Report - webmail.hospitalbandeirantes.com.br/downloadPart.php?partId=MzIwM3wyfElOQk9Y&connInfo=aW1hcC1jbHVzdGVyLmlkYzIubWFuZGljLmNvbS5icnwxNDN8cmVjZXBjYW9jZW50cmFsQGhvc3BpdGFsYmFuZGVpcmFudGVzLmNvbS5icnwxMjM0NTY=&filename=OrcamentoTotal.zip

Report Overview

Submitted URL
webmail.hospitalbandeirantes.com.br/downloadPart.php?partId=MzIwM3wyfElOQk9Y&connInfo=aW1hcC1jbHVzdGVyLmlkYzIubWFuZGljLmNvbS5icnwxNDN8cmVjZXBjYW9jZW50cmFsQGhvc3BpdGFsYmFuZGVpcmFudGVzLmNvbS5icnwxMjM0NTY=&filename=OrcamentoTotal.zip
IP
177.70.99.57
ASN
#262545 Mandic S.A.
Submitted
2024-05-07 12:35:48
Access
public
Website Title
Outlook Web App
Final URL
outlook.leforte.com.br/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2foutlook.leforte.com.br%2fowa
Tags
microsoft phishing
urlquery detections
Phishing - Microsoft

Detections

urlquery
7
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
webmail.hospitalbandeirantes.com.br	unknown	2000-10-18	2015-01-20	2023-05-31	600 B	1.2 kB	177.70.99.57
outlook.leforte.com.br	unknown	2007-10-29	2018-08-22	2023-05-31	3.6 kB	199 kB	177.70.99.57

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (6)

	URL	Size	First Seen	Last Seen
	outlook.leforte.com.br/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2foutlook.leforte.com.br%2fowa	14 kB	2023-03-07	2024-05-19
Pretty URL outlook.leforte.com.br/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2foutlook.leforte.com.br%2fowa IP 177.70.99.57 ASN #262545 Mandic S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:58 Last Seen2024-05-19 00:29:12 Times Seen577 Hash 8e2bc1b488831cdc5841d3abfb0ba6bb 50aed9715e2a5c3018ae336875294f64a202eaf2 b7cd8d9758300e4190d07cfc88be4aabadff6e837e68d93eb73648dbcd89351b Loading...

	outlook.leforte.com.br/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2foutlook.leforte.com.br%2fowa	1.4 kB	2023-03-07	2024-05-19
Pretty URL outlook.leforte.com.br/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2foutlook.leforte.com.br%2fowa IP 177.70.99.57 ASN #262545 Mandic S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:58 Last Seen2024-05-19 00:29:12 Times Seen493 Hash 97eb9cc59146b048bdf9f61b499bf16f 3bcf316328c997d9768a59393894a989052e5198 d656711ef4d2a655d04b516c9dbafbe90bc4b24b57b0c3bc3c197ef4d287b641 Loading...

	outlook.leforte.com.br/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2foutlook.leforte.com.br%2fowa	1.8 kB	2023-03-07	2024-05-16
Pretty URL outlook.leforte.com.br/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2foutlook.leforte.com.br%2fowa IP 177.70.99.57 ASN #262545 Mandic S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:16:03 Last Seen2024-05-16 16:44:30 Times Seen218 Hash afd025b7632ed25629ab5d9fce9766d9 8ad660fe353f568ded885e2fa40bc38523fd9e88 8e322d90a8ec6e11e0766e6ce58f27c8329d43009602813df177c4bcc60964a4 Loading...

	outlook.leforte.com.br/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2foutlook.leforte.com.br%2fowa	19 B	2023-03-07	2024-05-19
Pretty URL outlook.leforte.com.br/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2foutlook.leforte.com.br%2fowa IP 177.70.99.57 ASN #262545 Mandic S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:54 Last Seen2024-05-19 09:18:17 Times Seen1781 Hash 24f6a9c606199b766addcdaf630a6f4a e25cfd579629e6e410927500f3e9a728261c0553 e74b3de0ef4501689fdd96e8ecf0f120e7761bb3d9bfe6544e38790c0d386bf0 Loading...

	outlook.leforte.com.br/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2foutlook.leforte.com.br%2fowa	137 B	2023-03-07	2024-05-19
Pretty URL outlook.leforte.com.br/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2foutlook.leforte.com.br%2fowa IP 177.70.99.57 ASN #262545 Mandic S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:54 Last Seen2024-05-19 09:18:17 Times Seen1794 Hash 3012703a3a5c709a38f2cba896e8e5e6 d574b12ce7043b1ee47eb6934c39f19379fcf0ec 2c65e217804431e380651ce713d311bd5b5a5fb81cebc58392505cb35c854cdc Loading...

	outlook.leforte.com.br/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2foutlook.leforte.com.br%2fowa	68 B	2023-03-07	2024-05-19
Pretty URL outlook.leforte.com.br/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2foutlook.leforte.com.br%2fowa IP 177.70.99.57 ASN #262545 Mandic S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:58 Last Seen2024-05-19 00:29:12 Times Seen1075 Hash db8216e217de9a14420fa187142b00b5 50f9fdaa34b7caa061db879baa23a7d75f048e9e ebc3102ee92075887df69ec8c18ca2c24015e728566d302598a63c06697754ed Loading...

HTTP Transactions (7)

URL IP Response Size

webmail.hospitalbandeirantes.com.br/downloadPart.php?partId=MzIwM3wyfElOQk9Y&connInfo=aW1hcC1jbHVzdGVyLmlkYzIubWFuZGljLmNvbS5icnwxNDN8cmVjZXBjYW9jZW50cmFsQGhvc3BpdGFsYmFuZGVpcmFudGVzLmNvbS5icnwxMjM0NTY=&filename=OrcamentoTotal.zip

177.70.99.57

157 B

URL
webmail.hospitalbandeirantes.com.br/downloadPart.php?partId=MzIwM3wyfElOQk9Y&connInfo=aW1hcC1jbHVzdGVyLmlkYzIubWFuZGljLmNvbS5icnwxNDN8cmVjZXBjYW9jZW50cmFsQGhvc3BpdGFsYmFuZGVpcmFudGVzLmNvbS5icnwxMjM0NTY=&filename=OrcamentoTotal.zip
IP
177.70.99.57:0
ASN
#262545 Mandic S.A.

File type
HTML document, ASCII text
Size
157 B (157 bytes)
Hash
abeec9486bdd3814d0afc0ddc0e92453
807f5bc09e0b04761dad09d1923830cc5b69fb56
2c63b4e24ccc3d429014d8b39e8cd9885b794b069679af3460c8ee0ab6477a16

HTTP Headers

GET /downloadPart.php?partId=MzIwM3wyfElOQk9Y&connInfo=aW1hcC1jbHVzdGVyLmlkYzIubWFuZGljLmNvbS5icnwxNDN8cmVjZXBjYW9jZW50cmFsQGhvc3BpdGFsYmFuZGVpcmFudGVzLmNvbS5icnwxMjM0NTY=&filename=OrcamentoTotal.zip HTTP/1.1
Host: webmail.hospitalbandeirantes.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Location: https://outlook.leforte.com.br/owa
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self';block-all-mixed-content;default-src 'self' https://*.outlook.com https://*.office365.com https://*.microsoftonline.com https://*.microsoft.com https://*.sharepointonline.com;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'report-sample' 'unsafe-inline';object-src 'none';frame-src 'self';child-src 'self';img-src 'self' data:;font-src 'self' data:;connect-src 'self';manifest-src 'self';base-uri 'self';form-action 'self' http://outlook.com https://*.outlook.com https://*.office365.com https://*.microsoftonline.com https://*.microsoft.com;media-src 'self';prefetch-src 'self';worker-src 'self';
X-OWA-VERSION: Hidden
Date: Tue, 07 May 2024 12:35:24 GMT
Content-Length: 157

outlook.leforte.com.br/owa

177.70.99.57

227 B

URL
outlook.leforte.com.br/owa
IP
177.70.99.57:0
ASN
#262545 Mandic S.A.

File type
HTML document, ASCII text, with CRLF line terminators
Size
227 B (227 bytes)
Hash
dddc372178a03de1e18a0fd5fa4d5efd
c1104527dc4b577c7e2970a694ed5d9257695589
81bf47a64213f4e6b9f39472a4ef3a7257f547b38fab2208a903833835d38c0f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa HTTP/1.1
Host: outlook.leforte.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
Location: https://outlook.leforte.com.br/owa/auth/logon.aspx?url=https%3a%2f%2foutlook.leforte.com.br%2fowa&reason=0
Server: Microsoft-IIS/8.5
request-id: e3dbdd99-e4da-4588-8e82-271842825b41
Set-Cookie: ClientId=NMUXKWCEEBS0ZHW; expires=Wed, 07-May-2025 12:35:25 GMT; path=/; HttpOnly
X-OWA-Version: Hidden
X-Powered-By: ASP.NET
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self';block-all-mixed-content;default-src 'self' https://*.outlook.com https://*.office365.com https://*.microsoftonline.com https://*.microsoft.com https://*.sharepointonline.com;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'report-sample' 'unsafe-inline';object-src 'none';frame-src 'self';child-src 'self';img-src 'self' data:;font-src 'self' data:;connect-src 'self';manifest-src 'self';base-uri 'self';form-action 'self' http://outlook.com https://*.outlook.com https://*.office365.com https://*.microsoftonline.com https://*.microsoft.com;media-src 'self';prefetch-src 'self';worker-src 'self';
X-FEServer: MHBEX01
Date: Tue, 07 May 2024 12:35:24 GMT
Content-Length: 227

outlook.leforte.com.br/owa/auth/logon.aspx?url=https%3a%2f%2foutlook.leforte.com.br%2fowa&reason=0

177.70.99.57

28 kB

URL
outlook.leforte.com.br/owa/auth/logon.aspx?url=https%3a%2f%2foutlook.leforte.com.br%2fowa&reason=0
IP
177.70.99.57:0
ASN
#262545 Mandic S.A.

File type
HTML document, ASCII text, with very long lines (1062), with CRLF, LF line terminators
Size
28 kB (27996 bytes)
Hash
1515228ee56008701614a740bdf25693
6ed8cf2262d95699478ead3c7e37675df75cd625
3ce59bd2bd011e63d421d82465d2a60317fa8e70261c2d3ec6eeb25e35e46103

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/auth/logon.aspx?url=https%3a%2f%2foutlook.leforte.com.br%2fowa&reason=0 HTTP/1.1
Host: outlook.leforte.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: ClientId=NMUXKWCEEBS0ZHW
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.5
request-id: d3e53ccc-7358-42f2-87f8-d3d9ac434daf
X-Frame-Options: SAMEORIGIN
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self';block-all-mixed-content;default-src 'self' https://*.outlook.com https://*.office365.com https://*.microsoftonline.com https://*.microsoft.com https://*.sharepointonline.com;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'report-sample' 'unsafe-inline';object-src 'none';frame-src 'self';child-src 'self';img-src 'self' data:;font-src 'self' data:;connect-src 'self';manifest-src 'self';base-uri 'self';form-action 'self' http://outlook.com https://*.outlook.com https://*.office365.com https://*.microsoftonline.com https://*.microsoft.com;media-src 'self';prefetch-src 'self';worker-src 'self';
X-OWA-VERSION: Hidden
Date: Tue, 07 May 2024 12:35:25 GMT
Content-Length: 27996

outlook.leforte.com.br/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2foutlook.leforte.com.br%2fowa

177.70.99.57

200 OK

58 kB

URL User Request GET HTTP/1.1
outlook.leforte.com.br/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2foutlook.leforte.com.br%2fowa
IP
177.70.99.57:443
ASN
#262545 Mandic S.A.

Certificate
IssuerGlobalSign nv-sa
Subjectoutlook.leforte.com.br
FingerprintED:4A:55:D9:F0:6A:C5:2F:DC:8C:44:75:2A:C1:BD:1C:A3:58:6C:B7
ValidityFri, 06 Oct 2023 18:58:35 GMT - Wed, 06 Nov 2024 18:58:34 GMT

File type
HTML document, ASCII text, with very long lines (7127), with CRLF, LF line terminators
Size
58 kB (58028 bytes)
Hash
94b64939199e85089e4e498afe90ce2e
d57284fc52ec947dd8889d650cf59e82397fbbe6
0fbedb5ea6d5983787520e3fe58058c88181075f2c3c608b5b48526a652a5cda

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2foutlook.leforte.com.br%2fowa HTTP/1.1
Host: outlook.leforte.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://outlook.leforte.com.br/owa/auth/logon.aspx?url=https%3a%2f%2foutlook.leforte.com.br%2fowa&reason=0
Cookie: ClientId=NMUXKWCEEBS0ZHW
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.5
request-id: b9d00276-1bb5-4d22-bea5-1cf15a0f3de8
X-Frame-Options: SAMEORIGIN
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self';block-all-mixed-content;default-src 'self' https://*.outlook.com https://*.office365.com https://*.microsoftonline.com https://*.microsoft.com https://*.sharepointonline.com;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'report-sample' 'unsafe-inline';object-src 'none';frame-src 'self';child-src 'self';img-src 'self' data:;font-src 'self' data:;connect-src 'self';manifest-src 'self';base-uri 'self';form-action 'self' http://outlook.com https://*.outlook.com https://*.office365.com https://*.microsoftonline.com https://*.microsoft.com;media-src 'self';prefetch-src 'self';worker-src 'self';
X-OWA-VERSION: Hidden
Date: Tue, 07 May 2024 12:35:25 GMT
Content-Length: 58028

outlook.leforte.com.br/owa/auth/15.0.1497/themes/resources/segoeui-regular.ttf

177.70.99.57

200 OK

57 kB

URL GET HTTP/1.1
outlook.leforte.com.br/owa/auth/15.0.1497/themes/resources/segoeui-regular.ttf
IP
177.70.99.57:443
ASN
#262545 Mandic S.A.

Requested by
https://outlook.leforte.com.br/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2foutlook.leforte.com.br%2fowa
Certificate
IssuerGlobalSign nv-sa
Subjectoutlook.leforte.com.br
FingerprintED:4A:55:D9:F0:6A:C5:2F:DC:8C:44:75:2A:C1:BD:1C:A3:58:6C:B7
ValidityFri, 06 Oct 2023 18:58:35 GMT - Wed, 06 Nov 2024 18:58:34 GMT

File type
TrueType Font data, 18 tables, 1st "LTSH", 11 names, Microsoft, language 0x409, � 2010 Microsoft Corporation. All Rights Reserved.RegularSegoe UI RegularVersion 0.81 Build 159S
Size
57 kB (56760 bytes)
Hash
8af990b6ad3ba192c2dd6a193890bf5f
4db5bf117ff8f1392fab3b438216d7cff4ae4976
c147c2ec76a8ab8bd5082f1f4d3f80a43c689165cb164cdd812e44048fe38708

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/auth/15.0.1497/themes/resources/segoeui-regular.ttf HTTP/1.1
Host: outlook.leforte.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://outlook.leforte.com.br/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2foutlook.leforte.com.br%2fowa
Cookie: ClientId=NMUXKWCEEBS0ZHW
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public,max-age=2592000
Content-Type: application/octet-stream
Last-Modified: Wed, 29 May 2019 04:02:58 GMT
Accept-Ranges: bytes
ETag: "0858b66d315d51:0"
Server: Microsoft-IIS/8.5
request-id: 19390016-fb11-48c7-99c8-0efd613d3068
X-Powered-By: ASP.NET
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self';block-all-mixed-content;default-src 'self' https://*.outlook.com https://*.office365.com https://*.microsoftonline.com https://*.microsoft.com https://*.sharepointonline.com;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'report-sample' 'unsafe-inline';object-src 'none';frame-src 'self';child-src 'self';img-src 'self' data:;font-src 'self' data:;connect-src 'self';manifest-src 'self';base-uri 'self';form-action 'self' http://outlook.com https://*.outlook.com https://*.office365.com https://*.microsoftonline.com https://*.microsoft.com;media-src 'self';prefetch-src 'self';worker-src 'self';
X-OWA-VERSION: Hidden
Date: Tue, 07 May 2024 12:35:26 GMT
Content-Length: 56760

outlook.leforte.com.br/owa/auth/15.0.1497/themes/resources/favicon.ico

177.70.99.57

200 OK

7.9 kB

URL GET HTTP/1.1
outlook.leforte.com.br/owa/auth/15.0.1497/themes/resources/favicon.ico
IP
177.70.99.57:443
ASN
#262545 Mandic S.A.

Requested by
https://outlook.leforte.com.br/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2foutlook.leforte.com.br%2fowa
Certificate
IssuerGlobalSign nv-sa
Subjectoutlook.leforte.com.br
FingerprintED:4A:55:D9:F0:6A:C5:2F:DC:8C:44:75:2A:C1:BD:1C:A3:58:6C:B7
ValidityFri, 06 Oct 2023 18:58:35 GMT - Wed, 06 Nov 2024 18:58:34 GMT

File type
MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
Size
7.9 kB (7886 bytes)
Hash
759fade9033aa298629e4b000dcd6dde
34a1adf5c7326d7bde5b5735471b5d81e611c189
cf0808a61ec571e0c4975663903b288009d55502ac0445d9948983b339a5cf6e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/auth/15.0.1497/themes/resources/favicon.ico HTTP/1.1
Host: outlook.leforte.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://outlook.leforte.com.br/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2foutlook.leforte.com.br%2fowa
Cookie: ClientId=NMUXKWCEEBS0ZHW
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public,max-age=2592000
Content-Type: image/x-icon
Last-Modified: Wed, 29 May 2019 04:02:58 GMT
Accept-Ranges: bytes
ETag: "0858b66d315d51:0"
Server: Microsoft-IIS/8.5
request-id: a477cf7e-dde3-4914-bcfe-852032129ccd
X-Powered-By: ASP.NET
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self';block-all-mixed-content;default-src 'self' https://*.outlook.com https://*.office365.com https://*.microsoftonline.com https://*.microsoft.com https://*.sharepointonline.com;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'report-sample' 'unsafe-inline';object-src 'none';frame-src 'self';child-src 'self';img-src 'self' data:;font-src 'self' data:;connect-src 'self';manifest-src 'self';base-uri 'self';form-action 'self' http://outlook.com https://*.outlook.com https://*.office365.com https://*.microsoftonline.com https://*.microsoft.com;media-src 'self';prefetch-src 'self';worker-src 'self';
X-OWA-VERSION: Hidden
Date: Tue, 07 May 2024 12:35:26 GMT
Content-Length: 7886

outlook.leforte.com.br/owa/auth/15.0.1497/themes/resources/segoeui-semilight.ttf

177.70.99.57

200 OK

42 kB

URL GET HTTP/1.1
outlook.leforte.com.br/owa/auth/15.0.1497/themes/resources/segoeui-semilight.ttf
IP
177.70.99.57:443
ASN
#262545 Mandic S.A.

Requested by
https://outlook.leforte.com.br/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2foutlook.leforte.com.br%2fowa
Certificate
IssuerGlobalSign nv-sa
Subjectoutlook.leforte.com.br
FingerprintED:4A:55:D9:F0:6A:C5:2F:DC:8C:44:75:2A:C1:BD:1C:A3:58:6C:B7
ValidityFri, 06 Oct 2023 18:58:35 GMT - Wed, 06 Nov 2024 18:58:34 GMT

File type
TrueType Font data, 16 tables, 1st "OS/2", 11 names, Microsoft, language 0x409, � 2010 Microsoft Corporation. All Rights Reserved.RegularSegoe UI SemilightVersion 1.00 build 16
Size
42 kB (41560 bytes)
Hash
6c26c24aabe31040657665b1e0d9505c
b3bdc48643752665e3e5798a192b27432a87d234
2d508a6e8979bba74b6fdf804c01a09a620c781e0fea73a8eefda904f5bcab25

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/auth/15.0.1497/themes/resources/segoeui-semilight.ttf HTTP/1.1
Host: outlook.leforte.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://outlook.leforte.com.br/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2foutlook.leforte.com.br%2fowa
Cookie: ClientId=NMUXKWCEEBS0ZHW
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public,max-age=2592000
Content-Type: application/octet-stream
Last-Modified: Wed, 29 May 2019 04:02:58 GMT
Accept-Ranges: bytes
ETag: "0858b66d315d51:0"
Server: Microsoft-IIS/8.5
request-id: e5ef73df-59fb-4348-9852-da32411aea95
X-Powered-By: ASP.NET
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self';block-all-mixed-content;default-src 'self' https://*.outlook.com https://*.office365.com https://*.microsoftonline.com https://*.microsoft.com https://*.sharepointonline.com;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'report-sample' 'unsafe-inline';object-src 'none';frame-src 'self';child-src 'self';img-src 'self' data:;font-src 'self' data:;connect-src 'self';manifest-src 'self';base-uri 'self';form-action 'self' http://outlook.com https://*.outlook.com https://*.office365.com https://*.microsoftonline.com https://*.microsoft.com;media-src 'self';prefetch-src 'self';worker-src 'self';
X-OWA-VERSION: Hidden
Date: Tue, 07 May 2024 12:35:26 GMT
Content-Length: 41560

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (7)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type