Report - 2n8w.app.link/?~channel=Email&~feature=ConfirmationEmail--BenerailETicket&~campaign=WebToApp&~tags=locale=nl_NL&~tags=version=1&~tags=marketing_code=BSH3675e&$fallback_url=https://eastlandfamilypractice.com//vbz/bznz/0nOHFGWjs2TyCqDV5T97MdG2e5yItf/Y2FsdW1jQGRhcmxpZ2h0aW5nLmNvLnVr

Report Overview

Submitted URL
2n8w.app.link/?~channel=Email&~feature=ConfirmationEmail--BenerailETicket&~campaign=WebToApp&~tags=locale=nl_NL&~tags=version=1&~tags=marketing_code=BSH3675e&$fallback_url=https://eastlandfamilypractice.com//vbz/bznz/0nOHFGWjs2TyCqDV5T97MdG2e5yItf/Y2FsdW1jQGRhcmxpZ2h0aW5nLmNvLnVr
IP
54.230.111.23
ASN
#16509 AMAZON-02
Submitted
2024-05-01 21:31:29
Access
public
Website Title
Outlook Web App
Final URL
pub-fe0613c9cc024883935861934dec4fa2.r2.dev/OWA.html#calumc@darlighting.co.uk
Tags
microsoft phishing
urlquery detections
Phishing - Microsoft

Detections

urlquery
7
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
zerossl.ocsp.sectigo.com	4049	2018-08-16	2020-05-09	2024-05-01	336 B	1.2 kB	104.18.38.233
eastlandfamilypractice.com	unknown	unknown	No data	No data	1.2 kB	275 B	198.54.116.95
pub-fe0613c9cc024883935861934dec4fa2.r2.dev	unknown	unknown	No data	No data	2.2 kB	184 kB	104.18.2.35
2n8w.app.link	723357	2015-03-18	2019-05-03	2024-03-27	734 B	11 kB	54.230.111.23
wafsd.com	unknown	2023-09-07	2023-11-29	2024-04-17	927 B	0 B	0.0.0.0

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (7)

	URL	Size	First Seen	Last Seen
	pub-fe0613c9cc024883935861934dec4fa2.r2.dev/OWA.html#calumc@darlighting.co.uk	9.8 kB	2024-01-10	2024-05-08
Pretty URL pub-fe0613c9cc024883935861934dec4fa2.r2.dev/OWA.html#calumc@darlighting.co.uk IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-10 15:21:37 Last Seen2024-05-08 18:49:43 Times Seen140 Hash ddadde790bdcb4fdf8ac45b2761d6320 7f7c02d1b846ae10aa8aad943b92b3ea9d73fd0c d41b1c8358721b941d02ee59d0066e5c36428b788939e2356520dca2285209f9 Loading...

	pub-fe0613c9cc024883935861934dec4fa2.r2.dev/OWA.html#calumc@darlighting.co.uk	1.8 kB	2023-03-13	2024-05-08
Pretty URL pub-fe0613c9cc024883935861934dec4fa2.r2.dev/OWA.html#calumc@darlighting.co.uk IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-13 00:54:59 Last Seen2024-05-08 18:49:43 Times Seen141 Hash e33af8e551aa45a44f1d3809b56a9421 ba255881628717d0a9a70d0aca01a49a96949737 9ace3776c9530c3ef402fa06e9900a48706185a2c2e52aae0681697d12b5f305 Loading...

	pub-fe0613c9cc024883935861934dec4fa2.r2.dev/OWA.html#calumc@darlighting.co.uk	1.7 kB	2023-07-31	2024-05-08
Pretty URL pub-fe0613c9cc024883935861934dec4fa2.r2.dev/OWA.html#calumc@darlighting.co.uk IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-31 20:58:23 Last Seen2024-05-08 18:49:43 Times Seen141 Hash d1e4dc18c964dda593f45fd3b02227bf bee23b741b6539f95535bf3087f1fe308b9de30f 47355b56a6e391f0b8fc4656852d0e839b465f370689593cfc012aeafcdd4c83 Loading...

	pub-fe0613c9cc024883935861934dec4fa2.r2.dev/OWA.html#calumc@darlighting.co.uk	19 B	2023-03-07	2024-05-15
Pretty URL pub-fe0613c9cc024883935861934dec4fa2.r2.dev/OWA.html#calumc@darlighting.co.uk IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:54 Last Seen2024-05-15 19:55:37 Times Seen1752 Hash 24f6a9c606199b766addcdaf630a6f4a e25cfd579629e6e410927500f3e9a728261c0553 e74b3de0ef4501689fdd96e8ecf0f120e7761bb3d9bfe6544e38790c0d386bf0 Loading...

	pub-fe0613c9cc024883935861934dec4fa2.r2.dev/OWA.html#calumc@darlighting.co.uk	149 B	2023-03-07	2024-05-08
Pretty URL pub-fe0613c9cc024883935861934dec4fa2.r2.dev/OWA.html#calumc@darlighting.co.uk IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 22:25:02 Last Seen2024-05-08 18:49:43 Times Seen300 Hash 9af5f003a52b1f350cd548e287576095 5ff77876f6d59dab960fb78d27efa62c6322a279 6d7c4f49eb28d3abd588a54aa3f1e8de3ca793f4b3f3463578f7925faca1c866 Loading...

	pub-fe0613c9cc024883935861934dec4fa2.r2.dev/OWA.html#calumc@darlighting.co.uk	68 B	2023-03-07	2024-05-15
Pretty URL pub-fe0613c9cc024883935861934dec4fa2.r2.dev/OWA.html#calumc@darlighting.co.uk IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:58 Last Seen2024-05-15 19:46:26 Times Seen1059 Hash db8216e217de9a14420fa187142b00b5 50f9fdaa34b7caa061db879baa23a7d75f048e9e ebc3102ee92075887df69ec8c18ca2c24015e728566d302598a63c06697754ed Loading...

	pub-fe0613c9cc024883935861934dec4fa2.r2.dev/OWA.html#calumc@darlighting.co.uk	5.6 kB	2024-05-01	2024-05-03
Pretty URL pub-fe0613c9cc024883935861934dec4fa2.r2.dev/OWA.html#calumc@darlighting.co.uk IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-01 23:31:36 Last Seen2024-05-03 03:36:28 Times Seen27 Hash 230c80502b56a6909ea89e314911552c 8b54cc07d87d07467d84ef92de1266bd183e04b1 4507ec6d0996cf01597fbd32e57abdda73309fca238b064b6bf2f7c38a1b5136 Loading...

HTTP Transactions (9)

URL IP Response Size

zerossl.ocsp.sectigo.com/

104.18.38.233

728 B

URL
zerossl.ocsp.sectigo.com/
IP
104.18.38.233:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
728 B (728 bytes)
Hash
02eb3eb2a8b24b87ac86c77693e22cc4
c79b235be1de28432111e1707670a8927ad8339b
cf0b8c787562eb62459888971db3e7164475cbdf8c15b6f681dc1261ca0f7781

HTTP Headers

POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 01 May 2024 21:31:05 GMT
Content-Type: application/ocsp-response
Content-Length: 728
Connection: keep-alive
Last-Modified: Mon, 29 Apr 2024 14:20:25 GMT
Expires: Mon, 06 May 2024 14:20:24 GMT
Etag: "c79b235be1de28432111e1707670a8927ad8339b"
Cache-Control: max-age=405558,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 87d2e05b8abab511-OSL

eastlandfamilypractice.com//vbz/bznz/0nOHFGWjs2TyCqDV5T97MdG2e5yItf/Y2FsdW1jQGRhcmxpZ2h0aW5nLmNvLnVr?~channel=Email&~feature=ConfirmationEmail--BenerailETicket&~campaign=WebToApp&~tags=locale%3Dnl_NL&~tags=version%3D1&~tags=marketing_code%3DBSH3675e&_branch_match_id=1314330615503324041&utm_source=Email&utm_campaign=WebToApp&utm_medium=ConfirmationEmail--BenerailETicket&_branch_referrer=H4sIAAAAAAAAAz2P3U7DMAyFn6a7W7ullAFShfY%2FpDEEVKvgpnJTt82WuCHNBt3Tk4I0ybKt7xwfybW1un0IAkZ33z5o7UtBx%2BDRmyx5DUQo46UCIQcOlAj2ZDCeN1QKo8CKhv7E4XCGhMZty0TwI9rezUFpEBXFKeZJM9W6hxaqNpYNB4leuCCZ7bZXfEbTukTHx1emwLg4QVXGm6I%2Fmb1vwttJhAOP3ZQgZQ78mJ2MjOv%2BDy%2BcemzlCqG1EqgoQQnZaQPcCo4%2Bb9S%2Ffs4vrucX6seIXjardXpoWdLNvxb7KLmfPBdrhlH3ZEtn%2BGCrtkjHh9f1W83Vj%2F5k9QjSiLZqd97S3vwCLGTdpkQBAAA%3D

198.54.116.95

0 B

URL
eastlandfamilypractice.com//vbz/bznz/0nOHFGWjs2TyCqDV5T97MdG2e5yItf/Y2FsdW1jQGRhcmxpZ2h0aW5nLmNvLnVr?~channel=Email&~feature=ConfirmationEmail--BenerailETicket&~campaign=WebToApp&~tags=locale%3Dnl_NL&~tags=version%3D1&~tags=marketing_code%3DBSH3675e&_branch_match_id=1314330615503324041&utm_source=Email&utm_campaign=WebToApp&utm_medium=ConfirmationEmail--BenerailETicket&_branch_referrer=H4sIAAAAAAAAAz2P3U7DMAyFn6a7W7ullAFShfY%2FpDEEVKvgpnJTt82WuCHNBt3Tk4I0ybKt7xwfybW1un0IAkZ33z5o7UtBx%2BDRmyx5DUQo46UCIQcOlAj2ZDCeN1QKo8CKhv7E4XCGhMZty0TwI9rezUFpEBXFKeZJM9W6hxaqNpYNB4leuCCZ7bZXfEbTukTHx1emwLg4QVXGm6I%2Fmb1vwttJhAOP3ZQgZQ78mJ2MjOv%2BDy%2BcemzlCqG1EqgoQQnZaQPcCo4%2Bb9S%2Ffs4vrucX6seIXjardXpoWdLNvxb7KLmfPBdrhlH3ZEtn%2BGCrtkjHh9f1W83Vj%2F5k9QjSiLZqd97S3vwCLGTdpkQBAAA%3D
IP
198.54.116.95:0
ASN
#22612 NAMECHEAP-NET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET //vbz/bznz/0nOHFGWjs2TyCqDV5T97MdG2e5yItf/Y2FsdW1jQGRhcmxpZ2h0aW5nLmNvLnVr?~channel=Email&~feature=ConfirmationEmail--BenerailETicket&~campaign=WebToApp&~tags=locale%3Dnl_NL&~tags=version%3D1&~tags=marketing_code%3DBSH3675e&_branch_match_id=1314330615503324041&utm_source=Email&utm_campaign=WebToApp&utm_medium=ConfirmationEmail--BenerailETicket&_branch_referrer=H4sIAAAAAAAAAz2P3U7DMAyFn6a7W7ullAFShfY%2FpDEEVKvgpnJTt82WuCHNBt3Tk4I0ybKt7xwfybW1un0IAkZ33z5o7UtBx%2BDRmyx5DUQo46UCIQcOlAj2ZDCeN1QKo8CKhv7E4XCGhMZty0TwI9rezUFpEBXFKeZJM9W6hxaqNpYNB4leuCCZ7bZXfEbTukTHx1emwLg4QVXGm6I%2Fmb1vwttJhAOP3ZQgZQ78mJ2MjOv%2BDy%2BcemzlCqG1EqgoQQnZaQPcCo4%2Bb9S%2Ffs4vrucX6seIXjardXpoWdLNvxb7KLmfPBdrhlH3ZEtn%2BGCrtkjHh9f1W83Vj%2F5k9QjSiLZqd97S3vwCLGTdpkQBAAA%3D HTTP/1.1
Host: eastlandfamilypractice.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 01 May 2024 21:31:05 GMT
server: Apache
x-powered-by: PHP/8.0.30
refresh: 0;url=https://pub-fe0613c9cc024883935861934dec4fa2.r2.dev/OWA.html#calumc@darlighting.co.uk
content-length: 0
content-type: text/html; charset=UTF-8
X-Firefox-Spdy: h2

pub-fe0613c9cc024883935861934dec4fa2.r2.dev/OWA.html

104.18.2.35

64 kB

URL
pub-fe0613c9cc024883935861934dec4fa2.r2.dev/OWA.html
IP
104.18.2.35:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (7860), with CRLF line terminators
Size
64 kB (64245 bytes)
Hash
76acd2fe24799d741c845956bae93efa
b811817acaaf64c46670c39c7f620fb95609b416
4ae83af67ca9030b7f4bec0abfca86415216da165dc62459ec1a466143d5004b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /OWA.html HTTP/1.1
Host: pub-fe0613c9cc024883935861934dec4fa2.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 01 May 2024 21:31:06 GMT
Content-Type: text/html
Content-Length: 64245
Connection: keep-alive
Accept-Ranges: bytes
ETag: "76acd2fe24799d741c845956bae93efa"
Last-Modified: Wed, 01 May 2024 18:12:32 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87d2e05fec1e568d-OSL

pub-fe0613c9cc024883935861934dec4fa2.r2.dev/owa/auth/15.0.1497/themes/resources/segoeui-regular.ttf

104.18.2.35

404 Not Found

27 kB

URL GET HTTP/1.1
pub-fe0613c9cc024883935861934dec4fa2.r2.dev/owa/auth/15.0.1497/themes/resources/segoeui-regular.ttf
IP
104.18.2.35:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-fe0613c9cc024883935861934dec4fa2.r2.dev/OWA.html#calumc@darlighting.co.uk
Certificate
IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint48:74:F0:98:E0:A1:57:3E:86:18:BF:B3:DC:C9:7A:5B:53:50:FE:E0
ValidityFri, 05 Apr 2024 15:25:24 GMT - Thu, 04 Jul 2024 15:25:23 GMT

File type
HTML document, ASCII text, with very long lines (611)
Size
27 kB (27242 bytes)
Hash
df3d48946e8d3f5a83608308edbb4b86
47b9c40c97abf2658df96b1c06109324e15e1a00
570a6631252b8a52df4de0e953ae77dbdf524dfc3637cda2840494a0d2b49499

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/auth/15.0.1497/themes/resources/segoeui-regular.ttf HTTP/1.1
Host: pub-fe0613c9cc024883935861934dec4fa2.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-fe0613c9cc024883935861934dec4fa2.r2.dev/OWA.html
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Wed, 01 May 2024 21:31:06 GMT
Content-Type: text/html
Content-Length: 27242
Connection: keep-alive
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87d2e065e9f9568d-OSL

pub-fe0613c9cc024883935861934dec4fa2.r2.dev/owa/auth/15.0.1497/themes/resources/segoeui-semilight.ttf

104.18.2.35

404 Not Found

27 kB

URL GET HTTP/1.1
pub-fe0613c9cc024883935861934dec4fa2.r2.dev/owa/auth/15.0.1497/themes/resources/segoeui-semilight.ttf
IP
104.18.2.35:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-fe0613c9cc024883935861934dec4fa2.r2.dev/OWA.html#calumc@darlighting.co.uk
Certificate
IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint48:74:F0:98:E0:A1:57:3E:86:18:BF:B3:DC:C9:7A:5B:53:50:FE:E0
ValidityFri, 05 Apr 2024 15:25:24 GMT - Thu, 04 Jul 2024 15:25:23 GMT

File type
HTML document, ASCII text, with very long lines (611)
Size
27 kB (27242 bytes)
Hash
df3d48946e8d3f5a83608308edbb4b86
47b9c40c97abf2658df96b1c06109324e15e1a00
570a6631252b8a52df4de0e953ae77dbdf524dfc3637cda2840494a0d2b49499

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/auth/15.0.1497/themes/resources/segoeui-semilight.ttf HTTP/1.1
Host: pub-fe0613c9cc024883935861934dec4fa2.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-fe0613c9cc024883935861934dec4fa2.r2.dev/OWA.html
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Wed, 01 May 2024 21:31:06 GMT
Content-Type: text/html
Content-Length: 27242
Connection: keep-alive
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87d2e0661acf5687-OSL

2n8w.app.link/?~channel=Email&~feature=ConfirmationEmail--BenerailETicket&~campaign=WebToApp&~tags=locale=nl_NL&~tags=version=1&~tags=marketing_code=BSH3675e&$fallback_url=https://eastlandfamilypractice.com//vbz/bznz/0nOHFGWjs2TyCqDV5T97MdG2e5yItf/Y2FsdW1jQGRhcmxpZ2h0aW5nLmNvLnVr

54.230.111.23

9.2 kB

URL
2n8w.app.link/?~channel=Email&~feature=ConfirmationEmail--BenerailETicket&~campaign=WebToApp&~tags=locale=nl_NL&~tags=version=1&~tags=marketing_code=BSH3675e&$fallback_url=https://eastlandfamilypractice.com//vbz/bznz/0nOHFGWjs2TyCqDV5T97MdG2e5yItf/Y2FsdW1jQGRhcmxpZ2h0aW5nLmNvLnVr
IP
54.230.111.23:0
ASN
#16509 AMAZON-02

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3
Size
9.2 kB (9209 bytes)
Hash
b056cda94236789faa5cd4882b92de6f
8c80ea307434cb7c425f90cce99600392829564c
c111e0c1d16c5d2fc1cceb57e814fdeef372ea244728986e5762766c524490a8

HTTP Headers

GET /?~channel=Email&~feature=ConfirmationEmail--BenerailETicket&~campaign=WebToApp&~tags=locale=nl_NL&~tags=version=1&~tags=marketing_code=BSH3675e&$fallback_url=https://eastlandfamilypractice.com//vbz/bznz/0nOHFGWjs2TyCqDV5T97MdG2e5yItf/Y2FsdW1jQGRhcmxpZ2h0aW5nLmNvLnVr HTTP/1.1
Host: 2n8w.app.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 307 Temporary Redirect
location: https://eastlandfamilypractice.com//vbz/bznz/0nOHFGWjs2TyCqDV5T97MdG2e5yItf/Y2FsdW1jQGRhcmxpZ2h0aW5nLmNvLnVr?~channel=Email&~feature=ConfirmationEmail--BenerailETicket&~campaign=WebToApp&~tags=locale%3Dnl_NL&~tags=version%3D1&~tags=marketing_code%3DBSH3675e&_branch_match_id=1314330615503324041&utm_source=Email&utm_campaign=WebToApp&utm_medium=ConfirmationEmail--BenerailETicket&_branch_referrer=H4sIAAAAAAAAAz2P3U7DMAyFn6a7W7ullAFShfY%2FpDEEVKvgpnJTt82WuCHNBt3Tk4I0ybKt7xwfybW1un0IAkZ33z5o7UtBx%2BDRmyx5DUQo46UCIQcOlAj2ZDCeN1QKo8CKhv7E4XCGhMZty0TwI9rezUFpEBXFKeZJM9W6hxaqNpYNB4leuCCZ7bZXfEbTukTHx1emwLg4QVXGm6I%2Fmb1vwttJhAOP3ZQgZQ78mJ2MjOv%2BDy%2BcemzlCqG1EqgoQQnZaQPcCo4%2Bb9S%2Ffs4vrucX6seIXjardXpoWdLNvxb7KLmfPBdrhlH3ZEtn%2BGCrtkjHh9f1W83Vj%2F5k9QjSiLZqd97S3vwCLGTdpkQBAAA%3D
server: openresty
date: Wed, 01 May 2024 21:31:04 GMT
set-cookie: _s=Y0XKGD1%2BNLuwwRcAdcnba6bAygdn0ZS98TZBLB%2B5aTusA%2FH5IGAptgpGP7MivrYd; Max-Age=31536000; Domain=.app.link; Path=/; Expires=Thu, 01 May 2025 21:31:04 GMT; Secure
last-modified: Wed, 01 May 2024 21:31:04 GMT
content-security-policy: frame-ancestors 'self'
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Platform-Version,Sec-CH-UA-Model
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: sfVELTdp8vEVS5bFDXYTz23FOp4aSKN1raQMQ7TOnlwuMwAhp8yNfA==
X-Firefox-Spdy: h2

pub-fe0613c9cc024883935861934dec4fa2.r2.dev/OWA.html

104.18.2.35

200 OK

64 kB

URL User Request GET HTTP/1.1
pub-fe0613c9cc024883935861934dec4fa2.r2.dev/OWA.html
IP
104.18.2.35:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint48:74:F0:98:E0:A1:57:3E:86:18:BF:B3:DC:C9:7A:5B:53:50:FE:E0
ValidityFri, 05 Apr 2024 15:25:24 GMT - Thu, 04 Jul 2024 15:25:23 GMT

File type
HTML document, ASCII text, with very long lines (7860), with CRLF line terminators
Size
64 kB (64245 bytes)
Hash
76acd2fe24799d741c845956bae93efa
b811817acaaf64c46670c39c7f620fb95609b416
4ae83af67ca9030b7f4bec0abfca86415216da165dc62459ec1a466143d5004b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /OWA.html HTTP/1.1
Host: pub-fe0613c9cc024883935861934dec4fa2.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 01 May 2024 21:31:06 GMT
Content-Type: text/html
Content-Length: 64245
Connection: keep-alive
Accept-Ranges: bytes
ETag: "76acd2fe24799d741c845956bae93efa"
Last-Modified: Wed, 01 May 2024 18:12:32 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87d2e05fec1e568d-OSL

wafsd.com/app/owanew/media/download.gif

0.0.0.0

0 B

URL GET
wafsd.com/app/owanew/media/download.gif
IP
0.0.0.0:0
ASN
#0

Requested by
https://pub-fe0613c9cc024883935861934dec4fa2.r2.dev/OWA.html#calumc@darlighting.co.uk

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /app/owanew/media/download.gif HTTP/1.1
Host: wafsd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-fe0613c9cc024883935861934dec4fa2.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

wafsd.com/app/owanew/media/favicon.ico

0.0.0.0

0 B

URL GET
wafsd.com/app/owanew/media/favicon.ico
IP
0.0.0.0:0
ASN
#0

Requested by
https://pub-fe0613c9cc024883935861934dec4fa2.r2.dev/OWA.html#calumc@darlighting.co.uk

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /app/owanew/media/favicon.ico HTTP/1.1
Host: wafsd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-fe0613c9cc024883935861934dec4fa2.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (9)

URL

IP

ASN

File type