Report - go.geekhack.org/?id=129857X1600501&url=https://xfinity.com/learn/cima/login?referer=https://redirectapprequired.centralus.cloudapp.azure.com?email=suspect@slurpmail.net&sref=inbox-shopping&xcust=mail62b2ad762481f2e26d07fa10067c

Report Overview

Visited public
2024-12-06 16:57:31
Tags
Submit Tags
URL
go.geekhack.org/?id=129857X1600501&url=https://xfinity.com/learn/cima/login?referer=https://redirectapprequired.centralus.cloudapp.azure.com?email=suspect@slurpmail.net&sref=inbox-shopping&xcust=mail62b2ad762481f2e26d07fa10067c
Finishing URL
apprequireds.amaznprime.50-6-173-19.cprapid.com/2e3e5171-6dce-456a-bc52-ee13f0944f54?email=suspect%40slurpmail.net
IP / ASN
35.190.25.30
#15169 GOOGLE
Title
403 Forbidden

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
apprequireds.amaznprime.50-6-173-19.cprapid.com	unknown	2019-05-16	2024-12-06	2024-12-06	1.2 kB	958 B	50.6.173.19
go.geekhack.org	unknown	2007-08-18	2015-01-20	2024-10-31	595 B	411 B	35.190.25.30
xfinity.com	2992	2003-01-23	2013-07-22	2024-12-06	574 B	234 B	96.99.240.130
redirectapprequired.centralus.cloudapp.azure.com	unknown	1994-10-25	2024-12-06	2024-12-06	1.5 kB	1.3 kB	40.77.108.197

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-12-06 16:57:06	medium	35.190.25.30	Client IP	ET INFO TLS Handshake Failure

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (7)

	URL	IP	Response	Size
	go.geekhack.org/?id=129857X1600501&url=http://xfinity.com/learn/cima/login?referer=http://redirectapprequired.centralus.cloudapp.azure.com?email=suspect@slurpmail.net&sref=inbox-shopping&xcust=mail62b2ad762481f2e26d07fa10067c	35.190.25.30	302 Found	0 B
URL go.geekhack.org/?id=129857X1600501&url=http://xfinity.com/learn/cima/login?referer=http://redirectapprequired.centralus.cloudapp.azure.com?email=suspect@slurpmail.net&sref=inbox-shopping&xcust=mail62b2ad762481f2e26d07fa10067c IP 35.190.25.30:0 ASN #15169 GOOGLE File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /?id=129857X1600501&url=http://xfinity.com/learn/cima/login?referer=http://redirectapprequired.centralus.cloudapp.azure.com?email=suspect@slurpmail.net&sref=inbox-shopping&xcust=mail62b2ad762481f2e26d07fa10067c HTTP/1.1 Host: go.geekhack.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 302 Found Server: openresty/1.21.4.1 Date: Fri, 06 Dec 2024 16:57:06 GMT Content-Type: text/plain Content-Length: 0 Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: * X-skimhost: cookie-dealer-waypoint-7dbdc6799f-rrrhs Location: http://xfinity.com/learn/cima/login?referer=http://redirectapprequired.centralus.cloudapp.azure.com?email=suspect@slurpmail.net Via: 1.1 google`

	xfinity.com/learn/cima/login?referer=http://redirectapprequired.centralus.cloudapp.azure.com?email=suspect@slurpmail.net	96.99.240.130	301 Moved Permanently	0 B
URL xfinity.com/learn/cima/login?referer=http://redirectapprequired.centralus.cloudapp.azure.com?email=suspect@slurpmail.net IP 96.99.240.130:0 ASN #7922 COMCAST-7922 File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /learn/cima/login?referer=http://redirectapprequired.centralus.cloudapp.azure.com?email=suspect@slurpmail.net HTTP/1.1 Host: xfinity.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/1.0 301 Moved Permanently Location: https://www.xfinity.com/learn/cima/login?referer=http://redirectapprequired.centralus.cloudapp.azure.com?email=suspect@slurpmail.net Server: BigIP Connection: Keep-Alive Content-Length: 0`

	redirectapprequired.centralus.cloudapp.azure.com/?email=suspect@slurpmail.net	40.77.108.197	301 Moved Permanently	407 B
URL redirectapprequired.centralus.cloudapp.azure.com/?email=suspect@slurpmail.net IP 40.77.108.197:0 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK File type HTML document, ASCII text Size 407 B (407 bytes) Hash 913673370c37f190b7f9169db28715bf baea6616239c4a22d4a543d0c70a14e6ac7e9540 a009b4c384afc27ec65d986993635f97260f7e38a2a0864ee220dcb14d411767 HTTP Headers `GET /?email=suspect@slurpmail.net HTTP/1.1 Host: redirectapprequired.centralus.cloudapp.azure.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 301 Moved Permanently Date: Fri, 06 Dec 2024 16:57:07 GMT Server: Apache/2.4.58 (Ubuntu) Location: https://redirectapprequired.centralus.cloudapp.azure.com/?email=suspect@slurpmail.net Content-Length: 407 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1`

	redirectapprequired.centralus.cloudapp.azure.com/?email=suspect@slurpmail.net	40.77.108.197	200 OK	341 B
URL redirectapprequired.centralus.cloudapp.azure.com/?email=suspect@slurpmail.net IP 40.77.108.197:0 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK File type HTML document, ASCII text Size 341 B (341 bytes) Hash f7d93de825671ab779f53039ee5d0c14 78db1ddeb77be4fd6b6c27ba5d1b0e4ac144d74c 7be0686ddd549059a5ab6925dcdab85cdab6e037697ccba11d817100f6211fc5 HTTP Headers GET /?email=suspect@slurpmail.net HTTP/1.1 Host: redirectapprequired.centralus.cloudapp.azure.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 16:57:07 GMT Server: Apache/2.4.58 (Ubuntu) Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 341 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8`

	GET apprequireds.amaznprime.50-6-173-19.cprapid.com/2e3e5171-6dce-456a-bc52-ee13f0944f54?email=suspect%40slurpmail.net	50.6.173.19	403 Forbidden	318 B
URL User Request GET HTTP/2 apprequireds.amaznprime.50-6-173-19.cprapid.com/2e3e5171-6dce-456a-bc52-ee13f0944f54?email=suspect%40slurpmail.net IP 50.6.173.19:443 ASN #19871 NETWORK-SOLUTIONS-HOSTING Certificate IssuerLet's Encrypt Subjectpayments.netflix-account.requiredapps.50-6-173-19.cprapid.com FingerprintFF:50:07:DC:4E:DF:19:F6:3A:75:4A:C1:40:25:B2:B0:BC:DD:3A:3C ValidityTue, 03 Dec 2024 03:26:23 GMT - Mon, 03 Mar 2025 03:26:22 GMT File type HTML document, ASCII text Size 318 B (318 bytes) Hash fa172c77abd7b03605d83cd1ae373657 9785fb3254695c25c621eb4cd81cf7a2a3c8258f b0c7e6712ecbf97a1e3a14f19e3aed5dbd6553f21a2852565bfc5518925713db HTTP Headers GET /2e3e5171-6dce-456a-bc52-ee13f0944f54?email=suspect%40slurpmail.net HTTP/1.1 Host: apprequireds.amaznprime.50-6-173-19.cprapid.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://redirectapprequired.centralus.cloudapp.azure.com/ DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 403 Forbidden content-length: 318 content-type: text/html; charset=iso-8859-1 date: Fri, 06 Dec 2024 16:57:09 GMT server: Apache X-Firefox-Spdy: h2`

	GET apprequireds.amaznprime.50-6-173-19.cprapid.com/favicon.ico	50.6.173.19	403 Forbidden	318 B
URL GET HTTP/2 apprequireds.amaznprime.50-6-173-19.cprapid.com/favicon.ico IP 50.6.173.19:443 ASN #19871 NETWORK-SOLUTIONS-HOSTING Requested by https://apprequireds.amaznprime.50-6-173-19.cprapid.com/2e3e5171-6dce-456a-bc52-ee13f0944f54?email=suspect%40slurpmail.net Certificate IssuerLet's Encrypt Subjectpayments.netflix-account.requiredapps.50-6-173-19.cprapid.com FingerprintFF:50:07:DC:4E:DF:19:F6:3A:75:4A:C1:40:25:B2:B0:BC:DD:3A:3C ValidityTue, 03 Dec 2024 03:26:23 GMT - Mon, 03 Mar 2025 03:26:22 GMT File type HTML document, ASCII text Size 318 B (318 bytes) Hash fa172c77abd7b03605d83cd1ae373657 9785fb3254695c25c621eb4cd81cf7a2a3c8258f b0c7e6712ecbf97a1e3a14f19e3aed5dbd6553f21a2852565bfc5518925713db HTTP Headers GET /favicon.ico HTTP/1.1 Host: apprequireds.amaznprime.50-6-173-19.cprapid.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://apprequireds.amaznprime.50-6-173-19.cprapid.com/2e3e5171-6dce-456a-bc52-ee13f0944f54?email=suspect%40slurpmail.net Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 403 Forbidden content-length: 318 content-type: text/html; charset=iso-8859-1 date: Fri, 06 Dec 2024 16:57:09 GMT server: Apache X-Firefox-Spdy: h2`

	GET redirectapprequired.centralus.cloudapp.azure.com/favicon.ico	0.0.0.0		0 B
URL GET redirectapprequired.centralus.cloudapp.azure.com/favicon.ico IP 0.0.0.0:0 ASN #0 Requested by https://redirectapprequired.centralus.cloudapp.azure.com/?email=suspect@slurpmail.net Certificate IssuerLet's Encrypt Subjectredirectapprequired.centralus.cloudapp.azure.com FingerprintB8:C7:5C:D4:D1:38:98:0B:A6:AB:23:6B:82:9D:5B:D7:85:03:AE:FE ValidityWed, 04 Dec 2024 14:44:41 GMT - Tue, 04 Mar 2025 14:44:40 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /favicon.ico HTTP/1.1 Host: redirectapprequired.centralus.cloudapp.azure.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://redirectapprequired.centralus.cloudapp.azure.com/?email=suspect@slurpmail.net Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (7)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers