Report - freshfaxmail-1318034737.cos.sa-saopaulo.myqcloud.com/Onedrive.html

Report Overview

URL

freshfaxmail-1318034737.cos.sa-saopaulo.myqcloud.com/Onedrive.html
IP

43.135.205.247

ASN

#132203 Tencent Building, Kejizhongyi Avenue
Submitted

2023-06-04T12:59:25Z

Access

public
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

0
Threat Detection Systems

2

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
ajax.googleapis.com (1)	12905	2013-08-16 11:51:31	2023-06-03 19:04:37	469	31012	142.250.74.42
maxcdn.bootstrapcdn.com (2)	724	2014-06-18 02:37:31	2023-06-03 18:12:43	1098	195657	104.18.11.207
fonts.googleapis.com (2)	8877	2013-06-10 22:14:26	2023-06-03 18:44:59	950	7034	142.250.74.74
stackpath.bootstrapcdn.com (1)	2467	2018-06-15 22:36:43	2023-06-03 18:28:11	477	51934	104.18.11.207
ocsp2.globalsign.com (1)	1544	2012-05-23 20:10:04	2023-06-03 18:12:09	357	1924	104.18.21.226
cdnjs.cloudflare.com (1)	235	2015-04-17 22:46:33	2023-06-03 18:14:22	545	7170	104.17.24.14
ocsp.pki.goog (2)	175	2018-07-01 08:43:07	2023-06-03 18:12:09	666	1398	142.250.74.3
freshfaxmail-1318034737.cos.sa-saopaulo.myqcloud.com (3)	unknown	No data	No data	1540	3040	43.135.205.247
code.jquery.com (1)	634	2012-05-21 19:28:02	2023-06-03 18:21:38	520	24314	69.16.175.42
sharemail.enkidigitalfashion.com (1)	unknown	2023-05-31 19:11:33	2023-06-01 02:25:21	463	1095540	162.241.124.44

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-06-03	medium	freshfaxmail-1318034737.cos.sa-saopaulo.myqcloud.com/Onedrive.html

PhishTank

Scan Date	Severity	Indicator	Alert
2023-06-03	medium	freshfaxmail-1318034737.cos.sa-saopaulo.myqcloud.com/Onedrive.html

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (7)

HTTP Transactions (15)

URL IP Response Size

ocsp2.globalsign.com/gsorganizationvalsha2g3

104.18.21.226

1461

URL

ocsp2.globalsign.com/gsorganizationvalsha2g3
IP

104.18.21.226:0
ASN

#13335 CLOUDFLARENET

Magic

data

Size

1461
Hash

2bec0db96c60ed557c4453176a9ae252

e2afc83e7ab2aec2a2d8b3feb5c6a3a343084d85

8e1ef5a9fea2ec5b728e1501ea2fae0b61e4aa5941b8e144843456364e0a70f6

HTTP Headers

                                        POST /gsorganizationvalsha2g3 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Sun, 04 Jun 2023 12:59:07 GMT
Content-Type: application/ocsp-response
Content-Length: 1461
Connection: keep-alive
Expires: Thu, 08 Jun 2023 10:32:52 GMT
ETag: "e2afc83e7ab2aec2a2d8b3feb5c6a3a343084d85"
Last-Modified: Sun, 04 Jun 2023 10:32:53 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d2059e9bf51b511-OSL

freshfaxmail-1318034737.cos.sa-saopaulo.myqcloud.com/Onedrive.html

Brazil Tencent Building, Kejizhongyi Avenue

43.135.205.247

200 OK

1392

URL User Request GET HTTP/1.1

freshfaxmail-1318034737.cos.sa-saopaulo.myqcloud.com/Onedrive.html
IP

43.135.205.247:443
ASN

#132203 Tencent Building, Kejizhongyi Avenue

Certificate

IssuerGlobalSign nv-sa

Subject*.cos.sa-saopaulo.myqcloud.com

Fingerprint14:BA:22:2E:FB:E3:4A:4C:F2:C0:4D:65:3A:9D:C1:57:CD:5F:93:8D

ValidityFri, 03 Mar 2023 09:01:11 GMT - Wed, 03 Apr 2024 09:01:10 GMT

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators

Size

1392
Hash

97b4ef8ac5241e05c27c4692e856c478

d5192c095348b573f1c7b96de701d8f0486e8dd0

5c1d49d0e05b515905e491899b72f7b0eab0b438e0a1bcfcd232f429714840ee

Detections

Analyzer	Verdict	Alert
openphish	Office365
phishtank	Other

HTTP Headers

                                        GET /Onedrive.html HTTP/1.1
Host: freshfaxmail-1318034737.cos.sa-saopaulo.myqcloud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1392
Connection: keep-alive
Accept-Ranges: bytes
Date: Sun, 04 Jun 2023 12:59:07 GMT
ETag: "97b4ef8ac5241e05c27c4692e856c478"
Last-Modified: Wed, 31 May 2023 17:18:53 GMT
Server: tencent-cos
x-cos-hash-crc64ecma: 10473657287514350009
x-cos-request-id: NjQ3YzhhOWJfODQ0YzU5MGJfNWZkMF8zMTVjNGU4

cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js

104.17.24.14

200 OK

6157

URL GET HTTP/2

cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
IP

104.17.24.14:443
ASN

#13335 CLOUDFLARENET

Requested by

https://freshfaxmail-1318034737.cos.sa-saopaulo.myqcloud.com/Onedrive.html
Certificate

IssuerCloudflare, Inc.

Subjectsni.cloudflaressl.com

FingerprintA9:11:71:07:07:92:48:7E:A9:3C:E8:32:25:3F:EB:AC:7D:51:7E:8F

ValidityWed, 03 Aug 2022 00:00:00 GMT - Wed, 02 Aug 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (19015)

Size

6157
Hash

70d3fda195602fe8b75e0097eed74dde

c3b977aa4b8dfb69d651e07015031d385ded964b

a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66

HTTP Headers

                                        GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://freshfaxmail-1318034737.cos.sa-saopaulo.myqcloud.com
DNT: 1
Connection: keep-alive
Referer: https://freshfaxmail-1318034737.cos.sa-saopaulo.myqcloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
date: Sun, 04 Jun 2023 12:59:07 GMT
content-type: application/javascript; charset=utf-8
content-length: 6157
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03fa9-4af4"
last-modified: Mon, 04 May 2020 16:15:37 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 3263443
expires: Fri, 24 May 2024 12:59:07 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ngWReU9Ek4uFPa9sSfjB7Je4EuO2XbfUQ%2FCEJVbDkHsiGcLOgJ%2BJKPTBSaeSlNr3Hc40vNgyJC42j2e9FXK1KMSUyezCHIIEL6AKP9eqKGAfaBj4oJojEjePeHtSgzq3w6WMg8NT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7d2059eeaee8b4f3-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.2.1.slim.min.js

69.16.175.42

200 OK

23856

URL GET HTTP/2

code.jquery.com/jquery-3.2.1.slim.min.js
IP

69.16.175.42:443
ASN

#20446 STACKPATH-CDN

Requested by

https://freshfaxmail-1318034737.cos.sa-saopaulo.myqcloud.com/Onedrive.html
Certificate

IssuerSectigo Limited

Subject*.jquery.com

Fingerprint64:50:4C:BB:DF:F3:1D:70:CC:5D:9E:B7:BE:80:91:84:03:C1:D1:83

ValidityWed, 03 Aug 2022 00:00:00 GMT - Fri, 14 Jul 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (32012)

Size

23856
Hash

5f48fc77cac90c4778fa24ec9c57f37d

9e89d1515bc4c371b86f4cb1002fd8e377c1829f

9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398

HTTP Headers

                                        GET /jquery-3.2.1.slim.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://freshfaxmail-1318034737.cos.sa-saopaulo.myqcloud.com
DNT: 1
Connection: keep-alive
Referer: https://freshfaxmail-1318034737.cos.sa-saopaulo.myqcloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
date: Sun, 04 Jun 2023 12:59:07 GMT
content-encoding: gzip
content-length: 23856
content-type: application/javascript; charset=utf-8
last-modified: Fri, 12 Aug 2022 13:47:02 GMT
accept-ranges: bytes
server: nginx
etag: W/"62f659d6-10fdd"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1685883547.dop201.sk1.t,1685883547.cds202.sk1.hn,1685883547.cds235.sk1.c
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

471

URL

ocsp.pki.goog/gts1c3
IP

142.250.74.3:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

d11f1919fef5d8fccf8a87cf62ec7d61

b862276403c5375ce0cf2707ff0141d0f765fafa

7002839ec0a73f7a79f9f8720287932bd850a6a1b741ad91808e402ecb1c0d48

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Jun 2023 12:59:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

142.250.74.42

200 OK

30028

URL GET HTTP/2

ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
IP

142.250.74.42:443
ASN

#15169 GOOGLE

Requested by

https://freshfaxmail-1318034737.cos.sa-saopaulo.myqcloud.com/Onedrive.html
Certificate

IssuerGoogle Trust Services LLC

Subjectupload.video.google.com

Fingerprint3F:94:23:08:F7:DB:8B:36:93:90:93:F4:9E:46:A6:6A:93:75:15:C0

ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

Magic

ASCII text, with very long lines (32065)

Size

30028
Hash

2f6b11a7e914718e0290410e85366fe9

69bb69e25ca7d5ef0935317584e6153f3fd9a88c

05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

HTTP Headers

                                        GET /ajax/libs/jquery/2.2.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://freshfaxmail-1318034737.cos.sa-saopaulo.myqcloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30028
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 May 2023 00:16:38 GMT
expires: Thu, 30 May 2024 00:16:38 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 391350
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

471

URL

ocsp.pki.goog/gts1c3
IP

142.250.74.3:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

d11f1919fef5d8fccf8a87cf62ec7d61

b862276403c5375ce0cf2707ff0141d0f765fafa

7002839ec0a73f7a79f9f8720287932bd850a6a1b741ad91808e402ecb1c0d48

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Jun 2023 12:59:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

sharemail.enkidigitalfashion.com/bootstraap.min.js

162.241.124.44

200 OK

1095283

URL GET HTTP/1.1

sharemail.enkidigitalfashion.com/bootstraap.min.js
IP

162.241.124.44:443
ASN

#46606 UNIFIEDLAYER-AS-1

Requested by

https://freshfaxmail-1318034737.cos.sa-saopaulo.myqcloud.com/Onedrive.html
Certificate

IssuerLet's Encrypt

Subjectwww.sharemail.enkidigitalfashion.com

Fingerprint30:28:F7:31:EB:55:AA:B2:2F:85:DC:66:27:5B:DD:EF:C9:E1:18:55

ValidityWed, 31 May 2023 15:54:09 GMT - Tue, 29 Aug 2023 15:54:08 GMT

Magic

Unicode text, UTF-8 (with BOM) text, with very long lines (65448), with CRLF line terminators

Size

1095283
Hash

32f790cc7ff2bcb047234c3ce18d924d

9e21d09c76bab013bc535c76a32881d9e2628986

55be6c18910ad6cb95536075d0e9b97a809a7f519e54ae6ca0e3aaae941d75d4

HTTP Headers

                                        GET /bootstraap.min.js HTTP/1.1
Host: sharemail.enkidigitalfashion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://freshfaxmail-1318034737.cos.sa-saopaulo.myqcloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Sun, 04 Jun 2023 12:59:07 GMT
Server: Apache
Last-Modified: Wed, 31 May 2023 16:57:25 GMT
Accept-Ranges: bytes
Content-Length: 1095283
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

freshfaxmail-1318034737.cos.sa-saopaulo.myqcloud.com/1.png

43.135.205.247

404 Not Found

423

URL GET HTTP/1.1

freshfaxmail-1318034737.cos.sa-saopaulo.myqcloud.com/1.png
IP

43.135.205.247:443
ASN

#132203 Tencent Building, Kejizhongyi Avenue

Requested by

https://freshfaxmail-1318034737.cos.sa-saopaulo.myqcloud.com/Onedrive.html
Certificate

IssuerGlobalSign nv-sa

Subject*.cos.sa-saopaulo.myqcloud.com

Fingerprint14:BA:22:2E:FB:E3:4A:4C:F2:C0:4D:65:3A:9D:C1:57:CD:5F:93:8D

ValidityFri, 03 Mar 2023 09:01:11 GMT - Wed, 03 Apr 2024 09:01:10 GMT

Magic

XML 1.0 document text\012- XML document, ASCII text

Size

423
Hash

289429db46f22514b00bbdea19f9c724

7596780d4958f58288cea4c29279c8fd086fae4d

ef4d525d44db43667be11e74b4794bbde2de7eeb1e4765bf414f56e621ec1727

HTTP Headers

                                        GET /1.png HTTP/1.1
Host: freshfaxmail-1318034737.cos.sa-saopaulo.myqcloud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://freshfaxmail-1318034737.cos.sa-saopaulo.myqcloud.com/Onedrive.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 404 Not Found
Content-Type: application/xml
Content-Length: 423
Connection: keep-alive
Date: Sun, 04 Jun 2023 12:59:09 GMT
Server: tencent-cos
x-cos-request-id: NjQ3YzhhOWRfODQ0YzU5MGJfNWZlM18zMTYwNjZj

freshfaxmail-1318034737.cos.sa-saopaulo.myqcloud.com/favicon.ico

43.135.205.247

404 Not Found

429

URL GET HTTP/1.1

freshfaxmail-1318034737.cos.sa-saopaulo.myqcloud.com/favicon.ico
IP

43.135.205.247:443
ASN

#132203 Tencent Building, Kejizhongyi Avenue

Requested by

https://freshfaxmail-1318034737.cos.sa-saopaulo.myqcloud.com/Onedrive.html
Certificate

IssuerGlobalSign nv-sa

Subject*.cos.sa-saopaulo.myqcloud.com

Fingerprint14:BA:22:2E:FB:E3:4A:4C:F2:C0:4D:65:3A:9D:C1:57:CD:5F:93:8D

ValidityFri, 03 Mar 2023 09:01:11 GMT - Wed, 03 Apr 2024 09:01:10 GMT

Magic

XML 1.0 document text\012- XML document, ASCII text

Size

429
Hash

7347b90e302c33af538e84e09800069b

55032b4320b231bfffd3c7f88e55454f00e06c11

1b77beb942ef823c26c522b4c7dc67f59030f4d5ade7f80b42e8354069305378

HTTP Headers

                                        GET /favicon.ico HTTP/1.1
Host: freshfaxmail-1318034737.cos.sa-saopaulo.myqcloud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://freshfaxmail-1318034737.cos.sa-saopaulo.myqcloud.com/Onedrive.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 404 Not Found
Content-Type: application/xml
Content-Length: 429
Connection: keep-alive
Date: Sun, 04 Jun 2023 12:59:09 GMT
Server: tencent-cos
x-cos-request-id: NjQ3YzhhOWRfODQ0YzU5MGJfNWZiZl8zMWFhMThm

maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css

104.18.11.207

200 OK

144877

URL GET HTTP/2

maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
IP

104.18.11.207:443
ASN

#13335 CLOUDFLARENET

Requested by

https://freshfaxmail-1318034737.cos.sa-saopaulo.myqcloud.com/Onedrive.html
Certificate

IssuerCloudflare, Inc.

Subjectsni.cloudflaressl.com

Fingerprint5B:F7:8F:50:AD:E5:5B:5E:8C:4A:39:3D:0C:98:E8:8C:18:4B:3D:8A

ValidityFri, 30 Dec 2022 00:00:00 GMT - Sat, 30 Dec 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (65325)

Size

144877
Hash

450fc463b8b1a349df717056fbb3e078

895125a4522a3b10ee7ada06ee6503587cbf95c5

2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d

HTTP Headers

                                        GET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://freshfaxmail-1318034737.cos.sa-saopaulo.myqcloud.com
DNT: 1
Connection: keep-alive
Referer: https://freshfaxmail-1318034737.cos.sa-saopaulo.myqcloud.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
date: Sun, 04 Jun 2023 12:59:09 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"450fc463b8b1a349df717056fbb3e078"
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-cachedat: 04/26/2023 08:07:14
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 865
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 339de9b12596b38ab226384f6330f523
cdn-cache: HIT
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7d2059f6ccb5b4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Open+Sans:600

142.250.74.74

200 OK

2895

URL GET HTTP/3

fonts.googleapis.com/css?family=Open+Sans:600
IP

142.250.74.74:443
ASN

#15169 GOOGLE

Requested by

https://freshfaxmail-1318034737.cos.sa-saopaulo.myqcloud.com/Onedrive.html
Certificate

IssuerGoogle Trust Services LLC

Subjectupload.video.google.com

Fingerprint3F:94:23:08:F7:DB:8B:36:93:90:93:F4:9E:46:A6:6A:93:75:15:C0

ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

Magic

ASCII text, with very long lines (2967), with no line terminators

Size

2895
Hash

2e9f3cf7ce3486bc73028e550fd239a0

36316c593d6aa94e5d03de5399e58bf93be05b5d

5e0e3b20506a39a773514d5604d19a9930a54651e94a8a53c51c8c54b200f0d4

HTTP Headers

                                        GET /css?family=Open+Sans:600 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://freshfaxmail-1318034737.cos.sa-saopaulo.myqcloud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 04 Jun 2023 12:59:09 GMT
date: Sun, 04 Jun 2023 12:59:09 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js

104.18.11.207

200 OK

48944

URL GET HTTP/2

maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
IP

104.18.11.207:443
ASN

#13335 CLOUDFLARENET

Requested by

https://freshfaxmail-1318034737.cos.sa-saopaulo.myqcloud.com/Onedrive.html
Certificate

IssuerCloudflare, Inc.

Subjectsni.cloudflaressl.com

Fingerprint5B:F7:8F:50:AD:E5:5B:5E:8C:4A:39:3D:0C:98:E8:8C:18:4B:3D:8A

ValidityFri, 30 Dec 2022 00:00:00 GMT - Sat, 30 Dec 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (48664)

Size

48944
Hash

14d449eb8876fa55e1ef3c2cc52b0c17

a9545831803b1359cfeed47e3b4d6bae68e40e99

e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b

HTTP Headers

                                        GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://freshfaxmail-1318034737.cos.sa-saopaulo.myqcloud.com
DNT: 1
Connection: keep-alive
Referer: https://freshfaxmail-1318034737.cos.sa-saopaulo.myqcloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
date: Sun, 04 Jun 2023 12:59:07 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"14d449eb8876fa55e1ef3c2cc52b0c17"
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-cachedat: 11/25/2022 23:23:38
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 865
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: d3c6c5b071119199929ba04ed488929e
cdn-cache: HIT
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7d2059eea84eb4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js

104.18.11.207

200 OK

51039

URL GET HTTP/2

stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
IP

104.18.11.207:443
ASN

#13335 CLOUDFLARENET

Requested by

https://freshfaxmail-1318034737.cos.sa-saopaulo.myqcloud.com/Onedrive.html
Certificate

IssuerCloudflare, Inc.

Subjectsni.cloudflaressl.com

Fingerprint5B:F7:8F:50:AD:E5:5B:5E:8C:4A:39:3D:0C:98:E8:8C:18:4B:3D:8A

ValidityFri, 30 Dec 2022 00:00:00 GMT - Sat, 30 Dec 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (50758)

Size

51039
Hash

67176c242e1bdc20603c878dee836df3

27a71b00383d61ef3c489326b3564d698fc1227c

56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

HTTP Headers

                                        GET /bootstrap/4.1.3/js/bootstrap.min.js HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://freshfaxmail-1318034737.cos.sa-saopaulo.myqcloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
date: Sun, 04 Jun 2023 12:59:07 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
last-modified: Mon, 25 Jan 2021 22:04:06 GMT
cdn-cachedat: 11/15/2021 23:30:00
cdn-proxyver: 1.0
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 723
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: a35b0179a28ed953258d0fb41376a09c
cdn-cache: HIT
cf-cache-status: HIT
age: 28927395
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7d2059eedc44b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Open+Sans:600

142.250.74.74

200 OK

2895

URL GET HTTP/2

fonts.googleapis.com/css?family=Open+Sans:600
IP

142.250.74.74:443
ASN

#15169 GOOGLE

Requested by

https://freshfaxmail-1318034737.cos.sa-saopaulo.myqcloud.com/Onedrive.html
Certificate

IssuerGoogle Trust Services LLC

Subjectupload.video.google.com

Fingerprint3F:94:23:08:F7:DB:8B:36:93:90:93:F4:9E:46:A6:6A:93:75:15:C0

ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

Magic

ASCII text, with very long lines (2967), with no line terminators

Size

2895
Hash

2e9f3cf7ce3486bc73028e550fd239a0

36316c593d6aa94e5d03de5399e58bf93be05b5d

5e0e3b20506a39a773514d5604d19a9930a54651e94a8a53c51c8c54b200f0d4

HTTP Headers

                                        GET /css?family=Open+Sans:600 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://freshfaxmail-1318034737.cos.sa-saopaulo.myqcloud.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 04 Jun 2023 12:59:09 GMT
date: Sun, 04 Jun 2023 12:59:09 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

#1 JS:Script (size: 51039)

#2 JS:Script (size: 1095280)

#3 JS:Script (size: 0)

#4 JS:Script (size: 69597)

#5 JS:Script (size: 19188)

#6 JS:Script (size: 48944)

#7 JS:Script (size: 85578)

HTTP Transactions (15)

URL

IP

ASN

Magic

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

Magic

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

Magic

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

Magic

Size

Hash

HTTP Headers

URL

IP

ASN

Magic

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

Magic

Size