Report - minusdesigns.net/new/auth/promosgroceries/SJLD5JQEX8FFOM7UVERS3P/c3NhbmNoZXpAcHJvbW9zZ3JvY2VyaWVzLmNvbQ==

Report Overview

Submitted URL
minusdesigns.net/new/auth/promosgroceries/SJLD5JQEX8FFOM7UVERS3P/c3NhbmNoZXpAcHJvbW9zZ3JvY2VyaWVzLmNvbQ==
IP
172.67.128.180
ASN
#13335 CLOUDFLARENET
Submitted
2024-03-29 11:54:33
Access
public
Website Title
jCfFbaCcjQ
Final URL
nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Tags
microsoft phishing
urlquery detections
Phishing - Microsoft

Detections

urlquery
25
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20	2024-03-28	2.8 kB	208 kB	104.17.2.184
nztgp.idaefulpet.com	unknown	unknown	No data	No data	38 kB	816 kB	172.67.147.101
code.jquery.com	634	2005-12-10	2012-05-21	2024-03-28	428 B	32 kB	151.101.66.137
cdn.socket.io	62068	2010-04-18	2015-03-23	2024-03-28	415 B	14 kB	143.204.55.70
minusdesigns.net	unknown	2021-03-23	2021-03-23	2024-03-28	559 B	1.2 kB	104.21.1.60
www.gstatic.com	unknown	2008-02-11	2016-07-26	2024-03-29	490 B	204 kB	142.250.74.35
httpbin.org	352975	2011-06-12	2013-07-23	2024-03-28	472 B	281 B	54.147.29.229
www.google.com	7	1997-09-15	2015-05-10	2024-03-23	412 B	1.3 kB	142.250.74.132

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (23)

	URL	Size	First Seen	Last Seen
	www.gstatic.com/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/recaptcha__en.js	511 kB	2024-03-29	2024-04-04
Pretty URL www.gstatic.com/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/recaptcha__en.js IP 142.250.74.35 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 02:01:50 Last Seen2024-04-04 11:53:37 Times Seen1826 Hash 48c590d47c8b1868cecab334e9a34cbe 5f1a9f94294ec337f657ac2ebec1c74e097ce5b3 f3756825df5194a174b7a55ebd3b484c276766eef21343d34b053b98ed386801 Loading...

	cdn.socket.io/4.6.0/socket.io.min.js	46 kB	2023-04-05	2024-04-28
Pretty URL cdn.socket.io/4.6.0/socket.io.min.js IP 143.204.55.70 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 03:09:50 Last Seen2024-04-28 23:34:04 Times Seen71112 Hash 80f5b8c6a9eeac15de93e5a112036a06 f7174635137d37581b11937fc90e9cb325077bce 0401de33701f1cad16ecf952899d23990b6437d0a5b7335524edf6bdfb932542 Loading...

	unknown	9.5 kB	2024-03-29	2024-03-29
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 12:54:40 Last Seen2024-03-29 12:54:40 Times Seen1 Hash 01d7e25e1a205e3067506ccea3227313 86792f02042368ed3fae92c7dd3e5ff25782ce3d ff9041572737d07205e3837771322a622064016931acc9ad118294e2b2041b5c Loading...

	nztgp.idaefulpet.com/56cIpGfk2aMerArq2KIwyOklgL058OaO2n73089107	108 kB	2024-03-11	2024-04-08
Pretty URL nztgp.idaefulpet.com/56cIpGfk2aMerArq2KIwyOklgL058OaO2n73089107 IP 172.67.147.101 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-11 17:40:24 Last Seen2024-04-08 20:16:59 Times Seen193 Hash b08a5ca838b60a0807cc1101229805ff ce92c8047d2b3d092f9a1188ee864059f2750d76 8039faac672390bafcb7d6bf3f1686806437910ea12a9bcde5cc03299485a68f Loading...

	code.jquery.com/jquery-3.6.0.min.js	90 kB	2023-03-07	2024-04-29
Pretty URL code.jquery.com/jquery-3.6.0.min.js IP 151.101.66.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-04-29 02:11:57 Times Seen262926 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	www.google.com/recaptcha/api.js	850 B	2024-03-29	2024-04-04
Pretty URL www.google.com/recaptcha/api.js IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 02:14:38 Last Seen2024-04-04 11:53:37 Times Seen364 Hash a0b2d07fa8cb78d8057423360e2b5843 df34550dcf9a4b220bf79330937fe2d6612b8700 ed504324f919ac243bf232dec1b6980738df27a04304a8c10098b198681044b3 Loading...

	nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH	59 kB	2024-03-29	2024-03-29
Pretty URL nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH IP 172.67.147.101 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-29 12:54:40 Last Seen2024-03-29 12:54:40 Times Seen1 Hash 487eed70e7ca08d41c7f244ac1d7d490 62027780723f0dc185bf7f75907b6a6ef0bf1746 a19e3e47cabbdc9dc9ab2fa3c88d9c649134f3ea12ad5862259f2abe46cabf69 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 6fae73d0c1f541a641bcd6620a984e33	28 B	2024-03-29	2024-03-29
Pretty Observations First Seen2024-03-29 12:54:40 Last Seen2024-03-29 12:54:40 Times Seen1 Hash 6fae73d0c1f541a641bcd6620a984e33 b15520b5d7d6de393e740e9114d4d57bf47f0dbb c6bdb3f8d0c6c501f33bf1c3c6a1d2faa1a14b8c4fd25123e31b6681c1427e4b Loading...

	#2 Eval - 9f088b27da54156a5f70e8c9e8555a01	28 B	2024-03-29	2024-03-29
Pretty Observations First Seen2024-03-29 12:54:40 Last Seen2024-03-29 12:54:40 Times Seen1 Hash 9f088b27da54156a5f70e8c9e8555a01 786313132ecdb284405fcd5544727651053f7c8c e9cdc67aca87030db1dab7e98d979db3d0f375620921169a8b2c50440068f352 Loading...

	#3 Eval - 20a2c704ad6ae77685f7d4d47240f36e	28 B	2024-03-29	2024-03-29
Pretty Observations First Seen2024-03-29 12:54:40 Last Seen2024-03-29 12:54:40 Times Seen1 Hash 20a2c704ad6ae77685f7d4d47240f36e f90597ec8beb0d61c1d79f8580e9c349e9166684 b407efe197551136de870d5c33b37ad4acd6c855592920a971c5166089217aef Loading...

	#4 Eval - 8413df65b5016f832d2676903f74f12e	28 B	2024-03-29	2024-03-29
Pretty Observations First Seen2024-03-29 12:54:40 Last Seen2024-03-29 12:54:40 Times Seen1 Hash 8413df65b5016f832d2676903f74f12e 8a68f062c4f8e3c747362fd95d0e3b320f085217 4a85934b7174405e6aa126c1f4a0b49226c49b19b736fe9b1777798e04ada28b Loading...

	#5 Eval - 190ef4edaf4aba9ce6829ea860b2cb65	61 B	2024-03-22	2024-04-04
Pretty Observations First Seen2024-03-22 10:35:33 Last Seen2024-04-04 15:56:11 Times Seen1815 Hash 190ef4edaf4aba9ce6829ea860b2cb65 84010fdde06dc04427d11aafdf4ba6495e14eff8 0334ef3ce9e77db17376ce3e320fe96b901743f1baa1096cc4066922ac672f8c Loading...

	#6 Eval - 58343d923c34505e5e0428f75887a8d6	28 B	2024-03-29	2024-03-29
Pretty Observations First Seen2024-03-29 12:54:40 Last Seen2024-03-29 12:54:40 Times Seen1 Hash 58343d923c34505e5e0428f75887a8d6 a869353a25d76f82f8d13d7a3dd3cda663e2338e 04c08ef7b2c8cb9b09b7e1e548a4f190585514b930d54b3c8b458132d633a46f Loading...

	#7 Eval - 3ff08614b062e55371b20595531673c5	28 B	2024-03-29	2024-03-29
Pretty Observations First Seen2024-03-29 12:54:40 Last Seen2024-03-29 12:54:40 Times Seen1 Hash 3ff08614b062e55371b20595531673c5 05fbfdd88c452db9892b42a3d38cf815cbe20862 a3ba84b6d2c9bd46a26e071befaa50d10f16248c1090fc6bd7e041ed04937759 Loading...

	#8 Eval - f0e45041039f374c15ad388de6949d3a	28 B	2024-03-29	2024-03-29
Pretty Observations First Seen2024-03-29 12:54:40 Last Seen2024-03-29 12:54:40 Times Seen1 Hash f0e45041039f374c15ad388de6949d3a 0f33e5bb2018c26c7c34b6c08301223b6812c5fa 3a175df85d35e9e283d5df4a2d718b92897c09ccd4252464a8cc7cab487ce368 Loading...

	#9 Eval - 9e925e9341b490bfd3b4c4ca3b0c1ef2	4 B	2023-03-07	2024-04-29
Pretty Observations First Seen2023-03-07 01:03:43 Last Seen2024-04-29 02:08:16 Times Seen350305 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	#10 Eval - dad3558d54d82129a30d9044697ec82c	28 B	2024-03-29	2024-03-29
Pretty Observations First Seen2024-03-29 12:54:40 Last Seen2024-03-29 12:54:40 Times Seen1 Hash dad3558d54d82129a30d9044697ec82c ad402b06f56dde72bc19ae154957d9a11482f029 d18f9c3fba12f92c5d9ee4a8bca65868702d90d5cafb4ad685449e78b663df92 Loading...

	#11 Eval - 23989e623e203f023c179b8a29e00c00	28 B	2024-03-29	2024-03-29
Pretty Observations First Seen2024-03-29 12:54:40 Last Seen2024-03-29 12:54:40 Times Seen1 Hash 23989e623e203f023c179b8a29e00c00 913c36c0c4f84ae5b67d2cb22dc928c5b7898489 b1c316caeee993a42280105cd2e18473c9e95bcb892a9822bfc52990747807e2 Loading...

	#12 Eval - 7ba5a6c92122f25c77a162cc379d5469	28 B	2024-03-29	2024-03-29
Pretty Observations First Seen2024-03-29 12:54:40 Last Seen2024-03-29 12:54:40 Times Seen1 Hash 7ba5a6c92122f25c77a162cc379d5469 4ab15a94bd5c63d0ab5fd0573e65dc8e484fbcb4 cb98ba7bf7096f8cf3c9999c33afeb63798bd19278679e2a5ee0058877c4388f Loading...

		Size	First Seen	Last Seen
	#1 Write - 8ecfa4ab8bdb89f323130290ad0b0c3e	44 kB	2024-03-29	2024-03-29
Pretty Observations First Seen2024-03-29 12:54:40 Last Seen2024-03-29 12:54:40 Times Seen1 Hash 8ecfa4ab8bdb89f323130290ad0b0c3e 398e6ab3cadbd5f9f04a414b9ae654ba2b755b39 467188ce9219419cfcb14ac014cc15aaf4dde25b43d5373b5897388b79d4c077 Loading...

	#2 Write - 3896aef945b6682965548faae66dc805	4.3 kB	2024-03-29	2024-03-29
Pretty Observations First Seen2024-03-29 12:54:41 Last Seen2024-03-29 12:54:41 Times Seen1 Hash 3896aef945b6682965548faae66dc805 f1dff4721dedbcba417b14a1fb547d185e798504 ae82387d74f537d3544a61f858e539bb1e3f75982b310e5b0e62ea95b89cf84b Loading...

	#3 Write - 086707e4369f60afedcafb16050a7618	39 B	2023-03-07	2024-04-29
Pretty Observations First Seen2023-03-07 01:03:24 Last Seen2024-04-29 01:54:24 Times Seen44612 Hash 086707e4369f60afedcafb16050a7618 8216b0cc6876cbd44f01c158e7dff3833ceccd41 a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e Loading...

	#4 Write - 7868701abb166d4096947ea7e73acab6	1.0 kB	2024-03-29	2024-03-29
Pretty Observations First Seen2024-03-29 12:54:41 Last Seen2024-03-29 12:54:41 Times Seen1 Hash 7868701abb166d4096947ea7e73acab6 532ffbe345747aa929a6e540aa0ee59a803b0625 0823f1ca43362d5131aaf30e06625012dbfbfe8a245f1505e4f9f4bcf42db316 Loading...

HTTP Transactions (40)

URL IP Response Size

challenges.cloudflare.com/turnstile/v0/api.js?render=explicit

104.17.2.184

0 B

URL
challenges.cloudflare.com/turnstile/v0/api.js?render=explicit
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /turnstile/v0/api.js?render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nztgp.idaefulpet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 29 Mar 2024 11:54:09 GMT
content-length: 0
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: max-age=300, public
location: /turnstile/v0/g/dc6b543c1346/api.js?render=explicit
vary: Accept-Encoding
server: cloudflare
cf-ray: 86bfa9e0be34b4f1-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

nztgp.idaefulpet.com/typsegra/

172.67.147.101

34 kB

URL
nztgp.idaefulpet.com/typsegra/
IP
172.67.147.101:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (5850), with no line terminators
Size
34 kB (33898 bytes)
Hash
6c981d84f4fe281dee172075c56202e3
85de835e339806c55a6166080a3dcb9436fb5cee
955eca296f36c0625468dcbb0e6fedd2efdbeedfca1bf04e298a7db44f8890b7

HTTP Headers

GET /typsegra/ HTTP/1.1
Host: nztgp.idaefulpet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 29 Mar 2024 11:54:09 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9Rf4I4T2TEfdvWqmvl9xGtAjR%2FRhHe86wRzW2BzRvQGEnfzI6XCnwUmTQoqEuTbVwudpTcE0BsXtWdiNpVBHdDmOyebzbqH2mNqJmGeTYB38IrNfbpDp9ZpztzCv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6IjMwRk9MSFpsOFFxYk0vZXZBbndPM0E9PSIsInZhbHVlIjoiU0tqWSs2L0RKRURORGZkY1B4Vyt2ZTdCSWhiSmRGeG5FdFRtdFU1NlJERU11Y09EcllBODU4MHhLUEtCMlVqT1plSFRoK2ZsamVsOHd1K3gxTWhEcmc1NjJGMG44TUUzVmVKempTREI3dWR4cmtWeGFyRzUwdkZiQk9NcjBQYkMiLCJtYWMiOiI1MjA3MGM0NzUzODZlMzdhNTk4ZThiNmE2YjAyMzcyYmE5Y2VkOTFmZWIwMGFlY2Y5ODk1ZmIyMmMxOGEzNDFjIiwidGFnIjoiIn0%3D; expires=Fri, 29-Mar-2024 13:54:08 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IkNEYlZEQUFzUmQ3RitJUllEVXprWmc9PSIsInZhbHVlIjoicXhhWXhwUEswUTlLeGtBeWlZaDRhK3g5WDVxVWg0SjAwbFRNL0R6ZTVDWTRVQ1VML1VqL1o0QkdrazRJaWgvTDdRVW1zZERjb3QreHkycjFnS1Q1L2wxVXd1RUJTcHBQclJKdHFZeSs0NzRjclJlWDhpRmZFb05xNUN1R3VXZ28iLCJtYWMiOiI5NTFmYWMwMmM5NTZjMzRmZDU4OWNhOTA3ZjczNGQ3MWE3NzQwNmU3M2FlYmI4NTZiN2JiNzFkNjQzZDFlMGQzIiwidGFnIjoiIn0%3D; expires=Fri, 29-Mar-2024 13:54:08 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
server: cloudflare
cf-ray: 86bfa9dc3e0756b1-OSL
content-encoding: br
X-Firefox-Spdy: h2

challenges.cloudflare.com/turnstile/v0/g/dc6b543c1346/api.js?render=explicit

104.17.2.184

14 kB

URL
challenges.cloudflare.com/turnstile/v0/g/dc6b543c1346/api.js?render=explicit
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (39928)
Size
14 kB (13947 bytes)
Hash
7f3fe50b0f2ad92528ff217c1b608b27
54fc4814c739c7142ef4a5b562140ee764bcbdfc
d2e584d67a5b1a868363ed5e83a72ea6bc2cad8a052f64583d0fe95e7fa36e97

HTTP Headers

GET /turnstile/v0/g/dc6b543c1346/api.js?render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nztgp.idaefulpet.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 29 Mar 2024 11:54:09 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 86bfa9e0de53b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=86bfa9e1badc5684

104.17.2.184

156 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=86bfa9e1badc5684
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
156 kB (155755 bytes)
Hash
f03bf14002a08c2fc1811144dd852006
0da71d7ac5c710f0f3052269bfa3cd948ed1b533
de16cce8e61fd3c9de8440233e87e23e49e17ccd711faf4b8dfa216d237b33a6

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=86bfa9e1badc5684 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/5ap8g/0x4AAAAAAAVTPjIP4MmTkkbv/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 29 Mar 2024 11:54:09 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
server: cloudflare
cf-ray: 86bfa9e2bbb35684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

code.jquery.com/jquery-3.6.0.min.js

151.101.66.137

200 OK

31 kB

URL GET HTTP/2
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.66.137:443
ASN
#54113 FASTLY

Requested by
https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
31 kB (30875 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nztgp.idaefulpet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Fri, 29 Mar 2024 11:54:17 GMT
age: 4170875
x-served-by: cache-lga21931-LGA, cache-hel1410025-HEL
x-cache: HIT, HIT
x-cache-hits: 22, 464637
x-timer: S1711713257.022858,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

nztgp.idaefulpet.com/wx2p2fjJWZhHgt2eQBwqroOMtfRPd6gz34124

172.67.147.101

200 OK

231 B

URL GET HTTP/3
nztgp.idaefulpet.com/wx2p2fjJWZhHgt2eQBwqroOMtfRPd6gz34124
IP
172.67.147.101:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Certificate
IssuerLet's Encrypt
Subjectidaefulpet.com
FingerprintEB:92:E7:76:C9:5E:A3:92:E3:A2:33:9C:05:88:CD:68:0E:FE:BC:8F
ValidityThu, 21 Mar 2024 12:19:22 GMT - Wed, 19 Jun 2024 12:19:21 GMT

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
Size
231 B (231 bytes)
Hash
547988bac5584b4608466d761e16f370
c11bb71049702528402a31027f200184910a7e23
70e32b2db3f079bb0295a85a0db15ed9e5926294dd947938d6cfa595f5ab18b4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /wx2p2fjJWZhHgt2eQBwqroOMtfRPd6gz34124 HTTP/1.1
Host: nztgp.idaefulpet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Cookie: XSRF-TOKEN=eyJpdiI6Ijl1REV5ajFFZktUWFRCd0ZtRkZjL0E9PSIsInZhbHVlIjoiUWZuUTJ6Qm1LQWNUdHp3YzBjOFpKWUJ4RUVqNVhKTENwSFNMcnJEMmdxekd3akdma3BtMHJta0wrZVhzV01nODFFVHB5MzBYTFh0TWIwREczUVBzN1FCWW5RK05yOHdSTGlTc2ZwUjhzNW93bWZZdUpoNHljbmJyN0V6Sy9lL1kiLCJtYWMiOiJmYmEwMTJmMzBkODcwNjJlMzViOTM2NzMwZDAxMjlkNTM2YmMxYWI2YmJmY2ViMGZjNzM1ODE3NzZkYWI5YzRmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZHNTZ1aVVpNjY1ZjJkRVVmMVZLTFE9PSIsInZhbHVlIjoid0dxMnY2eFpOKy9GY09Gb3R4Z0pXTjErUUFsd28vMzJHY3dNNUticmhhZnBrRWdGNVRhVndza3FhRUZvcCtmLzNrRnlMdDF4UEJZb3BYSWdyNVRoWXJBcGREekh1TExGQTZwN0JsMjFFdnVsdklYeEtrQXdRbm9zeEVrZFNkVmQiLCJtYWMiOiI4ZmIyOTdmZjdiMTAwODI1ZmIxNGZiZTExYjFlNzE3MjQ3YmM3NDA1NjA3OGM2NjQyZGM1YTdhYTg2NGE1NTg4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 29 Mar 2024 11:54:17 GMT
content-type: image/png
content-length: 231
content-disposition: inline; filename="wx2p2fjJWZhHgt2eQBwqroOMtfRPd6gz34124"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=alwn7Qeq0fxguXONhhlzc%2BqLuclF1GXLLJ44Tgf6SuC0GCas3%2FTK3QpyaaPxah%2BCvSATinNltFnsD24tjten096K6RrBgtQasScXfDc%2FrCjjL5PnUynkZjFFy53J"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server: cloudflare
cf-ray: 86bfaa10bccc7131-OSL

nztgp.idaefulpet.com/opCRqpNLoL9HUEtkI80Yg3FCiN8JgefwEQD7UdAbfEPevbsfn45140

172.67.147.101

200 OK

727 B

URL GET HTTP/3
nztgp.idaefulpet.com/opCRqpNLoL9HUEtkI80Yg3FCiN8JgefwEQD7UdAbfEPevbsfn45140
IP
172.67.147.101:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Certificate
IssuerLet's Encrypt
Subjectidaefulpet.com
FingerprintEB:92:E7:76:C9:5E:A3:92:E3:A2:33:9C:05:88:CD:68:0E:FE:BC:8F
ValidityThu, 21 Mar 2024 12:19:22 GMT - Wed, 19 Jun 2024 12:19:21 GMT

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Size
727 B (727 bytes)
Hash
839cb0f55c3d2d5c2f740bda95cb2878
93f6fa3a2da8b7184d4b5c5f2065872793370c2e
40ecb8832f6a9a8aaa0cc6e1287e867a4fca38433d091d86c6cab1f28fbab652

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /opCRqpNLoL9HUEtkI80Yg3FCiN8JgefwEQD7UdAbfEPevbsfn45140 HTTP/1.1
Host: nztgp.idaefulpet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Cookie: XSRF-TOKEN=eyJpdiI6Ijl1REV5ajFFZktUWFRCd0ZtRkZjL0E9PSIsInZhbHVlIjoiUWZuUTJ6Qm1LQWNUdHp3YzBjOFpKWUJ4RUVqNVhKTENwSFNMcnJEMmdxekd3akdma3BtMHJta0wrZVhzV01nODFFVHB5MzBYTFh0TWIwREczUVBzN1FCWW5RK05yOHdSTGlTc2ZwUjhzNW93bWZZdUpoNHljbmJyN0V6Sy9lL1kiLCJtYWMiOiJmYmEwMTJmMzBkODcwNjJlMzViOTM2NzMwZDAxMjlkNTM2YmMxYWI2YmJmY2ViMGZjNzM1ODE3NzZkYWI5YzRmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZHNTZ1aVVpNjY1ZjJkRVVmMVZLTFE9PSIsInZhbHVlIjoid0dxMnY2eFpOKy9GY09Gb3R4Z0pXTjErUUFsd28vMzJHY3dNNUticmhhZnBrRWdGNVRhVndza3FhRUZvcCtmLzNrRnlMdDF4UEJZb3BYSWdyNVRoWXJBcGREekh1TExGQTZwN0JsMjFFdnVsdklYeEtrQXdRbm9zeEVrZFNkVmQiLCJtYWMiOiI4ZmIyOTdmZjdiMTAwODI1ZmIxNGZiZTExYjFlNzE3MjQ3YmM3NDA1NjA3OGM2NjQyZGM1YTdhYTg2NGE1NTg4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 29 Mar 2024 11:54:17 GMT
content-type: image/png
content-length: 727
content-disposition: inline; filename="opCRqpNLoL9HUEtkI80Yg3FCiN8JgefwEQD7UdAbfEPevbsfn45140"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PxPqQrGBcTqs9E81%2B3WLYzMa0vdu75%2BRybQSWLYs6HLDF2DyYq7qztyTkQmiNrp4eENMc4K%2FgZyWRFl%2B0UBp7Gb%2B0kxLdZJxBsyLhNQ8Xrzcykrz4tJZ%2BnUWlJrM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server: cloudflare
cf-ray: 86bfaa10ccda7131-OSL

nztgp.idaefulpet.com/56odxiYlSGw6fR23kJqTuv60

172.67.147.101

200 OK

29 kB

URL GET HTTP/3
nztgp.idaefulpet.com/56odxiYlSGw6fR23kJqTuv60
IP
172.67.147.101:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Certificate
IssuerLet's Encrypt
Subjectidaefulpet.com
FingerprintEB:92:E7:76:C9:5E:A3:92:E3:A2:33:9C:05:88:CD:68:0E:FE:BC:8F
ValidityThu, 21 Mar 2024 12:19:22 GMT - Wed, 19 Jun 2024 12:19:21 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28584, version 1.66
Size
29 kB (28584 bytes)
Hash
17081510f3a6f2f619ec8c6f244523c7
87f34b2a1532c50f2a424c345d03fe028db35635
2c7292014e2ef00374aeb63691d9f23159a010455784ee0b274ba7db2bcca956

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /56odxiYlSGw6fR23kJqTuv60 HTTP/1.1
Host: nztgp.idaefulpet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Ijl1REV5ajFFZktUWFRCd0ZtRkZjL0E9PSIsInZhbHVlIjoiUWZuUTJ6Qm1LQWNUdHp3YzBjOFpKWUJ4RUVqNVhKTENwSFNMcnJEMmdxekd3akdma3BtMHJta0wrZVhzV01nODFFVHB5MzBYTFh0TWIwREczUVBzN1FCWW5RK05yOHdSTGlTc2ZwUjhzNW93bWZZdUpoNHljbmJyN0V6Sy9lL1kiLCJtYWMiOiJmYmEwMTJmMzBkODcwNjJlMzViOTM2NzMwZDAxMjlkNTM2YmMxYWI2YmJmY2ViMGZjNzM1ODE3NzZkYWI5YzRmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZHNTZ1aVVpNjY1ZjJkRVVmMVZLTFE9PSIsInZhbHVlIjoid0dxMnY2eFpOKy9GY09Gb3R4Z0pXTjErUUFsd28vMzJHY3dNNUticmhhZnBrRWdGNVRhVndza3FhRUZvcCtmLzNrRnlMdDF4UEJZb3BYSWdyNVRoWXJBcGREekh1TExGQTZwN0JsMjFFdnVsdklYeEtrQXdRbm9zeEVrZFNkVmQiLCJtYWMiOiI4ZmIyOTdmZjdiMTAwODI1ZmIxNGZiZTExYjFlNzE3MjQ3YmM3NDA1NjA3OGM2NjQyZGM1YTdhYTg2NGE1NTg4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 29 Mar 2024 11:54:17 GMT
content-type: font/woff2
content-length: 28584
content-disposition: inline; filename="56odxiYlSGw6fR23kJqTuv60"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7ICEgISxiIc667MbA4VKOoxDEcIv7B9KXt3X5acu3RdVTJNg0G6Y1S%2BempHQU5Ig%2BhUF6XBJRhM176vCqotlbZctXS%2F0keGSIUE3UxQ%2BjqYcqEIndrYLqD%2BsuxLj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server: cloudflare
cf-ray: 86bfaa10acbd7131-OSL

nztgp.idaefulpet.com/pqbI3HV0E34UA8hwx40

172.67.147.101

200 OK

28 kB

URL GET HTTP/3
nztgp.idaefulpet.com/pqbI3HV0E34UA8hwx40
IP
172.67.147.101:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Certificate
IssuerLet's Encrypt
Subjectidaefulpet.com
FingerprintEB:92:E7:76:C9:5E:A3:92:E3:A2:33:9C:05:88:CD:68:0E:FE:BC:8F
ValidityThu, 21 Mar 2024 12:19:22 GMT - Wed, 19 Jun 2024 12:19:21 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28000, version 1.66
Size
28 kB (28000 bytes)
Hash
a4bca6c95fed0d0c5cc46cf07710dcec
73b56e33b82b42921db8702a33efd0f2b2ec9794
5a51d246af54d903f67f07f2bd820ce77736f8d08c5f1602db07469d96dbf77f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /pqbI3HV0E34UA8hwx40 HTTP/1.1
Host: nztgp.idaefulpet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Ijl1REV5ajFFZktUWFRCd0ZtRkZjL0E9PSIsInZhbHVlIjoiUWZuUTJ6Qm1LQWNUdHp3YzBjOFpKWUJ4RUVqNVhKTENwSFNMcnJEMmdxekd3akdma3BtMHJta0wrZVhzV01nODFFVHB5MzBYTFh0TWIwREczUVBzN1FCWW5RK05yOHdSTGlTc2ZwUjhzNW93bWZZdUpoNHljbmJyN0V6Sy9lL1kiLCJtYWMiOiJmYmEwMTJmMzBkODcwNjJlMzViOTM2NzMwZDAxMjlkNTM2YmMxYWI2YmJmY2ViMGZjNzM1ODE3NzZkYWI5YzRmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZHNTZ1aVVpNjY1ZjJkRVVmMVZLTFE9PSIsInZhbHVlIjoid0dxMnY2eFpOKy9GY09Gb3R4Z0pXTjErUUFsd28vMzJHY3dNNUticmhhZnBrRWdGNVRhVndza3FhRUZvcCtmLzNrRnlMdDF4UEJZb3BYSWdyNVRoWXJBcGREekh1TExGQTZwN0JsMjFFdnVsdklYeEtrQXdRbm9zeEVrZFNkVmQiLCJtYWMiOiI4ZmIyOTdmZjdiMTAwODI1ZmIxNGZiZTExYjFlNzE3MjQ3YmM3NDA1NjA3OGM2NjQyZGM1YTdhYTg2NGE1NTg4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 29 Mar 2024 11:54:17 GMT
content-type: font/woff2
content-length: 28000
content-disposition: inline; filename="pqbI3HV0E34UA8hwx40"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VGBkQrOpP7GFdEgjiaVbNGxnBVCjNbIqx%2BJT%2B9C6IRaS1znKjsUib3SBP3cUHq%2FKsYZGCzKBuAyZVHr4hwodj5YCP6howkVWqqYhWouuhN70fesUSP6GxURqxp6Q"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server: cloudflare
cf-ray: 86bfaa10acb77131-OSL

nztgp.idaefulpet.com/opXB3h17wNqkIUYmWtvUq3JY8fKXsxHeFYND1vjxJxYit8ZstDttnMloycisUy23aUgSwTfEgef236

172.67.147.101

200 OK

30 kB

URL GET HTTP/3
nztgp.idaefulpet.com/opXB3h17wNqkIUYmWtvUq3JY8fKXsxHeFYND1vjxJxYit8ZstDttnMloycisUy23aUgSwTfEgef236
IP
172.67.147.101:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Certificate
IssuerLet's Encrypt
Subjectidaefulpet.com
FingerprintEB:92:E7:76:C9:5E:A3:92:E3:A2:33:9C:05:88:CD:68:0E:FE:BC:8F
ValidityThu, 21 Mar 2024 12:19:22 GMT - Wed, 19 Jun 2024 12:19:21 GMT

File type
PNG image data, 506 x 303, 8-bit/color RGBA, non-interlaced
Size
30 kB (29796 bytes)
Hash
210433a8774859368f3a7b86d125a2a7
408bacddc39f12cad285579c102fe4a629862d88
9c6addfc339ce1c1d262290ab4cc2de8d38d4b54b11a8e85afd44fbb0acc2561

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /opXB3h17wNqkIUYmWtvUq3JY8fKXsxHeFYND1vjxJxYit8ZstDttnMloycisUy23aUgSwTfEgef236 HTTP/1.1
Host: nztgp.idaefulpet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Cookie: XSRF-TOKEN=eyJpdiI6Ijl1REV5ajFFZktUWFRCd0ZtRkZjL0E9PSIsInZhbHVlIjoiUWZuUTJ6Qm1LQWNUdHp3YzBjOFpKWUJ4RUVqNVhKTENwSFNMcnJEMmdxekd3akdma3BtMHJta0wrZVhzV01nODFFVHB5MzBYTFh0TWIwREczUVBzN1FCWW5RK05yOHdSTGlTc2ZwUjhzNW93bWZZdUpoNHljbmJyN0V6Sy9lL1kiLCJtYWMiOiJmYmEwMTJmMzBkODcwNjJlMzViOTM2NzMwZDAxMjlkNTM2YmMxYWI2YmJmY2ViMGZjNzM1ODE3NzZkYWI5YzRmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZHNTZ1aVVpNjY1ZjJkRVVmMVZLTFE9PSIsInZhbHVlIjoid0dxMnY2eFpOKy9GY09Gb3R4Z0pXTjErUUFsd28vMzJHY3dNNUticmhhZnBrRWdGNVRhVndza3FhRUZvcCtmLzNrRnlMdDF4UEJZb3BYSWdyNVRoWXJBcGREekh1TExGQTZwN0JsMjFFdnVsdklYeEtrQXdRbm9zeEVrZFNkVmQiLCJtYWMiOiI4ZmIyOTdmZjdiMTAwODI1ZmIxNGZiZTExYjFlNzE3MjQ3YmM3NDA1NjA3OGM2NjQyZGM1YTdhYTg2NGE1NTg4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 29 Mar 2024 11:54:17 GMT
content-type: image/png
content-length: 29796
content-disposition: inline; filename="opXB3h17wNqkIUYmWtvUq3JY8fKXsxHeFYND1vjxJxYit8ZstDttnMloycisUy23aUgSwTfEgef236"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=76FDclMd1lVJNjdoec9eQMfGooFEbwcpgiXHg0tOzu5CKXadmM1RRhb%2BUn4eUIAooDZCOWe64BRz0TtJZ56j8SDJLQXBVq%2F8O7gK8QrJn6QJ8edYSVpLchJ6LH1h"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server: cloudflare
cf-ray: 86bfaa10cce77131-OSL

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D

104.17.2.184

3.8 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Size
3.8 kB (3777 bytes)
Hash
46a895f16c3354b25b2a6154fcfca5fb
22406df6fca86a7733db79bb2b37998701fdcb19
77e0f6e5d1311fda23dc58e0ebf24b043cd08da4f41b63517e5e7b66db422df2

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/5ap8g/0x4AAAAAAAVTPjIP4MmTkkbv/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 29 Mar 2024 11:54:09 GMT
content-type: image/png
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 86bfa9e2bbae5684-OSL
alt-svc: h3=":443"; ma=86400

nztgp.idaefulpet.com/rmYpPZ0F4rPRqnCe432Qh1JbqyOzQpjsu

172.67.147.101

36 kB

URL
nztgp.idaefulpet.com/rmYpPZ0F4rPRqnCe432Qh1JbqyOzQpjsu
IP
172.67.147.101:0
ASN
#13335 CLOUDFLARENET

File type
JSON text data
Size
36 kB (35994 bytes)
Hash
5820854f62a6eb3d38ba7ba0d1b3ea75
639df0b84fe699b4a290a713fd6b9a94bd4deb95
912d0c07da7bdb22cdae025b96da26d01523aaab7362edb28544e3949deb369d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

POST /rmYpPZ0F4rPRqnCe432Qh1JbqyOzQpjsu HTTP/1.1
Host: nztgp.idaefulpet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nztgp.idaefulpet.com/typsegra/
Content-Type: multipart/form-data; boundary=---------------------------35226400074275103842476341310
Content-Length: 1374
Origin: https://nztgp.idaefulpet.com
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IjMwRk9MSFpsOFFxYk0vZXZBbndPM0E9PSIsInZhbHVlIjoiU0tqWSs2L0RKRURORGZkY1B4Vyt2ZTdCSWhiSmRGeG5FdFRtdFU1NlJERU11Y09EcllBODU4MHhLUEtCMlVqT1plSFRoK2ZsamVsOHd1K3gxTWhEcmc1NjJGMG44TUUzVmVKempTREI3dWR4cmtWeGFyRzUwdkZiQk9NcjBQYkMiLCJtYWMiOiI1MjA3MGM0NzUzODZlMzdhNTk4ZThiNmE2YjAyMzcyYmE5Y2VkOTFmZWIwMGFlY2Y5ODk1ZmIyMmMxOGEzNDFjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkNEYlZEQUFzUmQ3RitJUllEVXprWmc9PSIsInZhbHVlIjoicXhhWXhwUEswUTlLeGtBeWlZaDRhK3g5WDVxVWg0SjAwbFRNL0R6ZTVDWTRVQ1VML1VqL1o0QkdrazRJaWgvTDdRVW1zZERjb3QreHkycjFnS1Q1L2wxVXd1RUJTcHBQclJKdHFZeSs0NzRjclJlWDhpRmZFb05xNUN1R3VXZ28iLCJtYWMiOiI5NTFmYWMwMmM5NTZjMzRmZDU4OWNhOTA3ZjczNGQ3MWE3NzQwNmU3M2FlYmI4NTZiN2JiNzFkNjQzZDFlMGQzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 29 Mar 2024 11:54:15 GMT
content-type: application/json
cache-control: no-cache, private
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Yc43pRx5wAfyVCX6hJwLj71sKT6%2BclRgZiXnpcZu%2F7BDQ0AKRtyhXj36aB367fv7t39FTEuJcTboC%2FS%2FTmgOfDvsjnn1PaGgXG%2FfNjY8YfLnS%2FlR0oP8bHQzceKY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6Ii9mbXNqUnRrM3hJOU45UXo0Zng3NHc9PSIsInZhbHVlIjoiMXJJN3J2N0E1dzRDMEpFVmlkcms2YjU1OG5YZ0tscTlPU3ZrejFGZGtTbXV2Z2lyOXdhWGJNQmpPVDd4TTRiZFVUdkR4Zmp0dlhOSHloMERuenpRUW4yMmVhTkRhRUo3SU9XOWlqUkpWWmtJb1VLWmhTWVRuYnIzZlhwQ3RBUHIiLCJtYWMiOiI0Y2I5ZWExMzFmMjc3MzE0NDdkN2JjMDU2ODhiZDYwZjg0MTIyYWQ4OWQ0MjJjNmE3YzY2NWU2MDJiYzlhYTYyIiwidGFnIjoiIn0%3D; expires=Fri, 29-Mar-2024 13:54:15 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IjNpTEkvSEs1VmdpT3pIRFgyVkV3YlE9PSIsInZhbHVlIjoiY0tNbFRySG93TlJTVnQ2eHpSV2JqMjdBWWFUNzI1dUx2R3U4c0VDNFl4Um51YjJpOU1NVUZ4VlFLY20vd1N1MXQrM3lUVXpoNk9CaGlTV1JHaFB4bmoyNExhS1oyRWJHZElUazdDNk9TN1dwRXVMVzAwU0ZKWFd3OExTa05vTWwiLCJtYWMiOiI2YjBmZmRlZWQwYTc0OGJiZGExMDFiZWE0YjVjNDkyMjViZTFmNzgzNjUyYTgzMGIyMGQyM2E1N2Q5ODkwMDQ1IiwidGFnIjoiIn0%3D; expires=Fri, 29-Mar-2024 13:54:15 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
server: cloudflare
cf-ray: 86bfaa059b607131-OSL
content-encoding: br

nztgp.idaefulpet.com/23wPceXhDLizD2q90Tgblgvw62

172.67.147.101

200 OK

37 kB

URL GET HTTP/3
nztgp.idaefulpet.com/23wPceXhDLizD2q90Tgblgvw62
IP
172.67.147.101:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Certificate
IssuerLet's Encrypt
Subjectidaefulpet.com
FingerprintEB:92:E7:76:C9:5E:A3:92:E3:A2:33:9C:05:88:CD:68:0E:FE:BC:8F
ValidityThu, 21 Mar 2024 12:19:22 GMT - Wed, 19 Jun 2024 12:19:21 GMT

File type
Web Open Font Format, TrueType, length 36696, version 1.0
Size
37 kB (36696 bytes)
Hash
a69e9ab8afdd7486ec0749c551051ff2
c34e6aa327b536fb48d1fe03577a47c7ee2231b8
fd78a1913db912221b8ead1e62fad47d1ff0a9fa6cd88d3b128a721ad91d2faf

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /23wPceXhDLizD2q90Tgblgvw62 HTTP/1.1
Host: nztgp.idaefulpet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Ijl1REV5ajFFZktUWFRCd0ZtRkZjL0E9PSIsInZhbHVlIjoiUWZuUTJ6Qm1LQWNUdHp3YzBjOFpKWUJ4RUVqNVhKTENwSFNMcnJEMmdxekd3akdma3BtMHJta0wrZVhzV01nODFFVHB5MzBYTFh0TWIwREczUVBzN1FCWW5RK05yOHdSTGlTc2ZwUjhzNW93bWZZdUpoNHljbmJyN0V6Sy9lL1kiLCJtYWMiOiJmYmEwMTJmMzBkODcwNjJlMzViOTM2NzMwZDAxMjlkNTM2YmMxYWI2YmJmY2ViMGZjNzM1ODE3NzZkYWI5YzRmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZHNTZ1aVVpNjY1ZjJkRVVmMVZLTFE9PSIsInZhbHVlIjoid0dxMnY2eFpOKy9GY09Gb3R4Z0pXTjErUUFsd28vMzJHY3dNNUticmhhZnBrRWdGNVRhVndza3FhRUZvcCtmLzNrRnlMdDF4UEJZb3BYSWdyNVRoWXJBcGREekh1TExGQTZwN0JsMjFFdnVsdklYeEtrQXdRbm9zeEVrZFNkVmQiLCJtYWMiOiI4ZmIyOTdmZjdiMTAwODI1ZmIxNGZiZTExYjFlNzE3MjQ3YmM3NDA1NjA3OGM2NjQyZGM1YTdhYTg2NGE1NTg4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 29 Mar 2024 11:54:17 GMT
content-type: font/woff
content-length: 36696
content-disposition: inline; filename="23wPceXhDLizD2q90Tgblgvw62"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NM9TAMLA7rQl458jQOHYQB6JF329YrSYfCS7rvQ3oWvwgQ4SkuKBu6hqkCABuKRzC6wGflYMPL6FTLhMgnBY9cIDJqExLtjHuOpqTsjBHx5wGrP50A3ErUYH5D1g"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server: cloudflare
cf-ray: 86bfaa10acbf7131-OSL

nztgp.idaefulpet.com/90ESY9ycSBx14UYmJxH0lZhv12C42jh6b0UErab80

172.67.147.101

200 OK

44 kB

URL GET HTTP/3
nztgp.idaefulpet.com/90ESY9ycSBx14UYmJxH0lZhv12C42jh6b0UErab80
IP
172.67.147.101:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Certificate
IssuerLet's Encrypt
Subjectidaefulpet.com
FingerprintEB:92:E7:76:C9:5E:A3:92:E3:A2:33:9C:05:88:CD:68:0E:FE:BC:8F
ValidityThu, 21 Mar 2024 12:19:22 GMT - Wed, 19 Jun 2024 12:19:21 GMT

File type
Web Open Font Format (Version 2), TrueType, length 43596, version 1.0
Size
44 kB (43596 bytes)
Hash
2a05e9e5572abc320b2b7ea38a70dcc1
d5fa2a856d5632c2469e42436159375117ef3c35
3efcb941aaddaf4aea08dab3fb97d3e904aa1b83264e64b4d5bda53bc7c798ec

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /90ESY9ycSBx14UYmJxH0lZhv12C42jh6b0UErab80 HTTP/1.1
Host: nztgp.idaefulpet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Ijl1REV5ajFFZktUWFRCd0ZtRkZjL0E9PSIsInZhbHVlIjoiUWZuUTJ6Qm1LQWNUdHp3YzBjOFpKWUJ4RUVqNVhKTENwSFNMcnJEMmdxekd3akdma3BtMHJta0wrZVhzV01nODFFVHB5MzBYTFh0TWIwREczUVBzN1FCWW5RK05yOHdSTGlTc2ZwUjhzNW93bWZZdUpoNHljbmJyN0V6Sy9lL1kiLCJtYWMiOiJmYmEwMTJmMzBkODcwNjJlMzViOTM2NzMwZDAxMjlkNTM2YmMxYWI2YmJmY2ViMGZjNzM1ODE3NzZkYWI5YzRmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZHNTZ1aVVpNjY1ZjJkRVVmMVZLTFE9PSIsInZhbHVlIjoid0dxMnY2eFpOKy9GY09Gb3R4Z0pXTjErUUFsd28vMzJHY3dNNUticmhhZnBrRWdGNVRhVndza3FhRUZvcCtmLzNrRnlMdDF4UEJZb3BYSWdyNVRoWXJBcGREekh1TExGQTZwN0JsMjFFdnVsdklYeEtrQXdRbm9zeEVrZFNkVmQiLCJtYWMiOiI4ZmIyOTdmZjdiMTAwODI1ZmIxNGZiZTExYjFlNzE3MjQ3YmM3NDA1NjA3OGM2NjQyZGM1YTdhYTg2NGE1NTg4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 29 Mar 2024 11:54:17 GMT
content-type: font/woff2
content-length: 43596
content-disposition: inline; filename="90ESY9ycSBx14UYmJxH0lZhv12C42jh6b0UErab80"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sS5SdPm6uou49bk%2By9mQjQREzCD4aLbug9lNCBpbNR65BVyHiP2bpq28OWgeS72JHxTOWJuGUOdiFDfAHQnMbTYgso%2FpjBryuGUvr0ktFJwFRAyAieikL7ZDyYsp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server: cloudflare
cf-ray: 86bfaa10bcc47131-OSL

nztgp.idaefulpet.com/uva7bms7IovFW0SRFWQDfREHCochWXNmnzEcV2ORg1EPQngtUrRPCwyV5SAlYSAU3Mef255

172.67.147.101

200 OK

71 kB

URL GET HTTP/3
nztgp.idaefulpet.com/uva7bms7IovFW0SRFWQDfREHCochWXNmnzEcV2ORg1EPQngtUrRPCwyV5SAlYSAU3Mef255
IP
172.67.147.101:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Certificate
IssuerLet's Encrypt
Subjectidaefulpet.com
FingerprintEB:92:E7:76:C9:5E:A3:92:E3:A2:33:9C:05:88:CD:68:0E:FE:BC:8F
ValidityThu, 21 Mar 2024 12:19:22 GMT - Wed, 19 Jun 2024 12:19:21 GMT

File type
PNG image data, 2446 x 899, 8-bit/color RGBA, non-interlaced
Size
71 kB (70712 bytes)
Hash
f70ff06d19498d80b130ec78176fd3ff
9d8a3b74c5164ff7ae2c7930b6d7b14707b404fc
df6dbab5251e56b405e48aaf57d3cd4188f073ffba71131fa6cd26e6742923ae

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /uva7bms7IovFW0SRFWQDfREHCochWXNmnzEcV2ORg1EPQngtUrRPCwyV5SAlYSAU3Mef255 HTTP/1.1
Host: nztgp.idaefulpet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Cookie: XSRF-TOKEN=eyJpdiI6Ijl1REV5ajFFZktUWFRCd0ZtRkZjL0E9PSIsInZhbHVlIjoiUWZuUTJ6Qm1LQWNUdHp3YzBjOFpKWUJ4RUVqNVhKTENwSFNMcnJEMmdxekd3akdma3BtMHJta0wrZVhzV01nODFFVHB5MzBYTFh0TWIwREczUVBzN1FCWW5RK05yOHdSTGlTc2ZwUjhzNW93bWZZdUpoNHljbmJyN0V6Sy9lL1kiLCJtYWMiOiJmYmEwMTJmMzBkODcwNjJlMzViOTM2NzMwZDAxMjlkNTM2YmMxYWI2YmJmY2ViMGZjNzM1ODE3NzZkYWI5YzRmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZHNTZ1aVVpNjY1ZjJkRVVmMVZLTFE9PSIsInZhbHVlIjoid0dxMnY2eFpOKy9GY09Gb3R4Z0pXTjErUUFsd28vMzJHY3dNNUticmhhZnBrRWdGNVRhVndza3FhRUZvcCtmLzNrRnlMdDF4UEJZb3BYSWdyNVRoWXJBcGREekh1TExGQTZwN0JsMjFFdnVsdklYeEtrQXdRbm9zeEVrZFNkVmQiLCJtYWMiOiI4ZmIyOTdmZjdiMTAwODI1ZmIxNGZiZTExYjFlNzE3MjQ3YmM3NDA1NjA3OGM2NjQyZGM1YTdhYTg2NGE1NTg4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 29 Mar 2024 11:54:17 GMT
content-type: image/png
content-length: 70712
content-disposition: inline; filename="uva7bms7IovFW0SRFWQDfREHCochWXNmnzEcV2ORg1EPQngtUrRPCwyV5SAlYSAU3Mef255"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CZI%2BN8vhqzJqOQnKWIUqciuZkKSrl0O54VWIDPeb9K05mrYETyPkgtVbotmRelzV2elZapXdgoF6EH5i%2B%2FlrbTqrwYHdP4%2FRKmJ8HZzH%2FDC8cTloxe2EsVW4n8PO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server: cloudflare
cf-ray: 86bfaa10cce87131-OSL

nztgp.idaefulpet.com/cdQkNbMneWtaHIrNnmhAb1R34Tj2tXYGAkl100

172.67.147.101

200 OK

93 kB

URL GET HTTP/3
nztgp.idaefulpet.com/cdQkNbMneWtaHIrNnmhAb1R34Tj2tXYGAkl100
IP
172.67.147.101:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Certificate
IssuerLet's Encrypt
Subjectidaefulpet.com
FingerprintEB:92:E7:76:C9:5E:A3:92:E3:A2:33:9C:05:88:CD:68:0E:FE:BC:8F
ValidityThu, 21 Mar 2024 12:19:22 GMT - Wed, 19 Jun 2024 12:19:21 GMT

File type
Web Open Font Format (Version 2), TrueType, length 93276, version 1.0
Size
93 kB (93276 bytes)
Hash
bcd7983ea5aa57c55f6758b4977983cb
ef3a009e205229e07fb0ec8569e669b11c378ef1
6528a0bf9a836a53dfd8536e1786ba6831c9d1faa74967126fddf5b2081b858c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /cdQkNbMneWtaHIrNnmhAb1R34Tj2tXYGAkl100 HTTP/1.1
Host: nztgp.idaefulpet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Ijl1REV5ajFFZktUWFRCd0ZtRkZjL0E9PSIsInZhbHVlIjoiUWZuUTJ6Qm1LQWNUdHp3YzBjOFpKWUJ4RUVqNVhKTENwSFNMcnJEMmdxekd3akdma3BtMHJta0wrZVhzV01nODFFVHB5MzBYTFh0TWIwREczUVBzN1FCWW5RK05yOHdSTGlTc2ZwUjhzNW93bWZZdUpoNHljbmJyN0V6Sy9lL1kiLCJtYWMiOiJmYmEwMTJmMzBkODcwNjJlMzViOTM2NzMwZDAxMjlkNTM2YmMxYWI2YmJmY2ViMGZjNzM1ODE3NzZkYWI5YzRmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZHNTZ1aVVpNjY1ZjJkRVVmMVZLTFE9PSIsInZhbHVlIjoid0dxMnY2eFpOKy9GY09Gb3R4Z0pXTjErUUFsd28vMzJHY3dNNUticmhhZnBrRWdGNVRhVndza3FhRUZvcCtmLzNrRnlMdDF4UEJZb3BYSWdyNVRoWXJBcGREekh1TExGQTZwN0JsMjFFdnVsdklYeEtrQXdRbm9zeEVrZFNkVmQiLCJtYWMiOiI4ZmIyOTdmZjdiMTAwODI1ZmIxNGZiZTExYjFlNzE3MjQ3YmM3NDA1NjA3OGM2NjQyZGM1YTdhYTg2NGE1NTg4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 29 Mar 2024 11:54:17 GMT
content-type: font/woff2
content-length: 93276
content-disposition: inline; filename="cdQkNbMneWtaHIrNnmhAb1R34Tj2tXYGAkl100"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DwMfPva8PLLjXVqtj6O13vLPN6eoO6dCqZuJtNSIt%2Fpd0GJ%2B33WpWzLNjxaNiHyylgIH4JxUkXix2hX63XfWz%2FdQ91UPRBFtRLY1Qcs3IK6kFoWnFjDDWlbfr0lN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server: cloudflare
cf-ray: 86bfaa10bcc67131-OSL

cdn.socket.io/4.6.0/socket.io.min.js

143.204.55.70

200 OK

14 kB

URL GET HTTP/2
cdn.socket.io/4.6.0/socket.io.min.js
IP
143.204.55.70:443
ASN
#16509 AMAZON-02

Requested by
https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Certificate
IssuerAmazon
Subjectcdn.socket.io
FingerprintBB:7D:4E:26:70:F6:06:2A:12:E9:92:A8:F1:9F:CD:82:0B:BF:48:ED
ValiditySun, 22 Oct 2023 00:00:00 GMT - Sun, 17 Nov 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (45667)
Size
14 kB (13748 bytes)
Hash
80f5b8c6a9eeac15de93e5a112036a06
f7174635137d37581b11937fc90e9cb325077bce
0401de33701f1cad16ecf952899d23990b6437d0a5b7335524edf6bdfb932542

HTTP Headers

GET /4.6.0/socket.io.min.js HTTP/1.1
Host: cdn.socket.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nztgp.idaefulpet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
content-disposition: inline; filename="socket.io.min.js"
content-encoding: gzip
date: Mon, 15 Jan 2024 16:33:26 GMT
etag: W/"80f5b8c6a9eeac15de93e5a112036a06"
server: Vercel
strict-transport-security: max-age=63072000
x-vercel-cache: HIT
x-vercel-id: fra1::gsg9m-1705336406533-adf1f7d78a76
x-cache: Hit from cloudfront
via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: rgCU2luRnYcayheBLVqYmhkulq-zt3jkqIELBcJkZlzXCyEOd0xjBg==
age: 6376851
X-Firefox-Spdy: h2

nztgp.idaefulpet.com/mn5PfBYgGIq3Uiucd7IhARuvRfqbGD3IyTzF390150

172.67.147.101

200 OK

1.6 kB

URL GET HTTP/3
nztgp.idaefulpet.com/mn5PfBYgGIq3Uiucd7IhARuvRfqbGD3IyTzF390150
IP
172.67.147.101:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Certificate
IssuerLet's Encrypt
Subjectidaefulpet.com
FingerprintEB:92:E7:76:C9:5E:A3:92:E3:A2:33:9C:05:88:CD:68:0E:FE:BC:8F
ValidityThu, 21 Mar 2024 12:19:22 GMT - Wed, 19 Jun 2024 12:19:21 GMT

File type
SVG Scalable Vector Graphics image
Size
1.6 kB (1580 bytes)
Hash
40eb39126300b56bf66c20ee75b54093
83678d94097257eb474713dec49e8094f49d2e2a
765709425a5b9209e875dccf2217d3161429d2d48159fc1df7b253b77c1574f4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /mn5PfBYgGIq3Uiucd7IhARuvRfqbGD3IyTzF390150 HTTP/1.1
Host: nztgp.idaefulpet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Cookie: XSRF-TOKEN=eyJpdiI6Ijl1REV5ajFFZktUWFRCd0ZtRkZjL0E9PSIsInZhbHVlIjoiUWZuUTJ6Qm1LQWNUdHp3YzBjOFpKWUJ4RUVqNVhKTENwSFNMcnJEMmdxekd3akdma3BtMHJta0wrZVhzV01nODFFVHB5MzBYTFh0TWIwREczUVBzN1FCWW5RK05yOHdSTGlTc2ZwUjhzNW93bWZZdUpoNHljbmJyN0V6Sy9lL1kiLCJtYWMiOiJmYmEwMTJmMzBkODcwNjJlMzViOTM2NzMwZDAxMjlkNTM2YmMxYWI2YmJmY2ViMGZjNzM1ODE3NzZkYWI5YzRmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZHNTZ1aVVpNjY1ZjJkRVVmMVZLTFE9PSIsInZhbHVlIjoid0dxMnY2eFpOKy9GY09Gb3R4Z0pXTjErUUFsd28vMzJHY3dNNUticmhhZnBrRWdGNVRhVndza3FhRUZvcCtmLzNrRnlMdDF4UEJZb3BYSWdyNVRoWXJBcGREekh1TExGQTZwN0JsMjFFdnVsdklYeEtrQXdRbm9zeEVrZFNkVmQiLCJtYWMiOiI4ZmIyOTdmZjdiMTAwODI1ZmIxNGZiZTExYjFlNzE3MjQ3YmM3NDA1NjA3OGM2NjQyZGM1YTdhYTg2NGE1NTg4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 29 Mar 2024 11:54:17 GMT
content-type: image/svg+xml
content-disposition: inline; filename="mn5PfBYgGIq3Uiucd7IhARuvRfqbGD3IyTzF390150"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HaDQ7ncrTfgla%2B2UyBKtza8HRTi5F4aElo9d2uZZ3xiOqNae%2FXgqSdAXL7L%2FQCXPMoljCY7PC5O5jGbtyNifHpATIZjDso7B5YdcKDqmhN2QOSvU8v6Q6lm6HAkb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server: cloudflare
cf-ray: 86bfaa10ccdb7131-OSL
content-encoding: br

nztgp.idaefulpet.com/ijdz8K32xgrCMwSvSncYRKw6dx8G8WPkcK2H2D4CqAPxy9qZnVpGek8Jd4g0OO8xlZLacqILwzFPef205

172.67.147.101

200 OK

50 kB

URL GET HTTP/3
nztgp.idaefulpet.com/ijdz8K32xgrCMwSvSncYRKw6dx8G8WPkcK2H2D4CqAPxy9qZnVpGek8Jd4g0OO8xlZLacqILwzFPef205
IP
172.67.147.101:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Certificate
IssuerLet's Encrypt
Subjectidaefulpet.com
FingerprintEB:92:E7:76:C9:5E:A3:92:E3:A2:33:9C:05:88:CD:68:0E:FE:BC:8F
ValidityThu, 21 Mar 2024 12:19:22 GMT - Wed, 19 Jun 2024 12:19:21 GMT

File type
PNG image data, 2160 x 443, 8-bit/color RGBA, non-interlaced
Size
50 kB (49602 bytes)
Hash
db783743cd246ff4d77f4a3694285989
b9466716904457641b7831868b47162d8d378d41
5913b1ec0fc58ab2bec576804b9e9b566a584ea3d21a1bf74a7b40051a447fdc

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /ijdz8K32xgrCMwSvSncYRKw6dx8G8WPkcK2H2D4CqAPxy9qZnVpGek8Jd4g0OO8xlZLacqILwzFPef205 HTTP/1.1
Host: nztgp.idaefulpet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Cookie: XSRF-TOKEN=eyJpdiI6Ijl1REV5ajFFZktUWFRCd0ZtRkZjL0E9PSIsInZhbHVlIjoiUWZuUTJ6Qm1LQWNUdHp3YzBjOFpKWUJ4RUVqNVhKTENwSFNMcnJEMmdxekd3akdma3BtMHJta0wrZVhzV01nODFFVHB5MzBYTFh0TWIwREczUVBzN1FCWW5RK05yOHdSTGlTc2ZwUjhzNW93bWZZdUpoNHljbmJyN0V6Sy9lL1kiLCJtYWMiOiJmYmEwMTJmMzBkODcwNjJlMzViOTM2NzMwZDAxMjlkNTM2YmMxYWI2YmJmY2ViMGZjNzM1ODE3NzZkYWI5YzRmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZHNTZ1aVVpNjY1ZjJkRVVmMVZLTFE9PSIsInZhbHVlIjoid0dxMnY2eFpOKy9GY09Gb3R4Z0pXTjErUUFsd28vMzJHY3dNNUticmhhZnBrRWdGNVRhVndza3FhRUZvcCtmLzNrRnlMdDF4UEJZb3BYSWdyNVRoWXJBcGREekh1TExGQTZwN0JsMjFFdnVsdklYeEtrQXdRbm9zeEVrZFNkVmQiLCJtYWMiOiI4ZmIyOTdmZjdiMTAwODI1ZmIxNGZiZTExYjFlNzE3MjQ3YmM3NDA1NjA3OGM2NjQyZGM1YTdhYTg2NGE1NTg4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 29 Mar 2024 11:54:17 GMT
content-type: image/png
content-length: 49602
content-disposition: inline; filename="ijdz8K32xgrCMwSvSncYRKw6dx8G8WPkcK2H2D4CqAPxy9qZnVpGek8Jd4g0OO8xlZLacqILwzFPef205"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z4bv9uk%2F2DVcVYORcKM0MbKdNkZBsWnff4zVg2O9x6RBKqGmaHKwfUvBGGJO7ZizDRHOKqcmE%2ByOhCf%2BBk4o5j0u21EkVSKAeXFunmMZXO%2BNEfU5UZesUpN8yutg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server: cloudflare
cf-ray: 86bfaa10cce47131-OSL

minusdesigns.net/new/auth/promosgroceries/SJLD5JQEX8FFOM7UVERS3P/c3NhbmNoZXpAcHJvbW9zZ3JvY2VyaWVzLmNvbQ==

104.21.1.60

472 B

URL
minusdesigns.net/new/auth/promosgroceries/SJLD5JQEX8FFOM7UVERS3P/c3NhbmNoZXpAcHJvbW9zZ3JvY2VyaWVzLmNvbQ==
IP
104.21.1.60:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
094271140217c03c16c43b7fc2091a12
3796fb8592b24839087f8b507b85221445c06aaf
367937e36123322183244390f5ca1d02357fbc8be4142161332814df4c4ece15

HTTP Headers

GET /new/auth/promosgroceries/SJLD5JQEX8FFOM7UVERS3P/c3NhbmNoZXpAcHJvbW9zZ3JvY2VyaWVzLmNvbQ== HTTP/1.1
Host: minusdesigns.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 29 Mar 2024 11:54:08 GMT
content-type: text/html; charset=UTF-8
refresh: 0;url=https://nztgp.idaefulpet.com/typsegra/#Hssanchez@promosgroceries.com
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A04fPKnuuAjdFBMzhzggWfwzeCsW9I3nrBSu5WjHlOvVBnDK5ns%2FZtNj9GKyKey2dVAdChqRjI4IztNnbk1N3sl5mp4Oj%2FOZjCcq5ID%2By9ypyoWx1GkKhLTbHait6CzeO5Ef"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 86bfa9d5dc3cb509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/recaptcha__en.js

142.250.74.35

200 OK

203 kB

URL GET HTTP/2
www.gstatic.com/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/recaptcha__en.js
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF3:56:10:42:A8:3C:BF:F5:89:9C:4C:C0:F8:E3:DC:C4:1C:E9:34:9E
ValidityMon, 26 Feb 2024 08:18:21 GMT - Mon, 20 May 2024 08:18:20 GMT

File type
JavaScript source, ASCII text, with very long lines (596)
Size
203 kB (203410 bytes)
Hash
48c590d47c8b1868cecab334e9a34cbe
5f1a9f94294ec337f657ac2ebec1c74e097ce5b3
f3756825df5194a174b7a55ebd3b484c276766eef21343d34b053b98ed386801

HTTP Headers

GET /recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nztgp.idaefulpet.com
DNT: 1
Connection: keep-alive
Referer: https://nztgp.idaefulpet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 203410
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 28 Mar 2024 17:31:50 GMT
expires: Fri, 28 Mar 2025 17:31:50 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 25 Mar 2024 04:00:24 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 66148
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

nztgp.idaefulpet.com/favicon.ico

172.67.147.101

404 Not Found

2.8 kB

URL GET HTTP/3
nztgp.idaefulpet.com/favicon.ico
IP
172.67.147.101:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Certificate
IssuerLet's Encrypt
Subjectidaefulpet.com
FingerprintEB:92:E7:76:C9:5E:A3:92:E3:A2:33:9C:05:88:CD:68:0E:FE:BC:8F
ValidityThu, 21 Mar 2024 12:19:22 GMT - Wed, 19 Jun 2024 12:19:21 GMT

File type
data
Size
2.8 kB (2786 bytes)
Hash
18c84cc063296caf31d66d100315c112
928a73bf3c52ad1319b1c54fdd6d1d1db6931e76
ca346b391b3a1d5ff0b57414b1d347a68b6b20acf50f6e33565de8c87ba31442

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: nztgp.idaefulpet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Cookie: XSRF-TOKEN=eyJpdiI6ImN4RFFVSXBYbWpER2QzM2NHZUxmRkE9PSIsInZhbHVlIjoiRXpLeHBOeDFCZnhaVUZDK05SSlhWZzMxTHFPRzZWcUl0SVU4Rk9uNFBqcUdIb0srK280aDJ5VzFhUkNQUkdoeGw0OUgwN0NzSDIzY3JoTXh6cFhFeG1paHh0aXk1Y0p4R0hnNjZRYWp1d3p3NXBHZkpBeVBacXJ4NUwvQWl5RzciLCJtYWMiOiIzODE2Yzk4MjEwMjI0MTcyNzE5OWVmZmMwMDFhZjU0OGZlY2FiZjhjMjkyOGIxMTczZDIxYjdjNDc2NzcyMTk5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjllTWtWYUxKSSt6ajhFR0V4WW9WR1E9PSIsInZhbHVlIjoiYS9XdWxZZ0Zhb0Z3SlRJY1U3eHZqN3owNTRmZHQ2RFFlenRMYmZNbFlBSGhoRWpweHMxNVBvSVhxYWtHVldNcmhRR29EOEdNVExBNzN0VWdBc3M4S2hzQStmOFFld2hBVllQOXJZcXMxV1hGL3VzY3cxbW9id1ZpZmYvLytsbmEiLCJtYWMiOiI3YWVmNGFiMjQ1Y2FjYmE2ODA3YWVkNjk1NTI0MzVhNjFkN2YxMTIwOGNlZDM5Mjc5NzJhMTNiYWM4NDEyYmE0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
date: Fri, 29 Mar 2024 11:54:18 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=14400
age: 9
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5IAcDDvIf%2BVMkgvR7KO7ZvIqJEjF69HphyHBwjPeKImhecy4garSQ%2BH%2F9olr2z1JlsE0cUIxCxHug34e0KwkBhKm4fnEhnl%2BoTWzkr6rjYOo3LSDdLljyMJ3u7OU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
server: cloudflare
cf-ray: 86bfaa171a097131-OSL
content-encoding: br

nztgp.idaefulpet.com/ijjdGkC42OEjIBrpgGw7MbRTwx9BO6IhNulnQJeZy56170

172.67.147.101

200 OK

2.8 kB

URL GET HTTP/3
nztgp.idaefulpet.com/ijjdGkC42OEjIBrpgGw7MbRTwx9BO6IhNulnQJeZy56170
IP
172.67.147.101:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Certificate
IssuerLet's Encrypt
Subjectidaefulpet.com
FingerprintEB:92:E7:76:C9:5E:A3:92:E3:A2:33:9C:05:88:CD:68:0E:FE:BC:8F
ValidityThu, 21 Mar 2024 12:19:22 GMT - Wed, 19 Jun 2024 12:19:21 GMT

File type
SVG Scalable Vector Graphics image
Size
2.8 kB (2849 bytes)
Hash
b59c16ca9bf156438a8a96d45e33db64
4e51b7d3477414b220f688adabd76d3ae6472ee3
a7ee799dd5b6f6dbb70b043b766362a6724e71458f9839306c995f06b218c2f8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /ijjdGkC42OEjIBrpgGw7MbRTwx9BO6IhNulnQJeZy56170 HTTP/1.1
Host: nztgp.idaefulpet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Cookie: XSRF-TOKEN=eyJpdiI6Ijl1REV5ajFFZktUWFRCd0ZtRkZjL0E9PSIsInZhbHVlIjoiUWZuUTJ6Qm1LQWNUdHp3YzBjOFpKWUJ4RUVqNVhKTENwSFNMcnJEMmdxekd3akdma3BtMHJta0wrZVhzV01nODFFVHB5MzBYTFh0TWIwREczUVBzN1FCWW5RK05yOHdSTGlTc2ZwUjhzNW93bWZZdUpoNHljbmJyN0V6Sy9lL1kiLCJtYWMiOiJmYmEwMTJmMzBkODcwNjJlMzViOTM2NzMwZDAxMjlkNTM2YmMxYWI2YmJmY2ViMGZjNzM1ODE3NzZkYWI5YzRmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZHNTZ1aVVpNjY1ZjJkRVVmMVZLTFE9PSIsInZhbHVlIjoid0dxMnY2eFpOKy9GY09Gb3R4Z0pXTjErUUFsd28vMzJHY3dNNUticmhhZnBrRWdGNVRhVndza3FhRUZvcCtmLzNrRnlMdDF4UEJZb3BYSWdyNVRoWXJBcGREekh1TExGQTZwN0JsMjFFdnVsdklYeEtrQXdRbm9zeEVrZFNkVmQiLCJtYWMiOiI4ZmIyOTdmZjdiMTAwODI1ZmIxNGZiZTExYjFlNzE3MjQ3YmM3NDA1NjA3OGM2NjQyZGM1YTdhYTg2NGE1NTg4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 29 Mar 2024 11:54:17 GMT
content-type: image/svg+xml
content-disposition: inline; filename="ijjdGkC42OEjIBrpgGw7MbRTwx9BO6IhNulnQJeZy56170"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pR%2B37DBN4X8Bm8vJTm%2FQaKqCnzkslTNECMBIaQ54Cwa76bLONofS0v2m1maU6itsu5sjqJoXvkRViXDfF6H0iLZ9ClkSiYLac21I0TXb1Q6KkoCXgJiuxHl2szgx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server: cloudflare
cf-ray: 86bfaa10ccdd7131-OSL
content-encoding: br

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/86bfa9e1badc5684/1711713250015/b18e3f321d4f09b63b99a1fe4a094ab413f97e5d114b70ad062fc871072d4d5b/fpzLtiJS1LCxNbR

104.17.2.184

31 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/86bfa9e1badc5684/1711713250015/b18e3f321d4f09b63b99a1fe4a094ab413f97e5d114b70ad062fc871072d4d5b/fpzLtiJS1LCxNbR
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
31 kB (31377 bytes)
Hash
19ffb38c145467e3e28e9bbb92062ec1
8bdcc00204dd31f5b909696c095074bbb744a887
73fb7136c57417eac4a98354f316a22e7167b9999a72846754da64a3ce1d0817

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/pat/86bfa9e1badc5684/1711713250015/b18e3f321d4f09b63b99a1fe4a094ab413f97e5d114b70ad062fc871072d4d5b/fpzLtiJS1LCxNbR HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/5ap8g/0x4AAAAAAAVTPjIP4MmTkkbv/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 401 Unauthorized
date: Fri, 29 Mar 2024 11:54:10 GMT
content-type: text/plain; charset=UTF-8
www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gsY4_Mh1PCbY7maH-SglKtBP5fl0RS3CtBi_IcQctTVsAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEA2bToxM3RxHKUmBrs-VbcF2uHBHcBix_OktMXRV4t9boDyaudU_G8wKuOXk-LpuhnN3iCwqC5fcJMnkCK42-jAF5m3OFhlJJKIoH4xA0B5elBjxOKFG6ncr3DMaPMYkbFhr1qhAlNwOILQur8lVafosE1XBV09k7tzlpCt9W-BVah0-kozycN0mnJ4tPd1_RNUFCWFtqMMG2jGEDR11VCaCrNbBeiPAdvVSzxc2msr2CmSJp8arJQ4scrXc2KV1KY9boTh0rZXeO9KlTH60Q_7-PGEsuARho_by6IO0NDD7lWRPwUACVEEfmUvfS6XYcvEdBM_HtU0csF5MM6FUMChQIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tILGOPzIdTwm2O5mh_koJSrQT-X5dEUtwrQYvyHEHLU1bABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAnvwKKzhhiJjOCuPblFCzFrScOkAetWT8wXJwhvhLzrhs8WFuGIZ1sIpZAn8LzGENgfSrkMKcighkUa594hx7MKzaTos03IfprvikEk9yHp6sURRBwxDKoWlGI53q84nlOkxRrfPANVDZGvv9jO__--G8qxHQKBZzows0uXBxHhHSQkyQN0maj67VnA5zHUqDHgqCQVUT8XjHD8WDIuJSUz6q5Uc2xFtgd0qCAy2ULqFNw_OSYDLXAl3kod_tBqp16ehQSQ9KXJS5_SdU6PjcleN8XW_sm7WlDYgtPGIVKPhqpKbUn1l_zu18JbW4NoFpc8gfv3WcQTz-l1E3aBz41QIDAQAB", max-age=20
server: cloudflare
cf-ray: 86bfa9e728025684-OSL
alt-svc: h3=":443"; ma=86400

httpbin.org/ip

54.147.29.229

200 OK

31 B

URL GET HTTP/2
httpbin.org/ip
IP
54.147.29.229:443
ASN
#14618 AMAZON-AES

Requested by
https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Certificate
IssuerAmazon
Subjecthttpbin.org
Fingerprint14:0C:C7:A8:EC:FA:7F:9C:9D:D2:B8:7E:C9:B8:93:3A:A1:11:F6:01
ValidityThu, 21 Sep 2023 00:00:00 GMT - Fri, 18 Oct 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
31 B (31 bytes)
Hash
b90b7b460267d7067015fd46f3cd1a1e
3c164e9136c246dffb5fb4ef3927dda99d880121
885fd87e71d0651d917c1483aaf061a95e9c52371afb3970abf85c50caa8dfbf

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /ip HTTP/1.1
Host: httpbin.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nztgp.idaefulpet.com
DNT: 1
Connection: keep-alive
Referer: https://nztgp.idaefulpet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 29 Mar 2024 11:54:19 GMT
content-type: application/json
content-length: 31
server: gunicorn/19.9.0
access-control-allow-origin: https://nztgp.idaefulpet.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2

nztgp.idaefulpet.com/xydy9Kprs3ef30

172.67.147.101

200 OK

38 kB

URL GET HTTP/3
nztgp.idaefulpet.com/xydy9Kprs3ef30
IP
172.67.147.101:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Certificate
IssuerLet's Encrypt
Subjectidaefulpet.com
FingerprintEB:92:E7:76:C9:5E:A3:92:E3:A2:33:9C:05:88:CD:68:0E:FE:BC:8F
ValidityThu, 21 Mar 2024 12:19:22 GMT - Wed, 19 Jun 2024 12:19:21 GMT

File type
ASCII text, with very long lines (1437), with CRLF line terminators
Size
38 kB (38221 bytes)
Hash
0a40b289b9ecb589387f31cbd2807033
dbb02f7d438a952b55cab142749c648cd6417af5
c17e32e67edc46c2720b01a4a716996809ad8335c875f6980319a1440de6c245

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /xydy9Kprs3ef30 HTTP/1.1
Host: nztgp.idaefulpet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Cookie: XSRF-TOKEN=eyJpdiI6Ijl1REV5ajFFZktUWFRCd0ZtRkZjL0E9PSIsInZhbHVlIjoiUWZuUTJ6Qm1LQWNUdHp3YzBjOFpKWUJ4RUVqNVhKTENwSFNMcnJEMmdxekd3akdma3BtMHJta0wrZVhzV01nODFFVHB5MzBYTFh0TWIwREczUVBzN1FCWW5RK05yOHdSTGlTc2ZwUjhzNW93bWZZdUpoNHljbmJyN0V6Sy9lL1kiLCJtYWMiOiJmYmEwMTJmMzBkODcwNjJlMzViOTM2NzMwZDAxMjlkNTM2YmMxYWI2YmJmY2ViMGZjNzM1ODE3NzZkYWI5YzRmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZHNTZ1aVVpNjY1ZjJkRVVmMVZLTFE9PSIsInZhbHVlIjoid0dxMnY2eFpOKy9GY09Gb3R4Z0pXTjErUUFsd28vMzJHY3dNNUticmhhZnBrRWdGNVRhVndza3FhRUZvcCtmLzNrRnlMdDF4UEJZb3BYSWdyNVRoWXJBcGREekh1TExGQTZwN0JsMjFFdnVsdklYeEtrQXdRbm9zeEVrZFNkVmQiLCJtYWMiOiI4ZmIyOTdmZjdiMTAwODI1ZmIxNGZiZTExYjFlNzE3MjQ3YmM3NDA1NjA3OGM2NjQyZGM1YTdhYTg2NGE1NTg4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 29 Mar 2024 11:54:17 GMT
content-type: text/css;charset=UTF-8
content-disposition: inline; filename="xydy9Kprs3ef30"
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fGPieql5KeotCZ7%2BsUFBodimfV9LAeMQBAEBRWbrbxJC13f00bvoXqRFqPpO5PSQiqkm7oJHpO6XMT%2F%2B8w62tF5WuSl8o8qIhBvQLnBgzrvg5g9m5jykkD0HNF1W"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server: cloudflare
cf-ray: 86bfaa10acb57131-OSL
content-encoding: br

nztgp.idaefulpet.com/56tzKvDl7cyxabFAjEih8913

172.67.147.101

200 OK

23 kB

URL GET HTTP/3
nztgp.idaefulpet.com/56tzKvDl7cyxabFAjEih8913
IP
172.67.147.101:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Certificate
IssuerLet's Encrypt
Subjectidaefulpet.com
FingerprintEB:92:E7:76:C9:5E:A3:92:E3:A2:33:9C:05:88:CD:68:0E:FE:BC:8F
ValidityThu, 21 Mar 2024 12:19:22 GMT - Wed, 19 Jun 2024 12:19:21 GMT

File type
ASCII text, with very long lines (23398), with no line terminators
Size
23 kB (23398 bytes)
Hash
c1c51d30d5e7094136f2d828349e520f
10ae8971ad7a8798bc9732707fe4896b57541557
0c55057782e3b346c2b819574bfa916852bc8ac5bb4e01d56e8fbffc22043c98

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /56tzKvDl7cyxabFAjEih8913 HTTP/1.1
Host: nztgp.idaefulpet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Cookie: XSRF-TOKEN=eyJpdiI6Ijl1REV5ajFFZktUWFRCd0ZtRkZjL0E9PSIsInZhbHVlIjoiUWZuUTJ6Qm1LQWNUdHp3YzBjOFpKWUJ4RUVqNVhKTENwSFNMcnJEMmdxekd3akdma3BtMHJta0wrZVhzV01nODFFVHB5MzBYTFh0TWIwREczUVBzN1FCWW5RK05yOHdSTGlTc2ZwUjhzNW93bWZZdUpoNHljbmJyN0V6Sy9lL1kiLCJtYWMiOiJmYmEwMTJmMzBkODcwNjJlMzViOTM2NzMwZDAxMjlkNTM2YmMxYWI2YmJmY2ViMGZjNzM1ODE3NzZkYWI5YzRmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZHNTZ1aVVpNjY1ZjJkRVVmMVZLTFE9PSIsInZhbHVlIjoid0dxMnY2eFpOKy9GY09Gb3R4Z0pXTjErUUFsd28vMzJHY3dNNUticmhhZnBrRWdGNVRhVndza3FhRUZvcCtmLzNrRnlMdDF4UEJZb3BYSWdyNVRoWXJBcGREekh1TExGQTZwN0JsMjFFdnVsdklYeEtrQXdRbm9zeEVrZFNkVmQiLCJtYWMiOiI4ZmIyOTdmZjdiMTAwODI1ZmIxNGZiZTExYjFlNzE3MjQ3YmM3NDA1NjA3OGM2NjQyZGM1YTdhYTg2NGE1NTg4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 29 Mar 2024 11:54:17 GMT
content-type: text/css;charset=UTF-8
content-disposition: inline; filename="56tzKvDl7cyxabFAjEih8913"
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rNY89WqnzbMaIMtV8vuwzuphKhH2DjpbCafUaX2Y6NqM8ajQGObbSMZ3otmSMqxIcxdWS7sCcErFH5L5DDjMOhXwvTndyUyeZ6nN9K7jskZA9%2FSYW4oD%2BW2jq2GP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server: cloudflare
cf-ray: 86bfaa10acb37131-OSL
content-encoding: br

nztgp.idaefulpet.com/op2p2fjJWZhHgt2eQBwRToOMtfRPd6gzjSPg3rXHhuvwoK6xAKGatYk5W8xUFY8Ee3Bef200

172.67.147.101

200 OK

268 B

URL GET HTTP/3
nztgp.idaefulpet.com/op2p2fjJWZhHgt2eQBwRToOMtfRPd6gzjSPg3rXHhuvwoK6xAKGatYk5W8xUFY8Ee3Bef200
IP
172.67.147.101:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Certificate
IssuerLet's Encrypt
Subjectidaefulpet.com
FingerprintEB:92:E7:76:C9:5E:A3:92:E3:A2:33:9C:05:88:CD:68:0E:FE:BC:8F
ValidityThu, 21 Mar 2024 12:19:22 GMT - Wed, 19 Jun 2024 12:19:21 GMT

File type
SVG Scalable Vector Graphics image
Size
268 B (268 bytes)
Hash
1318aafc1fb9ded0c623e5b9a557e6df
0917cdd7633cd1642b02b2b785416ec7e5106dcc
d86660a84daa211b121ec9fe0df83d6b945f61b888384391eabc7d6b4e941dc4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /op2p2fjJWZhHgt2eQBwRToOMtfRPd6gzjSPg3rXHhuvwoK6xAKGatYk5W8xUFY8Ee3Bef200 HTTP/1.1
Host: nztgp.idaefulpet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Cookie: XSRF-TOKEN=eyJpdiI6Ijl1REV5ajFFZktUWFRCd0ZtRkZjL0E9PSIsInZhbHVlIjoiUWZuUTJ6Qm1LQWNUdHp3YzBjOFpKWUJ4RUVqNVhKTENwSFNMcnJEMmdxekd3akdma3BtMHJta0wrZVhzV01nODFFVHB5MzBYTFh0TWIwREczUVBzN1FCWW5RK05yOHdSTGlTc2ZwUjhzNW93bWZZdUpoNHljbmJyN0V6Sy9lL1kiLCJtYWMiOiJmYmEwMTJmMzBkODcwNjJlMzViOTM2NzMwZDAxMjlkNTM2YmMxYWI2YmJmY2ViMGZjNzM1ODE3NzZkYWI5YzRmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZHNTZ1aVVpNjY1ZjJkRVVmMVZLTFE9PSIsInZhbHVlIjoid0dxMnY2eFpOKy9GY09Gb3R4Z0pXTjErUUFsd28vMzJHY3dNNUticmhhZnBrRWdGNVRhVndza3FhRUZvcCtmLzNrRnlMdDF4UEJZb3BYSWdyNVRoWXJBcGREekh1TExGQTZwN0JsMjFFdnVsdklYeEtrQXdRbm9zeEVrZFNkVmQiLCJtYWMiOiI4ZmIyOTdmZjdiMTAwODI1ZmIxNGZiZTExYjFlNzE3MjQ3YmM3NDA1NjA3OGM2NjQyZGM1YTdhYTg2NGE1NTg4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 29 Mar 2024 11:54:17 GMT
content-type: image/svg+xml
content-disposition: inline; filename="op2p2fjJWZhHgt2eQBwRToOMtfRPd6gzjSPg3rXHhuvwoK6xAKGatYk5W8xUFY8Ee3Bef200"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ojZ8bXNpxuxCwSqFtaq4YEyQAYtUwpvEU60UyrjLNT8fwK0GSDCY15jwGk95buQLzSWS1XVjRaGh0O0Vjpw1tej1Wk0A9qLGQvbV9MJIBhY%2Bs%2Fzjj1JoTJaFTpRu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server: cloudflare
cf-ray: 86bfaa10cce07131-OSL
content-encoding: br

nztgp.idaefulpet.com/typsegra/?hHssanchez@promosgroceries.com

172.67.147.101

302 Found

59 kB

URL User Request GET HTTP/3
nztgp.idaefulpet.com/typsegra/?hHssanchez@promosgroceries.com
IP
172.67.147.101:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectidaefulpet.com
FingerprintEB:92:E7:76:C9:5E:A3:92:E3:A2:33:9C:05:88:CD:68:0E:FE:BC:8F
ValidityThu, 21 Mar 2024 12:19:22 GMT - Wed, 19 Jun 2024 12:19:21 GMT

File type

Size
59 kB (59356 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /typsegra/?hHssanchez@promosgroceries.com HTTP/1.1
Host: nztgp.idaefulpet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nztgp.idaefulpet.com/typsegra/
Cookie: XSRF-TOKEN=eyJpdiI6IlRaU3djTUJYYld5K0hZd0phNk40OVE9PSIsInZhbHVlIjoiTlZza1dkWTJNVm9GWjU5ME1QaGQ1Zmo3SmdqSS9SUStyc1djUGtRSW5RVFJ2WUpKcklSRis3aU1mcDVUR0VTNWtLNTVYTk9wNkVYWFE1WGgwUEJ1enpJUFk5NmpIUjVGQmNIMFBSRXprMjJ5cjRTVTZQUGpsbWlVdi92YXlnUVgiLCJtYWMiOiJkNDZjNzdkNWFjNzlmYWNlOGE4YWFlM2NhNDg5NWViMWYwY2MyNmE4ODg1OGI3ZDRhYWU3NzUwMjUyZTQ2NTJmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkplZEFZcm1SV1F2TVhMWmFaaGp1YVE9PSIsInZhbHVlIjoiL0NyTVJHVmMrcml6K3ErMGI1QUZ5UFB5Y1FFLzFXNXhXcm1pR2dLZE9rTjJrQlRrTUhGRlVGSlZVdDVzWjNvSkt5WEdkZGtydjByMkxrektldG9vbi9ZZW9GOE5OTW9WTUpRZUsySjRqZlRCOEZzN016ZERJZlFNWHNGaEt2QloiLCJtYWMiOiJhOWIxYjBjZjFiNGFjMzBmMzdjM2FiNWI2NTNhYWNjNjQwMGM3YjU2MzA5Y2QwNzRiODY4YWI0OTc5YTk2ZDA4IiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 302 Found
date: Fri, 29 Mar 2024 11:54:16 GMT
content-type: text/html; charset=UTF-8
location: https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
cache-control: no-cache, private
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UHABoWi2L7IRFkl9VserKJHpLxlL3eqhiUVaj6vGEz70gGZJZmgacr%2B7S%2FDZ379jl9x9NzP7YmCsbZGdMfWPYIrkbsMmEKqxzStbt1YzoigXVtxAqbuFMz%2BZmqws"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6IjVVOHBDMXFaWFRDcHlzTEJmaUVoMkE9PSIsInZhbHVlIjoiNm1NTy94bkJJYVVXWGg0QnVDRDZzMElxSTRXRnhCTmlFS2ZuRkdWeWpQYUdqakZhaWtvRGorWnhMcTVKaFdaK01LdDhSM1FVSUlIQVBlMHBLczJzLzVHTkdSWXhGUEhEeU9HTGhRbVlmODUzbkNoNklDZ2FDQ2Z6N2RYT05OYVMiLCJtYWMiOiJlNWUzMmVkYTUyODRkMjRiYTM2OWE1YWYyOWY1OWRiYzE1ZWM0ODc0OGNiMTAyMGIzZDJjZDFjOWI4MzkxYzRmIiwidGFnIjoiIn0%3D; expires=Fri, 29-Mar-2024 13:54:16 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IkluRG11ME9UWGIrNm8vQ1FEMkYwM0E9PSIsInZhbHVlIjoielBTVmQxNlhMODJEQU1xZGZuTUhidDQvN1VnSmUycUpKNndvbXRoUjZuTDZhOEg1RlVNRkdNQkpGVjB3c081V0lIVktQT0lRZ3FXR1FLRFlUT3YyRjloNkgrRXBUWVByWStXNHBNV2ZlNTdvY0ZHWVROS2xrNzUwcXRnRyt1cHYiLCJtYWMiOiI2N2EyMWU4NzZiOWE5ZTg4ZmI0ZjI2MTU3MjQzZjg5MDI4OGMyZDc1MzZjYzViZGMzMDYyNDdmOGM4MmUxMjc4IiwidGFnIjoiIn0%3D; expires=Fri, 29-Mar-2024 13:54:16 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
server: cloudflare
cf-ray: 86bfaa0b380e7131-OSL

nztgp.idaefulpet.com/ijD1A5jhzYvUTo6sb4ZXr01JUT9m9ehqrxxWScCrOBqibE8OVSiIDChcOUSUcdzIuZy9Rab222

172.67.147.101

200 OK

1.4 kB

URL GET HTTP/3
nztgp.idaefulpet.com/ijD1A5jhzYvUTo6sb4ZXr01JUT9m9ehqrxxWScCrOBqibE8OVSiIDChcOUSUcdzIuZy9Rab222
IP
172.67.147.101:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Certificate
IssuerLet's Encrypt
Subjectidaefulpet.com
FingerprintEB:92:E7:76:C9:5E:A3:92:E3:A2:33:9C:05:88:CD:68:0E:FE:BC:8F
ValidityThu, 21 Mar 2024 12:19:22 GMT - Wed, 19 Jun 2024 12:19:21 GMT

File type
PNG image data, 108 x 24, 8-bit/color RGBA, non-interlaced
Size
1.4 kB (1400 bytes)
Hash
333ee830e5ab72c41dd9126a27b4d878
12d8d66ebb3076f3d6069e133c3212f97c8774e1
8702292cbc365e9f0488143e2b309b85efe09c61fd2e0a2e21c53735a309313c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /ijD1A5jhzYvUTo6sb4ZXr01JUT9m9ehqrxxWScCrOBqibE8OVSiIDChcOUSUcdzIuZy9Rab222 HTTP/1.1
Host: nztgp.idaefulpet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Cookie: XSRF-TOKEN=eyJpdiI6Ijl1REV5ajFFZktUWFRCd0ZtRkZjL0E9PSIsInZhbHVlIjoiUWZuUTJ6Qm1LQWNUdHp3YzBjOFpKWUJ4RUVqNVhKTENwSFNMcnJEMmdxekd3akdma3BtMHJta0wrZVhzV01nODFFVHB5MzBYTFh0TWIwREczUVBzN1FCWW5RK05yOHdSTGlTc2ZwUjhzNW93bWZZdUpoNHljbmJyN0V6Sy9lL1kiLCJtYWMiOiJmYmEwMTJmMzBkODcwNjJlMzViOTM2NzMwZDAxMjlkNTM2YmMxYWI2YmJmY2ViMGZjNzM1ODE3NzZkYWI5YzRmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZHNTZ1aVVpNjY1ZjJkRVVmMVZLTFE9PSIsInZhbHVlIjoid0dxMnY2eFpOKy9GY09Gb3R4Z0pXTjErUUFsd28vMzJHY3dNNUticmhhZnBrRWdGNVRhVndza3FhRUZvcCtmLzNrRnlMdDF4UEJZb3BYSWdyNVRoWXJBcGREekh1TExGQTZwN0JsMjFFdnVsdklYeEtrQXdRbm9zeEVrZFNkVmQiLCJtYWMiOiI4ZmIyOTdmZjdiMTAwODI1ZmIxNGZiZTExYjFlNzE3MjQ3YmM3NDA1NjA3OGM2NjQyZGM1YTdhYTg2NGE1NTg4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 29 Mar 2024 11:54:17 GMT
content-type: image/png
content-length: 1400
content-disposition: inline; filename="ijD1A5jhzYvUTo6sb4ZXr01JUT9m9ehqrxxWScCrOBqibE8OVSiIDChcOUSUcdzIuZy9Rab222"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CfSb7B4Zr%2BIEeFQmJpNg2yzgFcfIiZyLC0HdURB%2BlNS4z5FBSNfwIhHQZwjMDUCxAlMVEWpE5Hl%2FQtAjNgzDKruYfr0TyfCoL3CIdlVaqP53wYlpliOUpbFWu4I8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server: cloudflare
cf-ray: 86bfaa136eff7131-OSL

nztgp.idaefulpet.com/cv7rEycb8rFsavEd58RxpWiIy9omZq9NuOBvrzxg2nzdPXJcZ5col9lrUCnNTJpel

172.67.147.101

200 OK

20 B

URL POST HTTP/3
nztgp.idaefulpet.com/cv7rEycb8rFsavEd58RxpWiIy9omZq9NuOBvrzxg2nzdPXJcZ5col9lrUCnNTJpel
IP
172.67.147.101:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Certificate
IssuerLet's Encrypt
Subjectidaefulpet.com
FingerprintEB:92:E7:76:C9:5E:A3:92:E3:A2:33:9C:05:88:CD:68:0E:FE:BC:8F
ValidityThu, 21 Mar 2024 12:19:22 GMT - Wed, 19 Jun 2024 12:19:21 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
20 B (20 bytes)
Hash
0b35866f4a3aa4d34ce5dda2d14c2cd8
d2b80911f09c3106fdf0df9920f983945d644083
493851374626d927bfe1c7d084fa977a0e636c03f163fda258ab6b638edc2f0d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

POST /cv7rEycb8rFsavEd58RxpWiIy9omZq9NuOBvrzxg2nzdPXJcZ5col9lrUCnNTJpel HTTP/1.1
Host: nztgp.idaefulpet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 33
Origin: https://nztgp.idaefulpet.com
DNT: 1
Connection: keep-alive
Referer: https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Cookie: XSRF-TOKEN=eyJpdiI6ImN4RFFVSXBYbWpER2QzM2NHZUxmRkE9PSIsInZhbHVlIjoiRXpLeHBOeDFCZnhaVUZDK05SSlhWZzMxTHFPRzZWcUl0SVU4Rk9uNFBqcUdIb0srK280aDJ5VzFhUkNQUkdoeGw0OUgwN0NzSDIzY3JoTXh6cFhFeG1paHh0aXk1Y0p4R0hnNjZRYWp1d3p3NXBHZkpBeVBacXJ4NUwvQWl5RzciLCJtYWMiOiIzODE2Yzk4MjEwMjI0MTcyNzE5OWVmZmMwMDFhZjU0OGZlY2FiZjhjMjkyOGIxMTczZDIxYjdjNDc2NzcyMTk5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjllTWtWYUxKSSt6ajhFR0V4WW9WR1E9PSIsInZhbHVlIjoiYS9XdWxZZ0Zhb0Z3SlRJY1U3eHZqN3owNTRmZHQ2RFFlenRMYmZNbFlBSGhoRWpweHMxNVBvSVhxYWtHVldNcmhRR29EOEdNVExBNzN0VWdBc3M4S2hzQStmOFFld2hBVllQOXJZcXMxV1hGL3VzY3cxbW9id1ZpZmYvLytsbmEiLCJtYWMiOiI3YWVmNGFiMjQ1Y2FjYmE2ODA3YWVkNjk1NTI0MzVhNjFkN2YxMTIwOGNlZDM5Mjc5NzJhMTNiYWM4NDEyYmE0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 29 Mar 2024 11:54:19 GMT
content-type: application/json
cache-control: no-cache, private
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3C%2B9gZAWK4skZii%2BL52IUN%2Fk3Eudd7XH32yXItZ2%2BvfxWx6nGEYSltNyYevAIzEfZ8uG4VPj7M%2FPSC4kA6CriwQOEnXVIpiwpB8MhUTQIqOfjc3y6%2FMDlUwmeWey"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6IjZSMVZaMWFyekZDL2RCOEpMeUZFckE9PSIsInZhbHVlIjoiYXJOOWpMcDViNzkvSkVjNU5raWx4ZHFLcEJTSmQyRTFxMlJmeTVFWDVUTmZIdGI3bk9KME40dVJHY3ZUQkhJTFczMGJDTlp3QTVWblJybjVMU1dpYVR6UUlVNURPYzNoZ0FHL01GOHNGd1BudUZFVHJyK3ZsQlVXcVBJQ25rL1giLCJtYWMiOiIyNTM4YzY4M2RhMGU1NTNhOWYxMzZhZjdmMWIwZTYyOTcyOGYwZWVkZTRlMjczZGFhYTg3MTU0OGUyN2QxYThiIiwidGFnIjoiIn0%3D; expires=Fri, 29-Mar-2024 13:54:19 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IkVZcy9nbjEvTTRENjFwTVhlUzZVMVE9PSIsInZhbHVlIjoiZnkxS3dYVVpyc1dCY3NIZzZkRHJtR01pUjcwTUxRajlKSC9nZzk3ZFRWUm5hRkZBTkZFUFNQQUlETk4yR2hKOVphK2U1bXBEUEI2L2NlT3JNejZsK0licEQ3UmlUU2dGZk9lWUV4OUNiMUdVV0NndS9ZSFBaSW1JTGhsN0lzblYiLCJtYWMiOiI2NWRkZDBlZmQ1OWU0NjJmOWMzNGFlZGFmOGE4YTgyODgzYjY1YTI0M2E1NTBlMWE0NDRmNzk0NGUzYTA0MWMwIiwidGFnIjoiIn0%3D; expires=Fri, 29-Mar-2024 13:54:19 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
server: cloudflare
cf-ray: 86bfaa1eb9157131-OSL
content-encoding: br

nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH

172.67.147.101

200 OK

59 kB

URL User Request GET HTTP/3
nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
IP
172.67.147.101:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectidaefulpet.com
FingerprintEB:92:E7:76:C9:5E:A3:92:E3:A2:33:9C:05:88:CD:68:0E:FE:BC:8F
ValidityThu, 21 Mar 2024 12:19:22 GMT - Wed, 19 Jun 2024 12:19:21 GMT

File type
HTML document, ASCII text, with very long lines (58989), with CRLF line terminators
Size
59 kB (59356 bytes)
Hash
c45fde9f60d5cda113890f5a87b553f1
abc011265feb9b06da5a0d3fbaa51034dc31a8db
9f431e2fe747886fc49da0d81cafa4e74d57f7974a0a26c43d17df88a65e1017

HTTP Headers

GET /KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH HTTP/1.1
Host: nztgp.idaefulpet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nztgp.idaefulpet.com/typsegra/
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IjVVOHBDMXFaWFRDcHlzTEJmaUVoMkE9PSIsInZhbHVlIjoiNm1NTy94bkJJYVVXWGg0QnVDRDZzMElxSTRXRnhCTmlFS2ZuRkdWeWpQYUdqakZhaWtvRGorWnhMcTVKaFdaK01LdDhSM1FVSUlIQVBlMHBLczJzLzVHTkdSWXhGUEhEeU9HTGhRbVlmODUzbkNoNklDZ2FDQ2Z6N2RYT05OYVMiLCJtYWMiOiJlNWUzMmVkYTUyODRkMjRiYTM2OWE1YWYyOWY1OWRiYzE1ZWM0ODc0OGNiMTAyMGIzZDJjZDFjOWI4MzkxYzRmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkluRG11ME9UWGIrNm8vQ1FEMkYwM0E9PSIsInZhbHVlIjoielBTVmQxNlhMODJEQU1xZGZuTUhidDQvN1VnSmUycUpKNndvbXRoUjZuTDZhOEg1RlVNRkdNQkpGVjB3c081V0lIVktQT0lRZ3FXR1FLRFlUT3YyRjloNkgrRXBUWVByWStXNHBNV2ZlNTdvY0ZHWVROS2xrNzUwcXRnRyt1cHYiLCJtYWMiOiI2N2EyMWU4NzZiOWE5ZTg4ZmI0ZjI2MTU3MjQzZjg5MDI4OGMyZDc1MzZjYzViZGMzMDYyNDdmOGM4MmUxMjc4IiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 29 Mar 2024 11:54:16 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kjxaZ4mBg9rzeWvkcz5Wq%2FSk9AOlHqshgfYMlZumVYAOAb59UtjD1aAL7WRC0pr1X81zzZZtqa6CiNn6qh%2F%2B%2Fl0j79ec30I6eOFDhn%2BuP5n2lMKrVt6VXIyCgrmt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6Ijl1REV5ajFFZktUWFRCd0ZtRkZjL0E9PSIsInZhbHVlIjoiUWZuUTJ6Qm1LQWNUdHp3YzBjOFpKWUJ4RUVqNVhKTENwSFNMcnJEMmdxekd3akdma3BtMHJta0wrZVhzV01nODFFVHB5MzBYTFh0TWIwREczUVBzN1FCWW5RK05yOHdSTGlTc2ZwUjhzNW93bWZZdUpoNHljbmJyN0V6Sy9lL1kiLCJtYWMiOiJmYmEwMTJmMzBkODcwNjJlMzViOTM2NzMwZDAxMjlkNTM2YmMxYWI2YmJmY2ViMGZjNzM1ODE3NzZkYWI5YzRmIiwidGFnIjoiIn0%3D; expires=Fri, 29-Mar-2024 13:54:16 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IjZHNTZ1aVVpNjY1ZjJkRVVmMVZLTFE9PSIsInZhbHVlIjoid0dxMnY2eFpOKy9GY09Gb3R4Z0pXTjErUUFsd28vMzJHY3dNNUticmhhZnBrRWdGNVRhVndza3FhRUZvcCtmLzNrRnlMdDF4UEJZb3BYSWdyNVRoWXJBcGREekh1TExGQTZwN0JsMjFFdnVsdklYeEtrQXdRbm9zeEVrZFNkVmQiLCJtYWMiOiI4ZmIyOTdmZjdiMTAwODI1ZmIxNGZiZTExYjFlNzE3MjQ3YmM3NDA1NjA3OGM2NjQyZGM1YTdhYTg2NGE1NTg4IiwidGFnIjoiIn0%3D; expires=Fri, 29-Mar-2024 13:54:16 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
server: cloudflare
cf-ray: 86bfaa0d3a017131-OSL
content-encoding: br

nztgp.idaefulpet.com/mno7UTDqWs6bBNb8EZ7v9ncMl694Z94wKi0pBV7Hznz56rvZoOGfoG1IZkSUiui4Noo6uv220

172.67.147.101

200 OK

1.9 kB

URL GET HTTP/3
nztgp.idaefulpet.com/mno7UTDqWs6bBNb8EZ7v9ncMl694Z94wKi0pBV7Hznz56rvZoOGfoG1IZkSUiui4Noo6uv220
IP
172.67.147.101:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Certificate
IssuerLet's Encrypt
Subjectidaefulpet.com
FingerprintEB:92:E7:76:C9:5E:A3:92:E3:A2:33:9C:05:88:CD:68:0E:FE:BC:8F
ValidityThu, 21 Mar 2024 12:19:22 GMT - Wed, 19 Jun 2024 12:19:21 GMT

File type
SVG Scalable Vector Graphics image
Size
1.9 kB (1864 bytes)
Hash
4b5c228b4faba433d06ec569ed855b2d
a7d3882b93e332460e7c59510a6a811ef011983f
eb19d76cd1fad39abf0f2778991883a5cf9ff560117ce8f7c64124e71471b4ed

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /mno7UTDqWs6bBNb8EZ7v9ncMl694Z94wKi0pBV7Hznz56rvZoOGfoG1IZkSUiui4Noo6uv220 HTTP/1.1
Host: nztgp.idaefulpet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Cookie: XSRF-TOKEN=eyJpdiI6Ijl1REV5ajFFZktUWFRCd0ZtRkZjL0E9PSIsInZhbHVlIjoiUWZuUTJ6Qm1LQWNUdHp3YzBjOFpKWUJ4RUVqNVhKTENwSFNMcnJEMmdxekd3akdma3BtMHJta0wrZVhzV01nODFFVHB5MzBYTFh0TWIwREczUVBzN1FCWW5RK05yOHdSTGlTc2ZwUjhzNW93bWZZdUpoNHljbmJyN0V6Sy9lL1kiLCJtYWMiOiJmYmEwMTJmMzBkODcwNjJlMzViOTM2NzMwZDAxMjlkNTM2YmMxYWI2YmJmY2ViMGZjNzM1ODE3NzZkYWI5YzRmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZHNTZ1aVVpNjY1ZjJkRVVmMVZLTFE9PSIsInZhbHVlIjoid0dxMnY2eFpOKy9GY09Gb3R4Z0pXTjErUUFsd28vMzJHY3dNNUticmhhZnBrRWdGNVRhVndza3FhRUZvcCtmLzNrRnlMdDF4UEJZb3BYSWdyNVRoWXJBcGREekh1TExGQTZwN0JsMjFFdnVsdklYeEtrQXdRbm9zeEVrZFNkVmQiLCJtYWMiOiI4ZmIyOTdmZjdiMTAwODI1ZmIxNGZiZTExYjFlNzE3MjQ3YmM3NDA1NjA3OGM2NjQyZGM1YTdhYTg2NGE1NTg4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 29 Mar 2024 11:54:17 GMT
content-type: image/svg+xml
content-disposition: inline; filename="mno7UTDqWs6bBNb8EZ7v9ncMl694Z94wKi0pBV7Hznz56rvZoOGfoG1IZkSUiui4Noo6uv220"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o%2Fl9rH5iMa9dDbQhZnZ0wRgFm6NwrZcj1MKU9BbrTApeqB1k18mCbBAT%2FmQuhd6IAhLWsOY2bs1E9oWaYQ5R8iIfISVqo1A6LalodQsWIYmtkByNsLs4%2FOzll%2B1R"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server: cloudflare
cf-ray: 86bfaa136efd7131-OSL
content-encoding: br

nztgp.idaefulpet.com/12W78iIiuh56n0hD6Uop50

172.67.147.101

200 OK

36 kB

URL GET HTTP/3
nztgp.idaefulpet.com/12W78iIiuh56n0hD6Uop50
IP
172.67.147.101:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Certificate
IssuerLet's Encrypt
Subjectidaefulpet.com
FingerprintEB:92:E7:76:C9:5E:A3:92:E3:A2:33:9C:05:88:CD:68:0E:FE:BC:8F
ValidityThu, 21 Mar 2024 12:19:22 GMT - Wed, 19 Jun 2024 12:19:21 GMT

File type
Web Open Font Format, TrueType, length 35970, version 1.0
Size
36 kB (35970 bytes)
Hash
496b7bbde91c7dc7cf9bbabbb3921da8
2bd3c406a715ab52dad84c803c55bf4a6e66a924
ae40a04f95df12b0c364f26ab691dc0c391d394a28bcdb4aeacfaca325d0a798

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /12W78iIiuh56n0hD6Uop50 HTTP/1.1
Host: nztgp.idaefulpet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Ijl1REV5ajFFZktUWFRCd0ZtRkZjL0E9PSIsInZhbHVlIjoiUWZuUTJ6Qm1LQWNUdHp3YzBjOFpKWUJ4RUVqNVhKTENwSFNMcnJEMmdxekd3akdma3BtMHJta0wrZVhzV01nODFFVHB5MzBYTFh0TWIwREczUVBzN1FCWW5RK05yOHdSTGlTc2ZwUjhzNW93bWZZdUpoNHljbmJyN0V6Sy9lL1kiLCJtYWMiOiJmYmEwMTJmMzBkODcwNjJlMzViOTM2NzMwZDAxMjlkNTM2YmMxYWI2YmJmY2ViMGZjNzM1ODE3NzZkYWI5YzRmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZHNTZ1aVVpNjY1ZjJkRVVmMVZLTFE9PSIsInZhbHVlIjoid0dxMnY2eFpOKy9GY09Gb3R4Z0pXTjErUUFsd28vMzJHY3dNNUticmhhZnBrRWdGNVRhVndza3FhRUZvcCtmLzNrRnlMdDF4UEJZb3BYSWdyNVRoWXJBcGREekh1TExGQTZwN0JsMjFFdnVsdklYeEtrQXdRbm9zeEVrZFNkVmQiLCJtYWMiOiI4ZmIyOTdmZjdiMTAwODI1ZmIxNGZiZTExYjFlNzE3MjQ3YmM3NDA1NjA3OGM2NjQyZGM1YTdhYTg2NGE1NTg4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 29 Mar 2024 11:54:17 GMT
content-type: font/woff
content-length: 35970
content-disposition: inline; filename="12W78iIiuh56n0hD6Uop50"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yLJvXA%2BzTAwi60xV0hp3FWL2%2BAok78%2BHafqQM6sx%2FjJv72CyFsAiCtZKW6yoeZd3mlvLip2H%2FJR4t8zjFuLJFdPkWVEmSf%2BALgTFqBlLfBle%2BssgVWtC0Cg6Yme3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server: cloudflare
cf-ray: 86bfaa10acb87131-OSL

nztgp.idaefulpet.com/cv7rEycb8rFsavEd58RxpWiIy9omZq9NuOBvrzxg2nzdPXJcZ5col9lrUCnNTJpel

172.67.147.101

200 OK

1 B

URL POST HTTP/3
nztgp.idaefulpet.com/cv7rEycb8rFsavEd58RxpWiIy9omZq9NuOBvrzxg2nzdPXJcZ5col9lrUCnNTJpel
IP
172.67.147.101:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Certificate
IssuerLet's Encrypt
Subjectidaefulpet.com
FingerprintEB:92:E7:76:C9:5E:A3:92:E3:A2:33:9C:05:88:CD:68:0E:FE:BC:8F
ValidityThu, 21 Mar 2024 12:19:22 GMT - Wed, 19 Jun 2024 12:19:21 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

POST /cv7rEycb8rFsavEd58RxpWiIy9omZq9NuOBvrzxg2nzdPXJcZ5col9lrUCnNTJpel HTTP/1.1
Host: nztgp.idaefulpet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 140
Origin: https://nztgp.idaefulpet.com
DNT: 1
Connection: keep-alive
Referer: https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Cookie: XSRF-TOKEN=eyJpdiI6IjZSMVZaMWFyekZDL2RCOEpMeUZFckE9PSIsInZhbHVlIjoiYXJOOWpMcDViNzkvSkVjNU5raWx4ZHFLcEJTSmQyRTFxMlJmeTVFWDVUTmZIdGI3bk9KME40dVJHY3ZUQkhJTFczMGJDTlp3QTVWblJybjVMU1dpYVR6UUlVNURPYzNoZ0FHL01GOHNGd1BudUZFVHJyK3ZsQlVXcVBJQ25rL1giLCJtYWMiOiIyNTM4YzY4M2RhMGU1NTNhOWYxMzZhZjdmMWIwZTYyOTcyOGYwZWVkZTRlMjczZGFhYTg3MTU0OGUyN2QxYThiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkVZcy9nbjEvTTRENjFwTVhlUzZVMVE9PSIsInZhbHVlIjoiZnkxS3dYVVpyc1dCY3NIZzZkRHJtR01pUjcwTUxRajlKSC9nZzk3ZFRWUm5hRkZBTkZFUFNQQUlETk4yR2hKOVphK2U1bXBEUEI2L2NlT3JNejZsK0licEQ3UmlUU2dGZk9lWUV4OUNiMUdVV0NndS9ZSFBaSW1JTGhsN0lzblYiLCJtYWMiOiI2NWRkZDBlZmQ1OWU0NjJmOWMzNGFlZGFmOGE4YTgyODgzYjY1YTI0M2E1NTBlMWE0NDRmNzk0NGUzYTA0MWMwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 29 Mar 2024 11:54:24 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xb4C34nzsYFU04kCd6Z2vsX0yNEuhd8fGj3zsDxdOO3L92cAFlACfCcBBVUfezKGg4VYMK5roo4QjKaDvtfvtazObrTegP1Tv0IVouTl054WWdp8GFB0KU7eCyU4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6IjdmWHhkVzlNUWt4eFZ6Y2dZMmRTS1E9PSIsInZhbHVlIjoiMERjZ09QS3pGN1FJc1c4QkUyTTFOVnYwcU0zWFc1NEpPNzBMWWUxSFRaVlhsaWlHVmhGZ2lHTmJ1RGF4T1FrU1BRV3JBc1dMb21URjZFZ2srMm11OWtKc0ZaZnYxSjVvdVB1d2krckNsRzZFVGNWWnMrM0YwNG13OU9IRDNQUFEiLCJtYWMiOiJhZDM4MjY3MWUyMWU3ZmZmMzU0OGVmNWMxNmUxZjJiNzgzODEwODRjZmMyYzNlNTg0MjJhMWE1NmQ5Yzg4ZGFkIiwidGFnIjoiIn0%3D; expires=Fri, 29-Mar-2024 13:54:23 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IkVsUkk2UnF5bFVVNHFWcnFaL1NLeFE9PSIsInZhbHVlIjoib1F4dFlaNndoWTNUU21rMWFXUmU5c2FWSEp4SXZ2MjlwSzJCcUV4b21kQnpxaXNqdGZmYTFSRnBBMDlUbjFJTUNaR2YrT0UwYnZhcGpRZ2dGaFBZVDFCdjVSMFYrUVFrZVZsS25PUUNlbHpwa1pJM2lZRGRSaGppRVYyYVp2aTQiLCJtYWMiOiI0ODc1M2FlMTgxYmM4YzdkNWVjNzE1ZDk5MDEwMmE0MmY0ZmRjNzc0YjA3YWU1NDUxNTgxYjQwM2Q1Zjc5OTJiIiwidGFnIjoiIn0%3D; expires=Fri, 29-Mar-2024 13:54:23 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
server: cloudflare
cf-ray: 86bfaa3ad9e97131-OSL
content-encoding: br

nztgp.idaefulpet.com/yzuolD7RP8wcqStYnx3CV75gmdPopaSF2esZ3UM0Vh9zaVm7N6K5Pab177

172.67.147.101

200 OK

2.9 kB

URL GET HTTP/3
nztgp.idaefulpet.com/yzuolD7RP8wcqStYnx3CV75gmdPopaSF2esZ3UM0Vh9zaVm7N6K5Pab177
IP
172.67.147.101:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Certificate
IssuerLet's Encrypt
Subjectidaefulpet.com
FingerprintEB:92:E7:76:C9:5E:A3:92:E3:A2:33:9C:05:88:CD:68:0E:FE:BC:8F
ValidityThu, 21 Mar 2024 12:19:22 GMT - Wed, 19 Jun 2024 12:19:21 GMT

File type
SVG Scalable Vector Graphics image
Size
2.9 kB (2905 bytes)
Hash
e924de0d471df54b6280f3dc8b187cb8
857f03226070b502a9e06b4249710ec10be4c9e9
24ce135a31ce83ac3d62471fcc0e1a82ce6f1533c993ee59ca4e110d5f2fae33

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /yzuolD7RP8wcqStYnx3CV75gmdPopaSF2esZ3UM0Vh9zaVm7N6K5Pab177 HTTP/1.1
Host: nztgp.idaefulpet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Cookie: XSRF-TOKEN=eyJpdiI6Ijl1REV5ajFFZktUWFRCd0ZtRkZjL0E9PSIsInZhbHVlIjoiUWZuUTJ6Qm1LQWNUdHp3YzBjOFpKWUJ4RUVqNVhKTENwSFNMcnJEMmdxekd3akdma3BtMHJta0wrZVhzV01nODFFVHB5MzBYTFh0TWIwREczUVBzN1FCWW5RK05yOHdSTGlTc2ZwUjhzNW93bWZZdUpoNHljbmJyN0V6Sy9lL1kiLCJtYWMiOiJmYmEwMTJmMzBkODcwNjJlMzViOTM2NzMwZDAxMjlkNTM2YmMxYWI2YmJmY2ViMGZjNzM1ODE3NzZkYWI5YzRmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZHNTZ1aVVpNjY1ZjJkRVVmMVZLTFE9PSIsInZhbHVlIjoid0dxMnY2eFpOKy9GY09Gb3R4Z0pXTjErUUFsd28vMzJHY3dNNUticmhhZnBrRWdGNVRhVndza3FhRUZvcCtmLzNrRnlMdDF4UEJZb3BYSWdyNVRoWXJBcGREekh1TExGQTZwN0JsMjFFdnVsdklYeEtrQXdRbm9zeEVrZFNkVmQiLCJtYWMiOiI4ZmIyOTdmZjdiMTAwODI1ZmIxNGZiZTExYjFlNzE3MjQ3YmM3NDA1NjA3OGM2NjQyZGM1YTdhYTg2NGE1NTg4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 29 Mar 2024 11:54:17 GMT
content-type: image/svg+xml
content-disposition: inline; filename="yzuolD7RP8wcqStYnx3CV75gmdPopaSF2esZ3UM0Vh9zaVm7N6K5Pab177"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NCn3wQ2TfQ4zY%2BgNaY4XmObTk3CXywmj46sFINT50T3emgSUDyVRTjc08kyRA1PIdqvNP7xZPbtbaxVMSPnmzpyfrQ68PkjUbkvnNfAnBQf3W6yAfMKVa0628g%2FY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server: cloudflare
cf-ray: 86bfaa10ccde7131-OSL
content-encoding: br

nztgp.idaefulpet.com/web6socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket

172.67.147.101

101 Switching Protocols

0 B

URL GET HTTP/1.1
nztgp.idaefulpet.com/web6socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket
IP
172.67.147.101:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Certificate
IssuerLet's Encrypt
Subjectidaefulpet.com
FingerprintEB:92:E7:76:C9:5E:A3:92:E3:A2:33:9C:05:88:CD:68:0E:FE:BC:8F
ValidityThu, 21 Mar 2024 12:19:22 GMT - Wed, 19 Jun 2024 12:19:21 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /web6socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket HTTP/1.1
Host: nztgp.idaefulpet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://nztgp.idaefulpet.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: VFkOeMyESq8tqSshkntq7g==
DNT: 1
Connection: keep-alive, Upgrade
Cookie: XSRF-TOKEN=eyJpdiI6Ijl1REV5ajFFZktUWFRCd0ZtRkZjL0E9PSIsInZhbHVlIjoiUWZuUTJ6Qm1LQWNUdHp3YzBjOFpKWUJ4RUVqNVhKTENwSFNMcnJEMmdxekd3akdma3BtMHJta0wrZVhzV01nODFFVHB5MzBYTFh0TWIwREczUVBzN1FCWW5RK05yOHdSTGlTc2ZwUjhzNW93bWZZdUpoNHljbmJyN0V6Sy9lL1kiLCJtYWMiOiJmYmEwMTJmMzBkODcwNjJlMzViOTM2NzMwZDAxMjlkNTM2YmMxYWI2YmJmY2ViMGZjNzM1ODE3NzZkYWI5YzRmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZHNTZ1aVVpNjY1ZjJkRVVmMVZLTFE9PSIsInZhbHVlIjoid0dxMnY2eFpOKy9GY09Gb3R4Z0pXTjErUUFsd28vMzJHY3dNNUticmhhZnBrRWdGNVRhVndza3FhRUZvcCtmLzNrRnlMdDF4UEJZb3BYSWdyNVRoWXJBcGREekh1TExGQTZwN0JsMjFFdnVsdklYeEtrQXdRbm9zeEVrZFNkVmQiLCJtYWMiOiI4ZmIyOTdmZjdiMTAwODI1ZmIxNGZiZTExYjFlNzE3MjQ3YmM3NDA1NjA3OGM2NjQyZGM1YTdhYTg2NGE1NTg4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Date: Fri, 29 Mar 2024 11:54:17 GMT
Connection: upgrade
Sec-WebSocket-Accept: F1OykudQEWimp2IxUoYwloJuKBg=
Upgrade: websocket
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q83GMQsjy7jSy8c9%2FDw3OEgPlzDmUgWYcjnmFjXGu3jj%2BFvlUJ8xhNWfhkAXwAOSSiJ8pMlunh7%2BXX5LTMbOmGsWubX28d1N7kLs6gwUIBJgOBk7MRYB9GgeQquZ02F%2BCYkb%2BfFN%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 86bfaa127f8156c5-OSL
alt-svc: h3=":443"; ma=86400

nztgp.idaefulpet.com/56cIpGfk2aMerArq2KIwyOklgL058OaO2n73089107

172.67.147.101

200 OK

108 kB

URL GET HTTP/3
nztgp.idaefulpet.com/56cIpGfk2aMerArq2KIwyOklgL058OaO2n73089107
IP
172.67.147.101:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Certificate
IssuerLet's Encrypt
Subjectidaefulpet.com
FingerprintEB:92:E7:76:C9:5E:A3:92:E3:A2:33:9C:05:88:CD:68:0E:FE:BC:8F
ValidityThu, 21 Mar 2024 12:19:22 GMT - Wed, 19 Jun 2024 12:19:21 GMT

File type

Size
108 kB (108270 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /56cIpGfk2aMerArq2KIwyOklgL058OaO2n73089107 HTTP/1.1
Host: nztgp.idaefulpet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Cookie: XSRF-TOKEN=eyJpdiI6Ijl1REV5ajFFZktUWFRCd0ZtRkZjL0E9PSIsInZhbHVlIjoiUWZuUTJ6Qm1LQWNUdHp3YzBjOFpKWUJ4RUVqNVhKTENwSFNMcnJEMmdxekd3akdma3BtMHJta0wrZVhzV01nODFFVHB5MzBYTFh0TWIwREczUVBzN1FCWW5RK05yOHdSTGlTc2ZwUjhzNW93bWZZdUpoNHljbmJyN0V6Sy9lL1kiLCJtYWMiOiJmYmEwMTJmMzBkODcwNjJlMzViOTM2NzMwZDAxMjlkNTM2YmMxYWI2YmJmY2ViMGZjNzM1ODE3NzZkYWI5YzRmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZHNTZ1aVVpNjY1ZjJkRVVmMVZLTFE9PSIsInZhbHVlIjoid0dxMnY2eFpOKy9GY09Gb3R4Z0pXTjErUUFsd28vMzJHY3dNNUticmhhZnBrRWdGNVRhVndza3FhRUZvcCtmLzNrRnlMdDF4UEJZb3BYSWdyNVRoWXJBcGREekh1TExGQTZwN0JsMjFFdnVsdklYeEtrQXdRbm9zeEVrZFNkVmQiLCJtYWMiOiI4ZmIyOTdmZjdiMTAwODI1ZmIxNGZiZTExYjFlNzE3MjQ3YmM3NDA1NjA3OGM2NjQyZGM1YTdhYTg2NGE1NTg4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 29 Mar 2024 11:54:17 GMT
content-type: application/javascript
content-disposition: inline; filename="56cIpGfk2aMerArq2KIwyOklgL058OaO2n73089107"
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9LrPawUHbndyGdah7wiPmrg9jS5FFhRPsny7nSMIU4LaTD8J9M6k%2BbjgDfw%2BDPkvJPXA27nJLH6rW6xzIq1oaWvZs6Qf5OvFnwBo%2F6aIdeCBYlI7uDMiUFSdrmgP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server: cloudflare
cf-ray: 86bfaa10dcee7131-OSL
content-encoding: br

nztgp.idaefulpet.com/cv7rEycb8rFsavEd58RxpWiIy9omZq9NuOBvrzxg2nzdPXJcZ5col9lrUCnNTJpel

172.67.147.101

200 OK

91 B

URL POST HTTP/3
nztgp.idaefulpet.com/cv7rEycb8rFsavEd58RxpWiIy9omZq9NuOBvrzxg2nzdPXJcZ5col9lrUCnNTJpel
IP
172.67.147.101:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Certificate
IssuerLet's Encrypt
Subjectidaefulpet.com
FingerprintEB:92:E7:76:C9:5E:A3:92:E3:A2:33:9C:05:88:CD:68:0E:FE:BC:8F
ValidityThu, 21 Mar 2024 12:19:22 GMT - Wed, 19 Jun 2024 12:19:21 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
91 B (91 bytes)
Hash
348478242d981ddc47795f90e6f89d2a
8f862536625baf2d0eb45d44acc9802c71df79e1
99691950fad5cb4b6df0bab904cc60d404840fe839c3614ffb841898ecdb3ddb

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

POST /cv7rEycb8rFsavEd58RxpWiIy9omZq9NuOBvrzxg2nzdPXJcZ5col9lrUCnNTJpel HTTP/1.1
Host: nztgp.idaefulpet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 33
Origin: https://nztgp.idaefulpet.com
DNT: 1
Connection: keep-alive
Referer: https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Cookie: XSRF-TOKEN=eyJpdiI6Ijl1REV5ajFFZktUWFRCd0ZtRkZjL0E9PSIsInZhbHVlIjoiUWZuUTJ6Qm1LQWNUdHp3YzBjOFpKWUJ4RUVqNVhKTENwSFNMcnJEMmdxekd3akdma3BtMHJta0wrZVhzV01nODFFVHB5MzBYTFh0TWIwREczUVBzN1FCWW5RK05yOHdSTGlTc2ZwUjhzNW93bWZZdUpoNHljbmJyN0V6Sy9lL1kiLCJtYWMiOiJmYmEwMTJmMzBkODcwNjJlMzViOTM2NzMwZDAxMjlkNTM2YmMxYWI2YmJmY2ViMGZjNzM1ODE3NzZkYWI5YzRmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZHNTZ1aVVpNjY1ZjJkRVVmMVZLTFE9PSIsInZhbHVlIjoid0dxMnY2eFpOKy9GY09Gb3R4Z0pXTjErUUFsd28vMzJHY3dNNUticmhhZnBrRWdGNVRhVndza3FhRUZvcCtmLzNrRnlMdDF4UEJZb3BYSWdyNVRoWXJBcGREekh1TExGQTZwN0JsMjFFdnVsdklYeEtrQXdRbm9zeEVrZFNkVmQiLCJtYWMiOiI4ZmIyOTdmZjdiMTAwODI1ZmIxNGZiZTExYjFlNzE3MjQ3YmM3NDA1NjA3OGM2NjQyZGM1YTdhYTg2NGE1NTg4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 29 Mar 2024 11:54:17 GMT
content-type: application/json
cache-control: no-cache, private
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=71tXBG3hl0Ih%2BlBu4kNtbrBhGmJhalbrpVEvkF9X0eaRExH0kZ0kPxPvMXg2b%2BoYKI9xQi0Vv%2FBQiyeQi4hLQyOHwSaU4lpL7CL6m2de3E77Lh554J%2BoGiYVOFuQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6ImN4RFFVSXBYbWpER2QzM2NHZUxmRkE9PSIsInZhbHVlIjoiRXpLeHBOeDFCZnhaVUZDK05SSlhWZzMxTHFPRzZWcUl0SVU4Rk9uNFBqcUdIb0srK280aDJ5VzFhUkNQUkdoeGw0OUgwN0NzSDIzY3JoTXh6cFhFeG1paHh0aXk1Y0p4R0hnNjZRYWp1d3p3NXBHZkpBeVBacXJ4NUwvQWl5RzciLCJtYWMiOiIzODE2Yzk4MjEwMjI0MTcyNzE5OWVmZmMwMDFhZjU0OGZlY2FiZjhjMjkyOGIxMTczZDIxYjdjNDc2NzcyMTk5IiwidGFnIjoiIn0%3D; expires=Fri, 29-Mar-2024 13:54:17 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IjllTWtWYUxKSSt6ajhFR0V4WW9WR1E9PSIsInZhbHVlIjoiYS9XdWxZZ0Zhb0Z3SlRJY1U3eHZqN3owNTRmZHQ2RFFlenRMYmZNbFlBSGhoRWpweHMxNVBvSVhxYWtHVldNcmhRR29EOEdNVExBNzN0VWdBc3M4S2hzQStmOFFld2hBVllQOXJZcXMxV1hGL3VzY3cxbW9id1ZpZmYvLytsbmEiLCJtYWMiOiI3YWVmNGFiMjQ1Y2FjYmE2ODA3YWVkNjk1NTI0MzVhNjFkN2YxMTIwOGNlZDM5Mjc5NzJhMTNiYWM4NDEyYmE0IiwidGFnIjoiIn0%3D; expires=Fri, 29-Mar-2024 13:54:17 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
server: cloudflare
cf-ray: 86bfaa11fdc67131-OSL
content-encoding: br

www.google.com/recaptcha/api.js

142.250.74.132

200 OK

850 B

URL GET HTTP/2
www.google.com/recaptcha/api.js
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
https://nztgp.idaefulpet.com/KbjZsfQXyLwktzWxVjMzPWFYPNMQpHZXXCJTIXFQAQYKHZUPXWSJRQ?294783239212348315780988xpdOZAMoSRETKGJNWYYGCRUMRFBMLVGKGPHDDZLYFPRUMKYGEPPHCAH
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
Fingerprint32:A3:19:7A:6B:D5:C7:5E:CA:7C:C8:08:79:14:56:FD:FC:3E:06:F0
ValidityMon, 26 Feb 2024 08:18:59 GMT - Mon, 20 May 2024 08:18:58 GMT

File type
JavaScript source, ASCII text, with very long lines (850), with no line terminators
Size
850 B (850 bytes)
Hash
a0b2d07fa8cb78d8057423360e2b5843
df34550dcf9a4b220bf79330937fe2d6612b8700
ed504324f919ac243bf232dec1b6980738df27a04304a8c10098b198681044b3

HTTP Headers

GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nztgp.idaefulpet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Fri, 29 Mar 2024 11:54:17 GMT
date: Fri, 29 Mar 2024 11:54:17 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (23)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash