Report - tracker.club-os.com/campaign/click?qDomYmsgId=d738c6bd137e6a03157c6c728cbc659e734fc398&test=false&target=jerfm.com/gkvd/hGhk/dee6ec74e9750cd198f26ea3ceafe917/h9P22P/Y3N3YXZleUBpbnN0ZWVsLmNvbQ==

Report Overview

Submitted URL
tracker.club-os.com/campaign/click?qDomYmsgId=d738c6bd137e6a03157c6c728cbc659e734fc398&test=false&target=jerfm.com/gkvd/hGhk/dee6ec74e9750cd198f26ea3ceafe917/h9P22P/Y3N3YXZleUBpbnN0ZWVsLmNvbQ==
IP
52.0.248.145
ASN
#14618 AMAZON-AES
Submitted
2024-04-17 14:00:08
Access
public
Website Title
94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=cswavey@insteel.com
Final URL
94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=cswavey@insteel.com
Tags
phishing microsoft outlook
urlquery detections
Phishing - Microsoft Outlook

Detections

urlquery
10
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
jerfm.com	unknown	2023-06-27	2015-02-06	2024-04-16	1.0 kB	908 B	192.99.71.92
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20	2024-04-17	3.2 kB	254 kB	104.17.3.184
howellfloring.com	unknown	2024-03-15	2024-04-12	2024-04-15	13 kB	297 kB	5.230.40.9
ux-asset-commercial.duosecurity.com	259551	2010-09-27	2022-06-13	2024-04-10	1.1 kB	345 B	0.0.0.0
94e6f5a7.58598891ef09ac737cee0cf3.workers.dev	unknown	2019-02-08	2024-04-12	2024-04-17	1.3 kB	5.6 kB	172.67.176.79
tracker.club-os.com	870552	2011-01-10	2014-02-20	2024-04-17	647 B	251 B	34.205.254.71

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-14	medium	94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/	Office365
2024-04-14	medium	94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/	Office365

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (16)

	URL	Size	First Seen	Last Seen
	howellfloring.com/static/shared/lib/jquery/jquery.min.js?v=ff152	90 kB	2024-03-07	2024-04-29
Pretty URL howellfloring.com/static/shared/lib/jquery/jquery.min.js?v=ff152 IP 5.230.40.9 ASN #12586 GHOSTnet GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-07 18:01:26 Last Seen2024-04-29 19:22:12 Times Seen28 Hash f061735b98b3859450bd3844bd854257 28a494cc9eb2ddbdc0b24d4f19a4d2e56a453d65 a2d7f1f557778adef33166539ba18b592613be119e0be0b353b579e8fcf411c6 Loading...

	howellfloring.com/static/js/page/email-first.js?v=9abab	892 kB	2024-04-12	2024-04-17
Pretty URL howellfloring.com/static/js/page/email-first.js?v=9abab IP 5.230.40.9 ASN #12586 GHOSTnet GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-12 02:04:49 Last Seen2024-04-17 16:00:10 Times Seen4 Hash c10f2123045b2f6d00bdc65496113c4c 3809177e93ed6472bb6565cc3de598a894d93d32 5f4156977964f13aa16334f14455e94904cc81f585f57a291ca9771487a06eed Loading...

	data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX0pKTtkb2N1bWVudC5kb2N1bWVudEVsZW1lbnQuc3R5bGUuZmlsdGVyPSJodWUtcm90YXRlKDRkZWcpIjtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImciXX0pKTtzZXRUaW1lb3V0KGMsMWUzKX19YygpOwo=	341 B	2023-10-02	2024-04-30
Pretty URL data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX0pKTtkb2N1bWVudC5kb2N1bWVudEVsZW1lbnQuc3R5bGUuZmlsdGVyPSJodWUtcm90YXRlKDRkZWcpIjtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImciXX0pKTtzZXRUaW1lb3V0KGMsMWUzKX19YygpOwo= IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-02 01:17:43 Last Seen2024-04-30 18:03:20 Times Seen32957 Hash d6f18bfe02b31db3664d5d27f03ea142 aae6f850e8ea4ff74dcd6213ad6a4565cbd6802e 90682803943448f3acffc81014c87fdd71f30d8cf97335fcea451fac1e568221 Loading...

		Size	First Seen	Last Seen
	#1 Eval - d66c2a3ec9471ac41eb636dd35e68740	162 B	2024-04-04	2024-04-17
Pretty Observations First Seen2024-04-04 13:51:49 Last Seen2024-04-17 16:04:30 Times Seen745 Hash d66c2a3ec9471ac41eb636dd35e68740 0a0df48399a54f5e9e1cc314afb47809429fabe0 06da1a9d19030d0ef1321621c16fd90ef543821b71b017219501fe046a536973 Loading...

	#2 Eval - 952faca8568b1f23e3b475c09bf81dc0	28 B	2024-04-17	2024-04-17
Pretty Observations First Seen2024-04-17 16:00:09 Last Seen2024-04-17 16:00:09 Times Seen1 Hash 952faca8568b1f23e3b475c09bf81dc0 99a2d94cc8fd6c6d65d553e0f5997ef3a91ddfb2 aea59e20673ff223d86e5183372d33ddcbb6c794d9e865bc64a473affe7d9fa4 Loading...

	#3 Eval - 87936d20d6e40f7e3f751c8a58b2b941	28 B	2024-04-17	2024-04-17
Pretty Observations First Seen2024-04-17 16:00:09 Last Seen2024-04-17 16:00:09 Times Seen1 Hash 87936d20d6e40f7e3f751c8a58b2b941 3ceb49db38a5566ec328100417f97824f907caaf 6761c1ce5f3df85c844077cbd6c9431153072bd8b5f5f6b9e279169337ad8ea3 Loading...

	#4 Eval - d3b1e551cb78d49381ea02f04b6fb7f7	28 B	2024-04-17	2024-04-17
Pretty Observations First Seen2024-04-17 16:00:10 Last Seen2024-04-17 16:00:10 Times Seen1 Hash d3b1e551cb78d49381ea02f04b6fb7f7 34c077795010d8d67e1a1b1c77b5efa966c68106 ae181ddd691bbe05b5048fef062090edf7c38620ff35cdb37ce6f740fdd76075 Loading...

	#5 Eval - ac6d43b49aec2f87daf340337b6a7882	60 B	2024-04-04	2024-04-17
Pretty Observations First Seen2024-04-04 12:28:09 Last Seen2024-04-17 16:04:31 Times Seen3428 Hash ac6d43b49aec2f87daf340337b6a7882 d3874a31a6b7fe11121edc3ed80fdc8b66f6589a 1af55b64e0b39e0f5f760a8050b284a66fe404ddff945697590f8240798311b2 Loading...

	#6 Eval - d02ef556e07227057dd47704cb873f8b	28 B	2024-04-17	2024-04-17
Pretty Observations First Seen2024-04-17 16:00:10 Last Seen2024-04-17 16:00:10 Times Seen1 Hash d02ef556e07227057dd47704cb873f8b 662396ede01cf0d56b7c8422684b8e3268845f88 4ec9c6585d14fc40e633c3536b2eb620cabf869f9c832611e8cdb07f7f8d3448 Loading...

	#7 Eval - 9e925e9341b490bfd3b4c4ca3b0c1ef2	4 B	2023-03-07	2024-04-30
Pretty Observations First Seen2023-03-07 01:03:43 Last Seen2024-04-30 18:04:25 Times Seen350847 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	#8 Eval - b23d327f590d22ae2e9c08ead8696323	28 B	2024-04-17	2024-04-17
Pretty Observations First Seen2024-04-17 16:00:10 Last Seen2024-04-17 16:00:10 Times Seen1 Hash b23d327f590d22ae2e9c08ead8696323 54f02bf2a1a4235cadce3070921d769454f5e47a 044b25fea65be29744bf24a4bc4111ab6c005bdbdad1d40e1621d8a00daa9dda Loading...

	#9 Eval - 9f58d74a7ffab46d7b19cc61000ae8a8	28 B	2024-04-17	2024-04-17
Pretty Observations First Seen2024-04-17 16:00:10 Last Seen2024-04-17 16:00:10 Times Seen1 Hash 9f58d74a7ffab46d7b19cc61000ae8a8 cd7ad756ec62105cbc28f1deae17a23dc53e13b5 533f0b793986f3e61c0624f86bebe8a0df34deb570bf540e2fa0c424e20ff9f5 Loading...

	#10 Eval - 4ba68dfd1c867fd14e2d9ada5f0317ea	981 B	2024-04-17	2024-04-17
Pretty Observations First Seen2024-04-17 16:00:10 Last Seen2024-04-17 16:00:10 Times Seen1 Hash 4ba68dfd1c867fd14e2d9ada5f0317ea 9247e7a5ac8039c586d25a6af0702e47f1b05005 a2677d918b0e434b82e7a72ae6ab7cf3edf937a62b6eedbcf6e84ab6eb06cfa8 Loading...

	#11 Eval - 10e04e9d75bd77b04119741f4d57e070	28 B	2024-04-17	2024-04-17
Pretty Observations First Seen2024-04-17 16:00:10 Last Seen2024-04-17 16:00:10 Times Seen1 Hash 10e04e9d75bd77b04119741f4d57e070 65fce85e66c5bc322bdf71a7d097960cb697dc01 8f6d84b8625fd3e0e07280369f11c0c031b5f0670e12c0c2391f519ebcbeed82 Loading...

	#12 Eval - c23ad4ef03b3af2642f6decaeb9d99d3	28 B	2024-04-17	2024-04-17
Pretty Observations First Seen2024-04-17 16:00:10 Last Seen2024-04-17 16:00:10 Times Seen1 Hash c23ad4ef03b3af2642f6decaeb9d99d3 021d7e9aa55ce5eed1f302f6653776b4da1284cd 9ab6d5846633a921973e2c0785218b05241d578648cb686afc69a2404b177742 Loading...

	#13 Eval - 9067a09cca19f624ca157f31c4ace581	28 B	2024-04-17	2024-04-17
Pretty Observations First Seen2024-04-17 16:00:10 Last Seen2024-04-17 16:00:10 Times Seen1 Hash 9067a09cca19f624ca157f31c4ace581 cee1f055443eea5cef5c90b7523be9cc20750040 48a14ebeaa25b7b36e847917a6b78b5fe8962beb42edfe0a6113005ef881c85a Loading...

HTTP Transactions (21)

URL IP Response Size

tracker.club-os.com/campaign/click?qDomYmsgId=d738c6bd137e6a03157c6c728cbc659e734fc398&test=false&target=jerfm.com/gkvd/hGhk/dee6ec74e9750cd198f26ea3ceafe917/h9P22P/Y3N3YXZleUBpbnN0ZWVsLmNvbQ==

34.205.254.71

0 B

URL
tracker.club-os.com/campaign/click?qDomYmsgId=d738c6bd137e6a03157c6c728cbc659e734fc398&test=false&target=jerfm.com/gkvd/hGhk/dee6ec74e9750cd198f26ea3ceafe917/h9P22P/Y3N3YXZleUBpbnN0ZWVsLmNvbQ==
IP
34.205.254.71:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /campaign/click?qDomYmsgId=d738c6bd137e6a03157c6c728cbc659e734fc398&test=false&target=jerfm.com/gkvd/hGhk/dee6ec74e9750cd198f26ea3ceafe917/h9P22P/Y3N3YXZleUBpbnN0ZWVsLmNvbQ== HTTP/1.1
Host: tracker.club-os.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 303 See Other
date: Wed, 17 Apr 2024 13:59:43 GMT
content-length: 0
location: http://jerfm.com/gkvd/hGhk/dee6ec74e9750cd198f26ea3ceafe917/h9P22P/Y3N3YXZleUBpbnN0ZWVsLmNvbQ==
server: Apache/2.4.57 () OpenSSL/1.0.2k-fips
X-Firefox-Spdy: h2

jerfm.com/gkvd/hGhk/dee6ec74e9750cd198f26ea3ceafe917/h9P22P/Y3N3YXZleUBpbnN0ZWVsLmNvbQ==

192.99.71.92

304 B

URL
jerfm.com/gkvd/hGhk/dee6ec74e9750cd198f26ea3ceafe917/h9P22P/Y3N3YXZleUBpbnN0ZWVsLmNvbQ==
IP
192.99.71.92:0
ASN
#16276 OVH SAS

File type
HTML document, ASCII text
Size
304 B (304 bytes)
Hash
b5e0f294098a702c08880aa53efbcafd
fa6b259da88acadea21c92138d9d167aa98671d5
639277ffc962da9eaaf7a1789b6fe704ad6c934770388c941d04d3dd50aaf52b

HTTP Headers

GET /gkvd/hGhk/dee6ec74e9750cd198f26ea3ceafe917/h9P22P/Y3N3YXZleUBpbnN0ZWVsLmNvbQ== HTTP/1.1
Host: jerfm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Wed, 17 Apr 2024 13:59:43 GMT
Server: Apache
Location: https://jerfm.com/gkvd/hGhk/dee6ec74e9750cd198f26ea3ceafe917/h9P22P/Y3N3YXZleUBpbnN0ZWVsLmNvbQ==
Content-Length: 304
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

jerfm.com/gkvd/hGhk/dee6ec74e9750cd198f26ea3ceafe917/h9P22P/Y3N3YXZleUBpbnN0ZWVsLmNvbQ==

192.99.71.92

0 B

URL
jerfm.com/gkvd/hGhk/dee6ec74e9750cd198f26ea3ceafe917/h9P22P/Y3N3YXZleUBpbnN0ZWVsLmNvbQ==
IP
192.99.71.92:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /gkvd/hGhk/dee6ec74e9750cd198f26ea3ceafe917/h9P22P/Y3N3YXZleUBpbnN0ZWVsLmNvbQ== HTTP/1.1
Host: jerfm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 13:59:43 GMT
Server: Apache
refresh: 0;url=https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=cswavey@insteel.com
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback

104.17.3.184

0 B

URL
challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Wed, 17 Apr 2024 13:59:44 GMT
content-length: 0
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=300, public
location: /turnstile/v0/b/bcc5fb0a8815/api.js?onload=onloadTurnstileCallback
vary: Accept-Encoding
server: cloudflare
cf-ray: 875ceff52c089297-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1185918353:1713361133:KSIws6nbAPDEHzQIVqumCsc_-mgZYOQqRoull4tg-JM/875ceff6787fbe60/9d294ba857bcbc4

104.17.3.184

96 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1185918353:1713361133:KSIws6nbAPDEHzQIVqumCsc_-mgZYOQqRoull4tg-JM/875ceff6787fbe60/9d294ba857bcbc4
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
96 kB (96055 bytes)
Hash
363193078c4f290ec27f236b3499d9d9
114a29091578107cc9dcb6f12ea96df861a4a106
bfb70e480d65231217cce852d2f94b672e2f952eb17d8bec7c9c03de0192a975

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1185918353:1713361133:KSIws6nbAPDEHzQIVqumCsc_-mgZYOQqRoull4tg-JM/875ceff6787fbe60/9d294ba857bcbc4 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/77flw/0x4AAAAAAAW-lbDQI7I0Z-Zf/auto/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 9d294ba857bcbc4
Content-Length: 2583
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 13:59:44 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: AFYq9AZqvbB8zsBmKXV8YntsYXdZ2hgbr7zU0gDaGI50dZ/ZElFu/UxzFQOaYfaZxur8nO6zgOBc+7Aqy8OXiRxMLkOPdWxD/bIalVRCJUR99Wm4lOF558X8C0W209WU4CcFDYhmimvWV1iUoJrOxuoSY0LWFte+ISSYyQYJx7CXbsNyzqJLRVy6b7ZRyhCBYSWaVCfu4CLQydxQlqS2rtKnvFK5XbdxolbxYhvrDbC2bTt942RbimAdVNQ1CKIxy6bFv070Wxm0kaIcMBeva49gWx5NlhFgu3f6l4SHVi6HiveeB5bndPVELhi2ftBZFHM2QL66Cl29LGXUWNyv6wcuR6tAQ4VcvCl8inptTnIVao+lCRNZso5UwFfitzVVj2Mho8acaEljEfHXZRyZgZfsAQejDHus7vIIqZ42h49XpfVXnv7kS8aqi6SZQqzl23D5ZH90c0DJGyc9z9re3jMB1HkdcxTrL/+vRKuD7ryaAlO37SFJl/fOcRQnXyEzBGIvwSfIM/TXgE9zNlXI1w==$q37301F6L2kUaFqKamaxPA==
server: cloudflare
cf-ray: 875ceff8fd05be60-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

howellfloring.com/?qrc=cswavey%40insteel.com

5.230.40.9

302 Moved Temporarily

0 B

URL GET HTTP/1.1
howellfloring.com/?qrc=cswavey%40insteel.com
IP
5.230.40.9:443
ASN
#12586 GHOSTnet GmbH

Requested by
https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=cswavey@insteel.com
Certificate
IssuerLet's Encrypt
Subjecthowellfloring.com
FingerprintD5:14:3A:8C:64:FD:4A:56:CB:63:DC:C7:BF:27:C5:3A:3D:45:73:ED
ValidityFri, 12 Apr 2024 13:10:02 GMT - Thu, 11 Jul 2024 13:10:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /?qrc=cswavey%40insteel.com HTTP/1.1
Host: howellfloring.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=2ImopD9L0Lrs; qPdM.sig=Y9CGc8Pz5ErPAbe1bgCpbksU5j8
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache
Pragma: no-cache
Location: https://howellfloring.com/owa/?login_hint=cswavey%40insteel.com
Server: Microsoft-IIS/10.0
request-id: 06385ba6-0dee-1803-eb86-f027baff4df3
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-FEServer: FR5P281CA0032, FR5P281CA0032
X-RequestId: 2a1b6e08-f0e6-4671-949a-c75d887e738c
X-FEProxyInfo: FR5P281CA0032.DEUP281.PROD.OUTLOOK.COM
X-FEEFZInfo: HHN
MS-CV: pls4Bu4NAxjrhvAnuv9N8w.0
X-Powered-By: ASP.NET
Date: Wed, 17 Apr 2024 13:59:50 GMT
Connection: close
Content-Length: 0
Content-Security-Policy: default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

howellfloring.com/owa/?login_hint=cswavey%40insteel.com

5.230.40.9

302 Found

1.4 kB

URL GET HTTP/1.1
howellfloring.com/owa/?login_hint=cswavey%40insteel.com
IP
5.230.40.9:443
ASN
#12586 GHOSTnet GmbH

Requested by
https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=cswavey@insteel.com
Certificate
IssuerLet's Encrypt
Subjecthowellfloring.com
FingerprintD5:14:3A:8C:64:FD:4A:56:CB:63:DC:C7:BF:27:C5:3A:3D:45:73:ED
ValidityFri, 12 Apr 2024 13:10:02 GMT - Thu, 11 Jul 2024 13:10:01 GMT

File type
HTML document, ASCII text, with very long lines (788), with CRLF, LF line terminators
Size
1.4 kB (1368 bytes)
Hash
64ad93180837d868bc7abd2f716d4501
55aff88352f105b0ae9451552a6d71dcd319711a
6fc77a4b342e94c1445bdba468a6ce4fbe8d81837b12fd069d958fc07eb20131

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /owa/?login_hint=cswavey%40insteel.com HTTP/1.1
Host: howellfloring.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=2ImopD9L0Lrs; qPdM.sig=Y9CGc8Pz5ErPAbe1bgCpbksU5j8
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
content-length: 1368
Content-Type: text/html; charset=utf-8
Location: https://howellfloring.com/?khwxgq2e6=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1jc3dhdmV5JTQwaW5zdGVlbC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9MmVjOTk2MjItNzgyMC05NThhLWY0MGItOTAwMGI5NTQ1ZWM2JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ4OTU5MTkwMzIxNjU1OS5lOTg1ODgyNy1kMzk1LTQzMGYtOTQyNi0zMmQ4NjM2ZDNjZTImc3RhdGU9RGN0QkRzSWdFRUJSMExQb2pwYk9NTk9aaGZFb3BnRlVrZ3FMTmpiZVhoYnY3NzQxeHB5N1UyZDlqNWtaSllpU1R1b1JKaWJTSWF1UUNNd3VvWklMNko5T0E3QkRTTUxJQ1dNRzI5X3IySTVsdktfdFZlcmpYZXAtaTl1eGZQUHZFbnlwMjU3ek9zVDItUU0=
Server: Microsoft-IIS/10.0
request-id: 2ec99622-7820-958a-f40b-9000b9545ec6
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Alt-Svc: h3=":443";ma=2592000,h3-29=":443";ma=2592000
X-CalculatedFETarget: BE1P281CU011.internal.outlook.com
X-BackEndHttpStatus: 302, 302
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: ClientId=175C886663824B51983275A5B2218A83; expires=Thu, 17-Apr-2025 13:59:50 GMT; path=/;SameSite=None; secure
ClientId=175C886663824B51983275A5B2218A83; expires=Thu, 17-Apr-2025 13:59:50 GMT; path=/;SameSite=None; secure
OIDC=1; expires=Thu, 17-Oct-2024 13:59:50 GMT; path=/;SameSite=None; secure; HttpOnly
RoutingKeyCookie=; expires=Sun, 17-Apr-1994 13:59:50 GMT; path=/; secure
OpenIdConnect.token.v1=; expires=Sun, 17-Apr-1994 13:59:50 GMT; path=/; secure
OpenIdConnect.token.v1=; domain=howellfloring.com; expires=Sun, 17-Apr-1994 13:59:50 GMT; path=/; secure
OpenIdConnect.id_token.v1=; expires=Sun, 17-Apr-1994 13:59:50 GMT; path=/; secure
OpenIdConnect.code.v1=; expires=Sun, 17-Apr-1994 13:59:50 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; expires=Sun, 17-Apr-1994 13:59:50 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; expires=Sun, 17-Apr-1994 13:59:50 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; expires=Sun, 17-Apr-1994 13:59:50 GMT; path=/; secure
OpenIdConnect.id_token.v1=; domain=howellfloring.com; expires=Sun, 17-Apr-1994 13:59:50 GMT; path=/; secure
OpenIdConnect.code.v1=; domain=howellfloring.com; expires=Sun, 17-Apr-1994 13:59:50 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; domain=howellfloring.com; expires=Sun, 17-Apr-1994 13:59:50 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; domain=howellfloring.com; expires=Sun, 17-Apr-1994 13:59:50 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; domain=howellfloring.com; expires=Sun, 17-Apr-1994 13:59:50 GMT; path=/; secure
OpenIdConnect.nonce.v3._LRZPf0gcHTM98PDCVbWkpiLBF0lup-z9SADHnriJsI=638489591903216559.e9858827-d395-430f-9426-32d8636d3ce2; expires=Wed, 17-Apr-2024 14:59:50 GMT; path=/;SameSite=None; secure; HttpOnly
HostSwitchPrg=; expires=Sun, 17-Apr-1994 13:59:50 GMT; path=/; secure
OptInPrg=; expires=Sun, 17-Apr-1994 13:59:50 GMT; path=/; secure
SuiteServiceProxyKey=; expires=Sun, 17-Apr-1994 13:59:50 GMT; path=/; secure
ClientId=175C886663824B51983275A5B2218A83; expires=Thu, 17-Apr-2025 13:59:50 GMT; path=/;SameSite=None; secure
OIDC=1; expires=Thu, 17-Oct-2024 13:59:50 GMT; path=/;SameSite=None; secure; HttpOnly
RoutingKeyCookie=; expires=Sun, 17-Apr-1994 13:59:50 GMT; path=/; secure
OpenIdConnect.token.v1=; expires=Sun, 17-Apr-1994 13:59:50 GMT; path=/; secure
OpenIdConnect.token.v1=; domain=howellfloring.com; expires=Sun, 17-Apr-1994 13:59:50 GMT; path=/; secure
OpenIdConnect.id_token.v1=; expires=Sun, 17-Apr-1994 13:59:50 GMT; path=/; secure
OpenIdConnect.code.v1=; expires=Sun, 17-Apr-1994 13:59:50 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; expires=Sun, 17-Apr-1994 13:59:50 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; expires=Sun, 17-Apr-1994 13:59:50 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; expires=Sun, 17-Apr-1994 13:59:50 GMT; path=/; secure
OpenIdConnect.id_token.v1=; domain=howellfloring.com; expires=Sun, 17-Apr-1994 13:59:50 GMT; path=/; secure
OpenIdConnect.code.v1=; domain=howellfloring.com; expires=Sun, 17-Apr-1994 13:59:50 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; domain=howellfloring.com; expires=Sun, 17-Apr-1994 13:59:50 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; domain=howellfloring.com; expires=Sun, 17-Apr-1994 13:59:50 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; domain=howellfloring.com; expires=Sun, 17-Apr-1994 13:59:50 GMT; path=/; secure
OpenIdConnect.nonce.v3._LRZPf0gcHTM98PDCVbWkpiLBF0lup-z9SADHnriJsI=638489591903216559.e9858827-d395-430f-9426-32d8636d3ce2; expires=Wed, 17-Apr-2024 14:59:50 GMT; path=/;SameSite=None; secure; HttpOnly
HostSwitchPrg=; expires=Sun, 17-Apr-1994 13:59:50 GMT; path=/; secure
OptInPrg=; expires=Sun, 17-Apr-1994 13:59:50 GMT; path=/; secure
SuiteServiceProxyKey=; expires=Sun, 17-Apr-1994 13:59:50 GMT; path=/; secure
X-OWA-RedirectHistory=ArLym14Bx0UvpuZe3Ag; expires=Wed, 17-Apr-2024 20:01:50 GMT; path=/;SameSite=None; secure; HttpOnly
X-CalculatedBETarget: BEZP281MB2421.DEUP281.PROD.OUTLOOK.COM
X-RUM-Validated: 1
X-RUM-NotUpdateQueriedPath: 1
X-RUM-NotUpdateQueriedDbCopy: 1
X-BeSku: WCS6
X-OWA-DiagnosticsInfo: 2;0;0
X-IIDs: 0
X-BackEnd-Begin: 2024-04-17T13:59:50.321
X-BackEnd-End: 2024-04-17T13:59:50.337
X-DiagInfo: BEZP281MB2421
X-BEServer: BEZP281MB2421
X-UA-Compatible: IE=EmulateIE7
X-Proxy-RoutingCorrectness: 1
X-Proxy-BackendServerStatus: 302
X-FEProxyInfo: FR5P281CA0041.DEUP281.PROD.OUTLOOK.COM
X-FEEFZInfo: HHN
X-FEServer: BE1P281CA0113, FR5P281CA0041
NEL: {"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
X-FirstHopCafeEFZ: HHN
Date: Wed, 17 Apr 2024 13:59:50 GMT
Connection: close
Content-Security-Policy: default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

howellfloring.com/?khwxgq2e6=aHR0cHM6Ly9zc28tMjg1Yjc0YmQuc3NvLmR1b3NlY3VyaXR5LmNvbS93cy9zcC9ESVA2UVNRME9JOVJFRkQ4UllWTC9wYXNzaXZlP2xvZ2luX2hpbnQ9Y3N3YXZleSU0MGluc3RlZWwuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTJlYzk5NjIyLTc4MjAtOTU4YS1mNDBiLTkwMDBiOTU0NWVjNiZ1c2VybmFtZT1jc3dhdmV5JTQwaW5zdGVlbC5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpaRTdiOU5RQUlWejQ5UTBMWS1vX0FDUWhSaGFPWTZ2NDFja0pQSUM4bXJTSm0xREVVU0pjNTA0Y1h5ZDJNNnI2ZzRzUkVpQXhNakFFREZBSi1qRVZJbE9sVmhReElBUVE2a1FRb2loSTQxWTJPQWJqczV3ZElaekZnbld6NFl1QmY0QTZhblNBVlZsYVFWTjNWOTBGdVo4MU9OM19vdjktNDktelk5Y2J3cDM5c2JnUXQyMlRTdkVNTml4ZFl5YmZxeXFtb0w4Q200eHVGZG1YZ053QU1BaEFBX2Q1eFdyVi02aXdWWE5zR3lFOUdsbTdCWUZUZ3BLTWktemNvQ0RyTUR6c2hfSkVpOUpVS1Nybk16VFFTNmcwbklRQ2pRSHE1TEFDVlZPUVhEaVBwY05PM1lkVGdWM3RDSDY2ZmFxdU5NcW1kaXlueElQUUV5eEl6RXJVWXZISTZ1QmRBNDN6RW8yczV6ZHJLdHhiTmF1clRWcjdmUnlvNEtLOVVwWEZJTnMzeHlJYTdBcU5fam1adkttbGk4NGVEV3BWZktKc3JNU3pmUWN2SmxJQzBrNUd4WWpzWHdtbllodVpLNUR1ZFNCQ1Y3dnBrcjJPdW8waXNpa05kbnBxN2xjTjI0TVRNaUx3NnhWZ1BSS1prejgxOHc3QkhteVN3c2Itd1NKVFdSbzFRTVAtT1FCUng1M1lQYllBNTdOblB6dzZ0dGxlZTg5bjNyeDliUG5TX0dlYTMtR1FXRlIxQkZqMS1ydE5kUTJVcXdFNFRDMzJqYlZ0SjVmS214RVVwRHQ5NWFFUWpGNFJRcXhJeEtNU0hLWDlNNFNQaGRGUkhQc0lRbC1rT0R1S2RldTkxLW5Ic3lEeWVuZ0hLbm9aYTFsTFN4dVVWcTFaT01tTXFqUUZ0VnZXU1ZGbWJwdVdYZVFSWVZ1VVNmOTFPM3Q3ZTIzWjF6SFp5ZlBQLXdjZlh6eV9jWkxuLXMzMCM=

5.230.40.9

302 Found

0 B

URL GET HTTP/1.1
howellfloring.com/?khwxgq2e6=aHR0cHM6Ly9zc28tMjg1Yjc0YmQuc3NvLmR1b3NlY3VyaXR5LmNvbS93cy9zcC9ESVA2UVNRME9JOVJFRkQ4UllWTC9wYXNzaXZlP2xvZ2luX2hpbnQ9Y3N3YXZleSU0MGluc3RlZWwuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTJlYzk5NjIyLTc4MjAtOTU4YS1mNDBiLTkwMDBiOTU0NWVjNiZ1c2VybmFtZT1jc3dhdmV5JTQwaW5zdGVlbC5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpaRTdiOU5RQUlWejQ5UTBMWS1vX0FDUWhSaGFPWTZ2NDFja0pQSUM4bXJTSm0xREVVU0pjNTA0Y1h5ZDJNNnI2ZzRzUkVpQXhNakFFREZBSi1qRVZJbE9sVmhReElBUVE2a1FRb2loSTQxWTJPQWJqczV3ZElaekZnbld6NFl1QmY0QTZhblNBVlZsYVFWTjNWOTBGdVo4MU9OM19vdjktNDktelk5Y2J3cDM5c2JnUXQyMlRTdkVNTml4ZFl5YmZxeXFtb0w4Q200eHVGZG1YZ053QU1BaEFBX2Q1eFdyVi02aXdWWE5zR3lFOUdsbTdCWUZUZ3BLTWktemNvQ0RyTUR6c2hfSkVpOUpVS1Nybk16VFFTNmcwbklRQ2pRSHE1TEFDVlZPUVhEaVBwY05PM1lkVGdWM3RDSDY2ZmFxdU5NcW1kaXlueElQUUV5eEl6RXJVWXZISTZ1QmRBNDN6RW8yczV6ZHJLdHhiTmF1clRWcjdmUnlvNEtLOVVwWEZJTnMzeHlJYTdBcU5fam1adkttbGk4NGVEV3BWZktKc3JNU3pmUWN2SmxJQzBrNUd4WWpzWHdtbllodVpLNUR1ZFNCQ1Y3dnBrcjJPdW8waXNpa05kbnBxN2xjTjI0TVRNaUx3NnhWZ1BSS1prejgxOHc3QkhteVN3c2Itd1NKVFdSbzFRTVAtT1FCUng1M1lQYllBNTdOblB6dzZ0dGxlZTg5bjNyeDliUG5TX0dlYTMtR1FXRlIxQkZqMS1ydE5kUTJVcXdFNFRDMzJqYlZ0SjVmS214RVVwRHQ5NWFFUWpGNFJRcXhJeEtNU0hLWDlNNFNQaGRGUkhQc0lRbC1rT0R1S2RldTkxLW5Ic3lEeWVuZ0hLbm9aYTFsTFN4dVVWcTFaT01tTXFqUUZ0VnZXU1ZGbWJwdVdYZVFSWVZ1VVNmOTFPM3Q3ZTIzWjF6SFp5ZlBQLXdjZlh6eV9jWkxuLXMzMCM=
IP
5.230.40.9:443
ASN
#12586 GHOSTnet GmbH

Requested by
https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=cswavey@insteel.com
Certificate
IssuerLet's Encrypt
Subjecthowellfloring.com
FingerprintD5:14:3A:8C:64:FD:4A:56:CB:63:DC:C7:BF:27:C5:3A:3D:45:73:ED
ValidityFri, 12 Apr 2024 13:10:02 GMT - Thu, 11 Jul 2024 13:10:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /?khwxgq2e6=aHR0cHM6Ly9zc28tMjg1Yjc0YmQuc3NvLmR1b3NlY3VyaXR5LmNvbS93cy9zcC9ESVA2UVNRME9JOVJFRkQ4UllWTC9wYXNzaXZlP2xvZ2luX2hpbnQ9Y3N3YXZleSU0MGluc3RlZWwuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTJlYzk5NjIyLTc4MjAtOTU4YS1mNDBiLTkwMDBiOTU0NWVjNiZ1c2VybmFtZT1jc3dhdmV5JTQwaW5zdGVlbC5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpaRTdiOU5RQUlWejQ5UTBMWS1vX0FDUWhSaGFPWTZ2NDFja0pQSUM4bXJTSm0xREVVU0pjNTA0Y1h5ZDJNNnI2ZzRzUkVpQXhNakFFREZBSi1qRVZJbE9sVmhReElBUVE2a1FRb2loSTQxWTJPQWJqczV3ZElaekZnbld6NFl1QmY0QTZhblNBVlZsYVFWTjNWOTBGdVo4MU9OM19vdjktNDktelk5Y2J3cDM5c2JnUXQyMlRTdkVNTml4ZFl5YmZxeXFtb0w4Q200eHVGZG1YZ053QU1BaEFBX2Q1eFdyVi02aXdWWE5zR3lFOUdsbTdCWUZUZ3BLTWktemNvQ0RyTUR6c2hfSkVpOUpVS1Nybk16VFFTNmcwbklRQ2pRSHE1TEFDVlZPUVhEaVBwY05PM1lkVGdWM3RDSDY2ZmFxdU5NcW1kaXlueElQUUV5eEl6RXJVWXZISTZ1QmRBNDN6RW8yczV6ZHJLdHhiTmF1clRWcjdmUnlvNEtLOVVwWEZJTnMzeHlJYTdBcU5fam1adkttbGk4NGVEV3BWZktKc3JNU3pmUWN2SmxJQzBrNUd4WWpzWHdtbllodVpLNUR1ZFNCQ1Y3dnBrcjJPdW8waXNpa05kbnBxN2xjTjI0TVRNaUx3NnhWZ1BSS1prejgxOHc3QkhteVN3c2Itd1NKVFdSbzFRTVAtT1FCUng1M1lQYllBNTdOblB6dzZ0dGxlZTg5bjNyeDliUG5TX0dlYTMtR1FXRlIxQkZqMS1ydE5kUTJVcXdFNFRDMzJqYlZ0SjVmS214RVVwRHQ5NWFFUWpGNFJRcXhJeEtNU0hLWDlNNFNQaGRGUkhQc0lRbC1rT0R1S2RldTkxLW5Ic3lEeWVuZ0hLbm9aYTFsTFN4dVVWcTFaT01tTXFqUUZ0VnZXU1ZGbWJwdVdYZVFSWVZ1VVNmOTFPM3Q3ZTIzWjF6SFp5ZlBQLXdjZlh6eV9jWkxuLXMzMCM= HTTP/1.1
Host: howellfloring.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=2ImopD9L0Lrs; qPdM.sig=Y9CGc8Pz5ErPAbe1bgCpbksU5j8; ClientId=175C886663824B51983275A5B2218A83; OIDC=1; OpenIdConnect.nonce.v3._LRZPf0gcHTM98PDCVbWkpiLBF0lup-z9SADHnriJsI=638489591903216559.e9858827-d395-430f-9426-32d8636d3ce2; X-OWA-RedirectHistory=ArLym14Bx0UvpuZe3Ag; buid=0.AXcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd85u8Rqi445x27F6ZxTU761bpY9YL3WuEa97MV2ljDNOu2qzoPdzc1Xzltdxsvloc3QH30ES_guTskAKIK4jPTw4vi3naoqzg-EI14s1bkS4ggAA; fpc=AjvrW1ip-_VDr8A9n11V3n2erOTJAQAAANbMsd0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8vAYzsBitvLvGbYvIsjtqhpdBJL1iT8t8YESC-xgapTdg9E1cw0hMX2IDmGE9MRUWI_4KPArHdy_2ersmlR7MmOX-ArM-0oWAW-z-yJ1YCNnzKaCtzVcGHrDfJzbLcTTlcESTb3uL37KVaqfXiVP1aXRMb4xF0b2A71ydp3RYktAgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Wed, 17 Apr 2024 13:59:51 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: close
Server: Duo/1.0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Expires: 0
Pragma: no-cache
Location: /email_first?authkey=ASJAQ2HYDOWLQTK18HU7&scid=7eb4b0eecd5e4c2fba2cb58772aad6aa
Strict-Transport-Security: max-age=31536000
X-Robots-Tag: noindex, nofollow
Content-Security-Policy: default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

howellfloring.com/email_first?authkey=ASJAQ2HYDOWLQTK18HU7&scid=7eb4b0eecd5e4c2fba2cb58772aad6aa

5.230.40.9

200 OK

1.1 kB

URL GET HTTP/1.1
howellfloring.com/email_first?authkey=ASJAQ2HYDOWLQTK18HU7&scid=7eb4b0eecd5e4c2fba2cb58772aad6aa
IP
5.230.40.9:443
ASN
#12586 GHOSTnet GmbH

Requested by
https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=cswavey@insteel.com
Certificate
IssuerLet's Encrypt
Subjecthowellfloring.com
FingerprintD5:14:3A:8C:64:FD:4A:56:CB:63:DC:C7:BF:27:C5:3A:3D:45:73:ED
ValidityFri, 12 Apr 2024 13:10:02 GMT - Thu, 11 Jul 2024 13:10:01 GMT

File type
HTML document, ASCII text, with very long lines (508)
Size
1.1 kB (1113 bytes)
Hash
d212efed4f40b62cb1f9479e90e84366
43d74147d0182b12782f48a504cd66055374eb1e
66c979144b8723bb57193e84108f1a6892aa25d3908286c012d4e4a25b9607d5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /email_first?authkey=ASJAQ2HYDOWLQTK18HU7&scid=7eb4b0eecd5e4c2fba2cb58772aad6aa HTTP/1.1
Host: howellfloring.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=2ImopD9L0Lrs; qPdM.sig=Y9CGc8Pz5ErPAbe1bgCpbksU5j8; ClientId=175C886663824B51983275A5B2218A83; OIDC=1; OpenIdConnect.nonce.v3._LRZPf0gcHTM98PDCVbWkpiLBF0lup-z9SADHnriJsI=638489591903216559.e9858827-d395-430f-9426-32d8636d3ce2; X-OWA-RedirectHistory=ArLym14Bx0UvpuZe3Ag; buid=0.AXcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd85u8Rqi445x27F6ZxTU761bpY9YL3WuEa97MV2ljDNOu2qzoPdzc1Xzltdxsvloc3QH30ES_guTskAKIK4jPTw4vi3naoqzg-EI14s1bkS4ggAA; fpc=AjvrW1ip-_VDr8A9n11V3n2erOTJAQAAANbMsd0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8vAYzsBitvLvGbYvIsjtqhpdBJL1iT8t8YESC-xgapTdg9E1cw0hMX2IDmGE9MRUWI_4KPArHdy_2ersmlR7MmOX-ArM-0oWAW-z-yJ1YCNnzKaCtzVcGHrDfJzbLcTTlcESTb3uL37KVaqfXiVP1aXRMb4xF0b2A71ydp3RYktAgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 13:59:52 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Server: Duo/1.0
X-Duo-Endpoint-Health-Appserver-URL: https://127.0.0.1:53100 https://127.0.0.1:53101 https://127.0.0.1:53102 https://127.0.0.1:53103 https://127.0.0.1:53104 https://127.0.0.1:53105 https://127.0.0.1:63100 https://127.0.0.1:63101 http://127.0.0.1:53106 http://127.0.0.1:53107 http://127.0.0.1:53108 http://127.0.0.1:53109 http://127.0.0.1:53110 http://127.0.0.1:53111 https://localhost:53100 https://localhost:53101 https://localhost:53102 https://localhost:53103 https://localhost:53104 https://localhost:53105 https://localhost:63100 https://localhost:63101
X-Duo-Endpoint-Health-URI: com-duosecurity-devicehealth://*
X-S3-Assets: ux-asset-commercial.duosecurity.com
Etag: W/"78daf0321dbb4c3904cf5a8c6d42f7be164c04d7"
Set-Cookie: _xsrf="MjM1NDgyMzNjNGNkNDYzZmI2NGE4MjU1MzQxMmM3OGE=|1713362392|0dc11a15a412d04d6428f52c0a91a591081b69bd"; Path=/; SameSite=None; Secure
sid="YzE1ZjIyNGRiYmFmNGUxNmFmNWIyYzM4NjFiMjE3Y2U=|1713362392|0e8743b87ef4b25ea92ab62f2fdcb105dbd25967"; HttpOnly; Path=/; SameSite=None; Secure
sid-init-e9d0f8f0ea304fd0875a3c0c6e1fc767="YzE1ZjIyNGRiYmFmNGUxNmFmNWIyYzM4NjFiMjE3Y2U=|1713362392|caddbdbb46b4cd44d841a921e5d5ed32b2e42e39"; HttpOnly; Path=/; SameSite=None; Secure
Strict-Transport-Security: max-age=31536000
X-Robots-Tag: noindex, nofollow
Content-Security-Policy: default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Content-Encoding: gzip

howellfloring.com/static/css/page/email-first.css?v=0d98c

5.230.40.9

200 OK

13 kB

URL GET HTTP/1.1
howellfloring.com/static/css/page/email-first.css?v=0d98c
IP
5.230.40.9:443
ASN
#12586 GHOSTnet GmbH

Requested by
https://howellfloring.com/email_first?authkey=ASJAQ2HYDOWLQTK18HU7&scid=7eb4b0eecd5e4c2fba2cb58772aad6aa
Certificate
IssuerLet's Encrypt
Subjecthowellfloring.com
FingerprintD5:14:3A:8C:64:FD:4A:56:CB:63:DC:C7:BF:27:C5:3A:3D:45:73:ED
ValidityFri, 12 Apr 2024 13:10:02 GMT - Thu, 11 Jul 2024 13:10:01 GMT

File type
ASCII text, with very long lines (11150)
Size
13 kB (12654 bytes)
Hash
d5caf42fa9cb62f608cfa5b6651f7063
c9894eaa10bbbede1526e390dcf4e05b18d2ae40
0d98ce8c821b9c6134e796b9d2b3832cd3302e190db16998772fde68a3ac925b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /static/css/page/email-first.css?v=0d98c HTTP/1.1
Host: howellfloring.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://howellfloring.com/email_first?authkey=ASJAQ2HYDOWLQTK18HU7&scid=7eb4b0eecd5e4c2fba2cb58772aad6aa
Cookie: qPdM=2ImopD9L0Lrs; qPdM.sig=Y9CGc8Pz5ErPAbe1bgCpbksU5j8; ClientId=175C886663824B51983275A5B2218A83; OIDC=1; OpenIdConnect.nonce.v3._LRZPf0gcHTM98PDCVbWkpiLBF0lup-z9SADHnriJsI=638489591903216559.e9858827-d395-430f-9426-32d8636d3ce2; X-OWA-RedirectHistory=ArLym14Bx0UvpuZe3Ag; buid=0.AXcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd85u8Rqi445x27F6ZxTU761bpY9YL3WuEa97MV2ljDNOu2qzoPdzc1Xzltdxsvloc3QH30ES_guTskAKIK4jPTw4vi3naoqzg-EI14s1bkS4ggAA; fpc=AjvrW1ip-_VDr8A9n11V3n2erOTJAQAAANbMsd0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8vAYzsBitvLvGbYvIsjtqhpdBJL1iT8t8YESC-xgapTdg9E1cw0hMX2IDmGE9MRUWI_4KPArHdy_2ersmlR7MmOX-ArM-0oWAW-z-yJ1YCNnzKaCtzVcGHrDfJzbLcTTlcESTb3uL37KVaqfXiVP1aXRMb4xF0b2A71ydp3RYktAgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; _xsrf="MjM1NDgyMzNjNGNkNDYzZmI2NGE4MjU1MzQxMmM3OGE=|1713362392|0dc11a15a412d04d6428f52c0a91a591081b69bd"; sid="YzE1ZjIyNGRiYmFmNGUxNmFmNWIyYzM4NjFiMjE3Y2U=|1713362392|0e8743b87ef4b25ea92ab62f2fdcb105dbd25967"; sid-init-e9d0f8f0ea304fd0875a3c0c6e1fc767="YzE1ZjIyNGRiYmFmNGUxNmFmNWIyYzM4NjFiMjE3Y2U=|1713362392|caddbdbb46b4cd44d841a921e5d5ed32b2e42e39"
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 13:59:52 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: close
Server: Duo/1.0
Last-Modified: Fri, 12 Apr 2024 01:23:45 GMT
ETag: W/"66188d21-f9a4"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Strict-Transport-Security: max-age=31536000
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: noindex, nofollow
Content-Security-Policy: default-src 'none'; style-src 'self'; script-src 'self'; font-src 'self'; frame-src 'self'  ; frame-ancestors 'none'; img-src 'self'  ; connect-src 'self'
Content-Encoding: gzip

howellfloring.com/static/shared/lib/jquery/jquery.min.js?v=ff152

5.230.40.9

200 OK

31 kB

URL GET HTTP/1.1
howellfloring.com/static/shared/lib/jquery/jquery.min.js?v=ff152
IP
5.230.40.9:443
ASN
#12586 GHOSTnet GmbH

Requested by
https://howellfloring.com/email_first?authkey=ASJAQ2HYDOWLQTK18HU7&scid=7eb4b0eecd5e4c2fba2cb58772aad6aa
Certificate
IssuerLet's Encrypt
Subjecthowellfloring.com
FingerprintD5:14:3A:8C:64:FD:4A:56:CB:63:DC:C7:BF:27:C5:3A:3D:45:73:ED
ValidityFri, 12 Apr 2024 13:10:02 GMT - Thu, 11 Jul 2024 13:10:01 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
31 kB (30948 bytes)
Hash
f061735b98b3859450bd3844bd854257
28a494cc9eb2ddbdc0b24d4f19a4d2e56a453d65
a2d7f1f557778adef33166539ba18b592613be119e0be0b353b579e8fcf411c6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /static/shared/lib/jquery/jquery.min.js?v=ff152 HTTP/1.1
Host: howellfloring.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://howellfloring.com/email_first?authkey=ASJAQ2HYDOWLQTK18HU7&scid=7eb4b0eecd5e4c2fba2cb58772aad6aa
Cookie: qPdM=2ImopD9L0Lrs; qPdM.sig=Y9CGc8Pz5ErPAbe1bgCpbksU5j8; ClientId=175C886663824B51983275A5B2218A83; OIDC=1; OpenIdConnect.nonce.v3._LRZPf0gcHTM98PDCVbWkpiLBF0lup-z9SADHnriJsI=638489591903216559.e9858827-d395-430f-9426-32d8636d3ce2; X-OWA-RedirectHistory=ArLym14Bx0UvpuZe3Ag; buid=0.AXcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd85u8Rqi445x27F6ZxTU761bpY9YL3WuEa97MV2ljDNOu2qzoPdzc1Xzltdxsvloc3QH30ES_guTskAKIK4jPTw4vi3naoqzg-EI14s1bkS4ggAA; fpc=AjvrW1ip-_VDr8A9n11V3n2erOTJAQAAANbMsd0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8vAYzsBitvLvGbYvIsjtqhpdBJL1iT8t8YESC-xgapTdg9E1cw0hMX2IDmGE9MRUWI_4KPArHdy_2ersmlR7MmOX-ArM-0oWAW-z-yJ1YCNnzKaCtzVcGHrDfJzbLcTTlcESTb3uL37KVaqfXiVP1aXRMb4xF0b2A71ydp3RYktAgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; _xsrf="MjM1NDgyMzNjNGNkNDYzZmI2NGE4MjU1MzQxMmM3OGE=|1713362392|0dc11a15a412d04d6428f52c0a91a591081b69bd"; sid="YzE1ZjIyNGRiYmFmNGUxNmFmNWIyYzM4NjFiMjE3Y2U=|1713362392|0e8743b87ef4b25ea92ab62f2fdcb105dbd25967"; sid-init-e9d0f8f0ea304fd0875a3c0c6e1fc767="YzE1ZjIyNGRiYmFmNGUxNmFmNWIyYzM4NjFiMjE3Y2U=|1713362392|caddbdbb46b4cd44d841a921e5d5ed32b2e42e39"
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 13:59:53 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: close
Server: Duo/1.0
Last-Modified: Fri, 12 Apr 2024 01:23:45 GMT
ETag: W/"66188d21-15d9d"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Strict-Transport-Security: max-age=31536000
X-Robots-Tag: noindex, nofollow
Content-Security-Policy: default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Content-Encoding: gzip

howellfloring.com/static/js/page/email-first.js?v=9abab

5.230.40.9

200 OK

229 kB

URL GET HTTP/1.1
howellfloring.com/static/js/page/email-first.js?v=9abab
IP
5.230.40.9:443
ASN
#12586 GHOSTnet GmbH

Requested by
https://howellfloring.com/email_first?authkey=ASJAQ2HYDOWLQTK18HU7&scid=7eb4b0eecd5e4c2fba2cb58772aad6aa
Certificate
IssuerLet's Encrypt
Subjecthowellfloring.com
FingerprintD5:14:3A:8C:64:FD:4A:56:CB:63:DC:C7:BF:27:C5:3A:3D:45:73:ED
ValidityFri, 12 Apr 2024 13:10:02 GMT - Thu, 11 Jul 2024 13:10:01 GMT

File type
JavaScript source, ASCII text, with very long lines (65467)
Size
229 kB (229348 bytes)
Hash
c10f2123045b2f6d00bdc65496113c4c
3809177e93ed6472bb6565cc3de598a894d93d32
5f4156977964f13aa16334f14455e94904cc81f585f57a291ca9771487a06eed

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /static/js/page/email-first.js?v=9abab HTTP/1.1
Host: howellfloring.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://howellfloring.com/email_first?authkey=ASJAQ2HYDOWLQTK18HU7&scid=7eb4b0eecd5e4c2fba2cb58772aad6aa
Cookie: qPdM=2ImopD9L0Lrs; qPdM.sig=Y9CGc8Pz5ErPAbe1bgCpbksU5j8; ClientId=175C886663824B51983275A5B2218A83; OIDC=1; OpenIdConnect.nonce.v3._LRZPf0gcHTM98PDCVbWkpiLBF0lup-z9SADHnriJsI=638489591903216559.e9858827-d395-430f-9426-32d8636d3ce2; X-OWA-RedirectHistory=ArLym14Bx0UvpuZe3Ag; buid=0.AXcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd85u8Rqi445x27F6ZxTU761bpY9YL3WuEa97MV2ljDNOu2qzoPdzc1Xzltdxsvloc3QH30ES_guTskAKIK4jPTw4vi3naoqzg-EI14s1bkS4ggAA; fpc=AjvrW1ip-_VDr8A9n11V3n2erOTJAQAAANbMsd0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8vAYzsBitvLvGbYvIsjtqhpdBJL1iT8t8YESC-xgapTdg9E1cw0hMX2IDmGE9MRUWI_4KPArHdy_2ersmlR7MmOX-ArM-0oWAW-z-yJ1YCNnzKaCtzVcGHrDfJzbLcTTlcESTb3uL37KVaqfXiVP1aXRMb4xF0b2A71ydp3RYktAgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; _xsrf="MjM1NDgyMzNjNGNkNDYzZmI2NGE4MjU1MzQxMmM3OGE=|1713362392|0dc11a15a412d04d6428f52c0a91a591081b69bd"; sid="YzE1ZjIyNGRiYmFmNGUxNmFmNWIyYzM4NjFiMjE3Y2U=|1713362392|0e8743b87ef4b25ea92ab62f2fdcb105dbd25967"; sid-init-e9d0f8f0ea304fd0875a3c0c6e1fc767="YzE1ZjIyNGRiYmFmNGUxNmFmNWIyYzM4NjFiMjE3Y2U=|1713362392|caddbdbb46b4cd44d841a921e5d5ed32b2e42e39"
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 13:59:52 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: close
Server: Duo/1.0
Last-Modified: Fri, 12 Apr 2024 01:23:45 GMT
ETag: W/"66188d21-d9c14"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Strict-Transport-Security: max-age=31536000
X-Robots-Tag: noindex, nofollow
Content-Security-Policy: default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Content-Encoding: gzip

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=875ceff6787fbe60

104.17.3.184

118 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=875ceff6787fbe60
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
118 kB (117577 bytes)
Hash
c47a7307e86906d4fdfaf1c0f581ef9b
6cd9ce37fc6b65a6a048456606b1a1242ea75ff6
4172a83783a9695d569ef64907fa1a7e0b9c0e98adad4eb330ee5ac1cac6adbb

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=875ceff6787fbe60 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/77flw/0x4AAAAAAAW-lbDQI7I0Z-Zf/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 13:59:44 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
server: cloudflare
cf-ray: 875ceff70984be60-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/875ceff6787fbe60/1713362384840/IHUewXhjUqIhQ0N

104.17.3.184

13 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/875ceff6787fbe60/1713362384840/IHUewXhjUqIhQ0N
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 14 x 77, 8-bit/color RGB, non-interlaced
Size
13 kB (12880 bytes)
Hash
98c1171cd459ec9f0e2ed6064fdea1c6
d33d9397f204dc0d2901b4d7df8a1868f3e2f7f7
64fc0b90e1a5996869fee8b4cec8b3b7f15fcb185c9a99af0d65687ea24d15cb

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/i/875ceff6787fbe60/1713362384840/IHUewXhjUqIhQ0N HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/77flw/0x4AAAAAAAW-lbDQI7I0Z-Zf/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 13:59:46 GMT
content-type: image/png
server: cloudflare
cf-ray: 875cf0016e63be60-CPH
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/77flw/0x4AAAAAAAW-lbDQI7I0Z-Zf/auto/normal

104.17.3.184

24 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/77flw/0x4AAAAAAAW-lbDQI7I0Z-Zf/auto/normal
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (41919)
Size
24 kB (24379 bytes)
Hash
cfe3b48847504bd8997aad5e86389bec
491dc13352f8b8d5210f925d6da1e52b98912e3b
402b884c48088216274762abaa6ba6fbb1e4549b444216e11f0935758b848607

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/77flw/0x4AAAAAAAW-lbDQI7I0Z-Zf/auto/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 13:59:44 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
document-policy: js-profiling
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare
cf-ray: 875ceff6787fbe60-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

ux-asset-commercial.duosecurity.com/customization/account/VlU5ZbVXdqOiM7lqa9pbUAcxbgTVgbsvSwloVs8jxnA/logo_image.png?versionId=Zwn1oxYw44FK3sQydrAyc2TF0PSiXau2

0.0.0.0

0 B

URL GET
ux-asset-commercial.duosecurity.com/customization/account/VlU5ZbVXdqOiM7lqa9pbUAcxbgTVgbsvSwloVs8jxnA/logo_image.png?versionId=Zwn1oxYw44FK3sQydrAyc2TF0PSiXau2
IP
0.0.0.0:0
ASN
#0

Requested by
https://howellfloring.com/email_first?authkey=ASJAQ2HYDOWLQTK18HU7&scid=7eb4b0eecd5e4c2fba2cb58772aad6aa

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /customization/account/VlU5ZbVXdqOiM7lqa9pbUAcxbgTVgbsvSwloVs8jxnA/logo_image.png?versionId=Zwn1oxYw44FK3sQydrAyc2TF0PSiXau2 HTTP/1.1
Host: ux-asset-commercial.duosecurity.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://howellfloring.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/favicon.ico

172.67.176.79

200 OK

3.3 kB

URL GET HTTP/3
94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/favicon.ico
IP
172.67.176.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=cswavey@insteel.com
Certificate
IssuerGoogle Trust Services LLC
Subject58598891ef09ac737cee0cf3.workers.dev
FingerprintD0:7E:0D:A9:25:22:78:7A:45:69:2E:89:48:E8:33:A8:4A:15:BD:DF
ValidityFri, 12 Apr 2024 13:36:58 GMT - Thu, 11 Jul 2024 13:36:57 GMT

File type
HTML document, ASCII text, with very long lines (3271), with no line terminators
Size
3.3 kB (3255 bytes)
Hash
47234cb372fd223e370a6bf1c38942d1
06d24783cdd2b5206b9e5ab999519ebdd4abc656
7920553c5a5aa9de58ebe3934c2759bab7c7bc30ba35a6949cc6ed8a8c7158f4

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Office365

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 94e6f5a7.58598891ef09ac737cee0cf3.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=cswavey@insteel.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 13:59:49 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BMcirXFqVUXVIKLicwTR1%2FRUaaMW0B9PrMk0pcK6xyYdAPHDnt0e74UgGDLXvDfKDBukeSlunmJRarz0%2FB7GuvdZOlWa044r59Ubvp64KnShUXsZ0g8Aw3GkBYuoyjER%2BM%2BBxCr16aLrU1yWTcqPLpdVMc8jtaI6fB7SxDkl3fM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875cf018cd9babc8-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

howellfloring.com/?khwxgq2e6=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1jc3dhdmV5JTQwaW5zdGVlbC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9MmVjOTk2MjItNzgyMC05NThhLWY0MGItOTAwMGI5NTQ1ZWM2JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ4OTU5MTkwMzIxNjU1OS5lOTg1ODgyNy1kMzk1LTQzMGYtOTQyNi0zMmQ4NjM2ZDNjZTImc3RhdGU9RGN0QkRzSWdFRUJSMExQb2pwYk9NTk9aaGZFb3BnRlVrZ3FMTmpiZVhoYnY3NzQxeHB5N1UyZDlqNWtaSllpU1R1b1JKaWJTSWF1UUNNd3VvWklMNko5T0E3QkRTTUxJQ1dNRzI5X3IySTVsdktfdFZlcmpYZXAtaTl1eGZQUHZFbnlwMjU3ek9zVDItUU0=

5.230.40.9

302 Found

2.1 kB

URL GET HTTP/1.1
howellfloring.com/?khwxgq2e6=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1jc3dhdmV5JTQwaW5zdGVlbC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9MmVjOTk2MjItNzgyMC05NThhLWY0MGItOTAwMGI5NTQ1ZWM2JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ4OTU5MTkwMzIxNjU1OS5lOTg1ODgyNy1kMzk1LTQzMGYtOTQyNi0zMmQ4NjM2ZDNjZTImc3RhdGU9RGN0QkRzSWdFRUJSMExQb2pwYk9NTk9aaGZFb3BnRlVrZ3FMTmpiZVhoYnY3NzQxeHB5N1UyZDlqNWtaSllpU1R1b1JKaWJTSWF1UUNNd3VvWklMNko5T0E3QkRTTUxJQ1dNRzI5X3IySTVsdktfdFZlcmpYZXAtaTl1eGZQUHZFbnlwMjU3ek9zVDItUU0=
IP
5.230.40.9:443
ASN
#12586 GHOSTnet GmbH

Requested by
https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=cswavey@insteel.com
Certificate
IssuerLet's Encrypt
Subjecthowellfloring.com
FingerprintD5:14:3A:8C:64:FD:4A:56:CB:63:DC:C7:BF:27:C5:3A:3D:45:73:ED
ValidityFri, 12 Apr 2024 13:10:02 GMT - Thu, 11 Jul 2024 13:10:01 GMT

File type

Size
2.1 kB (2149 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /?khwxgq2e6=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1jc3dhdmV5JTQwaW5zdGVlbC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9MmVjOTk2MjItNzgyMC05NThhLWY0MGItOTAwMGI5NTQ1ZWM2JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ4OTU5MTkwMzIxNjU1OS5lOTg1ODgyNy1kMzk1LTQzMGYtOTQyNi0zMmQ4NjM2ZDNjZTImc3RhdGU9RGN0QkRzSWdFRUJSMExQb2pwYk9NTk9aaGZFb3BnRlVrZ3FMTmpiZVhoYnY3NzQxeHB5N1UyZDlqNWtaSllpU1R1b1JKaWJTSWF1UUNNd3VvWklMNko5T0E3QkRTTUxJQ1dNRzI5X3IySTVsdktfdFZlcmpYZXAtaTl1eGZQUHZFbnlwMjU3ek9zVDItUU0= HTTP/1.1
Host: howellfloring.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=2ImopD9L0Lrs; qPdM.sig=Y9CGc8Pz5ErPAbe1bgCpbksU5j8; ClientId=175C886663824B51983275A5B2218A83; OIDC=1; OpenIdConnect.nonce.v3._LRZPf0gcHTM98PDCVbWkpiLBF0lup-z9SADHnriJsI=638489591903216559.e9858827-d395-430f-9426-32d8636d3ce2; X-OWA-RedirectHistory=ArLym14Bx0UvpuZe3Ag
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Location: https://howellfloring.com/?khwxgq2e6=aHR0cHM6Ly9zc28tMjg1Yjc0YmQuc3NvLmR1b3NlY3VyaXR5LmNvbS93cy9zcC9ESVA2UVNRME9JOVJFRkQ4UllWTC9wYXNzaXZlP2xvZ2luX2hpbnQ9Y3N3YXZleSU0MGluc3RlZWwuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTJlYzk5NjIyLTc4MjAtOTU4YS1mNDBiLTkwMDBiOTU0NWVjNiZ1c2VybmFtZT1jc3dhdmV5JTQwaW5zdGVlbC5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpaRTdiOU5RQUlWejQ5UTBMWS1vX0FDUWhSaGFPWTZ2NDFja0pQSUM4bXJTSm0xREVVU0pjNTA0Y1h5ZDJNNnI2ZzRzUkVpQXhNakFFREZBSi1qRVZJbE9sVmhReElBUVE2a1FRb2loSTQxWTJPQWJqczV3ZElaekZnbld6NFl1QmY0QTZhblNBVlZsYVFWTjNWOTBGdVo4MU9OM19vdjktNDktelk5Y2J3cDM5c2JnUXQyMlRTdkVNTml4ZFl5YmZxeXFtb0w4Q200eHVGZG1YZ053QU1BaEFBX2Q1eFdyVi02aXdWWE5zR3lFOUdsbTdCWUZUZ3BLTWktemNvQ0RyTUR6c2hfSkVpOUpVS1Nybk16VFFTNmcwbklRQ2pRSHE1TEFDVlZPUVhEaVBwY05PM1lkVGdWM3RDSDY2ZmFxdU5NcW1kaXlueElQUUV5eEl6RXJVWXZISTZ1QmRBNDN6RW8yczV6ZHJLdHhiTmF1clRWcjdmUnlvNEtLOVVwWEZJTnMzeHlJYTdBcU5fam1adkttbGk4NGVEV3BWZktKc3JNU3pmUWN2SmxJQzBrNUd4WWpzWHdtbllodVpLNUR1ZFNCQ1Y3dnBrcjJPdW8waXNpa05kbnBxN2xjTjI0TVRNaUx3NnhWZ1BSS1prejgxOHc3QkhteVN3c2Itd1NKVFdSbzFRTVAtT1FCUng1M1lQYllBNTdOblB6dzZ0dGxlZTg5bjNyeDliUG5TX0dlYTMtR1FXRlIxQkZqMS1ydE5kUTJVcXdFNFRDMzJqYlZ0SjVmS214RVVwRHQ5NWFFUWpGNFJRcXhJeEtNU0hLWDlNNFNQaGRGUkhQc0lRbC1rT0R1S2RldTkxLW5Ic3lEeWVuZ0hLbm9aYTFsTFN4dVVWcTFaT01tTXFqUUZ0VnZXU1ZGbWJwdVdYZVFSWVZ1VVNmOTFPM3Q3ZTIzWjF6SFp5ZlBQLXdjZlh6eV9jWkxuLXMzMCM=
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 3926ecb1-d3c6-4b35-ace9-e204e4588900
x-ms-ests-server: 2.1.17789.7 - EUS ProdSlices
x-ms-srs: 1.P
Referrer-Policy: strict-origin-when-cross-origin
Set-Cookie: buid=0.AXcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd85u8Rqi445x27F6ZxTU761bpY9YL3WuEa97MV2ljDNOu2qzoPdzc1Xzltdxsvloc3QH30ES_guTskAKIK4jPTw4vi3naoqzg-EI14s1bkS4ggAA; expires=Fri, 17-May-2024 13:59:50 GMT; path=/; secure; HttpOnly; SameSite=None
fpc=AjvrW1ip-_VDr8A9n11V3n2erOTJAQAAANbMsd0OAAAA; expires=Fri, 17-May-2024 13:59:50 GMT; path=/; secure; HttpOnly; SameSite=None
esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8vAYzsBitvLvGbYvIsjtqhpdBJL1iT8t8YESC-xgapTdg9E1cw0hMX2IDmGE9MRUWI_4KPArHdy_2ersmlR7MmOX-ArM-0oWAW-z-yJ1YCNnzKaCtzVcGHrDfJzbLcTTlcESTb3uL37KVaqfXiVP1aXRMb4xF0b2A71ydp3RYktAgAA; domain=howellfloring.com; path=/; secure; HttpOnly; SameSite=None
cltm=CgAQABoAIgQIDBAF; domain=howellfloring.com; path=/; secure; HttpOnly; SameSite=None
x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
stsservicecookie=estsfd; path=/; secure; samesite=none; httponly
Date: Wed, 17 Apr 2024 13:59:50 GMT
Connection: close
content-length: 1689
Content-Security-Policy: default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

ux-asset-commercial.duosecurity.com/customization/account/VlU5ZbVXdqOiM7lqa9pbUAcxbgTVgbsvSwloVs8jxnA/logo_image.png?versionId=Zwn1oxYw44FK3sQydrAyc2TF0PSiXau2

143.204.55.24

403 Forbidden

0 B

URL GET HTTP/2
ux-asset-commercial.duosecurity.com/customization/account/VlU5ZbVXdqOiM7lqa9pbUAcxbgTVgbsvSwloVs8jxnA/logo_image.png?versionId=Zwn1oxYw44FK3sQydrAyc2TF0PSiXau2
IP
143.204.55.24:443
ASN
#16509 AMAZON-02

Requested by
https://howellfloring.com/email_first?authkey=ASJAQ2HYDOWLQTK18HU7&scid=7eb4b0eecd5e4c2fba2cb58772aad6aa
Certificate
IssuerAmazon
Subjectux-asset-commercial.duosecurity.com
FingerprintB2:89:87:F8:7A:C7:75:34:CB:B3:A0:0B:63:75:3B:93:C6:67:0E:39
ValidityFri, 12 Apr 2024 00:00:00 GMT - Sun, 11 May 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /customization/account/VlU5ZbVXdqOiM7lqa9pbUAcxbgTVgbsvSwloVs8jxnA/logo_image.png?versionId=Zwn1oxYw44FK3sQydrAyc2TF0PSiXau2 HTTP/1.1
Host: ux-asset-commercial.duosecurity.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://howellfloring.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
server: CloudFront
date: Wed, 17 Apr 2024 13:59:53 GMT
content-type: text/html
content-length: 919
x-cache: Error from cloudfront
via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: bpScQuReW9npyajZ7evNP1U3GRw5-rT7W62H7dGRW2y7ufx8xYh7_w==
X-Firefox-Spdy: h2

94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=cswavey@insteel.com

172.67.176.79

200 OK

1.2 kB

URL User Request POST HTTP/3
94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=cswavey@insteel.com
IP
172.67.176.79:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subject58598891ef09ac737cee0cf3.workers.dev
FingerprintD0:7E:0D:A9:25:22:78:7A:45:69:2E:89:48:E8:33:A8:4A:15:BD:DF
ValidityFri, 12 Apr 2024 13:36:58 GMT - Thu, 11 Jul 2024 13:36:57 GMT

File type
HTML document, ASCII text, with very long lines (1184), with no line terminators
Size
1.2 kB (1164 bytes)
Hash
e8f496fd21b3995ecd8b241e0aad3182
2c7d66f26a3a3544113d37a0670244038d5859a0
462b262096344dc0a4a4e360d8f8afff51bfbe9648dc1a3eff660e5bb83dc58e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Office365

HTTP Headers

POST /?qrc=cswavey@insteel.com HTTP/1.1
Host: 94e6f5a7.58598891ef09ac737cee0cf3.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 582
Origin: https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev
DNT: 1
Connection: keep-alive
Referer: https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=cswavey@insteel.com
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 13:59:49 GMT
content-type: text/html;
status: 200
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s7gD1gtLxnVs%2BHihk2BZLwfdSMgxUNkQrIQNtKJcyWGOBzlSr5kark3bH1yhpenpggjXtnqWXzhKX8vNlm%2FED7FYyJYupRYN8kKlCRON1gQR%2FGrNjdD0ZqDyS23ZuFA1%2B2siJzZdWNLKCH8uI%2FRMuDl5L7y7Ru6bFbcoGvU7drI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875cf0156ecdabc8-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

howellfloring.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2hvd2VsbGZsb3JpbmcuY29tIiwiZG9tYWluIjoiaG93ZWxsZmxvcmluZy5jb20iLCJrZXkiOiIySW1vcEQ5TDBMcnMiLCJxcmMiOiJjc3dhdmV5QGluc3RlZWwuY29tIiwiaWF0IjoxNzEzMzYyMzg5LCJleHAiOjE3MTMzNjI1MDl9.8I3L23rxPpHfvDDU--QYLzBjrDFHY5VPWIOKXKdI8S0

5.230.40.9

302 Found

2.1 kB

URL GET HTTP/1.1
howellfloring.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2hvd2VsbGZsb3JpbmcuY29tIiwiZG9tYWluIjoiaG93ZWxsZmxvcmluZy5jb20iLCJrZXkiOiIySW1vcEQ5TDBMcnMiLCJxcmMiOiJjc3dhdmV5QGluc3RlZWwuY29tIiwiaWF0IjoxNzEzMzYyMzg5LCJleHAiOjE3MTMzNjI1MDl9.8I3L23rxPpHfvDDU--QYLzBjrDFHY5VPWIOKXKdI8S0
IP
5.230.40.9:443
ASN
#12586 GHOSTnet GmbH

Requested by
https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=cswavey@insteel.com
Certificate
IssuerLet's Encrypt
Subjecthowellfloring.com
FingerprintD5:14:3A:8C:64:FD:4A:56:CB:63:DC:C7:BF:27:C5:3A:3D:45:73:ED
ValidityFri, 12 Apr 2024 13:10:02 GMT - Thu, 11 Jul 2024 13:10:01 GMT

File type

Size
2.1 kB (2149 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2hvd2VsbGZsb3JpbmcuY29tIiwiZG9tYWluIjoiaG93ZWxsZmxvcmluZy5jb20iLCJrZXkiOiIySW1vcEQ5TDBMcnMiLCJxcmMiOiJjc3dhdmV5QGluc3RlZWwuY29tIiwiaWF0IjoxNzEzMzYyMzg5LCJleHAiOjE3MTMzNjI1MDl9.8I3L23rxPpHfvDDU--QYLzBjrDFHY5VPWIOKXKdI8S0 HTTP/1.1
Host: howellfloring.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Set-Cookie: qPdM=2ImopD9L0Lrs; path=/; samesite=none; secure; httponly
qPdM.sig=Y9CGc8Pz5ErPAbe1bgCpbksU5j8; path=/; samesite=none; secure; httponly
location: /?qrc=cswavey%40insteel.com
Date: Wed, 17 Apr 2024 13:59:50 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (16)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (21)

URL

IP

ASN

File type

Size

Hash