Report - doc.ssagovsecures.com/ssa-7005-sm-17102515.pdf.exe

Report Overview

Visited public
2025-05-15 09:21:35
Tags
URL
doc.ssagovsecures.com/ssa-7005-sm-17102515.pdf.exe
Finishing URL
doc.ssagovsecures.com/ssa-7005-sm-17102515.pdf.exe
IP / ASN
104.21.91.123
#13335 CLOUDFLARENET
Title
404 Not Found

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
doc.ssagovsecures.com	unknown	2025-03-11	2025-05-15	2025-05-15	2.6 kB	29 kB	188.114.97.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-05-15 09:21:15	medium	Client IP	188.114.97.1	ET HUNTING SUSPICIOUS *.pdf.exe in HTTP URL

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (3)

	URL	From	Size	First Seen	Last Seen
	about:blank	ScriptElement	236 B	2025-05-15	2025-05-15
Pretty URL about:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-15 09:21 Last Seen2025-05-15 09:21 Times Seen1 Hash 422ebf07ef8bf9fd09aa4d08061610d0 b5c3774d767859a3f1467c9f6759bffb6b528519 689b1a2f2b8d37a48887305f05e5214ff045d3cba25829cf5953af9dcd16d973 Loading...

	doc.ssagovsecures.com/cdn-cgi/challenge-platform/scripts/jsd/main.js	ScriptElement	8.4 kB	2025-05-15	2025-05-15
Pretty URL doc.ssagovsecures.com/cdn-cgi/challenge-platform/scripts/jsd/main.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-15 09:21 Last Seen2025-05-15 09:21 Times Seen1 Hash a80a659cce7f59a78d209610d8b1627f 3f0698a5e87ede1388412d0796642c5721e390fd 9c14b3a2aa4a11b30895250dea08a4b57a1b6b2c7be35cd39465c43583478806 Loading...

	doc.ssagovsecures.com/ssa-7005-sm-17102515.pdf.exe	ScriptElement	921 B	2025-05-15	2025-05-15
Pretty URL doc.ssagovsecures.com/ssa-7005-sm-17102515.pdf.exe IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-15 09:21 Last Seen2025-05-15 09:21 Times Seen1 Hash 42e948e74f2a15a59de25e9143d44488 4acb07a50a8d2dc879fc9c6b6db337a28a6db90a 64fa0b0efeb5db865e63efba91064ff6ff5c5c9379982fc36b05e62f84fda996 Loading...

HTTP Transactions (6)

URL IP Response Size

doc.ssagovsecures.com/ssa-7005-sm-17102515.pdf.exe

188.114.97.1

404 Not Found

2.2 kB

URL User Request GET
doc.ssagovsecures.com/ssa-7005-sm-17102515.pdf.exe
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectssagovsecures.com
Fingerprint53:BE:55:A4:A7:DD:F8:E9:E9:40:76:08:C4:A9:45:A5:C2:BB:0F:45
ValidityTue, 25 Mar 2025 23:24:56 GMT - Tue, 24 Jun 2025 00:24:51 GMT

File type
HTML document, ASCII text, with very long lines (1149), with CRLF, LF line terminators
Size
2.2 kB (2187 bytes)
Hash
ce8d06d90acf71417568567b5a833349
83e920ff285fe629363326a7dd1cb6803a9ad2f9
6b56caec506bd9e6db146ae9e5bd2a76bbb9572337e9513cead3f04f73255755

Detections

NIDS	Severity	Alert
suricata	medium	ET HUNTING SUSPICIOUS *.pdf.exe in HTTP URL

HTTP Headers

GET /ssa-7005-sm-17102515.pdf.exe HTTP/1.1
Host: doc.ssagovsecures.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Thu, 15 May 2025 09:21:15 GMT
content-type: text/html
cf-ray: 94019063494c569a-OSL
server: cloudflare
content-encoding: br
cache-control: private, no-cache, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
vary: Accept-Encoding
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=76UXOfcy31pqAdeaWqZ83%2FChBfImpHBL8GJaykbhTXa2Pt8nrQV5kvLw57SL8M8bHi6ZqFWuV03uo0o6XtYSsC8oQiFF4YD8OilODsvwaEO7Px5FaG4LmH2zfHFO3%2F3BN0swvFNW6tA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=6770&min_rtt=481&rtt_var=12314&sent=9&recv=12&lost=0&retrans=1&sent_bytes=3307&recv_bytes=1199&delivery_rate=6851735&cwnd=256&unsent_bytes=0&cid=bc58d12f864647d7&ts=425&x=0"
X-Firefox-Spdy: h2

doc.ssagovsecures.com/ssa-7005-sm-17102515.pdf.exe

188.114.97.1

404 Not Found

2.2 kB

URL User Request GET
doc.ssagovsecures.com/ssa-7005-sm-17102515.pdf.exe
IP
188.114.97.1:80
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (1149), with CRLF, LF line terminators
Size
2.2 kB (2187 bytes)
Hash
461810294e7169e8c17327b69e9c5c42
4b33b773170c28f901687fb38d0dee6372e6b269
a5996988c825adeb6b14e79f2c45afdd20c9bb66cc1f6603b6fde9844905e635

Detections

NIDS	Severity	Alert
suricata	medium	ET HUNTING SUSPICIOUS *.pdf.exe in HTTP URL

HTTP Headers

GET /ssa-7005-sm-17102515.pdf.exe HTTP/1.1
Host: doc.ssagovsecures.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Thu, 15 May 2025 09:21:15 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, no-cache, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
vary: Accept-Encoding
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jA97GnM0NPd2DNxgJGuarsk487riv5QtDJAbNClhLNP4ZDlkwMJYOdar0pHCJQJH3BapXPIjw%2FcoEw57LA2%2B056IBGfwBMPGbcQZub7zghuIi72DyeqtWytbApgPDfLTG0e5bKehjfE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 940190668c5f1bfa-OSL
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=2711&min_rtt=2711&rtt_var=1355&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=434&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

doc.ssagovsecures.com/favicon.ico

188.114.97.1

404 Not Found

1.2 kB

URL GET
doc.ssagovsecures.com/favicon.ico
IP
188.114.97.1:80
ASN
#13335 CLOUDFLARENET

Requested by
http://doc.ssagovsecures.com/ssa-7005-sm-17102515.pdf.exe

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1249 bytes)
Hash
f58515dfe987f7e027c8a71bbc884621
bec6aebf5940ea88fbbff5748d539453d49fa284
679e7e62b81267c93d0778083ae0fd0efe24172ff0ac581835b54165b3d9ed43

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: doc.ssagovsecures.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://doc.ssagovsecures.com/ssa-7005-sm-17102515.pdf.exe
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Thu, 15 May 2025 09:21:15 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, no-cache, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
vary: Accept-Encoding
cf-cache-status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iGtogBSBnEr0b7JsC1rphq%2F2dVLr61XwNAo%2F4VDdxwngnql%2BMAjdXmISGN%2BwT%2BMR1tRJw8S0qdsop3qfzWHTTmfr2%2BdfMV%2Fc8%2FdH1lRIHsoNLTjTuMt2c2icaZeWpMNkRc7kYiXL6cw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 94019069a8491bfa-OSL
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=2033&min_rtt=619&rtt_var=1395&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2126&recv_bytes=829&delivery_rate=6268398&cwnd=252&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

doc.ssagovsecures.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/6fab0cec561d/main.js?

188.114.97.1

200 OK

8.4 kB

URL GET
doc.ssagovsecures.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/6fab0cec561d/main.js?
IP
188.114.97.1:80
ASN
#13335 CLOUDFLARENET

Requested by
http://doc.ssagovsecures.com/ssa-7005-sm-17102515.pdf.exe

File type
JavaScript source, ASCII text, with very long lines (8381), with no line terminators
Size
8.4 kB (8381 bytes)
Hash
a80a659cce7f59a78d209610d8b1627f
3f0698a5e87ede1388412d0796642c5721e390fd
9c14b3a2aa4a11b30895250dea08a4b57a1b6b2c7be35cd39465c43583478806

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/6fab0cec561d/main.js? HTTP/1.1
Host: doc.ssagovsecures.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 15 May 2025 09:21:15 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
x-content-type-options: nosniff
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zxnf1siwZJJEr47Vi%2FC5e5iUOhL1DGrjZFmV3Awje1p9HEjb%2F%2FLlBBgF%2BYleIfXw%2FskJh6Gt3LjMGprghlyiAtsJWNwrl5XQ042zPbyEmIp65OMNMl0RaXExcU9oxN9AupBwEsp4jhg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 94019069efdc56a2-OSL
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=837&min_rtt=560&rtt_var=408&sent=2&recv=5&lost=0&retrans=0&sent_bytes=966&recv_bytes=698&delivery_rate=2585714&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

doc.ssagovsecures.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

188.114.97.1

302 Found

8.4 kB

URL GET
doc.ssagovsecures.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
188.114.97.1:80
ASN
#13335 CLOUDFLARENET

Requested by
http://doc.ssagovsecures.com/ssa-7005-sm-17102515.pdf.exe

File type

Size
8.4 kB (8381 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: doc.ssagovsecures.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Thu, 15 May 2025 09:21:15 GMT
Content-Length: 0
Connection: keep-alive
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/6fab0cec561d/main.js?
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
access-control-allow-origin: *
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xl22YZoT9RnDy52JrwVqB0nZ98%2BiZu6RPNPAUETTJ5zZXaccApxAngwKjlOJj6gJdsRSyvgkHYK9n%2BqsCyc958WMKXKnnmtlDJeXoSLsKWje0zZWjftqiPYdbG9uFQYocXYqolO04UI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 94019069af8456a2-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=877&min_rtt=877&rtt_var=438&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=340&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

doc.ssagovsecures.com/cdn-cgi/challenge-platform/h/g/jsd/r/0.9377773836933541:1747300209:GXMnWj8Bu-Fslq53hTNJxf7dib3OyAJb4i87jpyUv7Q/940190668c5f1bfa

188.114.97.1

200 OK

0 B

URL POST
doc.ssagovsecures.com/cdn-cgi/challenge-platform/h/g/jsd/r/0.9377773836933541:1747300209:GXMnWj8Bu-Fslq53hTNJxf7dib3OyAJb4i87jpyUv7Q/940190668c5f1bfa
IP
188.114.97.1:80
ASN
#13335 CLOUDFLARENET

Requested by
http://doc.ssagovsecures.com/ssa-7005-sm-17102515.pdf.exe

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/jsd/r/0.9377773836933541:1747300209:GXMnWj8Bu-Fslq53hTNJxf7dib3OyAJb4i87jpyUv7Q/940190668c5f1bfa HTTP/1.1
Host: doc.ssagovsecures.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: text/plain;charset=UTF-8
Content-Length: 11539
Origin: http://doc.ssagovsecures.com
DNT: 1
Connection: keep-alive
Referer: http://doc.ssagovsecures.com/ssa-7005-sm-17102515.pdf.exe
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 15 May 2025 09:21:15 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 0
Connection: keep-alive
set-cookie: cf_clearance=10rIL2jEhc83yyhlDx_xp0QvubRseLnciORBaZ410So-1747300875-1.2.1.1-108e0qMgxNpQES_Ng6YFgzqDN.plv7QIyFsLWFr96qKSmJ9ZcLJs4bv0uaXE4Gf65t.itDDOexrAeS8LPBYTMtTzAZ4b6dqNEOmuxCPeU5X5H1fpyDg54T4x4D9xBS5QX.zJ7cjMoB5VJ6EQFWBbWf4SJuQo1cec5M7Bb7uDZQ1FcOl28ViEz2tPugOnNi1OWDeJdHeyaTXjAO3HD_DCOfj3dbWlykDZPtIUjGMPi5C6tGMiukoW4pGXZzrsbA3qgijKlZ8RRMOvdhR4V1UUr6IuuDKJ4Ehh_a7yYhIQjJ6XtTBxW3hdauT8bc5SZY.YJxk0cc1_CYhH.VQkwmQvbKss2FT1.6Q3EPvtYsxFyXY; HttpOnly; SameSite=Strict; Path=/; Domain=ssagovsecures.com; Expires=Fri, 15 May 2026 09:21:15 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FdEz3wq%2BJIb4vkcXt7v4YD8HuT%2FCXBXacOk8N7fGROqsWf4nYqATGndi%2BPncWP9rjqvr1oyBmJErkZC5S9xuPOs8Z8WK0aS1rAt1HdnxHN1Gx1J1nruKQrj402Z%2BXE3NLAlm1XHAiNI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 9401906ae91d56a2-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=909&min_rtt=560&rtt_var=365&sent=9&recv=16&lost=0&retrans=0&sent_bytes=5756&recv_bytes=12828&delivery_rate=5612403&cwnd=255&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (6)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers

URL POST

IP

ASN

Requested by

File type