Report - ggtr.boeing.nossosupermercado.com/amFuZW5lLmNvbGxpbnNAYm9laW5nLmNvbQ==

Report Overview

Visited public
2023-08-20 22:40:41
Tags
URL
ggtr.boeing.nossosupermercado.com/amFuZW5lLmNvbGxpbnNAYm9laW5nLmNvbQ==
Finishing URL
ec84aa11.8cee889d1b0798bb607fe91c.workers.dev/?qrc=janene.collins@boeing.com
IP / ASN
108.167.132.174
#46606 UNIFIEDLAYER-AS-1
Title
ec84aa11.8cee889d1b0798bb607fe91c.workers.dev/?qrc=janene.collins@boeing.com

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ec84aa11.8cee889d1b0798bb607fe91c.workers.dev	unknown	2019-02-08	2023-07-28 20:46:56	2023-08-20 23:13:12	1.3 kB	4.7 kB	172.67.179.87
ggtr.boeing.nossosupermercado.com	unknown	2012-10-27	2023-08-14 11:36:23	2023-08-14 23:04:31	442 B	1.5 kB	108.167.132.174
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20 07:02:03	2023-08-20 18:41:59	809 B	3.5 kB	104.17.3.184

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-08-14	medium	ggtr.boeing.nossosupermercado.com/	Office365
2023-08-14	medium	ec84aa11.8cee889d1b0798bb607fe91c.workers.dev/	Office365
2023-08-14	medium	ec84aa11.8cee889d1b0798bb607fe91c.workers.dev/	Office365

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (3)

		Size	First Seen	Last Seen
	#1 Eval - 9e925e9341b490bfd3b4c4ca3b0c1ef2	4 B	2023-03-07 01:03	2025-05-25 04:58
Pretty Observations First Seen2023-03-07 01:03 Last Seen2025-05-25 04:58 Times Seen371004 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	#2 Eval - f674f2803c680f2673d0738966ba09cf	1.9 kB	2024-08-21 08:21	2024-08-21 08:21
Pretty Observations First Seen2024-08-21 08:21 Last Seen2024-08-21 08:21 Times Seen1 Hash f674f2803c680f2673d0738966ba09cf 41d5e423dcb5f246bc7647284d24c9b0ecb6c4c4 4e7ac735f4a4ff85b859993c635c22a7c8585dc314a4384f2841beabdd934b42 Loading...

		Size	First Seen	Last Seen
	#1 Write - bf6d8993bd45b3f22f12b81da47f8bc6	3.6 kB	2023-08-16 12:05	2024-08-21 08:36
Pretty Observations First Seen2023-08-16 12:05 Last Seen2024-08-21 08:36 Times Seen2609 Hash bf6d8993bd45b3f22f12b81da47f8bc6 93010ad068ab338fdb8a4c489d7d0715911e6278 bc4d17d30d824e3e9b6592bacbe1461cb4716098f887f635fb265a278a80bec5 Loading...

HTTP Transactions (4)

URL IP Response Size

ggtr.boeing.nossosupermercado.com/amFuZW5lLmNvbGxpbnNAYm9laW5nLmNvbQ==

108.167.132.174

1.2 kB

URL
ggtr.boeing.nossosupermercado.com/amFuZW5lLmNvbGxpbnNAYm9laW5nLmNvbQ==
IP
108.167.132.174:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1753), with CRLF line terminators
Size
1.2 kB (1224 bytes)
Hash
d62fe6123002bfec64e7f7571a8c06a4
1139d3613f36dd882e7dba32898e0c38a161cac0
8b3415fd7267079de2e0185f2653cde8b6fafec26473c82653476913653889c6

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Office365

HTTP Headers

GET /amFuZW5lLmNvbGxpbnNAYm9laW5nLmNvbQ== HTTP/1.1
Host: ggtr.boeing.nossosupermercado.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 20 Aug 2023 22:40:25 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1224
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1975552908:1692569506:De8Ue96L5f42pXyujEnQrKDLZHF-oiYgE7D0-mAqq74/7f9e2352dba40afa/17a6b368397d422

104.17.3.184

2.9 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1975552908:1692569506:De8Ue96L5f42pXyujEnQrKDLZHF-oiYgE7D0-mAqq74/7f9e2352dba40afa/17a6b368397d422
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (3576), with no line terminators
Size
2.9 kB (2933 bytes)
Hash
9d635f57915dd57a1706bd937bb38a2c
1a3c8ee025964ace56b6926590dadec320c53f06
88a7a1b9fa3ff877f0c8c30b493bff10a40879e0977b3a5f4114391549dabc6e

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1975552908:1692569506:De8Ue96L5f42pXyujEnQrKDLZHF-oiYgE7D0-mAqq74/7f9e2352dba40afa/17a6b368397d422 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/tcz09/0x4AAAAAAAH8vrbqx2dBgx3b/auto/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 17a6b368397d422
Content-Length: 24250
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 20 Aug 2023 22:40:28 GMT
content-type: text/html; charset=UTF-8
cf-chl-out: AJzDHplUnqfzr56UzcdmNGKGUFUxVDd+0Or0fLijm2E1H+5phUMroeb6PjblF8XM0HSaBq6dynnSinccFeDdodzLYqv3qfjC9/NboCQqXMI+3wV1uH28f4v/sW1mylfs$fESVC4FI7kubagKcAG5JcA==
cf-chl-out-s: zaTKpuRcuxtM++ZusCY4zPDXw9N6g1Pcw75DNlDzc+L1nIKea1EnTO5qTXPsE+1vOMBdgyRuav4v7UrR/KPe6nVEUXk2OYLkAPSC8uc24E1Mq0ZTUIsPx9cWPS9iSNfQQKsgdpfhRJ1J0fa14z0zRtYgZezsv1xH7FBn8W64RKoHggbvwXYbWylilZM0Zx8j$KwVWenr2A8L4zT4ZlY39sg==
server: cloudflare
cf-ray: 7f9e23603aca0afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ec84aa11.8cee889d1b0798bb607fe91c.workers.dev/?qrc=janene.collins@boeing.com

172.67.179.87

500 Internal Server Error

221 B

URL User Request POST HTTP/3
ec84aa11.8cee889d1b0798bb607fe91c.workers.dev/?qrc=janene.collins@boeing.com
IP
172.67.179.87:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subject8cee889d1b0798bb607fe91c.workers.dev
FingerprintE5:FE:B8:CF:0E:C3:A5:8B:2C:75:8C:3C:85:D7:1C:F8:E6:D2:94:4B
ValidityThu, 27 Jul 2023 15:53:39 GMT - Wed, 25 Oct 2023 15:53:38 GMT

File type
ASCII text, with no line terminators
Size
221 B (221 bytes)
Hash
a7ec14cb6794b786dccccbc27dcd30e1
a8bb8501489e7e13f7fc6526c26809ecee9b742e
79ae2b25b950c6ed9a957f7fe8976254abb9405337ada252509eac12d72f4692

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Office365

HTTP Headers

POST /?qrc=janene.collins@boeing.com HTTP/1.1
Host: ec84aa11.8cee889d1b0798bb607fe91c.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 603
Origin: https://ec84aa11.8cee889d1b0798bb607fe91c.workers.dev
DNT: 1
Connection: keep-alive
Referer: https://ec84aa11.8cee889d1b0798bb607fe91c.workers.dev/?qrc=janene.collins@boeing.com
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 500 Internal Server Error
date: Sun, 20 Aug 2023 22:40:28 GMT
content-type: text/plain;charset=UTF-8
content-length: 221
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CbD4sEk24BqZEs12nIceRPnn9ifMmPrWhPEUe8HKSH5hHIjwfuAZ4UmYyFrJ%2FNP11PaR3VaDF333o7NxdvUUX639%2B8jS%2FMVv%2FxowX1X9txzdKN7lsN5%2B49BA9HLwNqgbeDCjOzzvkEoceRapGBIzjra8dw4dI8GBc176BhtJcbM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7f9e2360c93ab527-OSL
alt-svc: h3=":443"; ma=86400

ec84aa11.8cee889d1b0798bb607fe91c.workers.dev/favicon.ico

172.67.179.87

200 OK

3.3 kB

URL GET HTTP/3
ec84aa11.8cee889d1b0798bb607fe91c.workers.dev/favicon.ico
IP
172.67.179.87:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ec84aa11.8cee889d1b0798bb607fe91c.workers.dev/?qrc=janene.collins@boeing.com
Certificate
IssuerGoogle Trust Services LLC
Subject8cee889d1b0798bb607fe91c.workers.dev
FingerprintE5:FE:B8:CF:0E:C3:A5:8B:2C:75:8C:3C:85:D7:1C:F8:E6:D2:94:4B
ValidityThu, 27 Jul 2023 15:53:39 GMT - Wed, 25 Oct 2023 15:53:38 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3271), with no line terminators
Size
3.3 kB (3255 bytes)
Hash
8f20d2a78fedee5b9e4d1209dc87f9d6
13e8d55549bfaaa4357bb33fb9224cdb397b4e5b
5e851ad68e55a13a9150a3b56510cbfb8468780fddc49ad63a21656522375d52

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Office365

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ec84aa11.8cee889d1b0798bb607fe91c.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ec84aa11.8cee889d1b0798bb607fe91c.workers.dev/?qrc=janene.collins@boeing.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Aug 2023 22:40:28 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8CkUsqffwfewZehRKYVqRkbaSJtSZca%2BUSF9vh9EMco%2BlCg5omzaIRU50KIJQgu8QBEiQ0syY8VAPP75C71OUAqSwwkhzSGHFtrjz0ww2r6BaJPIDWHf7acLTCcIV9MQSdCtWE14Wgbu7l%2B7IC3Iv2dxnxmi6mQgz6qo1pdEpBc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7f9e2363dc82b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (4)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request POST HTTP/3

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers