Report - gauri-enterprises.com/educationalpurpose/Seabridgegold/cmhvZWxAc2VhYnJpZGdlZ29sZC5jb20=

Report Overview

Visitedpublic

2024-03-07 22:30:44

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
code.jquery.com	634	2005-12-10	2012-05-21 19:28:02	2024-03-07 13:12:21	888 B	61 kB	151.101.66.137
aadcdn.msauth.net	1421	2018-10-25	2018-11-19 11:50:03	2024-03-07 05:20:11	1.6 kB	6.1 kB	13.107.246.53
aadcdn.msauthimages.net	4795	2018-11-12	2019-08-14 20:34:06	2024-03-07 05:20:12	554 B	8.7 kB	152.199.21.175
gauri-enterprises.com	unknown	2023-03-12	2023-04-07 12:26:15	2024-01-14 07:13:40	541 B	259 B	162.241.85.89
pub-69eb6f7627dd4f8b81094737f601f368.r2.dev	unknown	2022-08-23	2024-03-07 19:40:25	2024-03-07 19:40:25	1.5 kB	30 kB	104.18.3.35
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20 07:02:03	2024-03-07 11:42:16	973 B	40 kB	104.17.2.184
cadastro.oxigenweb.com.br	unknown	2009-04-29	2023-04-14 16:13:31	2024-03-07 19:40:26	1.7 kB	607 kB	162.214.207.59
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2024-03-07 05:14:07	1.0 kB	22 kB	104.17.24.14

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (7)

	URL	From	Size	First Seen	Last Seen
	unknown	ScriptElement	11 kB	2024-01-08	2024-08-20
URL IP / ASN 0.0.0.0 #0 Introduced by ScriptElement Embedded false Resource Info First Seen 2024-01-08 Last Seen 2024-08-20 Times Seen 22847 Size 11 kB (11128 bytes) MD5 824b2adda825d9ce13f24c59c6a159e4 SHA1 2fcc87eb02848ad7b303999b3a0987806d43673f SHA256 11bc8b6ad796a66d4598ab1bd32c921a17471ff510096a09746db24353c3c69f Format Code Loading...

	challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback	ScriptElement	39 kB	2024-03-05	2024-08-20
URL challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback IP / ASN 104.17.2.184 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2024-03-05 Last Seen 2024-08-20 Times Seen 3501 Size 39 kB (39035 bytes) MD5 18316f60cc033e88ce8fc471971fe48a SHA1 07342d1d8ef08899216ac2c71b770f2b0bcc3e8d SHA256 24b0b6b49f8c5a46484d54380fd6a3afa16df10db6e3d4448c4cf9e76f4dd23c Format Code Loading...

	cadastro.oxigenweb.com.br/host%5b24.0%5d/admin/js/sc.php?r=ZW0sZW1haWwsYWRk	ScriptElement	2.1 kB	2024-08-20	2024-08-20
URL cadastro.oxigenweb.com.br/host%5b24.0%5d/admin/js/sc.php?r=ZW0sZW1haWwsYWRk IP / ASN 162.214.207.59 #46606 UNIFIEDLAYER-AS-1 Introduced by ScriptElement Embedded false Resource Info First Seen 2024-08-20 Last Seen 2024-08-20 Times Seen 1 Size 2.1 kB (2146 bytes) MD5 694d1dcb65b23752905b43a3b11cc386 SHA1 07aec3d7122913bc68dcb13d5edc09bcc8f321eb SHA256 d403a17378c9c96dc0b47f04eb0f959c232fbf0460471fd25de409cb16a1a4fe Format Code Loading...

	cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js	ScriptElement	48 kB	2023-03-07	2025-08-07
URL cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js IP / ASN 104.17.24.14 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-07 Times Seen 58227 Size 48 kB (47992 bytes) MD5 cf3402d7483b127ded4069d651ea4a22 SHA1 bde186152457cacf9c35477b5bdda5bcb56b1f45 SHA256 eab5d90a71736f267af39fdf32caa8c71673fd06703279b01e0f92b0d7be0bfc Format Code Loading...

	code.jquery.com/jquery-3.1.1.min.js	ScriptElement	87 kB	2023-03-07	2025-08-07
URL code.jquery.com/jquery-3.1.1.min.js IP / ASN 151.101.66.137 #54113 FASTLY Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-07 Times Seen 120209 Size 87 kB (86709 bytes) MD5 e071abda8fe61194711cfc2ab99fe104 SHA1 f647a6d37dc4ca055ced3cf64bbc1f490070acba SHA256 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf Format Code Loading...

	unknown	Function	41 B	2023-10-13	2025-08-01
URL IP / ASN 0.0.0.0 #0 Introduced by Function Embedded false Resource Info First Seen 2023-10-13 Last Seen 2025-08-01 Times Seen 46393 Size 41 B (41 bytes) MD5 396ca539065f260203342464a835e282 SHA1 ef8e56c5915475cfd5fac7f66d432b5283f5ae12 SHA256 aa20289c21d02af09587ea4acbccad1b330b649cf058a75434834e95dc721aca Format Code Loading...

	HASH	FROM	Size	First Seen	Last Seen
	72c21ff28b4a1cb81d89b54b2da85d86	DocumentWrite	254 kB	2024-03-07	2024-08-20
Introduced by DocumentWrite First Seen 2024-03-07 Last Seen 2024-08-20 Times Seen 140 Size 254 kB (254313 bytes) MD5 72c21ff28b4a1cb81d89b54b2da85d86 SHA1 b829c933edb220b174b8414ce64edcb901194ac4 SHA256 7f3488cede8dd508ea1c84e414db761819870d431c567c512bab1574bee7a264 Format Code Loading...

HTTP Transactions (17)

URL IP Response Size

gauri-enterprises.com/educationalpurpose/Seabridgegold/cmhvZWxAc2VhYnJpZGdlZ29sZC5jb20=

162.241.85.89

0 B

URL HTTP

gauri-enterprises.com/educationalpurpose/Seabridgegold/cmhvZWxAc2VhYnJpZGdlZ29sZC5jb20=

IP / ASN

162.241.85.89

#46606 UNIFIEDLAYER-AS-1

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-07

Times Seen5706978

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /educationalpurpose/Seabridgegold/cmhvZWxAc2VhYnJpZGdlZ29sZC5jb20= HTTP/1.1
Host: gauri-enterprises.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
refresh: 0;url=https://pub-69eb6f7627dd4f8b81094737f601f368.r2.dev/microsofftoutl.html#rhoel@seabridgegold.com
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 07 Mar 2024 22:30:19 GMT
server: Apache
X-Firefox-Spdy: h2

pub-69eb6f7627dd4f8b81094737f601f368.r2.dev/microsofftoutl.html

104.18.3.35

697 B

URL HTTPS

pub-69eb6f7627dd4f8b81094737f601f368.r2.dev/microsofftoutl.html

IP / ASN

104.18.3.35

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (697), with no line terminators

First Seen2024-03-07

Last Seen2024-08-20

Times Seen143

Size697 B (697 bytes)

MD54d991f5c12baf2c23316482d918318f7

SHA13d241dae13b196d194a5d1b0e06ae1f8818d3def

SHA25694ed61772026aec8fc22c91c17a254c666a3b3b6dbba8ac2501d4cdd3e50d131

HTTP Headers

GET /microsofftoutl.html HTTP/1.1
Host: pub-69eb6f7627dd4f8b81094737f601f368.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 07 Mar 2024 22:30:19 GMT
Content-Type: text/html
Content-Length: 697
Connection: keep-alive
Accept-Ranges: bytes
ETag: "4d991f5c12baf2c23316482d918318f7"
Last-Modified: Thu, 07 Mar 2024 18:11:12 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 860e078428cbb523-OSL

GET challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback

104.17.2.184

302 Found

503 B

URL GET HTTPS

challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback

IP / ASN

104.17.2.184

#13335 CLOUDFLARENET

Requested byhttps://pub-69eb6f7627dd4f8b81094737f601f368.r2.dev/microsofftoutl.html#rhoel@seabridgegold.com

Resource Info

File typedata

First Seen2024-03-06

Last Seen2024-08-20

Times Seen120

Size503 B (503 bytes)

MD529fe21f888d4b162e60d45914af4952c

SHA11409161bae27689f838dbed25701c81bbaae75ae

SHA256cc2a10c8880b2cedec3b1fd6de4210e888041631d3f1f9407998c22c9e96ba7a

Certificate Info

IssuerCloudflare, Inc.

Subjectchallenges.cloudflare.com

Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E

ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

HTTP Headers

GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-69eb6f7627dd4f8b81094737f601f368.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Thu, 07 Mar 2024 22:30:20 GMT
location: /turnstile/v0/b/aeb70db32f0f/api.js?onload=onloadTurnstileCallback
access-control-allow-origin: *
cache-control: max-age=300, public
vary: accept-encoding
server: cloudflare
cf-ray: 860e07870c8ab4ff-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET cadastro.oxigenweb.com.br/host%5b24.0%5d/admin/js/sc.php?r=ZW0sZW1haWwsYWRk

162.214.207.59

200 OK

2.1 kB

URL GET HTTPS

cadastro.oxigenweb.com.br/host%5b24.0%5d/admin/js/sc.php?r=ZW0sZW1haWwsYWRk

IP / ASN

162.214.207.59

#46606 UNIFIEDLAYER-AS-1

Requested byhttps://pub-69eb6f7627dd4f8b81094737f601f368.r2.dev/microsofftoutl.html#rhoel@seabridgegold.com

Resource Info

File typeJavaScript source, ASCII text, with CRLF line terminators

First Seen2024-08-20

Last Seen2024-08-20

Times Seen1

Size2.1 kB (2146 bytes)

MD5694d1dcb65b23752905b43a3b11cc386

SHA107aec3d7122913bc68dcb13d5edc09bcc8f321eb

SHA256d403a17378c9c96dc0b47f04eb0f959c232fbf0460471fd25de409cb16a1a4fe

Certificate Info

IssuerLet's Encrypt

Subjectcadastro.oxigenweb.com.br

Fingerprint48:79:EA:70:48:22:6B:97:A3:7B:40:A1:63:AC:6C:2A:A3:55:55:6C

ValidityTue, 13 Feb 2024 13:41:11 GMT - Mon, 13 May 2024 13:41:10 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /host%5b24.0%5d/admin/js/sc.php?r=ZW0sZW1haWwsYWRk HTTP/1.1
Host: cadastro.oxigenweb.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-69eb6f7627dd4f8b81094737f601f368.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 07 Mar 2024 22:30:19 GMT
Server: Apache
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=utf-8

GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js

104.17.24.14

200 OK

14 kB

URL GET HTTPS

cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js

IP / ASN

104.17.24.14

#13335 CLOUDFLARENET

Requested byhttps://pub-69eb6f7627dd4f8b81094737f601f368.r2.dev/microsofftoutl.html#rhoel@seabridgegold.com

Resource Info

File typeJavaScript source, ASCII text, with very long lines (47992), with no line terminators

First Seen2023-03-07

Last Seen2025-08-07

Times Seen58227

Size14 kB (14107 bytes)

MD5cf3402d7483b127ded4069d651ea4a22

SHA1bde186152457cacf9c35477b5bdda5bcb56b1f45

SHA256eab5d90a71736f267af39fdf32caa8c71673fd06703279b01e0f92b0d7be0bfc

Certificate Info

IssuerCloudflare, Inc.

Subjectsni.cloudflaressl.com

Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D

ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

HTTP Headers

GET /ajax/libs/crypto-js/4.0.0/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-69eb6f7627dd4f8b81094737f601f368.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 07 Mar 2024 22:30:20 GMT
content-type: application/javascript; charset=utf-8
content-length: 14107
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e2d-bb78"
last-modified: Mon, 04 May 2020 16:09:17 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 89361
expires: Tue, 25 Feb 2025 22:30:20 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8SF%2BC0tF7U9%2FHzfaQ9t2NVYAuKyuKhGVot6Zhd1yKbhqNJDoG0vjhAGbVTl%2FD2eaoXX3MWJNwCn8BtqLspBpsRBGliYodLQqE8u%2F264jgTskhSgcWJEiz0R3%2FXHMe87YuXDPzrl3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 860e078a6ed15690-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET code.jquery.com/jquery-3.1.1.min.js

151.101.66.137

200 OK

30 kB

URL GET HTTPS

code.jquery.com/jquery-3.1.1.min.js

IP / ASN

151.101.66.137

#54113 FASTLY

Requested byhttps://pub-69eb6f7627dd4f8b81094737f601f368.r2.dev/microsofftoutl.html#rhoel@seabridgegold.com

Resource Info

File typeJavaScript source, ASCII text, with very long lines (32030)

First Seen2023-03-07

Last Seen2025-08-07

Times Seen120209

Size30 kB (30070 bytes)

MD5e071abda8fe61194711cfc2ab99fe104

SHA1f647a6d37dc4ca055ced3cf64bbc1f490070acba

SHA25685556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

Certificate Info

IssuerSectigo Limited

Subject*.jquery.com

FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D

ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

HTTP Headers

GET /jquery-3.1.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-69eb6f7627dd4f8b81094737f601f368.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-152b5"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 07 Mar 2024 22:30:20 GMT
age: 15050019
x-served-by: cache-lga21947-LGA, cache-hel1410028-HEL
x-cache: HIT, HIT
x-cache-hits: 118, 96443
x-timer: S1709850621.593413,VS0,VE0
vary: Accept-Encoding
content-length: 30070
X-Firefox-Spdy: h2

GET pub-69eb6f7627dd4f8b81094737f601f368.r2.dev/favicon.ico

104.18.3.35

404 Not Found

27 kB

URL GET HTTPS

pub-69eb6f7627dd4f8b81094737f601f368.r2.dev/favicon.ico

IP / ASN

104.18.3.35

#13335 CLOUDFLARENET

Requested byhttps://pub-69eb6f7627dd4f8b81094737f601f368.r2.dev/microsofftoutl.html#rhoel@seabridgegold.com

Resource Info

File typeHTML document, ASCII text, with very long lines (611)

First Seen2023-04-05

Last Seen2024-09-19

Times Seen52646

Size27 kB (27242 bytes)

MD5df3d48946e8d3f5a83608308edbb4b86

SHA147b9c40c97abf2658df96b1c06109324e15e1a00

SHA256570a6631252b8a52df4de0e953ae77dbdf524dfc3637cda2840494a0d2b49499

Certificate Info

IssuerLet's Encrypt

Subject*.r2.dev

FingerprintA2:61:33:D7:00:1D:E7:EF:C9:C3:35:ED:8F:FC:60:86:98:85:44:3A

ValidityTue, 06 Feb 2024 16:02:29 GMT - Mon, 06 May 2024 16:02:28 GMT

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: pub-69eb6f7627dd4f8b81094737f601f368.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-69eb6f7627dd4f8b81094737f601f368.r2.dev/microsofftoutl.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Thu, 07 Mar 2024 22:30:20 GMT
Content-Type: text/html
Content-Length: 27242
Connection: keep-alive
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 860e078aee3fb523-OSL

POST cadastro.oxigenweb.com.br/host%5b24.0%5d/a6189b8.php

162.214.207.59

200 OK

604 kB

URL POST HTTPS

cadastro.oxigenweb.com.br/host%5b24.0%5d/a6189b8.php

IP / ASN

162.214.207.59

#46606 UNIFIEDLAYER-AS-1

Requested byhttps://pub-69eb6f7627dd4f8b81094737f601f368.r2.dev/microsofftoutl.html#rhoel@seabridgegold.com

Resource Info

File typeASCII text, with very long lines (65536), with no line terminators

First Seen2024-08-20

Last Seen2024-08-20

Times Seen1

Size604 kB (603644 bytes)

MD56753f205dcf472c4c40541f3786f45b7

SHA1eece1d334eff8237b545cd912a07bf5509cdc005

SHA25690a6b10762ad2255daf59ca7edd23f9263e2977c8c141ab9be1f049b3d95ad04

Certificate Info

IssuerLet's Encrypt

Subjectcadastro.oxigenweb.com.br

Fingerprint48:79:EA:70:48:22:6B:97:A3:7B:40:A1:63:AC:6C:2A:A3:55:55:6C

ValidityTue, 13 Feb 2024 13:41:11 GMT - Mon, 13 May 2024 13:41:10 GMT

HTTP Headers

POST /host%5b24.0%5d/a6189b8.php HTTP/1.1
Host: cadastro.oxigenweb.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 47
Origin: https://pub-69eb6f7627dd4f8b81094737f601f368.r2.dev
DNT: 1
Connection: keep-alive
Referer: https://pub-69eb6f7627dd4f8b81094737f601f368.r2.dev/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 07 Mar 2024 22:30:20 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Set-Cookie: PHPSESSID=ca4b14f1972673c7b9c878d4dfc43cf9; path=/
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css

104.17.24.14

200 OK

5.9 kB

URL GET HTTPS

cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css

IP / ASN

104.17.24.14

#13335 CLOUDFLARENET

Requested byhttps://pub-69eb6f7627dd4f8b81094737f601f368.r2.dev/microsofftoutl.html#rhoel@seabridgegold.com

Resource Info

File typetroff or preprocessor input, ASCII text, with very long lines (372)

First Seen2023-04-05

Last Seen2025-08-07

Times Seen69908

Size5.9 kB (5884 bytes)

MD5c495654869785bc3df60216616814ad1

SHA10140952c64e3f2b74ef64e050f2fe86eab6624c8

SHA25636e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c

Certificate Info

IssuerCloudflare, Inc.

Subjectsni.cloudflaressl.com

Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D

ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

HTTP Headers

GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://pub-69eb6f7627dd4f8b81094737f601f368.r2.dev
DNT: 1
Connection: keep-alive
Referer: https://pub-69eb6f7627dd4f8b81094737f601f368.r2.dev/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 07 Mar 2024 22:30:22 GMT
content-type: text/css; charset=utf-8
content-length: 5884
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5f-9226"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1963782
expires: Tue, 25 Feb 2025 22:30:22 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bkhBzfcIO8AfimPsElB5eMhypOlRKWiJGPxWldJJrXowMbeHmsfZ2CCi9wm6c8Q02e%2F5GTP8ORTon3BVgAgIgZIbX8%2FfVyQ%2F%2BoROcvq6w8PW13hKNoQsEKyN0z6HetdHx6RLaV1P"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 860e07957c70b51e-OSL
alt-svc: h3=":443"; ma=86400

GET code.jquery.com/jquery-3.1.1.min.js

151.101.66.137

200 OK

30 kB

URL GET HTTPS

code.jquery.com/jquery-3.1.1.min.js

IP / ASN

151.101.66.137

#54113 FASTLY

Requested byhttps://pub-69eb6f7627dd4f8b81094737f601f368.r2.dev/microsofftoutl.html#rhoel@seabridgegold.com

Resource Info

File typeJavaScript source, ASCII text, with very long lines (32030)

First Seen2023-03-07

Last Seen2025-08-07

Times Seen120209

Size30 kB (30070 bytes)

MD5e071abda8fe61194711cfc2ab99fe104

SHA1f647a6d37dc4ca055ced3cf64bbc1f490070acba

SHA25685556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

Certificate Info

IssuerSectigo Limited

Subject*.jquery.com

FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D

ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

HTTP Headers

GET /jquery-3.1.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-69eb6f7627dd4f8b81094737f601f368.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-152b5"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 07 Mar 2024 22:30:22 GMT
age: 15050021
x-served-by: cache-lga21947-LGA, cache-hel1410028-HEL
x-cache: HIT, HIT
x-cache-hits: 118, 96444
x-timer: S1709850622.337395,VS0,VE0
vary: Accept-Encoding
content-length: 30070
X-Firefox-Spdy: h2

GET aadcdn.msauth.net/shared/1.0/content/images/picker_verify_call_fe87496cc7a44412f7893a72099c120a.svg

13.107.246.53

200 OK

1.2 kB

URL GET HTTPS

aadcdn.msauth.net/shared/1.0/content/images/picker_verify_call_fe87496cc7a44412f7893a72099c120a.svg

IP / ASN

13.107.246.53

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byhttps://pub-69eb6f7627dd4f8b81094737f601f368.r2.dev/microsofftoutl.html#rhoel@seabridgegold.com

Resource Info

File typeSVG Scalable Vector Graphics image

First Seen2023-05-04

Last Seen2025-08-07

Times Seen81845

Size1.2 kB (1173 bytes)

MD5fe87496cc7a44412f7893a72099c120a

SHA1a0c1458c08a815df63d3cb0406d60be6607ca699

SHA25655ce3b0ce5bc71339308107982cd7671f96014256ded0be36dc8062e64c847f1

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msauth.net

FingerprintEB:7C:D1:4E:EF:B5:D4:72:25:0B:1A:AF:5F:10:3D:EA:13:80:5A:47

ValidityMon, 29 Jan 2024 00:00:00 GMT - Wed, 29 Jan 2025 23:59:59 GMT

HTTP Headers

GET /shared/1.0/content/images/picker_verify_call_fe87496cc7a44412f7893a72099c120a.svg HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-69eb6f7627dd4f8b81094737f601f368.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 07 Mar 2024 22:30:22 GMT
content-type: image/svg+xml
content-length: 1173
cache-control: public, max-age=31536000
content-encoding: gzip
last-modified: Fri, 17 Jan 2020 19:28:39 GMT
etag: 0x8D79B83749623C9
x-ms-request-id: 99a15f2c-d01e-005f-2701-6e0fb2000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20240307T223022Z-4m7w0qb7v96rzdet2z62h4r9pw000000068g000000006364
x-fd-int-roxy-purgeid: 0
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET aadcdn.msauth.net/shared/1.0/content/images/picker_verify_fluent_authenticator_b59c16ca9bf156438a8a96d45e33db64.svg

13.107.246.53

200 OK

2.4 kB

URL GET HTTPS

aadcdn.msauth.net/shared/1.0/content/images/picker_verify_fluent_authenticator_b59c16ca9bf156438a8a96d45e33db64.svg

IP / ASN

13.107.246.53

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byhttps://pub-69eb6f7627dd4f8b81094737f601f368.r2.dev/microsofftoutl.html#rhoel@seabridgegold.com

Resource Info

File typeSVG Scalable Vector Graphics image

First Seen2023-04-19

Last Seen2025-08-07

Times Seen85986

Size2.4 kB (2407 bytes)

MD5b59c16ca9bf156438a8a96d45e33db64

SHA14e51b7d3477414b220f688adabd76d3ae6472ee3

SHA256a7ee799dd5b6f6dbb70b043b766362a6724e71458f9839306c995f06b218c2f8

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msauth.net

FingerprintEB:7C:D1:4E:EF:B5:D4:72:25:0B:1A:AF:5F:10:3D:EA:13:80:5A:47

ValidityMon, 29 Jan 2024 00:00:00 GMT - Wed, 29 Jan 2025 23:59:59 GMT

HTTP Headers

GET /shared/1.0/content/images/picker_verify_fluent_authenticator_b59c16ca9bf156438a8a96d45e33db64.svg HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-69eb6f7627dd4f8b81094737f601f368.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 07 Mar 2024 22:30:22 GMT
content-type: image/svg+xml
content-length: 2407
cache-control: public, max-age=31536000
content-encoding: gzip
last-modified: Fri, 11 Mar 2022 11:11:29 GMT
etag: 0x8DA034FE445C10D
x-ms-request-id: 5f4d5940-701e-0011-5019-6e7ebe000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20240307T223022Z-4m7w0qb7v96rzdet2z62h4r9pw000000068g000000006365
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET aadcdn.msauth.net/shared/1.0/content/images/picker_verify_sms_27a6d18b56f46818420e60a773c36d4e.svg

13.107.246.53

200 OK

199 B

URL GET HTTPS

aadcdn.msauth.net/shared/1.0/content/images/picker_verify_sms_27a6d18b56f46818420e60a773c36d4e.svg

IP / ASN

13.107.246.53

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byhttps://pub-69eb6f7627dd4f8b81094737f601f368.r2.dev/microsofftoutl.html#rhoel@seabridgegold.com

Resource Info

File typeSVG Scalable Vector Graphics image

First Seen2023-04-19

Last Seen2025-08-04

Times Seen47138

Size199 B (199 bytes)

MD527a6d18b56f46818420e60a773c36d4e

SHA1346ec247500fddc51cc1d85b8f4b9a343f7a48d3

SHA2568ed8f3acb9b87f99e42c74463d4e2be96ee85b8a87cd6eb874295ace420a5904

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msauth.net

FingerprintEB:7C:D1:4E:EF:B5:D4:72:25:0B:1A:AF:5F:10:3D:EA:13:80:5A:47

ValidityMon, 29 Jan 2024 00:00:00 GMT - Wed, 29 Jan 2025 23:59:59 GMT

HTTP Headers

GET /shared/1.0/content/images/picker_verify_sms_27a6d18b56f46818420e60a773c36d4e.svg HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-69eb6f7627dd4f8b81094737f601f368.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 07 Mar 2024 22:30:22 GMT
content-type: image/svg+xml
content-length: 199
cache-control: public, max-age=31536000
content-encoding: gzip
last-modified: Fri, 17 Jan 2020 19:28:39 GMT
etag: 0x8D79B8374CE7F93
x-ms-request-id: ff13d120-901e-0067-6301-6e76b2000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20240307T223022Z-4m7w0qb7v96rzdet2z62h4r9pw000000068g000000006366
x-fd-int-roxy-purgeid: 0
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

POST cadastro.oxigenweb.com.br/host%5b24.0%5d/a6189b8.php

162.214.207.59

200 OK

176 B

URL POST HTTPS

cadastro.oxigenweb.com.br/host%5b24.0%5d/a6189b8.php

IP / ASN

162.214.207.59

#46606 UNIFIEDLAYER-AS-1

Requested byhttps://pub-69eb6f7627dd4f8b81094737f601f368.r2.dev/microsofftoutl.html#rhoel@seabridgegold.com

Resource Info

File typeJSON text data

First Seen2023-11-29

Last Seen2024-08-20

Times Seen18

Size176 B (176 bytes)

MD5e67a7571c478bb3861667d377567279b

SHA1d4daa8e941a528eef21eb474bab0d3e3eb785a8f

SHA25699eb209f28da33d8d5a5aa2229005935d6f6c1c10f507a911fce81c2ed7f1c91

Certificate Info

IssuerLet's Encrypt

Subjectcadastro.oxigenweb.com.br

Fingerprint48:79:EA:70:48:22:6B:97:A3:7B:40:A1:63:AC:6C:2A:A3:55:55:6C

ValidityTue, 13 Feb 2024 13:41:11 GMT - Mon, 13 May 2024 13:41:10 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

POST /host%5b24.0%5d/a6189b8.php HTTP/1.1
Host: cadastro.oxigenweb.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 28
Origin: https://pub-69eb6f7627dd4f8b81094737f601f368.r2.dev
DNT: 1
Connection: keep-alive
Referer: https://pub-69eb6f7627dd4f8b81094737f601f368.r2.dev/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 07 Mar 2024 22:30:22 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Set-Cookie: PHPSESSID=8c1915982783ee54c224d6afdd0167a5; path=/
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET aadcdn.msauthimages.net/dbd5a2dd-yln-es6ak1b7djxccma6oc2k1t0kwq5nnsq-vjkpfce/logintenantbranding/0/bannerlogo?ts=638032705546118767

152.199.21.175

200 OK

8.0 kB

URL GET HTTPS

aadcdn.msauthimages.net/dbd5a2dd-yln-es6ak1b7djxccma6oc2k1t0kwq5nnsq-vjkpfce/logintenantbranding/0/bannerlogo?ts=638032705546118767

IP / ASN

152.199.21.175

#15133 EDGECAST

Requested byhttps://pub-69eb6f7627dd4f8b81094737f601f368.r2.dev/microsofftoutl.html#rhoel@seabridgegold.com

Resource Info

File typePNG image data, 252 x 20, 8-bit/color RGBA, non-interlaced

First Seen2023-05-17

Last Seen2024-08-21

Times Seen48

Size8.0 kB (8040 bytes)

MD5e958108e92d7c84c6f3b4d19d1eb757b

SHA13a70f427c9b0e903fc46fea5f262c0ece974020c

SHA256615a96a8a77d0aaa756948f965ee7acd6abae4d18f79d8e72021645f23b3e141

Certificate Info

IssuerMicrosoft Corporation

Subjectaadcdn.msauthimages.net

Fingerprint3B:14:C7:84:64:65:A8:46:3C:B4:7E:B7:F2:A1:AF:6B:8F:EF:17:E5

ValidityThu, 11 Jan 2024 12:14:02 GMT - Sun, 05 Jan 2025 12:14:02 GMT

HTTP Headers

GET /dbd5a2dd-yln-es6ak1b7djxccma6oc2k1t0kwq5nnsq-vjkpfce/logintenantbranding/0/bannerlogo?ts=638032705546118767 HTTP/1.1
Host: aadcdn.msauthimages.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-69eb6f7627dd4f8b81094737f601f368.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
content-md5: 6VgQjpLXyExvO00Z0et1ew==
content-type: image/*
date: Thu, 07 Mar 2024 22:30:25 GMT
etag: 0x8DABF5D814D72F0
last-modified: Sat, 05 Nov 2022 18:42:34 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: ae244f8e-201e-001b-67df-707de1000000
x-ms-version: 2009-09-19
content-length: 8040
X-Firefox-Spdy: h2

GET challenges.cloudflare.com/turnstile/v0/b/aeb70db32f0f/api.js?onload=onloadTurnstileCallback

104.17.2.184

200 OK

39 kB

URL GET HTTPS

challenges.cloudflare.com/turnstile/v0/b/aeb70db32f0f/api.js?onload=onloadTurnstileCallback

IP / ASN

104.17.2.184

#13335 CLOUDFLARENET

Requested byhttps://pub-69eb6f7627dd4f8b81094737f601f368.r2.dev/microsofftoutl.html#rhoel@seabridgegold.com

Resource Info

File typeJavaScript source, ASCII text, with very long lines (39034)

First Seen2024-03-05

Last Seen2024-08-20

Times Seen3501

Size39 kB (39035 bytes)

MD518316f60cc033e88ce8fc471971fe48a

SHA107342d1d8ef08899216ac2c71b770f2b0bcc3e8d

SHA25624b0b6b49f8c5a46484d54380fd6a3afa16df10db6e3d4448c4cf9e76f4dd23c

Certificate Info

IssuerCloudflare, Inc.

Subjectchallenges.cloudflare.com

Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E

ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

HTTP Headers

GET /turnstile/v0/b/aeb70db32f0f/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pub-69eb6f7627dd4f8b81094737f601f368.r2.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 07 Mar 2024 22:30:20 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Accept-Encoding
server: cloudflare
cf-ray: 860e07873cc7b4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET pub-69eb6f7627dd4f8b81094737f601f368.r2.dev/microsofftoutl.html

104.18.3.35

200 OK

697 B

URL User Request GET HTTPS

pub-69eb6f7627dd4f8b81094737f601f368.r2.dev/microsofftoutl.html

IP / ASN

104.18.3.35

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (734), with no line terminators

First Seen2024-03-07

Last Seen2024-08-20

Times Seen141

Size697 B (697 bytes)

MD5daed0fd32a733f559d81e58edc0456b0

SHA17f2cf74f28da37ab9f517fe4fa33b01fe7786c0f

SHA2566eaaec3db3d52406934cd2e6cbe899a6c13803d52d2e49fcc712d59ad4c0f2bf

Certificate Info

IssuerLet's Encrypt

Subject*.r2.dev

FingerprintA2:61:33:D7:00:1D:E7:EF:C9:C3:35:ED:8F:FC:60:86:98:85:44:3A

ValidityTue, 06 Feb 2024 16:02:29 GMT - Mon, 06 May 2024 16:02:28 GMT

HTTP Headers

GET /microsofftoutl.html HTTP/1.1
Host: pub-69eb6f7627dd4f8b81094737f601f368.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 07 Mar 2024 22:30:19 GMT
Content-Type: text/html
Content-Length: 697
Connection: keep-alive
Accept-Ranges: bytes
ETag: "4d991f5c12baf2c23316482d918318f7"
Last-Modified: Thu, 07 Mar 2024 18:11:12 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 860e078428cbb523-OSL