{"report_id":"b0da0d91-b7ae-476f-84c3-79fd2c61f6b5","version":6,"status":"done","tags":["phishing","microsoft","outlook"],"date":"2024-01-15T07:49:01Z","url":{"schema":"http","addr":"nam10.safelinks.protection.outlook.com/?url=https://url7923.marsello.io/ls/click?upn=Xn88PJeNIL29Y2OVpP6Ui2BQgEt6UMTYTBdR9hEd4p7mZb90Spktu5ExQj-2BQyXD2nL5e_ZhPcx6WPs4ZPfYHsVw3kGc95DdiOlu2Hqu3wtZDfTdxDhqDrDyhN4LIHSWlo-2Bo5W6aEC693CmZYOUsRsAHZjNaEcKbgyQ3mP5jH4DD-2FpfGKiASI9SN30UU1MCkZCZVsZyrq9MVCGMGEocOSLZDg0eQW-2BNKPgaxbuEevexLxX1H8yo7A3Xn09YUsFmRpRh8ExF6p9jNGlm09YSndCxcjPsci9tizfP2IT1Jyn-2FkIjPEmAzYwNSlzm-2F4Jwera3STBoI8t0ktPeEFf5t0nI5So0GW-2FlInxkWWpFSJHgOZOzfVtgT-2FFHascH6-2By5VKpyRATy%23mfytgutmd65fr/Ym9ja2lud0BhaXJwcm9kdWN0cy5jb20=\u0026data=05|02|PHISHY@airproducts.com|c8795611a9304041cd1d08dc159d5e26|950af35660254fdb96a0a9be6b893fec|0|0|638409012846503237|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|3000|||\u0026sdata=28g80SUa3xLXiZXNv0oRSruDezFvxAfDGOohfhosHNE=\u0026reserved=0","fqdn":"nam10.safelinks.protection.outlook.com","domain":"nam10.safelinks.protection.outlook.com","tld":"com"},"ip":{"addr":"104.47.58.28","port":0,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"n2dqs1oaly.beenctutin.tech/?email=bockinw@airproducts.com","fqdn":"n2dqs1oaly.beenctutin.tech","domain":"beenctutin.tech","tld":"tech"},"title":"n2dqs1oaly.beenctutin.tech/?email=bockinw@airproducts.com"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T03:59:49Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"ngowlontei.com","ip":{"addr":"103.145.227.123","port":0,"asn":139456,"as":"PT DEWAWEB","country":"Indonesia","country_code":"ID"},"domain_registered":"2023-12-18","domain_rank":0,"first_seen":"2023-12-18 17:14:21","last_seen":"2024-01-15 05:49:38","alert_count":1,"request_count":1,"received_data":554,"sent_data":555,"comment":"","tags":null,"fingerprints":null},{"fqdn":"7hj4s6kr.viddyms.com","ip":{"addr":"63.250.34.31","port":0,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"domain_registered":"2023-02-07","domain_rank":0,"first_seen":"2024-01-15 01:04:56","last_seen":"2024-01-15 06:02:45","alert_count":1,"request_count":1,"received_data":421,"sent_data":501,"comment":"","tags":null,"fingerprints":null},{"fqdn":"n2dqs1oaly.beenctutin.tech","ip":{"addr":"162.0.213.141","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"domain_registered":"2023-12-31","domain_rank":0,"first_seen":"2024-01-13 23:57:09","last_seen":"2024-01-15 04:22:31","alert_count":0,"request_count":2,"received_data":839,"sent_data":1078,"comment":"","tags":null,"fingerprints":null},{"fqdn":"nam10.safelinks.protection.outlook.com","ip":{"addr":"104.47.70.28","port":0,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United States","country_code":"US"},"domain_registered":"1994-08-18","domain_rank":14138,"first_seen":"2019-08-15 01:50:52","last_seen":"2024-01-12 17:17:07","alert_count":0,"request_count":1,"received_data":1657,"sent_data":1273,"comment":"","tags":null,"fingerprints":null},{"fqdn":"url7923.marsello.io","ip":{"addr":"52.201.101.52","port":0,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"domain_registered":"2018-04-11","domain_rank":688282,"first_seen":"2020-05-05 12:22:28","last_seen":"2024-01-15 05:45:08","alert_count":0,"request_count":1,"received_data":313,"sent_data":894,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fablelucy.kencang.id","ip":{"addr":"45.66.153.74","port":0,"asn":61317,"as":"Ipxo Uk Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2022-08-11","domain_rank":0,"first_seen":"2024-01-11 19:41:58","last_seen":"2024-01-15 06:02:43","alert_count":0,"request_count":1,"received_data":477,"sent_data":475,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft Outlook","verdict":"phishing","severity":"medium","comment":"","tags":["phishing","microsoft","outlook"],"meta":null}]},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"nam10.safelinks.protection.outlook.com/?url=https://url7923.marsello.io/ls/click?upn=Xn88PJeNIL29Y2OVpP6Ui2BQgEt6UMTYTBdR9hEd4p7mZb90Spktu5ExQj-2BQyXD2nL5e_ZhPcx6WPs4ZPfYHsVw3kGc95DdiOlu2Hqu3wtZDfTdxDhqDrDyhN4LIHSWlo-2Bo5W6aEC693CmZYOUsRsAHZjNaEcKbgyQ3mP5jH4DD-2FpfGKiASI9SN30UU1MCkZCZVsZyrq9MVCGMGEocOSLZDg0eQW-2BNKPgaxbuEevexLxX1H8yo7A3Xn09YUsFmRpRh8ExF6p9jNGlm09YSndCxcjPsci9tizfP2IT1Jyn-2FkIjPEmAzYwNSlzm-2F4Jwera3STBoI8t0ktPeEFf5t0nI5So0GW-2FlInxkWWpFSJHgOZOzfVtgT-2FFHascH6-2By5VKpyRATy%23mfytgutmd65fr/Ym9ja2lud0BhaXJwcm9kdWN0cy5jb20=\u0026data=05|02|PHISHY@airproducts.com|c8795611a9304041cd1d08dc159d5e26|950af35660254fdb96a0a9be6b893fec|0|0|638409012846503237|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|3000|||\u0026sdata=28g80SUa3xLXiZXNv0oRSruDezFvxAfDGOohfhosHNE=\u0026reserved=0","fqdn":"nam10.safelinks.protection.outlook.com","domain":"outlook.com","tld":"com"},"ip":{"addr":"104.47.70.28","port":0,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-01-15T07:48:37.261473318Z","timestamp":1705304917261,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /?url=https://url7923.marsello.io/ls/click?upn=Xn88PJeNIL29Y2OVpP6Ui2BQgEt6UMTYTBdR9hEd4p7mZb90Spktu5ExQj-2BQyXD2nL5e_ZhPcx6WPs4ZPfYHsVw3kGc95DdiOlu2Hqu3wtZDfTdxDhqDrDyhN4LIHSWlo-2Bo5W6aEC693CmZYOUsRsAHZjNaEcKbgyQ3mP5jH4DD-2FpfGKiASI9SN30UU1MCkZCZVsZyrq9MVCGMGEocOSLZDg0eQW-2BNKPgaxbuEevexLxX1H8yo7A3Xn09YUsFmRpRh8ExF6p9jNGlm09YSndCxcjPsci9tizfP2IT1Jyn-2FkIjPEmAzYwNSlzm-2F4Jwera3STBoI8t0ktPeEFf5t0nI5So0GW-2FlInxkWWpFSJHgOZOzfVtgT-2FFHascH6-2By5VKpyRATy%23mfytgutmd65fr/Ym9ja2lud0BhaXJwcm9kdWN0cy5jb20=\u0026data=05|02|PHISHY@airproducts.com|c8795611a9304041cd1d08dc159d5e26|950af35660254fdb96a0a9be6b893fec|0|0|638409012846503237|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|3000|||\u0026sdata=28g80SUa3xLXiZXNv0oRSruDezFvxAfDGOohfhosHNE=\u0026reserved=0 HTTP/1.1\r\nHost: nam10.safelinks.protection.outlook.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 302 Found\r\nCache-Control: private\r\nContent-Type: text/html; charset=utf-8\r\nLocation: https://url7923.marsello.io/ls/click?upn=Xn88PJeNIL29Y2OVpP6Ui2BQgEt6UMTYTBdR9hEd4p7mZb90Spktu5ExQj-2BQyXD2nL5e_ZhPcx6WPs4ZPfYHsVw3kGc95DdiOlu2Hqu3wtZDfTdxDhqDrDyhN4LIHSWlo-2Bo5W6aEC693CmZYOUsRsAHZjNaEcKbgyQ3mP5jH4DD-2FpfGKiASI9SN30UU1MCkZCZVsZyrq9MVCGMGEocOSLZDg0eQW-2BNKPgaxbuEevexLxX1H8yo7A3Xn09YUsFmRpRh8ExF6p9jNGlm09YSndCxcjPsci9tizfP2IT1Jyn-2FkIjPEmAzYwNSlzm-2F4Jwera3STBoI8t0ktPeEFf5t0nI5So0GW-2FlInxkWWpFSJHgOZOzfVtgT-2FFHascH6-2By5VKpyRATy#mfytgutmd65fr/Ym9ja2lud0BhaXJwcm9kdWN0cy5jb20=\r\nServer: Microsoft-IIS/10.0\r\nX-AspNetMvc-Version: 4.0\r\nX-SL-GetUrlReputation-Verdict: Good\r\nX-Robots-Tag: noindex, nofollow\r\nX-AspNet-Version: 4.0.30319\r\nX-ServerName: BN7NAM10WS028\r\nX-ServerVersion: 15.20.7181.016\r\nX-ServerLat: 40\r\nX-SafeLinks-Tracking-Id: 3bdde248-5eed-469f-7b4e-08dc159e61df\r\nX-Powered-By: ASP.NET\r\nX-Content-Type-Options: nosniff\r\nX-UA-Compatible: IE=Edge\r\nDate: Mon, 15 Jan 2024 07:48:36 GMT\r\nConnection: close\r\nContent-Length: 612\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":612,"size_decoded":612,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (540), with CRLF line terminators","md5":"5c909d9db4f9a18e1b1e17740deb26dc","sha1":"5893a2fd426a94e6060b9e6864580b69b7ee9445","sha256":"47a96eb644d981159824a66dca17bfe1df7e5b2d3306e1e5a3e2b88abd1a8ad8","sha512":"b194c6a68faf7394733a56702e40e85d8c5fe2c92610f3e305073c0f9a1333f43b11a43f433735f039aeb12359ad8b5ac9d268f996808fba0ea7d6b7eb152504","ssdeep":"","tlshash":"f8f002fe501ef50b098d5dde64d4793d54519b2f05e19b2007cbddf390dc921c96d682","first_seen":"2024-08-20T12:27:38.141785Z","last_seen":"2024-08-20T12:27:38.141785Z","times_seen":1,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"url7923.marsello.io/ls/click?upn=Xn88PJeNIL29Y2OVpP6Ui2BQgEt6UMTYTBdR9hEd4p7mZb90Spktu5ExQj-2BQyXD2nL5e_ZhPcx6WPs4ZPfYHsVw3kGc95DdiOlu2Hqu3wtZDfTdxDhqDrDyhN4LIHSWlo-2Bo5W6aEC693CmZYOUsRsAHZjNaEcKbgyQ3mP5jH4DD-2FpfGKiASI9SN30UU1MCkZCZVsZyrq9MVCGMGEocOSLZDg0eQW-2BNKPgaxbuEevexLxX1H8yo7A3Xn09YUsFmRpRh8ExF6p9jNGlm09YSndCxcjPsci9tizfP2IT1Jyn-2FkIjPEmAzYwNSlzm-2F4Jwera3STBoI8t0ktPeEFf5t0nI5So0GW-2FlInxkWWpFSJHgOZOzfVtgT-2FFHascH6-2By5VKpyRATy","fqdn":"url7923.marsello.io","domain":"marsello.io","tld":"io"},"ip":{"addr":"52.201.101.52","port":0,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-01-15T07:48:37.7396173Z","timestamp":1705304917739,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /ls/click?upn=Xn88PJeNIL29Y2OVpP6Ui2BQgEt6UMTYTBdR9hEd4p7mZb90Spktu5ExQj-2BQyXD2nL5e_ZhPcx6WPs4ZPfYHsVw3kGc95DdiOlu2Hqu3wtZDfTdxDhqDrDyhN4LIHSWlo-2Bo5W6aEC693CmZYOUsRsAHZjNaEcKbgyQ3mP5jH4DD-2FpfGKiASI9SN30UU1MCkZCZVsZyrq9MVCGMGEocOSLZDg0eQW-2BNKPgaxbuEevexLxX1H8yo7A3Xn09YUsFmRpRh8ExF6p9jNGlm09YSndCxcjPsci9tizfP2IT1Jyn-2FkIjPEmAzYwNSlzm-2F4Jwera3STBoI8t0ktPeEFf5t0nI5So0GW-2FlInxkWWpFSJHgOZOzfVtgT-2FFHascH6-2By5VKpyRATy HTTP/1.1\r\nHost: url7923.marsello.io\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/2 302 Found\r\ndate: Mon, 15 Jan 2024 07:48:37 GMT\r\ncontent-length: 0\r\nlocation: https://fablelucy.kencang.id/\r\nx-amzn-requestid: 14eb126b-412a-4423-be59-472dbab7eb4e\r\nx-amz-apigw-id: Rkh1aFOzIAMEJQQ=\r\nx-amzn-trace-id: Root=1-65a4e355-01cd3f26671a9c8c647ea183;Sampled=0;lineage=8945de1a:0\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-13T01:48:50.752837Z","times_seen":16373065,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"fablelucy.kencang.id/","fqdn":"fablelucy.kencang.id","domain":"kencang.id","tld":"id"},"ip":{"addr":"45.66.153.74","port":0,"asn":61317,"as":"Ipxo Uk Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-01-15T07:48:38.31266976Z","timestamp":1705304918312,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: fablelucy.kencang.id\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 121\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Mon, 15 Jan 2024 07:48:38 GMT\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":121,"size_decoded":167,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"9c5e648ac86bdca98b5774928310cc27","sha1":"55f5a7eb4c3353d80e68c34d3685aa58c070994a","sha256":"b6b67880019ca4b7b01b29cb9fd474c4d00b8b897dc02cfe4f42909985cc38fd","sha512":"d8b345d9d052f3b65a8e39abfaa1e99a84d8c1a7e1145ed637bb066da75e3c93569763a07ac27819be10eb3b280b9489d20cbadd074c0091b7b61a4762dde6d8","ssdeep":"","tlshash":"d7c08cc64cc191073ed200a18aab708c21ab40a9444dcdd286a0ce107e963dfce6bfc9","first_seen":"2024-01-12T08:44:59Z","last_seen":"2024-08-20T12:36:50.339854Z","times_seen":12,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ngowlontei.com/mfytgutmd65fr/Ym9ja2lud0BhaXJwcm9kdWN0cy5jb20=","fqdn":"ngowlontei.com","domain":"ngowlontei.com","tld":"com"},"ip":{"addr":"103.145.227.123","port":0,"asn":139456,"as":"PT DEWAWEB","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-01-15T07:48:39.480353339Z","timestamp":1705304919480,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /mfytgutmd65fr/Ym9ja2lud0BhaXJwcm9kdWN0cy5jb20= HTTP/1.1\r\nHost: ngowlontei.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fablelucy.kencang.id/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/2 200 OK\r\nrefresh: 0;url=http://7hj4s6kr.viddyms.com/?e=bockinw@airproducts.com\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 5\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Mon, 15 Jan 2024 07:48:39 GMT\r\nserver: LiteSpeed\r\nstrict-transport-security: max-age=15552000;includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":5,"size_decoded":1,"mime_type":"text/plain; charset=utf-8","magic":"very short file (no magic)","md5":"68b329da9893e34099c7d8ad5cb9c940","sha1":"adc83b19e793491b1c6ea0fd8b46cd9f32e592fc","sha256":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sha512":"be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09","ssdeep":"","tlshash":"c700000000000000c00000300000000030300000000000000000000000000000000000","first_seen":"2023-03-07T01:02:54Z","last_seen":"2026-06-13T01:51:27.428732Z","times_seen":214721,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft Outlook","verdict":"phishing","severity":"medium","comment":"","tags":["phishing","microsoft","outlook"],"meta":null}]}},{"url":{"schema":"http","addr":"7hj4s6kr.viddyms.com/?e=bockinw@airproducts.com","fqdn":"7hj4s6kr.viddyms.com","domain":"viddyms.com","tld":"com"},"ip":{"addr":"63.250.34.31","port":0,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-01-15T07:48:40.293909998Z","timestamp":1705304920293,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /?e=bockinw@airproducts.com HTTP/1.1\r\nHost: 7hj4s6kr.viddyms.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 15 Jan 2024 07:48:39 GMT\r\nServer: Apache\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\nContent-Length: 189\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=UTF-8\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":189,"size_decoded":346,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"d7c2f838f153f7906943a943e7801182","sha1":"e86324a886df656d1c867be75b3bc5ff37fefbbd","sha256":"f2c9ae06d0d94eb21a0434e210713cd7807c1c8b8439cf67db4cfbf8cbbd3e77","sha512":"9fd089ea43a600b171e78845ca7814c7b650ddbadcc14be84b44124d75babfaeee05f7391c25f31ef502e2c0041c348d4ed7b1a9c99514b3453ad6fd17e6876a","ssdeep":"","tlshash":"1ee07dcdce301cd12df651509ba6f55cd861009b084cd101f44cf4000f3112a98efef9","first_seen":"2024-08-20T12:27:38.150419Z","last_seen":"2024-08-20T12:27:38.150419Z","times_seen":1,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft Outlook","verdict":"phishing","severity":"medium","comment":"","tags":["phishing","microsoft","outlook"],"meta":null}]}},{"url":{"schema":"https","addr":"n2dqs1oaly.beenctutin.tech/?email=bockinw@airproducts.com","fqdn":"n2dqs1oaly.beenctutin.tech","domain":"beenctutin.tech","tld":"tech"},"ip":{"addr":"162.0.213.141","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-01-15T07:48:40.417Z","timestamp":1705304920417,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"ECDSA-P521-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"n2dqs1oaly.beenctutin.tech","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sat, 13 Jan 2024 22:00:15 GMT","end":"Fri, 12 Apr 2024 22:00:14 GMT"},"fingerprint":{"sha1":"C8:6B:9C:92:EA:09:8C:68:3D:55:57:43:D7:A0:63:E9:CB:1A:E9:FA","sha256":"67:A9:2C:86:40:C0:64:C2:3D:AD:5B:EF:89:E3:10:04:B3:8C:F0:AF:94:48:56:AC:DC:FB:DD:67:7B:34:37:C3"}}},"request":{"raw":"GET /?email=bockinw@airproducts.com HTTP/1.1\r\nHost: n2dqs1oaly.beenctutin.tech\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://7hj4s6kr.viddyms.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Mon, 15 Jan 2024 07:48:41 GMT\r\nServer: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips\r\nX-Powered-By: PHP/7.4.1\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nSet-Cookie: PHPSESSID=e60f46e11449e05b67d99f4c80f0efb9; path=/\r\nVary: User-Agent\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nTransfer-Encoding: chunked\r\nContent-Type: text/html; charset=UTF-8\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-13T01:48:50.752837Z","times_seen":16373065,"resource_available":true,"data":null}},"time_used":2017,"timings":{"blocked":864,"dns":349,"connect":169,"send":0,"wait":286,"receive":2,"ssl":345},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"n2dqs1oaly.beenctutin.tech/favicon.ico","fqdn":"n2dqs1oaly.beenctutin.tech","domain":"beenctutin.tech","tld":"tech"},"ip":{"addr":"162.0.213.141","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://n2dqs1oaly.beenctutin.tech/?email=bockinw@airproducts.com","date":"2024-01-15T07:48:41.685Z","timestamp":1705304921685,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"ECDSA-P521-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"n2dqs1oaly.beenctutin.tech","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sat, 13 Jan 2024 22:00:15 GMT","end":"Fri, 12 Apr 2024 22:00:14 GMT"},"fingerprint":{"sha1":"C8:6B:9C:92:EA:09:8C:68:3D:55:57:43:D7:A0:63:E9:CB:1A:E9:FA","sha256":"67:A9:2C:86:40:C0:64:C2:3D:AD:5B:EF:89:E3:10:04:B3:8C:F0:AF:94:48:56:AC:DC:FB:DD:67:7B:34:37:C3"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: n2dqs1oaly.beenctutin.tech\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://n2dqs1oaly.beenctutin.tech/?email=bockinw@airproducts.com\r\nCookie: PHPSESSID=e60f46e11449e05b67d99f4c80f0efb9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Mon, 15 Jan 2024 07:48:41 GMT\r\nServer: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips\r\nX-Powered-By: PHP/7.4.1\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nVary: User-Agent\r\nKeep-Alive: timeout=5, max=99\r\nConnection: Keep-Alive\r\nTransfer-Encoding: chunked\r\nContent-Type: text/html; charset=UTF-8\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-13T01:48:50.752837Z","times_seen":16373065,"resource_available":true,"data":null}},"time_used":223,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":219,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}