Report - orascomsa.com/

Report Overview

Visited public
2024-06-15 16:29:58
Tags
microsoft phishing
Submit Tags
URL
orascomsa.com/
Finishing URL
webmail.orascomsa.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.orascomsa.com%2fowa%2f
IP / ASN
37.99.162.141
#47794 Etihad Atheeb Telecom Company
Title
Outlook Web App
Phishing - Microsoft

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
webmail.orascomsa.com	unknown	2013-01-02	2017-06-13 09:42:33	2017-06-28 17:41:21	11 kB	37 kB	37.99.162.140
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-06-14 18:12:22	327 B	888 B	23.36.76.226
orascomsa.com	unknown	2013-01-02	2017-05-13 02:55:04	2021-01-29 23:46:39	468 B	383 B	37.99.162.141

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (2)

	URL	From	Size	First Seen	Last Seen
	webmail.orascomsa.com/owa/14.3.382.0/scripts/premium/flogon.js	ScriptElement	4.3 kB	2023-03-07	2025-06-16
Pretty URL webmail.orascomsa.com/owa/14.3.382.0/scripts/premium/flogon.js IP 37.99.162.140 ASN #47794 Etihad Atheeb Telecom Company Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:45 Last Seen2025-06-16 04:04 Times Seen83 Hash c5117acab776c21fdd2de21f15fa9d6f 9dc4578b5992446515abc5763cd0898f88bcd35e 215d250a6028db2afb14ba5028f23493f042cee6fdd59f59e4deb10fd63b1060 Loading...

	webmail.orascomsa.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.orascomsa.com%2fowa%2f	ScriptElement	0 B	0001-01-01	2025-07-17
Pretty URL webmail.orascomsa.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.orascomsa.com%2fowa%2f IP 37.99.162.140 ASN #47794 Etihad Atheeb Telecom Company Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-07-17 06:49 Times Seen5442758 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (21)

URL IP Response Size

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
5c35a3180482afadf4e89f4cc249fa7b
8a088c184606fe3e4e0da8cd90b6eb5e6d30fb97
146fe131cf8436e3de4832a23b351400b4819dbd9b9716302248d3ab447f000c

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "146FE131CF8436E3DE4832A23B351400B4819DBD9B9716302248D3AB447F000C"
Last-Modified: Sat, 15 Jun 2024 13:53:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12286
Expires: Sat, 15 Jun 2024 19:54:19 GMT
Date: Sat, 15 Jun 2024 16:29:33 GMT
Connection: keep-alive

orascomsa.com/

37.99.162.141

157 B

URL
orascomsa.com/
IP
37.99.162.141:0
ASN
#47794 Etihad Atheeb Telecom Company

File type
HTML document, ASCII text
Size
157 B (157 bytes)
Hash
f6a696a0a3527835f60cc71621f1e11f
8fb7cf50e354b67931282784e5b3a114475c9d69
4c92d6c355d8338ee2f4601738a45d7dc4f10000037e73a20188b21f1d2372d4

HTTP Headers

GET / HTTP/1.1
Host: orascomsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Location: https://webmail.orascomsa.com/owa/
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 15 Jun 2024 16:34:28 GMT
Content-Length: 157

webmail.orascomsa.com/owa/

37.99.162.140

0 B

URL
webmail.orascomsa.com/owa/
IP
37.99.162.140:0
ASN
#47794 Etihad Atheeb Telecom Company

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/ HTTP/1.1
Host: webmail.orascomsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: https://webmail.orascomsa.com/owa/auth/logon.aspx?url=https://webmail.orascomsa.com/owa/&reason=0
Set-Cookie: sessionid=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
cadata=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Date: Sat, 15 Jun 2024 16:34:29 GMT

webmail.orascomsa.com/owa/auth/logon.aspx?url=https://webmail.orascomsa.com/owa/&reason=0

37.99.162.140

984 B

URL
webmail.orascomsa.com/owa/auth/logon.aspx?url=https://webmail.orascomsa.com/owa/&reason=0
IP
37.99.162.140:0
ASN
#47794 Etihad Atheeb Telecom Company

