Report - ad.doubleclick.net/searchads/link/click?&ds_a_cid=78645631&ds_a_caid=16864403479&ds_a_agid=136213635060&ds_a_fiid=&ds_a_lid=kwd-337954311970&&ds_e_adid=592415145315&ds_e_matchtype=search&ds_e_device=c&ds_e_network=g&&ds_url_v=2&dc_eps=AHas8cAWcSu2CE2UYpbAoywAbKsEzKsO3mL4IRHbDY7Tz6XLPlOxJw498iUtYEqldt3XQQ07ptEfeYomK1W7&acs_info=ZmluYWxfdXJsOiAiaHR0cHM6Ly93d3cuc2VjdW1kLm9yZy9wZXJzb25hbC9iYW5raW5nL3RvdGFsLWNoZWNraW5nLXJld2FyZHMvIgo&ds_dest_url=https://shoppybu.com/.tmp/jtnrml/uxm/___B3H5__

Report Overview

Submitted URL
ad.doubleclick.net/searchads/link/click?&ds_a_cid=78645631&ds_a_caid=16864403479&ds_a_agid=136213635060&ds_a_fiid=&ds_a_lid=kwd-337954311970&&ds_e_adid=592415145315&ds_e_matchtype=search&ds_e_device=c&ds_e_network=g&&ds_url_v=2&dc_eps=AHas8cAWcSu2CE2UYpbAoywAbKsEzKsO3mL4IRHbDY7Tz6XLPlOxJw498iUtYEqldt3XQQ07ptEfeYomK1W7&acs_info=ZmluYWxfdXJsOiAiaHR0cHM6Ly93d3cuc2VjdW1kLm9yZy9wZXJzb25hbC9iYW5raW5nL3RvdGFsLWNoZWNraW5nLXJld2FyZHMvIgo&ds_dest_url=https://shoppybu.com/.tmp/jtnrml/uxm/___B3H5___/Q1F1YXR0cm9jaW9jY2hpQG1mZGEuY2E=
IP
142.250.74.166
ASN
#15169 GOOGLE
Submitted
2024-04-25 17:46:51
Access
public
Website Title
c73f851e750f6f03f51e473edc55afa6662a96f8a0378
Final URL
nutarcom.us/beebb091955c06fa68b3eb8afc0bae51662a96f8a0500PASbeebb091955c06fa68b3eb8afc0bae51662a96f8a0501
Tags
phishing microsoft outlook
urlquery detections
Phishing - Microsoft Outlook

Detections

urlquery
7
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ad.doubleclick.net	186	1996-01-16	2012-05-24	2024-04-25	979 B	953 B	142.250.74.166
shoppybu.com	unknown	2017-06-24	2019-06-13	2024-04-17	526 B	411 B	162.144.4.79
nutarcom.us	unknown	unknown	No data	No data	11 kB	521 kB	104.21.35.239
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20	2024-04-25	3.3 kB	220 kB	104.17.3.184
aadcdn.msauthimages.net	4795	2018-11-12	2019-08-14	2024-04-24	1.1 kB	25 kB	152.199.21.175
unpkg.com	11693	2016-01-06	2016-01-08	2024-04-24	816 B	84 kB	104.17.246.203

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (31)

	URL	Size	First Seen	Last Seen
	nutarcom.us/jm/b72f29c15ab120346b5d0e71e245a14a662a96f8aaba9	6.4 kB	2023-10-11	2024-05-05
Pretty URL nutarcom.us/jm/b72f29c15ab120346b5d0e71e245a14a662a96f8aaba9 IP 104.21.35.239 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-11 19:03:08 Last Seen2024-05-05 12:40:20 Times Seen44234 Hash 82ff6e77e3b8f004b23294185e108264 03c685b50fd4587427495348cd1231882a8c48d0 0e230a53a5d5abd125c2a8e1cdd97b32ddd84a9f7fd07c23bff95413886b05fa Loading...

	unknown	37 B	2023-04-11	2024-05-05
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:31:25 Last Seen2024-05-05 19:55:16 Times Seen234365 Hash 29d0c84b9d1d8da446a6062c6a840ad9 6d6b3a6065667c7c50d92f3889c85ed65a9ad784 3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1 Loading...

	nutarcom.us/jq/b72f29c15ab120346b5d0e71e245a14a662a96f8aaba5	86 kB	2023-03-07	2024-05-05
Pretty URL nutarcom.us/jq/b72f29c15ab120346b5d0e71e245a14a662a96f8aaba5 IP 104.21.35.239 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-05-05 19:35:01 Times Seen388539 Hash 2f6b11a7e914718e0290410e85366fe9 69bb69e25ca7d5ef0935317584e6153f3fd9a88c 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Loading...

	unknown	79 B	2023-04-11	2024-05-05
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:38:58 Last Seen2024-05-05 19:55:16 Times Seen125503 Hash aa049e2749b8531cb8f233c2f64fc2b2 b611a5a62c1813ae5b4763378b3a4a565556530a e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2 Loading...

	unpkg.com/axios/dist/axios.min.js	42 kB	2024-03-15	2024-05-05
Pretty URL unpkg.com/axios/dist/axios.min.js IP 104.17.246.203 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-15 17:36:33 Last Seen2024-05-05 12:40:21 Times Seen10814 Hash 3b5b3d36fde8ffe8ed76b1efbfc65410 d63107d0912fdb387530d5ce2d512c928d73d122 29d600462a30694efd15b9848b4ca42d178cd067009275c35a30580121114304 Loading...

	nutarcom.us/beebb091955c06fa68b3eb8afc0bae51662a96f8a0500PASbeebb091955c06fa68b3eb8afc0bae51662a96f8a0501	0 B	2023-03-07	2024-05-05
Pretty URL nutarcom.us/beebb091955c06fa68b3eb8afc0bae51662a96f8a0500PASbeebb091955c06fa68b3eb8afc0bae51662a96f8a0501 IP 104.21.35.239 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-05 19:55:32 Times Seen37368304 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	nutarcom.us/boot/b72f29c15ab120346b5d0e71e245a14a662a96f8aaba8	51 kB	2023-03-07	2024-05-05
Pretty URL nutarcom.us/boot/b72f29c15ab120346b5d0e71e245a14a662a96f8aaba8 IP 104.21.35.239 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2024-05-05 19:35:49 Times Seen246691 Hash 67176c242e1bdc20603c878dee836df3 27a71b00383d61ef3c489326b3564d698fc1227c 56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4 Loading...

		Size	First Seen	Last Seen
	#1 Eval - dad1323242794a8659cda16f48277fee	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 19:46:57 Last Seen2024-04-25 19:46:57 Times Seen1 Hash dad1323242794a8659cda16f48277fee 99a32f19cb793c0ebb27cabf71c7b9497bcaeb2c 195a7c38316795c185029c85e9ea1a6e182fb1b2034d16e3a2409f6524ecba3d Loading...

	#2 Eval - 0f48665cf425ea4161fbbd4e7ad3ad81	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 19:46:57 Last Seen2024-04-25 19:46:57 Times Seen1 Hash 0f48665cf425ea4161fbbd4e7ad3ad81 2d399f9534076b5556519605db35430188803f16 ab9c0a2caf7fdf0de589e558e0aab3cdaf81ee96b271274b77df01df04ea6a72 Loading...

	#3 Eval - 5c36666ba8c0ab07f0ddef6452fb733d	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 19:46:57 Last Seen2024-04-25 19:46:57 Times Seen1 Hash 5c36666ba8c0ab07f0ddef6452fb733d d38314dec9cb7b3c70c7b57fec65ba5b22253fa8 2382ffa9878baa81025640515a79b18e91313dbaca9a0d43aa7dc356786f7f9a Loading...

	#4 Eval - 3b4d06d1ef9e49b0a3a34af54dc34a3b	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 19:46:57 Last Seen2024-04-25 19:46:57 Times Seen1 Hash 3b4d06d1ef9e49b0a3a34af54dc34a3b bb0c9de812173ea40542cfa5c7dee63e785bc04e 9ad9a61bbd63bd11f35cf3b0d1e8e07fbd6b43396918e8a1cc40acc8f9d7530f Loading...

	#5 Eval - 9e925e9341b490bfd3b4c4ca3b0c1ef2	4 B	2023-03-07	2024-05-05
Pretty Observations First Seen2023-03-07 01:03:43 Last Seen2024-05-05 19:30:21 Times Seen351506 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	#6 Eval - 538fdd8edd8bfb3c166a70f663af358d	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 19:46:57 Last Seen2024-04-25 19:46:57 Times Seen1 Hash 538fdd8edd8bfb3c166a70f663af358d 914a8cf71fd6d5471d56d614ec4ba374c44f4646 24b26a1b1e1667973968cde0c218c0ab069a0f3a75e45ad9582fce47abe1fd2e Loading...

