Report - mail.mingrad.ru/CookieAuth.dll?GetLogon?curl=Z2F&formdir=1&reason=0

Report Overview

Submitted URL
mail.mingrad.ru/CookieAuth.dll?GetLogon?curl=Z2F&formdir=1&reason=0
IP
91.207.24.194
ASN
#29076 Citytelecom LLC
Submitted
2024-04-20 10:44:24
Access
public
Website Title
Outlook Web App
Final URL
mail.mingrad.ru/CookieAuth.dll?GetLogon?curl=Z2F&formdir=1&reason=0
Tags
microsoft phishing
urlquery detections
Phishing - Microsoft

Detections

urlquery
15
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
mail.mingrad.ru	unknown	2018-11-28	2018-12-04	2024-04-16	7.2 kB	58 kB	91.207.24.194
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-04-19	512 B	1.2 kB	35.244.181.201

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-16	medium	mail.mingrad.ru/CookieAuth.dll?GetLogon?curl=Z2F&formdir=1&reason=0	Outlook

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	mail.mingrad.ru/CookieAuth.dll?GetPic?formdir=1&image=flogon.js	17 kB	2023-04-19	2024-04-29
Pretty URL mail.mingrad.ru/CookieAuth.dll?GetPic?formdir=1&image=flogon.js IP 91.207.24.194 ASN #29076 Citytelecom LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-19 02:35:45 Last Seen2024-04-29 23:18:46 Times Seen42 Hash 7285f3e74138d01e6708e44d0cd02e5a 6bdf0dd601c216c0404338704fdc79f19f8712e6 cbcd9492b20c918d6823e28908fc817b59ae5a4ca88c0fd68d3a7d0479c88e88 Loading...

	mail.mingrad.ru/CookieAuth.dll?GetLogon?curl=Z2F&formdir=1&reason=0	512 B	2023-03-07	2024-05-02
Pretty URL mail.mingrad.ru/CookieAuth.dll?GetLogon?curl=Z2F&formdir=1&reason=0 IP 91.207.24.194 ASN #29076 Citytelecom LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:19:42 Last Seen2024-05-02 23:44:37 Times Seen140 Hash c70b1fd16daf4535e1c4ab0fcec832e1 149c457f2182400601fe428f9caf3c53ac45c463 2742d10a8b4b670a85f87dd11eabfa3e0045c9e87eb12b8cc672c0bfed3caeae Loading...

	unknown	23 B	2023-04-19	2024-05-03
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-19 02:35:45 Last Seen2024-05-03 08:06:19 Times Seen135 Hash 054e877d2edf41b70598e6376d4f66d8 b8bacd603f7a40260d6755e5ef7d873f65a452bd ac05721c88cde9f5041a4722d1f86b6971985645817b1d4a05444c4e78036e0f Loading...

HTTP Transactions (15)

URL IP Response Size

mail.mingrad.ru/CookieAuth.dll?GetLogon?curl=Z2F&formdir=1&reason=0

91.207.24.194

200 OK

11 kB

URL User Request GET HTTP/1.1
mail.mingrad.ru/CookieAuth.dll?GetLogon?curl=Z2F&formdir=1&reason=0
IP
91.207.24.194:443
ASN
#29076 Citytelecom LLC

Certificate
IssuerGlobalSign nv-sa
Subjectmingrad.ru
FingerprintE2:A2:CF:CF:5E:90:3E:9D:20:6D:04:BC:01:1A:EE:99:D1:22:19:1C
ValidityWed, 07 Feb 2024 12:46:26 GMT - Mon, 10 Mar 2025 12:46:25 GMT

File type
HTML document, ASCII text, with very long lines (470), with CRLF line terminators
Size
11 kB (10644 bytes)
Hash
059448aaa21e64ca7660bc696aeda695
790dcee3ba7bdec9ea3ff6dbd052cd54e58a8334
4a8586f63c64ff837db65f267a0ac00190a556a33e9a14c318ac075fe8bad503

