| r20.rs6.net/tn.jsp?f=001zx_zFvCFh6ullXgkX9H8-94pCO57BAJ7H_4XkjvHHKWskefkXrXUP3r7A6fQsnbD6tJ-gbDjXE-bEa3SL32kTD4ml49xRCHJa_a10yzx4FguHuoGoZ6yualtd_-MSDh3e2Xq30YKdap4LHGwgOfdvKB3bwsvx-wu&c=agUgUFB0mbGZCDTNOCg4v_j_U4AtXUJ3XYHTRvByJ0V128EQuH5N8Q==&ch=RcT1deST6um8NVRAWTBnoJf-kXDrjxyZNRShO3emqGW7jZr9KoObBQ==&_/b3BlcmF0aW9uc0BvamNyLmNh | 208.75.122.11 | | 0 B |
URL r20.rs6.net/tn.jsp?f=001zx_zFvCFh6ullXgkX9H8-94pCO57BAJ7H_4XkjvHHKWskefkXrXUP3r7A6fQsnbD6tJ-gbDjXE-bEa3SL32kTD4ml49xRCHJa_a10yzx4FguHuoGoZ6yualtd_-MSDh3e2Xq30YKdap4LHGwgOfdvKB3bwsvx-wu&c=agUgUFB0mbGZCDTNOCg4v_j_U4AtXUJ3XYHTRvByJ0V128EQuH5N8Q==&ch=RcT1deST6um8NVRAWTBnoJf-kXDrjxyZNRShO3emqGW7jZr9KoObBQ==&_/b3BlcmF0aW9uc0BvamNyLmNh IP208.75.122.11:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tn.jsp?f=001zx_zFvCFh6ullXgkX9H8-94pCO57BAJ7H_4XkjvHHKWskefkXrXUP3r7A6fQsnbD6tJ-gbDjXE-bEa3SL32kTD4ml49xRCHJa_a10yzx4FguHuoGoZ6yualtd_-MSDh3e2Xq30YKdap4LHGwgOfdvKB3bwsvx-wu&c=agUgUFB0mbGZCDTNOCg4v_j_U4AtXUJ3XYHTRvByJ0V128EQuH5N8Q==&ch=RcT1deST6um8NVRAWTBnoJf-kXDrjxyZNRShO3emqGW7jZr9KoObBQ==&_/b3BlcmF0aW9uc0BvamNyLmNh HTTP/1.1
Host: r20.rs6.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Fri, 29 Mar 2024 12:51:20 GMT
Server: Apache
P3P: CP="CAO DSP TAIa OUR NOR UNI"
Location: https://massdot-physicals.com/austins?/b3BlcmF0aW9uc0BvamNyLmNh
Content-Length: 0
Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate, no-cache="Set-Cookie"
Pragma: no-cache
Connection: close
Content-Type: text/html;charset=ISO-8859-1
|
|
| massdot-physicals.com/austins?/b3BlcmF0aW9uc0BvamNyLmNh | 192.185.97.195 | | 272 B |
URL massdot-physicals.com/austins?/b3BlcmF0aW9uc0BvamNyLmNh IP192.185.97.195:0 ASN#19871 NETWORK-SOLUTIONS-HOSTING
File typeHTML document, ASCII text Hash7384ee2e836b1bbb976e5527b6c20364 b272a5db55b7bf578e001202bb7c90cbed580646 243d81fd07bc1470e65e0a98cde1c3c01b3f6a47e3424524648e9752f3c942a6
GET /austins?/b3BlcmF0aW9uc0BvamNyLmNh HTTP/1.1
Host: massdot-physicals.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
location: https://massdot-physicals.com/austins/?/b3BlcmF0aW9uc0BvamNyLmNh
content-length: 272
content-type: text/html; charset=iso-8859-1
date: Fri, 29 Mar 2024 12:51:20 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| massdot-physicals.com/austins/?/b3BlcmF0aW9uc0BvamNyLmNh | 192.185.97.195 | | 120 B |
URL massdot-physicals.com/austins/?/b3BlcmF0aW9uc0BvamNyLmNh IP192.185.97.195:0 ASN#19871 NETWORK-SOLUTIONS-HOSTING
File typeHTML document, ASCII text Hash492d2b30c02c27effb5a0e734bafafa4 098b8392139990c2f0f77f85e34b8e69d1ebc5e0 5475549a7626982cea92fef9d609f09429d1d214c89fbc36d57dccc46d793769
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Microsoft Outlook |
GET /austins/?/b3BlcmF0aW9uc0BvamNyLmNh HTTP/1.1
Host: massdot-physicals.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-length: 120
content-type: text/html; charset=UTF-8
date: Fri, 29 Mar 2024 12:51:21 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| hunterconstracting.com/cdn-cgi/challenge-platform/scripts/jsd/main.js | 104.21.90.15 | | 0 B |
URL hunterconstracting.com/cdn-cgi/challenge-platform/scripts/jsd/main.js IP104.21.90.15:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Microsoft Outlook |
GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: hunterconstracting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: mNykXjNdRxirQx3RZxK_dDcwWsw=pUHsxmW7XRKpskQXE4TJBz3B1-o; 6c0_C2-qtoTW9sdu3r5Iq-rF4ag=1711716671; rZRiB3zUT5rmNf0IAJy6Ts8_ykI=1711803071; Zd04c9D8GWc_-RdIDz_I6QDtMS4=aRCnwA0oLJ0czf1xaLVBSRRoSKM; WcoF9fFOQOgMZ-Tqcqt7yNnPPfI=lkLPZiL_UVgRTxwDers97UXe5XU
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
date: Fri, 29 Mar 2024 12:51:23 GMT
content-length: 0
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/dc6b543c1346/main.js
cache-control: max-age=300, public
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jL2opO1lQtHVNsZ%2FkCl%2FbvQWAr5%2FdFDeflsfdi2kBgB8HBtF%2FSUlD07y615wFxyYPpMC1aMXNKwiGVuf75P%2FV4k5K760n5DpvN3QlRzt7pXDQunsj5vfmxdG%2FUnOMB8ro9n9aiahdXCB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 86bffdb5f95c56c0-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| hunterconstracting.com/nec.htm | 104.21.90.15 | | 0 B |
URL hunterconstracting.com/nec.htm IP104.21.90.15:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Microsoft Outlook |
POST /nec.htm HTTP/1.1
Host: hunterconstracting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
QnTY1ZL1dSr0jx54O2jU0zYB9DM: 48272352
X-Requested-with: XMLHttpRequest
X-Requested-TimeStamp:
X-Requested-TimeStamp-Expire:
X-Requested-TimeStamp-Combination:
X-Requested-Type: GET
X-Requested-Type-Combination: GET
eXD7gw0TregfzofKOi45Mj802u8: ad7UEJZfklqFROKTe02czoTRi8
Content-type: application/x-www-form-urlencoded
Content-Length: 22
Origin: https://hunterconstracting.com
DNT: 1
Connection: keep-alive
Referer: https://hunterconstracting.com/nec.htm
Cookie: mNykXjNdRxirQx3RZxK_dDcwWsw=pUHsxmW7XRKpskQXE4TJBz3B1-o; 6c0_C2-qtoTW9sdu3r5Iq-rF4ag=1711716671; rZRiB3zUT5rmNf0IAJy6Ts8_ykI=1711803071; Zd04c9D8GWc_-RdIDz_I6QDtMS4=aRCnwA0oLJ0czf1xaLVBSRRoSKM; WcoF9fFOQOgMZ-Tqcqt7yNnPPfI=lkLPZiL_UVgRTxwDers97UXe5XU
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Fri, 29 Mar 2024 12:51:23 GMT
x-content-type-options: nosniff, nosniff
x-xss-protection: 1; mode=block, 1; mode=block
set-cookie: TO7jiCmt50phd8RMEFPfBZX953k=xGvcNAUiktZj2YWAIWEVXrdZ9fc; path=/; expires=Sat, 30-Mar-24 12:51:22 GMT; Max-Age=86400;
n5Qa-0stilPCf8QXlcCNkE22ubE=1711716682; path=/; expires=Sat, 30-Mar-24 12:51:22 GMT; Max-Age=86400;
dNaKwKHB2knHIMt_XxYj3B-VQpU=1711803082; path=/; expires=Sat, 30-Mar-24 12:51:22 GMT; Max-Age=86400;
wxADWqOUlksabHJZpfrKgUHPQ88=KyGZaKn2UE6WpWsEEAmXdJu9_aU; path=/; expires=Sat, 30-Mar-24 12:51:22 GMT; Max-Age=86400;
NKd7lZi-RpfZregmaR-4Lo1eloY=SuMLN8MEgkfpDWwafFWpWrlA_8E; path=/; expires=Sat, 30-Mar-24 12:51:22 GMT; Max-Age=86400;
x-frame-options: SAMEORIGIN
cache-control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
expires: 0
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vIHw5Po6OfXScjPxJW3cRVR2kNM%2F6yDbLpnARJ%2BcOoLs6%2FUvGmfOLMU2qucFW%2FUPUYqtysamAzmorQZZy4CN1iiDhMiAJbc%2BA%2FRiBx%2BnCZ0PlMiOu7AptXLm74lqIiFj2sHDUh3jxrCJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 86bffdb5e94c56c0-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| hunterconstracting.com/favicon.ico | 104.21.90.15 | 403 Forbidden | 146 B |
URL GET HTTP/3hunterconstracting.com/favicon.ico IP104.21.90.15:443
Requested byhttps://hunterconstracting.com/nec.htm#operations@ojcr.ca CertificateIssuerGoogle Trust Services LLC Subjecthunterconstracting.com FingerprintF8:C7:34:FC:2C:FD:49:63:C2:9A:D2:1A:96:23:6D:67:BC:03:46:BB ValidityThu, 07 Mar 2024 20:56:51 GMT - Wed, 05 Jun 2024 20:56:50 GMT
File typeHTML document, ASCII text, with no line terminators Hashbcfacc6f2d2ee7cd5e014be08612f93e 7bb6f49a83b5186d5f8598e852bfbeee102d8a4d ef1a3d1af87d9d441ef37f001f2ffb6900ef0a7a4884a5ef165bc2b09e224b38
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Microsoft Outlook |
GET /favicon.ico HTTP/1.1
Host: hunterconstracting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hunterconstracting.com/nec.htm
Cookie: mNykXjNdRxirQx3RZxK_dDcwWsw=pUHsxmW7XRKpskQXE4TJBz3B1-o; 6c0_C2-qtoTW9sdu3r5Iq-rF4ag=1711716671; rZRiB3zUT5rmNf0IAJy6Ts8_ykI=1711803071; Zd04c9D8GWc_-RdIDz_I6QDtMS4=aRCnwA0oLJ0czf1xaLVBSRRoSKM; WcoF9fFOQOgMZ-Tqcqt7yNnPPfI=lkLPZiL_UVgRTxwDers97UXe5XU; cf_clearance=WQZAsFXhfNcNhE4hB4YlZHurIOoKLCGEvPZx6oa97B0-1711716683-1.0.1.1-nMfeD00.765dCVNn0dLRPbF7ZDyVufzPAfTpZXX1GfzvZxP33PWfU8xpnG2HWbSR3NcDXv9EcAGsnrXYtkJ6Kw; TO7jiCmt50phd8RMEFPfBZX953k=xGvcNAUiktZj2YWAIWEVXrdZ9fc; n5Qa-0stilPCf8QXlcCNkE22ubE=1711716682; dNaKwKHB2knHIMt_XxYj3B-VQpU=1711803082; wxADWqOUlksabHJZpfrKgUHPQ88=KyGZaKn2UE6WpWsEEAmXdJu9_aU; NKd7lZi-RpfZregmaR-4Lo1eloY=SuMLN8MEgkfpDWwafFWpWrlA_8E
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 403 Forbidden
date: Fri, 29 Mar 2024 12:51:23 GMT
content-type: text/html
x-content-type-options: nosniff, nosniff
x-xss-protection: 1; mode=block, 1; mode=block
cache-control: public, max-age=315360000, stale-while-revalidate=315360000, stale-if-error=315360000, immutable
pragma: public
cf-cache-status: HIT
age: 423
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D0ku%2F0tiZnN02LpZhhiqXZA1%2FwMpWd3e5O6YCO9Wbl2FhxYZHFhlj8CQ8r6zrpY7vxaN1q2D%2BdeqCcw67%2FCIWEHuZ%2BJMWfvgsDU6OeOg3QebjOMY9XO4YKrZFEn7yUn2NcOhezCsUeRX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 86bffdba0f7a56b9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| hunterconstracting.com/nec.htm | 104.21.90.15 | 403 Forbidden | 146 B |
URL User Request GET HTTP/3hunterconstracting.com/nec.htm IP104.21.90.15:443
CertificateIssuerGoogle Trust Services LLC Subjecthunterconstracting.com FingerprintF8:C7:34:FC:2C:FD:49:63:C2:9A:D2:1A:96:23:6D:67:BC:03:46:BB ValidityThu, 07 Mar 2024 20:56:51 GMT - Wed, 05 Jun 2024 20:56:50 GMT
File typeHTML document, ASCII text, with no line terminators Hashbcfacc6f2d2ee7cd5e014be08612f93e 7bb6f49a83b5186d5f8598e852bfbeee102d8a4d ef1a3d1af87d9d441ef37f001f2ffb6900ef0a7a4884a5ef165bc2b09e224b38
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Microsoft Outlook |
GET /nec.htm HTTP/1.1
Host: hunterconstracting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://massdot-physicals.com/
DNT: 1
Connection: keep-alive
Cookie: mNykXjNdRxirQx3RZxK_dDcwWsw=pUHsxmW7XRKpskQXE4TJBz3B1-o; 6c0_C2-qtoTW9sdu3r5Iq-rF4ag=1711716671; rZRiB3zUT5rmNf0IAJy6Ts8_ykI=1711803071; Zd04c9D8GWc_-RdIDz_I6QDtMS4=aRCnwA0oLJ0czf1xaLVBSRRoSKM; WcoF9fFOQOgMZ-Tqcqt7yNnPPfI=lkLPZiL_UVgRTxwDers97UXe5XU; cf_clearance=WQZAsFXhfNcNhE4hB4YlZHurIOoKLCGEvPZx6oa97B0-1711716683-1.0.1.1-nMfeD00.765dCVNn0dLRPbF7ZDyVufzPAfTpZXX1GfzvZxP33PWfU8xpnG2HWbSR3NcDXv9EcAGsnrXYtkJ6Kw; TO7jiCmt50phd8RMEFPfBZX953k=xGvcNAUiktZj2YWAIWEVXrdZ9fc; n5Qa-0stilPCf8QXlcCNkE22ubE=1711716682; dNaKwKHB2knHIMt_XxYj3B-VQpU=1711803082; wxADWqOUlksabHJZpfrKgUHPQ88=KyGZaKn2UE6WpWsEEAmXdJu9_aU; NKd7lZi-RpfZregmaR-4Lo1eloY=SuMLN8MEgkfpDWwafFWpWrlA_8E
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 403 Forbidden
date: Fri, 29 Mar 2024 12:51:23 GMT
content-type: text/html
x-content-type-options: nosniff, nosniff
x-xss-protection: 1; mode=block, 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZPOMeE%2BYmuYQvnQAjveb4hCipFZ7QLNKojGbe8aaa8TUCKsPcol46JiYojraLZXsVcWT7lPDDIZ6rZ0CsFoywm5XrtsVnVU7QGFv14TCLZLfIr9YsP1oL7lGTqfepSTRj%2FnB%2Bv8mnYeb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 86bffdb7fdfd56b9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|