Report - netsecure-adp.securitytactics.com/index.php/c29uYWxAY2FtYnJpZGdlcGF2ZXJzLmNvbQ==

Report Overview

Visited public
2023-09-01 00:57:23
Tags
phishing microsoft outlook
URL
netsecure-adp.securitytactics.com/index.php/c29uYWxAY2FtYnJpZGdlcGF2ZXJzLmNvbQ==
Finishing URL
us-central-1.fybeobjects.com/e2aca8d662a24c20af58f173609fde4a:web-flie/NETAD.html#
IP / ASN
162.240.234.26
#46606 UNIFIEDLAYER-AS-1
Title
Sign in to Outlook
Phishing - Microsoft Outlook

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
us-central-1.fybeobjects.com	unknown	2023-03-27	2023-08-11 03:52:26	2023-08-23 03:32:59	1.1 kB	1.9 kB	62.146.176.154
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2023-08-31 05:10:57	516 B	6.9 kB	104.17.24.14
code.jquery.com	634	2005-12-10	2012-05-21 19:28:02	2023-08-31 05:13:32	438 B	30 kB	69.16.175.10
aadcdn.msauth.net	1421	2018-10-25	2018-11-19 11:50:03	2023-08-31 05:13:33	1.5 kB	6.6 kB	13.107.213.53
na8-documentsign.online	unknown	2023-08-04	2023-08-04 09:36:14	2023-08-22 04:58:18	2.6 kB	340 kB	162.240.234.26
codesandbox.io	95492	2016-11-23	2017-04-04 08:52:33	2023-08-31 08:52:10	1.4 kB	100 kB	104.18.33.149

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-09-01 00:56:54	medium	Client IP	Internal IP	ET POLICY DNS Query to DynDNS Domain *.securitytactics .com
2023-09-01 00:56:54	medium	Client IP	Internal IP	ET POLICY DNS Query to DynDNS Domain *.securitytactics .com
2023-09-01 00:56:54	medium	Client IP	Internal IP	ET POLICY DNS Query to DynDNS Domain *.securitytactics .com
2023-09-01 00:56:54	medium	Client IP	Internal IP	ET POLICY DNS Query to DynDNS Domain *.securitytactics .com
2023-09-01 00:56:55	medium	Client IP	Internal IP	ET POLICY DNS Query to DynDNS Domain *.securitytactics .com
2023-09-01 00:56:56	low	Client IP	Internal IP	ET INFO Peer to Peer File Sharing Service in DNS Lookup (cloudflare-ipfs .com)
2023-09-01 00:56:56	low	Client IP	Internal IP	ET INFO Peer to Peer File Sharing Service in DNS Lookup (cloudflare-ipfs .com)
2023-09-01 00:56:56	low	Client IP	104.17.64.14	ET INFO Peer to Peer File Sharing Service Domain in TLS SNI (cloudflare-ipfs .com)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-08-31	medium	us-central-1.fybeobjects.com/e2aca8d662a24c20af58f173609fde4a:web-flie/NETAD.html	Office365

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (5)

	URL	From	Size	First Seen	Last Seen
	na8-documentsign.online/%E0%AE%8E%E0%AE%B4%E0%AF%81%E0%AE%A4%E0%AF%8D%E0%AE%A4%E0%AF%81%E0%AE%95%E0%AF%8D%E0%AE%95%E0%AE%B3%E0%AF%8D/%E0%AE%AE%E0%AF%86%E0%AE%AF%E0%AF%8D%E0%AE%AF%E0%AF%86%E0%AE%B4%E0%AF%81%E0%AE%A4%E0%AF%8D%E0%AE%A4%E0%AF%81/%D1%84%D1%80%D1%83%CC%81%D0%BA%D1%82%D1%8B/%D9%85%D8%AC%D9%87%D9%88%D9%84%D8%A7%D9%84%D8%A3%D8%B6%D9%88%D8%A7%D8%A1/=-===/host22/admin/js/sc.php	ScriptElement	819 B	2023-08-21	2024-09-19
Pretty URL na8-documentsign.online/%E0%AE%8E%E0%AE%B4%E0%AF%81%E0%AE%A4%E0%AF%8D%E0%AE%A4%E0%AF%81%E0%AE%95%E0%AF%8D%E0%AE%95%E0%AE%B3%E0%AF%8D/%E0%AE%AE%E0%AF%86%E0%AE%AF%E0%AF%8D%E0%AE%AF%E0%AF%86%E0%AE%B4%E0%AF%81%E0%AE%A4%E0%AF%8D%E0%AE%A4%E0%AF%81/%D1%84%D1%80%D1%83%CC%81%D0%BA%D1%82%D1%8B/%D9%85%D8%AC%D9%87%D9%88%D9%84%D8%A7%D9%84%D8%A3%D8%B6%D9%88%D8%A7%D8%A1/=-===/host22/admin/js/sc.php IP 162.240.234.26 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-21 19:21 Last Seen2024-09-19 20:15 Times Seen2546 Hash 29fd4b7043d4ad8b60c708fa6e7acd46 89f2913a9a378e967451f0a451fad248f598ec60 28b563456ae25b6e7b93271b10fec852df4a7a2de1eb6f292c18aa68ac577c64 Loading...

	code.jquery.com/jquery-3.1.1.min.js	ScriptElement	87 kB	2023-03-07	2025-06-14
Pretty URL code.jquery.com/jquery-3.1.1.min.js IP 69.16.175.10 ASN #20446 STACKPATH-CDN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-14 14:29 Times Seen114548 Hash e071abda8fe61194711cfc2ab99fe104 f647a6d37dc4ca055ced3cf64bbc1f490070acba 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf Loading...

	unknown	ScriptElement	10 kB	2023-08-21	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-21 19:21 Last Seen2024-08-21 08:19 Times Seen2018 Hash bc5a64b49fba1be688e7e05db20e6d76 121c8d05da4ffe58ac4727b4d6f7e2fba417529d b50959f7a87978609cf008c94eb633b5124394984b5e3f00ad9abbf5e4acc3ce Loading...

		Size	First Seen	Last Seen
	#1 Eval - 9e925e9341b490bfd3b4c4ca3b0c1ef2	4 B	2023-03-07 01:03	2025-06-14 16:12
Pretty Observations First Seen2023-03-07 01:03 Last Seen2025-06-14 16:12 Times Seen378450 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

		Size	First Seen	Last Seen
	#1 Write - 757c5c465d2f87be8de0dbec0937a18b	254 kB	2023-08-31 19:49	2024-08-21 07:41
Pretty Observations First Seen2023-08-31 19:49 Last Seen2024-08-21 07:41 Times Seen35 Hash 757c5c465d2f87be8de0dbec0937a18b ee8c3b4582ff45108aaa208fe3131478003098c7 9b61ea7d584b860db9417dfba4c3e1e8007532752078ed8e26e8ce84050d54a6 Loading...

HTTP Transactions (13)

URL IP Response Size

codesandbox.io/static/js/watermark-button.f4f9aed52.js

104.18.33.149

1.3 kB

URL
codesandbox.io/static/js/watermark-button.f4f9aed52.js
IP
104.18.33.149:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (2734)
Size
1.3 kB (1260 bytes)
Hash
8d1b32d2c888e49391b924d7ee395c1f
c4ea654d576151a063040734935cfd7cf2a7fa77
f74bf2cf5a8225beb66712ff4e859c5d4ba9c24123e6de2f427b4b9fde408928

HTTP Headers

GET /static/js/watermark-button.f4f9aed52.js HTTP/1.1
Host: codesandbox.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://rydfzp.csb.app
DNT: 1
Connection: keep-alive
Referer: https://rydfzp.csb.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 01 Sep 2023 00:57:07 GMT
content-type: application/javascript
last-modified: Tue, 29 Aug 2023 08:39:13 GMT
vary: Accept-Encoding
etag: W/"64edaeb1-ae5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
access-control-allow-methods: GET
via: 1.1 google
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 25691
set-cookie: _cfuvid=kFyUW_cqcUDnw1kFkeixMRZrmIQXPeMB.4jn20LWW8g-1693529827058-0-604800000; path=/; domain=.codesandbox.io; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7ff98eab0d770b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

codesandbox.io/static/browserfs12/browserfs.min.js

104.18.33.149

61 kB

URL
codesandbox.io/static/browserfs12/browserfs.min.js
IP
104.18.33.149:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (58036)
Size
61 kB (61086 bytes)
Hash
e9385d9db309577674b8639fa0b061c4
b2e1db9126dc513c7113b27437e294be24a5e9a7
f71171d6ad30eed99e7680835128f8923c8ee43f70a316eb9f8e337a1e190080

HTTP Headers

GET /static/browserfs12/browserfs.min.js HTTP/1.1
Host: codesandbox.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rydfzp.csb.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Sep 2023 00:57:07 GMT
content-type: application/javascript
last-modified: Thu, 22 Apr 2021 14:00:04 GMT
vary: Accept-Encoding
etag: W/"60818164-39fc5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
access-control-allow-methods: GET
via: 1.1 google
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 329185
set-cookie: _cfuvid=D.cmLIAjhe6pUSFxblUzKngjhZy5sQUbzK8lgRFH61Y-1693529827082-0-604800000; path=/; domain=.codesandbox.io; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7ff98eab3cda0b41-OSL
content-encoding: br
X-Firefox-Spdy: h2

codesandbox.io/static/js/vendors~app~embed~sandbox-startup.6c550ef8a.chunk.js

104.18.33.149

36 kB

URL
codesandbox.io/static/js/vendors~app~embed~sandbox-startup.6c550ef8a.chunk.js
IP
104.18.33.149:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (16994)
Size
36 kB (35466 bytes)
Hash
604aa4a30d6c2e6b7f2cb4f5dffe89fc
4e1d57d08940b1566a8efa0f46c8b67c727bee47
b259859214daed2ec451f496d4b5ca8cd9cf13057bf10ab33e8d538c0c8b0ca7

HTTP Headers

GET /static/js/vendors~app~embed~sandbox-startup.6c550ef8a.chunk.js HTTP/1.1
Host: codesandbox.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://rydfzp.csb.app
DNT: 1
Connection: keep-alive
Referer: https://rydfzp.csb.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Sep 2023 00:57:07 GMT
content-type: application/javascript
last-modified: Tue, 29 Aug 2023 08:39:13 GMT
vary: Accept-Encoding
etag: W/"64edaeb1-42b0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
access-control-allow-methods: GET
via: 1.1 google
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 42692
set-cookie: _cfuvid=pBAp.PrCqC4AIqeq8wRRdHwuQn1fEdWR0FhAx3p0Vzs-1693529827065-0-604800000; path=/; domain=.codesandbox.io; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7ff98eab1d7a0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

us-central-1.fybeobjects.com/favicon.ico

62.146.176.154

401 Unauthorized

26 B

URL GET HTTP/1.1
us-central-1.fybeobjects.com/favicon.ico
IP
62.146.176.154:443
ASN
#15598 IP Exchange GmbH

Requested by
https://us-central-1.fybeobjects.com/e2aca8d662a24c20af58f173609fde4a:web-flie/NETAD.html#sonal@cambridgepavers.com
Certificate
IssuerLet's Encrypt
Subject*.fybeobjects.com
Fingerprint17:78:EE:6B:B8:D7:3E:7F:B1:1E:CB:D8:B3:39:6E:21:20:8C:14:B7
ValidityFri, 25 Aug 2023 06:31:44 GMT - Thu, 23 Nov 2023 06:31:43 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
26 B (26 bytes)
Hash
6beba43f75111faeb2f4f15e3063e515
a658c7b65a35dbb258251e04fd160e3dbeae71bc
3e7db788e384631f8a9f299d1797e6f8af6d16d643a1c91f9e83ae15212de45c

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: us-central-1.fybeobjects.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://us-central-1.fybeobjects.com/e2aca8d662a24c20af58f173609fde4a:web-flie/NETAD.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 401 Unauthorized
date: Fri, 01 Sep 2023 00:57:09 GMT
content-type: application/json; charset=utf-8
content-length: 26
access-control-allow-origin: *
strict-transport-security: max-age=16000000; includeSubDomains; preload;

cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css

104.17.24.14

200 OK

5.9 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://us-central-1.fybeobjects.com/e2aca8d662a24c20af58f173609fde4a:web-flie/NETAD.html#sonal@cambridgepavers.com
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (372)
Size
5.9 kB (5872 bytes)
Hash
c495654869785bc3df60216616814ad1
0140952c64e3f2b74ef64e050f2fe86eab6624c8
36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c

HTTP Headers

GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://us-central-1.fybeobjects.com
DNT: 1
Connection: keep-alive
Referer: https://us-central-1.fybeobjects.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Sep 2023 00:57:11 GMT
content-type: text/css; charset=utf-8
content-length: 5872
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "64942a3a-16f0"
last-modified: Thu, 22 Jun 2023 11:02:18 GMT
cf-cdnjs-via: cfworker/r2
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 74079
expires: Wed, 21 Aug 2024 00:57:11 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CqypoX1GFhH1bKdGxu5HhGCr97f8pSAKzFmrWRDItZQv5beaqFVPXvjmWsHex3QuFiqr6K51YKY9A6K3G6uNuKbW3JSAAxvDhtoiBvndmsQbC5UGTiCfDVUYQc42Pz%2FLwYEjLR5I"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7ff98ec82fb45694-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.1.1.min.js

69.16.175.10

200 OK

30 kB

URL GET HTTP/2
code.jquery.com/jquery-3.1.1.min.js
IP
69.16.175.10:443
ASN
#20446 STACKPATH-CDN

Requested by
https://us-central-1.fybeobjects.com/e2aca8d662a24c20af58f173609fde4a:web-flie/NETAD.html#sonal@cambridgepavers.com
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (32030)
Size
30 kB (30070 bytes)
Hash
e071abda8fe61194711cfc2ab99fe104
f647a6d37dc4ca055ced3cf64bbc1f490070acba
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

HTTP Headers

GET /jquery-3.1.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://us-central-1.fybeobjects.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 01 Sep 2023 00:57:11 GMT
content-encoding: gzip
content-length: 30070
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-152b5"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1693529831.dop232.sk1.t,1693529831.cds231.sk1.hn,1693529831.cds010.sk1.c
X-Firefox-Spdy: h2

aadcdn.msauth.net/shared/1.0/content/images/picker_verify_sms_27a6d18b56f46818420e60a773c36d4e.svg

13.107.213.53

200 OK

199 B

URL GET HTTP/2
aadcdn.msauth.net/shared/1.0/content/images/picker_verify_sms_27a6d18b56f46818420e60a773c36d4e.svg
IP
13.107.213.53:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://us-central-1.fybeobjects.com/e2aca8d662a24c20af58f173609fde4a:web-flie/NETAD.html#sonal@cambridgepavers.com
Certificate
IssuerDigiCert Inc
Subjectaadcdn.msauth.net
Fingerprint44:5F:75:46:1C:BE:AF:E4:F2:BF:F3:04:1D:0B:56:0F:EE:DA:A0:96
ValiditySat, 29 Jul 2023 00:00:00 GMT - Mon, 29 Jul 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with no line terminators
Size
199 B (199 bytes)
Hash
27a6d18b56f46818420e60a773c36d4e
346ec247500fddc51cc1d85b8f4b9a343f7a48d3
8ed8f3acb9b87f99e42c74463d4e2be96ee85b8a87cd6eb874295ace420a5904

HTTP Headers

GET /shared/1.0/content/images/picker_verify_sms_27a6d18b56f46818420e60a773c36d4e.svg HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://us-central-1.fybeobjects.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 199
content-type: image/svg+xml
content-encoding: gzip
content-md5: Ibdh8rH9N/WH1yIgI7CSdg==
last-modified: Fri, 17 Jan 2020 19:28:39 GMT
etag: 0x8D79B8374CE7F93
x-cache: TCP_HIT
x-ms-request-id: 0f09f4d4-001e-003f-34c8-d09f7d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 06efdZAAAAADGUUOxjKoJRZK9sROFUCiVQU1TMDRFREdFMTkxNgAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 05zbxZAAAAACkk4X05Q1BTLJ7PLmwO8LyU1ZHMjBFREdFMDUyMQAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Fri, 01 Sep 2023 00:57:11 GMT
X-Firefox-Spdy: h2

aadcdn.msauth.net/shared/1.0/content/images/picker_verify_fluent_authenticator_b59c16ca9bf156438a8a96d45e33db64.svg

13.107.213.53

200 OK

2.4 kB

URL GET HTTP/2
aadcdn.msauth.net/shared/1.0/content/images/picker_verify_fluent_authenticator_b59c16ca9bf156438a8a96d45e33db64.svg
IP
13.107.213.53:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://us-central-1.fybeobjects.com/e2aca8d662a24c20af58f173609fde4a:web-flie/NETAD.html#sonal@cambridgepavers.com
Certificate
IssuerDigiCert Inc
Subjectaadcdn.msauth.net
Fingerprint44:5F:75:46:1C:BE:AF:E4:F2:BF:F3:04:1D:0B:56:0F:EE:DA:A0:96
ValiditySat, 29 Jul 2023 00:00:00 GMT - Mon, 29 Jul 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (4714), with CRLF line terminators
Size
2.4 kB (2407 bytes)
Hash
b59c16ca9bf156438a8a96d45e33db64
4e51b7d3477414b220f688adabd76d3ae6472ee3
a7ee799dd5b6f6dbb70b043b766362a6724e71458f9839306c995f06b218c2f8

HTTP Headers

GET /shared/1.0/content/images/picker_verify_fluent_authenticator_b59c16ca9bf156438a8a96d45e33db64.svg HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://us-central-1.fybeobjects.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 2407
content-type: image/svg+xml
content-encoding: gzip
content-md5: nTculR1Fom7eLci0F6rk+A==
last-modified: Fri, 11 Mar 2022 11:11:29 GMT
etag: 0x8DA034FE445C10D
x-cache: TCP_HIT
x-ms-request-id: 335279ad-e01e-0059-77cb-d12753000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0v9ffZAAAAAC0FxlnCuZ5T78u3d19eQOHQU1TMDRFREdFMTgyMgAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 05zbxZAAAAAAUZlBuVAIQTLysGiTokWkWU1ZHMjBFREdFMDUyMQAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Fri, 01 Sep 2023 00:57:11 GMT
X-Firefox-Spdy: h2

aadcdn.msauth.net/shared/1.0/content/images/picker_verify_call_fe87496cc7a44412f7893a72099c120a.svg

13.107.213.53

200 OK

1.2 kB

URL GET HTTP/2
aadcdn.msauth.net/shared/1.0/content/images/picker_verify_call_fe87496cc7a44412f7893a72099c120a.svg
IP
13.107.213.53:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://us-central-1.fybeobjects.com/e2aca8d662a24c20af58f173609fde4a:web-flie/NETAD.html#sonal@cambridgepavers.com
Certificate
IssuerDigiCert Inc
Subjectaadcdn.msauth.net
Fingerprint44:5F:75:46:1C:BE:AF:E4:F2:BF:F3:04:1D:0B:56:0F:EE:DA:A0:96
ValiditySat, 29 Jul 2023 00:00:00 GMT - Mon, 29 Jul 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (2905), with no line terminators
Size
1.2 kB (1173 bytes)
Hash
fe87496cc7a44412f7893a72099c120a
a0c1458c08a815df63d3cb0406d60be6607ca699
55ce3b0ce5bc71339308107982cd7671f96014256ded0be36dc8062e64c847f1

HTTP Headers

GET /shared/1.0/content/images/picker_verify_call_fe87496cc7a44412f7893a72099c120a.svg HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://us-central-1.fybeobjects.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 1173
content-type: image/svg+xml
content-encoding: gzip
content-md5: XHrPYKKsqlxUvysuxtSE2A==
last-modified: Fri, 17 Jan 2020 19:28:39 GMT
etag: 0x8D79B83749623C9
x-cache: TCP_HIT
x-ms-request-id: 12c8e789-701e-0030-6656-d51662000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0mFLmZAAAAACdHZ3GHVWRSLtyEb/GVLfBQU1TMDRFREdFMTkxMQAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 05zbxZAAAAADnJMloeqRURK/QTqSOUaM/U1ZHMjBFREdFMDUyMQAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Fri, 01 Sep 2023 00:57:11 GMT
X-Firefox-Spdy: h2

na8-documentsign.online/%E0%AE%8E%E0%AE%B4%E0%AF%81%E0%AE%A4%E0%AF%8D%E0%AE%A4%E0%AF%81%E0%AE%95%E0%AF%8D%E0%AE%95%E0%AE%B3%E0%AF%8D/%E0%AE%AE%E0%AF%86%E0%AE%AF%E0%AF%8D%E0%AE%AF%E0%AF%86%E0%AE%B4%E0%AF%81%E0%AE%A4%E0%AF%8D%E0%AE%A4%E0%AF%81/%D1%84%D1%80%D1%83%CC%81%D0%BA%D1%82%D1%8B/%D9%85%D8%AC%D9%87%D9%88%D9%84%D8%A7%D9%84%D8%A3%D8%B6%D9%88%D8%A7%D8%A1/=-===/host22/ff0db2a.php

162.240.234.26

200 OK

338 kB

URL POST HTTP/2
na8-documentsign.online/%E0%AE%8E%E0%AE%B4%E0%AF%81%E0%AE%A4%E0%AF%8D%E0%AE%A4%E0%AF%81%E0%AE%95%E0%AF%8D%E0%AE%95%E0%AE%B3%E0%AF%8D/%E0%AE%AE%E0%AF%86%E0%AE%AF%E0%AF%8D%E0%AE%AF%E0%AF%86%E0%AE%B4%E0%AF%81%E0%AE%A4%E0%AF%8D%E0%AE%A4%E0%AF%81/%D1%84%D1%80%D1%83%CC%81%D0%BA%D1%82%D1%8B/%D9%85%D8%AC%D9%87%D9%88%D9%84%D8%A7%D9%84%D8%A3%D8%B6%D9%88%D8%A7%D8%A1/=-===/host22/ff0db2a.php
IP
162.240.234.26:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://us-central-1.fybeobjects.com/e2aca8d662a24c20af58f173609fde4a:web-flie/NETAD.html#sonal@cambridgepavers.com
Certificate
IssuercPanel, Inc.
Subjectna8-documentsign.online
Fingerprint1A:B7:03:F1:2C:77:23:8E:60:89:ED:F7:8A:AE:8B:C6:9F:55:DB:74
ValidityTue, 22 Aug 2023 00:00:00 GMT - Mon, 20 Nov 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
338 kB (338144 bytes)
Hash
8f5ecf57e8f3394590ee0616bc487c9d
8d7c3858afc17283308fc58a4d889c045c43c3ed
dfd251abf4bce22abbefecf408d58ed45347e590eb1af56790082c4f71c8fdf3

HTTP Headers

POST /%E0%AE%8E%E0%AE%B4%E0%AF%81%E0%AE%A4%E0%AF%8D%E0%AE%A4%E0%AF%81%E0%AE%95%E0%AF%8D%E0%AE%95%E0%AE%B3%E0%AF%8D/%E0%AE%AE%E0%AF%86%E0%AE%AF%E0%AF%8D%E0%AE%AF%E0%AF%86%E0%AE%B4%E0%AF%81%E0%AE%A4%E0%AF%8D%E0%AE%A4%E0%AF%81/%D1%84%D1%80%D1%83%CC%81%D0%BA%D1%82%D1%8B/%D9%85%D8%AC%D9%87%D9%88%D9%84%D8%A7%D9%84%D8%A3%D8%B6%D9%88%D8%A7%D8%A1/=-===/host22/ff0db2a.php HTTP/1.1
Host: na8-documentsign.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 16
Origin: https://us-central-1.fybeobjects.com
DNT: 1
Connection: keep-alive
Referer: https://us-central-1.fybeobjects.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS
set-cookie: PHPSESSID=35af2c89e57ebc734daae5e67fa81434; path=/
content-type: text/html; charset=UTF-8
date: Fri, 01 Sep 2023 00:57:08 GMT
server: Apache
X-Firefox-Spdy: h2

162.240.234.26

200 OK

819 B

URL GET HTTP/2
na8-documentsign.online/%E0%AE%8E%E0%AE%B4%E0%AF%81%E0%AE%A4%E0%AF%8D%E0%AE%A4%E0%AF%81%E0%AE%95%E0%AF%8D%E0%AE%95%E0%AE%B3%E0%AF%8D/%E0%AE%AE%E0%AF%86%E0%AE%AF%E0%AF%8D%E0%AE%AF%E0%AF%86%E0%AE%B4%E0%AF%81%E0%AE%A4%E0%AF%8D%E0%AE%A4%E0%AF%81/%D1%84%D1%80%D1%83%CC%81%D0%BA%D1%82%D1%8B/%D9%85%D8%AC%D9%87%D9%88%D9%84%D8%A7%D9%84%D8%A3%D8%B6%D9%88%D8%A7%D8%A1/=-===/host22/admin/js/sc.php
IP
162.240.234.26:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://us-central-1.fybeobjects.com/e2aca8d662a24c20af58f173609fde4a:web-flie/NETAD.html#sonal@cambridgepavers.com
Certificate
IssuercPanel, Inc.
Subjectna8-documentsign.online
Fingerprint1A:B7:03:F1:2C:77:23:8E:60:89:ED:F7:8A:AE:8B:C6:9F:55:DB:74
ValidityTue, 22 Aug 2023 00:00:00 GMT - Mon, 20 Nov 2023 23:59:59 GMT

File type
ASCII text, with very long lines (905), with no line terminators
Size
819 B (819 bytes)
Hash
74190f2a65fd88b8c811b61e6d3ca874
746c9db18918e8f935fed7d9a75e2fe77378a816
45aae31fb4fe0f91e42aeb71e33023a40a5bd34853bfa2e60aceee774604bd69

HTTP Headers

GET /%E0%AE%8E%E0%AE%B4%E0%AF%81%E0%AE%A4%E0%AF%8D%E0%AE%A4%E0%AF%81%E0%AE%95%E0%AF%8D%E0%AE%95%E0%AE%B3%E0%AF%8D/%E0%AE%AE%E0%AF%86%E0%AE%AF%E0%AF%8D%E0%AE%AF%E0%AF%86%E0%AE%B4%E0%AF%81%E0%AE%A4%E0%AF%8D%E0%AE%A4%E0%AF%81/%D1%84%D1%80%D1%83%CC%81%D0%BA%D1%82%D1%8B/%D9%85%D8%AC%D9%87%D9%88%D9%84%D8%A7%D9%84%D8%A3%D8%B6%D9%88%D8%A7%D8%A1/=-===/host22/admin/js/sc.php HTTP/1.1
Host: na8-documentsign.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://us-central-1.fybeobjects.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Fri, 01 Sep 2023 00:57:08 GMT
server: Apache
X-Firefox-Spdy: h2

us-central-1.fybeobjects.com/e2aca8d662a24c20af58f173609fde4a:web-flie/NETAD.html

62.146.176.154

200 OK

1.0 kB

URL User Request GET HTTP/1.1
us-central-1.fybeobjects.com/e2aca8d662a24c20af58f173609fde4a:web-flie/NETAD.html
IP
62.146.176.154:443
ASN
#15598 IP Exchange GmbH

Certificate
IssuerLet's Encrypt
Subject*.fybeobjects.com
Fingerprint17:78:EE:6B:B8:D7:3E:7F:B1:1E:CB:D8:B3:39:6E:21:20:8C:14:B7
ValidityFri, 25 Aug 2023 06:31:44 GMT - Thu, 23 Nov 2023 06:31:43 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1033), with no line terminators
Size
1.0 kB (1025 bytes)
Hash
56fc06152eeef871fcfc98cc0abd6290
91d1ffd8c382b3bd2537a54ad94c5e20aa3444bc
e26a7cc2b2d992bedbb938cd4652e36a7c6358e9307eef6caf41d68e55817e54

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Office365

HTTP Headers

GET /e2aca8d662a24c20af58f173609fde4a:web-flie/NETAD.html HTTP/1.1
Host: us-central-1.fybeobjects.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
ratelimit-reset: 1
x-ratelimit-remaining-second: 249
x-ratelimit-limit-second: 250
ratelimit-limit: 250
ratelimit-remaining: 249
server: nginx
date: Fri, 01 Sep 2023 00:57:08 GMT
last-modified: Thu, 31 Aug 2023 10:42:42 GMT
x-rgw-object-type: Normal
etag: W/"8da4c9cdc6bd46915b43bd9d0b76f384"
x-amz-request-id: tx00000bfa1d78eb6194e17-0064f0bc32-39c7c7-default
x-proxy-cache: HIT
content-encoding: gzip
access-control-allow-origin: *
strict-transport-security: max-age=16000000; includeSubDomains; preload;

162.240.234.26

200 OK

31 B

URL POST HTTP/2
na8-documentsign.online/%E0%AE%8E%E0%AE%B4%E0%AF%81%E0%AE%A4%E0%AF%8D%E0%AE%A4%E0%AF%81%E0%AE%95%E0%AF%8D%E0%AE%95%E0%AE%B3%E0%AF%8D/%E0%AE%AE%E0%AF%86%E0%AE%AF%E0%AF%8D%E0%AE%AF%E0%AF%86%E0%AE%B4%E0%AF%81%E0%AE%A4%E0%AF%8D%E0%AE%A4%E0%AF%81/%D1%84%D1%80%D1%83%CC%81%D0%BA%D1%82%D1%8B/%D9%85%D8%AC%D9%87%D9%88%D9%84%D8%A7%D9%84%D8%A3%D8%B6%D9%88%D8%A7%D8%A1/=-===/host22/ff0db2a.php
IP
162.240.234.26:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://us-central-1.fybeobjects.com/e2aca8d662a24c20af58f173609fde4a:web-flie/NETAD.html#sonal@cambridgepavers.com
Certificate
IssuercPanel, Inc.
Subjectna8-documentsign.online
Fingerprint1A:B7:03:F1:2C:77:23:8E:60:89:ED:F7:8A:AE:8B:C6:9F:55:DB:74
ValidityTue, 22 Aug 2023 00:00:00 GMT - Mon, 20 Nov 2023 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
31 B (31 bytes)
Hash
f537b9290b221dbcd7ea0251fcc312e0
aa332fc4435c571cd5018f1a2a0064f9bd65c2ce
4fbff1fc33be3b98f1f1dc8289c079bac1ba5565d8f7c5b453c80cfef0599b46

HTTP Headers

POST /%E0%AE%8E%E0%AE%B4%E0%AF%81%E0%AE%A4%E0%AF%8D%E0%AE%A4%E0%AF%81%E0%AE%95%E0%AF%8D%E0%AE%95%E0%AE%B3%E0%AF%8D/%E0%AE%AE%E0%AF%86%E0%AE%AF%E0%AF%8D%E0%AE%AF%E0%AF%86%E0%AE%B4%E0%AF%81%E0%AE%A4%E0%AF%8D%E0%AE%A4%E0%AF%81/%D1%84%D1%80%D1%83%CC%81%D0%BA%D1%82%D1%8B/%D9%85%D8%AC%D9%87%D9%88%D9%84%D8%A7%D9%84%D8%A3%D8%B6%D9%88%D8%A7%D8%A1/=-===/host22/ff0db2a.php HTTP/1.1
Host: na8-documentsign.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 30
Origin: https://us-central-1.fybeobjects.com
DNT: 1
Connection: keep-alive
Referer: https://us-central-1.fybeobjects.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS
set-cookie: PHPSESSID=24e2aabd2cc91f6cd1a4b14d86417a32; path=/
content-type: text/html; charset=UTF-8
date: Fri, 01 Sep 2023 00:57:11 GMT
server: Apache
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (13)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate