Report - a1mw.com/wp-includes/new/auth/67hnqf/ZGF2aWQubWNpbnRvc2hAbW1idWlsZGluZ3MuY29t

Report Overview

Visited public
2023-10-04 17:31:50
Tags
phishing microsoft outlook
URL
a1mw.com/wp-includes/new/auth/67hnqf/ZGF2aWQubWNpbnRvc2hAbW1idWlsZGluZ3MuY29t
Finishing URL
92pzu3gvs7925m9zy0n7.3pu9qgs.ru/1sx9/#david.mcintosh@mmbuildings.com
IP / ASN
41.190.93.254
#37187 SKYBAND
Title
92pzu3gvs7925m9zy0n7.3pu9qgs.ru/1sx9/#david.mcintosh@mmbuildings.com
Phishing - Microsoft Outlook

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
92pzu3gvs7925m9zy0n7.3pu9qgs.ru	unknown	2023-09-21	2023-09-22 15:01:13	2023-10-03 11:08:54	2.6 kB	26 kB	104.21.64.5
a1mw.com	unknown	2011-10-19	2022-07-09 05:13:57	2023-10-04 19:11:10	533 B	278 B	41.190.93.254
cdn.jsdelivr.net	439	2012-05-16	2012-09-30 02:15:09	2023-10-03 18:12:17	469 B	26 kB	151.101.65.229
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20 07:02:03	2023-10-03 21:35:05	2.7 kB	265 kB	104.17.3.184

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (12)

	URL	From	Size	First Seen	Last Seen
	data:text/javascript;base64,ZG9jdW1lbnQud3JpdGUoZGVjb2RlVVJJQ29tcG9uZW50KGVzY2FwZShhdG9iKGRvY3VtZW50LnF1ZXJ5U2VsZWN0b3IoImh0bWwiKS5nZXRBdHRyaWJ1dGUoInZhbHVlIikpKSkpO1dET3ZmT1NYaElWa2NuVXJSc1RJPSJSZWRGblFnSnVqbEFPeWF3Z1lySyI7	ScriptElement	147 B	2024-08-21	2024-08-21
Pretty URL data:text/javascript;base64,ZG9jdW1lbnQud3JpdGUoZGVjb2RlVVJJQ29tcG9uZW50KGVzY2FwZShhdG9iKGRvY3VtZW50LnF1ZXJ5U2VsZWN0b3IoImh0bWwiKS5nZXRBdHRyaWJ1dGUoInZhbHVlIikpKSkpO1dET3ZmT1NYaElWa2NuVXJSc1RJPSJSZWRGblFnSnVqbEFPeWF3Z1lySyI7 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-21 05:14 Last Seen2024-08-21 05:14 Times Seen1 Hash f2895cd7e3b5be8475a5293a126a103d 6a8d253a506c135d467c43109708e4b0f32ccfdd 367ecd3b2ff8769bda5000b43d1d29a894ab7f2c144855338979adaa07f577bf Loading...

	unknown	ScriptElement	318 B	2024-08-21	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-21 05:14 Last Seen2024-08-21 05:14 Times Seen1 Hash 06f40e3dc35587564808431ff3188b83 23994685d4bbd1519461bbcc843c30613eefdedf 02f974de5a20286af8522a11097c894bb356f67bec026317e46138db4c2d195e Loading...

	92pzu3gvs7925m9zy0n7.3pu9qgs.ru/1sx9/#david.mcintosh@mmbuildings.com	ScriptElement	1.1 kB	2024-08-21	2024-08-21
Pretty URL 92pzu3gvs7925m9zy0n7.3pu9qgs.ru/1sx9/#david.mcintosh@mmbuildings.com IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-21 05:14 Last Seen2024-08-21 05:14 Times Seen1 Hash 59d1f14724272d81072b7539a4f5877b 83464a015a6bb6defcad61d997bcfe58a116c38a a5afbaf77b998e8e07d3c05e2b68973675e30fbec58160b894d363f186d5f75b Loading...

	unknown	ScriptElement	247 B	2024-08-21	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-21 05:14 Last Seen2024-08-21 05:14 Times Seen1 Hash b78fe3dc384480260d2ff9e575ec30aa 6eceecf1a553979e94d87fcdb45c79180c988227 0ee4629f30dfe1b96dd4411fdc639b3a935302ca637b092370700b463760f8bc Loading...

	challenges.cloudflare.com/turnstile/v0/api.js	ScriptElement	34 kB	2023-09-22	2023-11-27
Pretty URL challenges.cloudflare.com/turnstile/v0/api.js IP 104.17.3.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-22 02:43 Last Seen2023-11-27 19:36 Times Seen13990 Hash cc3e43876d80dbb4f1bff1e8b15a9c60 3b43cbd347df372f7c1daf463b1229e4a8849195 06d063d7e58bade3ae244489087afa82f9f7c59276cdd7dcfbb2a9b5b600c5da Loading...

	92pzu3gvs7925m9zy0n7.3pu9qgs.ru/cdn-cgi/challenge-platform/scripts/jsd/main.js	ScriptElement	7.4 kB	2023-10-04	2023-10-04
Pretty URL 92pzu3gvs7925m9zy0n7.3pu9qgs.ru/cdn-cgi/challenge-platform/scripts/jsd/main.js IP 104.21.64.5 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-04 19:28 Last Seen2023-10-04 19:32 Times Seen3 Hash 9bd2d76f403a96000c8265cf78f809dc 685033f5ded1471fce0d553ffcb642c3b65cf6c9 0a616f4c513353369617818903f2e2d3da0715e1550a78c7753e4a5d4aee2e12 Loading...

	unknown	ScriptElement	651 B	2024-08-21	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-21 05:14 Last Seen2024-08-21 05:14 Times Seen1 Hash 914650ca194d25b9a4c2d7522ebc225b c1890c1fb687469ac22430924fde548f03722f01 9a219e8b8b21b3d2569089c60c7d7ff4a66d8710b66739b4e42705c4ac49846c Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/km07u/0x4AAAAAAAKi-7b7NGIQu_Ht/auto/normal	ScriptElement	3.4 kB	2024-08-21	2024-08-21
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/km07u/0x4AAAAAAAKi-7b7NGIQu_Ht/auto/normal IP 104.17.3.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-21 05:14 Last Seen2024-08-21 05:14 Times Seen1 Hash 05e7bdc22dc2656e32c1af401cee760a 3341cec16e15de9524b1d7764b3805224743f6da 688c095da2c904d4258e878c1b73d4103af01a432c22387db6f8442b28acea0e Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=810f29079b095697	ScriptElement	188 kB	2023-10-04	2023-10-04
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=810f29079b095697 IP 104.17.3.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-04 19:31 Last Seen2023-10-04 19:31 Times Seen1 Hash 721484b13a8ce08dc90184301722e036 36e6e4fd2c0c5d5746018c0b2202abd7897aa51a bcf6a5f161e437679f1476723ef6da79793d878015426faf8b3274edf58f2f1d Loading...

		Size	First Seen	Last Seen
	#1 Eval - 9e925e9341b490bfd3b4c4ca3b0c1ef2	4 B	2023-03-07 01:03	2025-05-09 04:54
Pretty Observations First Seen2023-03-07 01:03 Last Seen2025-05-09 04:54 Times Seen368729 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

		Size	First Seen	Last Seen
	#1 Write - 4a0fe6839a8e4650cb00d590d38ca27a	4.1 kB	2024-08-21 05:14	2024-08-21 05:14
Pretty Observations First Seen2024-08-21 05:14 Last Seen2024-08-21 05:14 Times Seen1 Hash 4a0fe6839a8e4650cb00d590d38ca27a ed6ac47f4b47fffaa004216778c10b070157a83d 35f4de3d8ceebc5fa319a38233977c4576c674ff19690f0437a5fc9073194dcd Loading...

	#2 Write - adfb1bc5b6ba91ec5ab5c54ddc225a7a	3.6 kB	2023-09-22 02:30	2024-08-21 06:07
Pretty Observations First Seen2023-09-22 02:30 Last Seen2024-08-21 06:07 Times Seen41377 Hash adfb1bc5b6ba91ec5ab5c54ddc225a7a 16d4d2247f8f343811417dce829fe7595e73995c ca2d1c64f76c12b39444ddb57fb6a2def9521e9d0d29df80eb309ac34ed23b80 Loading...

HTTP Transactions (12)

URL IP Response Size

a1mw.com/wp-includes/new/auth/67hnqf/ZGF2aWQubWNpbnRvc2hAbW1idWlsZGluZ3MuY29t

41.190.93.254

0 B

URL
a1mw.com/wp-includes/new/auth/67hnqf/ZGF2aWQubWNpbnRvc2hAbW1idWlsZGluZ3MuY29t
IP
41.190.93.254:0
ASN
#37187 SKYBAND

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /wp-includes/new/auth/67hnqf/ZGF2aWQubWNpbnRvc2hAbW1idWlsZGluZ3MuY29t HTTP/1.1
Host: a1mw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 04 Oct 2023 17:31:32 GMT
Server: Apache
refresh: 0;url=https://92pzu3gvs7925m9zy0n7.3pu9qgs.ru/1sx9/#david.mcintosh@mmbuildings.com
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css

151.101.65.229

200 OK

25 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css
IP
151.101.65.229:443
ASN
#54113 FASTLY

Requested by
https://92pzu3gvs7925m9zy0n7.3pu9qgs.ru/1sx9/#david.mcintosh@mmbuildings.com
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
Unicode text, UTF-8 text, with very long lines (65306)
Size
25 kB (25360 bytes)
Hash
abe91756d18b7cd60871a2f47c1e8192
7c1c9e0573e5cea8bad3733be2fc63aa8c68ea8d
7633b7c0c97d19e682feee8afa2738523fcb2a14544a550572caeecd2eefe66b

HTTP Headers

GET /npm/bootstrap@5.0.2/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://92pzu3gvs7925m9zy0n7.3pu9qgs.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 5.0.2
x-jsd-version-type: version
etag: W/"260c5-fByeBXPlzqi603M74vxjqoxo6o0"
content-encoding: br
accept-ranges: bytes
date: Wed, 04 Oct 2023 17:31:45 GMT
age: 9963947
x-served-by: cache-fra-eddf8230097-FRA, cache-bma1668-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 25360
X-Firefox-Spdy: h2

challenges.cloudflare.com/turnstile/v0/api.js

104.17.3.184

302 Found

13 kB

URL GET HTTP/2
challenges.cloudflare.com/turnstile/v0/api.js
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://92pzu3gvs7925m9zy0n7.3pu9qgs.ru/1sx9/#david.mcintosh@mmbuildings.com
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
data
Size
13 kB (12918 bytes)
Hash
7cdf76d29abb7814c5390958fec6f21d
01c7391320687865d42065197dd09d66ddc87e8e
2786e0a0f569a97d0f32f35d63d46b2df7997d173f446477e9ba95b9ca89bb60

HTTP Headers

GET /turnstile/v0/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://92pzu3gvs7925m9zy0n7.3pu9qgs.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Wed, 04 Oct 2023 17:31:44 GMT
access-control-allow-origin: *
location: /turnstile/v0/g/dffb14d6/api.js
vary: accept-encoding
cache-control: max-age=300, public
server: cloudflare
cf-ray: 810f290639440b45-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

challenges.cloudflare.com/turnstile/v0/g/dffb14d6/api.js

104.17.3.184

200 OK

34 kB

URL GET HTTP/2
challenges.cloudflare.com/turnstile/v0/g/dffb14d6/api.js
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://92pzu3gvs7925m9zy0n7.3pu9qgs.ru/1sx9/#david.mcintosh@mmbuildings.com
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (33998)
Size
34 kB (33999 bytes)
Hash
cc3e43876d80dbb4f1bff1e8b15a9c60
3b43cbd347df372f7c1daf463b1229e4a8849195
06d063d7e58bade3ae244489087afa82f9f7c59276cdd7dcfbb2a9b5b600c5da

HTTP Headers

GET /turnstile/v0/g/dffb14d6/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://92pzu3gvs7925m9zy0n7.3pu9qgs.ru/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 04 Oct 2023 17:31:45 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Accept-Encoding
server: cloudflare
cf-ray: 810f2906494f0b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

92pzu3gvs7925m9zy0n7.3pu9qgs.ru/favicon.ico

104.21.64.5

404 Not Found

1.2 kB

URL GET HTTP/3
92pzu3gvs7925m9zy0n7.3pu9qgs.ru/favicon.ico
IP
104.21.64.5:443
ASN
#13335 CLOUDFLARENET

Requested by
https://92pzu3gvs7925m9zy0n7.3pu9qgs.ru/1sx9/#david.mcintosh@mmbuildings.com
Certificate
IssuerLet's Encrypt
Subject3pu9qgs.ru
FingerprintF7:C1:93:8E:1E:85:56:2E:9C:F1:51:69:ED:0C:2D:D1:AC:43:1E:C7
ValidityThu, 21 Sep 2023 16:33:18 GMT - Wed, 20 Dec 2023 16:33:17 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1274), with no line terminators
Size
1.2 kB (1236 bytes)
Hash
8c16945397b2ea2fa974494c910f6d08
87289c714f1955cc0a4b8d0f5319bf0dcf771141
16782bd72a33f1963efb1d59aa17f964a604235a255e51dd4aafe0e0587040c6

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 92pzu3gvs7925m9zy0n7.3pu9qgs.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://92pzu3gvs7925m9zy0n7.3pu9qgs.ru/1sx9/
Cookie: PHPSESSID=sijip7pihmb2iimmkmaqku5p2o
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Wed, 04 Oct 2023 17:31:45 GMT
content-type: text/html
cache-control: private, no-cache, max-age=0
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=435lsfKWlIT2go0a%2FuURNpuwHUbfp9Y5qcQf4sK%2Bc%2FE1%2BFH1Y%2FjTuwN%2FVvfQtd1JgBuYF4n%2FVUlnEq9CJU2YHjqmbBdnU62ge0olsQqNVfR0%2FIKNURuovmMZIJPE2lMV9X61qNCjWVaF084GaZFQCk2P"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 810f29076fb7b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

92pzu3gvs7925m9zy0n7.3pu9qgs.ru/cdn-cgi/challenge-platform/scripts/jsd/main.js

104.21.64.5

302 Found

7.4 kB

URL GET HTTP/3
92pzu3gvs7925m9zy0n7.3pu9qgs.ru/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
104.21.64.5:443
ASN
#13335 CLOUDFLARENET

Requested by
https://92pzu3gvs7925m9zy0n7.3pu9qgs.ru/1sx9/#david.mcintosh@mmbuildings.com
Certificate
IssuerLet's Encrypt
Subject3pu9qgs.ru
FingerprintF7:C1:93:8E:1E:85:56:2E:9C:F1:51:69:ED:0C:2D:D1:AC:43:1E:C7
ValidityThu, 21 Sep 2023 16:33:18 GMT - Wed, 20 Dec 2023 16:33:17 GMT

File type

Size
7.4 kB (7425 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: 92pzu3gvs7925m9zy0n7.3pu9qgs.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=sijip7pihmb2iimmkmaqku5p2o
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 302 Found
date: Wed, 04 Oct 2023 17:31:45 GMT
vary: accept-encoding
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/dffb14d6/main.js
access-control-allow-origin: *
cache-control: max-age=300, public
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G47TYnyGgislaXOQyU6S4at%2F3BzGh%2B4TKlYb%2BKO0Lx7mMLXNJWvqwb8ZO6CzrOI9G0qrQjMXvCuOW6LyAFD7MsRTIjECd1uU7lITLye3thwpeI3mGhIW1ZPD4TIX%2B5NDagGwJuToz2v0gLKFi4o%2FhIy2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 810f29077fcab51b-OSL
alt-svc: h3=":443"; ma=86400

92pzu3gvs7925m9zy0n7.3pu9qgs.ru/cdn-cgi/challenge-platform/h/g/scripts/jsd/dffb14d6/main.js

104.21.64.5

200 OK

7.4 kB

URL GET HTTP/3
92pzu3gvs7925m9zy0n7.3pu9qgs.ru/cdn-cgi/challenge-platform/h/g/scripts/jsd/dffb14d6/main.js
IP
104.21.64.5:443
ASN
#13335 CLOUDFLARENET

Requested by
https://92pzu3gvs7925m9zy0n7.3pu9qgs.ru/1sx9/#david.mcintosh@mmbuildings.com
Certificate
IssuerLet's Encrypt
Subject3pu9qgs.ru
FingerprintF7:C1:93:8E:1E:85:56:2E:9C:F1:51:69:ED:0C:2D:D1:AC:43:1E:C7
ValidityThu, 21 Sep 2023 16:33:18 GMT - Wed, 20 Dec 2023 16:33:17 GMT

File type
ASCII text, with very long lines (7425), with no line terminators
Size
7.4 kB (7425 bytes)
Hash
9bd2d76f403a96000c8265cf78f809dc
685033f5ded1471fce0d553ffcb642c3b65cf6c9
0a616f4c513353369617818903f2e2d3da0715e1550a78c7753e4a5d4aee2e12

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/dffb14d6/main.js HTTP/1.1
Host: 92pzu3gvs7925m9zy0n7.3pu9qgs.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=sijip7pihmb2iimmkmaqku5p2o
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 04 Oct 2023 17:31:45 GMT
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
vary: accept-encoding
cache-control: max-age=14400, public
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U7je0Juj798%2BoPlXFBvcmUSFNgWnIBCE5mtUSKhuO7mjFxb6eBLKZx1QPhY6qyeJn8guPWxzAt5P5dgKPlOVoPMg8oMLPN1t1liFFG59EskDR%2Fp8khbyR3fOKXQfgUH195dJVAapx%2F9BGgeu1AD5a5yA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 810f2907d815b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

92pzu3gvs7925m9zy0n7.3pu9qgs.ru/1sx9/

104.21.64.5

200 OK

6.8 kB

URL User Request GET HTTP/2
92pzu3gvs7925m9zy0n7.3pu9qgs.ru/1sx9/
IP
104.21.64.5:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subject3pu9qgs.ru
FingerprintF7:C1:93:8E:1E:85:56:2E:9C:F1:51:69:ED:0C:2D:D1:AC:43:1E:C7
ValidityThu, 21 Sep 2023 16:33:18 GMT - Wed, 20 Dec 2023 16:33:17 GMT

File type
HTML document, ASCII text, with very long lines (6845), with no line terminators
Size
6.8 kB (6839 bytes)
Hash
42dd81d4c7fc3e9c91727bac2505a230
a0e3075c88848db99adf202a3f801476519811ca
319edb1a0e8cdb31eeaa2e974e9340af018935b37f5029a802b74db9d93840c9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /1sx9/ HTTP/1.1
Host: 92pzu3gvs7925m9zy0n7.3pu9qgs.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 04 Oct 2023 17:31:44 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: PHPSESSID=sijip7pihmb2iimmkmaqku5p2o; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7KjduCy77YUbC%2F4bLiqi0f3ycNQwU6K%2BU87hazR4xOv4Nn52%2Br3z81i%2Bp9OvcxG%2B2w09%2FUSsnfMemtFpSOsz0HMBO8Cs6koxwcz4KOlZpnt%2F%2FDKwltwH%2BRRm3HAEQyzHP8NJCu3%2BKQtQFPYLsmi8dhuB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 810f28bdad4e56b9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/9DKbiDfWH6ZjHxgSNTG3KHa3ucVmP6rj9MHN3bQn2+U=

104.17.3.184

200 OK

61 B

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/9DKbiDfWH6ZjHxgSNTG3KHa3ucVmP6rj9MHN3bQn2+U=
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/km07u/0x4AAAAAAAKi-7b7NGIQu_Ht/auto/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced\012- data
Size
61 B (61 bytes)
Hash
9246cca8fc3c00f50035f28e9f6b7f7d
3aa538440f70873b574f40cd793060f53ec17a5d
c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/cmg/1/9DKbiDfWH6ZjHxgSNTG3KHa3ucVmP6rj9MHN3bQn2+U= HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/km07u/0x4AAAAAAAKi-7b7NGIQu_Ht/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 04 Oct 2023 17:31:45 GMT
content-type: image/png
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 810f2908bc345697-OSL
alt-svc: h3=":443"; ma=86400

92pzu3gvs7925m9zy0n7.3pu9qgs.ru/cdn-cgi/challenge-platform/h/g/jsd/r/810f28bdad4e56b9

0.0.0.0

0 B

URL POST
92pzu3gvs7925m9zy0n7.3pu9qgs.ru/cdn-cgi/challenge-platform/h/g/jsd/r/810f28bdad4e56b9
IP
0.0.0.0:0
ASN
#0

Requested by
https://92pzu3gvs7925m9zy0n7.3pu9qgs.ru/1sx9/#david.mcintosh@mmbuildings.com
Certificate
IssuerLet's Encrypt
Subject3pu9qgs.ru
FingerprintF7:C1:93:8E:1E:85:56:2E:9C:F1:51:69:ED:0C:2D:D1:AC:43:1E:C7
ValidityThu, 21 Sep 2023 16:33:18 GMT - Wed, 20 Dec 2023 16:33:17 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/jsd/r/810f28bdad4e56b9 HTTP/1.1
Host: 92pzu3gvs7925m9zy0n7.3pu9qgs.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12303
Origin: https://92pzu3gvs7925m9zy0n7.3pu9qgs.ru
DNT: 1
Connection: keep-alive
Referer: https://92pzu3gvs7925m9zy0n7.3pu9qgs.ru/1sx9/
Cookie: PHPSESSID=sijip7pihmb2iimmkmaqku5p2o
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 04 Oct 2023 17:31:45 GMT
content-type: text/plain; charset=UTF-8
set-cookie: cf_clearance=FbExeMRQFJX87gblhOfP6VljVuQNgM0pB6b.troIf1M-1696440705-0-1-69b0ef05.6b0d8b6b.438cce4a-0.2.1696440705; path=/; expires=Thu, 03-Oct-24 17:31:45 GMT; domain=.3pu9qgs.ru; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9%2BLTYqkBIo6Q%2FdYxX3KCvrGODL0koZV55tQ2Q3qwFQm7DJY8snPONSy8eUj9VgCd6tRQHFrjWEkv14Ennl%2BJrUkfDiTPwBOS7Wlz5NMVAV3eCnDSUUuBHYIhqBLzvh%2BzDjQS29BKlsLOOnPlcS6Rx4iS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 810f2909295bb51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/km07u/0x4AAAAAAAKi-7b7NGIQu_Ht/auto/normal

104.17.3.184

200 OK

28 kB

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/km07u/0x4AAAAAAAKi-7b7NGIQu_Ht/auto/normal
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://92pzu3gvs7925m9zy0n7.3pu9qgs.ru/1sx9/#david.mcintosh@mmbuildings.com
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (14577)
Size
28 kB (27704 bytes)
Hash
a294adbc5a86b5adb22d3446c612790d
b61e8183fa9217d2204effecab68d5357cb8079f
08d47451b8c717d470e46afdab90aa600d1fc8969ef1e583819bfac89e598925

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/km07u/0x4AAAAAAAKi-7b7NGIQu_Ht/auto/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://92pzu3gvs7925m9zy0n7.3pu9qgs.ru/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 04 Oct 2023 17:31:45 GMT
content-type: text/html; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self'
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
document-policy: js-profiling
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare
cf-ray: 810f29079b095697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=810f29079b095697

104.17.3.184

200 OK

188 kB

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=810f29079b095697
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/km07u/0x4AAAAAAAKi-7b7NGIQu_Ht/auto/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
188 kB (188210 bytes)
Hash
721484b13a8ce08dc90184301722e036
36e6e4fd2c0c5d5746018c0b2202abd7897aa51a
bcf6a5f161e437679f1476723ef6da79793d878015426faf8b3274edf58f2f1d

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=810f29079b095697 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/km07u/0x4AAAAAAAKi-7b7NGIQu_Ht/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 04 Oct 2023 17:31:45 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
server: cloudflare
cf-ray: 810f2908bc355697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (12)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (12)

URL

IP

ASN

File type

Size

Hash