Report - themetastick.com/a/EWhTp/ZWNhaXJvQHRhc21hbi1nZW8uY29t

Report Overview

Visitedpublic

2023-11-13 17:22:51

Tags

phishing microsoft outlook

Submit Tags

URL

themetastick.com/a/EWhTp/ZWNhaXJvQHRhc21hbi1nZW8uY29t

Finishing URL

exampleloggedin.life/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1lY2Fpcm8lNDB0YXNtYW4tZ2VvLmNvbSZjbGllbnQtcmVxdWVzdC1pZD00ZmQ0YjFjOS03NzE5LTIxZDMtMmU2MS1hZTQ0YTNkYWEzNjAmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4MzU0OTI5NTc3NjA2NzExLmU0M2JmZmY1LTY5ZGQtNGE2Yi1iZmQ4LTA0N2UzNDM5NTkwOCZzdGF0ZT1EY3RCRHNJZ0VFQlIwTE9ZdUptV09nTURDLU5SekZDZ2tsaEl0SW5YbDhYN3U2LVZVdWZoTkdnem90aWhSMHZoRml5ek00NlhaY3FFc1pSaXdZV1VnTVJGaUNWNU1NUVpDWU1OeHV2eFh1Zi1rX254N2x0dHoxZHR4ejJ2VWpfOVF1YVE3eTROdHR5bnRlOV8=

IP / ASN

69.49.245.172

#46606 UNIFIEDLAYER-AS-1

Title

01hl9qw3tw

Phishing - Microsoft Outlook

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
outlook.office365.com	51	2005-06-20	2013-04-11 01:09:24	2021-03-15 09:11:50	535 B	4.5 kB	132.245.230.0
themetastick.com	unknown	2022-01-15	2023-08-22 05:26:46	2023-11-13 16:41:36	509 B	281 B	69.49.245.172
81eabdc3.95a348cd620843b96e9b046e.workers.dev	unknown	unknown	No data	No data	768 B	874 B	104.21.56.227
exampleloggedin.life	unknown	2023-07-25	2023-07-25 15:02:49	2023-11-11 11:01:15	26 kB	1.1 MB	5.230.54.42
r4.res.office365.com	180	2005-06-20	2017-03-03 13:49:03	2023-11-13 11:21:39	4.5 kB	862 kB	23.36.79.43
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20 07:02:03	2023-11-13 05:10:12	628 B	5.6 kB	104.17.2.184
aadcdn.msftauthimages.net	4622	2018-11-12	2019-08-14 20:22:23	2023-11-13 13:25:48	1.1 kB	299 kB	13.107.246.53

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-11-13 17:22:37	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .life TLD
2023-11-13 17:22:37	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .life TLD
2023-11-13 17:22:37	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .life TLD
2023-11-13 17:22:37	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .life TLD
2023-11-13 17:22:37	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .life TLD
2023-11-13 17:22:38	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .life TLD
2023-11-13 17:22:38	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .life TLD
2023-11-13 17:22:38	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .life TLD
2023-11-13 17:22:39	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .life TLD
2023-11-13 17:22:39	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .life TLD
2023-11-13 17:22:39	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .life TLD
2023-11-13 17:22:40	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .life TLD
2023-11-13 17:22:40	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .life TLD
2023-11-13 17:22:40	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .life TLD

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (168)

	HASH	FROM	Size	First Seen	Last Seen
	a27c88365ce7cd8f68390c4c024e29e1	DocumentWrite	3.6 kB	2023-11-07	2024-08-20
Introduced by DocumentWrite First Seen 2023-11-07 Last Seen 2024-08-20 Times Seen 72071 Size 3.6 kB (3574 bytes) MD5 a27c88365ce7cd8f68390c4c024e29e1 SHA1 1d15a8d192608f93096ef8d9aa623c360dbb7351 SHA256 0ca2b3df8f04565300bafcd6c929a1d310d2a761ff9f8dda200f3f6cffab50ce Format Code Loading...

HTTP Transactions (28)

	URL	IP	Response	Size