	#7 Eval - 5b79e8e6e050f3cf263a84473e871dcd	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 19:46:57 Last Seen2024-04-25 19:46:57 Times Seen1 Hash 5b79e8e6e050f3cf263a84473e871dcd 54cfa39a7f306c03d9dfe347050115a9bd5f0180 8b87930a017f4cae098c76b9b90ffb0e255a55a5287838d886fc1312bf53588a Loading...

	#8 Eval - 5508856be442f895829b0ffe6d17b579	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 19:46:57 Last Seen2024-04-25 19:46:57 Times Seen1 Hash 5508856be442f895829b0ffe6d17b579 8b185dd57b4a73eb44eed6097b892a53e6d7acb3 bfe31f2b7425e8824d2ac7fa1acd044894c8423f123f7a708a6b6ecd92eb9505 Loading...

	#9 Eval - 43c81e43a6e7d9140033055ff3e04983	62 B	2024-04-18	2024-04-29
Pretty Observations First Seen2024-04-18 21:08:51 Last Seen2024-04-29 16:17:50 Times Seen2736 Hash 43c81e43a6e7d9140033055ff3e04983 b0eca03913678cb38c488c7c79cc4f9d2755ea17 3f7ef931c657c4333a401c40e8b0b8d1ff3b164542af45e14242314c0ec39f34 Loading...

	#10 Eval - 0ae63bf0a46a42910f16434d90f105e8	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 19:46:57 Last Seen2024-04-25 19:46:57 Times Seen1 Hash 0ae63bf0a46a42910f16434d90f105e8 a4edcdb538144a06048804871ba455cbea0c551c 338af920b83953e9d95055806380cfcde395f88c108ff138967f67332d7bdac0 Loading...

	#11 Eval - 4191cd0ba220adbd0243a7005fd96a6d	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 19:46:57 Last Seen2024-04-25 19:46:57 Times Seen1 Hash 4191cd0ba220adbd0243a7005fd96a6d b7272fbae85dd6695441c936c901a9b2d1c122e9 bbaf0acdaff671e6dbf93473e9814294cb978c082c179262530daa7b32db403c Loading...

	#12 Eval - 17baf2e100a6d537713e9c6fa4979630	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 19:46:57 Last Seen2024-04-25 19:46:57 Times Seen1 Hash 17baf2e100a6d537713e9c6fa4979630 2be880520f3662432e20e641c657861f9a6722ba f477e40c1a863fc511bb8b72543229c7d79678ffda29061fb2aeb081ff859c01 Loading...

	#13 Eval - bf50d27c7278dfc1a740cff4eff6b48d	565 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 19:46:57 Last Seen2024-04-25 19:46:57 Times Seen1 Hash bf50d27c7278dfc1a740cff4eff6b48d 487bcb8cf61c5d92b5d17c2f62f36e7555829873 bb2bc9f7075741d8471df7261d19278095132edf04376e9edc545108b7a7248d Loading...

	#14 Eval - e81889bbfad7ea6644c80486b548f8a5	1.1 kB	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 19:46:39 Last Seen2024-04-25 19:46:57 Times Seen2 Hash e81889bbfad7ea6644c80486b548f8a5 ba76361a96e69a18baae43c02be26542540777b2 9ccc06b46ada78a329b52ee6e61e9f1370a423bbd71681b969f148847f57f7f5 Loading...

	#15 Eval - d9fa12f68ab8b3528c2dc0e2eccecf9a	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 19:46:57 Last Seen2024-04-25 19:46:57 Times Seen1 Hash d9fa12f68ab8b3528c2dc0e2eccecf9a ace88dfeecca69872912a2b485ffbbc6e7e56889 20af87ee18c29348f400270b3e883ec30ae7dbc182d6701923847460a8b62f8c Loading...

	#16 Eval - 54a30f7936527ac3458c754a5d32573a	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 19:46:57 Last Seen2024-04-25 19:46:57 Times Seen1 Hash 54a30f7936527ac3458c754a5d32573a 3313d83e5751fad462a5278b952aa94aab451077 e352337ae9a74c59718a35611c77e0af5b42e0a5e37a17310b419e4c305bb408 Loading...

	#17 Eval - 8f38be1d81dbdb85ed1fa6f8099f540e	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 19:46:57 Last Seen2024-04-25 19:46:57 Times Seen1 Hash 8f38be1d81dbdb85ed1fa6f8099f540e 5a612b262501391425c1947f573e553e11209b1d 131ec3c0431d39a870dd99a760a74469744f83c1f26df71441b7ed63ce81b874 Loading...

	#18 Eval - 93c1f44c3409bbedce538e744ed1eff8	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 19:46:57 Last Seen2024-04-25 19:46:57 Times Seen1 Hash 93c1f44c3409bbedce538e744ed1eff8 bc968007ec839ad1f378390fd7391d6ea0c71a7c d9bdef6c62122f83e8f7541270eda1910f4e1ce57b6dc98b9b3729ed6a39f742 Loading...

	#19 Eval - f5f1ed011928436f5e824f32f808a915	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 19:46:57 Last Seen2024-04-25 19:46:57 Times Seen1 Hash f5f1ed011928436f5e824f32f808a915 9b20b8a41a3ef8c5406cecda37cbe9254627806a 60734be6cf4618a068bbe8e6b26abd976bbb789d96d229414d9c35202e32d4d1 Loading...

	#20 Eval - 593beb463cb860f68c7758d49783fd50	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 19:46:57 Last Seen2024-04-25 19:46:57 Times Seen1 Hash 593beb463cb860f68c7758d49783fd50 2e3dead2362df54de36f85997ca5400b8ebacf98 39144e2d1b5b7e1411ecab703ec515d96ecb865774bd840e83eedb182733d444 Loading...

	#21 Eval - 5014bfaaa5e6b3bdf5d5ca096cd1345e	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 19:46:58 Last Seen2024-04-25 19:46:58 Times Seen1 Hash 5014bfaaa5e6b3bdf5d5ca096cd1345e fd76d290dbb04050e043a1686784ce802b327ba1 c8a7e7d91327b6f26bee1f3180ec8c5b5e59ba94d645894cb438dd96f8fc94fc Loading...

	#22 Eval - a3405da9a48b955834fb1281ccefb766	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 19:46:58 Last Seen2024-04-25 19:46:58 Times Seen1 Hash a3405da9a48b955834fb1281ccefb766 32a8c4bb0087df80abc2d9d8a774fb4f61ea7a67 bb9e83a1dca9e77fcc13852b8038feeed7d338141f49b4ffb17f36dc71a5d585 Loading...

	#23 Eval - ffc40c6d8c4a2cb2cc3d6adf09f7e5b7	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 19:46:58 Last Seen2024-04-25 19:46:58 Times Seen1 Hash ffc40c6d8c4a2cb2cc3d6adf09f7e5b7 882f96af5820b91ad65947f8f680ad176e78336d 327c0cba84ca3915e7a296d5d6b70af9e76ae938f47bd6037b239b15112aa6ec Loading...

	#24 Eval - 3fb410c4de4a49973aa8cc5baa97fecc	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 19:46:58 Last Seen2024-04-25 19:46:58 Times Seen1 Hash 3fb410c4de4a49973aa8cc5baa97fecc 05c4078fdb4c0499f183bf689279b92f2ff7e3fc 708a65dbdf4118e4bc414536df9d3f7fea3d2818b4bb0413cce86f6176a61faa Loading...

HTTP Transactions (26)

URL IP Response Size

ad.doubleclick.net/searchads/link/click?&ds_a_cid=78645631&ds_a_caid=16864403479&ds_a_agid=136213635060&ds_a_fiid=&ds_a_lid=kwd-337954311970&&ds_e_adid=592415145315&ds_e_matchtype=search&ds_e_device=c&ds_e_network=g&&ds_url_v=2&dc_eps=AHas8cAWcSu2CE2UYpbAoywAbKsEzKsO3mL4IRHbDY7Tz6XLPlOxJw498iUtYEqldt3XQQ07ptEfeYomK1W7&acs_info=ZmluYWxfdXJsOiAiaHR0cHM6Ly93d3cuc2VjdW1kLm9yZy9wZXJzb25hbC9iYW5raW5nL3RvdGFsLWNoZWNraW5nLXJld2FyZHMvIgo&ds_dest_url=https://shoppybu.com/.tmp/jtnrml/uxm/___B3H5___/Q1F1YXR0cm9jaW9jY2hpQG1mZGEuY2E=

142.250.74.166

302 Found

0 B

URL User Request GET HTTP/2
ad.doubleclick.net/searchads/link/click?&ds_a_cid=78645631&ds_a_caid=16864403479&ds_a_agid=136213635060&ds_a_fiid=&ds_a_lid=kwd-337954311970&&ds_e_adid=592415145315&ds_e_matchtype=search&ds_e_device=c&ds_e_network=g&&ds_url_v=2&dc_eps=AHas8cAWcSu2CE2UYpbAoywAbKsEzKsO3mL4IRHbDY7Tz6XLPlOxJw498iUtYEqldt3XQQ07ptEfeYomK1W7&acs_info=ZmluYWxfdXJsOiAiaHR0cHM6Ly93d3cuc2VjdW1kLm9yZy9wZXJzb25hbC9iYW5raW5nL3RvdGFsLWNoZWNraW5nLXJld2FyZHMvIgo&ds_dest_url=https://shoppybu.com/.tmp/jtnrml/uxm/___B3H5___/Q1F1YXR0cm9jaW9jY2hpQG1mZGEuY2E=
IP
142.250.74.166:443
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.doubleclick.net
Fingerprint2C:E5:B4:92:A1:7E:78:72:1F:AB:68:9C:D9:40:42:B5:89:EB:86:AC
ValidityMon, 18 Mar 2024 19:37:01 GMT - Mon, 10 Jun 2024 19:37:00 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /searchads/link/click?&ds_a_cid=78645631&ds_a_caid=16864403479&ds_a_agid=136213635060&ds_a_fiid=&ds_a_lid=kwd-337954311970&&ds_e_adid=592415145315&ds_e_matchtype=search&ds_e_device=c&ds_e_network=g&&ds_url_v=2&dc_eps=AHas8cAWcSu2CE2UYpbAoywAbKsEzKsO3mL4IRHbDY7Tz6XLPlOxJw498iUtYEqldt3XQQ07ptEfeYomK1W7&acs_info=ZmluYWxfdXJsOiAiaHR0cHM6Ly93d3cuc2VjdW1kLm9yZy9wZXJzb25hbC9iYW5raW5nL3RvdGFsLWNoZWNraW5nLXJld2FyZHMvIgo&ds_dest_url=https://shoppybu.com/.tmp/jtnrml/uxm/___B3H5___/Q1F1YXR0cm9jaW9jY2hpQG1mZGEuY2E= HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://shoppybu.com/.tmp/jtnrml/uxm/___B3H5___/Q1F1YXR0cm9jaW9jY2hpQG1mZGEuY2E=
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 25 Apr 2024 17:46:25 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: IDE=AHWqTUmA5iRe4UV09kqwSOm5RN94mpzD87EDe-OwTE67jYYqRQiY4BuJiiWXQJbZNhQ; expires=Sat, 25-Apr-2026 17:46:25 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
FLC=CPelNRCHpcI9GKn7-o8BKLH8xAIw8a2qsQZwANq4BBoyGDoWChQoMJgX0ezzKpobBgjwspqxBqAbAQ; expires=Thu, 25-Apr-2024 17:46:35 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

shoppybu.com/.tmp/jtnrml/uxm/___B3H5___/Q1F1YXR0cm9jaW9jY2hpQG1mZGEuY2E=

162.144.4.79

200 OK

0 B

URL User Request GET HTTP/2
shoppybu.com/.tmp/jtnrml/uxm/___B3H5___/Q1F1YXR0cm9jaW9jY2hpQG1mZGEuY2E=
IP
162.144.4.79:443
ASN
#46606 UNIFIEDLAYER-AS-1

Certificate
IssuerLet's Encrypt
Subject*.orient8.eu
Fingerprint4F:4C:D1:E4:96:1C:DE:5C:F2:D0:8B:55:16:E6:FF:F3:FB:88:06:38
ValidityThu, 21 Mar 2024 23:45:48 GMT - Wed, 19 Jun 2024 23:45:47 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /.tmp/jtnrml/uxm/___B3H5___/Q1F1YXR0cm9jaW9jY2hpQG1mZGEuY2E= HTTP/1.1
Host: shoppybu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 17:46:25 GMT
server: nginx/1.21.6
content-type: text/html; charset=UTF-8
content-length: 0
refresh: 0;url=https://nutarcom.us/MCQuattrociocchi@mfda.ca
cache-control: max-age=7200
expires: Thu, 25 Apr 2024 19:46:25 GMT
vary: User-Agent
x-generated: t=1714067185861309
x-endurance-cache-level: 2
x-nginx-cache: WordPress
x-server-cache: false
X-Firefox-Spdy: h2

nutarcom.us/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=87a02709ea1b5696

104.21.35.239

162 kB

URL
nutarcom.us/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=87a02709ea1b5696
IP
104.21.35.239:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
162 kB (161663 bytes)
Hash
afac3d96f0f08b0d04cce26484dd11d9
92b6b1f5bcf528ed2317e1daf57150902933940c
421c6a4255f20b1bd9c0cbdf3d43065e855393535bca27604210e1afffbff66e

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=87a02709ea1b5696 HTTP/1.1
Host: nutarcom.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nutarcom.us/MCQuattrociocchi@mfda.ca?__cf_chl_rt_tk=s0b6eunCvngta7Xq2eu_CFGQJF8rL3vXu7PiROQ8se4-1714067186-0.0.1.1-1621
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:46:26 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s%2BdSPHC8g0rFpdWjlHLsNaw%2FQA8vBcGKi9Q6xh7qzGNHv4dLs7WuO4FXah7IhgvbycK8ZYTDWLfhTEaxxhYZKC9AJ1dDb4HCsHjNw9g8l1iL1p95xwnp%2Bp3WRCJU%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a0270aae935690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5quw8/0x4AAAAAAADnPIDROrmt1Wwj/light/normal

104.17.3.184

26 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5quw8/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (41702)
Size
26 kB (25585 bytes)
Hash
f3fb19a3241910dc7f11b0617c807135
5aaec8bc7bb70bd61de2fee9bd62761f1a6369d0
53348d7939cd70158eb26e1edd48e81a6684a73cc9fe7c614df1a8a64aaee5c4

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5quw8/0x4AAAAAAADnPIDROrmt1Wwj/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:46:26 GMT
content-type: text/html; charset=UTF-8
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
cross-origin-resource-policy: cross-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
document-policy: js-profiling
origin-agent-cluster: ?1
referrer-policy: same-origin
vary: accept-encoding
server: cloudflare
cf-ray: 87a0270ceecd56c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/87a0270ceecd56c0/1714067187128/QpzDnyaMal1oLaF

104.17.3.184

61 B

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/87a0270ceecd56c0/1714067187128/QpzDnyaMal1oLaF
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 11 x 50, 8-bit/color RGB, non-interlaced
Size
61 B (61 bytes)
Hash
ee68e0435701f451d9cfb9e78144d276
02ba670926e3772cc23e7cfc7c4b94ef3a75fb23
077dcd12dab2f5a1ea71d20f2b4f10b33b039f6e5016e7134a5aa653b86a9587

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/i/87a0270ceecd56c0/1714067187128/QpzDnyaMal1oLaF HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5quw8/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:46:28 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 87a02716ca2956c0-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/87a0270ceecd56c0/1714067187129/e23712368adf73a76a6ce0e61398ee0cdb7d95a133bf5a3242856f022a5f2175/oq2sbx8fQuTfeLC

104.17.3.184

1 B

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/87a0270ceecd56c0/1714067187129/e23712368adf73a76a6ce0e61398ee0cdb7d95a133bf5a3242856f022a5f2175/oq2sbx8fQuTfeLC
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
ff44570aca8241914870afbc310cdb85
58668e7669fd564d99db5d581fcdb6a5618440b5
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/pat/87a0270ceecd56c0/1714067187129/e23712368adf73a76a6ce0e61398ee0cdb7d95a133bf5a3242856f022a5f2175/oq2sbx8fQuTfeLC HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5quw8/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 401 Unauthorized
date: Thu, 25 Apr 2024 17:46:28 GMT
content-type: text/plain; charset=UTF-8
content-length: 1
www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20g4jcSNorfc6dqbODmE5juDNt9laEzv1oyQoVvAipfIXUAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEApc5PUXcXSrXwpeNe3kT6EaAJPDsPBMfFZc7M608yW3JV6YSHiGBLoFiLtNHD3Yj8UsOtWbQeFa2uvS_dYz5MBsoSW4-RbOY-WCB2aGEB-eoRbXl4lJRl0UNGi00lNBgNTil_mTTSNV3ssSkmSY8kwM-5GqBNfJ2kmJPKo02MWiXn1pwc4YXbeATUrYDRvvXUXYZrgaarjDyvHFhnYpD3mqr5qOj_TS_1SCUZ0HIp8ywDX06Xc59cKjzFHEUzD3gWutoK4apMxNt9bWWxcH3D_UL1a1llCxh-knMwTxgvRXS-XHap_ymO2zCuAPNgo1SDCTl4lTQZbVX7VvpDZwMaiQIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tIOI3EjaK33Onamzg5hOY7gzbfZWhM79aMkKFbwIqXyF1ABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEA1FEYykHcK8H9rb_u0aFz3CmWgYloQw4YhedoEOAjJ0vy2Axa4f9UG9Dzs4uXS34_h8l6MDo2nRCvLI9lvebilMnTjCn-6D77bewqYxJKUFZW1z2jBIdu03TrETczfEg7kxgKtJE9NXGDjYJcF_iMgzgNA0PEAVM89tUYXXlFy4cUAGlqU2mPpIEOxm5ARsXC-zlLK60fkJ4cOsZRkZa6EExdhmgdwQ0fEJuSOHrBO_-zJn4hUP8q9g4yqkxW2UrfJgD07F4HaHGBEiei06sGDvH2NEPvswEl5dTGxutNrxlU7W24iYhNa2nhjlc53nNb0mKtszv-czVE9UhXyJ7-RQIDAQAB", max-age=20
server: cloudflare
cf-ray: 87a02716ea5a56c0-OSL
alt-svc: h3=":443"; ma=86400

nutarcom.us/e/b72f29c15ab120346b5d0e71e245a14a662a96f903b4c

104.21.35.239

200 OK

14 kB

URL GET HTTP/3
nutarcom.us/e/b72f29c15ab120346b5d0e71e245a14a662a96f903b4c
IP
104.21.35.239:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nutarcom.us/beebb091955c06fa68b3eb8afc0bae51662a96f8a0500PASbeebb091955c06fa68b3eb8afc0bae51662a96f8a0501
Certificate
IssuerLet's Encrypt
Subjectnutarcom.us
FingerprintB8:DF:C4:3D:D6:67:7A:4B:4E:4F:BF:9F:BC:54:1B:65:37:38:8C:F2
ValidityTue, 23 Apr 2024 22:24:07 GMT - Mon, 22 Jul 2024 22:24:06 GMT

File type
SVG Scalable Vector Graphics image
Size
14 kB (13913 bytes)
Hash
a9cc2824ef3517b6c4160dcf8ff7d410
8db9aebad84ca6e4225bfdd2458ff3821cc4f064
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58

HTTP Headers

GET /e/b72f29c15ab120346b5d0e71e245a14a662a96f903b4c HTTP/1.1
Host: nutarcom.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nutarcom.us/beebb091955c06fa68b3eb8afc0bae51662a96f8a0500PASbeebb091955c06fa68b3eb8afc0bae51662a96f8a0501
Cookie: cf_clearance=DIdOJ.NxwnbkOvP28nDOoustYIi_OTU1U1CgbgD01Gk-1714067186-1.0.1.1-7xG2Ki0ljj9ebz2z6EIqEVcgn9bGX4wYXYj477erxLvbc8JdxSGR51JS7hKs9Dtge.bcUEmWugySc2GuHgdSOA; PHPSESSID=bbe3d16f2dd3f71507c9dbda3f0c4651
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:46:33 GMT
content-type: image/svg+xml
last-modified: Tue, 23 Apr 2024 23:26:34 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ALrp4bHfhm%2FkW3JgQ5%2F2Tf4JMg7qnKv2dsuZYKIsmfnGuOmntQOq01usFWx0ZOD3qVo3P4LBcVACHNG855I7r4oScHR0MCY5QMAvAlUradF8n6TzuB5OysYq%2FsX0lw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a02734afad5690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87a0270ceecd56c0

104.17.3.184

176 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87a0270ceecd56c0
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
176 kB (176096 bytes)
Hash
7039add9479018e93985b7bce501368b
e35a915cbdaf3577a66740820eebfa8d6fa646f5
91ac309a24c16dc8327dc8bf892542d263570c636510e582f8d19ad5e0ba9739

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87a0270ceecd56c0 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5quw8/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:46:26 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
server: cloudflare
cf-ray: 87a0270d9fb556c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

aadcdn.msauthimages.net/dbd5a2dd-yoyltppnqgyfm2zu8rijwzq-dkpkrukfalpjd8zjxhe/logintenantbranding/0/illustration?ts=638449041977443020

152.199.21.175

200 OK

19 kB

URL GET HTTP/2
aadcdn.msauthimages.net/dbd5a2dd-yoyltppnqgyfm2zu8rijwzq-dkpkrukfalpjd8zjxhe/logintenantbranding/0/illustration?ts=638449041977443020
IP
152.199.21.175:443
ASN
#15133 EDGECAST

Requested by
https://nutarcom.us/beebb091955c06fa68b3eb8afc0bae51662a96f8a0500PASbeebb091955c06fa68b3eb8afc0bae51662a96f8a0501
Certificate
IssuerMicrosoft Corporation
Subjectaadcdn.msauthimages.net
Fingerprint3B:14:C7:84:64:65:A8:46:3C:B4:7E:B7:F2:A1:AF:6B:8F:EF:17:E5
ValidityThu, 11 Jan 2024 12:14:02 GMT - Sun, 05 Jan 2025 12:14:02 GMT

File type
PNG image data, 1920 x 1080, 8-bit/color RGB, non-interlaced
Size
19 kB (19077 bytes)
Hash
178bb4560cad006fc82eccad41dd2f40
3d02f4ab380ce98e2db9a63b8d106e14a1e8a5b5
d4f9d966748097ab933f8f0c998cd48f609e03dfb0904c834f739ed0240f713d

HTTP Headers

GET /dbd5a2dd-yoyltppnqgyfm2zu8rijwzq-dkpkrukfalpjd8zjxhe/logintenantbranding/0/illustration?ts=638449041977443020 HTTP/1.1
Host: aadcdn.msauthimages.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nutarcom.us/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 18
cache-control: public, max-age=86400
content-md5: F4u0VgytAG/ILsytQd0vQA==
content-type: image/*
date: Thu, 25 Apr 2024 17:46:34 GMT
etag: 0x8DC3A0562547F6B
last-modified: Fri, 01 Mar 2024 15:36:37 GMT
server: ECAcc (ska/F799)
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 13ca2561-a01e-0005-6738-979139000000
x-ms-version: 2009-09-19
content-length: 19077
X-Firefox-Spdy: h2

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1973521685:1714066203:e97jsL5YAxPAmqfBjb13WdFofV0Jfj6MJP6JuWssnNg/87a0270ceecd56c0/2383c294045d4e1

104.17.3.184

13 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1973521685:1714066203:e97jsL5YAxPAmqfBjb13WdFofV0Jfj6MJP6JuWssnNg/87a0270ceecd56c0/2383c294045d4e1
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (3504), with no line terminators
Size
13 kB (13332 bytes)
Hash
2df367f5eb8703610e34a63987e87d42
e78c6bac5ceaa7062eaa7031ae3369a7358b3d56
b4a2890a0d77962e42be27454c8dde03e723491f425bed59c4706f40524e1f84

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1973521685:1714066203:e97jsL5YAxPAmqfBjb13WdFofV0Jfj6MJP6JuWssnNg/87a0270ceecd56c0/2383c294045d4e1 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5quw8/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 2383c294045d4e1
Content-Length: 36749
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:46:32 GMT
content-type: text/html; charset=UTF-8
cf-chl-out: LDGMwHF0EhZ0PGU3zPzpRI3TM7FNRygbRwpEK4Yo6g93noA+3sL/PLxJAruN5ojSdmU/T+tgR/QvE5ae7JNjH7BKxEruQppFjAXxVUjToatZwhL7eBr+OsloHorOB20v$eib1tDEYM+ZSXpGYBQVPBg==
cf-chl-out-s: UAQQode+G0bQixZ0WYioVh+ry1YTJzLqB95wJbf2bTMH65LzrPXmQyT2Vx7ZA2fixPxqWtPM3fMy5ZOWwvOE2w19nDB9CsbH/uDYsKeXGOxT38t5bAFdjZn30id8VhzS4eCiLCwcBQuESpPBwT7tu2/t/b2iW+caNWhXUFrIP7pa/bsLubLN2E+6pMu7tBUhwhcW+ar70t81u64aWoe0ajaX8oz4RJ+7o6jof3bQNzgsmA55KwkXutFNrbwU8dFOf/+fT3m4pbj7hDkDZOSyi7ty8aQV3nlNlNjxh8KfmuqeOdsbeSgRy3/B8aElBhcUdli37VFm/NRyDjmBKkaEfg5fL8HBq/8O+2Ubvb1u/X3C4Hf9HlvrjuenSdmie+SgulWJHdpalobMB04oRNKOGobLzzCS0SC7/sWvERkJr2XM5XnVwc/6nS5HSPinWBDSArDTRms/vjFhhekh6gxL94InMA98x8HmMa6dJfZ7bdV6P5X6GYi2DeyRN2TAapNjj7GCAjs3pvcf2DjuyA09aeGdX8jbS+qk8ITKgBeiOCV0g25DoGkEpVbS3mmm9kvPBpqdZpxSqNzhgPeMKy+RKLiZ64eTt3yrWqtc6DdEOqMs5gmDWT/AvpFqfg25mg9l$5B9vCDnOI+SGcWMg1RGRuw==
vary: accept-encoding
server: cloudflare
cf-ray: 87a0272eeeaa56c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

unpkg.com/axios@1.6.8/dist/axios.min.js

104.17.246.203

200 OK

42 kB

URL GET HTTP/2
unpkg.com/axios@1.6.8/dist/axios.min.js
IP
104.17.246.203:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nutarcom.us/beebb091955c06fa68b3eb8afc0bae51662a96f8a0500PASbeebb091955c06fa68b3eb8afc0bae51662a96f8a0501
Certificate
IssuerGoogle Trust Services LLC
Subjectunpkg.com
Fingerprint2E:F1:F6:31:28:EC:29:20:41:F4:58:4B:B1:CF:51:16:77:7E:BF:E3
ValidityMon, 01 Apr 2024 02:40:24 GMT - Sun, 30 Jun 2024 02:40:23 GMT

File type
JavaScript source, ASCII text, with very long lines (41442)
Size
42 kB (41481 bytes)
Hash
3b5b3d36fde8ffe8ed76b1efbfc65410
d63107d0912fdb387530d5ce2d512c928d73d122
29d600462a30694efd15b9848b4ca42d178cd067009275c35a30580121114304

HTTP Headers

GET /axios@1.6.8/dist/axios.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nutarcom.us/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 17:46:32 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"a209-1jEH0JEv2zh1MNXOLVEsko1z0SI"
via: 1.1 fly.io
fly-request-id: 01HS1FGRYZKY14C0JK748EAY1W-arn
cf-cache-status: HIT
age: 3546634
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a027334b43b503-OSL
content-encoding: br
X-Firefox-Spdy: h2

nutarcom.us/beebb091955c06fa68b3eb8afc0bae51662a96f8a0500PASbeebb091955c06fa68b3eb8afc0bae51662a96f8a0501

104.21.35.239

200 OK

5.5 kB

URL User Request GET HTTP/3
nutarcom.us/beebb091955c06fa68b3eb8afc0bae51662a96f8a0500PASbeebb091955c06fa68b3eb8afc0bae51662a96f8a0501
IP
104.21.35.239:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectnutarcom.us
FingerprintB8:DF:C4:3D:D6:67:7A:4B:4E:4F:BF:9F:BC:54:1B:65:37:38:8C:F2
ValidityTue, 23 Apr 2024 22:24:07 GMT - Mon, 22 Jul 2024 22:24:06 GMT

File type
HTML document, ASCII text, with very long lines (5541), with no line terminators
Size
5.5 kB (5502 bytes)
Hash
1cbd3bb98c7d3b5d6b7e9abc7eed31bf
901458f08b95804760728a84e2e51588d9bfc263
1456cc720e38ce7888d3fb5e63eb1b0475c5cc06853a317e55fa532efc566ab5

HTTP Headers

GET /beebb091955c06fa68b3eb8afc0bae51662a96f8a0500PASbeebb091955c06fa68b3eb8afc0bae51662a96f8a0501 HTTP/1.1
Host: nutarcom.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nutarcom.us/MCQuattrociocchi@mfda.ca?__cf_chl_tk=s0b6eunCvngta7Xq2eu_CFGQJF8rL3vXu7PiROQ8se4-1714067186-0.0.1.1-1621
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=DIdOJ.NxwnbkOvP28nDOoustYIi_OTU1U1CgbgD01Gk-1714067186-1.0.1.1-7xG2Ki0ljj9ebz2z6EIqEVcgn9bGX4wYXYj477erxLvbc8JdxSGR51JS7hKs9Dtge.bcUEmWugySc2GuHgdSOA; PHPSESSID=bbe3d16f2dd3f71507c9dbda3f0c4651
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:46:32 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XMRUp0wC8Km77RGCWY3URihhWvX6Afrj%2F2hSS%2Fq4E9n5aC%2BwE8puImP94sRnzYziDLK7k0KFlHbfGfQzqYiQMQ6QX7BE%2FE61J2ln31BXgruCKGcpCiURySn9vf0NLg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a027323c165690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nutarcom.us/2

104.21.35.239

200 OK

37 kB

URL GET HTTP/3
nutarcom.us/2
IP
104.21.35.239:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nutarcom.us/beebb091955c06fa68b3eb8afc0bae51662a96f8a0500PASbeebb091955c06fa68b3eb8afc0bae51662a96f8a0501
Certificate
IssuerLet's Encrypt
Subjectnutarcom.us
FingerprintB8:DF:C4:3D:D6:67:7A:4B:4E:4F:BF:9F:BC:54:1B:65:37:38:8C:F2
ValidityTue, 23 Apr 2024 22:24:07 GMT - Mon, 22 Jul 2024 22:24:06 GMT

File type

Size
37 kB (37062 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /2 HTTP/1.1
Host: nutarcom.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nutarcom.us/beebb091955c06fa68b3eb8afc0bae51662a96f8a0500PASbeebb091955c06fa68b3eb8afc0bae51662a96f8a0501
Cookie: cf_clearance=DIdOJ.NxwnbkOvP28nDOoustYIi_OTU1U1CgbgD01Gk-1714067186-1.0.1.1-7xG2Ki0ljj9ebz2z6EIqEVcgn9bGX4wYXYj477erxLvbc8JdxSGR51JS7hKs9Dtge.bcUEmWugySc2GuHgdSOA; PHPSESSID=bbe3d16f2dd3f71507c9dbda3f0c4651
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:46:33 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tv3stYUmqdiDzBiau8O%2BoBVOJkZbYCgjTLQBlBXtkY9kaooIiFiRAfEaUMTWW6w3eZhvrIneYkqJ8L06QS1CJt5omz70ntQZLX5Rq8tw6%2FTKmQxdo%2BaLA8ONt2u7EA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a027342f155690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nutarcom.us/favicon.ico

104.21.35.239

404 Not Found

315 B

URL GET HTTP/3
nutarcom.us/favicon.ico
IP
104.21.35.239:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nutarcom.us/beebb091955c06fa68b3eb8afc0bae51662a96f8a0500PASbeebb091955c06fa68b3eb8afc0bae51662a96f8a0501
Certificate
IssuerLet's Encrypt
Subjectnutarcom.us
FingerprintB8:DF:C4:3D:D6:67:7A:4B:4E:4F:BF:9F:BC:54:1B:65:37:38:8C:F2
ValidityTue, 23 Apr 2024 22:24:07 GMT - Mon, 22 Jul 2024 22:24:06 GMT

File type
HTML document, ASCII text, with very long lines (326), with no line terminators
Size
315 B (315 bytes)
Hash
97ef40509b73c101d6815511c3adf98d
a4242322497ea630ea72e26ba297a95a2bbe5ccd
322c1f60d9d454c801f7cff3173ef16b61cf9963a64e09a4d9e21d36218b56be

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: nutarcom.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nutarcom.us/beebb091955c06fa68b3eb8afc0bae51662a96f8a0500PASbeebb091955c06fa68b3eb8afc0bae51662a96f8a0501
Cookie: cf_clearance=DIdOJ.NxwnbkOvP28nDOoustYIi_OTU1U1CgbgD01Gk-1714067186-1.0.1.1-7xG2Ki0ljj9ebz2z6EIqEVcgn9bGX4wYXYj477erxLvbc8JdxSGR51JS7hKs9Dtge.bcUEmWugySc2GuHgdSOA; PHPSESSID=bbe3d16f2dd3f71507c9dbda3f0c4651
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Thu, 25 Apr 2024 17:46:33 GMT
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-cache-status: HIT
age: 19
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zhu9jNS7c3C7nUslm%2FjsIM%2B40IWblL%2FoXpXRoaIirURB5dFFQRWm0VNozPHK9hD4kGRb6JWzESPwRE8RWcEa9STtnrDPNEBZH%2BxyXi7AB03UXSNyrtO24BzVO%2F9DVA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a027349fa05690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nutarcom.us/jq/b72f29c15ab120346b5d0e71e245a14a662a96f8aaba5

104.21.35.239

200 OK

86 kB

URL GET HTTP/3
nutarcom.us/jq/b72f29c15ab120346b5d0e71e245a14a662a96f8aaba5
IP
104.21.35.239:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nutarcom.us/beebb091955c06fa68b3eb8afc0bae51662a96f8a0500PASbeebb091955c06fa68b3eb8afc0bae51662a96f8a0501
Certificate
IssuerLet's Encrypt
Subjectnutarcom.us
FingerprintB8:DF:C4:3D:D6:67:7A:4B:4E:4F:BF:9F:BC:54:1B:65:37:38:8C:F2
ValidityTue, 23 Apr 2024 22:24:07 GMT - Mon, 22 Jul 2024 22:24:06 GMT

File type
JavaScript source, ASCII text, with very long lines (32065)
Size
86 kB (85578 bytes)
Hash
2f6b11a7e914718e0290410e85366fe9
69bb69e25ca7d5ef0935317584e6153f3fd9a88c
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

HTTP Headers

GET /jq/b72f29c15ab120346b5d0e71e245a14a662a96f8aaba5 HTTP/1.1
Host: nutarcom.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nutarcom.us/beebb091955c06fa68b3eb8afc0bae51662a96f8a0500PASbeebb091955c06fa68b3eb8afc0bae51662a96f8a0501
Cookie: cf_clearance=DIdOJ.NxwnbkOvP28nDOoustYIi_OTU1U1CgbgD01Gk-1714067186-1.0.1.1-7xG2Ki0ljj9ebz2z6EIqEVcgn9bGX4wYXYj477erxLvbc8JdxSGR51JS7hKs9Dtge.bcUEmWugySc2GuHgdSOA; PHPSESSID=bbe3d16f2dd3f71507c9dbda3f0c4651
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:46:32 GMT
content-type: text/javascript
last-modified: Tue, 23 Apr 2024 23:26:34 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u%2FEZpg%2B8qLS3wm9B17l87RiZ%2Fmt9i7vLNTTlnCyQeLnhK0eRzIaxvNPYgxbHwzx%2FFDoOQiRuZuCrfujNatIrXpdboA1OF4ZdG7UCIaAmim1veLuZknqN9f0gBQ%2FJYg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a027331cf95690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nutarcom.us/APP-O2QT6K/b72f29c15ab120346b5d0e71e245a14a662a96f903b22

104.21.35.239

200 OK

105 kB

URL GET HTTP/3
nutarcom.us/APP-O2QT6K/b72f29c15ab120346b5d0e71e245a14a662a96f903b22
IP
104.21.35.239:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nutarcom.us/beebb091955c06fa68b3eb8afc0bae51662a96f8a0500PASbeebb091955c06fa68b3eb8afc0bae51662a96f8a0501
Certificate
IssuerLet's Encrypt
Subjectnutarcom.us
FingerprintB8:DF:C4:3D:D6:67:7A:4B:4E:4F:BF:9F:BC:54:1B:65:37:38:8C:F2
ValidityTue, 23 Apr 2024 22:24:07 GMT - Mon, 22 Jul 2024 22:24:06 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
105 kB (105369 bytes)
Hash
8e6b0f88563f9c33f78bce65cf287df7
ef7765cd2a7d64ed27dd7344702597aff6f8c397
a7057bebfff43e7281ca31da00d40bd88c8d02d1576b9c45891dd56a3853269a

HTTP Headers

GET /APP-O2QT6K/b72f29c15ab120346b5d0e71e245a14a662a96f903b22 HTTP/1.1
Host: nutarcom.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nutarcom.us/beebb091955c06fa68b3eb8afc0bae51662a96f8a0500PASbeebb091955c06fa68b3eb8afc0bae51662a96f8a0501
Cookie: cf_clearance=DIdOJ.NxwnbkOvP28nDOoustYIi_OTU1U1CgbgD01Gk-1714067186-1.0.1.1-7xG2Ki0ljj9ebz2z6EIqEVcgn9bGX4wYXYj477erxLvbc8JdxSGR51JS7hKs9Dtge.bcUEmWugySc2GuHgdSOA; PHPSESSID=bbe3d16f2dd3f71507c9dbda3f0c4651
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:46:33 GMT
content-type: text/css
last-modified: Tue, 23 Apr 2024 23:26:34 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wKdmuR5LkGvPP3Vl1rd4D8TuMTjBjZ2J7WRPZ2ueoPmXsCx901AnogQ9Q1FC3FR6D15gwSTrOJXZ1BIPR4AWssS0f8nlH34iA6dvdeQ1JgcfyCUMj2th8s9rnZlzUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a02734bfbe5690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nutarcom.us/o/b72f29c15ab120346b5d0e71e245a14a662a96f903b45

104.21.35.239

200 OK

3.7 kB

URL GET HTTP/3
nutarcom.us/o/b72f29c15ab120346b5d0e71e245a14a662a96f903b45
IP
104.21.35.239:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nutarcom.us/beebb091955c06fa68b3eb8afc0bae51662a96f8a0500PASbeebb091955c06fa68b3eb8afc0bae51662a96f8a0501
Certificate
IssuerLet's Encrypt
Subjectnutarcom.us
FingerprintB8:DF:C4:3D:D6:67:7A:4B:4E:4F:BF:9F:BC:54:1B:65:37:38:8C:F2
ValidityTue, 23 Apr 2024 22:24:07 GMT - Mon, 22 Jul 2024 22:24:06 GMT

File type
SVG Scalable Vector Graphics image
Size
3.7 kB (3651 bytes)
Hash
d633a913e6f3b1f45774b9874dfc85e0
5ba1344048578062c93cfddfdf8458477eaca476
c1fbfbd9a81fc4d9c9539a65bdfb4c6738926b8d4681b0346706196413e92714

HTTP Headers

GET /o/b72f29c15ab120346b5d0e71e245a14a662a96f903b45 HTTP/1.1
Host: nutarcom.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nutarcom.us/beebb091955c06fa68b3eb8afc0bae51662a96f8a0500PASbeebb091955c06fa68b3eb8afc0bae51662a96f8a0501
Cookie: cf_clearance=DIdOJ.NxwnbkOvP28nDOoustYIi_OTU1U1CgbgD01Gk-1714067186-1.0.1.1-7xG2Ki0ljj9ebz2z6EIqEVcgn9bGX4wYXYj477erxLvbc8JdxSGR51JS7hKs9Dtge.bcUEmWugySc2GuHgdSOA; PHPSESSID=bbe3d16f2dd3f71507c9dbda3f0c4651
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:46:33 GMT
content-type: image/svg+xml
last-modified: Tue, 23 Apr 2024 23:26:34 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OXwWUNFdH%2F3HPW4wnZ941IpxJKsVDvBzt7buebaxBp6IR85xPybcJ%2FUMOP1V4q6p4af1AyW4emNUZ%2BCJk64bJ9XT%2FSbeP08WwuI0SfUEH%2Fad0lGjG5XJAGuW6KBoPw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a02734afa75690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nutarcom.us/api-as1f?email=CQuattrociocchi@mfda.ca&data=logo

104.21.35.239

200 OK

168 B

URL GET HTTP/3
nutarcom.us/api-as1f?email=CQuattrociocchi@mfda.ca&data=logo
IP
104.21.35.239:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nutarcom.us/beebb091955c06fa68b3eb8afc0bae51662a96f8a0500PASbeebb091955c06fa68b3eb8afc0bae51662a96f8a0501
Certificate
IssuerLet's Encrypt
Subjectnutarcom.us
FingerprintB8:DF:C4:3D:D6:67:7A:4B:4E:4F:BF:9F:BC:54:1B:65:37:38:8C:F2
ValidityTue, 23 Apr 2024 22:24:07 GMT - Mon, 22 Jul 2024 22:24:06 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
168 B (168 bytes)
Hash
8afa9597645e1f82fc6f3b665439af8e
17dc0d5f7e6c4fa6dc11f04ad99137ded4e96dc8
688de0e690581adfbd5e1e6f110a1b83f86cbbaa6ab0bc1590db3d347484eaaa

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /api-as1f?email=CQuattrociocchi@mfda.ca&data=logo HTTP/1.1
Host: nutarcom.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nutarcom.us/beebb091955c06fa68b3eb8afc0bae51662a96f8a0500PASbeebb091955c06fa68b3eb8afc0bae51662a96f8a0501
Cookie: cf_clearance=DIdOJ.NxwnbkOvP28nDOoustYIi_OTU1U1CgbgD01Gk-1714067186-1.0.1.1-7xG2Ki0ljj9ebz2z6EIqEVcgn9bGX4wYXYj477erxLvbc8JdxSGR51JS7hKs9Dtge.bcUEmWugySc2GuHgdSOA; PHPSESSID=bbe3d16f2dd3f71507c9dbda3f0c4651
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:46:33 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cS48cIF290wNmWBUpa0gx%2BUwryySRMrpB6yci1GVMa8VM8y6fVgoKFQhZLanWN4e3OOdOcakpLCQKsrsgx022%2Bw63wq4n%2BjJ24eyITybGr%2BBuFU4kNzkIWNK%2BF8UtA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a02734afb45690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nutarcom.us/ic/b72f29c15ab120346b5d0e71e245a14a662a96f903b1d

104.21.35.239

200 OK

17 kB

URL GET HTTP/3
nutarcom.us/ic/b72f29c15ab120346b5d0e71e245a14a662a96f903b1d
IP
104.21.35.239:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nutarcom.us/beebb091955c06fa68b3eb8afc0bae51662a96f8a0500PASbeebb091955c06fa68b3eb8afc0bae51662a96f8a0501
Certificate
IssuerLet's Encrypt
Subjectnutarcom.us
FingerprintB8:DF:C4:3D:D6:67:7A:4B:4E:4F:BF:9F:BC:54:1B:65:37:38:8C:F2
ValidityTue, 23 Apr 2024 22:24:07 GMT - Mon, 22 Jul 2024 22:24:06 GMT

File type
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Size
17 kB (17174 bytes)
Hash
12e3dac858061d088023b2bd48e2fa96
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

HTTP Headers

GET /ic/b72f29c15ab120346b5d0e71e245a14a662a96f903b1d HTTP/1.1
Host: nutarcom.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nutarcom.us/beebb091955c06fa68b3eb8afc0bae51662a96f8a0500PASbeebb091955c06fa68b3eb8afc0bae51662a96f8a0501
Cookie: cf_clearance=DIdOJ.NxwnbkOvP28nDOoustYIi_OTU1U1CgbgD01Gk-1714067186-1.0.1.1-7xG2Ki0ljj9ebz2z6EIqEVcgn9bGX4wYXYj477erxLvbc8JdxSGR51JS7hKs9Dtge.bcUEmWugySc2GuHgdSOA; PHPSESSID=bbe3d16f2dd3f71507c9dbda3f0c4651
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:46:33 GMT
content-type: image/x-icon
last-modified: Tue, 23 Apr 2024 23:26:34 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ys6kkGmpERJFFz70mgFkzuhyfhW9DfVBCFg5ydqc1BPsdfV3aQUsv26yvLSTLs%2BGWLPGBHwCsKBRiohwmU72IEgKfpd7s9vjgU66O6eOFWdC%2B32icULwpeaomlZu2A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a02736d9c95690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

aadcdn.msauthimages.net/dbd5a2dd-yoyltppnqgyfm2zu8rijwzq-dkpkrukfalpjd8zjxhe/logintenantbranding/0/bannerlogo?ts=638449074148954224

152.199.21.175

200 OK

4.8 kB

URL GET HTTP/2
aadcdn.msauthimages.net/dbd5a2dd-yoyltppnqgyfm2zu8rijwzq-dkpkrukfalpjd8zjxhe/logintenantbranding/0/bannerlogo?ts=638449074148954224
IP
152.199.21.175:443
ASN
#15133 EDGECAST

Requested by
https://nutarcom.us/beebb091955c06fa68b3eb8afc0bae51662a96f8a0500PASbeebb091955c06fa68b3eb8afc0bae51662a96f8a0501
Certificate
IssuerMicrosoft Corporation
Subjectaadcdn.msauthimages.net
Fingerprint3B:14:C7:84:64:65:A8:46:3C:B4:7E:B7:F2:A1:AF:6B:8F:EF:17:E5
ValidityThu, 11 Jan 2024 12:14:02 GMT - Sun, 05 Jan 2025 12:14:02 GMT

File type
PNG image data, 245 x 36, 8-bit/color RGBA, non-interlaced
Size
4.8 kB (4844 bytes)
Hash
43fa45f9a3c9023f828404da9986d9ab
7d613c3cbc43a180e22f9369156d583b73acd0a6
c6fa4a37f4d6e0a7b959853267f511e9e9f2adf9dc8b5b61ce651c8e44f26b82

HTTP Headers

GET /dbd5a2dd-yoyltppnqgyfm2zu8rijwzq-dkpkrukfalpjd8zjxhe/logintenantbranding/0/bannerlogo?ts=638449074148954224 HTTP/1.1
Host: aadcdn.msauthimages.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nutarcom.us/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
age: 10803
cache-control: public, max-age=86400
content-md5: Q/pF+aPJAj+ChATamYbZqw==
content-type: image/*
date: Thu, 25 Apr 2024 17:46:33 GMT
etag: 0x8DC3A0CDFFAAC5B
last-modified: Fri, 01 Mar 2024 16:30:15 GMT
server: ECAcc (ska/F78F)
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: eadb8371-f01e-0055-461f-975369000000
x-ms-version: 2009-09-19
content-length: 4844
X-Firefox-Spdy: h2

nutarcom.us/jm/b72f29c15ab120346b5d0e71e245a14a662a96f8aaba9

104.21.35.239

200 OK

6.4 kB

URL GET HTTP/3
nutarcom.us/jm/b72f29c15ab120346b5d0e71e245a14a662a96f8aaba9
IP
104.21.35.239:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nutarcom.us/beebb091955c06fa68b3eb8afc0bae51662a96f8a0500PASbeebb091955c06fa68b3eb8afc0bae51662a96f8a0501
Certificate
IssuerLet's Encrypt
Subjectnutarcom.us
FingerprintB8:DF:C4:3D:D6:67:7A:4B:4E:4F:BF:9F:BC:54:1B:65:37:38:8C:F2
ValidityTue, 23 Apr 2024 22:24:07 GMT - Mon, 22 Jul 2024 22:24:06 GMT

File type
JavaScript source, ASCII text, with very long lines (6376), with no line terminators
Size
6.4 kB (6357 bytes)
Hash
1e07a363eef4b40ab4a38d5e4371da5c
7351be2a378540a016aec380141927221a45f19b
01ba4de80540981fd34be681b5c1fce8b205e341ac6fa73a61817068ff566510

HTTP Headers

GET /jm/b72f29c15ab120346b5d0e71e245a14a662a96f8aaba9 HTTP/1.1
Host: nutarcom.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nutarcom.us/beebb091955c06fa68b3eb8afc0bae51662a96f8a0500PASbeebb091955c06fa68b3eb8afc0bae51662a96f8a0501
Cookie: cf_clearance=DIdOJ.NxwnbkOvP28nDOoustYIi_OTU1U1CgbgD01Gk-1714067186-1.0.1.1-7xG2Ki0ljj9ebz2z6EIqEVcgn9bGX4wYXYj477erxLvbc8JdxSGR51JS7hKs9Dtge.bcUEmWugySc2GuHgdSOA; PHPSESSID=bbe3d16f2dd3f71507c9dbda3f0c4651
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:46:32 GMT
content-type: text/javascript
last-modified: Tue, 23 Apr 2024 23:26:34 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nq2ObK9zwRqoajeG9qdE%2Bi81x53m9e2chTSQU7dFfBsxxWdPcQWZjG89LEXpYQHwBnPRU5jh60nRSdmRL%2BsjE38HfvE%2Bj3IL691WyP318V4Hp8c67Thg8XGWuvLx%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a027331d005690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

unpkg.com/axios/dist/axios.min.js

104.17.246.203

302 Found

42 kB

URL GET HTTP/2
unpkg.com/axios/dist/axios.min.js
IP
104.17.246.203:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nutarcom.us/beebb091955c06fa68b3eb8afc0bae51662a96f8a0500PASbeebb091955c06fa68b3eb8afc0bae51662a96f8a0501
Certificate
IssuerGoogle Trust Services LLC
Subjectunpkg.com
Fingerprint2E:F1:F6:31:28:EC:29:20:41:F4:58:4B:B1:CF:51:16:77:7E:BF:E3
ValidityMon, 01 Apr 2024 02:40:24 GMT - Sun, 30 Jun 2024 02:40:23 GMT

File type

Size
42 kB (41481 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /axios/dist/axios.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nutarcom.us/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Thu, 25 Apr 2024 17:46:32 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /axios@1.6.8/dist/axios.min.js
vary: Accept, Accept-Encoding
content-encoding: br
via: 1.1 fly.io
fly-request-id: 01HWB5M4EYMQNZFBEC2ZK9JZGA-arn
cf-cache-status: HIT
age: 240
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a027332b2db503-OSL
X-Firefox-Spdy: h2

nutarcom.us/api-as1f?email=CQuattrociocchi@mfda.ca&data=background

104.21.35.239

200 OK

176 B

URL GET HTTP/3
nutarcom.us/api-as1f?email=CQuattrociocchi@mfda.ca&data=background
IP
104.21.35.239:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nutarcom.us/beebb091955c06fa68b3eb8afc0bae51662a96f8a0500PASbeebb091955c06fa68b3eb8afc0bae51662a96f8a0501
Certificate
IssuerLet's Encrypt
Subjectnutarcom.us
FingerprintB8:DF:C4:3D:D6:67:7A:4B:4E:4F:BF:9F:BC:54:1B:65:37:38:8C:F2
ValidityTue, 23 Apr 2024 22:24:07 GMT - Mon, 22 Jul 2024 22:24:06 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
176 B (176 bytes)
Hash
23950dd4e158900e816244d31a72112e
fd22f50044c5d20aea521535457274c7bd7428a4
2d074cadf13b90f4a42980fcdcef24375146cda3d7319f43814b13a9bb793f1f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /api-as1f?email=CQuattrociocchi@mfda.ca&data=background HTTP/1.1
Host: nutarcom.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nutarcom.us/beebb091955c06fa68b3eb8afc0bae51662a96f8a0500PASbeebb091955c06fa68b3eb8afc0bae51662a96f8a0501
Cookie: cf_clearance=DIdOJ.NxwnbkOvP28nDOoustYIi_OTU1U1CgbgD01Gk-1714067186-1.0.1.1-7xG2Ki0ljj9ebz2z6EIqEVcgn9bGX4wYXYj477erxLvbc8JdxSGR51JS7hKs9Dtge.bcUEmWugySc2GuHgdSOA; PHPSESSID=bbe3d16f2dd3f71507c9dbda3f0c4651
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:46:34 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=irrKafF1wuU%2FEeh4kUC8ChU1Lq0xcnde3J5aE2CTFIqwMivwlDnALZ%2B7RqgcN%2Bh89WdV7RyIqifDMda1ITm83nd2JTQpb40n1J76%2FtZjC%2B727HzT6%2BGhgH7CDD9mwA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a02734bfbb5690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nutarcom.us/MCQuattrociocchi@mfda.ca

104.21.35.239

403 Forbidden

17 kB

URL User Request GET HTTP/2
nutarcom.us/MCQuattrociocchi@mfda.ca
IP
104.21.35.239:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectnutarcom.us
FingerprintB8:DF:C4:3D:D6:67:7A:4B:4E:4F:BF:9F:BC:54:1B:65:37:38:8C:F2
ValidityTue, 23 Apr 2024 22:24:07 GMT - Mon, 22 Jul 2024 22:24:06 GMT

File type
HTML document, ASCII text, with very long lines (16794), with no line terminators
Size
17 kB (16794 bytes)
Hash
a59a864bc9624ca9cfe0f7fd6722b79e
a6400134fe72660b476294323bcb1755349613a7
770ae98cfa125bb2a6f93a19b51c455ea498274ff3d3a77bbcae6d42e3ef9214

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /MCQuattrociocchi@mfda.ca HTTP/1.1
Host: nutarcom.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Thu, 25 Apr 2024 17:46:26 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: Ken41wvKN7X0aAZPGwqiNbYR4LQ1MWh6EjhNTCxkdwGE2DH7rC9pEJ8SoXn1j0hx8CHhpA93XVmuo29qLr688plP7i+WWQLtrux5tH7BbmU2jeijPDtcJ6+sC4n2tcN58kbqFixY0v1Yrl3TRWulWg==$zb0wjmLEHB2GYC4d5qrILg==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p34EyoPu2arkemwNj%2F4DU4YVynAs%2B992gpOrg7P%2Bx5bjf%2B%2B0%2BvYUpIockg7D2%2Fqu8qNMlqVh316bRV5LNmwpc%2BHKDzMAv4nnMO7quCpaJclDkoc9JMusin6iBU45Tw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a02709ea1b5696-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

nutarcom.us/MCQuattrociocchi@mfda.ca

104.21.35.239

302 Found

5.5 kB

URL User Request POST HTTP/3
nutarcom.us/MCQuattrociocchi@mfda.ca
IP
104.21.35.239:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectnutarcom.us
FingerprintB8:DF:C4:3D:D6:67:7A:4B:4E:4F:BF:9F:BC:54:1B:65:37:38:8C:F2
ValidityTue, 23 Apr 2024 22:24:07 GMT - Mon, 22 Jul 2024 22:24:06 GMT

File type

Size
5.5 kB (5502 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

POST /MCQuattrociocchi@mfda.ca HTTP/1.1
Host: nutarcom.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nutarcom.us/MCQuattrociocchi@mfda.ca?__cf_chl_tk=s0b6eunCvngta7Xq2eu_CFGQJF8rL3vXu7PiROQ8se4-1714067186-0.0.1.1-1621
Content-Type: application/x-www-form-urlencoded
Content-Length: 4966
Origin: https://nutarcom.us
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 302 Found
date: Thu, 25 Apr 2024 17:46:32 GMT
content-type: text/html; charset=UTF-8
location: ./beebb091955c06fa68b3eb8afc0bae51662a96f8a0500PASbeebb091955c06fa68b3eb8afc0bae51662a96f8a0501
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: cf_clearance=DIdOJ.NxwnbkOvP28nDOoustYIi_OTU1U1CgbgD01Gk-1714067186-1.0.1.1-7xG2Ki0ljj9ebz2z6EIqEVcgn9bGX4wYXYj477erxLvbc8JdxSGR51JS7hKs9Dtge.bcUEmWugySc2GuHgdSOA; path=/; expires=Fri, 25-Apr-25 17:46:32 GMT; domain=.nutarcom.us; HttpOnly; Secure; SameSite=None
PHPSESSID=bbe3d16f2dd3f71507c9dbda3f0c4651; path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2%2BXjstv94IppDpgZ6SrWLd4ZBROK24LRtQGPT3AsU9uq9E7gBNVjWr%2BKnf9qo2SIcYeHJKanT04lHvX3rc5hgqco%2BXP90KK6%2B8te7%2Fyhzs7uOVF7%2BOunqrTSq22YYg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a027306a575690-OSL
alt-svc: h3=":443"; ma=86400

nutarcom.us/boot/b72f29c15ab120346b5d0e71e245a14a662a96f8aaba8

104.21.35.239

200 OK

51 kB

URL GET HTTP/3
nutarcom.us/boot/b72f29c15ab120346b5d0e71e245a14a662a96f8aaba8
IP
104.21.35.239:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nutarcom.us/beebb091955c06fa68b3eb8afc0bae51662a96f8a0500PASbeebb091955c06fa68b3eb8afc0bae51662a96f8a0501
Certificate
IssuerLet's Encrypt
Subjectnutarcom.us
FingerprintB8:DF:C4:3D:D6:67:7A:4B:4E:4F:BF:9F:BC:54:1B:65:37:38:8C:F2
ValidityTue, 23 Apr 2024 22:24:07 GMT - Mon, 22 Jul 2024 22:24:06 GMT

File type
JavaScript source, ASCII text, with very long lines (50758)
Size
51 kB (51039 bytes)
Hash
67176c242e1bdc20603c878dee836df3
27a71b00383d61ef3c489326b3564d698fc1227c
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

HTTP Headers

GET /boot/b72f29c15ab120346b5d0e71e245a14a662a96f8aaba8 HTTP/1.1
Host: nutarcom.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nutarcom.us/beebb091955c06fa68b3eb8afc0bae51662a96f8a0500PASbeebb091955c06fa68b3eb8afc0bae51662a96f8a0501
Cookie: cf_clearance=DIdOJ.NxwnbkOvP28nDOoustYIi_OTU1U1CgbgD01Gk-1714067186-1.0.1.1-7xG2Ki0ljj9ebz2z6EIqEVcgn9bGX4wYXYj477erxLvbc8JdxSGR51JS7hKs9Dtge.bcUEmWugySc2GuHgdSOA; PHPSESSID=bbe3d16f2dd3f71507c9dbda3f0c4651
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:46:32 GMT
content-type: text/javascript
last-modified: Tue, 23 Apr 2024 23:26:34 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lNW6dZxjT5MB7IftmQ%2FMYm3d9YrrguakaOOpUV4HfiiAxyKCK1YbNUpLgdgoZUwvwct2016n9AL6sTpoWab0JN4cYtH5YU0lmIknUA%2FyLravXJO2fAw6ynQSO5pX5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a027331cfd5690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (31)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations