| massdot-physicals.com/austins?/bWVyY2hAY2FsZ2FyeW1sYy5jYQ== |  192.185.97.195 | | 276 B |
URL massdot-physicals.com/austins?/bWVyY2hAY2FsZ2FyeW1sYy5jYQ== IP192.185.97.195:0 ASN#19871 NETWORK-SOLUTIONS-HOSTING
File typeHTML document, ASCII text Hash3a69a1244102cf0f37be8bcb1dd3507b 9435cfe4c80f16e9be981f88d1fe28143ae95020 929031d3d00b5b3b1d6849d0684244066ad632c1ccb5cdb59d7d3c24e769022c
GET /austins?/bWVyY2hAY2FsZ2FyeW1sYy5jYQ== HTTP/1.1
Host: massdot-physicals.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
location: https://massdot-physicals.com/austins/?/bWVyY2hAY2FsZ2FyeW1sYy5jYQ==
content-length: 276
content-type: text/html; charset=iso-8859-1
date: Fri, 29 Mar 2024 12:58:10 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| massdot-physicals.com/austins/?/bWVyY2hAY2FsZ2FyeW1sYy5jYQ== | 192.185.97.195 | | 123 B |
URL massdot-physicals.com/austins/?/bWVyY2hAY2FsZ2FyeW1sYy5jYQ== IP192.185.97.195:0 ASN#19871 NETWORK-SOLUTIONS-HOSTING
File typeHTML document, ASCII text Hashfe2539486540337849386d9eaed29f8d ec74346b7ffa1d2e25f665c9f5fb8f5ae82865a4 acdd7383f03778651411e8502a14297d9475947d4fa2fefb7e251e780fb03bdc
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /austins/?/bWVyY2hAY2FsZ2FyeW1sYy5jYQ== HTTP/1.1
Host: massdot-physicals.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-length: 123
content-type: text/html; charset=UTF-8
date: Fri, 29 Mar 2024 12:58:10 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| hunterconstracting.com/cdn-cgi/challenge-platform/scripts/jsd/main.js |  188.114.96.1 | | 0 B |
URL hunterconstracting.com/cdn-cgi/challenge-platform/scripts/jsd/main.js IP188.114.96.1:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: hunterconstracting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: LW2VOFr4-64TKbd3_MhKPSQnhZY=SRPF6fHTA70cVgGs-E9Y9MUDtpU; TPuxIHyG1j4OjUzquY3VShtjaeI=1711717088; vfSklwaghWCPijSqrTlHmeDw6p0=1711803488; e_0mXxLq64LQPXaf6whKjOna_h4=SAs6PtPnqJaUlhHjJ1FEKE6hNPg; WcoF9fFOQOgMZ-Tqcqt7yNnPPfI=lkLPZiL_UVgRTxwDers97UXe5XU
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
date: Fri, 29 Mar 2024 12:58:11 GMT
content-length: 0
cache-control: max-age=300, public
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/dc6b543c1346/main.js
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CZ47daG7o0rKijZZ8oV4qIL0aS%2Bqt2kNVLf9hlkXmoPV7RAOUnfLWScdxxu8KWqkwd0JuxfrZhy3DRS1LiiYLcZM%2BHVX0Szi09kUeN0txlnnojKLXPz0P6ybbDxn0F1rEXBD5FtIzU%2Bn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 86c007afce095696-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| hunterconstracting.com/nec.htm | 188.114.96.1 | | 0 B |
URL hunterconstracting.com/nec.htm IP188.114.96.1:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
POST /nec.htm HTTP/1.1
Host: hunterconstracting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
QnTY1ZL1dSr0jx54O2jU0zYB9DM: 48272352
X-Requested-with: XMLHttpRequest
X-Requested-TimeStamp:
X-Requested-TimeStamp-Expire:
X-Requested-TimeStamp-Combination:
X-Requested-Type: GET
X-Requested-Type-Combination: GET
eXD7gw0TregfzofKOi45Mj802u8: ad7UEJZfklqFROKTe02czoTRi8
Content-type: application/x-www-form-urlencoded
Content-Length: 22
Origin: https://hunterconstracting.com
DNT: 1
Connection: keep-alive
Referer: https://hunterconstracting.com/nec.htm
Cookie: LW2VOFr4-64TKbd3_MhKPSQnhZY=SRPF6fHTA70cVgGs-E9Y9MUDtpU; TPuxIHyG1j4OjUzquY3VShtjaeI=1711717088; vfSklwaghWCPijSqrTlHmeDw6p0=1711803488; e_0mXxLq64LQPXaf6whKjOna_h4=SAs6PtPnqJaUlhHjJ1FEKE6hNPg; WcoF9fFOQOgMZ-Tqcqt7yNnPPfI=lkLPZiL_UVgRTxwDers97UXe5XU
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Fri, 29 Mar 2024 12:58:12 GMT
x-content-type-options: nosniff, nosniff
x-xss-protection: 1; mode=block, 1; mode=block
set-cookie: TO7jiCmt50phd8RMEFPfBZX953k=xGvcNAUiktZj2YWAIWEVXrdZ9fc; path=/; expires=Sat, 30-Mar-24 12:58:11 GMT; Max-Age=86400;
n5Qa-0stilPCf8QXlcCNkE22ubE=1711717091; path=/; expires=Sat, 30-Mar-24 12:58:11 GMT; Max-Age=86400;
dNaKwKHB2knHIMt_XxYj3B-VQpU=1711803491; path=/; expires=Sat, 30-Mar-24 12:58:11 GMT; Max-Age=86400;
wxADWqOUlksabHJZpfrKgUHPQ88=oSXXTyVqEqiGqDo_7TAVgfJjujs; path=/; expires=Sat, 30-Mar-24 12:58:11 GMT; Max-Age=86400;
NKd7lZi-RpfZregmaR-4Lo1eloY=SuMLN8MEgkfpDWwafFWpWrlA_8E; path=/; expires=Sat, 30-Mar-24 12:58:11 GMT; Max-Age=86400;
x-frame-options: SAMEORIGIN
cache-control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
expires: 0
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H5s3GzUIjA8DeyBRhIUjYDkFmd5jlYO4aRnT3hiNdopVGwJHYvUt08qUZ8IFGV9MeIeXUg6e4j3kfdhhiMFj8AlW8YRftQLmM6qVHr2vuL0a07KUZoXcW8nu2w54QRPzDxAZSU2C1iq1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 86c007afbe015696-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| hunterconstracting.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/dc6b543c1346/main.js | 188.114.96.1 | | 14 kB |
URL hunterconstracting.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/dc6b543c1346/main.js IP188.114.96.1:0
File typeJavaScript source, ASCII text, with very long lines (7938), with no line terminators Hasheab8304926c50013b253ec7361a57e1c 36cce17a4ef81309b7e05b5e6c8c23fe17c12dd9 54c22973452c666ae56a77f82f2d136f791231d7dad118c7d93c31e567852d86
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/dc6b543c1346/main.js HTTP/1.1
Host: hunterconstracting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: LW2VOFr4-64TKbd3_MhKPSQnhZY=SRPF6fHTA70cVgGs-E9Y9MUDtpU; TPuxIHyG1j4OjUzquY3VShtjaeI=1711717088; vfSklwaghWCPijSqrTlHmeDw6p0=1711803488; e_0mXxLq64LQPXaf6whKjOna_h4=SAs6PtPnqJaUlhHjJ1FEKE6hNPg; WcoF9fFOQOgMZ-Tqcqt7yNnPPfI=lkLPZiL_UVgRTxwDers97UXe5XU
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 29 Mar 2024 12:58:11 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
vary: accept-encoding
x-content-type-options: nosniff
content-encoding: br
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XLeXG3uq6GepmVaZdBQ6GRk%2FMCOx8z7wsvs4vVO7H3EOuAo801M1S%2FS5IV6%2B0%2Bw1PqcHIww20irBjMm7AZmCt3h22vv%2F%2BsVQCEosZCMBv5gSxPa1GADwAFzbOapAx8n%2BwGR2Dmub3WK1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 86c007afde225696-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| hunterconstracting.com/favicon.ico | 188.114.96.1 | 403 Forbidden | 146 B |
URL GET HTTP/3hunterconstracting.com/favicon.ico IP188.114.96.1:443
Requested byhttps://hunterconstracting.com/nec.htm#merch@calgarymlc.ca CertificateIssuerGoogle Trust Services LLC Subjecthunterconstracting.com FingerprintF8:C7:34:FC:2C:FD:49:63:C2:9A:D2:1A:96:23:6D:67:BC:03:46:BB ValidityThu, 07 Mar 2024 20:56:51 GMT - Wed, 05 Jun 2024 20:56:50 GMT
File typeHTML document, ASCII text, with no line terminators Hashbcfacc6f2d2ee7cd5e014be08612f93e 7bb6f49a83b5186d5f8598e852bfbeee102d8a4d ef1a3d1af87d9d441ef37f001f2ffb6900ef0a7a4884a5ef165bc2b09e224b38
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /favicon.ico HTTP/1.1
Host: hunterconstracting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hunterconstracting.com/nec.htm
Cookie: LW2VOFr4-64TKbd3_MhKPSQnhZY=SRPF6fHTA70cVgGs-E9Y9MUDtpU; TPuxIHyG1j4OjUzquY3VShtjaeI=1711717088; vfSklwaghWCPijSqrTlHmeDw6p0=1711803488; e_0mXxLq64LQPXaf6whKjOna_h4=SAs6PtPnqJaUlhHjJ1FEKE6hNPg; WcoF9fFOQOgMZ-Tqcqt7yNnPPfI=lkLPZiL_UVgRTxwDers97UXe5XU; cf_clearance=zOYy4PE_8qbWflWV12I0T8DRLOs6vjU3PTGa8VlwHiY-1711717091-1.0.1.1-NAz6ksDwwF1fiWgUHkaP4lLwotrcL37KjE3GX6L6FsAzyb.jrDV3LL1aUd3nHXvK3Bq87im9SE4.Q7VR8..d2Q; TO7jiCmt50phd8RMEFPfBZX953k=xGvcNAUiktZj2YWAIWEVXrdZ9fc; n5Qa-0stilPCf8QXlcCNkE22ubE=1711717091; dNaKwKHB2knHIMt_XxYj3B-VQpU=1711803491; wxADWqOUlksabHJZpfrKgUHPQ88=oSXXTyVqEqiGqDo_7TAVgfJjujs; NKd7lZi-RpfZregmaR-4Lo1eloY=SuMLN8MEgkfpDWwafFWpWrlA_8E
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 403 Forbidden
date: Fri, 29 Mar 2024 12:58:12 GMT
content-type: text/html
x-content-type-options: nosniff, nosniff
x-xss-protection: 1; mode=block, 1; mode=block
cache-control: public, max-age=315360000, stale-while-revalidate=315360000, stale-if-error=315360000, immutable
pragma: public
cf-cache-status: HIT
age: 832
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I8Sfxoit2gSmbIzXH8xvbFSxTSyxce0tggsEf1MVJVEXAYPO3VP%2BdNxkldyeUgelA6sF39Pxa22UFhECdqihxGwvPS%2BZLft1bI7Ru%2B6X6dlgIvJ12VLJDS9NPsfJInlvuET%2Bc6fswOaj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 86c007b3ee3e569c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| hunterconstracting.com/nec.htm | 188.114.96.1 | 403 Forbidden | 146 B |
URL User Request GET HTTP/3hunterconstracting.com/nec.htm IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subjecthunterconstracting.com FingerprintF8:C7:34:FC:2C:FD:49:63:C2:9A:D2:1A:96:23:6D:67:BC:03:46:BB ValidityThu, 07 Mar 2024 20:56:51 GMT - Wed, 05 Jun 2024 20:56:50 GMT
File typeHTML document, ASCII text, with no line terminators Hashbcfacc6f2d2ee7cd5e014be08612f93e 7bb6f49a83b5186d5f8598e852bfbeee102d8a4d ef1a3d1af87d9d441ef37f001f2ffb6900ef0a7a4884a5ef165bc2b09e224b38
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /nec.htm HTTP/1.1
Host: hunterconstracting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://massdot-physicals.com/
DNT: 1
Connection: keep-alive
Cookie: LW2VOFr4-64TKbd3_MhKPSQnhZY=SRPF6fHTA70cVgGs-E9Y9MUDtpU; TPuxIHyG1j4OjUzquY3VShtjaeI=1711717088; vfSklwaghWCPijSqrTlHmeDw6p0=1711803488; e_0mXxLq64LQPXaf6whKjOna_h4=SAs6PtPnqJaUlhHjJ1FEKE6hNPg; WcoF9fFOQOgMZ-Tqcqt7yNnPPfI=lkLPZiL_UVgRTxwDers97UXe5XU; cf_clearance=zOYy4PE_8qbWflWV12I0T8DRLOs6vjU3PTGa8VlwHiY-1711717091-1.0.1.1-NAz6ksDwwF1fiWgUHkaP4lLwotrcL37KjE3GX6L6FsAzyb.jrDV3LL1aUd3nHXvK3Bq87im9SE4.Q7VR8..d2Q; TO7jiCmt50phd8RMEFPfBZX953k=xGvcNAUiktZj2YWAIWEVXrdZ9fc; n5Qa-0stilPCf8QXlcCNkE22ubE=1711717091; dNaKwKHB2knHIMt_XxYj3B-VQpU=1711803491; wxADWqOUlksabHJZpfrKgUHPQ88=oSXXTyVqEqiGqDo_7TAVgfJjujs; NKd7lZi-RpfZregmaR-4Lo1eloY=SuMLN8MEgkfpDWwafFWpWrlA_8E
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 403 Forbidden
date: Fri, 29 Mar 2024 12:58:12 GMT
content-type: text/html
x-content-type-options: nosniff, nosniff
x-xss-protection: 1; mode=block, 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a7M8ckkQk6ROLT0hvLbhM1wqrRg7etBKXtygpPe8ArvJxndWGGJZnG8kwocLf%2FXvBDZB4guylf9q16tMtJIkolbVkCx3lKJKVXDkD3jtqIA%2BkDnWTENqcSswtqaOwIwNJR03pVVlmys0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 86c007b1cc6e569c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|