Report - link.edgepilot.com/s/327e5db0/ZPIts5WNiE6c5rJJW5eBHg?u=https://www.macbryte.com/D/YnNjaHVsemVAYmF5aG91c3Rvbi5jb20=

Report Overview

Submitted URL
link.edgepilot.com/s/327e5db0/ZPIts5WNiE6c5rJJW5eBHg?u=https://www.macbryte.com/D/YnNjaHVsemVAYmF5aG91c3Rvbi5jb20=
IP
199.30.234.133
ASN
#13380 ASN-CUST
Submitted
2024-05-02 15:33:01
Access
public
Website Title
Outlook Web App
Final URL
cloudflare-ipfs.com/ipfs/QmXLaDpQu5XUznCU1BJNT1FFw17ZnxfJ6L5eiCwKfZbCWn/AppIndex.html#bschulze@bayhouston.com
Tags
microsoft phishing outlook
urlquery detections
Phishing - Microsoft
Phishing - Generic phishing
Phishing - Microsoft Outlook

Detections

urlquery
13
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
maxcdn.bootstrapcdn.com	724	2012-05-25	2014-06-18	2024-05-01	485 B	22 kB	104.18.11.207
www.macbryte.com	unknown	2020-06-04	2020-06-08	2020-06-08	543 B	377 B	162.246.56.107
cloudflare-ipfs.com	75147	2018-05-30	2021-01-20	2024-03-15	2.7 kB	497 kB	104.17.96.13
wafsd.com	unknown	2023-09-07	2023-11-29	2024-04-17	1.3 kB	0 B	0.0.0.0
ocsp.entrust.net	1208	1997-07-28	2014-01-10	2024-05-01	328 B	2.0 kB	23.38.202.187
link.edgepilot.com	52195	2009-01-22	2020-08-20	2024-03-20	2.3 kB	5.5 kB	199.30.234.133
code.jquery.com	634	2005-12-10	2012-05-21	2024-05-02	445 B	31 kB	151.101.2.137

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

Scan Date	Severity	Indicator	Alert
2023-05-02	medium	cloudflare-ipfs.com/owa/auth/15.0.1497/themes/resources/segoeui-regular.ttf	Other
2023-05-02	medium	cloudflare-ipfs.com/owa/auth/15.0.1497/themes/resources/segoeui-semilight.ttf	Other
2023-05-02	medium	cloudflare-ipfs.com/ipfs/QmXLaDpQu5XUznCU1BJNT1FFw17ZnxfJ6L5eiCwKfZbCWn/AppIndex.html	Other
2023-05-02	medium	cloudflare-ipfs.com/ipfs/QmXLaDpQu5XUznCU1BJNT1FFw17ZnxfJ6L5eiCwKfZbCWn/AppIndex.html	Other

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (9)

	URL	Size	First Seen	Last Seen
	cloudflare-ipfs.com/ipfs/QmXLaDpQu5XUznCU1BJNT1FFw17ZnxfJ6L5eiCwKfZbCWn/AppIndex.html#bschulze@bayhouston.com	404 kB	2024-05-02	2024-05-02
Pretty URL cloudflare-ipfs.com/ipfs/QmXLaDpQu5XUznCU1BJNT1FFw17ZnxfJ6L5eiCwKfZbCWn/AppIndex.html#bschulze@bayhouston.com IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-02 17:21:15 Last Seen2024-05-02 19:18:53 Times Seen13 Hash 25985bd5b4fe15d11211a0531ce31e98 b513f719591ac828610bde82f30f61e2579056de 4f6d3ee0d21ede849431249cc349ddfe11757200609d2ce4bb1782f81a6e3d95 Loading...

	unknown	31 B	2024-01-19	2024-05-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-19 15:54:51 Last Seen2024-05-02 19:18:53 Times Seen15 Hash 52ba7c53b3c5e52f398f0791cdfc3511 d187447120b2bab0ab044d2f7108ed522b88faf9 a2b38019e4d84386273c2153e17401713a00b444da7b2fc023c2562d6a21d14e Loading...

	unknown	144 B	2024-01-19	2024-05-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-19 15:54:51 Last Seen2024-05-02 19:18:53 Times Seen15 Hash b86c20af41168e6b2499bd3c1e122815 ec425411da56479948db1c69e068e31f5f4c833f 33540a1ee0e497f0cf635e6ca4c1c7e49df15396a1f1b3181acaa3765f680508 Loading...

	unknown	179 B	2024-01-19	2024-05-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-19 15:54:51 Last Seen2024-05-02 19:18:53 Times Seen15 Hash b10d5f358d8599d84e3de0574747804e 8afab108e0ece90968549ff805d1a4048db211c3 c51b81148d87a9477bffd19158fabed6043ff792da3311cd5776cdf3056cd6cc Loading...

	unknown	4.6 kB	2024-05-02	2024-05-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 17:21:15 Last Seen2024-05-02 19:18:53 Times Seen13 Hash 5e0bba65bf9d8d0f74d15b928be6053e a22baf7598a76bfd8d329d9754f884e5ad4d5f68 5ebf1784ed77767a91e728675def846d35772ce61735193aabcbc56566acfff2 Loading...

	unknown	10 kB	2024-01-19	2024-05-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-19 15:54:51 Last Seen2024-05-02 19:18:53 Times Seen15 Hash 6a0534354def4ad8da43f21c87f9b467 be6c84d7dd3f30b397906a297a4fe8ba0d736aaa b37d8e6ac49794bd75757434de38934eb31e64a21c594bf24261cfa39e8963b6 Loading...

	unknown	1.8 kB	2024-01-19	2024-05-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-19 15:54:51 Last Seen2024-05-02 19:18:53 Times Seen15 Hash 7cb5bad3ea88ffc675606a076f1f1161 f349cbcf63836a55435bf4fc853912b2dc6d4cb6 98aeff545d29fb93be0c5274ba8443dfae892564d2bcd0b83b792da33d3a5b75 Loading...

	unknown	1.7 kB	2024-01-19	2024-05-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-19 15:54:51 Last Seen2024-05-02 19:18:53 Times Seen15 Hash ae0b69a20642340e8ed2e60e4b900b9c f78d8c41c23285594b86540167cf2ae2b568954d 976adf5b493e997df460c3718d02f74e92afe0e82fe5cd9f106041aea09d8975 Loading...

		Size	First Seen	Last Seen
	#1 Write - dba31ca148b3bea4b59959ef156d21c8	54 kB	2024-05-02	2024-05-02
Pretty Observations First Seen2024-05-02 17:21:15 Last Seen2024-05-02 19:18:53 Times Seen12 Hash dba31ca148b3bea4b59959ef156d21c8 1e6691e136888391d7db2dbce91cfe04f852ceb7 72a805a80eb614198190911f04638b92634e8d036607db03e5ae0d20cd7145e7 Loading...

HTTP Transactions (15)

URL IP Response Size

ocsp.entrust.net/

23.38.202.187

1.6 kB

URL
ocsp.entrust.net/
IP
23.38.202.187:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
f7feef69dddec28e06bcb00246aebd61
b310674d38598d3b15158a33e000662998a1a400
8b09304bbfd3507ee97a9fc6f4724e922e65c4ce352d91c88a1376c954731e5a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "8B09304BBFD3507EE97A9FC6F4724E922E65C4CE352D91C88A1376C954731E5A"
Last-Modified: Thu, 02 May 2024 03:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3600
Expires: Thu, 02 May 2024 16:32:36 GMT
Date: Thu, 02 May 2024 15:32:36 GMT
Connection: keep-alive

link.edgepilot.com/s/327e5db0/ZPIts5WNiE6c5rJJW5eBHg?u=https://www.macbryte.com/D/YnNjaHVsemVAYmF5aG91c3Rvbi5jb20=

199.30.234.133

2.5 kB

URL
link.edgepilot.com/s/327e5db0/ZPIts5WNiE6c5rJJW5eBHg?u=https://www.macbryte.com/D/YnNjaHVsemVAYmF5aG91c3Rvbi5jb20=
IP
199.30.234.133:0
ASN
#13380 ASN-CUST

File type
HTML document, ASCII text
Size
2.5 kB (2505 bytes)
Hash
55407990f8df48bf8afd37b9db3b9da1
966121c77b52854b31429e7f94c7db79050576b2
cffa01a1187ecd1dc00f1bd73c31d0bbbc7d8e867161fb5db20d2d28220d9852

HTTP Headers

GET /s/327e5db0/ZPIts5WNiE6c5rJJW5eBHg?u=https://www.macbryte.com/D/YnNjaHVsemVAYmF5aG91c3Rvbi5jb20= HTTP/1.1
Host: link.edgepilot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 May 2024 15:32:37 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2505
Connection: keep-alive
Cache-Control: no-cache

code.jquery.com/jquery-3.2.1.min.js

151.101.2.137

30 kB

URL
code.jquery.com/jquery-3.2.1.min.js
IP
151.101.2.137:0
ASN
#54113 FASTLY

File type
JavaScript source, ASCII text, with very long lines (32058)
Size
30 kB (30125 bytes)
Hash
c9f5aeeca3ad37bf2aa006139b935f0a
1055018c28ab41087ef9ccefe411606893dabea2
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

HTTP Headers

GET /jquery-3.2.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://link.edgepilot.com
DNT: 1
Connection: keep-alive
Referer: https://link.edgepilot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15283"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 02 May 2024 15:32:37 GMT
age: 9212524
x-served-by: cache-lga21971-LGA, cache-hel1410033-HEL
x-cache: HIT, HIT
x-cache-hits: 29, 624894
x-timer: S1714663958.541535,VS0,VE0
vary: Accept-Encoding
content-length: 30125
X-Firefox-Spdy: h2

link.edgepilot.com/css/app.css?v=1

199.30.234.133

819 B

URL
link.edgepilot.com/css/app.css?v=1
IP
199.30.234.133:0
ASN
#13380 ASN-CUST

File type
ASCII text
Size
819 B (819 bytes)
Hash
959f46f67438369c413f903156848bd0
0daf348389da6ce4dcc2cbe71e0589c26f6bbdab
8c52987fbc48500c2a81bd52f81d44324e31e7ecadbebd111a02f912be232cfd

HTTP Headers

GET /css/app.css?v=1 HTTP/1.1
Host: link.edgepilot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://link.edgepilot.com/s/327e5db0/ZPIts5WNiE6c5rJJW5eBHg?u=https://www.macbryte.com/D/YnNjaHVsemVAYmF5aG91c3Rvbi5jb20=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 May 2024 15:32:37 GMT
Content-Type: text/css
Content-Length: 819
Last-Modified: Wed, 01 Mar 2023 20:35:57 GMT
Connection: keep-alive
ETag: "63ffb72d-333"
Cache-Control: max-age
Accept-Ranges: bytes

maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css

104.18.11.207

21 kB

URL
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
IP
104.18.11.207:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65371)
Size
21 kB (20749 bytes)
Hash
ec3bb52a00e176a7181d454dffaea219
6527d8bf3e1e9368bab8c7b60f56bc01fa3afd68
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

HTTP Headers

GET /bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://link.edgepilot.com
DNT: 1
Connection: keep-alive
Referer: https://link.edgepilot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 May 2024 15:32:37 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: US
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"ec3bb52a00e176a7181d454dffaea219"
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 10/31/2023 19:15:06
cdn-edgestorageid: 940
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 5f656cb60f08c6c06c7851614756aae1
cdn-cache: HIT
cf-cache-status: HIT
age: 169861
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 87d910a628ca0b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

link.edgepilot.com/favicon.ico

199.30.234.133

1.3 kB

URL
link.edgepilot.com/favicon.ico
IP
199.30.234.133:0
ASN
#13380 ASN-CUST

File type
HTML document, ASCII text
Size
1.3 kB (1310 bytes)
Hash
5fd6c81e2d45bd71ef47570f15eb622a
474672baf3bf959b770a21ed2ad0fd6c3eac424c
c0f777284d7d75a641591d10d3cd99457f19f816fb3c6e2e6ab295f3eda52e99

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: link.edgepilot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://link.edgepilot.com/s/327e5db0/ZPIts5WNiE6c5rJJW5eBHg?u=https://www.macbryte.com/D/YnNjaHVsemVAYmF5aG91c3Rvbi5jb20=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 May 2024 15:32:37 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1310
Connection: keep-alive
Cache-Control: no-cache

link.edgepilot.com/filter

199.30.234.133

0 B

URL
link.edgepilot.com/filter
IP
199.30.234.133:0
ASN
#13380 ASN-CUST

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /filter HTTP/1.1
Host: link.edgepilot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 262
Origin: https://link.edgepilot.com
DNT: 1
Connection: keep-alive
Referer: https://link.edgepilot.com/s/327e5db0/ZPIts5WNiE6c5rJJW5eBHg?u=https://www.macbryte.com/D/YnNjaHVsemVAYmF5aG91c3Rvbi5jb20=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 02 May 2024 15:32:38 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://www.macbryte.com/D/YnNjaHVsemVAYmF5aG91c3Rvbi5jb20=
Cache-Control: no-cache

www.macbryte.com/D/YnNjaHVsemVAYmF5aG91c3Rvbi5jb20=

162.246.56.107

183 B

URL
www.macbryte.com/D/YnNjaHVsemVAYmF5aG91c3Rvbi5jb20=
IP
162.246.56.107:0
ASN
#63410 PRIVATESYSTEMS

File type
HTML document, ASCII text
Size
183 B (183 bytes)
Hash
3a6af9d66f246de6a1fc84758856a67d
21656761206d005870521286a9390ef7aa5a3874
6c3763b292b87e5745007686153e452d6d342877af63383a376787f5e55dae1c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /D/YnNjaHVsemVAYmF5aG91c3Rvbi5jb20= HTTP/1.1
Host: www.macbryte.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://link.edgepilot.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 02 May 2024 15:32:39 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

cloudflare-ipfs.com/owa/auth/15.0.1497/themes/resources/segoeui-regular.ttf

104.17.96.13

404 Not Found

14 B

URL GET HTTP/3
cloudflare-ipfs.com/owa/auth/15.0.1497/themes/resources/segoeui-regular.ttf
IP
104.17.96.13:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cloudflare-ipfs.com/ipfs/QmXLaDpQu5XUznCU1BJNT1FFw17ZnxfJ6L5eiCwKfZbCWn/AppIndex.html#bschulze@bayhouston.com
Certificate
IssuerLet's Encrypt
Subjectcloudflare-ipfs.com
FingerprintAF:BC:14:E3:55:D9:D8:F0:3C:8E:26:A0:4E:4A:C8:E6:13:58:A0:59
ValidityWed, 24 Apr 2024 02:22:22 GMT - Tue, 23 Jul 2024 02:22:21 GMT

File type
ASCII text, with no line terminators
Size
14 B (14 bytes)
Hash
d0fbda9855d118740f1105334305c126
bc3023b36063a7681db24681472b54fa11f0d4ec
a469ab4ca4e55bf547566e9ebfa1b809c933207e9d558156bc0c4252b17533fe

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Microsoft Outlook
PhishTank	phishing	Other

HTTP Headers

GET /owa/auth/15.0.1497/themes/resources/segoeui-regular.ttf HTTP/1.1
Host: cloudflare-ipfs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/ipfs/QmXLaDpQu5XUznCU1BJNT1FFw17ZnxfJ6L5eiCwKfZbCWn/AppIndex.html
Cookie: __cf_bm=yE5s4Uc9Sr5KVXAsslsPNVogsleezYM6ed8HAvBwHKs-1714663959-1.0.1.1-zYgEbeLWc.iGoom.iic0HEBFLKtTPQXm2Q4666pgz221L6ATqY9ncgqypMMFBtAxfAaGgmvXzdPcw_LOWjPP1Q
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
date: Thu, 02 May 2024 15:32:39 GMT
content-type: text/plain;charset=UTF-8
content-length: 14
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d910b50dac56c6-OSL
alt-svc: h3=":443"; ma=86400

cloudflare-ipfs.com/owa/auth/15.0.1497/themes/resources/segoeui-semilight.ttf

104.17.96.13

404 Not Found

14 B

URL GET HTTP/3
cloudflare-ipfs.com/owa/auth/15.0.1497/themes/resources/segoeui-semilight.ttf
IP
104.17.96.13:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cloudflare-ipfs.com/ipfs/QmXLaDpQu5XUznCU1BJNT1FFw17ZnxfJ6L5eiCwKfZbCWn/AppIndex.html#bschulze@bayhouston.com
Certificate
IssuerLet's Encrypt
Subjectcloudflare-ipfs.com
FingerprintAF:BC:14:E3:55:D9:D8:F0:3C:8E:26:A0:4E:4A:C8:E6:13:58:A0:59
ValidityWed, 24 Apr 2024 02:22:22 GMT - Tue, 23 Jul 2024 02:22:21 GMT

File type
ASCII text, with no line terminators
Size
14 B (14 bytes)
Hash
d0fbda9855d118740f1105334305c126
bc3023b36063a7681db24681472b54fa11f0d4ec
a469ab4ca4e55bf547566e9ebfa1b809c933207e9d558156bc0c4252b17533fe

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Microsoft Outlook
PhishTank	phishing	Other

HTTP Headers

GET /owa/auth/15.0.1497/themes/resources/segoeui-semilight.ttf HTTP/1.1
Host: cloudflare-ipfs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/ipfs/QmXLaDpQu5XUznCU1BJNT1FFw17ZnxfJ6L5eiCwKfZbCWn/AppIndex.html
Cookie: __cf_bm=yE5s4Uc9Sr5KVXAsslsPNVogsleezYM6ed8HAvBwHKs-1714663959-1.0.1.1-zYgEbeLWc.iGoom.iic0HEBFLKtTPQXm2Q4666pgz221L6ATqY9ncgqypMMFBtAxfAaGgmvXzdPcw_LOWjPP1Q
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
date: Thu, 02 May 2024 15:32:39 GMT
content-type: text/plain;charset=UTF-8
content-length: 14
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d910b50dc856c6-OSL
alt-svc: h3=":443"; ma=86400

cloudflare-ipfs.com/ipfs/QmXLaDpQu5XUznCU1BJNT1FFw17ZnxfJ6L5eiCwKfZbCWn/AppIndex.html

104.17.96.13

90 kB

URL
cloudflare-ipfs.com/ipfs/QmXLaDpQu5XUznCU1BJNT1FFw17ZnxfJ6L5eiCwKfZbCWn/AppIndex.html
IP
104.17.96.13:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectcloudflare-ipfs.com
FingerprintAF:BC:14:E3:55:D9:D8:F0:3C:8E:26:A0:4E:4A:C8:E6:13:58:A0:59
ValidityWed, 24 Apr 2024 02:22:22 GMT - Tue, 23 Jul 2024 02:22:21 GMT

File type
HTML document, ASCII text, with very long lines (65498), with CRLF line terminators
Size
90 kB (89589 bytes)
Hash
e2ccb851b4e7917e8c702da3b7cfe43c
750ffd3022936057132df12a7200e78061aa08ce
dbdef861f487137d7b7f9bc04f5c46f4b7c05e068b95e1b2e404ac2dc4e2b84b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Microsoft Outlook
PhishTank	phishing	Other

HTTP Headers

GET /ipfs/QmXLaDpQu5XUznCU1BJNT1FFw17ZnxfJ6L5eiCwKfZbCWn/AppIndex.html HTTP/1.1
Host: cloudflare-ipfs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.macbryte.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 May 2024 15:32:39 GMT
content-type: text/html
cf-ray: 87d910b2ccfd56c4-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 712
cache-control: public, max-age=29030400, immutable
etag: W/"QmX2kQ7aQZvqSbwpe6LPjPZiB1Kt9BgjBr3cP7jf1cMa4o"
vary: Accept-Encoding
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
access-control-allow-methods: GET
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
x-cf-ipfs-cache-status: hit
x-ipfs-path: /ipfs/QmXLaDpQu5XUznCU1BJNT1FFw17ZnxfJ6L5eiCwKfZbCWn/AppIndex.html
x-ipfs-roots: QmXLaDpQu5XUznCU1BJNT1FFw17ZnxfJ6L5eiCwKfZbCWn,QmX2kQ7aQZvqSbwpe6LPjPZiB1Kt9BgjBr3cP7jf1cMa4o
set-cookie: __cf_bm=yE5s4Uc9Sr5KVXAsslsPNVogsleezYM6ed8HAvBwHKs-1714663959-1.0.1.1-zYgEbeLWc.iGoom.iic0HEBFLKtTPQXm2Q4666pgz221L6ATqY9ncgqypMMFBtAxfAaGgmvXzdPcw_LOWjPP1Q; path=/; expires=Thu, 02-May-24 16:02:39 GMT; domain=.cloudflare-ipfs.com; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

wafsd.com/new/arsm/media/download-logo.png

0.0.0.0

0 B

URL GET
wafsd.com/new/arsm/media/download-logo.png
IP
0.0.0.0:0
ASN
#0

Requested by
https://cloudflare-ipfs.com/ipfs/QmXLaDpQu5XUznCU1BJNT1FFw17ZnxfJ6L5eiCwKfZbCWn/AppIndex.html#bschulze@bayhouston.com

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /new/arsm/media/download-logo.png HTTP/1.1
Host: wafsd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

wafsd.com/new/arsm/media/download.gif

0.0.0.0

0 B

URL GET
wafsd.com/new/arsm/media/download.gif
IP
0.0.0.0:0
ASN
#0

Requested by
https://cloudflare-ipfs.com/ipfs/QmXLaDpQu5XUznCU1BJNT1FFw17ZnxfJ6L5eiCwKfZbCWn/AppIndex.html#bschulze@bayhouston.com

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /new/arsm/media/download.gif HTTP/1.1
Host: wafsd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

wafsd.com/new/arsm/media/favicon.ico

0.0.0.0

0 B

URL GET
wafsd.com/new/arsm/media/favicon.ico
IP
0.0.0.0:0
ASN
#0

Requested by
https://cloudflare-ipfs.com/ipfs/QmXLaDpQu5XUznCU1BJNT1FFw17ZnxfJ6L5eiCwKfZbCWn/AppIndex.html#bschulze@bayhouston.com

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /new/arsm/media/favicon.ico HTTP/1.1
Host: wafsd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

cloudflare-ipfs.com/ipfs/QmXLaDpQu5XUznCU1BJNT1FFw17ZnxfJ6L5eiCwKfZbCWn/AppIndex.html

104.17.96.13

200 OK

404 kB

URL User Request GET HTTP/2
cloudflare-ipfs.com/ipfs/QmXLaDpQu5XUznCU1BJNT1FFw17ZnxfJ6L5eiCwKfZbCWn/AppIndex.html
IP
104.17.96.13:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectcloudflare-ipfs.com
FingerprintAF:BC:14:E3:55:D9:D8:F0:3C:8E:26:A0:4E:4A:C8:E6:13:58:A0:59
ValidityWed, 24 Apr 2024 02:22:22 GMT - Tue, 23 Jul 2024 02:22:21 GMT

File type
HTML document, ASCII text, with very long lines (65498), with CRLF line terminators
Size
404 kB (404270 bytes)
Hash
e2ccb851b4e7917e8c702da3b7cfe43c
750ffd3022936057132df12a7200e78061aa08ce
dbdef861f487137d7b7f9bc04f5c46f4b7c05e068b95e1b2e404ac2dc4e2b84b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Microsoft Outlook
PhishTank	phishing	Other

HTTP Headers

GET /ipfs/QmXLaDpQu5XUznCU1BJNT1FFw17ZnxfJ6L5eiCwKfZbCWn/AppIndex.html HTTP/1.1
Host: cloudflare-ipfs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.macbryte.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 May 2024 15:32:39 GMT
content-type: text/html
cf-ray: 87d910b2ccfd56c4-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 712
cache-control: public, max-age=29030400, immutable
etag: W/"QmX2kQ7aQZvqSbwpe6LPjPZiB1Kt9BgjBr3cP7jf1cMa4o"
vary: Accept-Encoding
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
access-control-allow-methods: GET
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
x-cf-ipfs-cache-status: hit
x-ipfs-path: /ipfs/QmXLaDpQu5XUznCU1BJNT1FFw17ZnxfJ6L5eiCwKfZbCWn/AppIndex.html
x-ipfs-roots: QmXLaDpQu5XUznCU1BJNT1FFw17ZnxfJ6L5eiCwKfZbCWn,QmX2kQ7aQZvqSbwpe6LPjPZiB1Kt9BgjBr3cP7jf1cMa4o
set-cookie: __cf_bm=yE5s4Uc9Sr5KVXAsslsPNVogsleezYM6ed8HAvBwHKs-1714663959-1.0.1.1-zYgEbeLWc.iGoom.iic0HEBFLKtTPQXm2Q4666pgz221L6ATqY9ncgqypMMFBtAxfAaGgmvXzdPcw_LOWjPP1Q; path=/; expires=Thu, 02-May-24 16:02:39 GMT; domain=.cloudflare-ipfs.com; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (15)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP