Report - griffinindustrial.vozcapixabaes.com.br/aUna/bWdhbXpvbkBncmlmZmluaW5kdXN0cmlhbC5jb20=

Report Overview

Submitted URL
griffinindustrial.vozcapixabaes.com.br/aUna/bWdhbXpvbkBncmlmZmluaW5kdXN0cmlhbC5jb20=
IP
50.116.87.74
ASN
#19871 NETWORK-SOLUTIONS-HOSTING
Submitted
2024-04-16 09:23:42
Access
public
Website Title
26c5b372.798f45bac6b715433ce0d9f9.workers.dev/?qrc=mgamzon@griffinindustrial.com
Final URL
26c5b372.798f45bac6b715433ce0d9f9.workers.dev/?qrc=mgamzon@griffinindustrial.com
Tags
phishing microsoft outlook
urlquery detections
Phishing - Microsoft Outlook

Detections

urlquery
7
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
26c5b372.798f45bac6b715433ce0d9f9.workers.dev	unknown	unknown	No data	No data	1.1 kB	14 kB	104.21.48.165
941uw6nts7z.p1f.site	unknown	unknown	No data	No data	8.9 kB	840 kB	146.70.158.225
griffinindustrial.vozcapixabaes.com.br	unknown	unknown	No data	No data	538 B	252 B	50.116.87.74
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20	2024-04-15	4.1 kB	144 kB	104.17.3.184

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (39)

	URL	Size	First Seen	Last Seen
	941uw6nts7z.p1f.site/?7je2eo4vs=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1tZ2Ftem9uJTQwZ3JpZmZpbmluZHVzdHJpYWwuY29tJmNsaWVudC1yZXF1ZXN0LWlkPWNlNzEwMjdjLTQwYTMtOTNlOS1mZGQ3LTAwYWI1MGNiYTZmMCZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg0ODg1NjIxODY2MTQzNzcuYWJjNmZiMjMtYTgxMC00MDkzLWFkNjgtMjY4MTEzZGJmMmJiJnN0YXRlPURZdkxEc0lnRUFEQmZvdEgydVhoc2g2TW4yS2dCTnlrUUZKclRQejZjcGpKWEVZS0lhYkJaU0JoU0hpMDVJaHVhRFFoYW1lOW4wTmNNVWRqVlNBTnlzRjlWRUpTQmtscm0ySTJNY3J4d3RKX1lYbHV2WEI3dmJrZGoxcENfZmQyZFZCMnpwa2J0X1Q5SER1SGJWNTdQUUU=	23 kB	2024-04-16	2024-04-16
Pretty URL 941uw6nts7z.p1f.site/?7je2eo4vs=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1tZ2Ftem9uJTQwZ3JpZmZpbmluZHVzdHJpYWwuY29tJmNsaWVudC1yZXF1ZXN0LWlkPWNlNzEwMjdjLTQwYTMtOTNlOS1mZGQ3LTAwYWI1MGNiYTZmMCZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg0ODg1NjIxODY2MTQzNzcuYWJjNmZiMjMtYTgxMC00MDkzLWFkNjgtMjY4MTEzZGJmMmJiJnN0YXRlPURZdkxEc0lnRUFEQmZvdEgydVhoc2g2TW4yS2dCTnlrUUZKclRQejZjcGpKWEVZS0lhYkJaU0JoU0hpMDVJaHVhRFFoYW1lOW4wTmNNVWRqVlNBTnlzRjlWRUpTQmtscm0ySTJNY3J4d3RKX1lYbHV2WEI3dmJrZGoxcENfZmQyZFZCMnpwa2J0X1Q5SER1SGJWNTdQUUU= IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-16 11:23:50 Last Seen2024-04-16 11:23:50 Times Seen1 Hash dffa16fa7a7bf0006b5a195152165383 f88655400beb4bf2d24e7bfc7173f0b11149a801 2a1cfbd7d5d2fc5a9bd0f52a8739b6d2858b86878dd05f37d1a3f13d0fcd5abe Loading...

	data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX0pKTtkb2N1bWVudC5kb2N1bWVudEVsZW1lbnQuc3R5bGUuZmlsdGVyPSJodWUtcm90YXRlKDRkZWcpIjtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImciXX0pKTtzZXRUaW1lb3V0KGMsMWUzKX19YygpOwo=	341 B	2023-10-02	2024-04-29
Pretty URL data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX0pKTtkb2N1bWVudC5kb2N1bWVudEVsZW1lbnQuc3R5bGUuZmlsdGVyPSJodWUtcm90YXRlKDRkZWcpIjtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImciXX0pKTtzZXRUaW1lb3V0KGMsMWUzKX19YygpOwo= IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-02 01:17:43 Last Seen2024-04-29 19:49:03 Times Seen32838 Hash d6f18bfe02b31db3664d5d27f03ea142 aae6f850e8ea4ff74dcd6213ad6a4565cbd6802e 90682803943448f3acffc81014c87fdd71f30d8cf97335fcea451fac1e568221 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 4f542a3578dd25e1e7335540b4b9f578	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 11:23:50 Last Seen2024-04-16 11:23:50 Times Seen1 Hash 4f542a3578dd25e1e7335540b4b9f578 ed695b629fc798f8b735893dbd7618b8641c7550 d5e85acfbdd83bf21f3edb70daa67ea3e1988761be2ca4c02433e0e49460ebb9 Loading...

	#2 Eval - fad830e692a623ad396c690c1d38b7ca	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 11:23:50 Last Seen2024-04-16 11:23:50 Times Seen1 Hash fad830e692a623ad396c690c1d38b7ca db3a560d1fbe4bd754dbcf581c02ca17540b17e3 8854e5c392e9f06c95a0307d1cb6f2b7f3cf8e35248f47fa30baa9805d8a79fe Loading...

	#3 Eval - 2d7be56a335d56843be6c65494ba6bbb	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 11:23:50 Last Seen2024-04-16 11:23:50 Times Seen1 Hash 2d7be56a335d56843be6c65494ba6bbb d2109f3f7621f5edc50adeca5cf9194403667e09 84bd407a1881961a54edc50c11dfabd748e55c0c8b19a18836577c02dd5e91b9 Loading...

	#4 Eval - 09098c09111b82c86db7ce3a519c0525	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 11:23:50 Last Seen2024-04-16 11:23:50 Times Seen1 Hash 09098c09111b82c86db7ce3a519c0525 7f6695989b99175afa57411df7972f4dd060b538 dc2eb99f6887a0c9fc0cc4c9f039d6292ec30dd8a8c9a22f6067905382c70e72 Loading...

	#5 Eval - 6f679b47a00903d00a1cb4b48fbc3bcb	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 11:23:50 Last Seen2024-04-16 11:23:50 Times Seen1 Hash 6f679b47a00903d00a1cb4b48fbc3bcb 7ba95d0b1066962b9d3d5752e3e75d6a4a652bbf ec4a55af5449ca172cc711f802b833f83946a67481992d665eae76a4f53109a9 Loading...

	#6 Eval - deaed6bdc8d6878c6813a7c115ac562c	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 11:23:50 Last Seen2024-04-16 11:23:50 Times Seen1 Hash deaed6bdc8d6878c6813a7c115ac562c bbb45ac58162fdc216807014c339e0cd5e82ff94 ce39a43eb9908cd15d2a3eb01108bdc3d0e05270971b30e36c6c1322cd87c425 Loading...

	#7 Eval - 19fcca0d2d84b66bcfb7a7f2279b6d91	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 11:23:50 Last Seen2024-04-16 11:23:50 Times Seen1 Hash 19fcca0d2d84b66bcfb7a7f2279b6d91 6e9a107e056341e2ae0be52501cf25db3990a597 0e8a47b95fc2df948f14ce3bd4d98b9ffcd7f675b36f55821042ff60c13d52c2 Loading...

	#8 Eval - 8bbbdfca125d74a01167478d4e70a0bd	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 11:23:50 Last Seen2024-04-16 11:23:50 Times Seen1 Hash 8bbbdfca125d74a01167478d4e70a0bd 88231ac52070834caa6a2f1b4eb9c79b84ff53a1 2dc7bbcaf6017865422b14eb95f8c9f64967ffa0521b40a3fec7a554fb9ca77f Loading...

	#9 Eval - c46c32310855e0c2b5ac480e0b9a3dd1	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 11:23:50 Last Seen2024-04-16 11:23:50 Times Seen1 Hash c46c32310855e0c2b5ac480e0b9a3dd1 9a796c1fd3c507c2e7e28098342e5db3cee7a382 da020cc858c590e617bef840772fd14c83a401adc1c0a0a93a0096f4a95afb55 Loading...

	#10 Eval - b5b8dedb3bcb243a400f344d7e2188bc	144 B	2024-04-04	2024-04-17
Pretty Observations First Seen2024-04-04 13:15:39 Last Seen2024-04-17 14:03:52 Times Seen765 Hash b5b8dedb3bcb243a400f344d7e2188bc deb6d93bb172dc9fa4a5ac9141b54b7600f5eb1b bd8aa22f6ba3314fb18e581bf8a4cd701096bb8604a9eb5de195869407e4ce43 Loading...

	#11 Eval - 2de08a5a98679f4c7e5c68dce7b4b6ba	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 11:23:50 Last Seen2024-04-16 11:23:50 Times Seen1 Hash 2de08a5a98679f4c7e5c68dce7b4b6ba 01a7ccf2d77bfb8ebec9b327c373ee43cb4fb47f 125826501c94edb031437879a11beb82bf8ea29a436e80a10a44731d303f9059 Loading...

	#12 Eval - 5a86b5a3b7c95e3ae77be2f9e4e5f057	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 11:23:50 Last Seen2024-04-16 11:23:50 Times Seen1 Hash 5a86b5a3b7c95e3ae77be2f9e4e5f057 49f5f107a63dedbd344a25ddcbaad96b79c71846 c2fb60a888c96b3b4a60382051020a68a19c14f6a744060ac9975f7c5dd08931 Loading...

	#13 Eval - 96c20709b6fac8bb6057116bbb631ed7	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 11:23:50 Last Seen2024-04-16 11:23:50 Times Seen1 Hash 96c20709b6fac8bb6057116bbb631ed7 2c4964b10bd5217d6e557c566452c3a02d3235d4 75946a006dd4528e0100f897322bc1d493e4274ac94e9e8ff4e80503abb3d1bc Loading...

	#14 Eval - b6c842426fe506068970199127d2ba18	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 11:23:50 Last Seen2024-04-16 11:23:50 Times Seen1 Hash b6c842426fe506068970199127d2ba18 bcce537d73df88182de333643cf49c1f50694bf6 a6f723b2edae1cccb5fb3400ed51d1e247038126ceda47936acb1abb51a1213d Loading...

	#15 Eval - 14c268e9414080ada5862363e7daf755	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 11:23:50 Last Seen2024-04-16 11:23:50 Times Seen1 Hash 14c268e9414080ada5862363e7daf755 b0f9dfdd25f05efc768251a6ffd80ebb9480d6b8 c23164f006a61c526a2be6980e75eacf7b401d1f69b18c061160942ed7af56f0 Loading...

	#16 Eval - eb804fce4ace147ccb65939ad1da7e1f	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 11:23:50 Last Seen2024-04-16 11:23:50 Times Seen1 Hash eb804fce4ace147ccb65939ad1da7e1f dc8451fadf4e12c0de9fd8a18421cba9a6a19054 eb428e83faaae4b721f8ef4c1f3f345d91aed7860f1eac62b1284a60a3e20f50 Loading...

	#17 Eval - e77381fa509ef3de4e9a6e73013eac31	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 11:23:50 Last Seen2024-04-16 11:23:50 Times Seen1 Hash e77381fa509ef3de4e9a6e73013eac31 8e185bdb4500927a11042091f1e0fa6718de81be 8096739f1c93ecb6236b66aa4cd1f8017c7982916b0c916fbe813da10d30a9ff Loading...

	#18 Eval - 9e925e9341b490bfd3b4c4ca3b0c1ef2	4 B	2023-03-07	2024-04-29
Pretty Observations First Seen2023-03-07 01:03:43 Last Seen2024-04-29 20:04:14 Times Seen350592 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	#19 Eval - ac6d43b49aec2f87daf340337b6a7882	60 B	2024-04-04	2024-04-17
Pretty Observations First Seen2024-04-04 12:28:09 Last Seen2024-04-17 16:04:31 Times Seen3428 Hash ac6d43b49aec2f87daf340337b6a7882 d3874a31a6b7fe11121edc3ed80fdc8b66f6589a 1af55b64e0b39e0f5f760a8050b284a66fe404ddff945697590f8240798311b2 Loading...

	#20 Eval - a1eb7ef99e2deb35c6249d9c45f24b19	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 11:23:50 Last Seen2024-04-16 11:23:50 Times Seen1 Hash a1eb7ef99e2deb35c6249d9c45f24b19 0ce52ed6ed7c5264e106f0d98918911eab3c9548 f66ef6a8ff0e0b3d3ac505afeb95667f3c00d97fa6cee8b7ea6dd00d192b411d Loading...

	#21 Eval - 442fefce56b0e885fe0e938a3e79489a	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 11:23:50 Last Seen2024-04-16 11:23:50 Times Seen1 Hash 442fefce56b0e885fe0e938a3e79489a 713e19990705ce0566a97700a9b0e51a12bae1c1 158f1907d0c75feea3667dd21ad488dfd21a68e94c3c022ad71bc6b7f402b5c5 Loading...

	#22 Eval - bc76cca7e9f19dba0058bcb6011d812d	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 11:23:50 Last Seen2024-04-16 11:23:50 Times Seen1 Hash bc76cca7e9f19dba0058bcb6011d812d 421b37722c57ce21a50a3d81df4f002ba74e401e 730b9d2b1f7fbe5dec0c67b0b0175426737d9b3235f1364f6b6d6a454f274ea6 Loading...

	#23 Eval - 47ccedf47abeac6fde4fe502f91750aa	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 11:23:50 Last Seen2024-04-16 11:23:50 Times Seen1 Hash 47ccedf47abeac6fde4fe502f91750aa 57e516d65968b92779fb5a8925947d616b3620f9 237c92100a5468a78b27b77600ec530a22267256e184a25a5a37a14522e40e09 Loading...

	#24 Eval - 006da4a493a32d05f9e54adae3e5060d	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 11:23:50 Last Seen2024-04-16 11:23:50 Times Seen1 Hash 006da4a493a32d05f9e54adae3e5060d 4f93e30e1150d64ee3922fc6746bdc9161ada4b7 98824099f16a725da5d098b9c769e047b7166e2d580d20ea2dee0d2af81fea7d Loading...

	#25 Eval - 904d62fcb4d2a9016197856fafce8833	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 11:23:50 Last Seen2024-04-16 11:23:50 Times Seen1 Hash 904d62fcb4d2a9016197856fafce8833 a32734a3daf54eb501ad9fad6903f7ad64e0b548 5b11404ded2e8eb8614c4f6e4771668376f14e999c11e41a20f9bc78148435dd Loading...

	#26 Eval - 0545ffffc5b671e0010d7d641f3c3670	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 11:23:50 Last Seen2024-04-16 11:23:50 Times Seen1 Hash 0545ffffc5b671e0010d7d641f3c3670 dd7a4e0666e05fc377d9f4aec47383f2046f23aa bb5cfc1090391f4a800193ed7cb4e1007d608826f052999cf608d2356a296535 Loading...

	#27 Eval - eb81109423170de221263e877452f6cf	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 11:23:50 Last Seen2024-04-16 11:23:50 Times Seen1 Hash eb81109423170de221263e877452f6cf 02e6c939a12af94d1dc93e141de2dd5b25837128 cf25501f5005aaad428bbe43be9db4cec1c8b6d0656e667f826749658954f9f7 Loading...

	#28 Eval - 317ba0e62fef46cfdcf00b88e2d02557	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 11:23:50 Last Seen2024-04-16 11:23:50 Times Seen1 Hash 317ba0e62fef46cfdcf00b88e2d02557 8d2234e657396a3697d70f87f5b0e096b462846e f830af79555580821e8bea1f9364a2b3af3589aae13a0f618582e48e52136f8f Loading...

	#29 Eval - 45ab1e01103d0fe37dc27bcfba46e374	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 11:23:50 Last Seen2024-04-16 11:23:50 Times Seen1 Hash 45ab1e01103d0fe37dc27bcfba46e374 4ab302808c9f9eeba2aa2e16c136c4d08b53b7cc da8f7de9f0d43687ea1120959a200e2a9843e84a3c848948e6902f19cb9c0d64 Loading...

	#30 Eval - 519bca99f6140136977c790f4ca689c6	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 11:23:50 Last Seen2024-04-16 11:23:50 Times Seen1 Hash 519bca99f6140136977c790f4ca689c6 0b6786e3600e29f798dabb9e50195e7bbf0d63f1 e9484cfae635269f37a5937b059e0a8d8858b4f7bdfa196326eaada74cd1d153 Loading...

	#31 Eval - 34cf8f786df109b2690d32aa0f7a2989	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 11:23:50 Last Seen2024-04-16 11:23:50 Times Seen1 Hash 34cf8f786df109b2690d32aa0f7a2989 43292f4c1bd63b883c82aa88f0e5373cb1dbfcae 38d66f2292f04e1614136529bf1f31009d5bf3f6d616a59e7cd34cc65631ea22 Loading...

	#32 Eval - 541411a7d38075427744dcbe7fe6ebe4	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 11:23:50 Last Seen2024-04-16 11:23:50 Times Seen1 Hash 541411a7d38075427744dcbe7fe6ebe4 6c3233687118b5146498766eaf3131ca332d237d cfe84ce239c101ec87e292b27f286782446ac663cb71dde2cf5a6be21996f9d0 Loading...

	#33 Eval - 6d8961aab5f9620345c0823654450341	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 11:23:50 Last Seen2024-04-16 11:23:50 Times Seen1 Hash 6d8961aab5f9620345c0823654450341 3b11fade2a5711975395d17614cb6b84b426bb6e 78fd25828198867d0a3721e1440903fdd8d95cd4b0600c6072cfdc15d8312256 Loading...

	#34 Eval - 6685ce2c4ad57495596921f3ae1b4210	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 11:23:50 Last Seen2024-04-16 11:23:51 Times Seen1 Hash 6685ce2c4ad57495596921f3ae1b4210 741295fcb2a8392ead5e97de3349bf469b5782e4 0deb94412ee4a054d58b72e3cbd6ecb9fc45dc04d4d50b4910219716668dbd23 Loading...

	#35 Eval - 23f171ab3afa06728c1944972de16ebd	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 11:23:51 Last Seen2024-04-16 11:23:51 Times Seen1 Hash 23f171ab3afa06728c1944972de16ebd 40984e5967d192ae8895470ed199302cc1ccc62c 6dbf48e050d114e4a99e4fce39282832979946ae889c4bbdec9afe71ab96bc36 Loading...

	#36 Eval - 12e3d6106997aced7a9517ba9dcb8f31	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 11:23:51 Last Seen2024-04-16 11:23:51 Times Seen1 Hash 12e3d6106997aced7a9517ba9dcb8f31 293f1c10e42601596a6073a3ba7c168e3fe87233 ea3dc165447ba6931ab0a591eb3c2af1e565e9f6eab5e1f14deeae3d30f8e29c Loading...

	#37 Eval - e002d7fb4817c7a20a55a795a0a38b85	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 11:23:51 Last Seen2024-04-16 11:23:51 Times Seen1 Hash e002d7fb4817c7a20a55a795a0a38b85 8d396e821ff03a0da7ac8e760e7b44ea765de73c 184f4c3260391137883c6bcf88f4884a233c2d4d53377dffa9f24403190dfb66 Loading...

HTTP Transactions (15)

URL IP Response Size

griffinindustrial.vozcapixabaes.com.br/aUna/bWdhbXpvbkBncmlmZmluaW5kdXN0cmlhbC5jb20=

50.116.87.74

0 B

URL
griffinindustrial.vozcapixabaes.com.br/aUna/bWdhbXpvbkBncmlmZmluaW5kdXN0cmlhbC5jb20=
IP
50.116.87.74:0
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /aUna/bWdhbXpvbkBncmlmZmluaW5kdXN0cmlhbC5jb20= HTTP/1.1
Host: griffinindustrial.vozcapixabaes.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
refresh: 0;url=https://26c5b372.798f45bac6b715433ce0d9f9.workers.dev/?qrc=mgamzon@griffinindustrial.com
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 16 Apr 2024 09:23:17 GMT
server: Apache
X-Firefox-Spdy: h2

challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback

104.17.3.184

0 B

URL
challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://26c5b372.798f45bac6b715433ce0d9f9.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Tue, 16 Apr 2024 09:23:17 GMT
content-length: 0
location: /turnstile/v0/b/bcc5fb0a8815/api.js?onload=onloadTurnstileCallback
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: max-age=300, public
vary: Accept-Encoding
server: cloudflare
cf-ray: 87531da27c3c56b9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D

104.17.3.184

6.5 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Size
6.5 kB (6516 bytes)
Hash
955a6cdf64f046a057aa08257e679886
9c125eec0b51e6ecc796e53856698c87a97c87ed
99961213415952381c2bbec9b468f888104cdad6d7dd73c59fca391028f0da17

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/gzd2u/0x4AAAAAAAXOPPw7CyGRcFp-/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 09:23:17 GMT
content-type: image/png
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 87531da3bb4e5699-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/gzd2u/0x4AAAAAAAXOPPw7CyGRcFp-/auto/normal

104.17.3.184

27 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/gzd2u/0x4AAAAAAAXOPPw7CyGRcFp-/auto/normal
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (41919)
Size
27 kB (27281 bytes)
Hash
3cd8044bfef869e118afeea421e912e4
8be9054929bc53fb3acfe1ad2e32ef33665a0ec2
c840c7122a762eb72558bf747468bce28d7c0a9960d8b9239d0e0dadc79ac359

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/gzd2u/0x4AAAAAAAXOPPw7CyGRcFp-/auto/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://26c5b372.798f45bac6b715433ce0d9f9.workers.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 09:23:17 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
document-policy: js-profiling
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare
cf-ray: 87531da31a925699-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

26c5b372.798f45bac6b715433ce0d9f9.workers.dev/?qrc=mgamzon@griffinindustrial.com

104.21.48.165

200 OK

9.4 kB

URL User Request POST HTTP/3
26c5b372.798f45bac6b715433ce0d9f9.workers.dev/?qrc=mgamzon@griffinindustrial.com
IP
104.21.48.165:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subject798f45bac6b715433ce0d9f9.workers.dev
Fingerprint2E:0B:A8:65:8E:3B:67:BE:CA:0F:E4:04:4E:83:67:4A:FC:57:C5:73
ValidityMon, 15 Apr 2024 20:33:08 GMT - Sun, 14 Jul 2024 20:33:07 GMT

File type
HTML document, ASCII text, with very long lines (3255), with no line terminators
Size
9.4 kB (9361 bytes)
Hash
ddbc1ab54e90c6362e56ee7b24248d47
ad316a027676b22f46d051a6ad2ff11efb8d0ce9
bb4ed787ed7f76c5a82df2df5b520e2dc038d320fa2d56ba9a6d2440ce5191eb

HTTP Headers

GET /?qrc=mgamzon@griffinindustrial.com HTTP/1.1
Host: 26c5b372.798f45bac6b715433ce0d9f9.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 16 Apr 2024 09:23:17 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3kZS8BCgae%2BFk%2FdrXt0TuziWQYmdzJUk3Tw2HeMbujWA9f%2BFChixp9SyoCUdo7oOEU5J%2BjERcF2gB6Qy%2F3j%2B52LaNp1QPo9oD2%2FGWp44ISm898A0WT0stThOmL8igSDxGYix7dc%2BC%2BsOHVcDpkdxIyyjBwQ7jxyI8ISQwTATvdo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87531da189d41c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/87531da31a925699/1713259397974/6a2f1e04e8de98a89d04f3b1858d3ccc16fe0e026398f83569add0c9511da228/by9BBVLSxMiii3C

104.17.3.184

3.6 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/87531da31a925699/1713259397974/6a2f1e04e8de98a89d04f3b1858d3ccc16fe0e026398f83569add0c9511da228/by9BBVLSxMiii3C
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
3.6 kB (3573 bytes)
Hash
64f777d6685b4eda3c9dad3aa1352357
a5db1b96beca8a30fdbb2269db116f43c2a2320d
b39b7f2d6b34ee274e6eebfc6dced2947ad7f12b1068495ce0d79260d469c046

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/pat/87531da31a925699/1713259397974/6a2f1e04e8de98a89d04f3b1858d3ccc16fe0e026398f83569add0c9511da228/by9BBVLSxMiii3C HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/gzd2u/0x4AAAAAAAXOPPw7CyGRcFp-/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 401 Unauthorized
date: Tue, 16 Apr 2024 09:23:18 GMT
content-type: text/plain; charset=UTF-8
www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gai8eBOjemKidBPOxhY08zBb-DgJjmPg1aa3QyVEdoigAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEA1QvuFhVj8-HIEpd2829MedEvnrcAHahftJq4lCTdordKDtEpBDr1tC6_z1kq102Fe8SVbT4nRFRPCH_vL6Pwcc16C8jLMMvXraoC-BiyzAX3Yyr6lZj9UCQ7aK3JEr-tlD2wmLRtqyXfZQu9FdZsCMm0LU5LDAKE1uUBeAV-vLkP_1imLjHgbFE2lJH52yahbxiIjoqT_3PjB45ow3W9ciKiR89cUoS7X-sc6I2Lo7P_Y_FH4aGxC4fBDbjKZDO7UYOs3i1xJCHhgRA2dPWk0tZTjV7-jJE-oyRiReJNq7shr4jYws0e9BzlY1UCMa-U_JWdRb9So4JnoGPmfvSU_QIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tIGovHgTo3pionQTzsYWNPMwW_g4CY5j4NWmt0MlRHaIoABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEA1FEYykHcK8H9rb_u0aFz3CmWgYloQw4YhedoEOAjJ0vy2Axa4f9UG9Dzs4uXS34_h8l6MDo2nRCvLI9lvebilMnTjCn-6D77bewqYxJKUFZW1z2jBIdu03TrETczfEg7kxgKtJE9NXGDjYJcF_iMgzgNA0PEAVM89tUYXXlFy4cUAGlqU2mPpIEOxm5ARsXC-zlLK60fkJ4cOsZRkZa6EExdhmgdwQ0fEJuSOHrBO_-zJn4hUP8q9g4yqkxW2UrfJgD07F4HaHGBEiei06sGDvH2NEPvswEl5dTGxutNrxlU7W24iYhNa2nhjlc53nNb0mKtszv-czVE9UhXyJ7-RQIDAQAB", max-age=20
server: cloudflare
cf-ray: 87531dab7d715699-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/811072579:1713256447:qhpAIQTBVxndZGvtPLpIBkDdWmdMU2MVRaU14t3oI68/87531da31a925699/cd75b98b225332a

104.17.3.184

17 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/811072579:1713256447:qhpAIQTBVxndZGvtPLpIBkDdWmdMU2MVRaU14t3oI68/87531da31a925699/cd75b98b225332a
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (22556), with no line terminators
Size
17 kB (17036 bytes)
Hash
c02ec325b2679c20f44ccc1a11814fb4
187bac24708bed00913766cef92ab2c21babb684
5e08bdf5ed2c654e15291d857cf37db6489d188b1a0a60a10c2739c5f89034fa

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/811072579:1713256447:qhpAIQTBVxndZGvtPLpIBkDdWmdMU2MVRaU14t3oI68/87531da31a925699/cd75b98b225332a HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/gzd2u/0x4AAAAAAAXOPPw7CyGRcFp-/auto/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: cd75b98b225332a
Content-Length: 25359
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 09:23:19 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: 0OBKhmlyy1TdSILTid7ninOR+rnDnOsulZ7he4OCQLLL5KJWpToIEIG9OOJk+vn8$KsiQlamwyzim/rjp6qc+vA==
server: cloudflare
cf-ray: 87531dad78235699-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/584794762:1713256196:lJdCduDJMhZJQvNJaCpvPu6qAFntibGUErmmu17vdXE/87531e05aaab5699/1ffa8688cf5104d

104.17.3.184

86 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/584794762:1713256196:lJdCduDJMhZJQvNJaCpvPu6qAFntibGUErmmu17vdXE/87531e05aaab5699/1ffa8688cf5104d
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
86 kB (85591 bytes)
Hash
17da0ed6faf2f3bd30c4cf4c059145b0
ac31e4c631897542060cd0b7c0dca9d623d4f764
6c1992a55c8d55ae1b3b7da23587798e238f7e8614d02982fa4960f25e5ecd9f

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/584794762:1713256196:lJdCduDJMhZJQvNJaCpvPu6qAFntibGUErmmu17vdXE/87531e05aaab5699/1ffa8688cf5104d HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv1/toL804vmeDYrjlL/gzd2u/0x4AAAAAAAXOPPw7CyGRcFp-/auto/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 1ffa8688cf5104d
Content-Length: 2653
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 09:23:33 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: Ni8XCowltjjtvRXaNNQR7N5ycw13G39z1+LM8S48vq071mzgyWTPaNG27C/vtvymJ7mPNr73DeZ3G1uMUxuJHIhGuxa3yHMBvmyUqDgR6rmLKYieSPTAOFTCnxFzENHtgy4O2ma+YaxHW1fZaDc3eQNovqk6E8OhOYcSqPRF+LTkN8N422zp9QdrhUjKnvX+FTRCA7wcM6C1G7+Fq0d+vHt7yY5XvIzDhtrpMDBHR+DlO8ZE2x30mptwP+3BWFAbsCMTkGMEKhH240vLdKDJUIE8wU/A9QEKSgrfO3fHwo2Wy6AHUoYl3Jzd9G33jfTiQrIyCiJpJyj11BUlo88MghIDi/oouMk5TvQ8W35x5JJp17bn1548LqEdUvcqF2awgQRysJcFhI9T/6eXcjQ/NvVNjD/D6KC0gpDA+PqBCqmDfDUQNyG7py5bB1k4qqiUazQE6uhPibeDpbrTva7E2A==$Boaz4pvWVx9DLNDhubbxZw==
server: cloudflare
cf-ray: 87531e076d1f5699-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

941uw6nts7z.p1f.site/owa/?login_hint=mgamzon%40griffinindustrial.com

146.70.158.225

1.4 kB

URL GET
941uw6nts7z.p1f.site/owa/?login_hint=mgamzon%40griffinindustrial.com
IP
146.70.158.225:0
ASN
#9009 M247 Europe SRL

Requested by
https://26c5b372.798f45bac6b715433ce0d9f9.workers.dev/?qrc=mgamzon@griffinindustrial.com
Certificate
IssuerLet's Encrypt
Subjectp1f.site
FingerprintC4:9D:8C:D5:7F:3D:74:C9:33:27:69:51:54:54:99:31:DC:D8:26:2E
ValidityTue, 09 Apr 2024 16:56:29 GMT - Mon, 08 Jul 2024 16:56:28 GMT

File type
HTML document, ASCII text, with very long lines (812), with CRLF, LF line terminators
Size
1.4 kB (1392 bytes)
Hash
b2a3439d359df20d29c00e27e79939e6
fdb700562092124f4d1419ec8645a795c1320a80
1dc32ed7ed66f4e71e799e71b06c7fefd06156bc931280142eb5e4d81d5bbe7c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /owa/?login_hint=mgamzon%40griffinindustrial.com HTTP/1.1
Host: 941uw6nts7z.p1f.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://26c5b372.798f45bac6b715433ce0d9f9.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=RoQ9L32HLNkV; qPdM.sig=WAyEeQfCRR1hryUrP34c1nGuvBM
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
content-length: 1392
Content-Type: text/html; charset=utf-8
Location: https://941uw6nts7z.p1f.site/?7je2eo4vs=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1tZ2Ftem9uJTQwZ3JpZmZpbmluZHVzdHJpYWwuY29tJmNsaWVudC1yZXF1ZXN0LWlkPWNlNzEwMjdjLTQwYTMtOTNlOS1mZGQ3LTAwYWI1MGNiYTZmMCZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg0ODg1NjIxODY2MTQzNzcuYWJjNmZiMjMtYTgxMC00MDkzLWFkNjgtMjY4MTEzZGJmMmJiJnN0YXRlPURZdkxEc0lnRUFEQmZvdEgydVhoc2g2TW4yS2dCTnlrUUZKclRQejZjcGpKWEVZS0lhYkJaU0JoU0hpMDVJaHVhRFFoYW1lOW4wTmNNVWRqVlNBTnlzRjlWRUpTQmtscm0ySTJNY3J4d3RKX1lYbHV2WEI3dmJrZGoxcENfZmQyZFZCMnpwa2J0X1Q5SER1SGJWNTdQUUU=
Server: Microsoft-IIS/10.0
request-id: ce71027c-40a3-93e9-fdd7-00ab50cba6f0
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Alt-Svc: h3=":443";ma=2592000,h3-29=":443";ma=2592000
X-CalculatedFETarget: MR1P264CU009.internal.outlook.com
X-BackEndHttpStatus: 302, 302
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: ClientId=75772B9E86354FC9B752865AF8942C20; expires=Wed, 16-Apr-2025 09:23:38 GMT; path=/;SameSite=None; secure
ClientId=75772B9E86354FC9B752865AF8942C20; expires=Wed, 16-Apr-2025 09:23:38 GMT; path=/;SameSite=None; secure
OIDC=1; expires=Wed, 16-Oct-2024 09:23:38 GMT; path=/;SameSite=None; secure; HttpOnly
RoutingKeyCookie=; expires=Sat, 16-Apr-1994 09:23:38 GMT; path=/; secure
OpenIdConnect.token.v1=; expires=Sat, 16-Apr-1994 09:23:38 GMT; path=/; secure
OpenIdConnect.token.v1=; domain=941uw6nts7z.p1f.site; expires=Sat, 16-Apr-1994 09:23:38 GMT; path=/; secure
OpenIdConnect.id_token.v1=; expires=Sat, 16-Apr-1994 09:23:38 GMT; path=/; secure
OpenIdConnect.code.v1=; expires=Sat, 16-Apr-1994 09:23:38 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; expires=Sat, 16-Apr-1994 09:23:38 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; expires=Sat, 16-Apr-1994 09:23:38 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; expires=Sat, 16-Apr-1994 09:23:38 GMT; path=/; secure
OpenIdConnect.id_token.v1=; domain=941uw6nts7z.p1f.site; expires=Sat, 16-Apr-1994 09:23:38 GMT; path=/; secure
OpenIdConnect.code.v1=; domain=941uw6nts7z.p1f.site; expires=Sat, 16-Apr-1994 09:23:38 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; domain=941uw6nts7z.p1f.site; expires=Sat, 16-Apr-1994 09:23:38 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; domain=941uw6nts7z.p1f.site; expires=Sat, 16-Apr-1994 09:23:38 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; domain=941uw6nts7z.p1f.site; expires=Sat, 16-Apr-1994 09:23:38 GMT; path=/; secure
OpenIdConnect.nonce.v3.Vd0sbblVsOaWKFdT1e5OlPcsjcBeYeVAlfwhHb5b4xU=638488562186614377.abc6fb23-a810-4093-ad68-268113dbf2bb; expires=Tue, 16-Apr-2024 10:23:38 GMT; path=/;SameSite=None; secure; HttpOnly
HostSwitchPrg=; expires=Sat, 16-Apr-1994 09:23:38 GMT; path=/; secure
OptInPrg=; expires=Sat, 16-Apr-1994 09:23:38 GMT; path=/; secure
SuiteServiceProxyKey=; expires=Sat, 16-Apr-1994 09:23:38 GMT; path=/; secure
ClientId=75772B9E86354FC9B752865AF8942C20; expires=Wed, 16-Apr-2025 09:23:38 GMT; path=/;SameSite=None; secure
OIDC=1; expires=Wed, 16-Oct-2024 09:23:38 GMT; path=/;SameSite=None; secure; HttpOnly
RoutingKeyCookie=; expires=Sat, 16-Apr-1994 09:23:38 GMT; path=/; secure
OpenIdConnect.token.v1=; expires=Sat, 16-Apr-1994 09:23:38 GMT; path=/; secure
OpenIdConnect.token.v1=; domain=941uw6nts7z.p1f.site; expires=Sat, 16-Apr-1994 09:23:38 GMT; path=/; secure
OpenIdConnect.id_token.v1=; expires=Sat, 16-Apr-1994 09:23:38 GMT; path=/; secure
OpenIdConnect.code.v1=; expires=Sat, 16-Apr-1994 09:23:38 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; expires=Sat, 16-Apr-1994 09:23:38 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; expires=Sat, 16-Apr-1994 09:23:38 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; expires=Sat, 16-Apr-1994 09:23:38 GMT; path=/; secure
OpenIdConnect.id_token.v1=; domain=941uw6nts7z.p1f.site; expires=Sat, 16-Apr-1994 09:23:38 GMT; path=/; secure
OpenIdConnect.code.v1=; domain=941uw6nts7z.p1f.site; expires=Sat, 16-Apr-1994 09:23:38 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; domain=941uw6nts7z.p1f.site; expires=Sat, 16-Apr-1994 09:23:38 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; domain=941uw6nts7z.p1f.site; expires=Sat, 16-Apr-1994 09:23:38 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; domain=941uw6nts7z.p1f.site; expires=Sat, 16-Apr-1994 09:23:38 GMT; path=/; secure
OpenIdConnect.nonce.v3.Vd0sbblVsOaWKFdT1e5OlPcsjcBeYeVAlfwhHb5b4xU=638488562186614377.abc6fb23-a810-4093-ad68-268113dbf2bb; expires=Tue, 16-Apr-2024 10:23:38 GMT; path=/;SameSite=None; secure; HttpOnly
HostSwitchPrg=; expires=Sat, 16-Apr-1994 09:23:38 GMT; path=/; secure
OptInPrg=; expires=Sat, 16-Apr-1994 09:23:38 GMT; path=/; secure
SuiteServiceProxyKey=; expires=Sat, 16-Apr-1994 09:23:38 GMT; path=/; secure
X-OWA-RedirectHistory=ArLym14BaXZI5vZd3Ag; expires=Tue, 16-Apr-2024 15:25:38 GMT; path=/;SameSite=None; secure; HttpOnly
X-CalculatedBETarget: MR2P264MB0483.FRAP264.PROD.OUTLOOK.COM
X-RUM-Validated: 1
X-RUM-NotUpdateQueriedPath: 1
X-RUM-NotUpdateQueriedDbCopy: 1
X-BeSku: WCS5
X-OWA-DiagnosticsInfo: 2;0;0
X-IIDs: 0
X-BackEnd-Begin: 2024-04-16T09:23:38.645
X-BackEnd-End: 2024-04-16T09:23:38.661
X-DiagInfo: MR2P264MB0483
X-BEServer: MR2P264MB0483
X-UA-Compatible: IE=EmulateIE7
X-Proxy-RoutingCorrectness: 1
X-Proxy-BackendServerStatus: 302
X-FEProxyInfo: PA7P264CA0383.FRAP264.PROD.OUTLOOK.COM
X-FEEFZInfo: CDG
X-FEServer: MR1P264CA0177, PA7P264CA0383
NEL: {"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
X-FirstHopCafeEFZ: CDG
Date: Tue, 16 Apr 2024 09:23:38 GMT
Connection: close
Content-Security-Policy: default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

941uw6nts7z.p1f.site/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css

146.70.158.225

20 kB

URL
941uw6nts7z.p1f.site/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css
IP
146.70.158.225:0
ASN
#9009 M247 Europe SRL

Certificate
IssuerLet's Encrypt
Subjectp1f.site
FingerprintC4:9D:8C:D5:7F:3D:74:C9:33:27:69:51:54:54:99:31:DC:D8:26:2E
ValidityTue, 09 Apr 2024 16:56:29 GMT - Mon, 08 Jul 2024 16:56:28 GMT

File type
ASCII text, with very long lines (61177)
Size
20 kB (20314 bytes)
Hash
d62b4edeb512b07abef4688e27ecdde3
981a7825da5e29938ab6fe0cbfe2db622f7b8333
4b01a0a34ce8ed4bc8a8713be0442d49da6a756236b7b4424622ca3dee820f41

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css HTTP/1.1
Host: 941uw6nts7z.p1f.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://941uw6nts7z.p1f.site/?7je2eo4vs=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1tZ2Ftem9uJTQwZ3JpZmZpbmluZHVzdHJpYWwuY29tJmNsaWVudC1yZXF1ZXN0LWlkPWNlNzEwMjdjLTQwYTMtOTNlOS1mZGQ3LTAwYWI1MGNiYTZmMCZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg0ODg1NjIxODY2MTQzNzcuYWJjNmZiMjMtYTgxMC00MDkzLWFkNjgtMjY4MTEzZGJmMmJiJnN0YXRlPURZdkxEc0lnRUFEQmZvdEgydVhoc2g2TW4yS2dCTnlrUUZKclRQejZjcGpKWEVZS0lhYkJaU0JoU0hpMDVJaHVhRFFoYW1lOW4wTmNNVWRqVlNBTnlzRjlWRUpTQmtscm0ySTJNY3J4d3RKX1lYbHV2WEI3dmJrZGoxcENfZmQyZFZCMnpwa2J0X1Q5SER1SGJWNTdQUUU=
DNT: 1
Connection: keep-alive
Cookie: qPdM=RoQ9L32HLNkV; qPdM.sig=WAyEeQfCRR1hryUrP34c1nGuvBM; ClientId=75772B9E86354FC9B752865AF8942C20; OIDC=1; OpenIdConnect.nonce.v3.Vd0sbblVsOaWKFdT1e5OlPcsjcBeYeVAlfwhHb5b4xU=638488562186614377.abc6fb23-a810-4093-ad68-268113dbf2bb; X-OWA-RedirectHistory=ArLym14BaXZI5vZd3Ag; buid=0.ARIAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8bTWdgEiqTrdb_aDfg71xBPr9nmL4t2Xivscik6fSmRmgOoDhgsaZwbVPL1gvoGEY3GrCrBU0xAB15Dk1g9_otcsqrBmWOvwbis2F5ARyGKsgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8WEWtQIezTuuyVHay3XokNwxNrHHWmAUGv6QApj_Im_VTT8D2MNuElXieCwiK_MKXw60RVquBGXBRfdSSh8HRhz5Z35T4JKzvGg9DdSdnKwWbnvd7GpOD_OiyDFJKNnGaKRP3vAkzZCcc9v5vdC4NbD8Td63VgjBTp_j8GxagS3wgAA; esctx-R2TKr8DZSs=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8TqobameXFHPIbprIJKLrKDGxEWIjGxxRRrTOJb2EODmULsA4r-PVkmUliaUu7t7Br2j3E8qjxXZC-TC-EKjxdpGBRgBWKE4pAFfyhsVGMWh9MFLPGPrWlgq-9tOfun9MKfGkrOWF3eAm-VnZsu5xjiAA; fpc=Alm6WS4cRI5MgUGG5bpbGg-erOTJAQAAAJo6sN0OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Encoding: gzip
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Age: 1925409
Cache-Control: public, max-age=31536000
Content-MD5: kqhA3D0Xczna4D/t8ioitQ==
Content-Type: text/css
Date: Tue, 16 Apr 2024 09:23:39 GMT
Etag: 0x8DC070858CA028D
Last-Modified: Wed, 27 Dec 2023 18:19:21 GMT
Server: ECAcc (paa/6F4D)
Vary: Accept-Encoding
X-Cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 1e5369c2-201e-00a5-355c-7e1b4a000000
x-ms-version: 2009-09-19
Content-Length: 20314
Connection: close

941uw6nts7z.p1f.site/aadcdn.msftauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_xtPRDEy3EhlAdpju-Ah7qw2.js

146.70.158.225

689 kB

URL
941uw6nts7z.p1f.site/aadcdn.msftauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_xtPRDEy3EhlAdpju-Ah7qw2.js
IP
146.70.158.225:0
ASN
#9009 M247 Europe SRL

Certificate
IssuerLet's Encrypt
Subjectp1f.site
FingerprintC4:9D:8C:D5:7F:3D:74:C9:33:27:69:51:54:54:99:31:DC:D8:26:2E
ValidityTue, 09 Apr 2024 16:56:29 GMT - Mon, 08 Jul 2024 16:56:28 GMT

File type
JavaScript source, ASCII text
Size
689 kB (689017 bytes)
Hash
3e89ae909c6a8d8c56396830471f3373
2632f95a5be7e4c589402bf76e800a8151cd036b
6665ca6a09f770c6679556eb86cf4234c8bdb0271049620e03199b34b4a16099

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /aadcdn.msftauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_xtPRDEy3EhlAdpju-Ah7qw2.js HTTP/1.1
Host: 941uw6nts7z.p1f.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://941uw6nts7z.p1f.site/?7je2eo4vs=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1tZ2Ftem9uJTQwZ3JpZmZpbmluZHVzdHJpYWwuY29tJmNsaWVudC1yZXF1ZXN0LWlkPWNlNzEwMjdjLTQwYTMtOTNlOS1mZGQ3LTAwYWI1MGNiYTZmMCZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg0ODg1NjIxODY2MTQzNzcuYWJjNmZiMjMtYTgxMC00MDkzLWFkNjgtMjY4MTEzZGJmMmJiJnN0YXRlPURZdkxEc0lnRUFEQmZvdEgydVhoc2g2TW4yS2dCTnlrUUZKclRQejZjcGpKWEVZS0lhYkJaU0JoU0hpMDVJaHVhRFFoYW1lOW4wTmNNVWRqVlNBTnlzRjlWRUpTQmtscm0ySTJNY3J4d3RKX1lYbHV2WEI3dmJrZGoxcENfZmQyZFZCMnpwa2J0X1Q5SER1SGJWNTdQUUU=
DNT: 1
Connection: keep-alive
Cookie: qPdM=RoQ9L32HLNkV; qPdM.sig=WAyEeQfCRR1hryUrP34c1nGuvBM; ClientId=75772B9E86354FC9B752865AF8942C20; OIDC=1; OpenIdConnect.nonce.v3.Vd0sbblVsOaWKFdT1e5OlPcsjcBeYeVAlfwhHb5b4xU=638488562186614377.abc6fb23-a810-4093-ad68-268113dbf2bb; X-OWA-RedirectHistory=ArLym14BaXZI5vZd3Ag; buid=0.ARIAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8bTWdgEiqTrdb_aDfg71xBPr9nmL4t2Xivscik6fSmRmgOoDhgsaZwbVPL1gvoGEY3GrCrBU0xAB15Dk1g9_otcsqrBmWOvwbis2F5ARyGKsgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8WEWtQIezTuuyVHay3XokNwxNrHHWmAUGv6QApj_Im_VTT8D2MNuElXieCwiK_MKXw60RVquBGXBRfdSSh8HRhz5Z35T4JKzvGg9DdSdnKwWbnvd7GpOD_OiyDFJKNnGaKRP3vAkzZCcc9v5vdC4NbD8Td63VgjBTp_j8GxagS3wgAA; esctx-R2TKr8DZSs=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8TqobameXFHPIbprIJKLrKDGxEWIjGxxRRrTOJb2EODmULsA4r-PVkmUliaUu7t7Br2j3E8qjxXZC-TC-EKjxdpGBRgBWKE4pAFfyhsVGMWh9MFLPGPrWlgq-9tOfun9MKfGkrOWF3eAm-VnZsu5xjiAA; fpc=Alm6WS4cRI5MgUGG5bpbGg-erOTJAQAAAJo6sN0OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 689017
Content-Type: application/x-javascript
Date: Tue, 16 Apr 2024 09:23:39 GMT
Connection: keep-alive
Keep-Alive: timeout=5

26c5b372.798f45bac6b715433ce0d9f9.workers.dev/favicon.ico

104.21.48.165

200 OK

3.3 kB

URL GET HTTP/3
26c5b372.798f45bac6b715433ce0d9f9.workers.dev/favicon.ico
IP
104.21.48.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://26c5b372.798f45bac6b715433ce0d9f9.workers.dev/?qrc=mgamzon@griffinindustrial.com
Certificate
IssuerGoogle Trust Services LLC
Subject798f45bac6b715433ce0d9f9.workers.dev
Fingerprint2E:0B:A8:65:8E:3B:67:BE:CA:0F:E4:04:4E:83:67:4A:FC:57:C5:73
ValidityMon, 15 Apr 2024 20:33:08 GMT - Sun, 14 Jul 2024 20:33:07 GMT

File type
HTML document, ASCII text, with very long lines (3271), with no line terminators
Size
3.3 kB (3255 bytes)
Hash
ed297b73ea659b42693e63a580364646
b732cbd7fd6e6ed7bc0c0d2a9b238df61cb56d56
06d7307f3efa9223804d34ea282dc44238055b3877032fb8ee95bd819e300ed8

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 26c5b372.798f45bac6b715433ce0d9f9.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://26c5b372.798f45bac6b715433ce0d9f9.workers.dev/?qrc=mgamzon@griffinindustrial.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 09:23:38 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2LQBy8YMzRwP8CTPWGpXo9ychKuO%2BPrjOGAf0cCg44v8vCL073jmjr51kuBAChf4E8M%2Fc9lNKyWf4yNhWk2TG8CNesYgRcUXG9b71N0ulDAgMUbXOZLHyQ3QEY2QN6Wj4VHAFPkG38n9IQQuRFewFLAx%2Bi1lW0KoFtbVbT1X9rk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87531e231d6956cb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

941uw6nts7z.p1f.site/?7je2eo4vs=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1tZ2Ftem9uJTQwZ3JpZmZpbmluZHVzdHJpYWwuY29tJmNsaWVudC1yZXF1ZXN0LWlkPWNlNzEwMjdjLTQwYTMtOTNlOS1mZGQ3LTAwYWI1MGNiYTZmMCZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg0ODg1NjIxODY2MTQzNzcuYWJjNmZiMjMtYTgxMC00MDkzLWFkNjgtMjY4MTEzZGJmMmJiJnN0YXRlPURZdkxEc0lnRUFEQmZvdEgydVhoc2g2TW4yS2dCTnlrUUZKclRQejZjcGpKWEVZS0lhYkJaU0JoU0hpMDVJaHVhRFFoYW1lOW4wTmNNVWRqVlNBTnlzRjlWRUpTQmtscm0ySTJNY3J4d3RKX1lYbHV2WEI3dmJrZGoxcENfZmQyZFZCMnpwa2J0X1Q5SER1SGJWNTdQUUU=

0.0.0.0

39 kB

URL GET
941uw6nts7z.p1f.site/?7je2eo4vs=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1tZ2Ftem9uJTQwZ3JpZmZpbmluZHVzdHJpYWwuY29tJmNsaWVudC1yZXF1ZXN0LWlkPWNlNzEwMjdjLTQwYTMtOTNlOS1mZGQ3LTAwYWI1MGNiYTZmMCZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg0ODg1NjIxODY2MTQzNzcuYWJjNmZiMjMtYTgxMC00MDkzLWFkNjgtMjY4MTEzZGJmMmJiJnN0YXRlPURZdkxEc0lnRUFEQmZvdEgydVhoc2g2TW4yS2dCTnlrUUZKclRQejZjcGpKWEVZS0lhYkJaU0JoU0hpMDVJaHVhRFFoYW1lOW4wTmNNVWRqVlNBTnlzRjlWRUpTQmtscm0ySTJNY3J4d3RKX1lYbHV2WEI3dmJrZGoxcENfZmQyZFZCMnpwa2J0X1Q5SER1SGJWNTdQUUU=
IP
0.0.0.0:0
ASN
#0

Requested by
https://26c5b372.798f45bac6b715433ce0d9f9.workers.dev/?qrc=mgamzon@griffinindustrial.com
Certificate
IssuerLet's Encrypt
Subjectp1f.site
FingerprintC4:9D:8C:D5:7F:3D:74:C9:33:27:69:51:54:54:99:31:DC:D8:26:2E
ValidityTue, 09 Apr 2024 16:56:29 GMT - Mon, 08 Jul 2024 16:56:28 GMT

File type

Size
39 kB (39028 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /?7je2eo4vs=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1tZ2Ftem9uJTQwZ3JpZmZpbmluZHVzdHJpYWwuY29tJmNsaWVudC1yZXF1ZXN0LWlkPWNlNzEwMjdjLTQwYTMtOTNlOS1mZGQ3LTAwYWI1MGNiYTZmMCZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg0ODg1NjIxODY2MTQzNzcuYWJjNmZiMjMtYTgxMC00MDkzLWFkNjgtMjY4MTEzZGJmMmJiJnN0YXRlPURZdkxEc0lnRUFEQmZvdEgydVhoc2g2TW4yS2dCTnlrUUZKclRQejZjcGpKWEVZS0lhYkJaU0JoU0hpMDVJaHVhRFFoYW1lOW4wTmNNVWRqVlNBTnlzRjlWRUpTQmtscm0ySTJNY3J4d3RKX1lYbHV2WEI3dmJrZGoxcENfZmQyZFZCMnpwa2J0X1Q5SER1SGJWNTdQUUU= HTTP/1.1
Host: 941uw6nts7z.p1f.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://26c5b372.798f45bac6b715433ce0d9f9.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=RoQ9L32HLNkV; qPdM.sig=WAyEeQfCRR1hryUrP34c1nGuvBM; ClientId=75772B9E86354FC9B752865AF8942C20; OIDC=1; OpenIdConnect.nonce.v3.Vd0sbblVsOaWKFdT1e5OlPcsjcBeYeVAlfwhHb5b4xU=638488562186614377.abc6fb23-a810-4093-ad68-268113dbf2bb; X-OWA-RedirectHistory=ArLym14BaXZI5vZd3Ag
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Link: <https://aadcdn.msftauth.net>; rel=preconnect; crossorigin, <https://aadcdn.msftauth.net>; rel=dns-prefetch, <https://aadcdn.msauth.net>; rel=dns-prefetch
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 8e093ce2-4627-437c-83dd-8d696bb3c601
x-ms-ests-server: 2.1.17750.6 - SCUS ProdSlices
x-ms-srs: 1.P
Referrer-Policy: strict-origin-when-cross-origin
Set-Cookie: buid=0.ARIAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8bTWdgEiqTrdb_aDfg71xBPr9nmL4t2Xivscik6fSmRmgOoDhgsaZwbVPL1gvoGEY3GrCrBU0xAB15Dk1g9_otcsqrBmWOvwbis2F5ARyGKsgAA; expires=Thu, 16-May-2024 09:23:39 GMT; path=/; secure; HttpOnly; SameSite=None
esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8WEWtQIezTuuyVHay3XokNwxNrHHWmAUGv6QApj_Im_VTT8D2MNuElXieCwiK_MKXw60RVquBGXBRfdSSh8HRhz5Z35T4JKzvGg9DdSdnKwWbnvd7GpOD_OiyDFJKNnGaKRP3vAkzZCcc9v5vdC4NbD8Td63VgjBTp_j8GxagS3wgAA; domain=941uw6nts7z.p1f.site; path=/; secure; HttpOnly; SameSite=None
esctx-R2TKr8DZSs=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8TqobameXFHPIbprIJKLrKDGxEWIjGxxRRrTOJb2EODmULsA4r-PVkmUliaUu7t7Br2j3E8qjxXZC-TC-EKjxdpGBRgBWKE4pAFfyhsVGMWh9MFLPGPrWlgq-9tOfun9MKfGkrOWF3eAm-VnZsu5xjiAA; domain=941uw6nts7z.p1f.site; path=/; secure; HttpOnly; SameSite=None
fpc=Alm6WS4cRI5MgUGG5bpbGg-erOTJAQAAAJo6sN0OAAAA; expires=Thu, 16-May-2024 09:23:39 GMT; path=/; secure; HttpOnly; SameSite=None
x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
stsservicecookie=estsfd; path=/; secure; samesite=none; httponly
Date: Tue, 16 Apr 2024 09:23:38 GMT
Connection: close
content-length: 39028
Content-Security-Policy: default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

941uw6nts7z.p1f.site/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovLzk0MXV3Nm50czd6LnAxZi5zaXRlIiwiZG9tYWluIjoiOTQxdXc2bnRzN3oucDFmLnNpdGUiLCJrZXkiOiJSb1E5TDMySExOa1YiLCJxcmMiOiJtZ2Ftem9uQGdyaWZmaW5pbmR1c3RyaWFsLmNvbSIsImlhdCI6MTcxMzI1OTQxNywiZXhwIjoxNzEzMjU5NTM3fQ.wZuNH3lznrQf1QqchLnDXTuVJoiLUHybkGCkx-oMb-A

0.0.0.0

39 kB

URL GET
941uw6nts7z.p1f.site/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovLzk0MXV3Nm50czd6LnAxZi5zaXRlIiwiZG9tYWluIjoiOTQxdXc2bnRzN3oucDFmLnNpdGUiLCJrZXkiOiJSb1E5TDMySExOa1YiLCJxcmMiOiJtZ2Ftem9uQGdyaWZmaW5pbmR1c3RyaWFsLmNvbSIsImlhdCI6MTcxMzI1OTQxNywiZXhwIjoxNzEzMjU5NTM3fQ.wZuNH3lznrQf1QqchLnDXTuVJoiLUHybkGCkx-oMb-A
IP
0.0.0.0:0
ASN
#0

Requested by
https://26c5b372.798f45bac6b715433ce0d9f9.workers.dev/?qrc=mgamzon@griffinindustrial.com
Certificate
IssuerLet's Encrypt
Subjectp1f.site
FingerprintC4:9D:8C:D5:7F:3D:74:C9:33:27:69:51:54:54:99:31:DC:D8:26:2E
ValidityTue, 09 Apr 2024 16:56:29 GMT - Mon, 08 Jul 2024 16:56:28 GMT

File type

Size
39 kB (39028 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovLzk0MXV3Nm50czd6LnAxZi5zaXRlIiwiZG9tYWluIjoiOTQxdXc2bnRzN3oucDFmLnNpdGUiLCJrZXkiOiJSb1E5TDMySExOa1YiLCJxcmMiOiJtZ2Ftem9uQGdyaWZmaW5pbmR1c3RyaWFsLmNvbSIsImlhdCI6MTcxMzI1OTQxNywiZXhwIjoxNzEzMjU5NTM3fQ.wZuNH3lznrQf1QqchLnDXTuVJoiLUHybkGCkx-oMb-A HTTP/1.1
Host: 941uw6nts7z.p1f.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://26c5b372.798f45bac6b715433ce0d9f9.workers.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Set-Cookie: qPdM=RoQ9L32HLNkV; path=/; samesite=none; secure; httponly
qPdM.sig=WAyEeQfCRR1hryUrP34c1nGuvBM; path=/; samesite=none; secure; httponly
location: /?qrc=mgamzon%40griffinindustrial.com
Date: Tue, 16 Apr 2024 09:23:38 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked

941uw6nts7z.p1f.site/?qrc=mgamzon%40griffinindustrial.com

0.0.0.0

39 kB

URL GET
941uw6nts7z.p1f.site/?qrc=mgamzon%40griffinindustrial.com
IP
0.0.0.0:0
ASN
#0

Requested by
https://26c5b372.798f45bac6b715433ce0d9f9.workers.dev/?qrc=mgamzon@griffinindustrial.com
Certificate
IssuerLet's Encrypt
Subjectp1f.site
FingerprintC4:9D:8C:D5:7F:3D:74:C9:33:27:69:51:54:54:99:31:DC:D8:26:2E
ValidityTue, 09 Apr 2024 16:56:29 GMT - Mon, 08 Jul 2024 16:56:28 GMT

File type

Size
39 kB (39028 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /?qrc=mgamzon%40griffinindustrial.com HTTP/1.1
Host: 941uw6nts7z.p1f.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://26c5b372.798f45bac6b715433ce0d9f9.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=RoQ9L32HLNkV; qPdM.sig=WAyEeQfCRR1hryUrP34c1nGuvBM
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache
Pragma: no-cache
Location: https://941uw6nts7z.p1f.site/owa/?login_hint=mgamzon%40griffinindustrial.com
Server: Microsoft-IIS/10.0
request-id: c89cf312-d3e8-f131-4da7-6d3b558e6c49
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-FEServer: PR2P264CA0042, PR2P264CA0042
X-RequestId: c49da848-8502-46e7-85ce-575c8328d507
X-FEProxyInfo: PR2P264CA0042.FRAP264.PROD.OUTLOOK.COM
X-FEEFZInfo: CDG
MS-CV: EvOcyOjTMfFNp207VY5sSQ.0
X-Powered-By: ASP.NET
Date: Tue, 16 Apr 2024 09:23:37 GMT
Connection: close
Content-Length: 0
Content-Security-Policy: default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (39)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash