Report - micronotifications.com/landing/form/24ec28dc-dc6c-4e15-aa9c-d6cb64ff2976

Report Overview

Visited public
2023-09-24 01:00:41
Tags
URL
micronotifications.com/landing/form/24ec28dc-dc6c-4e15-aa9c-d6cb64ff2976
Finishing URL
micronotifications.com/landing/form/24ec28dc-dc6c-4e15-aa9c-d6cb64ff2976
IP / ASN
54.152.90.53
#14618 AMAZON-AES
Title
TFX Q3 Microsoft Sign In

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
firefox-settings-attachments.cdn.mozilla.net	11509	1998-01-31	2019-11-30 10:32:57	2023-09-23 15:09:16	402 B	818 kB	34.117.121.53
aadcdn.msftauth.net	1455	2018-10-25	2018-11-19 11:50:32	2023-09-23 21:08:11	499 B	1.5 kB	152.199.23.37
ocsp.r2m01.amazontrust.com	unknown	2007-05-11	2022-10-12 22:43:53	2023-09-24 00:31:38	340 B	942 B	54.230.80.227
s3.amazonaws.com	unknown	2005-08-18	2020-05-13 22:53:44	2023-09-21 00:21:58	468 B	4.0 kB	52.217.233.128
ocsp.r2m02.amazontrust.com	unknown	2007-05-11	2022-10-12 16:01:39	2023-09-24 00:22:42	340 B	863 B	54.230.80.227
micronotifications.com	unknown	2019-12-16	2022-07-03 08:17:24	2023-09-23 10:38:04	1.3 kB	6.1 kB	54.152.90.53

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-09-23	medium	micronotifications.com/landing/form/24ec28dc-dc6c-4e15-aa9c-d6cb64ff2976	Office365

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	micronotifications.com/landing/form/24ec28dc-dc6c-4e15-aa9c-d6cb64ff2976	ScriptElement	0 B	0001-01-01	2025-05-11
Pretty URL micronotifications.com/landing/form/24ec28dc-dc6c-4e15-aa9c-d6cb64ff2976 IP 54.152.90.53 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-11 05:18 Times Seen4650868 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (8)

URL IP Response Size

ocsp.r2m02.amazontrust.com/

54.230.80.227

471 B

URL
ocsp.r2m02.amazontrust.com/
IP
54.230.80.227:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
d730c108b85d1a4137425165c46d956e
53b0e149cfa833907be52e2d715d924f916afb2a
3f1188844332c12992b02bac717fa5a5183a0970e00d223d0810fc6ae3337bfa

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: max-age=7200
Date: Sun, 24 Sep 2023 01:00:24 GMT
Server: ECAcc (amb/6B0A)
X-Cache: Miss from cloudfront
Via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 3HCXWfy2TEtVAN9f00IEG-TdwH_fwEAzDnJQsRCFtn5TpiQhovf-Bw==

micronotifications.com/landing/form/24ec28dc-dc6c-4e15-aa9c-d6cb64ff2976

54.152.90.53

200 OK

1.3 kB

URL User Request GET HTTP/1.1
micronotifications.com/landing/form/24ec28dc-dc6c-4e15-aa9c-d6cb64ff2976
IP
54.152.90.53:80
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1038)
Size
1.3 kB (1256 bytes)
Hash
545c3d620be75bafc327df5bc6bfb3f7
28a4a5bd89b2fd931e63cb7cf48aadfd221777a4
2448535219939cb62a90cdef7e04bc68d0bf6a014fbbb5816b75ad3660fcbd84

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Office365

HTTP Headers

GET /landing/form/24ec28dc-dc6c-4e15-aa9c-d6cb64ff2976 HTTP/1.1
Host: micronotifications.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 24 Sep 2023 01:00:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
X-Frame-Options: SAMEORIGIN
Referrer-Policy: unsafe-url
Set-Cookie: csrf=CNbX0UQXkJp%2FXCC4FKAVljk3Mzg3MTNkMjVmNmUxZTliODlkOGFjOTU0NTQ1MTZmY2JmZjBjYzQ%3D; path=/; secure
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Encoding: gzip

firefox-settings-attachments.cdn.mozilla.net/staging/addons-bloomfilters/6c7d9b78-4642-461c-9b2d-b802ccd7a1d5.bin

34.117.121.53

817 kB

URL
firefox-settings-attachments.cdn.mozilla.net/staging/addons-bloomfilters/6c7d9b78-4642-461c-9b2d-b802ccd7a1d5.bin
IP
34.117.121.53:0
ASN
#15169 GOOGLE

File type
data
Size
817 kB (817083 bytes)
Hash
6b5b15372ca108d4b33caf02ed016f3e
13df17583626a0987070dde4340f876d08c401c0
9c890391b90d43bf692755185bfa1780ee051467ae9a2775759d9866f4546664

HTTP Headers

GET /staging/addons-bloomfilters/6c7d9b78-4642-461c-9b2d-b802ccd7a1d5.bin HTTP/1.1
Host: firefox-settings-attachments.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-guploader-uploadid: ADPycduudMXaam7-DgIQSF51hOhVv4i5TOq9uZVcgTT3e579cV6zd41LlCb1vqKvmz-TGcvQxKSTUqA6JuNGh_XqV4TYJc9gO1eU
x-goog-generation: 1690223885754624
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 817083
x-goog-hash: crc32c=NmyCHA==, md5=a1sVNyyhCNSzPK8C7QFvPg==
x-goog-storage-class: STANDARD
accept-ranges: bytes
content-length: 817083
server: UploadServer
date: Sat, 23 Sep 2023 15:48:57 GMT
cache-control: public,max-age=604800
age: 33088
last-modified: Mon, 24 Jul 2023 18:38:05 GMT
etag: "6b5b15372ca108d4b33caf02ed016f3e"
content-type: application/octet-stream
alt-svc: clear
X-Firefox-Spdy: h2

micronotifications.com/css/data-entry.css

54.152.90.53

200 OK

3.6 kB

URL GET HTTP/1.1
micronotifications.com/css/data-entry.css
IP
54.152.90.53:80
ASN
#14618 AMAZON-AES

Requested by
http://micronotifications.com/landing/form/24ec28dc-dc6c-4e15-aa9c-d6cb64ff2976

File type
ASCII text, with very long lines (3511)
Size
3.6 kB (3555 bytes)
Hash
8ecb8bdcfcf4e73226e8368c39295396
25586bdd2a472da70d81e2b897fb0589f2512881
30bda66ee6cdb4f4c92eab68e513be2c22677c3fead22008ea5a3bef44f590b6

HTTP Headers

GET /css/data-entry.css HTTP/1.1
Host: micronotifications.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://micronotifications.com/landing/form/24ec28dc-dc6c-4e15-aa9c-d6cb64ff2976
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 24 Sep 2023 01:00:25 GMT
Content-Type: text/css
Content-Length: 3555
Connection: keep-alive
Server: nginx
Last-Modified: Fri, 22 Sep 2023 19:46:26 GMT
ETag: "650def12-de3"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=63072000; includeSubDomains
Accept-Ranges: bytes

aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg

152.199.23.37

200 OK

673 B

URL GET HTTP/2
aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
IP
152.199.23.37:443
ASN
#15133 EDGECAST

Requested by
http://micronotifications.com/landing/form/24ec28dc-dc6c-4e15-aa9c-d6cb64ff2976
Certificate
IssuerDigiCert Inc
Subjectaadcdn.msftauth.net
Fingerprint99:06:D8:1E:EC:BF:DB:78:DF:F4:89:A3:ED:23:07:3D:79:F1:16:D6
ValidityTue, 31 Jan 2023 00:00:00 GMT - Wed, 31 Jan 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1864), with no line terminators
Size
673 B (673 bytes)
Hash
bc3d32a696895f78c19df6c717586a5d
9191cb156a30a3ed79c44c0a16c95159e8ff689d
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68

HTTP Headers

GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1
Host: aadcdn.msftauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://micronotifications.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 8741184
cache-control: public, max-age=31536000
content-md5: DhdidjYrlCeaRJJRG/y9mA==
content-type: image/svg+xml
date: Sun, 24 Sep 2023 01:00:25 GMT
etag: 0x8D7B007297AE131
last-modified: Wed, 12 Feb 2020 22:01:50 GMT
server: ECAcc (ska/F732)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 68d21ab8-f01e-0076-6702-9f059f000000
x-ms-version: 2009-09-19
content-length: 673
X-Firefox-Spdy: h2

ocsp.r2m01.amazontrust.com/

54.230.80.227

471 B

URL
ocsp.r2m01.amazontrust.com/
IP
54.230.80.227:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
79ee988f440e9b4331a8f7ea0f4e3f22
e62cd419598065177a3416df4c6c831592864f7c
8de4ca9648bab121ae06ff0fdf5611de51d3693fb866be673019d8097ee0c8d4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sun, 24 Sep 2023 01:00:25 GMT
Last-Modified: Sat, 23 Sep 2023 23:52:37 GMT
Server: ECAcc (ska/F77E)
X-Cache: Miss from cloudfront
Via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: HdV7DWfOXHjhF-B-zPU2zhDJPQA8l5b10JYYTpCqmBOAqf7qHHVBiQ==
Age: 4068

s3.amazonaws.com/securityiq/phishing-templates/microsoft_logo.svg

52.217.233.128

200 OK

3.7 kB

URL GET HTTP/1.1
s3.amazonaws.com/securityiq/phishing-templates/microsoft_logo.svg
IP
52.217.233.128:443
ASN
#16509 AMAZON-02

Requested by
http://micronotifications.com/landing/form/24ec28dc-dc6c-4e15-aa9c-d6cb64ff2976
Certificate
IssuerAmazon
Subjects3.amazonaws.com
Fingerprint67:DA:E5:A8:3A:B6:82:5D:58:AF:E5:1F:FA:FD:21:50:62:F9:60:06
ValidityMon, 10 Jul 2023 00:00:00 GMT - Fri, 21 Jun 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (3651), with no line terminators
Size
3.7 kB (3651 bytes)
Hash
ee5c8d9fb6248c938fd0dc19370e90bd
d01a22720918b781338b5bbf9202b241a5f99ee4
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

HTTP Headers

GET /securityiq/phishing-templates/microsoft_logo.svg HTTP/1.1
Host: s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://micronotifications.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: K1w3TvIa5l2NLBfcLjW1/5S71rySUMopwuLPPTUHVPXUCQxqGZtVr7kj8XBOUQ5QiQ3IvBZ/3B8=
x-amz-request-id: 07XQVFVT6N637GNR
Date: Sun, 24 Sep 2023 01:00:26 GMT
Last-Modified: Mon, 20 Aug 2018 19:02:45 GMT
ETag: "ee5c8d9fb6248c938fd0dc19370e90bd"
Accept-Ranges: bytes
Content-Type: image/svg+xml
Server: AmazonS3
Content-Length: 3651

micronotifications.com/favicon.ico

54.152.90.53

404 Not Found

107 B

URL GET HTTP/1.1
micronotifications.com/favicon.ico
IP
54.152.90.53:80
ASN
#14618 AMAZON-AES

Requested by
http://micronotifications.com/landing/form/24ec28dc-dc6c-4e15-aa9c-d6cb64ff2976

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
107 B (107 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: micronotifications.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://micronotifications.com/landing/form/24ec28dc-dc6c-4e15-aa9c-d6cb64ff2976
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Sun, 24 Sep 2023 01:00:26 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Encoding: gzip

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (8)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by