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
OpenPhish	phishing	Outlook

HTTP Headers

GET /CookieAuth.dll?GetLogon?curl=Z2F&formdir=1&reason=0 HTTP/1.1
Host: mail.mingrad.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Length: 10644
Content-Type: text/html
Pragma: no-cache
Cache-control: no-cache,max-age=0,must-revalidate

mail.mingrad.ru/CookieAuth.dll?GetPic?formdir=1&image=logon_style.css

91.207.24.194

200 OK

3.7 kB

URL GET HTTP/1.1
mail.mingrad.ru/CookieAuth.dll?GetPic?formdir=1&image=logon_style.css
IP
91.207.24.194:443
ASN
#29076 Citytelecom LLC

Requested by
https://mail.mingrad.ru/CookieAuth.dll?GetLogon?curl=Z2F&formdir=1&reason=0
Certificate
IssuerGlobalSign nv-sa
Subjectmingrad.ru
FingerprintE2:A2:CF:CF:5E:90:3E:9D:20:6D:04:BC:01:1A:EE:99:D1:22:19:1C
ValidityWed, 07 Feb 2024 12:46:26 GMT - Mon, 10 Mar 2025 12:46:25 GMT

File type
ASCII text, with CRLF line terminators
Size
3.7 kB (3746 bytes)
Hash
eb390c1f5114e6f46d91e8dae7426190
6f6dfc46137f7bb0bec6ff053bdf6ae42a0ebcf4
30fb8871b656c78a56c5b265316391f00999c4add687ae895ec6cecb903c0ca3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /CookieAuth.dll?GetPic?formdir=1&image=logon_style.css HTTP/1.1
Host: mail.mingrad.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mail.mingrad.ru/CookieAuth.dll?GetLogon?curl=Z2F&formdir=1&reason=0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Length: 3746
Content-Type: text/css
Cache-control: max-age=604800

mail.mingrad.ru/CookieAuth.dll?GetPic?formdir=1&image=owafont.css

91.207.24.194

200 OK

5.3 kB

URL GET HTTP/1.1
mail.mingrad.ru/CookieAuth.dll?GetPic?formdir=1&image=owafont.css
IP
91.207.24.194:443
ASN
#29076 Citytelecom LLC

Requested by
https://mail.mingrad.ru/CookieAuth.dll?GetLogon?curl=Z2F&formdir=1&reason=0
Certificate
IssuerGlobalSign nv-sa
Subjectmingrad.ru
FingerprintE2:A2:CF:CF:5E:90:3E:9D:20:6D:04:BC:01:1A:EE:99:D1:22:19:1C
ValidityWed, 07 Feb 2024 12:46:26 GMT - Mon, 10 Mar 2025 12:46:25 GMT

File type
ASCII text, with CRLF line terminators
Size
5.3 kB (5252 bytes)
Hash
9f2219d5b0220a73402c9f4495990900
49716d120f59965e095545a45eb7b4505b36097a
159f4b224ba13a8c9425965294caa598a874e980582c4c3f3f56a4bf0bea294d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /CookieAuth.dll?GetPic?formdir=1&image=owafont.css HTTP/1.1
Host: mail.mingrad.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mail.mingrad.ru/CookieAuth.dll?GetLogon?curl=Z2F&formdir=1&reason=0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Length: 5252
Content-Type: text/css
Cache-control: max-age=604800

mail.mingrad.ru/CookieAuth.dll?GetPic?formdir=1&image=flogon.js

91.207.24.194

200 OK

17 kB

URL GET HTTP/1.1
mail.mingrad.ru/CookieAuth.dll?GetPic?formdir=1&image=flogon.js
IP
91.207.24.194:443
ASN
#29076 Citytelecom LLC

Requested by
https://mail.mingrad.ru/CookieAuth.dll?GetLogon?curl=Z2F&formdir=1&reason=0
Certificate
IssuerGlobalSign nv-sa
Subjectmingrad.ru
FingerprintE2:A2:CF:CF:5E:90:3E:9D:20:6D:04:BC:01:1A:EE:99:D1:22:19:1C
ValidityWed, 07 Feb 2024 12:46:26 GMT - Mon, 10 Mar 2025 12:46:25 GMT

File type
ASCII text, with CRLF line terminators
Size
17 kB (17405 bytes)
Hash
7285f3e74138d01e6708e44d0cd02e5a
6bdf0dd601c216c0404338704fdc79f19f8712e6
cbcd9492b20c918d6823e28908fc817b59ae5a4ca88c0fd68d3a7d0479c88e88

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /CookieAuth.dll?GetPic?formdir=1&image=flogon.js HTTP/1.1
Host: mail.mingrad.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mail.mingrad.ru/CookieAuth.dll?GetLogon?curl=Z2F&formdir=1&reason=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Length: 17405
Content-Type: application/x-javascript
Cache-control: max-age=604800

mail.mingrad.ru/CookieAuth.dll?GetPic?formdir=1&image=lgntopr.gif

91.207.24.194

200 OK

581 B

URL GET HTTP/1.1
mail.mingrad.ru/CookieAuth.dll?GetPic?formdir=1&image=lgntopr.gif
IP
91.207.24.194:443
ASN
#29076 Citytelecom LLC

Requested by
https://mail.mingrad.ru/CookieAuth.dll?GetLogon?curl=Z2F&formdir=1&reason=0
Certificate
IssuerGlobalSign nv-sa
Subjectmingrad.ru
FingerprintE2:A2:CF:CF:5E:90:3E:9D:20:6D:04:BC:01:1A:EE:99:D1:22:19:1C
ValidityWed, 07 Feb 2024 12:46:26 GMT - Mon, 10 Mar 2025 12:46:25 GMT

File type
GIF image data, version 89a, 45 x 115
Size
581 B (581 bytes)
Hash
031bed6f568fbddddf550a97400b273f
69342ba98b1a924ea4f984f5ef6b244ba0177cb3
f27d451896ac6a8b768361e3f07c2adf1ee7ae6bcb92ac6d0bda7fb5cf915301

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /CookieAuth.dll?GetPic?formdir=1&image=lgntopr.gif HTTP/1.1
Host: mail.mingrad.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mail.mingrad.ru/CookieAuth.dll?GetLogon?curl=Z2F&formdir=1&reason=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Length: 581
Content-Type: image/gif
Cache-control: max-age=604800

mail.mingrad.ru/CookieAuth.dll?GetPic?formdir=1&image=lgnbotr.gif

91.207.24.194

200 OK

2.4 kB

URL GET HTTP/1.1
mail.mingrad.ru/CookieAuth.dll?GetPic?formdir=1&image=lgnbotr.gif
IP
91.207.24.194:443
ASN
#29076 Citytelecom LLC

Requested by
https://mail.mingrad.ru/CookieAuth.dll?GetLogon?curl=Z2F&formdir=1&reason=0
Certificate
IssuerGlobalSign nv-sa
Subjectmingrad.ru
FingerprintE2:A2:CF:CF:5E:90:3E:9D:20:6D:04:BC:01:1A:EE:99:D1:22:19:1C
ValidityWed, 07 Feb 2024 12:46:26 GMT - Mon, 10 Mar 2025 12:46:25 GMT

File type
GIF image data, version 89a, 45 x 54
Size
2.4 kB (2392 bytes)
Hash
43b7c46b32691aa778c5e49d139db8f5
e72b87c696eed81b71b853ce245a30377dce205e
97305ffb8ff74176df42bcd213e7cdfd7679630e19911a2db7b399c7960aec3e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /CookieAuth.dll?GetPic?formdir=1&image=lgnbotr.gif HTTP/1.1
Host: mail.mingrad.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mail.mingrad.ru/CookieAuth.dll?GetLogon?curl=Z2F&formdir=1&reason=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Length: 2392
Content-Type: image/gif
Cache-control: max-age=604800

mail.mingrad.ru/CookieAuth.dll?GetPic?formdir=1&image=lgntopl.gif

91.207.24.194

200 OK

4.5 kB

URL GET HTTP/1.1
mail.mingrad.ru/CookieAuth.dll?GetPic?formdir=1&image=lgntopl.gif
IP
91.207.24.194:443
ASN
#29076 Citytelecom LLC

Requested by
https://mail.mingrad.ru/CookieAuth.dll?GetLogon?curl=Z2F&formdir=1&reason=0
Certificate
IssuerGlobalSign nv-sa
Subjectmingrad.ru
FingerprintE2:A2:CF:CF:5E:90:3E:9D:20:6D:04:BC:01:1A:EE:99:D1:22:19:1C
ValidityWed, 07 Feb 2024 12:46:26 GMT - Mon, 10 Mar 2025 12:46:25 GMT

File type
GIF image data, version 89a, 456 x 115
Size
4.5 kB (4455 bytes)
Hash
6ae33a65d15f6bb5113e066fca7fa73a
fa8477f0eaed3ade4a217e91133ba37242be0c19
b478b93f8f9a262321211d8ce812cdd6accdfb4ede6e0230ccf44e77ad161f97

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /CookieAuth.dll?GetPic?formdir=1&image=lgntopl.gif HTTP/1.1
Host: mail.mingrad.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mail.mingrad.ru/CookieAuth.dll?GetLogon?curl=Z2F&formdir=1&reason=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Length: 4455
Content-Type: image/gif
Cache-control: max-age=604800

mail.mingrad.ru/CookieAuth.dll?GetPic?formdir=1&image=lgnexlogo.gif

91.207.24.194

200 OK

61 B

URL GET HTTP/1.1
mail.mingrad.ru/CookieAuth.dll?GetPic?formdir=1&image=lgnexlogo.gif
IP
91.207.24.194:443
ASN
#29076 Citytelecom LLC

Requested by
https://mail.mingrad.ru/CookieAuth.dll?GetLogon?curl=Z2F&formdir=1&reason=0
Certificate
IssuerGlobalSign nv-sa
Subjectmingrad.ru
FingerprintE2:A2:CF:CF:5E:90:3E:9D:20:6D:04:BC:01:1A:EE:99:D1:22:19:1C
ValidityWed, 07 Feb 2024 12:46:26 GMT - Mon, 10 Mar 2025 12:46:25 GMT

File type
GIF image data, version 89a, 22 x 22
Size
61 B (61 bytes)
Hash
873c522598fb6da9f70d5dde7ccf6213
c09fdcf5e3933b8efdae4505825e786462cdad51
b125c5f621a199d89bc496740d7dac72f1a8462465a1b61e331727f5d369b2f4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /CookieAuth.dll?GetPic?formdir=1&image=lgnexlogo.gif HTTP/1.1
Host: mail.mingrad.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mail.mingrad.ru/CookieAuth.dll?GetLogon?curl=Z2F&formdir=1&reason=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Length: 61
Content-Type: image/gif
Cache-control: max-age=604800

mail.mingrad.ru/CookieAuth.dll?GetPic?formdir=1&image=lgnbotl.gif

91.207.24.194

200 OK

9.3 kB

URL GET HTTP/1.1
mail.mingrad.ru/CookieAuth.dll?GetPic?formdir=1&image=lgnbotl.gif
IP
91.207.24.194:443
ASN
#29076 Citytelecom LLC

Requested by
https://mail.mingrad.ru/CookieAuth.dll?GetLogon?curl=Z2F&formdir=1&reason=0
Certificate
IssuerGlobalSign nv-sa
Subjectmingrad.ru
FingerprintE2:A2:CF:CF:5E:90:3E:9D:20:6D:04:BC:01:1A:EE:99:D1:22:19:1C
ValidityWed, 07 Feb 2024 12:46:26 GMT - Mon, 10 Mar 2025 12:46:25 GMT

File type
GIF image data, version 89a, 456 x 54
Size
9.3 kB (9311 bytes)
Hash
e0a2c263c6745f251720fe0876d140c4
51b2196c6b10b8c6443e4f91b4c6281134755f33
0e2cda541bf24815df2facd5729d44b70ef4e4bdd160169295944aefc9e51b0b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /CookieAuth.dll?GetPic?formdir=1&image=lgnbotl.gif HTTP/1.1
Host: mail.mingrad.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mail.mingrad.ru/CookieAuth.dll?GetLogon?curl=Z2F&formdir=1&reason=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Length: 9311
Content-Type: image/gif
Cache-control: max-age=604800

mail.mingrad.ru/CookieAuth.dll?GetPic?formdir=1&image=lgnleft.gif

91.207.24.194

200 OK

290 B

URL GET HTTP/1.1
mail.mingrad.ru/CookieAuth.dll?GetPic?formdir=1&image=lgnleft.gif
IP
91.207.24.194:443
ASN
#29076 Citytelecom LLC

Requested by
https://mail.mingrad.ru/CookieAuth.dll?GetLogon?curl=Z2F&formdir=1&reason=0
Certificate
IssuerGlobalSign nv-sa
Subjectmingrad.ru
FingerprintE2:A2:CF:CF:5E:90:3E:9D:20:6D:04:BC:01:1A:EE:99:D1:22:19:1C
ValidityWed, 07 Feb 2024 12:46:26 GMT - Mon, 10 Mar 2025 12:46:25 GMT

File type
GIF image data, version 89a, 15 x 200
Size
290 B (290 bytes)
Hash
baf34665612f4d59f7cfc06ea82da21d
2c8cf5f76499e66d609ddaac026720ef28078421
96a4b86c4a5ff1f1aa67c52287be64ebd51598d32cbd1249351e462cae549185

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /CookieAuth.dll?GetPic?formdir=1&image=lgnleft.gif HTTP/1.1
Host: mail.mingrad.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mail.mingrad.ru/CookieAuth.dll?GetPic?formdir=1&image=logon_style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Length: 290
Content-Type: image/gif
Cache-control: max-age=604800

mail.mingrad.ru/CookieAuth.dll?GetPic?formdir=1&image=lgnright.gif

91.207.24.194

200 OK

306 B

URL GET HTTP/1.1
mail.mingrad.ru/CookieAuth.dll?GetPic?formdir=1&image=lgnright.gif
IP
91.207.24.194:443
ASN
#29076 Citytelecom LLC

Requested by
https://mail.mingrad.ru/CookieAuth.dll?GetLogon?curl=Z2F&formdir=1&reason=0
Certificate
IssuerGlobalSign nv-sa
Subjectmingrad.ru
FingerprintE2:A2:CF:CF:5E:90:3E:9D:20:6D:04:BC:01:1A:EE:99:D1:22:19:1C
ValidityWed, 07 Feb 2024 12:46:26 GMT - Mon, 10 Mar 2025 12:46:25 GMT

File type
GIF image data, version 89a, 15 x 200
Size
306 B (306 bytes)
Hash
391603f1faee60db855bd11650dbbf72
9728452459447efcc7c453c2150139839fa174bc
a9626d4f60b20f2da50f763f20d891a70625dde0dba68116896026c400b8b775

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /CookieAuth.dll?GetPic?formdir=1&image=lgnright.gif HTTP/1.1
Host: mail.mingrad.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mail.mingrad.ru/CookieAuth.dll?GetPic?formdir=1&image=logon_style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Length: 306
Content-Type: image/gif
Cache-control: max-age=604800

mail.mingrad.ru/CookieAuth.dll?GetPic?formdir=1&image=lgntopm.gif

91.207.24.194

200 OK

58 B

URL GET HTTP/1.1
mail.mingrad.ru/CookieAuth.dll?GetPic?formdir=1&image=lgntopm.gif
IP
91.207.24.194:443
ASN
#29076 Citytelecom LLC

Requested by
https://mail.mingrad.ru/CookieAuth.dll?GetLogon?curl=Z2F&formdir=1&reason=0
Certificate
IssuerGlobalSign nv-sa
Subjectmingrad.ru
FingerprintE2:A2:CF:CF:5E:90:3E:9D:20:6D:04:BC:01:1A:EE:99:D1:22:19:1C
ValidityWed, 07 Feb 2024 12:46:26 GMT - Mon, 10 Mar 2025 12:46:25 GMT

File type
GIF image data, version 89a, 1 x 115
Size
58 B (58 bytes)
Hash
0615717b3645a8573f07347cdb74d69f
b707c5a9ede57d3232138ed7ccdb0b4ee9e56043
9d894a6800fd18d20423c66066097b9653be9eb3796f6a0e216dca220c45d6d6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /CookieAuth.dll?GetPic?formdir=1&image=lgntopm.gif HTTP/1.1
Host: mail.mingrad.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mail.mingrad.ru/CookieAuth.dll?GetPic?formdir=1&image=logon_style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Length: 58
Content-Type: image/gif
Cache-control: max-age=604800

mail.mingrad.ru/CookieAuth.dll?GetPic?formdir=1&image=lgnbotm.gif

91.207.24.194

200 OK

276 B

URL GET HTTP/1.1
mail.mingrad.ru/CookieAuth.dll?GetPic?formdir=1&image=lgnbotm.gif
IP
91.207.24.194:443
ASN
#29076 Citytelecom LLC

Requested by
https://mail.mingrad.ru/CookieAuth.dll?GetLogon?curl=Z2F&formdir=1&reason=0
Certificate
IssuerGlobalSign nv-sa
Subjectmingrad.ru
FingerprintE2:A2:CF:CF:5E:90:3E:9D:20:6D:04:BC:01:1A:EE:99:D1:22:19:1C
ValidityWed, 07 Feb 2024 12:46:26 GMT - Mon, 10 Mar 2025 12:46:25 GMT

File type
GIF image data, version 89a, 1 x 54
Size
276 B (276 bytes)
Hash
704330b6d293ce2d32780739218696b9
6ebd408ff617f5317595121191a92bd9ba69a01f
6097839fd066f359bbe21fb228714cd33385a6995a060eaa504ee190e3c1178a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /CookieAuth.dll?GetPic?formdir=1&image=lgnbotm.gif HTTP/1.1
Host: mail.mingrad.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mail.mingrad.ru/CookieAuth.dll?GetPic?formdir=1&image=logon_style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Length: 276
Content-Type: image/gif
Cache-control: max-age=604800

mail.mingrad.ru/CookieAuth.dll?GetPic?formdir=1&image=favicon.ico

91.207.24.194

200 OK

1.2 kB

URL GET HTTP/1.1
mail.mingrad.ru/CookieAuth.dll?GetPic?formdir=1&image=favicon.ico
IP
91.207.24.194:443
ASN
#29076 Citytelecom LLC

Requested by
https://mail.mingrad.ru/CookieAuth.dll?GetLogon?curl=Z2F&formdir=1&reason=0
Certificate
IssuerGlobalSign nv-sa
Subjectmingrad.ru
FingerprintE2:A2:CF:CF:5E:90:3E:9D:20:6D:04:BC:01:1A:EE:99:D1:22:19:1C
ValidityWed, 07 Feb 2024 12:46:26 GMT - Mon, 10 Mar 2025 12:46:25 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
738c26ac73a5817089c30ef2da9a707e
8832d1f0830554f33c62df6f52814410ef950f88
ee6a7f6889908066f36944f85661471d18eb93fa8577e7a719f3ad4b867cf381

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /CookieAuth.dll?GetPic?formdir=1&image=favicon.ico HTTP/1.1
Host: mail.mingrad.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mail.mingrad.ru/CookieAuth.dll?GetLogon?curl=Z2F&formdir=1&reason=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Length: 1150
Content-Type: image/x-icon
Cache-control: max-age=604800

aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

444 B

URL
aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
XML 1.0 document, ASCII text, with very long lines (332)
Size
444 B (444 bytes)
Hash
3b324dec137a87ef7e24a30a65b13dd0
c0faa95b2f1018e264b3a14aaf50d1003e6c27b3
6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463

HTTP Headers

GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-05-20-00-15-28.chain; p384ecdsa=gVxQ9WoJEa1remLvMq4NcefWSUJ8V7-XADYhcMZDH4ZrX-IofMI0r8OJVVctu6hjIPp1XVopW08Y_clClzLc4rrHBuRMYGINmEdyqEdPMpthw7vOoFVzYayFfewY3UR4
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: MISS
content-encoding: gzip
via: 1.1 google
date: Sat, 20 Apr 2024 10:43:58 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 20
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (15)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type