Report Overview

  1. Visited public
    2025-03-22 09:13:56
    Tags
    microsoftphishingoutlook
    Submit Tags
  2. URL

    dfbf0b1b.771de3504178d156d4f62ccb.workers.dev/?qrc=mcoleman@auduboncompanies.com/

  3. Finishing URL

    hebte.com/?lxsjb6mvk=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1tY29sZW1hbiU0MGF1ZHVib25jb21wYW5pZXMuY29tJTJmJmNsaWVudC1yZXF1ZXN0LWlkPTE4YTc4NjY5LWMxNTgtYjMxMy1hYjc1LTgyYTZhYzc3ZWFkZCZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg3ODIzMTYyMjE4MTIzODUuOGE1NzQwYjAtYjJkYS00NTA1LWEzYzAtMTkwNWUxNGUxNjFmJnN0YXRlPURZdkxEc0lnRUFCQnY2VkgydDNsNmNGNDh6Zk1RbEZKQ2pUUnh0LVh3MHptTWxJSWNSNmNCaEtHaEhjNi1FQWFIUkVHSkIzc0hOaDZBeEZVcEpXVnNXQVY2d1FLTDJBem1vd09uM0s4ZXVrX1htNWJmNVgyZUpmMnZkYlV0MXk1VFFiNFdJX1lXLXAxNTFieVp4NDEwZjBQ

  4. IP / ASN
    104.21.80.1

    #13335 CLOUDFLARENET

    Title
    gvsfuyyz0c

  5. Phishing - Microsoft

    Phishing - Microsoft Outlook

Detections
urlquery
38
Network Intrusion Detection
1
Threat Detection Systems
0

Domain Summary

Domain / FQDNRankRegisteredFirst SeenLast Seen
outlook.office365.com512005-06-202013-04-112025-03-15
dfbf0b1b.771de3504178d156d4f62ccb.workers.devunknown2019-02-082025-03-222025-03-22
kiaupa.comunknown2024-04-182025-03-222025-03-22
hebte.comunknown2024-07-222025-03-222025-03-22
csp.microsoft.com79511991-05-022021-03-092025-03-21
challenges.cloudflare.comunknown2009-02-172021-10-202025-03-19
r4.res.office365.com1802005-06-202017-03-032025-03-19

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

SeveritySource IPDestination IPAlert
lowClient IP 104.21.112.1
ET INFO Observed Cloudflare workers.dev Domain in TLS SNI

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected


OpenPhish

No alerts detected


PhishTank

No alerts detected


Quad9 DNS

No alerts detected


ThreatFox

No alerts detected


JavaScript (200)

HTTP Transactions (49)

URLIPResponseSize
GET hebte.com/aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_r1sg5sxlkljjoa22hvk04g2.js
196.251.87.168200 OK59 kB
POST csp.microsoft.com/report/ESTS-UX-All
13.107.246.53200 OK2 B
POST csp.microsoft.com/report/ESTS-UX-All
13.107.246.53200 OK2 B
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/d/924492ca1c2c56bd/1742634810392/zfb40q-jZRRr5AF
104.18.95.41200 OK61 B
GET hebte.com/owa/?login_hint=mcoleman%40auduboncompanies.com%2F
196.251.87.168302 Found43 kB
POST csp.microsoft.com/report/ESTS-UX-All
13.107.246.53200 OK2 B
GET r4.res.office365.com/owa/prem/15.20.8534.36/scripts/boot.worldwide.0.mouse.js
23.36.77.240200 OK664 kB
GET hebte.com/aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg
196.251.87.168200 OK987 B
GET r4.res.office365.com/owa/prem/15.20.8534.36/scripts/boot.worldwide.3.mouse.js
23.36.77.240200 OK660 kB
GET hebte.com/aadcdn.msauth.net/~/shared/1.0/content/images/picker_account_aad_f83ebff69a4a1685e4dc9650cdab8886.svg
196.251.87.168200 OK1.4 kB
GET r4.res.office365.com/owa/prem/15.20.8534.36/resources/styles/fonts/office365icons.woff
23.36.77.240200 OK78 kB
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1
104.18.95.41200 OK61 B
GET hebte.com/?qrc=mcoleman%40auduboncompanies.com%2F
196.251.87.168302 Moved Temporarily43 kB
POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1296560327:1742631941:8fgLLprbKOU5-VuhnEmhPXPtZcDhGO-ZGq5OTWuJNds/924492ca1c2c56bd/.8.1PetCTHsiArTqIfVrNSJzK.xSZ4s6qTOJMrX8LPo-1742634809-1.1.1.1-EPszNSfvFBiSoZNFI4THQbwvTtilOgyRWIExq0D1K13TIBC0EPbPeVp.Vdt2B_ig
104.18.95.41200 OK4.9 kB
GET r4.res.office365.com/owa/prem/15.20.8534.36/resources/images/0/sprite1.mouse.css
23.36.77.240200 OK994 B
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/924492ca1c2c56bd/1742634810379/7ce41f98580f4b774eac0e178859553abd97663af91a534c173ec6de99745d4f/MeLL2zoN7jzkMws
104.18.95.41401 Unauthorized1 B
GET hebte.com/?lxsjb6mvk=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1tY29sZW1hbiU0MGF1ZHVib25jb21wYW5pZXMuY29tJTJmJmNsaWVudC1yZXF1ZXN0LWlkPTE4YTc4NjY5LWMxNTgtYjMxMy1hYjc1LTgyYTZhYzc3ZWFkZCZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg3ODIzMTYyMjE4MTIzODUuOGE1NzQwYjAtYjJkYS00NTA1LWEzYzAtMTkwNWUxNGUxNjFmJnN0YXRlPURZdkxEc0lnRUFCQnY2VkgydDNsNmNGNDh6Zk1RbEZKQ2pUUnh0LVh3MHptTWxJSWNSNmNCaEtHaEhjNi1FQWFIUkVHSkIzc0hOaDZBeEZVcEpXVnNXQVY2d1FLTDJBem1vd09uM0s4ZXVrX1htNWJmNVgyZUpmMnZkYlV0MXk1VFFiNFdJX1lXLXAxNTFieVp4NDEwZjBQ
196.251.87.168200 OK43 kB
GET hebte.com/aadcdn.msauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_GjP1RdcVSKf6ASC7mgkR1g2.js
196.251.87.168200 OK689 kB
GET hebte.com/aadcdn.msauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
196.251.87.168200 OK17 kB
GET outlook.office365.com/owa/prefetch.aspx
40.104.62.242200 OK2.7 kB
GET hebte.com/aadcdn.msauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pidpdisambiguation_8442c9722efe126153de.js
196.251.87.168200 OK7.0 kB
GET challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
104.18.95.41302 Found48 kB
POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1296560327:1742631941:8fgLLprbKOU5-VuhnEmhPXPtZcDhGO-ZGq5OTWuJNds/924492ca1c2c56bd/.8.1PetCTHsiArTqIfVrNSJzK.xSZ4s6qTOJMrX8LPo-1742634809-1.1.1.1-EPszNSfvFBiSoZNFI4THQbwvTtilOgyRWIExq0D1K13TIBC0EPbPeVp.Vdt2B_ig
104.18.95.41200 OK241 kB
GET hebte.com/aadcdn.msauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
196.251.87.168200 OK3.7 kB
GET r4.res.office365.com/owa/prem/15.20.8534.36/resources/styles/fonts/office365icons.woff
23.36.77.240200 OK78 kB
GET hebte.com/aadcdn.msauth.net/~/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif
196.251.87.168200 OK3.6 kB
GET r4.res.office365.com/owa/prem/15.20.8534.36/scripts/boot.worldwide.1.mouse.js
23.36.77.240200 OK660 kB
GET hebte.com/aadcdn.msauth.net/~/shared/1.0/content/js/oneDs_641b1cf809bdc17b42ab.js
196.251.87.168200 OK190 kB
GET hebte.com/aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49_7916a894ebde7d29c2cc29b267f1299f.jpg
196.251.87.168200 OK18 kB
GET hebte.com/aadcdn.msauth.net/~/shared/1.0/content/images/picker_account_msa_2d8f86059be176833897099ee6ddedeb.svg
196.251.87.168200 OK379 B
GET r4.res.office365.com/owa/prem/15.20.8534.36/resources/styles/0/boot.worldwide.mouse.css
23.36.77.240200 OK232 kB
GET dfbf0b1b.771de3504178d156d4f62ccb.workers.dev/favicon.ico
104.21.112.1200 OK6.8 kB
GET hebte.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2hlYnRlLmNvbS8iLCJkb21haW4iOiJoZWJ0ZS5jb20iLCJrZXkiOiJtSDFZNHBNUm5IYlEiLCJxcmMiOiJtY29sZW1hbkBhdWR1Ym9uY29tcGFuaWVzLmNvbS8iLCJpYXQiOjE3NDI2MzQ4MjEsImV4cCI6MTc0MjYzNDk0MX0.ZZOlcVfNSJitcIlYKw7ZFEbF3sFFVZkuwdPgu0-nHj0
196.251.87.168302 Found43 kB
GET r4.res.office365.com/owa/prem/15.20.8534.36/resources/images/0/sprite1.mouse.png
23.36.77.240200 OK132 B
GET hebte.com/aadcdn.msauth.net/~/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif
196.251.87.168200 OK2.7 kB
GET hebte.com/aadcdn.msauth.net/~/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png
196.251.87.168200 OK5.1 kB
OPTIONS kiaupa.com/?pkjmtelm&qrc=mcoleman@auduboncompanies.com/
196.251.87.168200 OK0 B
GET kiaupa.com/?pkjmtelm&qrc=mcoleman@auduboncompanies.com/
196.251.87.168200 OK322 B
GET hebte.com/aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css
196.251.87.168200 OK113 kB
POST csp.microsoft.com/report/ESTS-UX-All
13.107.246.53200 OK2 B
POST csp.microsoft.com/report/ESTS-UX-All
13.107.246.53200 OK2 B
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=924492ca1c2c56bd&lang=auto
104.18.95.41200 OK114 kB
POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1296560327:1742631941:8fgLLprbKOU5-VuhnEmhPXPtZcDhGO-ZGq5OTWuJNds/924492ca1c2c56bd/.8.1PetCTHsiArTqIfVrNSJzK.xSZ4s6qTOJMrX8LPo-1742634809-1.1.1.1-EPszNSfvFBiSoZNFI4THQbwvTtilOgyRWIExq0D1K13TIBC0EPbPeVp.Vdt2B_ig
104.18.95.41200 OK28 kB
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/ki7yc/0x4AAAAAABBmtCGN8vzzbK2C/auto/fbE/new/normal/auto/
104.18.95.41200 OK28 kB
POST csp.microsoft.com/report/ESTS-UX-All
13.107.246.53200 OK2 B
GET r4.res.office365.com/owa/prem/15.20.8534.36/scripts/boot.worldwide.2.mouse.js
23.36.77.240200 OK662 kB
GET hebte.com/aadcdn.msauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js
196.251.87.168200 OK110 kB
GET dfbf0b1b.771de3504178d156d4f62ccb.workers.dev/?qrc=mcoleman@auduboncompanies.com/
104.21.112.1200 OK6.8 kB
GET challenges.cloudflare.com/turnstile/v0/b/708f7a809116/api.js
104.18.95.41200 OK48 kB