Report - go.onelink.me/107872968?pid=InProduct&c=Global_Internal_YGrowth_AndroidEmailSig__AndroidUsers&af_wl=ym&af_sub1=Internal&af_sub2=Global_YGrowth&af_sub3=EmailSignature&af_web_dp=//236986Tu8vxZrw732613.bonma.ch/.1ow./192262kNiSda2T675928/Ym9yaXMuYmF1ckBhc3RyYXplbmVjYS5jb20=

Report Overview

Visited public
2024-02-15 19:42:57
Tags
microsoft phishing suspicious
URL
go.onelink.me/107872968?pid=InProduct&c=Global_Internal_YGrowth_AndroidEmailSig__AndroidUsers&af_wl=ym&af_sub1=Internal&af_sub2=Global_YGrowth&af_sub3=EmailSignature&af_web_dp=//236986Tu8vxZrw732613.bonma.ch/.1ow./192262kNiSda2T675928/Ym9yaXMuYmF1ckBhc3RyYXplbmVjYS5jb20=
Finishing URL
login.bonma.ch/.owa./#boris.baur@astrazeneca.com
IP / ASN
143.204.55.84
#16509 AMAZON-02
Title
Outlook Web App
Phishing - Microsoft
Suspicious - Suspicious Javascript code
Suspicious - Anti-debugging code

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
go.onelink.me	29445	2014-11-26	2014-12-11 06:24:55	2024-02-15 10:27:20	725 B	794 B	143.204.55.84
ajax.googleapis.com	12905	2005-01-25	2013-08-16 11:51:31	2024-02-15 12:55:40	429 B	32 kB	142.250.74.74
webmail.addaxpetroleum.com	unknown	2004-02-11	2022-05-05 12:30:16	2024-02-15 11:10:16	1.6 kB	58 kB	52.136.245.70
api.ipify.org	3267	2014-01-05	2014-10-06 14:38:43	2024-02-15 08:35:06	470 B	267 B	104.26.12.205
login.bonma.ch	unknown	unknown	2024-02-15 04:16:43	2024-02-15 13:05:19	476 B	27 kB	104.21.70.189

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-02-15	medium	login.bonma.ch/.owa./	Outlook

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	login.bonma.ch/.owa./#boris.baur@astrazeneca.com	ScriptElement	124 B	2023-03-14	2024-12-10
Pretty URL login.bonma.ch/.owa./#boris.baur@astrazeneca.com IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-14 16:10 Last Seen2024-12-10 01:27 Times Seen115 Hash def39b703494203f6cb7c26678f0d8a4 00c7f001024d1f99a7ae7b16b034131cd903b608 ebb59e0d802be12605a7440b403ce35e74d2d1d85070916c3f32d5572dba537b Loading...

	login.bonma.ch/.owa./#boris.baur@astrazeneca.com	ScriptElement	1.9 kB	2024-02-15	2024-08-20
Pretty URL login.bonma.ch/.owa./#boris.baur@astrazeneca.com IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-02-15 04:17 Last Seen2024-08-20 09:37 Times Seen91 Hash c42f6ab707d2350027d256272c7ae425 d952d52049e3d45a6142dde623cb1a074bfc00d1 e8cfa79146295637d24bc7df3f1487cbefb44c672974f87f4dd2e98cfe7eb7b3 Loading...

	login.bonma.ch/.owa./#boris.baur@astrazeneca.com	ScriptElement	2.4 kB	2024-02-15	2024-08-20
Pretty URL login.bonma.ch/.owa./#boris.baur@astrazeneca.com IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-02-15 04:17 Last Seen2024-08-20 09:37 Times Seen94 Hash b3bac1c89d47fb44c4308e03e6d73a38 638e72c6c35791ba7a6f98e28736e34366955e8a 342e70ba8b2464269119e071acc20bb860c9e53cb12fd24a4652ea55619d2b1f Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js	ScriptElement	88 kB	2023-03-07	2025-06-13
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js IP 142.250.74.74 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-13 19:53 Times Seen69834 Hash 220afd743d9e9643852e31a135a9f3ae 88523924351bac0b5d560fe0c5781e2556e7693d 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Loading...

HTTP Transactions (7)

URL IP Response Size

go.onelink.me/107872968?pid=InProduct&c=Global_Internal_YGrowth_AndroidEmailSig__AndroidUsers&af_wl=ym&af_sub1=Internal&af_sub2=Global_YGrowth&af_sub3=EmailSignature&af_web_dp=//236986Tu8vxZrw732613.bonma.ch/.1ow./192262kNiSda2T675928/Ym9yaXMuYmF1ckBhc3RyYXplbmVjYS5jb20=

143.204.55.84

0 B

URL
go.onelink.me/107872968?pid=InProduct&c=Global_Internal_YGrowth_AndroidEmailSig__AndroidUsers&af_wl=ym&af_sub1=Internal&af_sub2=Global_YGrowth&af_sub3=EmailSignature&af_web_dp=//236986Tu8vxZrw732613.bonma.ch/.1ow./192262kNiSda2T675928/Ym9yaXMuYmF1ckBhc3RyYXplbmVjYS5jb20=
IP
143.204.55.84:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /107872968?pid=InProduct&c=Global_Internal_YGrowth_AndroidEmailSig__AndroidUsers&af_wl=ym&af_sub1=Internal&af_sub2=Global_YGrowth&af_sub3=EmailSignature&af_web_dp=//236986Tu8vxZrw732613.bonma.ch/.1ow./192262kNiSda2T675928/Ym9yaXMuYmF1ckBhc3RyYXplbmVjYS5jb20= HTTP/1.1
Host: go.onelink.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
content-type: application/octet-stream
content-length: 0
date: Thu, 15 Feb 2024 19:42:31 GMT
location: //236986Tu8vxZrw732613.bonma.ch/.1ow./192262kNiSda2T675928/Ym9yaXMuYmF1ckBhc3RyYXplbmVjYS5jb20=?pid=InProduct&c=Global_Internal_YGrowth_AndroidEmailSig__AndroidUsers&af_wl=ym&af_sub1=Internal&af_sub2=Global_YGrowth&af_sub3=EmailSignature
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
cache-control: no-cache, no-store
server: http-kit
x-cache: Miss from cloudfront
via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: LWUi82MDzRPbOBPhkGkvmr-Ov3r8Eag7m3oYgz8cVAbMOueuynlFRw==
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js

142.250.74.74

200 OK

31 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://login.bonma.ch/.owa./#boris.baur@astrazeneca.com
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint6F:81:CD:1A:A2:80:8C:76:2C:D8:63:D0:74:1B:DD:35:C8:79:84:20
ValidityTue, 09 Jan 2024 06:30:50 GMT - Tue, 02 Apr 2024 06:30:49 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
31 kB (30774 bytes)
Hash
220afd743d9e9643852e31a135a9f3ae
88523924351bac0b5d560fe0c5781e2556e7693d
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

HTTP Headers

GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.bonma.ch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30774
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 15 Feb 2024 03:46:35 GMT
expires: Fri, 14 Feb 2025 03:46:35 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Mon, 13 May 2019 14:37:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 57357
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

webmail.addaxpetroleum.com/owa/auth/15.0.1497/themes/resources/favicon.ico

52.136.245.70

200 OK

7.9 kB

URL GET HTTP/1.1
webmail.addaxpetroleum.com/owa/auth/15.0.1497/themes/resources/favicon.ico
IP
52.136.245.70:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://login.bonma.ch/.owa./#boris.baur@astrazeneca.com
Certificate
IssuerDigiCert Inc
Subjectsmtp.addaxpetroleum.com
Fingerprint63:F4:03:E9:26:C2:9F:F0:C4:7B:F2:A3:D4:26:75:B1:F8:B2:F1:89
ValidityWed, 31 May 2023 00:00:00 GMT - Sun, 30 Jun 2024 23:59:59 GMT

File type
MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
Size
7.9 kB (7886 bytes)
Hash
759fade9033aa298629e4b000dcd6dde
34a1adf5c7326d7bde5b5735471b5d81e611c189
cf0808a61ec571e0c4975663903b288009d55502ac0445d9948983b339a5cf6e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/auth/15.0.1497/themes/resources/favicon.ico HTTP/1.1
Host: webmail.addaxpetroleum.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.bonma.ch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public,max-age=2592000
Content-Type: image/x-icon
Last-Modified: Wed, 29 May 2019 00:02:58 GMT
Accept-Ranges: bytes
ETag: "0e579dfb115d51:0"
Server: Microsoft-IIS/10.0
request-id: 5e5b1e77-b004-4510-a11d-1daf23eac7e4
Set-Cookie: ClientId=FSVBUDDBEEUTAEXYFE0G; expires=Fri, 14-Feb-2025 19:42:33 GMT; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Thu, 15 Feb 2024 19:42:33 GMT
Content-Length: 7886

api.ipify.org/?format=json

104.26.12.205

200 OK

21 B

URL GET HTTP/2
api.ipify.org/?format=json
IP
104.26.12.205:443
ASN
#13335 CLOUDFLARENET

Requested by
https://login.bonma.ch/.owa./#boris.baur@astrazeneca.com
Certificate
IssuerGoogle Trust Services LLC
Subjectipify.org
Fingerprint28:D1:02:BC:05:04:D3:30:95:89:DB:04:0B:15:C8:7C:73:5D:A4:C2
ValidityMon, 22 Jan 2024 16:43:15 GMT - Sun, 21 Apr 2024 16:43:14 GMT

File type
JSON text data
Size
21 B (21 bytes)
Hash
7d69c71af0f191e9a72db6153f8018d1
f67c5f2887bc05654b47f76e9621e53a4091aed1
5bac6e06cf0e1ad38c55f9f9d12122272bf4b8157877629fe68cd33fe2133c65

HTTP Headers

GET /?format=json HTTP/1.1
Host: api.ipify.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://login.bonma.ch
DNT: 1
Connection: keep-alive
Referer: https://login.bonma.ch/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 15 Feb 2024 19:42:33 GMT
content-type: application/json
content-length: 21
access-control-allow-origin: *
vary: Origin
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 856008e2ee965689-OSL
X-Firefox-Spdy: h2

104.21.70.189

200 OK

27 kB

URL User Request GET HTTP/3
login.bonma.ch/.owa./
IP
104.21.70.189:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectbonma.ch
Fingerprint6F:9E:5F:7C:DF:2B:F7:08:6C:98:DD:5B:92:6A:9D:55:B7:77:A4:94
ValidityThu, 25 Jan 2024 13:27:44 GMT - Wed, 24 Apr 2024 13:27:43 GMT

File type
HTML document, ASCII text, with very long lines (7882)
Size
27 kB (26763 bytes)
Hash
ce4a608db93e927713d85db2b4bb56f9
c65a61b635adc6aa2ee74bef5bf130037c51c130
bc9a2f53be874cdae28461bcbe7f837caa3b3a0f2235ecf6d3c3837c4067d5fd

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
OpenPhish	phishing	Outlook

HTTP Headers

GET /.owa./ HTTP/1.1
Host: login.bonma.ch
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 15 Feb 2024 19:42:32 GMT
content-type: text/html
last-modified: Thu, 15 Feb 2024 01:01:15 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aUZ%2FVIjyxlPgYBEH6mZ3nPII5jWKOFWGPEo38GKdSGcF1caMFXZm1rLOvE3RrcZyl2SBmUURFFsdRfQ6tQTDlYKUjJuesqpwEWiXU%2FkEClDAe60zPXeK%2FBwZ%2FRTcCwZicA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 856008de5d785696-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

webmail.addaxpetroleum.com/owa/auth/15.0.1497/themes/resources/segoeui-regular.ttf

52.136.245.70

200 OK

32 kB

URL GET HTTP/1.1
webmail.addaxpetroleum.com/owa/auth/15.0.1497/themes/resources/segoeui-regular.ttf
IP
52.136.245.70:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://login.bonma.ch/.owa./#boris.baur@astrazeneca.com
Certificate
IssuerDigiCert Inc
Subjectsmtp.addaxpetroleum.com
Fingerprint63:F4:03:E9:26:C2:9F:F0:C4:7B:F2:A3:D4:26:75:B1:F8:B2:F1:89
ValidityWed, 31 May 2023 00:00:00 GMT - Sun, 30 Jun 2024 23:59:59 GMT

File type
TrueType Font data, 18 tables, 1st "LTSH"
Size
32 kB (32316 bytes)
Hash
b283fdb962cdc003c673a493e6634687
25ebef9370af3c57e32097409bdfc85a5e2900a9
aa6eb9f410a38bf2fda68b5da4837cdd9ee6e2869c3009425511c83c746a8a02

HTTP Headers

GET /owa/auth/15.0.1497/themes/resources/segoeui-regular.ttf HTTP/1.1
Host: webmail.addaxpetroleum.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://login.bonma.ch
DNT: 1
Connection: keep-alive
Referer: https://login.bonma.ch/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public,max-age=2592000
Content-Type: application/octet-stream
Last-Modified: Wed, 29 May 2019 00:02:58 GMT
Accept-Ranges: bytes
ETag: "0e579dfb115d51:0"
Server: Microsoft-IIS/10.0
request-id: 4614e9d0-e348-4828-9b38-5d2fc41d313c
Set-Cookie: ClientId=RXYGREA0GUAMJQMMIDA; expires=Fri, 14-Feb-2025 19:42:33 GMT; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Thu, 15 Feb 2024 19:42:33 GMT
Content-Length: 56760

webmail.addaxpetroleum.com/owa/auth/15.0.1497/themes/resources/segoeui-semilight.ttf

52.136.245.70

200 OK

16 kB

URL GET HTTP/1.1
webmail.addaxpetroleum.com/owa/auth/15.0.1497/themes/resources/segoeui-semilight.ttf
IP
52.136.245.70:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://login.bonma.ch/.owa./#boris.baur@astrazeneca.com
Certificate
IssuerDigiCert Inc
Subjectsmtp.addaxpetroleum.com
Fingerprint63:F4:03:E9:26:C2:9F:F0:C4:7B:F2:A3:D4:26:75:B1:F8:B2:F1:89
ValidityWed, 31 May 2023 00:00:00 GMT - Sun, 30 Jun 2024 23:59:59 GMT

File type
TrueType Font data, 16 tables, 1st "OS/2"
Size
16 kB (15933 bytes)
Hash
b11542b8978395491cc5cccbfaed0b70
264a46cc42d7b6e7d3e1f47ca163193fa8ff9ef2
cf8be2939de8c7c98f16927851e89ccbfb21132bd865df26a7db788e60a55053

HTTP Headers

GET /owa/auth/15.0.1497/themes/resources/segoeui-semilight.ttf HTTP/1.1
Host: webmail.addaxpetroleum.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://login.bonma.ch
DNT: 1
Connection: keep-alive
Referer: https://login.bonma.ch/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public,max-age=2592000
Content-Type: application/octet-stream
Last-Modified: Wed, 29 May 2019 00:02:58 GMT
Accept-Ranges: bytes
ETag: "0e579dfb115d51:0"
Server: Microsoft-IIS/10.0
request-id: d1b2b272-f399-4a4c-9a58-18bc597e1ff3
Set-Cookie: ClientId=ANXPEVKKMNLUSHAQVG; expires=Fri, 14-Feb-2025 19:42:33 GMT; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Thu, 15 Feb 2024 19:42:33 GMT
Content-Length: 41560

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (7)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/3

IP

ASN