File type
HTML document, ASCII text, with very long lines (365), with CRLF, LF line terminators
Size
984 B (984 bytes)
Hash
7a67616411ef0b199d2c3b6d09e1295e
f78edb1cece8ba7f3594f1eb66ecc87915e00fa6
be0e7eaf95ff0cf7cf1450532c281eaa94386005509332b43c9474420324c125

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/auth/logon.aspx?url=https://webmail.orascomsa.com/owa/&reason=0 HTTP/1.1
Host: webmail.orascomsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Set-Cookie: OutlookSession=e4b250f6a9064fa19f9e79f7524c90cc; path=/; secure; HttpOnly
X-OWA-Version: 14.3.382.0
X-Powered-By: ASP.NET
Date: Sat, 15 Jun 2024 16:34:29 GMT
Content-Length: 984

GET webmail.orascomsa.com/owa/14.3.382.0/themes/resources/logon.css

37.99.162.140

200 OK

1.0 kB

URL GET HTTP/1.1
webmail.orascomsa.com/owa/14.3.382.0/themes/resources/logon.css
IP
37.99.162.140:443
ASN
#47794 Etihad Atheeb Telecom Company

Requested by
https://webmail.orascomsa.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.orascomsa.com%2fowa%2f
Certificate
IssuerDigiCert Inc
Subjectorascomsa.com
Fingerprint75:6D:39:5E:5C:34:40:02:20:16:2E:42:F2:8C:0B:EC:C4:2D:63:8A
ValiditySat, 01 Jun 2024 00:00:00 GMT - Tue, 03 Jun 2025 23:59:59 GMT

File type
ASCII text, with very long lines (1008), with CRLF line terminators
Size
1.0 kB (1037 bytes)
Hash
2d0333f5bfc005f284ccf423fa9db871
3324e452de752ebd1401207548c6f8c3d84eca76
da50bcb5382766a7c25162bbfd523928ccecf337ed574af0b249a59b546cb834

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/14.3.382.0/themes/resources/logon.css HTTP/1.1
Host: webmail.orascomsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.orascomsa.com/owa/auth/logon.aspx?url=https://webmail.orascomsa.com/owa/&reason=0
Cookie: OutlookSession=e4b250f6a9064fa19f9e79f7524c90cc
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public,max-age=2592000
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Tue, 05 Feb 2013 20:00:46 GMT
Accept-Ranges: bytes
ETag: "06b647cdb3ce1:0"
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Date: Sat, 15 Jun 2024 16:34:29 GMT
Content-Length: 1037

GET webmail.orascomsa.com/owa/14.3.382.0/scripts/premium/flogon.js

37.99.162.140

200 OK

1.9 kB

URL GET HTTP/1.1
webmail.orascomsa.com/owa/14.3.382.0/scripts/premium/flogon.js
IP
37.99.162.140:443
ASN
#47794 Etihad Atheeb Telecom Company

Requested by
https://webmail.orascomsa.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.orascomsa.com%2fowa%2f
Certificate
IssuerDigiCert Inc
Subjectorascomsa.com
Fingerprint75:6D:39:5E:5C:34:40:02:20:16:2E:42:F2:8C:0B:EC:C4:2D:63:8A
ValiditySat, 01 Jun 2024 00:00:00 GMT - Tue, 03 Jun 2025 23:59:59 GMT

File type
ASCII text, with very long lines (4296), with no line terminators
Size
1.9 kB (1934 bytes)
Hash
c5117acab776c21fdd2de21f15fa9d6f
9dc4578b5992446515abc5763cd0898f88bcd35e
215d250a6028db2afb14ba5028f23493f042cee6fdd59f59e4deb10fd63b1060

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/14.3.382.0/scripts/premium/flogon.js HTTP/1.1
Host: webmail.orascomsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.orascomsa.com/owa/auth/logon.aspx?url=https://webmail.orascomsa.com/owa/&reason=0
Cookie: OutlookSession=e4b250f6a9064fa19f9e79f7524c90cc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public,max-age=2592000
Content-Type: application/x-javascript
Content-Encoding: gzip
Last-Modified: Wed, 26 Aug 2015 18:44:58 GMT
Accept-Ranges: bytes
ETag: "0b1914e2fe0d01:0"
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Date: Sat, 15 Jun 2024 16:34:29 GMT
Content-Length: 1934

GET webmail.orascomsa.com/owa/14.3.382.0/themes/resources/owafont.css

37.99.162.140

200 OK

1.8 kB

URL GET HTTP/1.1
webmail.orascomsa.com/owa/14.3.382.0/themes/resources/owafont.css
IP
37.99.162.140:443
ASN
#47794 Etihad Atheeb Telecom Company

Requested by
https://webmail.orascomsa.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.orascomsa.com%2fowa%2f
Certificate
IssuerDigiCert Inc
Subjectorascomsa.com
Fingerprint75:6D:39:5E:5C:34:40:02:20:16:2E:42:F2:8C:0B:EC:C4:2D:63:8A
ValiditySat, 01 Jun 2024 00:00:00 GMT - Tue, 03 Jun 2025 23:59:59 GMT

File type
ASCII text, with very long lines (1034), with CRLF line terminators
Size
1.8 kB (1773 bytes)
Hash
d0fc53724ee34d86cb3de756e7d55a7d
a0de8c5de11e42a11548d67fb40c4c6c5562a2cb
5a8a50bbfec3340a13879de71a5dbe889eca252ac9cfb523c6cea94f05b7b673

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/14.3.382.0/themes/resources/owafont.css HTTP/1.1
Host: webmail.orascomsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.orascomsa.com/owa/auth/logon.aspx?url=https://webmail.orascomsa.com/owa/&reason=0
Cookie: OutlookSession=e4b250f6a9064fa19f9e79f7524c90cc
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public,max-age=2592000
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Tue, 05 Feb 2013 20:00:46 GMT
Accept-Ranges: bytes
ETag: "06b647cdb3ce1:0"
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Date: Sat, 15 Jun 2024 16:34:31 GMT
Content-Length: 1773

GET webmail.orascomsa.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.orascomsa.com%2fowa%2f

37.99.162.140

200 OK

3.3 kB

URL User Request GET HTTP/1.1
webmail.orascomsa.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.orascomsa.com%2fowa%2f
IP
37.99.162.140:443
ASN
#47794 Etihad Atheeb Telecom Company

Certificate
IssuerDigiCert Inc
Subjectorascomsa.com
Fingerprint75:6D:39:5E:5C:34:40:02:20:16:2E:42:F2:8C:0B:EC:C4:2D:63:8A
ValiditySat, 01 Jun 2024 00:00:00 GMT - Tue, 03 Jun 2025 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (440), with CRLF, LF line terminators
Size
3.3 kB (3304 bytes)
Hash
23c2749ce9df16fdaf2732ee10329d10
041d4ea6f9446c027da86af3e213a63e8fbf78f9
74dfcd5ae776d0f66e4feefbd68c41cb49de8a99faad83866ca511c3ecdd02ba

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.orascomsa.com%2fowa%2f HTTP/1.1
Host: webmail.orascomsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.orascomsa.com/owa/auth/logon.aspx?url=https://webmail.orascomsa.com/owa/&reason=0
Cookie: OutlookSession=e4b250f6a9064fa19f9e79f7524c90cc
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
X-OWA-Version: 14.3.382.0
X-Powered-By: ASP.NET
Date: Sat, 15 Jun 2024 16:34:31 GMT
Content-Length: 3304

GET webmail.orascomsa.com/owa/14.3.382.0/themes/resources/owafont.css

37.99.162.140

200 OK

1.6 kB

URL GET HTTP/1.1
webmail.orascomsa.com/owa/14.3.382.0/themes/resources/owafont.css
IP
37.99.162.140:443
ASN
#47794 Etihad Atheeb Telecom Company

Requested by
https://webmail.orascomsa.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.orascomsa.com%2fowa%2f
Certificate
IssuerDigiCert Inc
Subjectorascomsa.com
Fingerprint75:6D:39:5E:5C:34:40:02:20:16:2E:42:F2:8C:0B:EC:C4:2D:63:8A
ValiditySat, 01 Jun 2024 00:00:00 GMT - Tue, 03 Jun 2025 23:59:59 GMT

File type
ASCII text, with very long lines (1034), with CRLF line terminators
Size
1.6 kB (1554 bytes)
Hash
d0fc53724ee34d86cb3de756e7d55a7d
a0de8c5de11e42a11548d67fb40c4c6c5562a2cb
5a8a50bbfec3340a13879de71a5dbe889eca252ac9cfb523c6cea94f05b7b673

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/14.3.382.0/themes/resources/owafont.css HTTP/1.1
Host: webmail.orascomsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.orascomsa.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.orascomsa.com%2fowa%2f
Cookie: OutlookSession=e4b250f6a9064fa19f9e79f7524c90cc
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public,max-age=2592000
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Tue, 05 Feb 2013 20:00:44 GMT
Accept-Ranges: bytes
ETag: "03e337bdb3ce1:0"
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Date: Sat, 15 Jun 2024 16:34:31 GMT
Content-Length: 1554

GET webmail.orascomsa.com/owa/14.3.382.0/themes/resources/logon.css

37.99.162.140

200 OK

890 B

URL GET HTTP/1.1
webmail.orascomsa.com/owa/14.3.382.0/themes/resources/logon.css
IP
37.99.162.140:443
ASN
#47794 Etihad Atheeb Telecom Company

Requested by
https://webmail.orascomsa.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.orascomsa.com%2fowa%2f
Certificate
IssuerDigiCert Inc
Subjectorascomsa.com
Fingerprint75:6D:39:5E:5C:34:40:02:20:16:2E:42:F2:8C:0B:EC:C4:2D:63:8A
ValiditySat, 01 Jun 2024 00:00:00 GMT - Tue, 03 Jun 2025 23:59:59 GMT

File type
ASCII text, with very long lines (1008), with CRLF line terminators
Size
890 B (890 bytes)
Hash
2d0333f5bfc005f284ccf423fa9db871
3324e452de752ebd1401207548c6f8c3d84eca76
da50bcb5382766a7c25162bbfd523928ccecf337ed574af0b249a59b546cb834

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/14.3.382.0/themes/resources/logon.css HTTP/1.1
Host: webmail.orascomsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.orascomsa.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.orascomsa.com%2fowa%2f
Cookie: OutlookSession=e4b250f6a9064fa19f9e79f7524c90cc
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public,max-age=2592000
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Tue, 05 Feb 2013 20:00:44 GMT
Accept-Ranges: bytes
ETag: "03e337bdb3ce1:0"
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Date: Sat, 15 Jun 2024 16:34:31 GMT
Content-Length: 890

GET webmail.orascomsa.com/owa/14.3.382.0/scripts/premium/flogon.js

37.99.162.140

200 OK

1.7 kB

URL GET HTTP/1.1
webmail.orascomsa.com/owa/14.3.382.0/scripts/premium/flogon.js
IP
37.99.162.140:443
ASN
#47794 Etihad Atheeb Telecom Company

Requested by
https://webmail.orascomsa.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.orascomsa.com%2fowa%2f
Certificate
IssuerDigiCert Inc
Subjectorascomsa.com
Fingerprint75:6D:39:5E:5C:34:40:02:20:16:2E:42:F2:8C:0B:EC:C4:2D:63:8A
ValiditySat, 01 Jun 2024 00:00:00 GMT - Tue, 03 Jun 2025 23:59:59 GMT

File type
ASCII text, with very long lines (4296), with no line terminators
Size
1.7 kB (1671 bytes)
Hash
c5117acab776c21fdd2de21f15fa9d6f
9dc4578b5992446515abc5763cd0898f88bcd35e
215d250a6028db2afb14ba5028f23493f042cee6fdd59f59e4deb10fd63b1060

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/14.3.382.0/scripts/premium/flogon.js HTTP/1.1
Host: webmail.orascomsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.orascomsa.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.orascomsa.com%2fowa%2f
Cookie: OutlookSession=e4b250f6a9064fa19f9e79f7524c90cc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public,max-age=2592000
Content-Type: application/x-javascript
Content-Encoding: gzip
Last-Modified: Wed, 26 Aug 2015 18:44:56 GMT
Accept-Ranges: bytes
ETag: "084604d2fe0d01:0"
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Date: Sat, 15 Jun 2024 16:34:31 GMT
Content-Length: 1671

GET webmail.orascomsa.com/owa/14.3.382.0/themes/resources/lgnbotr.gif

37.99.162.140

200 OK

2.4 kB

URL GET HTTP/1.1
webmail.orascomsa.com/owa/14.3.382.0/themes/resources/lgnbotr.gif
IP
37.99.162.140:443
ASN
#47794 Etihad Atheeb Telecom Company

Requested by
https://webmail.orascomsa.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.orascomsa.com%2fowa%2f
Certificate
IssuerDigiCert Inc
Subjectorascomsa.com
Fingerprint75:6D:39:5E:5C:34:40:02:20:16:2E:42:F2:8C:0B:EC:C4:2D:63:8A
ValiditySat, 01 Jun 2024 00:00:00 GMT - Tue, 03 Jun 2025 23:59:59 GMT

File type
GIF image data, version 89a, 45 x 54
Size
2.4 kB (2392 bytes)
Hash
43b7c46b32691aa778c5e49d139db8f5
e72b87c696eed81b71b853ce245a30377dce205e
97305ffb8ff74176df42bcd213e7cdfd7679630e19911a2db7b399c7960aec3e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/14.3.382.0/themes/resources/lgnbotr.gif HTTP/1.1
Host: webmail.orascomsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.orascomsa.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.orascomsa.com%2fowa%2f
Cookie: OutlookSession=e4b250f6a9064fa19f9e79f7524c90cc
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public,max-age=2592000
Content-Type: image/gif
Last-Modified: Tue, 05 Feb 2013 20:00:46 GMT
Accept-Ranges: bytes
ETag: "06b647cdb3ce1:0"
X-Powered-By: ASP.NET
Date: Sat, 15 Jun 2024 16:34:31 GMT
Content-Length: 2392

GET webmail.orascomsa.com/owa/14.3.382.0/themes/resources/lgntopr.gif

37.99.162.140

200 OK

581 B

URL GET HTTP/1.1
webmail.orascomsa.com/owa/14.3.382.0/themes/resources/lgntopr.gif
IP
37.99.162.140:443
ASN
#47794 Etihad Atheeb Telecom Company

Requested by
https://webmail.orascomsa.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.orascomsa.com%2fowa%2f
Certificate
IssuerDigiCert Inc
Subjectorascomsa.com
Fingerprint75:6D:39:5E:5C:34:40:02:20:16:2E:42:F2:8C:0B:EC:C4:2D:63:8A
ValiditySat, 01 Jun 2024 00:00:00 GMT - Tue, 03 Jun 2025 23:59:59 GMT

File type
GIF image data, version 89a, 45 x 115
Size
581 B (581 bytes)
Hash
031bed6f568fbddddf550a97400b273f
69342ba98b1a924ea4f984f5ef6b244ba0177cb3
f27d451896ac6a8b768361e3f07c2adf1ee7ae6bcb92ac6d0bda7fb5cf915301

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/14.3.382.0/themes/resources/lgntopr.gif HTTP/1.1
Host: webmail.orascomsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.orascomsa.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.orascomsa.com%2fowa%2f
Cookie: OutlookSession=e4b250f6a9064fa19f9e79f7524c90cc
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public,max-age=2592000
Content-Type: image/gif
Last-Modified: Tue, 05 Feb 2013 20:00:46 GMT
Accept-Ranges: bytes
ETag: "06b647cdb3ce1:0"
X-Powered-By: ASP.NET
Date: Sat, 15 Jun 2024 16:34:31 GMT
Content-Length: 581

GET webmail.orascomsa.com/owa/14.3.382.0/themes/resources/lgnexlogo.gif

37.99.162.140

200 OK

61 B

URL GET HTTP/1.1
webmail.orascomsa.com/owa/14.3.382.0/themes/resources/lgnexlogo.gif
IP
37.99.162.140:443
ASN
#47794 Etihad Atheeb Telecom Company

Requested by
https://webmail.orascomsa.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.orascomsa.com%2fowa%2f
Certificate
IssuerDigiCert Inc
Subjectorascomsa.com
Fingerprint75:6D:39:5E:5C:34:40:02:20:16:2E:42:F2:8C:0B:EC:C4:2D:63:8A
ValiditySat, 01 Jun 2024 00:00:00 GMT - Tue, 03 Jun 2025 23:59:59 GMT

File type
GIF image data, version 89a, 22 x 22
Size
61 B (61 bytes)
Hash
873c522598fb6da9f70d5dde7ccf6213
c09fdcf5e3933b8efdae4505825e786462cdad51
b125c5f621a199d89bc496740d7dac72f1a8462465a1b61e331727f5d369b2f4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/14.3.382.0/themes/resources/lgnexlogo.gif HTTP/1.1
Host: webmail.orascomsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.orascomsa.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.orascomsa.com%2fowa%2f
Cookie: OutlookSession=e4b250f6a9064fa19f9e79f7524c90cc
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public,max-age=2592000
Content-Type: image/gif
Last-Modified: Tue, 05 Feb 2013 20:00:46 GMT
Accept-Ranges: bytes
ETag: "06b647cdb3ce1:0"
X-Powered-By: ASP.NET
Date: Sat, 15 Jun 2024 16:34:31 GMT
Content-Length: 61

GET webmail.orascomsa.com/owa/14.3.382.0/themes/resources/lgntopl.gif

37.99.162.140

200 OK

4.5 kB

URL GET HTTP/1.1
webmail.orascomsa.com/owa/14.3.382.0/themes/resources/lgntopl.gif
IP
37.99.162.140:443
ASN
#47794 Etihad Atheeb Telecom Company

Requested by
https://webmail.orascomsa.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.orascomsa.com%2fowa%2f
Certificate
IssuerDigiCert Inc
Subjectorascomsa.com
Fingerprint75:6D:39:5E:5C:34:40:02:20:16:2E:42:F2:8C:0B:EC:C4:2D:63:8A
ValiditySat, 01 Jun 2024 00:00:00 GMT - Tue, 03 Jun 2025 23:59:59 GMT

File type
GIF image data, version 89a, 456 x 115
Size
4.5 kB (4455 bytes)
Hash
6ae33a65d15f6bb5113e066fca7fa73a
fa8477f0eaed3ade4a217e91133ba37242be0c19
b478b93f8f9a262321211d8ce812cdd6accdfb4ede6e0230ccf44e77ad161f97

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/14.3.382.0/themes/resources/lgntopl.gif HTTP/1.1
Host: webmail.orascomsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.orascomsa.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.orascomsa.com%2fowa%2f
Cookie: OutlookSession=e4b250f6a9064fa19f9e79f7524c90cc
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public,max-age=2592000
Content-Type: image/gif
Last-Modified: Tue, 05 Feb 2013 20:00:46 GMT
Accept-Ranges: bytes
ETag: "06b647cdb3ce1:0"
X-Powered-By: ASP.NET
Date: Sat, 15 Jun 2024 16:34:31 GMT
Content-Length: 4455

GET webmail.orascomsa.com/owa/14.3.382.0/themes/resources/lgntopm.gif

37.99.162.140

200 OK

58 B

URL GET HTTP/1.1
webmail.orascomsa.com/owa/14.3.382.0/themes/resources/lgntopm.gif
IP
37.99.162.140:443
ASN
#47794 Etihad Atheeb Telecom Company

Requested by
https://webmail.orascomsa.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.orascomsa.com%2fowa%2f
Certificate
IssuerDigiCert Inc
Subjectorascomsa.com
Fingerprint75:6D:39:5E:5C:34:40:02:20:16:2E:42:F2:8C:0B:EC:C4:2D:63:8A
ValiditySat, 01 Jun 2024 00:00:00 GMT - Tue, 03 Jun 2025 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 115
Size
58 B (58 bytes)
Hash
0615717b3645a8573f07347cdb74d69f
b707c5a9ede57d3232138ed7ccdb0b4ee9e56043
9d894a6800fd18d20423c66066097b9653be9eb3796f6a0e216dca220c45d6d6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/14.3.382.0/themes/resources/lgntopm.gif HTTP/1.1
Host: webmail.orascomsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.orascomsa.com/owa/14.3.382.0/themes/resources/logon.css
Cookie: OutlookSession=e4b250f6a9064fa19f9e79f7524c90cc
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public,max-age=2592000
Content-Type: image/gif
Last-Modified: Tue, 05 Feb 2013 20:00:46 GMT
Accept-Ranges: bytes
ETag: "06b647cdb3ce1:0"
X-Powered-By: ASP.NET
Date: Sat, 15 Jun 2024 16:34:31 GMT
Content-Length: 58

GET webmail.orascomsa.com/owa/14.3.382.0/themes/resources/lgnbotm.gif

37.99.162.140

200 OK

276 B

URL GET HTTP/1.1
webmail.orascomsa.com/owa/14.3.382.0/themes/resources/lgnbotm.gif
IP
37.99.162.140:443
ASN
#47794 Etihad Atheeb Telecom Company

Requested by
https://webmail.orascomsa.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.orascomsa.com%2fowa%2f
Certificate
IssuerDigiCert Inc
Subjectorascomsa.com
Fingerprint75:6D:39:5E:5C:34:40:02:20:16:2E:42:F2:8C:0B:EC:C4:2D:63:8A
ValiditySat, 01 Jun 2024 00:00:00 GMT - Tue, 03 Jun 2025 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 54
Size
276 B (276 bytes)
Hash
704330b6d293ce2d32780739218696b9
6ebd408ff617f5317595121191a92bd9ba69a01f
6097839fd066f359bbe21fb228714cd33385a6995a060eaa504ee190e3c1178a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/14.3.382.0/themes/resources/lgnbotm.gif HTTP/1.1
Host: webmail.orascomsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.orascomsa.com/owa/14.3.382.0/themes/resources/logon.css
Cookie: OutlookSession=e4b250f6a9064fa19f9e79f7524c90cc
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public,max-age=2592000
Content-Type: image/gif
Last-Modified: Tue, 05 Feb 2013 20:00:46 GMT
Accept-Ranges: bytes
ETag: "06b647cdb3ce1:0"
X-Powered-By: ASP.NET
Date: Sat, 15 Jun 2024 16:34:31 GMT
Content-Length: 276

GET webmail.orascomsa.com/owa/14.3.382.0/themes/resources/lgnleft.gif

37.99.162.140

200 OK

290 B

URL GET HTTP/1.1
webmail.orascomsa.com/owa/14.3.382.0/themes/resources/lgnleft.gif
IP
37.99.162.140:443
ASN
#47794 Etihad Atheeb Telecom Company

Requested by
https://webmail.orascomsa.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.orascomsa.com%2fowa%2f
Certificate
IssuerDigiCert Inc
Subjectorascomsa.com
Fingerprint75:6D:39:5E:5C:34:40:02:20:16:2E:42:F2:8C:0B:EC:C4:2D:63:8A
ValiditySat, 01 Jun 2024 00:00:00 GMT - Tue, 03 Jun 2025 23:59:59 GMT

File type
GIF image data, version 89a, 15 x 200
Size
290 B (290 bytes)
Hash
baf34665612f4d59f7cfc06ea82da21d
2c8cf5f76499e66d609ddaac026720ef28078421
96a4b86c4a5ff1f1aa67c52287be64ebd51598d32cbd1249351e462cae549185

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/14.3.382.0/themes/resources/lgnleft.gif HTTP/1.1
Host: webmail.orascomsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.orascomsa.com/owa/14.3.382.0/themes/resources/logon.css
Cookie: OutlookSession=e4b250f6a9064fa19f9e79f7524c90cc
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public,max-age=2592000
Content-Type: image/gif
Last-Modified: Tue, 05 Feb 2013 20:00:46 GMT
Accept-Ranges: bytes
ETag: "06b647cdb3ce1:0"
X-Powered-By: ASP.NET
Date: Sat, 15 Jun 2024 16:34:31 GMT
Content-Length: 290

GET webmail.orascomsa.com/owa/14.3.382.0/themes/resources/lgnbotl.gif

37.99.162.140

200 OK

9.3 kB

URL GET HTTP/1.1
webmail.orascomsa.com/owa/14.3.382.0/themes/resources/lgnbotl.gif
IP
37.99.162.140:443
ASN
#47794 Etihad Atheeb Telecom Company

Requested by
https://webmail.orascomsa.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.orascomsa.com%2fowa%2f
Certificate
IssuerDigiCert Inc
Subjectorascomsa.com
Fingerprint75:6D:39:5E:5C:34:40:02:20:16:2E:42:F2:8C:0B:EC:C4:2D:63:8A
ValiditySat, 01 Jun 2024 00:00:00 GMT - Tue, 03 Jun 2025 23:59:59 GMT

File type
GIF image data, version 89a, 456 x 54
Size
9.3 kB (9311 bytes)
Hash
e0a2c263c6745f251720fe0876d140c4
51b2196c6b10b8c6443e4f91b4c6281134755f33
0e2cda541bf24815df2facd5729d44b70ef4e4bdd160169295944aefc9e51b0b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/14.3.382.0/themes/resources/lgnbotl.gif HTTP/1.1
Host: webmail.orascomsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.orascomsa.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.orascomsa.com%2fowa%2f
Cookie: OutlookSession=e4b250f6a9064fa19f9e79f7524c90cc
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public,max-age=2592000
Content-Type: image/gif
Last-Modified: Tue, 05 Feb 2013 20:00:46 GMT
Accept-Ranges: bytes
ETag: "06b647cdb3ce1:0"
X-Powered-By: ASP.NET
Date: Sat, 15 Jun 2024 16:34:31 GMT
Content-Length: 9311

GET webmail.orascomsa.com/owa/14.3.382.0/themes/resources/lgnright.gif

37.99.162.140

200 OK

306 B

URL GET HTTP/1.1
webmail.orascomsa.com/owa/14.3.382.0/themes/resources/lgnright.gif
IP
37.99.162.140:443
ASN
#47794 Etihad Atheeb Telecom Company

Requested by
https://webmail.orascomsa.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.orascomsa.com%2fowa%2f
Certificate
IssuerDigiCert Inc
Subjectorascomsa.com
Fingerprint75:6D:39:5E:5C:34:40:02:20:16:2E:42:F2:8C:0B:EC:C4:2D:63:8A
ValiditySat, 01 Jun 2024 00:00:00 GMT - Tue, 03 Jun 2025 23:59:59 GMT

File type
GIF image data, version 89a, 15 x 200
Size
306 B (306 bytes)
Hash
391603f1faee60db855bd11650dbbf72
9728452459447efcc7c453c2150139839fa174bc
a9626d4f60b20f2da50f763f20d891a70625dde0dba68116896026c400b8b775

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/14.3.382.0/themes/resources/lgnright.gif HTTP/1.1
Host: webmail.orascomsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.orascomsa.com/owa/14.3.382.0/themes/resources/logon.css
Cookie: OutlookSession=e4b250f6a9064fa19f9e79f7524c90cc
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public,max-age=2592000
Content-Type: image/gif
Last-Modified: Tue, 05 Feb 2013 20:00:46 GMT
Accept-Ranges: bytes
ETag: "06b647cdb3ce1:0"
X-Powered-By: ASP.NET
Date: Sat, 15 Jun 2024 16:34:31 GMT
Content-Length: 306

GET webmail.orascomsa.com/owa/14.3.382.0/themes/resources/favicon.ico

37.99.162.140

200 OK

1.2 kB

URL GET HTTP/1.1
webmail.orascomsa.com/owa/14.3.382.0/themes/resources/favicon.ico
IP
37.99.162.140:443
ASN
#47794 Etihad Atheeb Telecom Company

Requested by
https://webmail.orascomsa.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.orascomsa.com%2fowa%2f
Certificate
IssuerDigiCert Inc
Subjectorascomsa.com
Fingerprint75:6D:39:5E:5C:34:40:02:20:16:2E:42:F2:8C:0B:EC:C4:2D:63:8A
ValiditySat, 01 Jun 2024 00:00:00 GMT - Tue, 03 Jun 2025 23:59:59 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
af0e7a63be394e3d5b0691ff91f4f3ea
dec8da70db061c6ae95d5ccb0a59fdf7c06f0245
164ae0034b553725938a2493e7fc42c87c19d2b1af730f5b00dec91f75957e0a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/14.3.382.0/themes/resources/favicon.ico HTTP/1.1
Host: webmail.orascomsa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.orascomsa.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.orascomsa.com%2fowa%2f
Cookie: OutlookSession=e4b250f6a9064fa19f9e79f7524c90cc
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public,max-age=2592000
Content-Type: image/x-icon
Last-Modified: Tue, 05 Feb 2013 20:00:46 GMT
Accept-Ranges: bytes
ETag: "06b647cdb3ce1:0"
X-Powered-By: ASP.NET
Date: Sat, 15 Jun 2024 16:34:32 GMT
Content-Length: 1150

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (21)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP