rides.sng.link/Aw5zn/ernw?_dl=uber://family?id=0&_fallback_redirect=https://bbuworldnews.com/invest/ment/fcg/8888/c2NoaGFicmFAY2FtYnJpZGdlYXNzb2NpYXRlcy5jb20=
23.36.77.25 190 B URL rides.sng.link/Aw5zn/ernw?_dl=uber://family?id=0&_fallback_redirect=https://bbuworldnews.com/invest/ment/fcg/8888/c2NoaGFicmFAY2FtYnJpZGdlYXNzb2NpYXRlcy5jb20=
IP 23.36.77.25:0
ASN #20940 Akamai International B.V.
File type HTML document, ASCII text
Hash 66aab5e3f39fec67129857db7efba58e
8d796e6b54a19128ca1e7973a58b88b87c7135d1
8c0cecc89dd4d820894477895c4c1a254d00eea373ca20953facdbad80c5dc5b
GET /Aw5zn/ernw?_dl=uber://family?id=0&_fallback_redirect=https://bbuworldnews.com/invest/ment/fcg/8888/c2NoaGFicmFAY2FtYnJpZGdlYXNzb2NpYXRlcy5jb20= HTTP/1.1
Host: rides.sng.link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: text/html; charset=utf-8
content-length: 190
content-encoding: gzip
location: https://bbuworldnews.com/invest/ment/fcg/8888/c2NoaGFicmFAY2FtYnJpZGdlYXNzb2NpYXRlcy5jb20=?referrer=singular_click_id%3D808efb75-bf7a-4dd6-9d7e-3a8ce398b53d
vary: Accept-Encoding
expires: Mon, 04 Dec 2023 21:55:20 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Mon, 04 Dec 2023 21:55:20 GMT
X-Firefox-Spdy: h2
bbuworldnews.com/invest/ment/fcg/8888/c2NoaGFicmFAY2FtYnJpZGdlYXNzb2NpYXRlcy5jb20=?referrer=singular_click_id%3D808efb75-bf7a-4dd6-9d7e-3a8ce398b53d
66.29.133.140 1 B URL bbuworldnews.com/invest/ment/fcg/8888/c2NoaGFicmFAY2FtYnJpZGdlYXNzb2NpYXRlcy5jb20=?referrer=singular_click_id%3D808efb75-bf7a-4dd6-9d7e-3a8ce398b53d
IP 66.29.133.140:0
File type very short file (no magic)
Hash eccbc87e4b5ce2fe28308fd9f2a7baf3
77de68daecd823babbb58edb1c8e14d7106e83bb
4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
GET /invest/ment/fcg/8888/c2NoaGFicmFAY2FtYnJpZGdlYXNzb2NpYXRlcy5jb20=?referrer=singular_click_id%3D808efb75-bf7a-4dd6-9d7e-3a8ce398b53d HTTP/1.1
Host: bbuworldnews.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:55:20 GMT
Server: Apache
refresh: 0;url=https://8f124429.80cf8ce748a459f846ab8ace.workers.dev/?qrc=schhabra@cambridgeassociates.com
Vary: Accept-Encoding
Content-Encoding: br
Content-Length: 1
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/83074b0bda6c56c7/1701726921930/AfeuI35QVO6SUyx
104.17.2.184200 OK 61 B URL GET HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/83074b0bda6c56c7/1701726921930/AfeuI35QVO6SUyx
IP 104.17.2.184:443
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/yy71v/0x4AAAAAAAOFStlPd6aD4rz7/auto/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File type PNG image data, 39 x 34, 8-bit/color RGB, non-interlaced\012- data
Hash bcf4172b33ca660b778aaa5c4c845612
4728a365ac7051cce4af88bfc931e332cba2bbb1
af24083537011febc000be2c9abdd1ec7d5361afee0243c6746b678f64d8c50a
GET /cdn-cgi/challenge-platform/h/b/i/83074b0bda6c56c7/1701726921930/AfeuI35QVO6SUyx HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/yy71v/0x4AAAAAAAOFStlPd6aD4rz7/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 04 Dec 2023 21:55:23 GMT
content-type: image/png
server: cloudflare
cf-ray: 83074b18ff0e56c7-OSL
alt-svc: h3=":443"; ma=86400
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1491664446:1701724191:z39XOsTLWgZPmx1O4g9en4Or8ZbUrYAQg3dS_YLBsr8/83074b0bda6c56c7/510542b493ba143
104.17.2.184200 OK 18 kB URL POST HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1491664446:1701724191:z39XOsTLWgZPmx1O4g9en4Or8ZbUrYAQg3dS_YLBsr8/83074b0bda6c56c7/510542b493ba143
IP 104.17.2.184:443
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/yy71v/0x4AAAAAAAOFStlPd6aD4rz7/auto/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File type ASCII text, with very long lines (17856), with no line terminators
Hash d03830a73ad334afa798feb9e5739f95
375a11f3798b837d1299da4c9db5de19e7a294be
e14b715c0ff15002f345a65e81cb13c6a7dadf609914eb86812d53de52916ed6
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1491664446:1701724191:z39XOsTLWgZPmx1O4g9en4Or8ZbUrYAQg3dS_YLBsr8/83074b0bda6c56c7/510542b493ba143 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/yy71v/0x4AAAAAAAOFStlPd6aD4rz7/auto/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 510542b493ba143
Content-Length: 25257
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 04 Dec 2023 21:55:23 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: SrAyqDBVC+JhRJKRdXqzp7QfIaluAiJbidbaCk1p76piBRBRH5tGoljf9gLCQJEe$J9XapWGe73n/+pdfo0zAFQ==
server: cloudflare
cf-ray: 83074b19f81a56c7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/yy71v/0x4AAAAAAAOFStlPd6aD4rz7/auto/normal
104.17.2.184200 OK 73 kB URL GET HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/yy71v/0x4AAAAAAAOFStlPd6aD4rz7/auto/normal
IP 104.17.2.184:443
Requested by https://8f124429.80cf8ce748a459f846ab8ace.workers.dev/?qrc=schhabra@cambridgeassociates.com
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (40091)
Hash 6487d644c691563509879436edafeafb
fa49bd50a01374012b2c9ba826bc658917ebbe6b
96d106a14bb17e7d6e36caa3d58e87c7ea4b50ebd80eeb249f1d94e3b1a9f232
GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/yy71v/0x4AAAAAAAOFStlPd6aD4rz7/auto/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8f124429.80cf8ce748a459f846ab8ace.workers.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 04 Dec 2023 21:55:21 GMT
content-type: text/html; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
document-policy: js-profiling
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare
cf-ray: 83074b0bda6c56c7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=83074b0bda6c56c7
104.17.2.184200 OK 181 kB URL GET HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=83074b0bda6c56c7
IP 104.17.2.184:443
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/yy71v/0x4AAAAAAAOFStlPd6aD4rz7/auto/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 181 kB (181313 bytes)
Hash 20c242b0334c7ba0d94ba1251fd3fec2
57328642f174dc65fbc2a7e4279b5f85390ee318
de6171b9ffe3cc37127c26ac14227b7717f40b5a04f56ee73ef3b0445599fa97
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=83074b0bda6c56c7 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/yy71v/0x4AAAAAAAOFStlPd6aD4rz7/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 04 Dec 2023 21:55:21 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
server: cloudflare
cf-ray: 83074b0c5afc56c7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
challenges.cloudflare.com/turnstile/v0/b/56d3063b/api.js?onload=onloadTurnstileCallback
104.17.2.184200 OK 34 kB URL GET HTTP/3 challenges.cloudflare.com/turnstile/v0/b/56d3063b/api.js?onload=onloadTurnstileCallback
IP 104.17.2.184:443
Requested by https://8f124429.80cf8ce748a459f846ab8ace.workers.dev/?qrc=schhabra@cambridgeassociates.com
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File type ASCII text, with very long lines (33875)
Hash 8c90f391245a994ae95e644a587c8626
7bfc99336571d0ccfe38f9e1d18cb26b4adfc316
acbe221d9bb71e85d0a3b52a7a9d44ee4669ab664186b32d0c737a2be62681e7
GET /turnstile/v0/b/56d3063b/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://8f124429.80cf8ce748a459f846ab8ace.workers.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 04 Dec 2023 21:55:21 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Accept-Encoding
server: cloudflare
cf-ray: 83074b0b09db56c7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
8f124429.80cf8ce748a459f846ab8ace.workers.dev/favicon.ico
172.67.176.157200 OK 3.3 kB URL GET HTTP/3 8f124429.80cf8ce748a459f846ab8ace.workers.dev/favicon.ico
IP 172.67.176.157:443
Requested by https://8f124429.80cf8ce748a459f846ab8ace.workers.dev/?qrc=schhabra@cambridgeassociates.com
Certificate IssuerLet's Encrypt
Subject80cf8ce748a459f846ab8ace.workers.dev
FingerprintC6:55:6D:05:E2:11:9B:20:5A:59:67:72:6E:2A:32:82:F8:48:C0:8D
ValidityWed, 29 Nov 2023 17:47:07 GMT - Tue, 27 Feb 2024 17:47:06 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3271), with no line terminators
Hash 2baa823b51a9a64cb282f9cde9eaffea
b56dba985cedba7b420cb031faeb14d4b1d4ddc7
8267389338022cf6aef68cfd9d235ed25405c4a333245874ac8ff90b55cb5051
GET /favicon.ico HTTP/1.1
Host: 8f124429.80cf8ce748a459f846ab8ace.workers.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8f124429.80cf8ce748a459f846ab8ace.workers.dev/?qrc=schhabra@cambridgeassociates.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 04 Dec 2023 21:55:21 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LPy8NtsnUxw5GlmMZSvtFSwisbA9oqYDBmUzlWxxehJHellKgWU%2FE0cAChNzH6OdsWHt%2F%2BqILTsCMjlKU2Hr3mrg1XDLqGEoqmDIur3dWDjibctsv0lguigRCUHua990h89QejLRgqSE28QvjDvAKkPGl5EVj4rBUAr2Y6yedxI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 83074b0bba610afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/ew4g0I%2FZYomJh1e75pupA0WLfHDXy%2FQKEyLTEDfnNN8%3D
104.17.2.184200 OK 61 B URL GET HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/ew4g0I%2FZYomJh1e75pupA0WLfHDXy%2FQKEyLTEDfnNN8%3D
IP 104.17.2.184:443
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/yy71v/0x4AAAAAAAOFStlPd6aD4rz7/auto/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File type PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced\012- data
Hash 9246cca8fc3c00f50035f28e9f6b7f7d
3aa538440f70873b574f40cd793060f53ec17a5d
c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84
GET /cdn-cgi/challenge-platform/h/b/cmg/1/ew4g0I%2FZYomJh1e75pupA0WLfHDXy%2FQKEyLTEDfnNN8%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/yy71v/0x4AAAAAAAOFStlPd6aD4rz7/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 04 Dec 2023 21:55:21 GMT
content-type: image/png
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 83074b0c5af356c7-OSL
alt-svc: h3=":443"; ma=86400
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/83074b0bda6c56c7/1701726921927/34d80639d6309257f01b3be8466d4e8bacb2e339630a9f430a0b25bb90f5b55b/DvLTIj90aFobCGh
104.17.2.184401 Unauthorized 1 B URL GET HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/83074b0bda6c56c7/1701726921927/34d80639d6309257f01b3be8466d4e8bacb2e339630a9f430a0b25bb90f5b55b/DvLTIj90aFobCGh
IP 104.17.2.184:443
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/yy71v/0x4AAAAAAAOFStlPd6aD4rz7/auto/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File type very short file (no magic)
Hash ff44570aca8241914870afbc310cdb85
58668e7669fd564d99db5d581fcdb6a5618440b5
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5
GET /cdn-cgi/challenge-platform/h/b/pat/83074b0bda6c56c7/1701726921927/34d80639d6309257f01b3be8466d4e8bacb2e339630a9f430a0b25bb90f5b55b/DvLTIj90aFobCGh HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/yy71v/0x4AAAAAAAOFStlPd6aD4rz7/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 401 Unauthorized
date: Mon, 04 Dec 2023 21:55:23 GMT
content-type: text/plain; charset=UTF-8
www-authenticate: PrivateToken challenge=AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gNNgGOdYwklfwGzvoRm1Oi6yy4zljCp9DCgslu5D1tVsAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=, token-key=MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEApsOXvs4inomvHEEJWeAmbewj10vTdOMUJh5YooYpzkcTFx8O1fGckZDmN__WSsDanz_dK-uZ_ETYKIumajyX7F3zXM4AXeZC2iYL_e3-Pi1TmaGIMJZdPWVVC9cf8AFwX7fRkcgCHxky-BRBi2T8ry--e2NK119BZC3f1t7LwQTVpP1LL3UYxZNFWJTGISYzuWNO5NvmWgGr2V4bint7BqWVsBG5VguykSCXBQX0WyMxge5W5z-tspRPjpXtc35sgdq737t6ATIZ2BVH0nyYaECjgMbN-BY6w9Y_jz03Ce0StP3YSZijpo1lfW2_lIX3SvsNX-SYCOkZ-9685ZUBSQIDAQAB, max-age=20, PrivateToken challenge=AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tIDTYBjnWMJJX8Bs76EZtToussuM5YwqfQwoLJbuQ9bVbABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t, token-key=MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAyAcIyqXWj0XAym0z5V844rFA0WOzLVwj0uCwmVj6zC4qOH40oBiGHrMNMBnDyk95jvnBAuHeEs855e7nA4l4DPJ4jUWKZbua8BxGAzjn74A1BV81a52F1zvBPUm-VEJXPAPXQehXphSv51uR7HKtfcM5oaS33TGDSy-6xv0r84xjMuTBvwPgXGehxpi1MCGGE5yWkzKN5Zzllk7m6Nkiv6learV-Uz7tzaoPbdZkBk1bFXxm2q07jWavoBZ-JEuEJyjQ00PSTz2Zjpbct6AlR3eCS9sbmXtb5XxSs7JMsvoa8uojD7a5m2SEJIwaf8xKL6wtxkaPonUfvsLj4JoJZQIDAQAB, max-age=20
server: cloudflare
cf-ray: 83074b171d4f56c7-OSL
alt-svc: h3=":443"; ma=86400
8f124429.80cf8ce748a459f846ab8ace.workers.dev/?qrc=schhabra@cambridgeassociates.com
172.67.176.157200 OK 3.3 kB URL User Request GET HTTP/2 8f124429.80cf8ce748a459f846ab8ace.workers.dev/?qrc=schhabra@cambridgeassociates.com
IP 172.67.176.157:443
Certificate IssuerLet's Encrypt
Subject80cf8ce748a459f846ab8ace.workers.dev
FingerprintC6:55:6D:05:E2:11:9B:20:5A:59:67:72:6E:2A:32:82:F8:48:C0:8D
ValidityWed, 29 Nov 2023 17:47:07 GMT - Tue, 27 Feb 2024 17:47:06 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3271), with no line terminators
Hash 2baa823b51a9a64cb282f9cde9eaffea
b56dba985cedba7b420cb031faeb14d4b1d4ddc7
8267389338022cf6aef68cfd9d235ed25405c4a333245874ac8ff90b55cb5051
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
GET /?qrc=schhabra@cambridgeassociates.com HTTP/1.1
Host: 8f124429.80cf8ce748a459f846ab8ace.workers.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 21:55:21 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PAJGaS%2BFFY15lmic4g1ZbLSIDusoXqeW0%2BVHB6AO42obSrLoXoreU9vjCmtUmvmflwnHG93VJITg9wjllfXPkKOJ2Cj4wm9b7uLVfRYToeFci7RXjQPHYiR0iMTXUUyj5%2FrBJ0D1iILaYarLkKh8L5OuR8dt4lfRF5ciDt8Ifp0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 83074b0a0b1c56c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
104.17.2.184302 Found 34 kB URL GET HTTP/2 challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
IP 104.17.2.184:443
Requested by https://8f124429.80cf8ce748a459f846ab8ace.workers.dev/?qrc=schhabra@cambridgeassociates.com
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8f124429.80cf8ce748a459f846ab8ace.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Mon, 04 Dec 2023 21:55:21 GMT
access-control-allow-origin: *
location: /turnstile/v0/b/56d3063b/api.js?onload=onloadTurnstileCallback
cache-control: max-age=300, public
vary: accept-encoding
server: cloudflare
cf-ray: 83074b0ac9b7067b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1491664446:1701724191:z39XOsTLWgZPmx1O4g9en4Or8ZbUrYAQg3dS_YLBsr8/83074b0bda6c56c7/510542b493ba143
104.17.2.184200 OK 134 kB URL POST HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1491664446:1701724191:z39XOsTLWgZPmx1O4g9en4Or8ZbUrYAQg3dS_YLBsr8/83074b0bda6c56c7/510542b493ba143
IP 104.17.2.184:443
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/yy71v/0x4AAAAAAAOFStlPd6aD4rz7/auto/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 134 kB (133472 bytes)
Hash 906cd8f258d59ac7de3b9699fad7a73b
5ac59648dc42ef84417e5e9897b45403a08f7588
2e6151ef57f36c1346ea280d9d3c466ba53317e71e0cef9587ff815faa77c4e1
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1491664446:1701724191:z39XOsTLWgZPmx1O4g9en4Or8ZbUrYAQg3dS_YLBsr8/83074b0bda6c56c7/510542b493ba143 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/yy71v/0x4AAAAAAAOFStlPd6aD4rz7/auto/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 510542b493ba143
Content-Length: 2516
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 04 Dec 2023 21:55:21 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: zl3ogVEMRxu3uM+eDOdj38GZ4rDS0WYIGN1TRohmaHyDqigX9W7+NogFdo2JgjpEqo4rB/71HbzykMmGwTp+5DJcyn/kmGC9gY6vzhknxR563fWt+eRVMprx7mzAbOPd105p16kiDPi4g6eiQZIG69K7ptB5NGC39ZSsC7CvDLUuNIorb0AqVZDZCfvS9gLt29aB0DlYMue8H5XMAxnUzVjJ1s44f10mMZevgNAOzCT4xg5o4gNjLkzes9/p/48piz+BvwsMDGYR+Ef1gY8XJAfzTzaeLlCXgvPeXTPSgauB65CWjzfJIHOkI9gBnhElecP0XQwaSOmy5i0y5jHFqNZ4xAM9kjz+jzAeL8aXYAF2Pu35JrSURoN6a33OleBBSpI2T/dTVacDK9IOXi1k0C3gVHah+oTg8D/FJjqiZObYSHX398skjKh0LL9kyLpoEIUelCF05y0TuZRr9Icog62y+HeUzu+b+KemMGRrH3c=$1O2HTYV69adwqz7p4NPu4A==
server: cloudflare
cf-ray: 83074b0dfc0b56c7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400