Report - rricrosoft-office.com/l/ab6876ce91f2644a2b60fb5e612546c00

Report Overview

Submitted URL
rricrosoft-office.com/l/ab6876ce91f2644a2b60fb5e612546c00
IP
20.50.64.14
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Submitted
2024-04-23 19:59:12
Access
public
Website Title
Titre
Final URL
rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
36

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
rricrosoft-office.com	unknown	2023-07-07	2023-08-06	2024-03-21	18 kB	362 kB	20.50.64.14

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-23	medium	rricrosoft-office.com	Sinkholed
2024-04-23	medium	rricrosoft-office.com	Sinkholed
2024-04-23	medium	rricrosoft-office.com	Sinkholed
2024-04-23	medium	rricrosoft-office.com	Sinkholed
2024-04-23	medium	rricrosoft-office.com	Sinkholed
2024-04-23	medium	rricrosoft-office.com	Sinkholed
2024-04-23	medium	rricrosoft-office.com	Sinkholed
2024-04-23	medium	rricrosoft-office.com	Sinkholed
2024-04-23	medium	rricrosoft-office.com	Sinkholed
2024-04-23	medium	rricrosoft-office.com	Sinkholed
2024-04-23	medium	rricrosoft-office.com	Sinkholed
2024-04-23	medium	rricrosoft-office.com	Sinkholed
2024-04-23	medium	rricrosoft-office.com	Sinkholed
2024-04-23	medium	rricrosoft-office.com	Sinkholed
2024-04-23	medium	rricrosoft-office.com	Sinkholed
2024-04-23	medium	rricrosoft-office.com	Sinkholed
2024-04-23	medium	rricrosoft-office.com	Sinkholed
2024-04-23	medium	rricrosoft-office.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (5)

	URL	Size	First Seen	Last Seen
	rricrosoft-office.com/common/jquery/jquery.min.js?tn=24446247	90 kB	2023-03-07	2024-05-03
Pretty URL rricrosoft-office.com/common/jquery/jquery.min.js?tn=24446247 IP 20.50.64.14 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:32 Last Seen2024-05-03 12:31:07 Times Seen5005 Hash 0732e3eabbf8aa7ce7f69eedbd07dfdd 4cd5ddc413b3024d7b56331c0d0d0b2bd933f27f ce9d07500ad91ec2b524c270764ec4c9a33e78320d8d374ec400ede488f6251b Loading...

	rricrosoft-office.com/common/bootstrap/js/bootstrap.min.js?tn=24446247	40 kB	2023-03-07	2024-04-29
Pretty URL rricrosoft-office.com/common/bootstrap/js/bootstrap.min.js?tn=24446247 IP 20.50.64.14 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11:58 Last Seen2024-04-29 11:57:12 Times Seen894 Hash 105a4995b8777aeaf68bff64bf7d2ae0 e21390f730eb97d3d26b908aaacecd0a00a433e0 a915d483b99af421f4813e6b60599b4e39faff120e54b5e9838386d4ae1a4c60 Loading...

	rricrosoft-office.com/common/jqueryui/jquery-ui.min.js?tn=24446247	255 kB	2023-03-11	2024-05-02
Pretty URL rricrosoft-office.com/common/jqueryui/jquery-ui.min.js?tn=24446247 IP 20.50.64.14 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 15:29:49 Last Seen2024-05-02 14:45:01 Times Seen286 Hash b4baecb73b7a75044853d7f4d363cb49 cee14f8598c3c7f75ed141896f976fe94ed286a0 9d9b75e6bf99296f7797ed12f73137f52966dbb02180ff054c6c01680c7bdb1d Loading...

	rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00	684 B	2024-04-23	2024-04-23
Pretty URL rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00 IP 20.50.64.14 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-23 21:59:13 Last Seen2024-04-23 21:59:13 Times Seen1 Hash 8b546c2ee232f1ea0529e02eef933c29 ed6ed601824b7782a91055928289fb6b7a40b73c bf2ed2f658a7b1e66dc71ef112518d04b52c78982fe1ae6593ab1571f35172b7 Loading...

	rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00	14 B	2023-03-07	2024-04-28
Pretty URL rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00 IP 20.50.64.14 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11:39 Last Seen2024-04-28 02:59:46 Times Seen455 Hash 179ad068ac0f04e2e18517821b8b45dc a4af10a643dedf0c09fa54aa4dba4bbb09c3d965 107c8e9cc904381f293522f76da0f3baa2936c6baca9f0829340ed6652d5a4ab Loading...

HTTP Transactions (18)

URL IP Response Size

rricrosoft-office.com/l/ab6876ce91f2644a2b60fb5e612546c00

20.50.64.14

346 B

URL
rricrosoft-office.com/l/ab6876ce91f2644a2b60fb5e612546c00
IP
20.50.64.14:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document, ASCII text, with CRLF line terminators
Size
346 B (346 bytes)
Hash
f785076045669136377c9660121aa0ca
e015e18a8af57dc716837ab61922cdd642fc2481
1121046b736e863e9e17b97d39547f2ba3bc317b37681de3d2e251ba0696cade

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /l/ab6876ce91f2644a2b60fb5e612546c00 HTTP/1.1
Host: rricrosoft-office.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 346
Content-Type: text/html; charset=utf-8
Date: Tue, 23 Apr 2024 19:58:45 GMT
Cache-Control: private
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=edge
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'unsafe-inline' 'self' https://www.youtube.com; img-src 'unsafe-inline' 'self' blob: data:; script-src 'unsafe-inline' 'unsafe-eval' 'self'; script-src-elem 'unsafe-inline' 'self' https://jquery.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ; frame-src 'self' data: https://www.youtube.com/;
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: geolocation=()

rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00

20.50.64.14

200 OK

3.5 kB

URL User Request GET HTTP/1.1
rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
IP
20.50.64.14:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Certificate
IssuerLet's Encrypt
Subject*.rricrosoft-office.com
Fingerprint47:B9:24:85:B8:DD:D0:0D:85:6F:FB:4E:F9:B5:B6:E9:DC:52:DA:CA
ValidityMon, 22 Apr 2024 23:11:01 GMT - Sun, 21 Jul 2024 23:11:00 GMT

File type
HTML document, ASCII text, with very long lines (2655), with CRLF line terminators
Size
3.5 kB (3523 bytes)
Hash
14b7a65940f3bac226a4dd4e841eeaa1
d75612409155b75ff7739b3691c74778760a5bb4
3fc2d8815bb457674c41e6dab988e91e2a8992288a85f070c10b5501b666bb64

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00 HTTP/1.1
Host: rricrosoft-office.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rricrosoft-office.com/l/ab6876ce91f2644a2b60fb5e612546c00
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 3523
Content-Type: text/html; charset=utf-8
Date: Tue, 23 Apr 2024 19:58:48 GMT
Cache-Control: private
Content-Encoding: gzip
Set-Cookie: tnlna.enc=CurrentCampaignRecipientID=i41UG950sWZwF5gsMWSL_7nDeREMl8Lx-RZq6CWcUmbKgzd8VcusxRuFWcxjtnbYk0TdiPP4qlSTUfxtiVLTPw2&ExpirationDate=PXUlgzy7-QKgCrAxZceAt-uV52cJ40CyzulxTCD1jp8jiz5g207lV1bZ5XCQqd4A5ftyF9Y9TWhhnMlcQxcggjt2p20J3zi9JQWxtwTaEX01&CurrentCampaignRecipientEventLogID=o68TIHcQbo4F0mhA4FiSe8JOk5BLvDX63h-TfBEdy2GRFNzSQHD1UDhVZvFPGPoVNqphXa65UlXVDmc36hwCLw2&TotalLearningTime=kklSMkyYORUyYcCtMrXNEgKuJVHlJ55VU74HHZ8rh8EMZP67PmhDTtbHfL1XrfgbyDYCWp-4SLbM-S_BNAmXAA2; expires=Thu, 23-May-2024 19:58:46 GMT; path=/; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=edge
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'unsafe-inline' 'self' https://www.youtube.com; img-src 'unsafe-inline' 'self' blob: data:; script-src 'unsafe-inline' 'unsafe-eval' 'self'; script-src-elem 'unsafe-inline' 'self' https://jquery.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ; frame-src 'self' data: https://www.youtube.com/;
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: geolocation=()

rricrosoft-office.com/common/bootstrap/css/bootstrap.css

20.50.64.14

200 OK

23 kB

URL GET HTTP/1.1
rricrosoft-office.com/common/bootstrap/css/bootstrap.css
IP
20.50.64.14:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
Certificate
IssuerLet's Encrypt
Subject*.rricrosoft-office.com
Fingerprint47:B9:24:85:B8:DD:D0:0D:85:6F:FB:4E:F9:B5:B6:E9:DC:52:DA:CA
ValidityMon, 22 Apr 2024 23:11:01 GMT - Sun, 21 Jul 2024 23:11:00 GMT

File type
ASCII text, with very long lines (540), with CRLF line terminators
Size
23 kB (23025 bytes)
Hash
cb7bd9e2b45319f4e7c2e613b8f6c0e8
6175c12bf84a28c6a281ab923752481b6fe58056
2797160125a75dddc44d8cbee398bad6770dbfe2f57479ca65c3f4142e1a9df0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common/bootstrap/css/bootstrap.css HTTP/1.1
Host: rricrosoft-office.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
DNT: 1
Connection: keep-alive
Cookie: tnlna.enc=CurrentCampaignRecipientID=i41UG950sWZwF5gsMWSL_7nDeREMl8Lx-RZq6CWcUmbKgzd8VcusxRuFWcxjtnbYk0TdiPP4qlSTUfxtiVLTPw2&ExpirationDate=PXUlgzy7-QKgCrAxZceAt-uV52cJ40CyzulxTCD1jp8jiz5g207lV1bZ5XCQqd4A5ftyF9Y9TWhhnMlcQxcggjt2p20J3zi9JQWxtwTaEX01&CurrentCampaignRecipientEventLogID=o68TIHcQbo4F0mhA4FiSe8JOk5BLvDX63h-TfBEdy2GRFNzSQHD1UDhVZvFPGPoVNqphXa65UlXVDmc36hwCLw2&TotalLearningTime=kklSMkyYORUyYcCtMrXNEgKuJVHlJ55VU74HHZ8rh8EMZP67PmhDTtbHfL1XrfgbyDYCWp-4SLbM-S_BNAmXAA2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 23025
Content-Type: text/css
Date: Tue, 23 Apr 2024 19:58:48 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "0ec152394f7d91:0"
Last-Modified: Thu, 05 Oct 2023 13:59:20 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=edge
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'unsafe-inline' 'self' https://www.youtube.com; img-src 'unsafe-inline' 'self' blob: data:; script-src 'unsafe-inline' 'unsafe-eval' 'self'; script-src-elem 'unsafe-inline' 'self' https://jquery.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ; frame-src 'self' data: https://www.youtube.com/;
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: geolocation=()

rricrosoft-office.com/common/jqueryui/jquery-ui.structure.min.css

20.50.64.14

200 OK

5.0 kB

URL GET HTTP/1.1
rricrosoft-office.com/common/jqueryui/jquery-ui.structure.min.css
IP
20.50.64.14:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
Certificate
IssuerLet's Encrypt
Subject*.rricrosoft-office.com
Fingerprint47:B9:24:85:B8:DD:D0:0D:85:6F:FB:4E:F9:B5:B6:E9:DC:52:DA:CA
ValidityMon, 22 Apr 2024 23:11:01 GMT - Sun, 21 Jul 2024 23:11:00 GMT

File type
ASCII text, with very long lines (15418), with CRLF line terminators
Size
5.0 kB (4962 bytes)
Hash
909ce025471e11a770dfeb266d02384a
b915957fc131db3ec221e130af9b2023d039d458
4e2ec0490ffa766a812249114b99f7b2b578c750619f3175d948be265f07af11

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common/jqueryui/jquery-ui.structure.min.css HTTP/1.1
Host: rricrosoft-office.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
DNT: 1
Connection: keep-alive
Cookie: tnlna.enc=CurrentCampaignRecipientID=i41UG950sWZwF5gsMWSL_7nDeREMl8Lx-RZq6CWcUmbKgzd8VcusxRuFWcxjtnbYk0TdiPP4qlSTUfxtiVLTPw2&ExpirationDate=PXUlgzy7-QKgCrAxZceAt-uV52cJ40CyzulxTCD1jp8jiz5g207lV1bZ5XCQqd4A5ftyF9Y9TWhhnMlcQxcggjt2p20J3zi9JQWxtwTaEX01&CurrentCampaignRecipientEventLogID=o68TIHcQbo4F0mhA4FiSe8JOk5BLvDX63h-TfBEdy2GRFNzSQHD1UDhVZvFPGPoVNqphXa65UlXVDmc36hwCLw2&TotalLearningTime=kklSMkyYORUyYcCtMrXNEgKuJVHlJ55VU74HHZ8rh8EMZP67PmhDTtbHfL1XrfgbyDYCWp-4SLbM-S_BNAmXAA2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 4962
Content-Type: text/css
Date: Tue, 23 Apr 2024 19:58:48 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "04b6a49a1e4d81:0"
Last-Modified: Thu, 20 Oct 2022 16:30:38 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=edge
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'unsafe-inline' 'self' https://www.youtube.com; img-src 'unsafe-inline' 'self' blob: data:; script-src 'unsafe-inline' 'unsafe-eval' 'self'; script-src-elem 'unsafe-inline' 'self' https://jquery.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ; frame-src 'self' data: https://www.youtube.com/;
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: geolocation=()

rricrosoft-office.com/common/bootstrap/js/bootstrap.min.js?tn=24446247

20.50.64.14

200 OK

11 kB

URL GET HTTP/1.1
rricrosoft-office.com/common/bootstrap/js/bootstrap.min.js?tn=24446247
IP
20.50.64.14:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
Certificate
IssuerLet's Encrypt
Subject*.rricrosoft-office.com
Fingerprint47:B9:24:85:B8:DD:D0:0D:85:6F:FB:4E:F9:B5:B6:E9:DC:52:DA:CA
ValidityMon, 22 Apr 2024 23:11:01 GMT - Sun, 21 Jul 2024 23:11:00 GMT

File type
JavaScript source, ASCII text, with very long lines (39553), with CRLF line terminators
Size
11 kB (10945 bytes)
Hash
105a4995b8777aeaf68bff64bf7d2ae0
e21390f730eb97d3d26b908aaacecd0a00a433e0
a915d483b99af421f4813e6b60599b4e39faff120e54b5e9838386d4ae1a4c60

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common/bootstrap/js/bootstrap.min.js?tn=24446247 HTTP/1.1
Host: rricrosoft-office.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
DNT: 1
Connection: keep-alive
Cookie: tnlna.enc=CurrentCampaignRecipientID=i41UG950sWZwF5gsMWSL_7nDeREMl8Lx-RZq6CWcUmbKgzd8VcusxRuFWcxjtnbYk0TdiPP4qlSTUfxtiVLTPw2&ExpirationDate=PXUlgzy7-QKgCrAxZceAt-uV52cJ40CyzulxTCD1jp8jiz5g207lV1bZ5XCQqd4A5ftyF9Y9TWhhnMlcQxcggjt2p20J3zi9JQWxtwTaEX01&CurrentCampaignRecipientEventLogID=o68TIHcQbo4F0mhA4FiSe8JOk5BLvDX63h-TfBEdy2GRFNzSQHD1UDhVZvFPGPoVNqphXa65UlXVDmc36hwCLw2&TotalLearningTime=kklSMkyYORUyYcCtMrXNEgKuJVHlJ55VU74HHZ8rh8EMZP67PmhDTtbHfL1XrfgbyDYCWp-4SLbM-S_BNAmXAA2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 10945
Content-Type: application/x-javascript
Date: Tue, 23 Apr 2024 19:58:48 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "04b6a49a1e4d81:0"
Last-Modified: Thu, 20 Oct 2022 16:30:38 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=edge
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'unsafe-inline' 'self' https://www.youtube.com; img-src 'unsafe-inline' 'self' blob: data:; script-src 'unsafe-inline' 'unsafe-eval' 'self'; script-src-elem 'unsafe-inline' 'self' https://jquery.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ; frame-src 'self' data: https://www.youtube.com/;
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: geolocation=()

rricrosoft-office.com/common/jqueryui/jquery-ui.min.css

20.50.64.14

200 OK

7.9 kB

URL GET HTTP/1.1
rricrosoft-office.com/common/jqueryui/jquery-ui.min.css
IP
20.50.64.14:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
Certificate
IssuerLet's Encrypt
Subject*.rricrosoft-office.com
Fingerprint47:B9:24:85:B8:DD:D0:0D:85:6F:FB:4E:F9:B5:B6:E9:DC:52:DA:CA
ValidityMon, 22 Apr 2024 23:11:01 GMT - Sun, 21 Jul 2024 23:11:00 GMT

File type
ASCII text, with very long lines (29164), with CRLF line terminators
Size
7.9 kB (7882 bytes)
Hash
4ef4ec09fd03e96ac23fb3cb85c16746
a1a208b1ef92c7e604ae53ea283492eeb045d1d7
b0b53ea606e7397f37666242cd8d63d17186b3cc8513d49a9852bf4828a1fc46

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common/jqueryui/jquery-ui.min.css HTTP/1.1
Host: rricrosoft-office.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
DNT: 1
Connection: keep-alive
Cookie: tnlna.enc=CurrentCampaignRecipientID=i41UG950sWZwF5gsMWSL_7nDeREMl8Lx-RZq6CWcUmbKgzd8VcusxRuFWcxjtnbYk0TdiPP4qlSTUfxtiVLTPw2&ExpirationDate=PXUlgzy7-QKgCrAxZceAt-uV52cJ40CyzulxTCD1jp8jiz5g207lV1bZ5XCQqd4A5ftyF9Y9TWhhnMlcQxcggjt2p20J3zi9JQWxtwTaEX01&CurrentCampaignRecipientEventLogID=o68TIHcQbo4F0mhA4FiSe8JOk5BLvDX63h-TfBEdy2GRFNzSQHD1UDhVZvFPGPoVNqphXa65UlXVDmc36hwCLw2&TotalLearningTime=kklSMkyYORUyYcCtMrXNEgKuJVHlJ55VU74HHZ8rh8EMZP67PmhDTtbHfL1XrfgbyDYCWp-4SLbM-S_BNAmXAA2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 7882
Content-Type: text/css
Date: Tue, 23 Apr 2024 19:58:48 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "04b6a49a1e4d81:0"
Last-Modified: Thu, 20 Oct 2022 16:30:38 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=edge
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'unsafe-inline' 'self' https://www.youtube.com; img-src 'unsafe-inline' 'self' blob: data:; script-src 'unsafe-inline' 'unsafe-eval' 'self'; script-src-elem 'unsafe-inline' 'self' https://jquery.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ; frame-src 'self' data: https://www.youtube.com/;
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: geolocation=()

rricrosoft-office.com/common/jqueryui/jquery-ui.theme.min.css

20.50.64.14

200 OK

2.3 kB

URL GET HTTP/1.1
rricrosoft-office.com/common/jqueryui/jquery-ui.theme.min.css
IP
20.50.64.14:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
Certificate
IssuerLet's Encrypt
Subject*.rricrosoft-office.com
Fingerprint47:B9:24:85:B8:DD:D0:0D:85:6F:FB:4E:F9:B5:B6:E9:DC:52:DA:CA
ValidityMon, 22 Apr 2024 23:11:01 GMT - Sun, 21 Jul 2024 23:11:00 GMT

File type
ASCII text, with very long lines (13746), with CRLF line terminators
Size
2.3 kB (2328 bytes)
Hash
74fb9452a91ef09555eb92aa59516997
b74731af5b28a90cca86fa1097c75d8f8419ab87
11e1cf2b2ee76191e1556d414a6eebb8e9a357b5930ebbc06858162174b1683d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common/jqueryui/jquery-ui.theme.min.css HTTP/1.1
Host: rricrosoft-office.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
DNT: 1
Connection: keep-alive
Cookie: tnlna.enc=CurrentCampaignRecipientID=i41UG950sWZwF5gsMWSL_7nDeREMl8Lx-RZq6CWcUmbKgzd8VcusxRuFWcxjtnbYk0TdiPP4qlSTUfxtiVLTPw2&ExpirationDate=PXUlgzy7-QKgCrAxZceAt-uV52cJ40CyzulxTCD1jp8jiz5g207lV1bZ5XCQqd4A5ftyF9Y9TWhhnMlcQxcggjt2p20J3zi9JQWxtwTaEX01&CurrentCampaignRecipientEventLogID=o68TIHcQbo4F0mhA4FiSe8JOk5BLvDX63h-TfBEdy2GRFNzSQHD1UDhVZvFPGPoVNqphXa65UlXVDmc36hwCLw2&TotalLearningTime=kklSMkyYORUyYcCtMrXNEgKuJVHlJ55VU74HHZ8rh8EMZP67PmhDTtbHfL1XrfgbyDYCWp-4SLbM-S_BNAmXAA2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 2328
Content-Type: text/css
Date: Tue, 23 Apr 2024 19:58:48 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "04b6a49a1e4d81:0"
Last-Modified: Thu, 20 Oct 2022 16:30:38 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=edge
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'unsafe-inline' 'self' https://www.youtube.com; img-src 'unsafe-inline' 'self' blob: data:; script-src 'unsafe-inline' 'unsafe-eval' 'self'; script-src-elem 'unsafe-inline' 'self' https://jquery.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ; frame-src 'self' data: https://www.youtube.com/;
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: geolocation=()

rricrosoft-office.com/common/css/rp_bubbles.css

20.50.64.14

200 OK

2.4 kB

URL GET HTTP/1.1
rricrosoft-office.com/common/css/rp_bubbles.css
IP
20.50.64.14:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
Certificate
IssuerLet's Encrypt
Subject*.rricrosoft-office.com
Fingerprint47:B9:24:85:B8:DD:D0:0D:85:6F:FB:4E:F9:B5:B6:E9:DC:52:DA:CA
ValidityMon, 22 Apr 2024 23:11:01 GMT - Sun, 21 Jul 2024 23:11:00 GMT

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
2.4 kB (2399 bytes)
Hash
e9b944b679bc0716e7c506ac6684ba28
b7d753886ac0e8aa16f792ab354025f60376516e
4bc5a823bc0d699486b8da7c703f02935d4e050fdf7e139ca77c6e744f9899f6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common/css/rp_bubbles.css HTTP/1.1
Host: rricrosoft-office.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
DNT: 1
Connection: keep-alive
Cookie: tnlna.enc=CurrentCampaignRecipientID=i41UG950sWZwF5gsMWSL_7nDeREMl8Lx-RZq6CWcUmbKgzd8VcusxRuFWcxjtnbYk0TdiPP4qlSTUfxtiVLTPw2&ExpirationDate=PXUlgzy7-QKgCrAxZceAt-uV52cJ40CyzulxTCD1jp8jiz5g207lV1bZ5XCQqd4A5ftyF9Y9TWhhnMlcQxcggjt2p20J3zi9JQWxtwTaEX01&CurrentCampaignRecipientEventLogID=o68TIHcQbo4F0mhA4FiSe8JOk5BLvDX63h-TfBEdy2GRFNzSQHD1UDhVZvFPGPoVNqphXa65UlXVDmc36hwCLw2&TotalLearningTime=kklSMkyYORUyYcCtMrXNEgKuJVHlJ55VU74HHZ8rh8EMZP67PmhDTtbHfL1XrfgbyDYCWp-4SLbM-S_BNAmXAA2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 2399
Content-Type: text/css
Date: Tue, 23 Apr 2024 19:58:48 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "04b6a49a1e4d81:0"
Last-Modified: Thu, 20 Oct 2022 16:30:38 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=edge
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'unsafe-inline' 'self' https://www.youtube.com; img-src 'unsafe-inline' 'self' blob: data:; script-src 'unsafe-inline' 'unsafe-eval' 'self'; script-src-elem 'unsafe-inline' 'self' https://jquery.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ; frame-src 'self' data: https://www.youtube.com/;
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: geolocation=()

rricrosoft-office.com/common/css/rp_tooltips.css

20.50.64.14

200 OK

2.5 kB

URL GET HTTP/1.1
rricrosoft-office.com/common/css/rp_tooltips.css
IP
20.50.64.14:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
Certificate
IssuerLet's Encrypt
Subject*.rricrosoft-office.com
Fingerprint47:B9:24:85:B8:DD:D0:0D:85:6F:FB:4E:F9:B5:B6:E9:DC:52:DA:CA
ValidityMon, 22 Apr 2024 23:11:01 GMT - Sun, 21 Jul 2024 23:11:00 GMT

File type
ASCII text, with CRLF line terminators
Size
2.5 kB (2514 bytes)
Hash
4b2f2bce67a3c4ab9b0f17372f010918
eb379f291a848680ddd5d3ecb4e59818f9a602e3
9bddcf9a5fc7baf7e7bdfe849437591ee53dca4206b1b8af6a705ada50fbadba

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common/css/rp_tooltips.css HTTP/1.1
Host: rricrosoft-office.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
DNT: 1
Connection: keep-alive
Cookie: tnlna.enc=CurrentCampaignRecipientID=i41UG950sWZwF5gsMWSL_7nDeREMl8Lx-RZq6CWcUmbKgzd8VcusxRuFWcxjtnbYk0TdiPP4qlSTUfxtiVLTPw2&ExpirationDate=PXUlgzy7-QKgCrAxZceAt-uV52cJ40CyzulxTCD1jp8jiz5g207lV1bZ5XCQqd4A5ftyF9Y9TWhhnMlcQxcggjt2p20J3zi9JQWxtwTaEX01&CurrentCampaignRecipientEventLogID=o68TIHcQbo4F0mhA4FiSe8JOk5BLvDX63h-TfBEdy2GRFNzSQHD1UDhVZvFPGPoVNqphXa65UlXVDmc36hwCLw2&TotalLearningTime=kklSMkyYORUyYcCtMrXNEgKuJVHlJ55VU74HHZ8rh8EMZP67PmhDTtbHfL1XrfgbyDYCWp-4SLbM-S_BNAmXAA2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 2514
Content-Type: text/css
Date: Tue, 23 Apr 2024 19:58:48 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "04b6a49a1e4d81:0"
Last-Modified: Thu, 20 Oct 2022 16:30:38 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=edge
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'unsafe-inline' 'self' https://www.youtube.com; img-src 'unsafe-inline' 'self' blob: data:; script-src 'unsafe-inline' 'unsafe-eval' 'self'; script-src-elem 'unsafe-inline' 'self' https://jquery.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ; frame-src 'self' data: https://www.youtube.com/;
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: geolocation=()

rricrosoft-office.com/common/jqueryui/jquery-ui.min.js?tn=24446247

20.50.64.14

200 OK

68 kB

URL GET HTTP/1.1
rricrosoft-office.com/common/jqueryui/jquery-ui.min.js?tn=24446247
IP
20.50.64.14:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
Certificate
IssuerLet's Encrypt
Subject*.rricrosoft-office.com
Fingerprint47:B9:24:85:B8:DD:D0:0D:85:6F:FB:4E:F9:B5:B6:E9:DC:52:DA:CA
ValidityMon, 22 Apr 2024 23:11:01 GMT - Sun, 21 Jul 2024 23:11:00 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64394), with CRLF line terminators
Size
68 kB (67989 bytes)
Hash
b4baecb73b7a75044853d7f4d363cb49
cee14f8598c3c7f75ed141896f976fe94ed286a0
9d9b75e6bf99296f7797ed12f73137f52966dbb02180ff054c6c01680c7bdb1d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common/jqueryui/jquery-ui.min.js?tn=24446247 HTTP/1.1
Host: rricrosoft-office.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
DNT: 1
Connection: keep-alive
Cookie: tnlna.enc=CurrentCampaignRecipientID=i41UG950sWZwF5gsMWSL_7nDeREMl8Lx-RZq6CWcUmbKgzd8VcusxRuFWcxjtnbYk0TdiPP4qlSTUfxtiVLTPw2&ExpirationDate=PXUlgzy7-QKgCrAxZceAt-uV52cJ40CyzulxTCD1jp8jiz5g207lV1bZ5XCQqd4A5ftyF9Y9TWhhnMlcQxcggjt2p20J3zi9JQWxtwTaEX01&CurrentCampaignRecipientEventLogID=o68TIHcQbo4F0mhA4FiSe8JOk5BLvDX63h-TfBEdy2GRFNzSQHD1UDhVZvFPGPoVNqphXa65UlXVDmc36hwCLw2&TotalLearningTime=kklSMkyYORUyYcCtMrXNEgKuJVHlJ55VU74HHZ8rh8EMZP67PmhDTtbHfL1XrfgbyDYCWp-4SLbM-S_BNAmXAA2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 67989
Content-Type: application/x-javascript
Date: Tue, 23 Apr 2024 19:58:48 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "0e76ef691b9d91:0"
Last-Modified: Tue, 18 Jul 2023 16:07:34 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=edge
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'unsafe-inline' 'self' https://www.youtube.com; img-src 'unsafe-inline' 'self' blob: data:; script-src 'unsafe-inline' 'unsafe-eval' 'self'; script-src-elem 'unsafe-inline' 'self' https://jquery.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ; frame-src 'self' data: https://www.youtube.com/;
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: geolocation=()

rricrosoft-office.com/Media/a/public/Learning_Page_icon_links_blue.png

20.50.64.14

200 OK

7.7 kB

URL GET HTTP/1.1
rricrosoft-office.com/Media/a/public/Learning_Page_icon_links_blue.png
IP
20.50.64.14:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
Certificate
IssuerLet's Encrypt
Subject*.rricrosoft-office.com
Fingerprint47:B9:24:85:B8:DD:D0:0D:85:6F:FB:4E:F9:B5:B6:E9:DC:52:DA:CA
ValidityMon, 22 Apr 2024 23:11:01 GMT - Sun, 21 Jul 2024 23:11:00 GMT

File type
PNG image data, 411 x 411, 8-bit/color RGBA, non-interlaced
Size
7.7 kB (7655 bytes)
Hash
63feea511de8a22a249069034ffe54e4
834ce37878bc94c93ab063b6f80845ef179b52c5
da4d27942342f7c3c24cb0b1fc577de8d209a873fe8ad23af061b995b062d547

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Media/a/public/Learning_Page_icon_links_blue.png HTTP/1.1
Host: rricrosoft-office.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
DNT: 1
Connection: keep-alive
Cookie: tnlna.enc=CurrentCampaignRecipientID=i41UG950sWZwF5gsMWSL_7nDeREMl8Lx-RZq6CWcUmbKgzd8VcusxRuFWcxjtnbYk0TdiPP4qlSTUfxtiVLTPw2&ExpirationDate=PXUlgzy7-QKgCrAxZceAt-uV52cJ40CyzulxTCD1jp8jiz5g207lV1bZ5XCQqd4A5ftyF9Y9TWhhnMlcQxcggjt2p20J3zi9JQWxtwTaEX01&CurrentCampaignRecipientEventLogID=o68TIHcQbo4F0mhA4FiSe8JOk5BLvDX63h-TfBEdy2GRFNzSQHD1UDhVZvFPGPoVNqphXa65UlXVDmc36hwCLw2&TotalLearningTime=kklSMkyYORUyYcCtMrXNEgKuJVHlJ55VU74HHZ8rh8EMZP67PmhDTtbHfL1XrfgbyDYCWp-4SLbM-S_BNAmXAA2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 7655
Content-Type: image/png
Date: Tue, 23 Apr 2024 19:58:48 GMT
Cache-Control: public, max-age=469
Expires: Tue, 23 Apr 2024 20:06:37 GMT
Last-Modified: Tue, 23 Apr 2024 19:06:37 GMT
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=edge
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'unsafe-inline' 'self' https://www.youtube.com; img-src 'unsafe-inline' 'self' blob: data:; script-src 'unsafe-inline' 'unsafe-eval' 'self'; script-src-elem 'unsafe-inline' 'self' https://jquery.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ; frame-src 'self' data: https://www.youtube.com/;
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: geolocation=()

rricrosoft-office.com/Media/a/public/Learning_Page_icon_attachment_blue.png

20.50.64.14

200 OK

8.8 kB

URL GET HTTP/1.1
rricrosoft-office.com/Media/a/public/Learning_Page_icon_attachment_blue.png
IP
20.50.64.14:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
Certificate
IssuerLet's Encrypt
Subject*.rricrosoft-office.com
Fingerprint47:B9:24:85:B8:DD:D0:0D:85:6F:FB:4E:F9:B5:B6:E9:DC:52:DA:CA
ValidityMon, 22 Apr 2024 23:11:01 GMT - Sun, 21 Jul 2024 23:11:00 GMT

File type
PNG image data, 411 x 411, 8-bit/color RGBA, non-interlaced
Size
8.8 kB (8835 bytes)
Hash
67f6d88dbe91baa6ae84a19a0dd2a860
eb75b38ccc91882abe47529407465084f3443d1d
bf55eea201bb018ce7b1c110835619619b89c9a7af31199e5bbf5ace079d338d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Media/a/public/Learning_Page_icon_attachment_blue.png HTTP/1.1
Host: rricrosoft-office.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
DNT: 1
Connection: keep-alive
Cookie: tnlna.enc=CurrentCampaignRecipientID=i41UG950sWZwF5gsMWSL_7nDeREMl8Lx-RZq6CWcUmbKgzd8VcusxRuFWcxjtnbYk0TdiPP4qlSTUfxtiVLTPw2&ExpirationDate=PXUlgzy7-QKgCrAxZceAt-uV52cJ40CyzulxTCD1jp8jiz5g207lV1bZ5XCQqd4A5ftyF9Y9TWhhnMlcQxcggjt2p20J3zi9JQWxtwTaEX01&CurrentCampaignRecipientEventLogID=o68TIHcQbo4F0mhA4FiSe8JOk5BLvDX63h-TfBEdy2GRFNzSQHD1UDhVZvFPGPoVNqphXa65UlXVDmc36hwCLw2&TotalLearningTime=kklSMkyYORUyYcCtMrXNEgKuJVHlJ55VU74HHZ8rh8EMZP67PmhDTtbHfL1XrfgbyDYCWp-4SLbM-S_BNAmXAA2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 8835
Content-Type: image/png
Date: Tue, 23 Apr 2024 19:58:48 GMT
Cache-Control: public, max-age=2486
Expires: Tue, 23 Apr 2024 20:40:15 GMT
Last-Modified: Tue, 23 Apr 2024 19:40:15 GMT
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=edge
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'unsafe-inline' 'self' https://www.youtube.com; img-src 'unsafe-inline' 'self' blob: data:; script-src 'unsafe-inline' 'unsafe-eval' 'self'; script-src-elem 'unsafe-inline' 'self' https://jquery.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ; frame-src 'self' data: https://www.youtube.com/;
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: geolocation=()

rricrosoft-office.com/common/jquery/jquery.min.js?tn=24446247

20.50.64.14

200 OK

31 kB

URL GET HTTP/1.1
rricrosoft-office.com/common/jquery/jquery.min.js?tn=24446247
IP
20.50.64.14:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
Certificate
IssuerLet's Encrypt
Subject*.rricrosoft-office.com
Fingerprint47:B9:24:85:B8:DD:D0:0D:85:6F:FB:4E:F9:B5:B6:E9:DC:52:DA:CA
ValidityMon, 22 Apr 2024 23:11:01 GMT - Sun, 21 Jul 2024 23:11:00 GMT

File type
JavaScript source, ASCII text, with very long lines (65446), with CRLF line terminators
Size
31 kB (30987 bytes)
Hash
0732e3eabbf8aa7ce7f69eedbd07dfdd
4cd5ddc413b3024d7b56331c0d0d0b2bd933f27f
ce9d07500ad91ec2b524c270764ec4c9a33e78320d8d374ec400ede488f6251b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common/jquery/jquery.min.js?tn=24446247 HTTP/1.1
Host: rricrosoft-office.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
DNT: 1
Connection: keep-alive
Cookie: tnlna.enc=CurrentCampaignRecipientID=i41UG950sWZwF5gsMWSL_7nDeREMl8Lx-RZq6CWcUmbKgzd8VcusxRuFWcxjtnbYk0TdiPP4qlSTUfxtiVLTPw2&ExpirationDate=PXUlgzy7-QKgCrAxZceAt-uV52cJ40CyzulxTCD1jp8jiz5g207lV1bZ5XCQqd4A5ftyF9Y9TWhhnMlcQxcggjt2p20J3zi9JQWxtwTaEX01&CurrentCampaignRecipientEventLogID=o68TIHcQbo4F0mhA4FiSe8JOk5BLvDX63h-TfBEdy2GRFNzSQHD1UDhVZvFPGPoVNqphXa65UlXVDmc36hwCLw2&TotalLearningTime=kklSMkyYORUyYcCtMrXNEgKuJVHlJ55VU74HHZ8rh8EMZP67PmhDTtbHfL1XrfgbyDYCWp-4SLbM-S_BNAmXAA2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 30987
Content-Type: application/x-javascript
Date: Tue, 23 Apr 2024 19:58:48 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "8082ae2394f7d91:0"
Last-Modified: Thu, 05 Oct 2023 13:59:21 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=edge
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'unsafe-inline' 'self' https://www.youtube.com; img-src 'unsafe-inline' 'self' blob: data:; script-src 'unsafe-inline' 'unsafe-eval' 'self'; script-src-elem 'unsafe-inline' 'self' https://jquery.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ; frame-src 'self' data: https://www.youtube.com/;
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: geolocation=()

rricrosoft-office.com/Media/a/public/warning.png

20.50.64.14

200 OK

692 B

URL GET HTTP/1.1
rricrosoft-office.com/Media/a/public/warning.png
IP
20.50.64.14:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
Certificate
IssuerLet's Encrypt
Subject*.rricrosoft-office.com
Fingerprint47:B9:24:85:B8:DD:D0:0D:85:6F:FB:4E:F9:B5:B6:E9:DC:52:DA:CA
ValidityMon, 22 Apr 2024 23:11:01 GMT - Sun, 21 Jul 2024 23:11:00 GMT

File type
PNG image data, 66 x 63, 8-bit/color RGBA, non-interlaced
Size
692 B (692 bytes)
Hash
1ddff3dacca2e26a650ad8ebae3b842e
61042024d791e7f3c219f4f8b24ad27c2230f763
1ef10e8843daed4b49bebef6e8f8c577933ad3444551942d59cfc359e0fd5b11

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Media/a/public/warning.png HTTP/1.1
Host: rricrosoft-office.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
DNT: 1
Connection: keep-alive
Cookie: tnlna.enc=CurrentCampaignRecipientID=i41UG950sWZwF5gsMWSL_7nDeREMl8Lx-RZq6CWcUmbKgzd8VcusxRuFWcxjtnbYk0TdiPP4qlSTUfxtiVLTPw2&ExpirationDate=PXUlgzy7-QKgCrAxZceAt-uV52cJ40CyzulxTCD1jp8jiz5g207lV1bZ5XCQqd4A5ftyF9Y9TWhhnMlcQxcggjt2p20J3zi9JQWxtwTaEX01&CurrentCampaignRecipientEventLogID=o68TIHcQbo4F0mhA4FiSe8JOk5BLvDX63h-TfBEdy2GRFNzSQHD1UDhVZvFPGPoVNqphXa65UlXVDmc36hwCLw2&TotalLearningTime=kklSMkyYORUyYcCtMrXNEgKuJVHlJ55VU74HHZ8rh8EMZP67PmhDTtbHfL1XrfgbyDYCWp-4SLbM-S_BNAmXAA2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 692
Content-Type: image/png
Date: Tue, 23 Apr 2024 19:58:48 GMT
Cache-Control: public, max-age=414
Expires: Tue, 23 Apr 2024 20:05:43 GMT
Last-Modified: Tue, 23 Apr 2024 19:05:43 GMT
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=edge
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'unsafe-inline' 'self' https://www.youtube.com; img-src 'unsafe-inline' 'self' blob: data:; script-src 'unsafe-inline' 'unsafe-eval' 'self'; script-src-elem 'unsafe-inline' 'self' https://jquery.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ; frame-src 'self' data: https://www.youtube.com/;
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: geolocation=()

rricrosoft-office.com/Media/a/public/Learning_Page_icon_Beware_blue.png

20.50.64.14

200 OK

7.2 kB

URL GET HTTP/1.1
rricrosoft-office.com/Media/a/public/Learning_Page_icon_Beware_blue.png
IP
20.50.64.14:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
Certificate
IssuerLet's Encrypt
Subject*.rricrosoft-office.com
Fingerprint47:B9:24:85:B8:DD:D0:0D:85:6F:FB:4E:F9:B5:B6:E9:DC:52:DA:CA
ValidityMon, 22 Apr 2024 23:11:01 GMT - Sun, 21 Jul 2024 23:11:00 GMT

File type
PNG image data, 411 x 436, 8-bit/color RGBA, non-interlaced
Size
7.2 kB (7173 bytes)
Hash
9d78c404cba12bbf774009879ed69963
254f972fa7cdfd5b7f366c59c833fe600c741dfa
2b7b44a38be5159466174c09ed7c735689def630b2c4f641e540b451a63dda07

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Media/a/public/Learning_Page_icon_Beware_blue.png HTTP/1.1
Host: rricrosoft-office.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
DNT: 1
Connection: keep-alive
Cookie: tnlna.enc=CurrentCampaignRecipientID=i41UG950sWZwF5gsMWSL_7nDeREMl8Lx-RZq6CWcUmbKgzd8VcusxRuFWcxjtnbYk0TdiPP4qlSTUfxtiVLTPw2&ExpirationDate=PXUlgzy7-QKgCrAxZceAt-uV52cJ40CyzulxTCD1jp8jiz5g207lV1bZ5XCQqd4A5ftyF9Y9TWhhnMlcQxcggjt2p20J3zi9JQWxtwTaEX01&CurrentCampaignRecipientEventLogID=o68TIHcQbo4F0mhA4FiSe8JOk5BLvDX63h-TfBEdy2GRFNzSQHD1UDhVZvFPGPoVNqphXa65UlXVDmc36hwCLw2&TotalLearningTime=kklSMkyYORUyYcCtMrXNEgKuJVHlJ55VU74HHZ8rh8EMZP67PmhDTtbHfL1XrfgbyDYCWp-4SLbM-S_BNAmXAA2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 7173
Content-Type: image/png
Date: Tue, 23 Apr 2024 19:58:48 GMT
Cache-Control: public, max-age=466
Expires: Tue, 23 Apr 2024 20:06:35 GMT
Last-Modified: Tue, 23 Apr 2024 19:06:35 GMT
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=edge
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'unsafe-inline' 'self' https://www.youtube.com; img-src 'unsafe-inline' 'self' blob: data:; script-src 'unsafe-inline' 'unsafe-eval' 'self'; script-src-elem 'unsafe-inline' 'self' https://jquery.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ; frame-src 'self' data: https://www.youtube.com/;
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: geolocation=()

rricrosoft-office.com/Media/a/cmedia_105b56e5437a43ed993a705da3689389/tn_phi_l242f_fr_microsoftfailedmailboxdelivery_v1b1.png

20.50.64.14

200 OK

67 kB

URL GET HTTP/1.1
rricrosoft-office.com/Media/a/cmedia_105b56e5437a43ed993a705da3689389/tn_phi_l242f_fr_microsoftfailedmailboxdelivery_v1b1.png
IP
20.50.64.14:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
Certificate
IssuerLet's Encrypt
Subject*.rricrosoft-office.com
Fingerprint47:B9:24:85:B8:DD:D0:0D:85:6F:FB:4E:F9:B5:B6:E9:DC:52:DA:CA
ValidityMon, 22 Apr 2024 23:11:01 GMT - Sun, 21 Jul 2024 23:11:00 GMT

File type
PNG image data, 1080 x 1080, 8-bit/color RGBA, non-interlaced
Size
67 kB (66563 bytes)
Hash
e54f6dea359af099cf68f9b878b38133
17c312537112754b4a2fc25a167bef8b52bd95c0
71069a5526c9922037978cc61862d6729be64ec05676028b69c9ca8e9ddd9243

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Media/a/cmedia_105b56e5437a43ed993a705da3689389/tn_phi_l242f_fr_microsoftfailedmailboxdelivery_v1b1.png HTTP/1.1
Host: rricrosoft-office.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
DNT: 1
Connection: keep-alive
Cookie: tnlna.enc=CurrentCampaignRecipientID=i41UG950sWZwF5gsMWSL_7nDeREMl8Lx-RZq6CWcUmbKgzd8VcusxRuFWcxjtnbYk0TdiPP4qlSTUfxtiVLTPw2&ExpirationDate=PXUlgzy7-QKgCrAxZceAt-uV52cJ40CyzulxTCD1jp8jiz5g207lV1bZ5XCQqd4A5ftyF9Y9TWhhnMlcQxcggjt2p20J3zi9JQWxtwTaEX01&CurrentCampaignRecipientEventLogID=o68TIHcQbo4F0mhA4FiSe8JOk5BLvDX63h-TfBEdy2GRFNzSQHD1UDhVZvFPGPoVNqphXa65UlXVDmc36hwCLw2&TotalLearningTime=kklSMkyYORUyYcCtMrXNEgKuJVHlJ55VU74HHZ8rh8EMZP67PmhDTtbHfL1XrfgbyDYCWp-4SLbM-S_BNAmXAA2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 66563
Content-Type: image/png
Date: Tue, 23 Apr 2024 19:58:48 GMT
Cache-Control: public, max-age=250
Expires: Tue, 23 Apr 2024 20:02:59 GMT
Last-Modified: Tue, 23 Apr 2024 19:02:59 GMT
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=edge
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'unsafe-inline' 'self' https://www.youtube.com; img-src 'unsafe-inline' 'self' blob: data:; script-src 'unsafe-inline' 'unsafe-eval' 'self'; script-src-elem 'unsafe-inline' 'self' https://jquery.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ; frame-src 'self' data: https://www.youtube.com/;
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: geolocation=()

rricrosoft-office.com/Media/a/public/TN_Learning_Activity_Page_BG.jpg

20.50.64.14

200 OK

96 kB

URL GET HTTP/1.1
rricrosoft-office.com/Media/a/public/TN_Learning_Activity_Page_BG.jpg
IP
20.50.64.14:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
Certificate
IssuerLet's Encrypt
Subject*.rricrosoft-office.com
Fingerprint47:B9:24:85:B8:DD:D0:0D:85:6F:FB:4E:F9:B5:B6:E9:DC:52:DA:CA
ValidityMon, 22 Apr 2024 23:11:01 GMT - Sun, 21 Jul 2024 23:11:00 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 521x1364, components 3
Size
96 kB (95744 bytes)
Hash
f7cc950b35e865f1b4d8af50eb955e9b
70b120d28474b5b27158e09eabfec107f141c70e
454633df39045e26ea25e5cb2b97a47a5f34b92b39162c757770d5e672df9b3d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Media/a/public/TN_Learning_Activity_Page_BG.jpg HTTP/1.1
Host: rricrosoft-office.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
DNT: 1
Connection: keep-alive
Cookie: tnlna.enc=CurrentCampaignRecipientID=i41UG950sWZwF5gsMWSL_7nDeREMl8Lx-RZq6CWcUmbKgzd8VcusxRuFWcxjtnbYk0TdiPP4qlSTUfxtiVLTPw2&ExpirationDate=PXUlgzy7-QKgCrAxZceAt-uV52cJ40CyzulxTCD1jp8jiz5g207lV1bZ5XCQqd4A5ftyF9Y9TWhhnMlcQxcggjt2p20J3zi9JQWxtwTaEX01&CurrentCampaignRecipientEventLogID=o68TIHcQbo4F0mhA4FiSe8JOk5BLvDX63h-TfBEdy2GRFNzSQHD1UDhVZvFPGPoVNqphXa65UlXVDmc36hwCLw2&TotalLearningTime=kklSMkyYORUyYcCtMrXNEgKuJVHlJ55VU74HHZ8rh8EMZP67PmhDTtbHfL1XrfgbyDYCWp-4SLbM-S_BNAmXAA2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 95744
Content-Type: image/jpeg
Date: Tue, 23 Apr 2024 19:58:48 GMT
Cache-Control: public, max-age=1139
Expires: Tue, 23 Apr 2024 20:17:48 GMT
Last-Modified: Tue, 23 Apr 2024 19:17:48 GMT
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=edge
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'unsafe-inline' 'self' https://www.youtube.com; img-src 'unsafe-inline' 'self' blob: data:; script-src 'unsafe-inline' 'unsafe-eval' 'self'; script-src-elem 'unsafe-inline' 'self' https://jquery.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ; frame-src 'self' data: https://www.youtube.com/;
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: geolocation=()

rricrosoft-office.com/CountLearningTime/ab6876ce91f2644a2b60fb5e612546c00/?f=-1&s=0

20.50.64.14

200 OK

125 B

URL POST HTTP/1.1
rricrosoft-office.com/CountLearningTime/ab6876ce91f2644a2b60fb5e612546c00/?f=-1&s=0
IP
20.50.64.14:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
Certificate
IssuerLet's Encrypt
Subject*.rricrosoft-office.com
Fingerprint47:B9:24:85:B8:DD:D0:0D:85:6F:FB:4E:F9:B5:B6:E9:DC:52:DA:CA
ValidityMon, 22 Apr 2024 23:11:01 GMT - Sun, 21 Jul 2024 23:11:00 GMT

File type
ASCII text, with no line terminators
Size
125 B (125 bytes)
Hash
5b3abf9c1aa7556c3a36fea4e695c5d2
3fd967d09a748e1f2b26d6fe562e7155aa87e9de
98c4922bb641c65c7a30b7bcafdf230b9b00b6693631c56146ab25b2786ee4a3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /CountLearningTime/ab6876ce91f2644a2b60fb5e612546c00/?f=-1&s=0 HTTP/1.1
Host: rricrosoft-office.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rricrosoft-office.com/f/20b236fc9f70416faffc370424af2b53/ab6876ce91f2644a2b60fb5e612546c00
X-Requested-With: XMLHttpRequest
Origin: https://rricrosoft-office.com
DNT: 1
Connection: keep-alive
Cookie: tnlna.enc=CurrentCampaignRecipientID=i41UG950sWZwF5gsMWSL_7nDeREMl8Lx-RZq6CWcUmbKgzd8VcusxRuFWcxjtnbYk0TdiPP4qlSTUfxtiVLTPw2&ExpirationDate=PXUlgzy7-QKgCrAxZceAt-uV52cJ40CyzulxTCD1jp8jiz5g207lV1bZ5XCQqd4A5ftyF9Y9TWhhnMlcQxcggjt2p20J3zi9JQWxtwTaEX01&CurrentCampaignRecipientEventLogID=o68TIHcQbo4F0mhA4FiSe8JOk5BLvDX63h-TfBEdy2GRFNzSQHD1UDhVZvFPGPoVNqphXa65UlXVDmc36hwCLw2&TotalLearningTime=kklSMkyYORUyYcCtMrXNEgKuJVHlJ55VU74HHZ8rh8EMZP67PmhDTtbHfL1XrfgbyDYCWp-4SLbM-S_BNAmXAA2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/1.1 200 OK
Content-Length: 125
Content-Type: application/json; charset=utf-8
Date: Tue, 23 Apr 2024 19:58:49 GMT
Cache-Control: private
Content-Encoding: gzip
Set-Cookie: tnlna.enc=CurrentCampaignRecipientID=i41UG950sWZwF5gsMWSL_7nDeREMl8Lx-RZq6CWcUmbKgzd8VcusxRuFWcxjtnbYk0TdiPP4qlSTUfxtiVLTPw2&ExpirationDate=pMBZNWvtgqpLMshB7djNRLFkU-qKQBCsYQqPHXvk1-XtnJlMvgx5P8h2VW9JVN3LIez9m7MGXn6BPKDEkCepMO464pMHHutMoADPcKc5iGk1&CurrentCampaignRecipientEventLogID=qPv_wfu9rCuyZgTwZY_BhVA4afsb0ucRO-mK1r5iDz8cTXHwSUisJMfx5pu8n9QMmoyFNip-f2uIDfO9drNh3w2&TotalLearningTime=XRog34K9QAYfLkw8Zb-hyOSs9zrQrnPkKKfNyZ7RXXc1U0tSt-TyEDZQwTIDBiAML6QCLnKsryVbFgV8qX_Ckw2; expires=Thu, 23-May-2024 19:58:49 GMT; path=/; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=edge
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'unsafe-inline' 'self' https://www.youtube.com; img-src 'unsafe-inline' 'self' blob: data:; script-src 'unsafe-inline' 'unsafe-eval' 'self'; script-src-elem 'unsafe-inline' 'self' https://jquery.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ; frame-src 'self' data: https://www.youtube.com/;
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: geolocation=()

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (18)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1