webmail.hospitalbandeirantes.com.br/downloadPart.php?partId=MzIwM3wyfElOQk9Y&connInfo=aW1hcC1jbHVzdGVyLmlkYzIubWFuZGljLmNvbS5icnwxNDN8cmVjZXBjYW9jZW50cmFsQGhvc3BpdGFsYmFuZGVpcmFudGVzLmNvbS5icnwxMjM0NTY=&filename=OrcamentoTotal.zip
177.70.99.57 157 B URL webmail.hospitalbandeirantes.com.br/downloadPart.php?partId=MzIwM3wyfElOQk9Y&connInfo=aW1hcC1jbHVzdGVyLmlkYzIubWFuZGljLmNvbS5icnwxNDN8cmVjZXBjYW9jZW50cmFsQGhvc3BpdGFsYmFuZGVpcmFudGVzLmNvbS5icnwxMjM0NTY=&filename=OrcamentoTotal.zip
IP 177.70.99.57:0
File type HTML document, ASCII text
Hash abeec9486bdd3814d0afc0ddc0e92453
807f5bc09e0b04761dad09d1923830cc5b69fb56
2c63b4e24ccc3d429014d8b39e8cd9885b794b069679af3460c8ee0ab6477a16
GET /downloadPart.php?partId=MzIwM3wyfElOQk9Y&connInfo=aW1hcC1jbHVzdGVyLmlkYzIubWFuZGljLmNvbS5icnwxNDN8cmVjZXBjYW9jZW50cmFsQGhvc3BpdGFsYmFuZGVpcmFudGVzLmNvbS5icnwxMjM0NTY=&filename=OrcamentoTotal.zip HTTP/1.1
Host: webmail.hospitalbandeirantes.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Location: https://outlook.leforte.com.br/owa
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self';block-all-mixed-content;default-src 'self' https://*.outlook.com https://*.office365.com https://*.microsoftonline.com https://*.microsoft.com https://*.sharepointonline.com;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'report-sample' 'unsafe-inline';object-src 'none';frame-src 'self';child-src 'self';img-src 'self' data:;font-src 'self' data:;connect-src 'self';manifest-src 'self';base-uri 'self';form-action 'self' http://outlook.com https://*.outlook.com https://*.office365.com https://*.microsoftonline.com https://*.microsoft.com;media-src 'self';prefetch-src 'self';worker-src 'self';
X-OWA-VERSION: Hidden
Date: Tue, 07 May 2024 12:35:24 GMT
Content-Length: 157
outlook.leforte.com.br/owa
177.70.99.57 227 B URL outlook.leforte.com.br/owa
IP 177.70.99.57:0
File type HTML document, ASCII text, with CRLF line terminators
Hash dddc372178a03de1e18a0fd5fa4d5efd
c1104527dc4b577c7e2970a694ed5d9257695589
81bf47a64213f4e6b9f39472a4ef3a7257f547b38fab2208a903833835d38c0f
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /owa HTTP/1.1
Host: outlook.leforte.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
Location: https://outlook.leforte.com.br/owa/auth/logon.aspx?url=https%3a%2f%2foutlook.leforte.com.br%2fowa&reason=0
Server: Microsoft-IIS/8.5
request-id: e3dbdd99-e4da-4588-8e82-271842825b41
Set-Cookie: ClientId=NMUXKWCEEBS0ZHW; expires=Wed, 07-May-2025 12:35:25 GMT; path=/; HttpOnly
X-OWA-Version: Hidden
X-Powered-By: ASP.NET
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self';block-all-mixed-content;default-src 'self' https://*.outlook.com https://*.office365.com https://*.microsoftonline.com https://*.microsoft.com https://*.sharepointonline.com;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'report-sample' 'unsafe-inline';object-src 'none';frame-src 'self';child-src 'self';img-src 'self' data:;font-src 'self' data:;connect-src 'self';manifest-src 'self';base-uri 'self';form-action 'self' http://outlook.com https://*.outlook.com https://*.office365.com https://*.microsoftonline.com https://*.microsoft.com;media-src 'self';prefetch-src 'self';worker-src 'self';
X-FEServer: MHBEX01
Date: Tue, 07 May 2024 12:35:24 GMT
Content-Length: 227
outlook.leforte.com.br/owa/auth/logon.aspx?url=https%3a%2f%2foutlook.leforte.com.br%2fowa&reason=0
177.70.99.57 28 kB URL outlook.leforte.com.br/owa/auth/logon.aspx?url=https%3a%2f%2foutlook.leforte.com.br%2fowa&reason=0
IP 177.70.99.57:0
File type HTML document, ASCII text, with very long lines (1062), with CRLF, LF line terminators
Hash 1515228ee56008701614a740bdf25693
6ed8cf2262d95699478ead3c7e37675df75cd625
3ce59bd2bd011e63d421d82465d2a60317fa8e70261c2d3ec6eeb25e35e46103
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /owa/auth/logon.aspx?url=https%3a%2f%2foutlook.leforte.com.br%2fowa&reason=0 HTTP/1.1
Host: outlook.leforte.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: ClientId=NMUXKWCEEBS0ZHW
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.5
request-id: d3e53ccc-7358-42f2-87f8-d3d9ac434daf
X-Frame-Options: SAMEORIGIN
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self';block-all-mixed-content;default-src 'self' https://*.outlook.com https://*.office365.com https://*.microsoftonline.com https://*.microsoft.com https://*.sharepointonline.com;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'report-sample' 'unsafe-inline';object-src 'none';frame-src 'self';child-src 'self';img-src 'self' data:;font-src 'self' data:;connect-src 'self';manifest-src 'self';base-uri 'self';form-action 'self' http://outlook.com https://*.outlook.com https://*.office365.com https://*.microsoftonline.com https://*.microsoft.com;media-src 'self';prefetch-src 'self';worker-src 'self';
X-OWA-VERSION: Hidden
Date: Tue, 07 May 2024 12:35:25 GMT
Content-Length: 27996
outlook.leforte.com.br/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2foutlook.leforte.com.br%2fowa
177.70.99.57200 OK 58 kB URL User Request GET HTTP/1.1 outlook.leforte.com.br/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2foutlook.leforte.com.br%2fowa
IP 177.70.99.57:443
Certificate IssuerGlobalSign nv-sa
Subjectoutlook.leforte.com.br
FingerprintED:4A:55:D9:F0:6A:C5:2F:DC:8C:44:75:2A:C1:BD:1C:A3:58:6C:B7
ValidityFri, 06 Oct 2023 18:58:35 GMT - Wed, 06 Nov 2024 18:58:34 GMT
File type HTML document, ASCII text, with very long lines (7127), with CRLF, LF line terminators
Hash 94b64939199e85089e4e498afe90ce2e
d57284fc52ec947dd8889d650cf59e82397fbbe6
0fbedb5ea6d5983787520e3fe58058c88181075f2c3c608b5b48526a652a5cda
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2foutlook.leforte.com.br%2fowa HTTP/1.1
Host: outlook.leforte.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://outlook.leforte.com.br/owa/auth/logon.aspx?url=https%3a%2f%2foutlook.leforte.com.br%2fowa&reason=0
Cookie: ClientId=NMUXKWCEEBS0ZHW
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.5
request-id: b9d00276-1bb5-4d22-bea5-1cf15a0f3de8
X-Frame-Options: SAMEORIGIN
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self';block-all-mixed-content;default-src 'self' https://*.outlook.com https://*.office365.com https://*.microsoftonline.com https://*.microsoft.com https://*.sharepointonline.com;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'report-sample' 'unsafe-inline';object-src 'none';frame-src 'self';child-src 'self';img-src 'self' data:;font-src 'self' data:;connect-src 'self';manifest-src 'self';base-uri 'self';form-action 'self' http://outlook.com https://*.outlook.com https://*.office365.com https://*.microsoftonline.com https://*.microsoft.com;media-src 'self';prefetch-src 'self';worker-src 'self';
X-OWA-VERSION: Hidden
Date: Tue, 07 May 2024 12:35:25 GMT
Content-Length: 58028
outlook.leforte.com.br/owa/auth/15.0.1497/themes/resources/segoeui-regular.ttf
177.70.99.57200 OK 57 kB URL GET HTTP/1.1 outlook.leforte.com.br/owa/auth/15.0.1497/themes/resources/segoeui-regular.ttf
IP 177.70.99.57:443
Requested by https://outlook.leforte.com.br/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2foutlook.leforte.com.br%2fowa
Certificate IssuerGlobalSign nv-sa
Subjectoutlook.leforte.com.br
FingerprintED:4A:55:D9:F0:6A:C5:2F:DC:8C:44:75:2A:C1:BD:1C:A3:58:6C:B7
ValidityFri, 06 Oct 2023 18:58:35 GMT - Wed, 06 Nov 2024 18:58:34 GMT
File type TrueType Font data, 18 tables, 1st "LTSH", 11 names, Microsoft, language 0x409, � 2010 Microsoft Corporation. All Rights Reserved.RegularSegoe UI RegularVersion 0.81 Build 159S
Hash 8af990b6ad3ba192c2dd6a193890bf5f
4db5bf117ff8f1392fab3b438216d7cff4ae4976
c147c2ec76a8ab8bd5082f1f4d3f80a43c689165cb164cdd812e44048fe38708
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /owa/auth/15.0.1497/themes/resources/segoeui-regular.ttf HTTP/1.1
Host: outlook.leforte.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://outlook.leforte.com.br/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2foutlook.leforte.com.br%2fowa
Cookie: ClientId=NMUXKWCEEBS0ZHW
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: public,max-age=2592000
Content-Type: application/octet-stream
Last-Modified: Wed, 29 May 2019 04:02:58 GMT
Accept-Ranges: bytes
ETag: "0858b66d315d51:0"
Server: Microsoft-IIS/8.5
request-id: 19390016-fb11-48c7-99c8-0efd613d3068
X-Powered-By: ASP.NET
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self';block-all-mixed-content;default-src 'self' https://*.outlook.com https://*.office365.com https://*.microsoftonline.com https://*.microsoft.com https://*.sharepointonline.com;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'report-sample' 'unsafe-inline';object-src 'none';frame-src 'self';child-src 'self';img-src 'self' data:;font-src 'self' data:;connect-src 'self';manifest-src 'self';base-uri 'self';form-action 'self' http://outlook.com https://*.outlook.com https://*.office365.com https://*.microsoftonline.com https://*.microsoft.com;media-src 'self';prefetch-src 'self';worker-src 'self';
X-OWA-VERSION: Hidden
Date: Tue, 07 May 2024 12:35:26 GMT
Content-Length: 56760
outlook.leforte.com.br/owa/auth/15.0.1497/themes/resources/favicon.ico
177.70.99.57200 OK 7.9 kB URL GET HTTP/1.1 outlook.leforte.com.br/owa/auth/15.0.1497/themes/resources/favicon.ico
IP 177.70.99.57:443
Requested by https://outlook.leforte.com.br/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2foutlook.leforte.com.br%2fowa
Certificate IssuerGlobalSign nv-sa
Subjectoutlook.leforte.com.br
FingerprintED:4A:55:D9:F0:6A:C5:2F:DC:8C:44:75:2A:C1:BD:1C:A3:58:6C:B7
ValidityFri, 06 Oct 2023 18:58:35 GMT - Wed, 06 Nov 2024 18:58:34 GMT
File type MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
Hash 759fade9033aa298629e4b000dcd6dde
34a1adf5c7326d7bde5b5735471b5d81e611c189
cf0808a61ec571e0c4975663903b288009d55502ac0445d9948983b339a5cf6e
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /owa/auth/15.0.1497/themes/resources/favicon.ico HTTP/1.1
Host: outlook.leforte.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://outlook.leforte.com.br/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2foutlook.leforte.com.br%2fowa
Cookie: ClientId=NMUXKWCEEBS0ZHW
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: public,max-age=2592000
Content-Type: image/x-icon
Last-Modified: Wed, 29 May 2019 04:02:58 GMT
Accept-Ranges: bytes
ETag: "0858b66d315d51:0"
Server: Microsoft-IIS/8.5
request-id: a477cf7e-dde3-4914-bcfe-852032129ccd
X-Powered-By: ASP.NET
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self';block-all-mixed-content;default-src 'self' https://*.outlook.com https://*.office365.com https://*.microsoftonline.com https://*.microsoft.com https://*.sharepointonline.com;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'report-sample' 'unsafe-inline';object-src 'none';frame-src 'self';child-src 'self';img-src 'self' data:;font-src 'self' data:;connect-src 'self';manifest-src 'self';base-uri 'self';form-action 'self' http://outlook.com https://*.outlook.com https://*.office365.com https://*.microsoftonline.com https://*.microsoft.com;media-src 'self';prefetch-src 'self';worker-src 'self';
X-OWA-VERSION: Hidden
Date: Tue, 07 May 2024 12:35:26 GMT
Content-Length: 7886
outlook.leforte.com.br/owa/auth/15.0.1497/themes/resources/segoeui-semilight.ttf
177.70.99.57200 OK 42 kB URL GET HTTP/1.1 outlook.leforte.com.br/owa/auth/15.0.1497/themes/resources/segoeui-semilight.ttf
IP 177.70.99.57:443
Requested by https://outlook.leforte.com.br/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2foutlook.leforte.com.br%2fowa
Certificate IssuerGlobalSign nv-sa
Subjectoutlook.leforte.com.br
FingerprintED:4A:55:D9:F0:6A:C5:2F:DC:8C:44:75:2A:C1:BD:1C:A3:58:6C:B7
ValidityFri, 06 Oct 2023 18:58:35 GMT - Wed, 06 Nov 2024 18:58:34 GMT
File type TrueType Font data, 16 tables, 1st "OS/2", 11 names, Microsoft, language 0x409, � 2010 Microsoft Corporation. All Rights Reserved.RegularSegoe UI SemilightVersion 1.00 build 16
Hash 6c26c24aabe31040657665b1e0d9505c
b3bdc48643752665e3e5798a192b27432a87d234
2d508a6e8979bba74b6fdf804c01a09a620c781e0fea73a8eefda904f5bcab25
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /owa/auth/15.0.1497/themes/resources/segoeui-semilight.ttf HTTP/1.1
Host: outlook.leforte.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://outlook.leforte.com.br/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2foutlook.leforte.com.br%2fowa
Cookie: ClientId=NMUXKWCEEBS0ZHW
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: public,max-age=2592000
Content-Type: application/octet-stream
Last-Modified: Wed, 29 May 2019 04:02:58 GMT
Accept-Ranges: bytes
ETag: "0858b66d315d51:0"
Server: Microsoft-IIS/8.5
request-id: e5ef73df-59fb-4348-9852-da32411aea95
X-Powered-By: ASP.NET
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self';block-all-mixed-content;default-src 'self' https://*.outlook.com https://*.office365.com https://*.microsoftonline.com https://*.microsoft.com https://*.sharepointonline.com;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'report-sample' 'unsafe-inline';object-src 'none';frame-src 'self';child-src 'self';img-src 'self' data:;font-src 'self' data:;connect-src 'self';manifest-src 'self';base-uri 'self';form-action 'self' http://outlook.com https://*.outlook.com https://*.office365.com https://*.microsoftonline.com https://*.microsoft.com;media-src 'self';prefetch-src 'self';worker-src 'self';
X-OWA-VERSION: Hidden
Date: Tue, 07 May 2024 12:35:26 GMT
Content-Length: 41560