webmin.com/cgi-bin/redirect.cgi/install/https:/afterkoma.com/go/aCdGQ4t/Y21hbXJha0BkY25keC5jb20=
216.105.38.11 241 B URL webmin.com/cgi-bin/redirect.cgi/install/https:/afterkoma.com/go/aCdGQ4t/Y21hbXJha0BkY25keC5jb20=
IP 216.105.38.11:0
File type HTML document, ASCII text
Hash ade0c16eb2948db2bb33ce87b619900b
ca53a2a4eb320f5a7b1e7ef42562b2a06ac68c42
c38aeee6e70cd377161d5d6df20fc7b31d7db96ae5c8c60b37df1e82e1de1bbc
GET /cgi-bin/redirect.cgi/install/https:/afterkoma.com/go/aCdGQ4t/Y21hbXJha0BkY25keC5jb20= HTTP/1.1
Host: webmin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 17 Apr 2024 19:14:22 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 241
Connection: keep-alive
location: https://afterkoma.com/go/aCdGQ4t/Y21hbXJha0BkY25keC5jb20=
cache-control: max-age=3600
expires: Wed, 17 Apr 2024 20:14:16 GMT
vary: Accept-Encoding
afterkoma.com/go/aCdGQ4t/Y21hbXJha0BkY25keC5jb20=
192.185.84.90 0 B URL afterkoma.com/go/aCdGQ4t/Y21hbXJha0BkY25keC5jb20=
IP 192.185.84.90:0
ASN #19871 NETWORK-SOLUTIONS-HOSTING
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /go/aCdGQ4t/Y21hbXJha0BkY25keC5jb20= HTTP/1.1
Host: afterkoma.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
refresh: 0;url=https://abbe3156.9b1fed916247e2ac344e288a.workers.dev?qrc=cmamrak@dcndx.com
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 17 Apr 2024 19:14:23 GMT
server: Apache
X-Firefox-Spdy: h2
challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
104.17.3.184302 Found 0 B URL GET HTTP/2 challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
IP 104.17.3.184:443
Requested by https://abbe3156.9b1fed916247e2ac344e288a.workers.dev/?qrc=cmamrak@dcndx.com
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://abbe3156.9b1fed916247e2ac344e288a.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Wed, 17 Apr 2024 19:14:23 GMT
content-length: 0
cache-control: max-age=300, public
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
location: /turnstile/v0/g/54ea73d52131/api.js?onload=onloadTurnstileCallback
vary: Accept-Encoding
server: cloudflare
cf-ray: 875ebce34a4f0b55-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
abbe3156.9b1fed916247e2ac344e288a.workers.dev/?qrc=cmamrak@dcndx.com
104.21.21.152 0 B URL abbe3156.9b1fed916247e2ac344e288a.workers.dev/?qrc=cmamrak@dcndx.com
IP 104.21.21.152:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /?qrc=cmamrak@dcndx.com HTTP/1.1
Host: abbe3156.9b1fed916247e2ac344e288a.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 582
Origin: https://abbe3156.9b1fed916247e2ac344e288a.workers.dev
DNT: 1
Connection: keep-alive
Referer: https://abbe3156.9b1fed916247e2ac344e288a.workers.dev/?qrc=cmamrak@dcndx.com
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
date: Wed, 17 Apr 2024 19:14:29 GMT
content-length: 0
location: https://hudforsolutionsinc.com?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2h1ZGZvcnNvbHV0aW9uc2luYy5jb20iLCJkb21haW4iOiJodWRmb3Jzb2x1dGlvbnNpbmMuY29tIiwia2V5IjoibUJ3bTlZeDlOUWdBIiwicXJjIjoiY21hbXJha0BkY25keC5jb20iLCJpYXQiOjE3MTMzODEyNjksImV4cCI6MTcxMzM4MTM4OX0.sSvMgKiGuaTmlQJnX8gHo5Wg8OIxGtIBlRlSRN0qheY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hsqL2GreBKZXvHK30qoVcOZYSx1X6vzIq3wD8taQ4LL2l4GkIEqx5uGEaCrq93DrXLfIa678A4gF5si3AMo9etc0%2BkKm3z2Dzcw2JImPuvrkU9tF7eQUlOagp8riXIJ5jIHpGFaKG%2B7t8Kpq8JZczCgy9CMg9433M5ulz1Y5UAk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875ebd010bf9b51b-OSL
alt-svc: h3=":443"; ma=86400
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/2041661280:1713377685:iLOQjqKbx6dNAPxy5R2mERHzG03zGUVocmaYD99hLlw/875ebce44f63569b/a98e78c4b7fb353
104.17.3.184200 OK 13 kB URL POST HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/2041661280:1713377685:iLOQjqKbx6dNAPxy5R2mERHzG03zGUVocmaYD99hLlw/875ebce44f63569b/a98e78c4b7fb353
IP 104.17.3.184:443
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/cnwy7/0x4AAAAAAAXZk7rBJwoGVTXO/auto/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File type ASCII text, with very long lines (3500), with no line terminators
Hash 66648549f0830534b29b853ae1f9491b
7faf05dc71e50bd6f228a9dc3076885a6693643e
f9f8aa2028f22cdb83c430ae988bde864f25142edd1926d22a2e3f452010487e
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/2041661280:1713377685:iLOQjqKbx6dNAPxy5R2mERHzG03zGUVocmaYD99hLlw/875ebce44f63569b/a98e78c4b7fb353 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/cnwy7/0x4AAAAAAAXZk7rBJwoGVTXO/auto/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: a98e78c4b7fb353
Content-Length: 35203
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 19:14:28 GMT
content-type: text/html; charset=UTF-8
cf-chl-out: h6uhrpYryN3h0gDTI+EUyWGNu90wH1CZtUPdQZoLXiEaRvTckFfHA5zQxOQvzID9AxFX/gAsNy5Ud0CrSKALKL8dBH2CHSoFdCFp4i9NTXo3cmERF7QtjtZdlO7UTkgC$HOwbv9pi8Qde71C25FgRZA==
cf-chl-out-s: lirLLsjbspRdxUaRQuQlMdXi+B7yXbgHuH/pXwJ5yM3Q9OlcghjN0GASOD+OTjK0fL5EzdxinW9Wi8UJi/twbxP7NpiuJwq1k5RFJD1D0FzN3wKqMaoGrk0bWYjgWlbqqtQkBwMmJg6cXA6ge8xD9M36dbzEAnUhKlfuBoBYJRuBLNZlO/if4GiW2bSVH0lMnX9nuR4EzVBqAQ0c+iuc8fSDryuHmFsnD8bpO8sUIOzrNb76B2GH7udxAAfKWy0yNp660Ns4c1sQOdRAIvOMCB9KCJuL2gwgzdmOXIKbVQNUVB2b6XIhL/SU85FOQpoVMO2xHLcTuYmD41tJ4ghAMGvxqEVXr6uACGvhCRyIEuBtm+aYZaJhi2QIaNzLn4XOoiEigU6yS0xLWt/MPQ/UChngiNZz8LS231Ne2PVCxx7w/9Or/9sUP359DuTJIMm30xBMnp5fmdLbg3FFUsi/8v9auyGoH6lA49Bl7yl0H4Mz1S0nmpwFjR/WSl9fjpjFLuRgo/u1PCV3WAWgE+jsv03L7fZuqLICLrm+JVUpYJaccaACbtRMHy3NbO1wgNxuzPFRIhljiz6kk3I8NuK3mruMBVmgwdA+5h7HX6qe3TsddaQdtoJ/TrZpJklcwgY+$yHo6/kIvWvCUNKO3JUUBPg==
server: cloudflare
cf-ray: 875ebd007f6f569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
hudforsolutionsinc.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2h1ZGZvcnNvbHV0aW9uc2luYy5jb20iLCJkb21haW4iOiJodWRmb3Jzb2x1dGlvbnNpbmMuY29tIiwia2V5IjoibUJ3bTlZeDlOUWdBIiwicXJjIjoiY21hbXJha0BkY25keC5jb20iLCJpYXQiOjE3MTMzODEyNjksImV4cCI6MTcxMzM4MTM4OX0.sSvMgKiGuaTmlQJnX8gHo5Wg8OIxGtIBlRlSRN0qheY
31.220.31.168 0 B URL hudforsolutionsinc.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2h1ZGZvcnNvbHV0aW9uc2luYy5jb20iLCJkb21haW4iOiJodWRmb3Jzb2x1dGlvbnNpbmMuY29tIiwia2V5IjoibUJ3bTlZeDlOUWdBIiwicXJjIjoiY21hbXJha0BkY25keC5jb20iLCJpYXQiOjE3MTMzODEyNjksImV4cCI6MTcxMzM4MTM4OX0.sSvMgKiGuaTmlQJnX8gHo5Wg8OIxGtIBlRlSRN0qheY
IP 31.220.31.168:0
ASN #47583 Hostinger International Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Microsoft Outlook
GET /?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2h1ZGZvcnNvbHV0aW9uc2luYy5jb20iLCJkb21haW4iOiJodWRmb3Jzb2x1dGlvbnNpbmMuY29tIiwia2V5IjoibUJ3bTlZeDlOUWdBIiwicXJjIjoiY21hbXJha0BkY25keC5jb20iLCJpYXQiOjE3MTMzODEyNjksImV4cCI6MTcxMzM4MTM4OX0.sSvMgKiGuaTmlQJnX8gHo5Wg8OIxGtIBlRlSRN0qheY HTTP/1.1
Host: hudforsolutionsinc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://abbe3156.9b1fed916247e2ac344e288a.workers.dev/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Set-Cookie: qPdM=mBwm9Yx9NQgA; path=/; samesite=none; secure; httponly
qPdM.sig=0DdfdQ-dNHhH2_-b1MtLGQtxjlA; path=/; samesite=none; secure; httponly
location: /__//qyc/0cwvj/kfgpvkva?ste=eocotcm%40fepfz.eqo
Date: Wed, 17 Apr 2024 19:14:30 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked
hudforsolutionsinc.com/__//qyc/0cwvj/kfgpvkva?ste=eocotcm%40fepfz.eqo
31.220.31.168 2 B URL hudforsolutionsinc.com/__//qyc/0cwvj/kfgpvkva?ste=eocotcm%40fepfz.eqo
IP 31.220.31.168:0
ASN #47583 Hostinger International Limited
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Microsoft Outlook
GET /__//qyc/0cwvj/kfgpvkva?ste=eocotcm%40fepfz.eqo HTTP/1.1
Host: hudforsolutionsinc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://abbe3156.9b1fed916247e2ac344e288a.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=mBwm9Yx9NQgA; qPdM.sig=0DdfdQ-dNHhH2_-b1MtLGQtxjlA
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Status: 302 Found
Location: /owa/0auth/migrate?qrc=cmamrak@dcndx.com
Content-Type: text/plain
Date: Wed, 17 Apr 2024 19:14:30 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked
hudforsolutionsinc.com/owa/0auth/migrate?qrc=cmamrak@dcndx.com
31.220.31.168 0 B URL hudforsolutionsinc.com/owa/0auth/migrate?qrc=cmamrak@dcndx.com
IP 31.220.31.168:0
ASN #47583 Hostinger International Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Microsoft Outlook
GET /owa/0auth/migrate?qrc=cmamrak@dcndx.com HTTP/1.1
Host: hudforsolutionsinc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://abbe3156.9b1fed916247e2ac344e288a.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=mBwm9Yx9NQgA; qPdM.sig=0DdfdQ-dNHhH2_-b1MtLGQtxjlA
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
location: /
Set-Cookie: logondata=acc=0&lgn=cmamrak@dcndx.com;path=/
Date: Wed, 17 Apr 2024 19:14:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked
hudforsolutionsinc.com/
31.220.31.168 0 B IP 31.220.31.168:0
ASN #47583 Hostinger International Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Microsoft Outlook
GET / HTTP/1.1
Host: hudforsolutionsinc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://abbe3156.9b1fed916247e2ac344e288a.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=mBwm9Yx9NQgA; qPdM.sig=0DdfdQ-dNHhH2_-b1MtLGQtxjlA; logondata=acc=0&lgn=cmamrak@dcndx.com
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache
Pragma: no-cache
Location: https://hudforsolutionsinc.com/owa/
Server: Microsoft-IIS/10.0
X-FEServer: DCNSRV21-EX16
X-RequestId: 34ef3075-b1e2-42e2-92c6-8da024cac5c2
Date: Wed, 17 Apr 2024 19:14:32 GMT
Connection: close
Content-Length: 0
hudforsolutionsinc.com/owa/
31.220.31.168 222 B URL hudforsolutionsinc.com/owa/
IP 31.220.31.168:0
ASN #47583 Hostinger International Limited
File type HTML document, ASCII text, with CRLF line terminators
Hash 10304c15221dad4096954ee96fbf8703
8d8b513c6488118df84e144cc5fc76a7b4c8678c
a82803f65e67e655df5eec8375e3518f236bfc386f9f03e6abbb5534edbada15
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Microsoft Outlook
GET /owa/ HTTP/1.1
Host: hudforsolutionsinc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://abbe3156.9b1fed916247e2ac344e288a.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=mBwm9Yx9NQgA; qPdM.sig=0DdfdQ-dNHhH2_-b1MtLGQtxjlA; logondata=acc=0&lgn=cmamrak@dcndx.com
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
Location: https://hudforsolutionsinc.com/owa/auth/logon.aspx?url=https%3a%2f%2fmail.dcndx.com%2fowa%2f&reason=0
Server: Microsoft-IIS/10.0
request-id: 8fd785ef-8a13-4fb5-9ee4-43ae2cfeed12
X-OWA-Version: 15.1.2507.37
X-Powered-By: ASP.NET
X-FEServer: DCNSRV21-EX16
Date: Wed, 17 Apr 2024 19:14:32 GMT
Connection: close
content-length: 222
challenges.cloudflare.com/turnstile/v0/g/54ea73d52131/api.js?onload=onloadTurnstileCallback
104.17.3.184200 OK 42 kB URL GET HTTP/3 challenges.cloudflare.com/turnstile/v0/g/54ea73d52131/api.js?onload=onloadTurnstileCallback
IP 104.17.3.184:443
Requested by https://abbe3156.9b1fed916247e2ac344e288a.workers.dev/?qrc=cmamrak@dcndx.com
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (42414)
Hash 374fec8b5e50cd6ab980f3fef21a5aa0
7f474607991a19b6f1b78cc32e0f75b501b60774
8af2da74872f03e058ab79a584176d2086afc01bbd42dd2ed14259179341be6a
GET /turnstile/v0/g/54ea73d52131/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://abbe3156.9b1fed916247e2ac344e288a.workers.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 19:14:23 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 875ebce37db7569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
hudforsolutionsinc.com/owa/auth/logon.aspx?url=https%3a%2f%2fmail.dcndx.com%2fowa%2f&reason=0
31.220.31.168 28 kB URL hudforsolutionsinc.com/owa/auth/logon.aspx?url=https%3a%2f%2fmail.dcndx.com%2fowa%2f&reason=0
IP 31.220.31.168:0
ASN #47583 Hostinger International Limited
File type HTML document, ASCII text, with very long lines (1062), with CRLF, LF line terminators
Hash 85d87435f892159d2059e5ea7127c198
4f8092392c6cd4259bb7c89c72a9ad9856267abc
54ac10e95c362be0dfdf9c3191ea6dc62249e21b1dc53db6988c2c152950082c
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Microsoft Outlook
GET /owa/auth/logon.aspx?url=https%3a%2f%2fmail.dcndx.com%2fowa%2f&reason=0 HTTP/1.1
Host: hudforsolutionsinc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://abbe3156.9b1fed916247e2ac344e288a.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=mBwm9Yx9NQgA; qPdM.sig=0DdfdQ-dNHhH2_-b1MtLGQtxjlA; logondata=acc=0&lgn=cmamrak@dcndx.com
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/10.0
request-id: bdab0be2-1a9e-432e-93a8-681f327cee0e
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 17 Apr 2024 19:14:33 GMT
Connection: close
content-length: 27974
abbe3156.9b1fed916247e2ac344e288a.workers.dev/?qrc=cmamrak@dcndx.com
104.21.21.152 60 kB URL abbe3156.9b1fed916247e2ac344e288a.workers.dev/?qrc=cmamrak@dcndx.com
IP 104.21.21.152:0
File type HTML document, ASCII text, with very long lines (3255), with no line terminators
Hash d22e653365d8b34dfa996b5aeeb47950
10f8c033cbed063c0d2d78a0875f3297458110b2
006867f93cba8caac5d8b849643db2db1969a17d4b623bb5206a685858698cfe
GET /?qrc=cmamrak@dcndx.com HTTP/1.1
Host: abbe3156.9b1fed916247e2ac344e288a.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 17 Apr 2024 19:14:23 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R4SWjzqn1dQdbSLwQXZXSebSwgy6Q6noBN0POGb2lbK%2BIZWHwHcxrVB5g2dqcx4LRHdxnbGEYgStV1HVyE7lfMqoDEhSMEFS62vnACYfZhfHe5GruvThnQsVehwIvUidoD8rwlaR5gAXnYxwlOn9uyJX3CfxUP47smAooxjYUh8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875ebce22ab57127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/875ebce44f63569b/1713381264393/1b50ccbc716ff47ecd4f4f1a1ba523404826dfcae46b84b18c92bad7692c0ff5/S_SJZoIyefSRQ4k
104.17.3.184401 Unauthorized 42 kB URL GET HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/875ebce44f63569b/1713381264393/1b50ccbc716ff47ecd4f4f1a1ba523404826dfcae46b84b18c92bad7692c0ff5/S_SJZoIyefSRQ4k
IP 104.17.3.184:443
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/cnwy7/0x4AAAAAAAXZk7rBJwoGVTXO/auto/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
Hash b5959a7238ba7b99a78f0dee63d85f24
d2ac252f6afedcd6e2e87fc17e84f5be59bfea17
97fdb6a2e44e383d9ac0a4b99c92243404380c04d05bcf59309e4257444cdfdc
GET /cdn-cgi/challenge-platform/h/g/pat/875ebce44f63569b/1713381264393/1b50ccbc716ff47ecd4f4f1a1ba523404826dfcae46b84b18c92bad7692c0ff5/S_SJZoIyefSRQ4k HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/cnwy7/0x4AAAAAAAXZk7rBJwoGVTXO/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 401 Unauthorized
date: Wed, 17 Apr 2024 19:14:24 GMT
content-type: text/plain; charset=UTF-8
www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gG1DMvHFv9H7NT08aG6UjQEgm38rka4SxjJK612ksD_UAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEArny_u1wyrVg8e-Kmwxyfb2WoiwwZ2VR7QAnot_CrcySq56Rui-jZM9090K9_dW6HmpAKhOjYXLCJ7g4U74G4z6SRM_YRj-GLp3EaBxay798DZIeAtv_N7Z9CHI_0VTYiqNXVm2z1bF5VtFasnv3JDaWb4yIjBd8vMfNUM4Y4nXXIeMIyXdVK2hlzVO8VxBkXca7UzhCq51WDKlSYPWUy9ieZTdwNf5Q49DwdF9woTnuKPY26TxVlEHMcf8JJiXLUR2bbdG-Qv1fqbwQloSjintj5uXWLsZd84bMpNedRNJBV22T0PgKNeip6oalvdYbaiHiyDATsKlA6-8KJ-CUQTQIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tIBtQzLxxb_R-zU9PGhulI0BIJt_K5GuEsYySutdpLA_1ABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEA1FEYykHcK8H9rb_u0aFz3CmWgYloQw4YhedoEOAjJ0vy2Axa4f9UG9Dzs4uXS34_h8l6MDo2nRCvLI9lvebilMnTjCn-6D77bewqYxJKUFZW1z2jBIdu03TrETczfEg7kxgKtJE9NXGDjYJcF_iMgzgNA0PEAVM89tUYXXlFy4cUAGlqU2mPpIEOxm5ARsXC-zlLK60fkJ4cOsZRkZa6EExdhmgdwQ0fEJuSOHrBO_-zJn4hUP8q9g4yqkxW2UrfJgD07F4HaHGBEiei06sGDvH2NEPvswEl5dTGxutNrxlU7W24iYhNa2nhjlc53nNb0mKtszv-czVE9UhXyJ7-RQIDAQAB", max-age=20
server: cloudflare
cf-ray: 875ebce939bb569b-OSL
alt-svc: h3=":443"; ma=86400
hudforsolutionsinc.com/owa/auth/15.1.2507/themes/resources/favicon.ico
31.220.31.168200 OK 7.9 kB URL GET HTTP/1.1 hudforsolutionsinc.com/owa/auth/15.1.2507/themes/resources/favicon.ico
IP 31.220.31.168:443
ASN #47583 Hostinger International Limited
Requested by https://hudforsolutionsinc.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.dcndx.com%2fowa%2f
Certificate IssuerLet's Encrypt
Subjecthudforsolutionsinc.com
Fingerprint43:DB:AD:80:AB:B0:67:C0:64:CB:80:67:A8:35:84:C3:82:A2:84:A2
ValidityWed, 17 Apr 2024 10:28:47 GMT - Tue, 16 Jul 2024 10:28:46 GMT
File type MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
Hash 759fade9033aa298629e4b000dcd6dde
34a1adf5c7326d7bde5b5735471b5d81e611c189
cf0808a61ec571e0c4975663903b288009d55502ac0445d9948983b339a5cf6e
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Microsoft Outlook
GET /owa/auth/15.1.2507/themes/resources/favicon.ico HTTP/1.1
Host: hudforsolutionsinc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hudforsolutionsinc.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.dcndx.com%2fowa%2f
Cookie: qPdM=mBwm9Yx9NQgA; qPdM.sig=0DdfdQ-dNHhH2_-b1MtLGQtxjlA; logondata=acc=0&lgn=cmamrak@dcndx.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: public,max-age=2592000
Content-Type: image/x-icon
