNzZ4WVFaeWp6WHdXcG9tTldkUldDRWNuRkkySU9uM002ZElKVUZsUFVIaVMzZExuWDNrdnlwX2c2RDlXdHJRLW95ZzBGWXRRem1LZ0c4UmNCb0pKNGJQSS1EbFVILVRKN2Nlam84OXFIR1B2aG83Ulo4TGZSNkttOVZsVXF5NENTWlA5S1NxNkhUWDVwSldqWnBkQ1BocWRhbFlLaS11cjVhNW5sLXd5dE4waHRoR3dUYUtIcUxSWVdRaWhDRXo4OFFKQ3I2ajRQR2wwR0gwWDZNZVhRWUhvLUI0bEI1QlpWTTAydTdrMUNabUtJSUgxMVFMeTJ4aTNiWXJ5UEpBQmFMcHF5Nld1WWYxWDJEM3Q3YTJQbzZGenFfOC1yRF9mdWZUaTdQUzZmak5XYmRXWlIybE0wZVZtTUJxNWZYR2pVSkhsOGh5a1d3c2RaVjFycjNlRGF5S0Rsdnk5TUZFNkRjMSZsb2dpbl9oaW50PXBhdWwuaGVpc3MlNDBvbmNvci5jb20mZXN0c2ZlZD0xJnVhaWQ9NTIyZjIyZWU5Yjk1YjBkNTZhMDNhZmEzMDk5YmZhYjcmY29icmFuZGlkPWRlYjNmNzRhLWVkNWItNGVmMS04ZDNjLTkyYjg1ZGQ0NzM1MiZmY2k9MDAwMDAwMDItMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwIw== CertificateIssuerMicrosoft Corporation Subjectidentitycdn.msauth.net FingerprintAF:EB:E8:D6:8A:D6:D5:DF:17:8C:0E:CB:4E:EA:B9:23:51:37:24:F6 ValidityThu, 02 Nov 2023 23:14:23 GMT - Sun, 27 Oct 2024 23:14:23 GMT
File typeJavaScript source, ASCII text, with very long lines (65436) Hashd390aa6a6d257834d807d8e7ddc90968 6a6efd105dbbeb099d25998a38875808d83af5c8 d755d7ce744425dee51a3bd8cba9b2a789d96c584c9958082b557feb70f226d9
GET /shared/5/chunks/oneds-analytics-js_54b1724af1b05e2ba3db_en.js HTTP/1.1
Host: logincdn.msftauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://legacywhf.com/
Origin: https://legacywhf.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 1210067
cache-control: public, max-age=31536000
content-md5: Hlt2WzLF9llz2DXp7j6/IA==
content-type: application/x-javascript
date: Tue, 16 Apr 2024 18:14:45 GMT
etag: 0x8DC5057934D08E4
last-modified: Sat, 30 Mar 2024 01:20:24 GMT
server: ECAcc (ska/F799)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 41d13ae9-201e-0021-5b28-85e017000000
x-ms-version: 2009-09-19
content-length: 32821
X-Firefox-Spdy: h2
|
|
| logincdn.msftauth.net/shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg | 192.229.221.185 | 200 OK | 1.4 kB |
URL GET HTTP/2logincdn.msftauth.net/shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg IP192.229.221.185:443
Requested byhttps://legacywhf.com/?khwxgq2e6=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/c2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwrb2ZmbGluZV9hY2Nlc3MmcmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD01MTQ4MzM0Mi0wODVjLTRkODYtYmY4OC1jZjUwYzcyNTIwNzgmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3QmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmbG9naW4ubWljcm9zb2Z0b25saW5lLmNvbSUyZmNvbW1vbiUyZmZlZGVyYXRpb24lMmZvYXV0aDJtc2Emc3RhdGU9clFRSUFSQUFqVkU5YUJOeEhNMF9sNTVOYlcwcDdzTGhWTDBrOTVWY0lnVnp6WGViWEd2NllTTnkzbWZ1MHN2OXJfZVZwS1dyQ29LMGdnanRwbHNYaTR0U1FSekZxWXRMUVhBc0hZbzRGWEV3cVl1YnZ1SHg0TUh2OTNodkNpRmlST1o2NGc5SWZNQjRRdE1JWEZZSDZpODRreU1UWjFqOHp2TzlMd2N0NVBXcjZON1B0N3NnS3BoR29NWmsyTjRIMTNUUHM5MU1QQTU5ejRSd0xRWTF6WkF2ekRqc2lQRjNBQndCY0FMQXNfQlZXX1RObUs0YXJuc2JXakowTGk2RVUwbUtwZGstRWl6RnNDUkpKSm1Zck5McHRKaEs0eEl0a1RpZEZrbWNUU3I5YkVrcFNUS3NxdENNZEJ3ZTU3Ty1wNU1EZ282eG9mNElSelhvdEFVYnV0NHU4aFRrVmowdTU1YWItV3lPQzl4bHV1bFhTQ2dISE00dDVNeUNVZV9wdGtNTG1sSmZhZmlRV2E0M3FXYmRhX0NRWC1ybEt6bERuTThXNUdaS05WZGgxMjRaalJZSHE5Mm1XT3p3ZkcwbTU4X1ljNzZ4WVFaeWp6WHdXcG9tTldkUldDRWNuRkkySU9uM002ZElKVUZsUFVIaVMzZExuWDNrdnlwX2c2RDlXdHJRLW95ZzBGWXRRem1LZ0c4UmNCb0pKNGJQSS1EbFVILVRKN2Nlam84OXFIR1B2aG83Ulo4TGZSNkttOVZsVXF5NENTWlA5S1NxNkhUWDVwSldqWnBkQ1BocWRhbFlLaS11cjVhNW5sLXd5dE4waHRoR3dUYUtIcUxSWVdRaWhDRXo4OFFKQ3I2ajRQR2wwR0gwWDZNZVhRWUhvLUI0bEI1QlpWTTAydTdrMUNabUtJSUgxMVFMeTJ4aTNiWXJ5UEpBQmFMcHF5Nld1WWYxWDJEM3Q3YTJQbzZGenFfOC1yRF9mdWZUaTdQUzZmak5XYmRXWlIybE0wZVZtTUJxNWZYR2pVSkhsOGh5a1d3c2RaVjFycjNlRGF5S0Rsdnk5TUZFNkRjMSZsb2dpbl9oaW50PXBhdWwuaGVpc3MlNDBvbmNvci5jb20mZXN0c2ZlZD0xJnVhaWQ9NTIyZjIyZWU5Yjk1YjBkNTZhMDNhZmEzMDk5YmZhYjcmY29icmFuZGlkPWRlYjNmNzRhLWVkNWItNGVmMS04ZDNjLTkyYjg1ZGQ0NzM1MiZmY2k9MDAwMDAwMDItMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwIw== CertificateIssuerMicrosoft Corporation Subjectidentitycdn.msauth.net FingerprintAF:EB:E8:D6:8A:D6:D5:DF:17:8C:0E:CB:4E:EA:B9:23:51:37:24:F6 ValidityThu, 02 Nov 2023 23:14:23 GMT - Sun, 27 Oct 2024 23:14:23 GMT
File typeSVG Scalable Vector Graphics image Hashee5c8d9fb6248c938fd0dc19370e90bd d01a22720918b781338b5bbf9202b241a5f99ee4 04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1
Host: logincdn.msftauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://legacywhf.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 1958187
cache-control: public, max-age=31536000
content-md5: nzaLxFgP7ZB3dfMcaybWzw==
content-type: image/svg+xml
date: Tue, 16 Apr 2024 18:14:45 GMT
etag: 0x8DB77257FFE6B4E
last-modified: Tue, 27 Jun 2023 15:45:14 GMT
server: ECAcc (ska/F6EE)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 0cd422c0-a01e-0081-675a-7e2671000000
x-ms-version: 2009-09-19
content-length: 1435
X-Firefox-Spdy: h2
|
|
| legacywhf.com/?khwxgq2e6=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1wYXVsLmhlaXNzJTQwb25jb3IuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTUyMmYyMmVlLTliOTUtYjBkNS02YTAzLWFmYTMwOTliZmFiNyZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg0ODg4ODA4MzU4MjIxNjUuY2U0OTlhNzktYjRiMi00OWEyLTg2ZDAtMDZiNjI1OGVkNDViJnN0YXRlPURZdEJEc0lnRUFEQnZzVjRndUoyb2N2Qi1CUURsRmlTeWhwcjRfZmRTV1p1bzVWU2czZ1N0Wk9vT1V5RUpEaWFQQUZjZzdlbFlveHBqaVpqQm9NeGdhR3dPT05DRHVDcEx1aXpsdmN5OGktTjk0MmZyVF9XMXItM2R6bzJ1OWEyNzJkMDNBdF9iT0hYSHc= | 5.230.40.9 | 302 Found | 29 kB |
URL GET HTTP/1.1legacywhf.com/?khwxgq2e6=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1wYXVsLmhlaXNzJTQwb25jb3IuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTUyMmYyMmVlLTliOTUtYjBkNS02YTAzLWFmYTMwOTliZmFiNyZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg0ODg4ODA4MzU4MjIxNjUuY2U0OTlhNzktYjRiMi00OWEyLTg2ZDAtMDZiNjI1OGVkNDViJnN0YXRlPURZdEJEc0lnRUFEQnZzVjRndUoyb2N2Qi1CUURsRmlTeWhwcjRfZmRTV1p1bzVWU2czZ1N0Wk9vT1V5RUpEaWFQQUZjZzdlbFlveHBqaVpqQm9NeGdhR3dPT05DRHVDcEx1aXpsdmN5OGktTjk0MmZyVF9XMXItM2R6bzJ1OWEyNzJkMDNBdF9iT0hYSHc= IP5.230.40.9:443
Requested byhttps://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=paul.heiss@oncor.com CertificateIssuerLet's Encrypt Subjectlegacywhf.com FingerprintDC:C3:92:81:63:DF:55:02:58:A9:B6:8A:44:A6:99:69:5D:F7:BB:07 ValidityFri, 12 Apr 2024 13:09:49 GMT - Thu, 11 Jul 2024 13:09:48 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Microsoft Outlook |
GET /?khwxgq2e6=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1wYXVsLmhlaXNzJTQwb25jb3IuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTUyMmYyMmVlLTliOTUtYjBkNS02YTAzLWFmYTMwOTliZmFiNyZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg0ODg4ODA4MzU4MjIxNjUuY2U0OTlhNzktYjRiMi00OWEyLTg2ZDAtMDZiNjI1OGVkNDViJnN0YXRlPURZdEJEc0lnRUFEQnZzVjRndUoyb2N2Qi1CUURsRmlTeWhwcjRfZmRTV1p1bzVWU2czZ1N0Wk9vT1V5RUpEaWFQQUZjZzdlbFlveHBqaVpqQm9NeGdhR3dPT05DRHVDcEx1aXpsdmN5OGktTjk0MmZyVF9XMXItM2R6bzJ1OWEyNzJkMDNBdF9iT0hYSHc= HTTP/1.1
Host: legacywhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=JZQsazSTMdqM; qPdM.sig=EHfAgidMx0vrJjN6lWAQkqNegG0; ClientId=D03562DBE8A147E7B1DF3258852ED31C; OIDC=1; OpenIdConnect.nonce.v3.PRvro1gjkp8SGS5Ox6XsTxDg6vq4tP_tE4rku7l9B-U=638488880835822165.ce499a79-b4b2-49a2-86d0-06b6258ed45b; X-OWA-RedirectHistory=ArLym14BVYJBF0Fe3Ag
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Location: https://legacywhf.com/?khwxgq2e6=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/c2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwrb2ZmbGluZV9hY2Nlc3MmcmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD01MTQ4MzM0Mi0wODVjLTRkODYtYmY4OC1jZjUwYzcyNTIwNzgmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3QmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmbG9naW4ubWljcm9zb2Z0b25saW5lLmNvbSUyZmNvbW1vbiUyZmZlZGVyYXRpb24lMmZvYXV0aDJtc2Emc3RhdGU9clFRSUFSQUFqVkU5YUJOeEhNMF9sNTVOYlcwcDdzTGhWTDBrOTVWY0lnVnp6WGViWEd2NllTTnkzbWZ1MHN2OXJfZVZwS1dyQ29LMGdnanRwbHNYaTR0U1FSekZxWXRMUVhBc0hZbzRGWEV3cVl1YnZ1SHg0TUh2OTNodkNpRmlST1o2NGc5SWZNQjRRdE1JWEZZSDZpODRreU1UWjFqOHp2TzlMd2N0NVBXcjZON1B0N3NnS3BoR29NWmsyTjRIMTNUUHM5MU1QQTU5ejRSd0xRWTF6WkF2ekRqc2lQRjNBQndCY0FMQXNfQlZXX1RObUs0YXJuc2JXakowTGk2RVUwbUtwZGstRWl6RnNDUkpKSm1Zck5McHRKaEs0eEl0a1RpZEZrbWNUU3I5YkVrcFNUS3NxdENNZEJ3ZTU3Ty1wNU1EZ282eG9mNElSelhvdEFVYnV0NHU4aFRrVmowdTU1YWItV3lPQzl4bHV1bFhTQ2dISE00dDVNeUNVZV9wdGtNTG1sSmZhZmlRV2E0M3FXYmRhX0NRWC1ybEt6bERuTThXNUdaS05WZGgxMjRaalJZSHE5Mm1XT3p3ZkcwbTU4X1ljNzZ4WVFaeWp6WHdXcG9tTldkUldDRWNuRkkySU9uM002ZElKVUZsUFVIaVMzZExuWDNrdnlwX2c2RDlXdHJRLW95ZzBGWXRRem1LZ0c4UmNCb0pKNGJQSS1EbFVILVRKN2Nlam84OXFIR1B2aG83Ulo4TGZSNkttOVZsVXF5NENTWlA5S1NxNkhUWDVwSldqWnBkQ1BocWRhbFlLaS11cjVhNW5sLXd5dE4waHRoR3dUYUtIcUxSWVdRaWhDRXo4OFFKQ3I2ajRQR2wwR0gwWDZNZVhRWUhvLUI0bEI1QlpWTTAydTdrMUNabUtJSUgxMVFMeTJ4aTNiWXJ5UEpBQmFMcHF5Nld1WWYxWDJEM3Q3YTJQbzZGenFfOC1yRF9mdWZUaTdQUzZmak5XYmRXWlIybE0wZVZtTUJxNWZYR2pVSkhsOGh5a1d3c2RaVjFycjNlRGF5S0Rsdnk5TUZFNkRjMSZsb2dpbl9oaW50PXBhdWwuaGVpc3MlNDBvbmNvci5jb20mZXN0c2ZlZD0xJnVhaWQ9NTIyZjIyZWU5Yjk1YjBkNTZhMDNhZmEzMDk5YmZhYjcmY29icmFuZGlkPWRlYjNmNzRhLWVkNWItNGVmMS04ZDNjLTkyYjg1ZGQ0NzM1MiZmY2k9MDAwMDAwMDItMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwIw==
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 0f863b8b-600d-424e-87dd-699147754200
x-ms-ests-server: 2.1.17750.6 - EUS ProdSlices
x-ms-srs: 1.P
Referrer-Policy: strict-origin-when-cross-origin
Set-Cookie: buid=0.AQ0AMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8BnAXYtz8wbYdediZwS3LwxY45uSLNOHka89DTleh8L6AnEU2smOBxCrmGZPt6ZQubdh_IYWjK6Rdn9sZw1WOUpaJ64cSKUFcYYCeZZUXnEAgAA; expires=Thu, 16-May-2024 18:14:43 GMT; path=/; secure; HttpOnly; SameSite=None
esctx-w58J60dOFYE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8-pK4lGiw0F1yOxUi3L1tHhkGN6ShjlNkBerFQ4rgp_YH8RNiuTq8wZ_T0N0jrTJzDDhobAK10IsCQEyKjuwZTHDIRGbaE4OOiyMEdw5IG52BEd8okrSaaniP0_Vsv8UbOZrDaNT_cGzHNmOMiSQ6oCAA; domain=legacywhf.com; path=/; secure; HttpOnly; SameSite=None
fpc=AtuAy-QcRxVCtiLDHUMphBCerOTJAQAAABO3sN0OAAAA; expires=Thu, 16-May-2024 18:14:43 GMT; path=/; secure; HttpOnly; SameSite=None
esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8OS0EkWeLCAAU-T__kgbbY_dkbafpySRq7nJgNcghxyIlH8aXcBGKPXz0nW_mraDgVKu5slF9SmoFoUK8jPvLHV3wete_T1zGdXpfHU-cpOnj3xuuLID7rfMc46ILc_lnhIwXglyekGQVl5vnwWQTe6J3anvE2qWrs01yqGI9gYQgAA; domain=legacywhf.com; path=/; secure; HttpOnly; SameSite=None
cltm=CgAQABoAIgQIDBAF; domain=legacywhf.com; path=/; secure; HttpOnly; SameSite=None
x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
stsservicecookie=estsfd; path=/; secure; samesite=none; httponly
Date: Tue, 16 Apr 2024 18:14:43 GMT
Connection: close
content-length: 1902
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|
| legacywhf.com/?qrc=paul.heiss%40oncor.com | 5.230.40.9 | 302 Moved Temporarily | 29 kB |
URL GET HTTP/1.1legacywhf.com/?qrc=paul.heiss%40oncor.com IP5.230.40.9:443
Requested byhttps://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=paul.heiss@oncor.com CertificateIssuerLet's Encrypt Subjectlegacywhf.com FingerprintDC:C3:92:81:63:DF:55:02:58:A9:B6:8A:44:A6:99:69:5D:F7:BB:07 ValidityFri, 12 Apr 2024 13:09:49 GMT - Thu, 11 Jul 2024 13:09:48 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Microsoft Outlook |
GET /?qrc=paul.heiss%40oncor.com HTTP/1.1
Host: legacywhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=JZQsazSTMdqM; qPdM.sig=EHfAgidMx0vrJjN6lWAQkqNegG0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache
Pragma: no-cache
Location: https://legacywhf.com/owa/?login_hint=paul.heiss%40oncor.com
Server: Microsoft-IIS/10.0
request-id: 20b8e5bb-faa7-edc0-2c78-92086901bfa2
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-FEServer: FR4P281CA0152, FR4P281CA0152
X-RequestId: 11b1ced0-ab49-4029-826a-3f380459cdb2
X-FEProxyInfo: FR4P281CA0152.DEUP281.PROD.OUTLOOK.COM
X-FEEFZInfo: FRA
MS-CV: u+W4IKf6wO0seJIIaQG/og.0
X-Powered-By: ASP.NET
Date: Tue, 16 Apr 2024 18:14:42 GMT
Connection: close
Content-Length: 0
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|
| legacywhf.com/?khwxgq2e6=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/c2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwrb2ZmbGluZV9hY2Nlc3MmcmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD01MTQ4MzM0Mi0wODVjLTRkODYtYmY4OC1jZjUwYzcyNTIwNzgmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3QmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmbG9naW4ubWljcm9zb2Z0b25saW5lLmNvbSUyZmNvbW1vbiUyZmZlZGVyYXRpb24lMmZvYXV0aDJtc2Emc3RhdGU9clFRSUFSQUFqVkU5YUJOeEhNMF9sNTVOYlcwcDdzTGhWTDBrOTVWY0lnVnp6WGViWEd2NllTTnkzbWZ1MHN2OXJfZVZwS1dyQ29LMGdnanRwbHNYaTR0U1FSekZxWXRMUVhBc0hZbzRGWEV3cVl1YnZ1SHg0TUh2OTNodkNpRmlST1o2NGc5SWZNQjRRdE1JWEZZSDZpODRreU1UWjFqOHp2TzlMd2N0NVBXcjZON1B0N3NnS3BoR29NWmsyTjRIMTNUUHM5MU1QQTU5ejRSd0xRWTF6WkF2ekRqc2lQRjNBQndCY0FMQXNfQlZXX1RObUs0YXJuc2JXakowTGk2RVUwbUtwZGstRWl6RnNDUkpKSm1Zck5McHRKaEs0eEl0a1RpZEZrbWNUU3I5YkVrcFNUS3NxdENNZEJ3ZTU3Ty1wNU1EZ282eG9mNElSelhvdEFVYnV0NHU4aFRrVmowdTU1YWItV3lPQzl4bHV1bFhTQ2dISE00dDVNeUNVZV9wdGtNTG1sSmZhZmlRV2E0M3FXYmRhX0NRWC1ybEt6bERuTThXNUdaS05WZGgxMjRaalJZSHE5Mm1XT3p3ZkcwbTU4X1ljNzZ4WVFaeWp6WHdXcG9tTldkUldDRWNuRkkySU9uM002ZElKVUZsUFVIaVMzZExuWDNrdnlwX2c2RDlXdHJRLW95ZzBGWXRRem1LZ0c4UmNCb0pKNGJQSS1EbFVILVRKN2Nlam84OXFIR1B2aG83Ulo4TGZSNkttOVZsVXF5NENTWlA5S1NxNkhUWDVwSldqWnBkQ1BocWRhbFlLaS11cjVhNW5sLXd5dE4waHRoR3dUYUtIcUxSWVdRaWhDRXo4OFFKQ3I2ajRQR2wwR0gwWDZNZVhRWUhvLUI0bEI1QlpWTTAydTdrMUNabUtJSUgxMVFMeTJ4aTNiWXJ5UEpBQmFMcHF5Nld1WWYxWDJEM3Q3YTJQbzZGenFfOC1yRF9mdWZUaTdQUzZmak5XYmRXWlIybE0wZVZtTUJxNWZYR2pVSkhsOGh5a1d3c2RaVjFycjNlRGF5S0Rsdnk5TUZFNkRjMSZsb2dpbl9oaW50PXBhdWwuaGVpc3MlNDBvbmNvci5jb20mZXN0c2ZlZD0xJnVhaWQ9NTIyZjIyZWU5Yjk1YjBkNTZhMDNhZmEzMDk5YmZhYjcmY29icmFuZGlkPWRlYjNmNzRhLWVkNWItNGVmMS04ZDNjLTkyYjg1ZGQ0NzM1MiZmY2k9MDAwMDAwMDItMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwIw== | 5.230.40.9 | 200 OK | 29 kB |
URL GET HTTP/1.1legacywhf.com/?khwxgq2e6=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/c2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwrb2ZmbGluZV9hY2Nlc3MmcmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD01MTQ4MzM0Mi0wODVjLTRkODYtYmY4OC1jZjUwYzcyNTIwNzgmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3QmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmbG9naW4ubWljcm9zb2Z0b25saW5lLmNvbSUyZmNvbW1vbiUyZmZlZGVyYXRpb24lMmZvYXV0aDJtc2Emc3RhdGU9clFRSUFSQUFqVkU5YUJOeEhNMF9sNTVOYlcwcDdzTGhWTDBrOTVWY0lnVnp6WGViWEd2NllTTnkzbWZ1MHN2OXJfZVZwS1dyQ29LMGdnanRwbHNYaTR0U1FSekZxWXRMUVhBc0hZbzRGWEV3cVl1YnZ1SHg0TUh2OTNodkNpRmlST1o2NGc5SWZNQjRRdE1JWEZZSDZpODRreU1UWjFqOHp2TzlMd2N0NVBXcjZON1B0N3NnS3BoR29NWmsyTjRIMTNUUHM5MU1QQTU5ejRSd0xRWTF6WkF2ekRqc2lQRjNBQndCY0FMQXNfQlZXX1RObUs0YXJuc2JXakowTGk2RVUwbUtwZGstRWl6RnNDUkpKSm1Zck5McHRKaEs0eEl0a1RpZEZrbWNUU3I5YkVrcFNUS3NxdENNZEJ3ZTU3Ty1wNU1EZ282eG9mNElSelhvdEFVYnV0NHU4aFRrVmowdTU1YWItV3lPQzl4bHV1bFhTQ2dISE00dDVNeUNVZV9wdGtNTG1sSmZhZmlRV2E0M3FXYmRhX0NRWC1ybEt6bERuTThXNUdaS05WZGgxMjRaalJZSHE5Mm1XT3p3ZkcwbTU4X1ljNzZ4WVFaeWp6WHdXcG9tTldkUldDRWNuRkkySU9uM002ZElKVUZsUFVIaVMzZExuWDNrdnlwX2c2RDlXdHJRLW95ZzBGWXRRem1LZ0c4UmNCb0pKNGJQSS1EbFVILVRKN2Nlam84OXFIR1B2aG83Ulo4TGZSNkttOVZsVXF5NENTWlA5S1NxNkhUWDVwSldqWnBkQ1BocWRhbFlLaS11cjVhNW5sLXd5dE4waHRoR3dUYUtIcUxSWVdRaWhDRXo4OFFKQ3I2ajRQR2wwR0gwWDZNZVhRWUhvLUI0bEI1QlpWTTAydTdrMUNabUtJSUgxMVFMeTJ4aTNiWXJ5UEpBQmFMcHF5Nld1WWYxWDJEM3Q3YTJQbzZGenFfOC1yRF9mdWZUaTdQUzZmak5XYmRXWlIybE0wZVZtTUJxNWZYR2pVSkhsOGh5a1d3c2RaVjFycjNlRGF5S0Rsdnk5TUZFNkRjMSZsb2dpbl9oaW50PXBhdWwuaGVpc3MlNDBvbmNvci5jb20mZXN0c2ZlZD0xJnVhaWQ9NTIyZjIyZWU5Yjk1YjBkNTZhMDNhZmEzMDk5YmZhYjcmY29icmFuZGlkPWRlYjNmNzRhLWVkNWItNGVmMS04ZDNjLTkyYjg1ZGQ0NzM1MiZmY2k9MDAwMDAwMDItMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwIw== IP5.230.40.9:443
Requested byhttps://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=paul.heiss@oncor.com CertificateIssuerLet's Encrypt Subjectlegacywhf.com FingerprintDC:C3:92:81:63:DF:55:02:58:A9:B6:8A:44:A6:99:69:5D:F7:BB:07 ValidityFri, 12 Apr 2024 13:09:49 GMT - Thu, 11 Jul 2024 13:09:48 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Microsoft Outlook |
GET /?khwxgq2e6=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/c2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwrb2ZmbGluZV9hY2Nlc3MmcmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD01MTQ4MzM0Mi0wODVjLTRkODYtYmY4OC1jZjUwYzcyNTIwNzgmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3QmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmbG9naW4ubWljcm9zb2Z0b25saW5lLmNvbSUyZmNvbW1vbiUyZmZlZGVyYXRpb24lMmZvYXV0aDJtc2Emc3RhdGU9clFRSUFSQUFqVkU5YUJOeEhNMF9sNTVOYlcwcDdzTGhWTDBrOTVWY0lnVnp6WGViWEd2NllTTnkzbWZ1MHN2OXJfZVZwS1dyQ29LMGdnanRwbHNYaTR0U1FSekZxWXRMUVhBc0hZbzRGWEV3cVl1YnZ1SHg0TUh2OTNodkNpRmlST1o2NGc5SWZNQjRRdE1JWEZZSDZpODRreU1UWjFqOHp2TzlMd2N0NVBXcjZON1B0N3NnS3BoR29NWmsyTjRIMTNUUHM5MU1QQTU5ejRSd0xRWTF6WkF2ekRqc2lQRjNBQndCY0FMQXNfQlZXX1RObUs0YXJuc2JXakowTGk2RVUwbUtwZGstRWl6RnNDUkpKSm1Zck5McHRKaEs0eEl0a1RpZEZrbWNUU3I5YkVrcFNUS3NxdENNZEJ3ZTU3Ty1wNU1EZ282eG9mNElSelhvdEFVYnV0NHU4aFRrVmowdTU1YWItV3lPQzl4bHV1bFhTQ2dISE00dDVNeUNVZV9wdGtNTG1sSmZhZmlRV2E0M3FXYmRhX0NRWC1ybEt6bERuTThXNUdaS05WZGgxMjRaalJZSHE5Mm1XT3p3ZkcwbTU4X1ljNzZ4WVFaeWp6WHdXcG9tTldkUldDRWNuRkkySU9uM002ZElKVUZsUFVIaVMzZExuWDNrdnlwX2c2RDlXdHJRLW95ZzBGWXRRem1LZ0c4UmNCb0pKNGJQSS1EbFVILVRKN2Nlam84OXFIR1B2aG83Ulo4TGZSNkttOVZsVXF5NENTWlA5S1NxNkhUWDVwSldqWnBkQ1BocWRhbFlLaS11cjVhNW5sLXd5dE4waHRoR3dUYUtIcUxSWVdRaWhDRXo4OFFKQ3I2ajRQR2wwR0gwWDZNZVhRWUhvLUI0bEI1QlpWTTAydTdrMUNabUtJSUgxMVFMeTJ4aTNiWXJ5UEpBQmFMcHF5Nld1WWYxWDJEM3Q3YTJQbzZGenFfOC1yRF9mdWZUaTdQUzZmak5XYmRXWlIybE0wZVZtTUJxNWZYR2pVSkhsOGh5a1d3c2RaVjFycjNlRGF5S0Rsdnk5TUZFNkRjMSZsb2dpbl9oaW50PXBhdWwuaGVpc3MlNDBvbmNvci5jb20mZXN0c2ZlZD0xJnVhaWQ9NTIyZjIyZWU5Yjk1YjBkNTZhMDNhZmEzMDk5YmZhYjcmY29icmFuZGlkPWRlYjNmNzRhLWVkNWItNGVmMS04ZDNjLTkyYjg1ZGQ0NzM1MiZmY2k9MDAwMDAwMDItMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwIw== HTTP/1.1
Host: legacywhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=JZQsazSTMdqM; qPdM.sig=EHfAgidMx0vrJjN6lWAQkqNegG0; ClientId=D03562DBE8A147E7B1DF3258852ED31C; OIDC=1; OpenIdConnect.nonce.v3.PRvro1gjkp8SGS5Ox6XsTxDg6vq4tP_tE4rku7l9B-U=638488880835822165.ce499a79-b4b2-49a2-86d0-06b6258ed45b; X-OWA-RedirectHistory=ArLym14BVYJBF0Fe3Ag; buid=0.AQ0AMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8BnAXYtz8wbYdediZwS3LwxY45uSLNOHka89DTleh8L6AnEU2smOBxCrmGZPt6ZQubdh_IYWjK6Rdn9sZw1WOUpaJ64cSKUFcYYCeZZUXnEAgAA; esctx-w58J60dOFYE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8-pK4lGiw0F1yOxUi3L1tHhkGN6ShjlNkBerFQ4rgp_YH8RNiuTq8wZ_T0N0jrTJzDDhobAK10IsCQEyKjuwZTHDIRGbaE4OOiyMEdw5IG52BEd8okrSaaniP0_Vsv8UbOZrDaNT_cGzHNmOMiSQ6oCAA; fpc=AtuAy-QcRxVCtiLDHUMphBCerOTJAQAAABO3sN0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8OS0EkWeLCAAU-T__kgbbY_dkbafpySRq7nJgNcghxyIlH8aXcBGKPXz0nW_mraDgVKu5slF9SmoFoUK8jPvLHV3wete_T1zGdXpfHU-cpOnj3xuuLID7rfMc46ILc_lnhIwXglyekGQVl5vnwWQTe6J3anvE2qWrs01yqGI9gYQgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: Tue, 16 Apr 2024 18:13:44 GMT
Vary: Accept-Encoding
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Link: <https://logincdn.msftauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msftauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msauth.net/>; rel=dns-prefetch, <https://acctcdn.msftauth.net/>; rel=dns-prefetch, <https://acctcdnmsftuswe2.azureedge.net/>; rel=dns-prefetch, <https://acctcdnvzeuno.azureedge.net/>; rel=dns-prefetch, <https://logincdn.msauth.net/>; rel=dns-prefetch, <https://logincdn.msftauth.net/>; rel=dns-prefetch, <https://lgincdnvzeuno.azureedge.net/>; rel=dns-prefetch, <https://lgincdnmsftuswe2.azureedge.net/>; rel=dns-prefetch
FdrTelemetry: &481=1001&59=5&213=293577&215=-2147217396&315=1&256=-2147217399&481=1001&215=-2147217396&315=1&214=15216&288=16.0.30171.7
Referrer-Policy: strict-origin-when-cross-origin
x-ms-route-info: C504_SN1
x-ms-request-id: a8d93014-e75b-47d2-a5c8-353ed96fb475
PPServer: PPV: 30 H: SN1PEPF0002F03C V: 0
Strict-Transport-Security: max-age=31536000
Set-Cookie: MSPRequ=id=N<=1713291284&co=1; domain=legacywhf.com; Secure; path=/; SameSite=None; HttpOnly
uaid=522f22ee9b95b0d56a03afa3099bfab7; domain=legacywhf.com; Secure; path=/; SameSite=None; HttpOnly
cltm=; expires=Thu, 30-Oct-1980 16:00:00 GMT; domain=legacywhf.com; Secure; path=/; SameSite=None; HttpOnly
MSCC=5.230.40.9-DE; expires=Sun, 11-May-2025 18:14:44 GMT; domain=legacywhf.com; Secure; path=/; SameSite=None; HttpOnly
MSPOK=$uuid-1f4a54b3-e90d-44f8-a204-c1cf1cd91297; domain=legacywhf.com; Secure; path=/; SameSite=None; HttpOnly
OParams=11O.DjUpaLM4qxEj0*xAkcjFDRT9s3xBrz*yQYCuvk66zRM*xR1y7IiccZ7fT6Xb2ryQDDsm7y7JnbBI*H2ohJf1qFH9TBc5QWR5PZzTqP8WaN!IvjUy5xomANghAkyn9GN6o**TCv669IivMTXaX7TdV0S!Pr3vZ7B9bEsUH3gsjNQFz2yIruQ2OXp0gZIm3rv!6kJ1JT5h5P!j2VCjJD*GsTAe6Yk40PS0mp119lpppgMGg8wd6GqOX!a2u1129c4lYIksPxINHIRTsNXGNWL0rL*lNRrGXu1TRTf2Yhf90rAC7KBErViaLsoDry78U0Yppu8zPsIOZzXrvmkfuNM5k6m*6ZVQ4jX4T81Tgly7Xg9aAuQI3tX7FrosGVDYUGfKxL5oXWFPGjUnhdey1!Yg2bAKr0ufwPvU2rR!gUPbnFjARUdEZ6OlukA0MH4Ty6XJj9mrX*fdcQHfUXs2LOb!ilw7x2i7QXPTMAdF84XqgjRRDxeiZm4Zb8YyKDCiytcRC8fHqKJiNA904TlJo5W6WrLSduE3LaQlFbcl1WEu6hBz7pDiZmx!qgImRNXI85uSJ2LlqW3gyLHkJrB1veM1RDtaNdNe4BCEydw7D8KNBcfiBw*pAm*8RPhbDDTXpfHgKeuCMze!on*6qxrGZ6cpNzUXPIJuytFyhmcNRcgTbSttgPQq6uBfJpQse*sw6F!BVoDQQoPdpVUUXfLd*p79jfQkWhaTbxlSaRtifLgYAG9A!WnNXpa2Gw2oMYA6q!bVfmtqOpWkWICI7BY1NLq5GlNPRVBjGizViQe9sgzbcnPGSDLKlJkLP0H24Z7v4XkukS*FH5llWgcYsTB33RHFmtSsU68N7PtmpmhYwD77KlUFrQVEuwcx93MRr6HKqDfjpeuhhCsakjUdTzJJE19YP*kXGf1a2FTi1TOPRX2D2qP2mwTvDjb1nq0B4F3CqZLvCG0VZfu!hn9NT80r8al5Ue2txfz7sGT2SA13nOXsMfDJKOjIAk5kFXcsA5CB3hwavfP7ic5gYmZedUWUkFR*gwXdUkytrJtXI2nD5MZQ1kjdlTQvatFJ7*Ir!XPGlulmkvavuoKfqzeAOhhEp1F77adItkYuD1rLwMPxruBBFdBnG4qmI5g*U!DHnfbCJIY7Dq2lkzmgjgtyn5X8t0tcDbFciNe68J25xcQipT!0HdmpM*aHWRzqh2juboEYDOlhdeNqAEAOSHdSA3xykBDUg8fvoDoYF8vLS8ZphUv1JDvSmHUaXwYO3xOrgkNKkIFf4zlICWjB6f5gVAtp!UQkPi65Shjp73QKKfxwKXxtcGOpSxlfO0W*VmOZ6euicYh0LJjABMCjDaLWhfgO6StedzkpPUCWhKdrpjyh2dEFG0Yg; domain=legacywhf.com; Secure; path=/; SameSite=None; HttpOnly
Date: Tue, 16 Apr 2024 18:14:43 GMT
Connection: close
content-length: 28697
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|