Report - caliberamp.dmplocal.com/main/?action=t&contact_uuid=964a4c86-5d47-4c92-a304-29ab23d66472&dest=//paragonpetro.com/cfp/admin/ZSBQX/QmlsbC5EZU5ldEB0ZXNzaWVyc2luYy5jb20=&id=2956610&tag=Unsubscribe+here//paragonpetro.com/cfp/admin/ZSBQX/QmlsbC5EZU5ldEB0ZXNzaWVyc2luYy5jb20=//paragonpetro.com/cfp/admin/ZSBQX/QmlsbC5EZU5ldEB0ZXNzaWVyc2luYy5jb20=//paragonpetro.com/cfp/admin/ZSBQX/QmlsbC5EZU5ldEB0ZXNzaWVyc2luYy5jb20=//paragonpetro.com/cfp/admin/ZSBQX/QmlsbC5EZU5ldEB0ZXNzaWVyc2luYy5jb20=//paragonpetro.com/cfp/admin/ZSBQX/QmlsbC5EZU5ldEB0ZXNzaWVyc2luYy5jb20=//paragonpetro.com/cfp/admin/ZSBQX/QmlsbC5EZU5ldEB0ZXNzaWVyc2luYy5jb20=//paragonpetro.com/cfp/admin/ZSBQX/QmlsbC5EZU5ldEB0ZXNzaWVyc2luYy5jb20=//paragonpetro.com/cfp/admin/ZSBQX/QmlsbC5EZU5ldEB0ZXNzaWVyc2luYy5jb20=//paragonpetro.com/cfp/admin/ZSBQX/QmlsbC5EZU5ldEB0ZXNzaWVyc2luYy5jb20=//paragonpetro.com/cfp/admin/ZSBQX/QmlsbC5EZU5ldEB0ZXNzaWVyc2luYy5jb20=//paragonpetro.com/cfp/admin/ZSBQX/QmlsbC5EZU5ldEB0ZXNzaWVyc2luYy5jb20=

Report Overview

Visitedpublic

2023-09-20 14:56:32

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.godaddy.com	698	1999-03-02	2012-05-20 21:28:57	2023-09-19 18:13:09	330 B	2.6 kB	192.124.249.23
caliberamp.dmplocal.com	328265	2011-02-25	2018-04-12 18:17:09	2023-09-19 22:49:09	1.4 kB	950 B	216.205.154.87
paragonpetro.com	unknown	2010-10-21	2015-03-02 23:04:04	2023-09-17 03:52:46	525 B	254 B	192.185.94.78
pub-498aac84b32140ffb0ec4ddffefe0f09.r2.dev	unknown	2022-08-23	2023-05-02 17:01:02	2023-09-17 03:52:46	1.0 kB	34 kB	104.18.3.35
www.cloudflare.com	6775	2009-02-17	2012-05-22 15:19:15	2023-09-19 18:25:04	457 B	1.2 kB	0.0.0.0

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (6)

URL IP Response Size

ocsp.godaddy.com/

192.124.249.23

2.1 kB

URL HTTP

ocsp.godaddy.com/

IP / ASN

192.124.249.23

#30148 SUCURI-SEC

Requested byN/A

Resource Info

File typedata

First Seen2023-09-20

Last Seen2023-09-21

Times Seen36

Size2.1 kB (2108 bytes)

MD5379d4941174ddf7c4470f9c4ecf96557

SHA17c0ed30b3b1317b4376d2da0df5c9ee7ab321344

SHA256617a4c089209dbb9e86070d4925a0c9bd2c60fd71ad256a280f5230be8d1e3c1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Wed, 20 Sep 2023 14:56:15 GMT
Content-Type: application/ocsp-response
Content-Length: 2108
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 20 Sep 2023 13:35:08 GMT
Expires: Thu, 21 Sep 2023 13:35:08 GMT
ETag: "7c0ed30b3b1317b4376d2da0df5c9ee7ab321344"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

216.205.154.87

0 B

URL HTTP

IP / ASN

216.205.154.87

#7381 SRS-6-Z-7381

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-07

Times Seen5706970

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /main/?action=t&contact_uuid=964a4c86-5d47-4c92-a304-29ab23d66472&dest=//paragonpetro.com/cfp/admin/ZSBQX/QmlsbC5EZU5ldEB0ZXNzaWVyc2luYy5jb20=&id=2956610&tag=Unsubscribe+here//paragonpetro.com/cfp/admin/ZSBQX/QmlsbC5EZU5ldEB0ZXNzaWVyc2luYy5jb20=//paragonpetro.com/cfp/admin/ZSBQX/QmlsbC5EZU5ldEB0ZXNzaWVyc2luYy5jb20=//paragonpetro.com/cfp/admin/ZSBQX/QmlsbC5EZU5ldEB0ZXNzaWVyc2luYy5jb20=//paragonpetro.com/cfp/admin/ZSBQX/QmlsbC5EZU5ldEB0ZXNzaWVyc2luYy5jb20=//paragonpetro.com/cfp/admin/ZSBQX/QmlsbC5EZU5ldEB0ZXNzaWVyc2luYy5jb20=//paragonpetro.com/cfp/admin/ZSBQX/QmlsbC5EZU5ldEB0ZXNzaWVyc2luYy5jb20=//paragonpetro.com/cfp/admin/ZSBQX/QmlsbC5EZU5ldEB0ZXNzaWVyc2luYy5jb20=//paragonpetro.com/cfp/admin/ZSBQX/QmlsbC5EZU5ldEB0ZXNzaWVyc2luYy5jb20=//paragonpetro.com/cfp/admin/ZSBQX/QmlsbC5EZU5ldEB0ZXNzaWVyc2luYy5jb20=//paragonpetro.com/cfp/admin/ZSBQX/QmlsbC5EZU5ldEB0ZXNzaWVyc2luYy5jb20=//paragonpetro.com/cfp/admin/ZSBQX/QmlsbC5EZU5ldEB0ZXNzaWVyc2luYy5jb20= HTTP/1.1
Host: caliberamp.dmplocal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Wed, 20 Sep 2023 14:56:19 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
X-UA-Compatible: chrome=1
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
X-XSS-Protection: 0
Set-Cookie: SESSION_NAME=CALIBERAMP_SESSION_SECURE; expires=Thu, 21-Sep-2023 00:56:19 GMT; Max-Age=36000; path=/; domain=caliberamp.dmplocal.com; secure; httponly
CALIBERAMP_SESSION_SECURE=02nc9nf029rfco3jumukcjdps3; expires=Thu, 21-Sep-2023 00:56:19 GMT; Max-Age=36000; path=/; domain=caliberamp.dmplocal.com; secure; HttpOnly
_sst=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: //paragonpetro.com/cfp/admin/ZSBQX/QmlsbC5EZU5ldEB0ZXNzaWVyc2luYy5jb20=
Content-Length: 0
Keep-Alive: timeout=2, max=1000
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

paragonpetro.com/cfp/admin/ZSBQX/QmlsbC5EZU5ldEB0ZXNzaWVyc2luYy5jb20=

192.185.94.78

0 B

URL HTTP

paragonpetro.com/cfp/admin/ZSBQX/QmlsbC5EZU5ldEB0ZXNzaWVyc2luYy5jb20=

IP / ASN

192.185.94.78

#46606 UNIFIEDLAYER-AS-1

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-07

Times Seen5706970

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /cfp/admin/ZSBQX/QmlsbC5EZU5ldEB0ZXNzaWVyc2luYy5jb20= HTTP/1.1
Host: paragonpetro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
refresh: 0;url=https://pub-498aac84b32140ffb0ec4ddffefe0f09.r2.dev/link-4.html#Bill.DeNet@tessiersinc.com
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 20 Sep 2023 14:56:16 GMT
server: Apache
X-Firefox-Spdy: h2

pub-498aac84b32140ffb0ec4ddffefe0f09.r2.dev/link-4.html

104.18.3.35

6.5 kB

URL HTTPS

pub-498aac84b32140ffb0ec4ddffefe0f09.r2.dev/link-4.html

IP / ASN

104.18.3.35

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeHTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (611)

First Seen2023-04-05

Last Seen2024-09-19

Times Seen52646

Size6.5 kB (6481 bytes)

MD5df3d48946e8d3f5a83608308edbb4b86

SHA147b9c40c97abf2658df96b1c06109324e15e1a00

SHA256570a6631252b8a52df4de0e953ae77dbdf524dfc3637cda2840494a0d2b49499

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /link-4.html HTTP/1.1
Host: pub-498aac84b32140ffb0ec4ddffefe0f09.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Wed, 20 Sep 2023 14:56:17 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 809aea0a6b3e1c0e-OSL
Content-Encoding: gzip

GET pub-498aac84b32140ffb0ec4ddffefe0f09.r2.dev/link-4.html

104.18.3.35

404 Not Found

27 kB

URL User Request GET HTTPS

pub-498aac84b32140ffb0ec4ddffefe0f09.r2.dev/link-4.html

IP / ASN

104.18.3.35

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

First Seen2023-04-05

Last Seen2024-09-19

Times Seen52646

Size27 kB (27242 bytes)

MD5df3d48946e8d3f5a83608308edbb4b86

SHA147b9c40c97abf2658df96b1c06109324e15e1a00

SHA256570a6631252b8a52df4de0e953ae77dbdf524dfc3637cda2840494a0d2b49499

Certificate Info

IssuerLet's Encrypt

Subject*.r2.dev

FingerprintE8:0C:C2:4D:15:01:60:A8:F1:76:79:D2:4D:CB:27:19:C0:CF:60:B2

ValiditySun, 13 Aug 2023 17:25:54 GMT - Sat, 11 Nov 2023 17:25:53 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /link-4.html HTTP/1.1
Host: pub-498aac84b32140ffb0ec4ddffefe0f09.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Wed, 20 Sep 2023 14:56:17 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 809aea0a6b3e1c0e-OSL
Content-Encoding: gzip

GET www.cloudflare.com/favicon.ico

0.0.0.0

0 B

URL GET HTTPS

www.cloudflare.com/favicon.ico

IP / ASN

0.0.0.0

Requested byhttps://pub-498aac84b32140ffb0ec4ddffefe0f09.r2.dev/link-4.html#Bill.DeNet@tessiersinc.com

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-07

Times Seen5706970

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services LLC

Subjectwww.cloudflare.com

Fingerprint36:82:EC:26:5E:BD:E3:19:CE:6E:68:49:87:7A:4D:84:80:55:3F:9B

ValidityTue, 19 Sep 2023 14:51:10 GMT - Mon, 18 Dec 2023 14:51:09 GMT

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-498aac84b32140ffb0ec4ddffefe0f09.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 20 Sep 2023 14:56:17 GMT
content-type: image/vnd.microsoft.icon
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"ffb25f3edc5c56acfdf7e7cdffcb217c"
strict-transport-security: max-age=31536000
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q1i8GGRHZqT0QE6mwajnG8EKXEgJYt1ueINUobgkZ73Oyej%2B4RRUhdsIrYfzOYbRQwSEucZpg5Kx6Xyq849eXSHhQG7QwLJSuv327YfVo2s1nO%2B91XdPzG1d6qDKfTPyUeRm6Fw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
set-cookie: __cf_bm=f8_wexYDTlcWjlUXrFt.1AEsmYabUPejiAeUXiEV0Q8-1695221777-0-AWtL4l6TMTaGjdafGgHaQqvKAWaddZ6TM4arW9fM7CV3R7lHbeX6zczCtS5od+u5do9zZJlbnX+p916GacpybLNLrp7VHBPCE39arWIMXoyA; path=/; expires=Wed, 20-Sep-23 15:26:17 GMT; domain=.www.cloudflare.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 809aea0d1eaa56ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2