Report - rptec.com.br/manual_CS/wp/BAURUMBDZW/YnJpYW4uYmFydGxldHRAbXBzYWcuY29t

Report Overview

Visitedpublic

2024-05-03 01:37:31

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20 07:02:03	2024-05-02 09:06:49	954 B	22 kB	104.17.2.184
mifiesta.us	unknown	2015-04-06	2019-06-04 16:34:24	2022-10-01 22:41:39	456 B	724 B	108.179.232.63
rptec.com.br	unknown	2011-06-28	2015-09-09 03:39:18	2022-07-27 22:37:32	523 B	251 B	108.179.252.137
pub-08603b9b6a16412eb22e35e4ea7ab32f.r2.dev	unknown	unknown	No data	No data	1.5 kB	29 kB	104.18.3.35

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-30	medium	rptec.com.br/manual_CS/wp/BAURUMBDZW/YnJpYW4uYmFydGxldHRAbXBzYWcuY29t	Generic/Spear Phishing

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback	ScriptElement	43 kB	2024-04-25	2024-08-20
URL challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback IP / ASN 104.17.2.184 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2024-04-25 Last Seen 2024-08-20 Times Seen 1222 Size 43 kB (42566 bytes) MD5 65b0a652c40c95d12c4ddb3b4567c1ea SHA1 c654efa19d01d6553ed4e0f500d350011e023ad1 SHA256 c6b5cd0b65ebbb519dd845ba2979b40e58b056ca2c90f67a8bfea871d39615a7 Format Code Loading...

HTTP Transactions (7)

URL IP Response Size

rptec.com.br/manual_CS/wp/BAURUMBDZW/YnJpYW4uYmFydGxldHRAbXBzYWcuY29t

108.179.252.137

0 B

URL HTTP

rptec.com.br/manual_CS/wp/BAURUMBDZW/YnJpYW4uYmFydGxldHRAbXBzYWcuY29t

IP / ASN

108.179.252.137

#19871 NETWORK-SOLUTIONS-HOSTING

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-08

Times Seen5721022

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /manual_CS/wp/BAURUMBDZW/YnJpYW4uYmFydGxldHRAbXBzYWcuY29t HTTP/1.1
Host: rptec.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
refresh: 0;url=https://pub-08603b9b6a16412eb22e35e4ea7ab32f.r2.dev/Xerox.html#brian.bartlett@mpsag.com
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 03 May 2024 01:37:06 GMT
server: Apache
X-Firefox-Spdy: h2

pub-08603b9b6a16412eb22e35e4ea7ab32f.r2.dev/Xerox.html

104.18.3.35

648 B

URL HTTPS

pub-08603b9b6a16412eb22e35e4ea7ab32f.r2.dev/Xerox.html

IP / ASN

104.18.3.35

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (648), with no line terminators

First Seen2024-04-29

Last Seen2024-08-20

Times Seen29

Size648 B (648 bytes)

MD501dff3bcbb08ca696ac2a85cb0fd1dd7

SHA19618655d9a778230a25a4c34dd7ba482693432ab

SHA2560f7e144d21898c8b37263d90dda6de47a0d715dd1b4ef8191df43004987544f0

HTTP Headers

GET /Xerox.html HTTP/1.1
Host: pub-08603b9b6a16412eb22e35e4ea7ab32f.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 03 May 2024 01:37:07 GMT
Content-Type: text/html
Content-Length: 648
Connection: keep-alive
Accept-Ranges: bytes
ETag: "01dff3bcbb08ca696ac2a85cb0fd1dd7"
Last-Modified: Mon, 29 Apr 2024 12:31:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87dc8624399656b5-OSL

GET challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback

104.17.2.184

302 Found

0 B

URL GET HTTPS

challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback

IP / ASN

104.17.2.184

#13335 CLOUDFLARENET

Requested byhttps://pub-08603b9b6a16412eb22e35e4ea7ab32f.r2.dev/Xerox.html#brian.bartlett@mpsag.com

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-08

Times Seen5721022

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerCloudflare, Inc.

Subjectchallenges.cloudflare.com

Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E

ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

HTTP Headers

GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-08603b9b6a16412eb22e35e4ea7ab32f.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 03 May 2024 01:37:07 GMT
content-length: 0
cache-control: max-age=300, public
location: /turnstile/v0/g/d0ff3ebede6b/api.js
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
vary: Accept-Encoding
server: cloudflare
cf-ray: 87dc86262eeab4f3-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET mifiesta.us/wp/host/admin/js/sc.php?r=ZW0sZW1haWwsYWRk

108.179.232.63

404 Not Found

462 B

URL GET HTTPS

mifiesta.us/wp/host/admin/js/sc.php?r=ZW0sZW1haWwsYWRk

IP / ASN

108.179.232.63

#19871 NETWORK-SOLUTIONS-HOSTING

Requested byhttps://pub-08603b9b6a16412eb22e35e4ea7ab32f.r2.dev/Xerox.html#brian.bartlett@mpsag.com

Resource Info

File typeHTML document, ASCII text

First Seen2023-03-08

Last Seen2025-08-08

Times Seen9631

Size462 B (462 bytes)

MD5dbf8ec3db1d4b93b848197591827939c

SHA12e12f671d6101f52060133c32f8d359af756f9b2

SHA25663c52aa99ca361b59a27e7f51fe5fadffef99e671f8b4f9560fab204219e0666

Certificate Info

IssuerLet's Encrypt

Subject*.us.unnegociolocal.com

FingerprintCA:1F:A6:06:DB:09:38:34:80:E5:B4:7B:A9:07:02:87:D2:D3:8B:D4

ValidityThu, 04 Apr 2024 19:29:40 GMT - Wed, 03 Jul 2024 19:29:39 GMT

HTTP Headers

GET /wp/host/admin/js/sc.php?r=ZW0sZW1haWwsYWRk HTTP/1.1
Host: mifiesta.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-08603b9b6a16412eb22e35e4ea7ab32f.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Fri, 03 May 2024 01:37:07 GMT
server: nginx/1.23.4
content-type: text/html
content-length: 462
last-modified: Sun, 19 Jun 2022 19:43:03 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

GET pub-08603b9b6a16412eb22e35e4ea7ab32f.r2.dev/favicon.ico

104.18.3.35

404 Not Found

27 kB

URL GET HTTPS

pub-08603b9b6a16412eb22e35e4ea7ab32f.r2.dev/favicon.ico

IP / ASN

104.18.3.35

#13335 CLOUDFLARENET

Requested byhttps://pub-08603b9b6a16412eb22e35e4ea7ab32f.r2.dev/Xerox.html#brian.bartlett@mpsag.com

Resource Info

File typeHTML document, ASCII text, with very long lines (611)

First Seen2023-04-05

Last Seen2024-09-19

Times Seen52646

Size27 kB (27242 bytes)

MD5df3d48946e8d3f5a83608308edbb4b86

SHA147b9c40c97abf2658df96b1c06109324e15e1a00

SHA256570a6631252b8a52df4de0e953ae77dbdf524dfc3637cda2840494a0d2b49499

Certificate Info

IssuerLet's Encrypt

Subject*.r2.dev

Fingerprint48:74:F0:98:E0:A1:57:3E:86:18:BF:B3:DC:C9:7A:5B:53:50:FE:E0

ValidityFri, 05 Apr 2024 15:25:24 GMT - Thu, 04 Jul 2024 15:25:23 GMT

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: pub-08603b9b6a16412eb22e35e4ea7ab32f.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-08603b9b6a16412eb22e35e4ea7ab32f.r2.dev/Xerox.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Fri, 03 May 2024 01:37:08 GMT
Content-Type: text/html
Content-Length: 27242
Connection: keep-alive
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87dc86290b0856b5-OSL

GET challenges.cloudflare.com/turnstile/v0/g/d0ff3ebede6b/api.js

104.17.2.184

200 OK

22 kB

URL GET HTTPS

challenges.cloudflare.com/turnstile/v0/g/d0ff3ebede6b/api.js

IP / ASN

104.17.2.184

#13335 CLOUDFLARENET

Requested byhttps://pub-08603b9b6a16412eb22e35e4ea7ab32f.r2.dev/Xerox.html#brian.bartlett@mpsag.com

Resource Info

File typeJavaScript source, ASCII text, with very long lines (42565)

First Seen2024-04-25

Last Seen2024-08-20

Times Seen1222

Size22 kB (21808 bytes)

MD565b0a652c40c95d12c4ddb3b4567c1ea

SHA1c654efa19d01d6553ed4e0f500d350011e023ad1

SHA256c6b5cd0b65ebbb519dd845ba2979b40e58b056ca2c90f67a8bfea871d39615a7

Certificate Info

IssuerCloudflare, Inc.

Subjectchallenges.cloudflare.com

Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E

ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

HTTP Headers

GET /turnstile/v0/g/d0ff3ebede6b/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pub-08603b9b6a16412eb22e35e4ea7ab32f.r2.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 03 May 2024 01:37:07 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 87dc86264ef4b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET pub-08603b9b6a16412eb22e35e4ea7ab32f.r2.dev/Xerox.html

104.18.3.35

200 OK

648 B

URL User Request GET HTTPS

pub-08603b9b6a16412eb22e35e4ea7ab32f.r2.dev/Xerox.html

IP / ASN

104.18.3.35

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (685), with no line terminators

First Seen2024-04-29

Last Seen2024-08-20

Times Seen29

Size648 B (648 bytes)

MD50054fada605624454fac7c79c6342c5a

SHA1ff3a5ddacef05f49134deebde5289c05a4f2d225

SHA2561c9cd2612d7d79a3309a778f86d2b6668c4f713823e75258dc9b93188dd4a57d

Certificate Info

IssuerLet's Encrypt

Subject*.r2.dev

Fingerprint48:74:F0:98:E0:A1:57:3E:86:18:BF:B3:DC:C9:7A:5B:53:50:FE:E0

ValidityFri, 05 Apr 2024 15:25:24 GMT - Thu, 04 Jul 2024 15:25:23 GMT

HTTP Headers

GET /Xerox.html HTTP/1.1
Host: pub-08603b9b6a16412eb22e35e4ea7ab32f.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 03 May 2024 01:37:07 GMT
Content-Type: text/html
Content-Length: 648
Connection: keep-alive
Accept-Ranges: bytes
ETag: "01dff3bcbb08ca696ac2a85cb0fd1dd7"
Last-Modified: Mon, 29 Apr 2024 12:31:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87dc8624399656b5-OSL