Last-Modified: Sat, 26 Mar 2022 18:40:39 GMT
Accept-Ranges: bytes
ETag: "806d40fd4041d81:0"
Server: Microsoft-IIS/10.0
request-id: 33808d11-c599-449b-9221-c6d80ddc7b07
X-Powered-By: ASP.NET
Date: Wed, 17 Apr 2024 19:14:35 GMT
Connection: close
Content-Length: 7886
hudforsolutionsinc.com/owa/auth/15.1.2507/themes/resources/segoeui-regular.ttf
31.220.31.168200 OK 57 kB URL GET HTTP/1.1 hudforsolutionsinc.com/owa/auth/15.1.2507/themes/resources/segoeui-regular.ttf
IP 31.220.31.168:443
ASN #47583 Hostinger International Limited
Requested by https://hudforsolutionsinc.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.dcndx.com%2fowa%2f
Certificate IssuerLet's Encrypt
Subjecthudforsolutionsinc.com
Fingerprint43:DB:AD:80:AB:B0:67:C0:64:CB:80:67:A8:35:84:C3:82:A2:84:A2
ValidityWed, 17 Apr 2024 10:28:47 GMT - Tue, 16 Jul 2024 10:28:46 GMT
File type TrueType Font data, 18 tables, 1st "LTSH", 11 names, Microsoft, language 0x409, � 2010 Microsoft Corporation. All Rights Reserved.RegularSegoe UI RegularVersion 0.81 Build 159S
Hash 8af990b6ad3ba192c2dd6a193890bf5f
4db5bf117ff8f1392fab3b438216d7cff4ae4976
c147c2ec76a8ab8bd5082f1f4d3f80a43c689165cb164cdd812e44048fe38708
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Microsoft Outlook
GET /owa/auth/15.1.2507/themes/resources/segoeui-regular.ttf HTTP/1.1
Host: hudforsolutionsinc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hudforsolutionsinc.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.dcndx.com%2fowa%2f
Cookie: qPdM=mBwm9Yx9NQgA; qPdM.sig=0DdfdQ-dNHhH2_-b1MtLGQtxjlA; logondata=acc=0&lgn=cmamrak@dcndx.com
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: public,max-age=2592000
Content-Type: application/octet-stream
Last-Modified: Sun, 20 Mar 2022 14:39:34 GMT
Accept-Ranges: bytes
ETag: "017f650683cd81:0"
Server: Microsoft-IIS/10.0
request-id: a91d7a50-980d-46cb-9e25-e136b2a89d57
X-Powered-By: ASP.NET
Date: Wed, 17 Apr 2024 19:14:35 GMT
Connection: close
Content-Length: 56760
abbe3156.9b1fed916247e2ac344e288a.workers.dev/favicon.ico
104.21.21.152200 OK 3.3 kB URL GET HTTP/3 abbe3156.9b1fed916247e2ac344e288a.workers.dev/favicon.ico
IP 104.21.21.152:443
Requested by https://abbe3156.9b1fed916247e2ac344e288a.workers.dev/?qrc=cmamrak@dcndx.com
Certificate IssuerLet's Encrypt
Subject9b1fed916247e2ac344e288a.workers.dev
Fingerprint52:5B:40:D9:34:5A:76:10:9C:86:2D:EE:64:83:78:C4:A3:7B:29:59
ValidityWed, 17 Apr 2024 11:43:02 GMT - Tue, 16 Jul 2024 11:43:01 GMT
File type HTML document, ASCII text, with very long lines (3271), with no line terminators
Hash 42e2e83133f6f5b29196e786e7dbc965
be5149126f032bf72354a7b1f54ccd7d2db6aaa5
38de13c52f9b952d29b608e92465c8b84faea87fec64b501e769ee6962c6fe67
GET /favicon.ico HTTP/1.1
Host: abbe3156.9b1fed916247e2ac344e288a.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://abbe3156.9b1fed916247e2ac344e288a.workers.dev/?qrc=cmamrak@dcndx.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 17 Apr 2024 19:14:24 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Iu%2BQskWs%2BEmXwJs2wbipEvxwpKyfgsAxpRXQUXAQYs%2BgD50uYlYLQT%2FobojpEx8gfkWsBZr%2BW7bYGBAmvioHfFLmPlKhE5Y4zNy0zIme4YlNtQyoeiRiRWrqq7B0xs6%2FhY00ccy9cmIJ1MV4BsTNRDzc4fJKm%2FB%2F8p36QTclPXU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875ebce41a56b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D
104.17.3.184200 OK 61 B URL GET HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D
IP 104.17.3.184:443
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/cnwy7/0x4AAAAAAAXZk7rBJwoGVTXO/auto/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File type PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Hash 9246cca8fc3c00f50035f28e9f6b7f7d
3aa538440f70873b574f40cd793060f53ec17a5d
c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84
GET /cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/cnwy7/0x4AAAAAAAXZk7rBJwoGVTXO/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 17 Apr 2024 19:14:24 GMT
content-type: image/png
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 875ebce4e891569b-OSL
alt-svc: h3=":443"; ma=86400
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/875ebce44f63569b/1713381264393/o4wOxGaAlm4HgKY
104.17.3.184200 OK 61 B URL GET HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/875ebce44f63569b/1713381264393/o4wOxGaAlm4HgKY
IP 104.17.3.184:443
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/cnwy7/0x4AAAAAAAXZk7rBJwoGVTXO/auto/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File type PNG image data, 9 x 80, 8-bit/color RGB, non-interlaced
Hash ffbcfc1568b18ffa164255adb76c6b4d
71b18639bc6846be60872a9161696f78d5ed8f64
f6217f881623a2f5c349edca38b1c65508c9c78525615737f298ed0927b51833
GET /cdn-cgi/challenge-platform/h/g/i/875ebce44f63569b/1713381264393/o4wOxGaAlm4HgKY HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/cnwy7/0x4AAAAAAAXZk7rBJwoGVTXO/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 17 Apr 2024 19:14:24 GMT
content-type: image/png
server: cloudflare
cf-ray: 875ebce90942569b-OSL
alt-svc: h3=":443"; ma=86400
hudforsolutionsinc.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.dcndx.com%2fowa%2f
31.220.31.168200 OK 59 kB URL User Request GET HTTP/1.1 hudforsolutionsinc.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.dcndx.com%2fowa%2f
IP 31.220.31.168:443
ASN #47583 Hostinger International Limited
Certificate IssuerLet's Encrypt
Subjecthudforsolutionsinc.com
Fingerprint43:DB:AD:80:AB:B0:67:C0:64:CB:80:67:A8:35:84:C3:82:A2:84:A2
ValidityWed, 17 Apr 2024 10:28:47 GMT - Tue, 16 Jul 2024 10:28:46 GMT
File type HTML document, ASCII text, with very long lines (10414), with CRLF, LF line terminators
Hash 8dedc1b412824afd220588ad9175b834
e58ac8576ece37aad03628a7e39efeaccb05c929
630fdf2ca435475e7de47f3d99a644b7461a11c1c18ee8d27437525d7b5db0a5
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Microsoft Outlook
GET /owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.dcndx.com%2fowa%2f HTTP/1.1
Host: hudforsolutionsinc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hudforsolutionsinc.com/owa/auth/logon.aspx?url=https%3a%2f%2fmail.dcndx.com%2fowa%2f&reason=0
Cookie: qPdM=mBwm9Yx9NQgA; qPdM.sig=0DdfdQ-dNHhH2_-b1MtLGQtxjlA; logondata=acc=0&lgn=cmamrak@dcndx.com
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/10.0
request-id: 06533ad0-abb4-4bd3-97c8-45da897e6f42
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 17 Apr 2024 19:14:34 GMT
Connection: close
content-length: 58794
hudforsolutionsinc.com/owa/auth/15.1.2507/themes/resources/segoeui-semilight.ttf
31.220.31.168200 OK 42 kB URL GET HTTP/1.1 hudforsolutionsinc.com/owa/auth/15.1.2507/themes/resources/segoeui-semilight.ttf
IP 31.220.31.168:443
ASN #47583 Hostinger International Limited
Requested by https://hudforsolutionsinc.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.dcndx.com%2fowa%2f
Certificate IssuerLet's Encrypt
Subjecthudforsolutionsinc.com
Fingerprint43:DB:AD:80:AB:B0:67:C0:64:CB:80:67:A8:35:84:C3:82:A2:84:A2
ValidityWed, 17 Apr 2024 10:28:47 GMT - Tue, 16 Jul 2024 10:28:46 GMT
File type TrueType Font data, 16 tables, 1st "OS/2", 11 names, Microsoft, language 0x409, � 2010 Microsoft Corporation. All Rights Reserved.RegularSegoe UI SemilightVersion 1.00 build 16
Hash 6c26c24aabe31040657665b1e0d9505c
b3bdc48643752665e3e5798a192b27432a87d234
2d508a6e8979bba74b6fdf804c01a09a620c781e0fea73a8eefda904f5bcab25
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Microsoft Outlook
GET /owa/auth/15.1.2507/themes/resources/segoeui-semilight.ttf HTTP/1.1
Host: hudforsolutionsinc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hudforsolutionsinc.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.dcndx.com%2fowa%2f
Cookie: qPdM=mBwm9Yx9NQgA; qPdM.sig=0DdfdQ-dNHhH2_-b1MtLGQtxjlA; logondata=acc=0&lgn=cmamrak@dcndx.com
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: public,max-age=2592000
Content-Type: application/octet-stream
Last-Modified: Sun, 20 Mar 2022 14:41:26 GMT
Accept-Ranges: bytes
ETag: "0efb793683cd81:0"
Server: Microsoft-IIS/10.0
request-id: d0a9b68f-a092-44b6-a9b6-cd2776dc8560
X-Powered-By: ASP.NET
Date: Wed, 17 Apr 2024 19:14:35 GMT
Connection: close
Content-Length: 41560
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=875ebce44f63569b
104.17.3.184200 OK 428 kB URL GET HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=875ebce44f63569b
IP 104.17.3.184:443
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/cnwy7/0x4AAAAAAAXZk7rBJwoGVTXO/auto/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size 428 kB (428076 bytes)
Hash 3313f638a442359dd4f1460097f0bf83
e7baf754bb756f5fcdf7ce0953d06814dd1c1595
c48936d7aa586638159ecfed209a6b55c5fae6c96fcbebc43f1a4f27c606f327
GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=875ebce44f63569b HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/cnwy7/0x4AAAAAAAXZk7rBJwoGVTXO/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 17 Apr 2024 19:14:24 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
server: cloudflare
cf-ray: 875ebce4e897569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/cnwy7/0x4AAAAAAAXZk7rBJwoGVTXO/auto/normal
104.17.3.184200 OK 80 kB URL GET HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/cnwy7/0x4AAAAAAAXZk7rBJwoGVTXO/auto/normal
IP 104.17.3.184:443
Requested by https://abbe3156.9b1fed916247e2ac344e288a.workers.dev/?qrc=cmamrak@dcndx.com
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File type HTML document, ASCII text, with very long lines (41702)
Hash ed4128431f0c84c1d1192642b6e0031c
71542eef5fa5389e9b0300ee873fadb385948654
9923b6e7fbea4642c5e0cc21d48c444e18b78db2bf5dedb1e02ffc8437c0d601
GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/cnwy7/0x4AAAAAAAXZk7rBJwoGVTXO/auto/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://abbe3156.9b1fed916247e2ac344e288a.workers.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 17 Apr 2024 19:14:24 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
document-policy: js-profiling
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare
cf-ray: 875ebce44f63569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400