Report - r20.rs6.net/tn.jsp?f=001DyiWYWxw55me5hKOpLoWPi2zPLufLvAVkUsxNuI1kxlGri6oJhvtLT2sS7xHZfY3Cr1DqIPaXnc6nE5f8fbx01TJVPTQdG5PvJ-bzaFb-WS_TfDKUrZRLdK0M17V4KAXbREOpl8kJu0=&c=&ch==&_

Report Overview

Visited public
2023-12-04 21:55:56
Tags
phishing microsoft outlook
URL
r20.rs6.net/tn.jsp?f=001DyiWYWxw55me5hKOpLoWPi2zPLufLvAVkUsxNuI1kxlGri6oJhvtLT2sS7xHZfY3Cr1DqIPaXnc6nE5f8fbx01TJVPTQdG5PvJ-bzaFb-WS_TfDKUrZRLdK0M17V4KAXbREOpl8kJu0=&c=&ch==&__=/asdf/a2JpZXRzY2hAbmF2dmlhLmNvbQ==
Finishing URL
b464.m0rx1.com/90z5/#kbietsch@navvia.com
IP / ASN
208.75.122.11
#40444 ASN-CC
Title
Loading
Phishing - Microsoft Outlook

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r20.rs6.net	6735	2001-12-21	2014-04-18 19:30:06	2023-12-04 10:32:28	676 B	370 B	208.75.122.11
ef7link.com	unknown	2023-02-08	2023-02-12 03:42:46	2023-12-04 20:29:46	512 B	318 B	162.241.85.202
b464.m0rx1.com	unknown	2023-11-30	2023-12-01 04:56:34	2023-12-04 20:29:57	4.5 kB	312 kB	188.114.97.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (15)

	URL	From	Size	First Seen	Last Seen
	cdn.socket.io/4.6.0/socket.io.min.js	ScriptElement	46 kB	2023-04-05	2025-05-08
Pretty URL cdn.socket.io/4.6.0/socket.io.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 03:09 Last Seen2025-05-08 11:00 Times Seen38492 Hash 80f5b8c6a9eeac15de93e5a112036a06 f7174635137d37581b11937fc90e9cb325077bce 0401de33701f1cad16ecf952899d23990b6437d0a5b7335524edf6bdfb932542 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=83074b813dd7b527	ScriptElement	172 kB	2023-12-04	2023-12-04
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=83074b813dd7b527 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-04 22:25 Last Seen2023-12-04 23:19 Times Seen6 Hash fd8d362529fdbd9f1762512174a16be3 a7190bcb86a1e73e7f19e1b738ddd976570744ab 81d696746faed2e9c20af34536d26625bb84e28cd6be386519ed46a94639cf5e Loading...

	challenges.cloudflare.com/turnstile/v0/api.js?render=explicit	ScriptElement	34 kB	2023-11-30	2023-12-14
Pretty URL challenges.cloudflare.com/turnstile/v0/api.js?render=explicit IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-30 14:29 Last Seen2023-12-14 14:42 Times Seen11689 Hash 8c90f391245a994ae95e644a587c8626 7bfc99336571d0ccfe38f9e1d18cb26b4adfc316 acbe221d9bb71e85d0a3b52a7a9d44ee4669ab664186b32d0c737a2be62681e7 Loading...

	b464.m0rx1.com/90z5/myscr948587.js	ScriptElement	28 kB	2023-12-04	2023-12-11
Pretty URL b464.m0rx1.com/90z5/myscr948587.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-04 20:30 Last Seen2023-12-11 20:07 Times Seen855 Hash 798732c053c5578616e807f16f769d4f cec3425b57280902e85f812358350362dad12799 a20b33ba5e7a21a1bd276fa6c94adda93e8b4e0daaf3770ef545a5f74295e334 Loading...

	unknown	ScriptElement	371 B	2023-12-04	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-04 20:30 Last Seen2024-08-20 16:47 Times Seen855 Hash 69590b0b552c3dbb6fce433756aa4458 f7d258e6ef3af0c9bc82260157df5d0c9f96da82 8db4fa723999d564782473afadecfbdacff770144daf9282f582f8fb89c68bf5 Loading...

	b464.m0rx1.com/web6/assets/js/pages-head-top-web.min.js?cb=1701726945330	ScriptElement	2.4 kB	2023-12-01	2024-08-20
Pretty URL b464.m0rx1.com/web6/assets/js/pages-head-top-web.min.js?cb=1701726945330 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 17:38 Last Seen2024-08-20 17:09 Times Seen750 Hash b2412dd0494426b4499d27b4b5bdf280 cc18e03fc8f4c7df94cede1b736a24ce508c20e9 e98a3763d9fefa891213b0eba0362855df141ca1833c2d3c0f3dcbb2f701a829 Loading...

	unknown	Function	26 B	2023-04-11	2025-05-09
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:13 Last Seen2025-05-09 02:58 Times Seen127359 Hash 1c862db5f2555377c2dc1e62ed7b3981 c29e6dc25c08a70995127ec13ded6f80d9a36174 27d373a6961f797edf69a80f7f24877ef85c2fc4f9f770b2540b1bf5e66823ac Loading...

	b464.m0rx1.com/web6/assets/js/pages-head-web.min.js?cb=1	ScriptElement	9.5 kB	2023-11-23	2024-08-20
Pretty URL b464.m0rx1.com/web6/assets/js/pages-head-web.min.js?cb=1 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-23 23:16 Last Seen2024-08-20 18:07 Times Seen3141 Hash e2663af643d013c14c8124da541ca2d0 6fdff694fa243006c25083b91ec51aa28f8568a7 31ae6827f3782d745a595d0b9c858aed76784fb6b8a050792bcd869c484363dd Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/xogzq/0x4AAAAAAAN6D7f9sgpQQzbS/auto/normal	ScriptElement	3.1 kB	2024-08-20	2024-08-20
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/xogzq/0x4AAAAAAAN6D7f9sgpQQzbS/auto/normal IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:46 Last Seen2024-08-20 16:46 Times Seen1 Hash 5a904c8d58a003a84b3f3c50b9468839 7e6f7360231ae81506bd93ed442134246439af1c bbb5f3d57feda2349be943b6a42b84e8ade96bb1f8cd97863f77cb5bafa5840e Loading...

	code.jquery.com/jquery-3.6.0.min.js	ScriptElement	90 kB	2023-03-07	2025-05-09
Pretty URL code.jquery.com/jquery-3.6.0.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 03:13 Times Seen205586 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

		Size	First Seen	Last Seen
	#1 Eval - 65f3202cf70f192a352862bf2e2f617a	1.1 kB	2024-08-20 16:46	2024-08-20 16:46
Pretty Observations First Seen2024-08-20 16:46 Last Seen2024-08-20 16:46 Times Seen3 Hash 65f3202cf70f192a352862bf2e2f617a 28782b1f932dc46183ae5f394eedcff47061f07c 77307a6f2e2d9f42583271610016e70d25f4e5e0eeea92d34dd218ba932ad3dd Loading...

	#2 Eval - 9e925e9341b490bfd3b4c4ca3b0c1ef2	4 B	2023-03-07 01:03	2025-05-09 03:18
Pretty Observations First Seen2023-03-07 01:03 Last Seen2025-05-09 03:18 Times Seen368676 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

		Size	First Seen	Last Seen
	#1 Write - 6c7af0a531fc7404ea48925fda186625	4.8 kB	2023-12-04 20:30	2024-08-20 16:47
Pretty Observations First Seen2023-12-04 20:30 Last Seen2024-08-20 16:47 Times Seen855 Hash 6c7af0a531fc7404ea48925fda186625 842e0fef08c69f38abe00ccb7f28c8665e00dc8a 3d1a5fcd8f92048be1119824ffde8cac7cebc6e45a91fdf87a1d7066e32fe5b4 Loading...

	#2 Write - 086707e4369f60afedcafb16050a7618	39 B	2023-03-07 01:03	2025-05-09 03:18
Pretty Observations First Seen2023-03-07 01:03 Last Seen2025-05-09 03:18 Times Seen57391 Hash 086707e4369f60afedcafb16050a7618 8216b0cc6876cbd44f01c158e7dff3833ceccd41 a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e Loading...

	#3 Write - d50fe447c67a515d4ba936505175a8fe	3.6 kB	2023-11-30 14:29	2024-08-20 17:20
Pretty Observations First Seen2023-11-30 14:29 Last Seen2024-08-20 17:20 Times Seen11653 Hash d50fe447c67a515d4ba936505175a8fe 78d20da444441fb45dcf61e09d9bcbc9f01502e2 7dcf7a54137031c03f28f6a33cb62b258023c5de06d504259d5ad39f16b1b85e Loading...

HTTP Transactions (11)

URL IP Response Size

r20.rs6.net/tn.jsp?f=001DyiWYWxw55me5hKOpLoWPi2zPLufLvAVkUsxNuI1kxlGri6oJhvtLT2sS7xHZfY3Cr1DqIPaXnc6nE5f8fbx01TJVPTQdG5PvJ-bzaFb-WS_TfDKUrZRLdK0M17V4KAXbREOpl8kJu0=&c=&ch==&__=/asdf/a2JpZXRzY2hAbmF2dmlhLmNvbQ==

208.75.122.11

0 B

URL
r20.rs6.net/tn.jsp?f=001DyiWYWxw55me5hKOpLoWPi2zPLufLvAVkUsxNuI1kxlGri6oJhvtLT2sS7xHZfY3Cr1DqIPaXnc6nE5f8fbx01TJVPTQdG5PvJ-bzaFb-WS_TfDKUrZRLdK0M17V4KAXbREOpl8kJu0=&c=&ch==&__=/asdf/a2JpZXRzY2hAbmF2dmlhLmNvbQ==
IP
208.75.122.11:0
ASN
#40444 ASN-CC

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /tn.jsp?f=001DyiWYWxw55me5hKOpLoWPi2zPLufLvAVkUsxNuI1kxlGri6oJhvtLT2sS7xHZfY3Cr1DqIPaXnc6nE5f8fbx01TJVPTQdG5PvJ-bzaFb-WS_TfDKUrZRLdK0M17V4KAXbREOpl8kJu0=&c=&ch==&__=/asdf/a2JpZXRzY2hAbmF2dmlhLmNvbQ== HTTP/1.1
Host: r20.rs6.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Mon, 04 Dec 2023 21:55:38 GMT
Server: Apache
P3P: CP="CAO DSP TAIa OUR NOR UNI"
Location: https://ef7link.com//asdf/a2JpZXRzY2hAbmF2dmlhLmNvbQ==
Content-Length: 0
Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate, no-cache="Set-Cookie"
Pragma: no-cache
Connection: close
Content-Type: text/html;charset=ISO-8859-1

ef7link.com//asdf/a2JpZXRzY2hAbmF2dmlhLmNvbQ==

162.241.85.202

122 B

URL
ef7link.com//asdf/a2JpZXRzY2hAbmF2dmlhLmNvbQ==
IP
162.241.85.202:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document, ASCII text
Size
122 B (122 bytes)
Hash
7f5457a88c84ca39cdfcf8290c98a720
2ce80ded8c2f3e45ddd29e32e035399a9ae51707
63374e3c74f4bd6b064bccb476ce1ac443e0148ca69811aa85182e437a8811dc

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET //asdf/a2JpZXRzY2hAbmF2dmlhLmNvbQ== HTTP/1.1
Host: ef7link.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-length: 122
content-type: text/html; charset=UTF-8
date: Mon, 04 Dec 2023 21:55:38 GMT
server: Apache
X-Firefox-Spdy: h2

b464.m0rx1.com/90z5/myscr948587.js

188.114.97.1

38 kB

URL
b464.m0rx1.com/90z5/myscr948587.js
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
38 kB (38542 bytes)
Hash
798732c053c5578616e807f16f769d4f
cec3425b57280902e85f812358350362dad12799
a20b33ba5e7a21a1bd276fa6c94adda93e8b4e0daaf3770ef545a5f74295e334

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /90z5/myscr948587.js HTTP/1.1
Host: b464.m0rx1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b464.m0rx1.com/90z5/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 21:55:39 GMT
content-type: application/javascript
last-modified: Thu, 30 Nov 2023 14:44:12 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 1499
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4FqgOy8OFpeH%2BV%2FUDqnMM2Xc1hLnYy9cpvKv3WXvnwxxdUl5zTGTlvM3COKxDlUpE4psdDHo9t4HETcridrRlYEN2gJgePByCNaC%2BzOOO3%2FCaweoQs8ptuYHodCeAjyQjg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 83074b7bbce31c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

b464.m0rx1.com/web6/assets/css/pages-okta.css?cb=1

188.114.97.1

0 B

URL
b464.m0rx1.com/web6/assets/css/pages-okta.css?cb=1
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /web6/assets/css/pages-okta.css?cb=1 HTTP/1.1
Host: b464.m0rx1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b464.m0rx1.com/90z5/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 21:55:40 GMT
content-type: text/css
content-length: 0
last-modified: Wed, 08 Nov 2023 20:47:39 GMT
etag: "0-609aa32aa0b88"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cache-control: max-age=14400
age: 8742
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CJdvv00nXQnxXsxU7yzogZKuZVStH64WnylBE9vtXNgQS1RDe4br1leD4%2FRb%2FfBFWZumtuVdor69f8TazMPKCRUO1Z57ZLmqWVVo91KFci1oE6deHBQDhNkRtp23"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
accept-ranges: bytes
server: cloudflare
cf-ray: 83074b7fff9e1c16-OSL

b464.m0rx1.com/web6/assets/fonts/GDSherpa-bold.woff2

188.114.97.1

28 kB

URL
b464.m0rx1.com/web6/assets/fonts/GDSherpa-bold.woff2
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 28000, version 1.66\012- data
Size
28 kB (28000 bytes)
Hash
a4bca6c95fed0d0c5cc46cf07710dcec
73b56e33b82b42921db8702a33efd0f2b2ec9794
5a51d246af54d903f67f07f2bd820ce77736f8d08c5f1602db07469d96dbf77f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /web6/assets/fonts/GDSherpa-bold.woff2 HTTP/1.1
Host: b464.m0rx1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://b464.m0rx1.com/90z5/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 21:55:40 GMT
content-type: font/woff2
content-length: 28000
last-modified: Thu, 24 Aug 2023 14:00:16 GMT
etag: "6d60-603aba5c97c00"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cache-control: max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k8PBcwymtv5V%2FRc%2BL5HviiB1Cqo19vbvJ0w7NFvgaIOjcIQehGyfw46FOEEc%2Bld1X0PXFP%2FnIdYNOh1r1xWesScKGC03sJ%2Fm7dbwYt5WOK3Bt%2F1iNilmNmBTdcCZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 8741
accept-ranges: bytes
server: cloudflare
cf-ray: 83074b801fb51c16-OSL

b464.m0rx1.com/web6/assets/fonts/GDSherpa-bold.woff

188.114.97.1

36 kB

URL
b464.m0rx1.com/web6/assets/fonts/GDSherpa-bold.woff
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format, TrueType, length 35970, version 1.0\012- data
Size
36 kB (35970 bytes)
Hash
496b7bbde91c7dc7cf9bbabbb3921da8
2bd3c406a715ab52dad84c803c55bf4a6e66a924
ae40a04f95df12b0c364f26ab691dc0c391d394a28bcdb4aeacfaca325d0a798

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /web6/assets/fonts/GDSherpa-bold.woff HTTP/1.1
Host: b464.m0rx1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://b464.m0rx1.com/90z5/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 21:55:40 GMT
content-type: font/woff
content-length: 35970
last-modified: Thu, 24 Aug 2023 14:00:22 GMT
etag: "8c82-603aba6250980"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cache-control: max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Dt1ygWJghmlTKos0R0f8QpBbU8jvTJDPfqc8LZok5UoTo3qOQF%2F3Bbomb90GTAMCsKHKUylblLplgyDYZxaliCSU3a%2Fg12M6OKgOMxkAPqyCN59QSknK9xVpLk37"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 8741
accept-ranges: bytes
server: cloudflare
cf-ray: 83074b802fb81c16-OSL

b464.m0rx1.com/web6/assets/fonts/GDSherpa-regular.woff2

188.114.97.1

200 OK

29 kB

URL GET HTTP/3
b464.m0rx1.com/web6/assets/fonts/GDSherpa-regular.woff2
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://b464.m0rx1.com/90z5/#kbietsch@navvia.com
Certificate
IssuerGoogle Trust Services LLC
Subjectm0rx1.com
Fingerprint18:E1:31:63:0D:C5:8C:BD:0F:2C:19:B8:F8:76:E4:2A:C4:A3:8A:1F
ValidityThu, 30 Nov 2023 13:22:35 GMT - Wed, 28 Feb 2024 13:22:34 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28584, version 1.66\012- data
Size
29 kB (28584 bytes)
Hash
17081510f3a6f2f619ec8c6f244523c7
87f34b2a1532c50f2a424c345d03fe028db35635
2c7292014e2ef00374aeb63691d9f23159a010455784ee0b274ba7db2bcca956

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /web6/assets/fonts/GDSherpa-regular.woff2 HTTP/1.1
Host: b464.m0rx1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://b464.m0rx1.com/90z5/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 21:55:40 GMT
content-type: font/woff2
content-length: 28584
last-modified: Thu, 24 Aug 2023 14:00:24 GMT
etag: "6fa8-603aba6438e00"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cache-control: max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FsTWIGTeHkTC3Oj2HaX2zHsRakGVCd8t4sJWTw%2Fq0N4923snlYqJrRoC9j6AqrqRvh8zZK5sXljEo6ycAxdpCzduzlqIypEBszUaJGPGeWMKnn4H27CxL5IiR%2Fvx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 8741
accept-ranges: bytes
server: cloudflare
cf-ray: 83074b802fbc1c16-OSL

b464.m0rx1.com/web6/assets/fonts/GDSherpa-regular.woff

188.114.97.1

37 kB

URL
b464.m0rx1.com/web6/assets/fonts/GDSherpa-regular.woff
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format, TrueType, length 36696, version 1.0\012- data
Size
37 kB (36696 bytes)
Hash
a69e9ab8afdd7486ec0749c551051ff2
c34e6aa327b536fb48d1fe03577a47c7ee2231b8
fd78a1913db912221b8ead1e62fad47d1ff0a9fa6cd88d3b128a721ad91d2faf

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /web6/assets/fonts/GDSherpa-regular.woff HTTP/1.1
Host: b464.m0rx1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://b464.m0rx1.com/90z5/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 21:55:40 GMT
content-type: font/woff
content-length: 36696
last-modified: Thu, 24 Aug 2023 14:00:28 GMT
etag: "8f58-603aba6809700"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cache-control: max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bz2iQv854FhJmW%2FowEJZNSGUpUDkceuOgvkiIeuOcRUbgA%2BbkRPpZh8dOnRJZyln8Dm0oMLTYcQl2z%2FnF6ZZ2KFk3eSij%2Bc1ZC0QFqiZ59w8F%2BcrjeliWiLxrxVY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 8741
accept-ranges: bytes
server: cloudflare
cf-ray: 83074b802fbf1c16-OSL

b464.m0rx1.com/web6/assets/fonts/GDSherpa-vf.woff2

188.114.97.1

44 kB

URL
b464.m0rx1.com/web6/assets/fonts/GDSherpa-vf.woff2
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 43596, version 1.0\012- data
Size
44 kB (43596 bytes)
Hash
2a05e9e5572abc320b2b7ea38a70dcc1
d5fa2a856d5632c2469e42436159375117ef3c35
3efcb941aaddaf4aea08dab3fb97d3e904aa1b83264e64b4d5bda53bc7c798ec

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /web6/assets/fonts/GDSherpa-vf.woff2 HTTP/1.1
Host: b464.m0rx1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://b464.m0rx1.com/90z5/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 21:55:40 GMT
content-type: font/woff2
content-length: 43596
last-modified: Thu, 24 Aug 2023 14:00:36 GMT
etag: "aa4c-603aba6faa900"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cache-control: max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cy3OWkZ%2FXPBvE1BQl9FcoMU%2BkFuMjIoiBAkXZ0J5I3GpXbQziRpxGnApWTh3Gp2EdkorjD5Rr2iUesiIlD6iXyQqw16URUmLOQcHZLZgjpGx4tYWGMGEFpviwbUK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 8741
accept-ranges: bytes
server: cloudflare
cf-ray: 83074b802fc21c16-OSL

b464.m0rx1.com/web6/assets/fonts/GDSherpa-vf2.woff2

188.114.97.1

93 kB

URL
b464.m0rx1.com/web6/assets/fonts/GDSherpa-vf2.woff2
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 93276, version 1.0\012- data
Size
93 kB (93276 bytes)
Hash
bcd7983ea5aa57c55f6758b4977983cb
ef3a009e205229e07fb0ec8569e669b11c378ef1
6528a0bf9a836a53dfd8536e1786ba6831c9d1faa74967126fddf5b2081b858c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /web6/assets/fonts/GDSherpa-vf2.woff2 HTTP/1.1
Host: b464.m0rx1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://b464.m0rx1.com/90z5/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 21:55:40 GMT
content-type: font/woff2
content-length: 93276
last-modified: Thu, 24 Aug 2023 14:00:32 GMT
etag: "16c5c-603aba6bda000"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cache-control: max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wHfS%2BA1k88wZhFI%2BPxT6N1fJxq0AHkyneAnBCKxjom6w7kHODzUuPBljrP%2BdBrtzLTqYPT8FoeyuP5kiNqpsE45ELtSBAidcNrPcIsBqZJNgN%2FmxcT03w3nIfzKh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 8741
accept-ranges: bytes
server: cloudflare
cf-ray: 83074b802fc41c16-OSL

b464.m0rx1.com/90z5/

188.114.97.1

200 OK

103 B

URL User Request GET HTTP/2
b464.m0rx1.com/90z5/
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectm0rx1.com
Fingerprint18:E1:31:63:0D:C5:8C:BD:0F:2C:19:B8:F8:76:E4:2A:C4:A3:8A:1F
ValidityThu, 30 Nov 2023 13:22:35 GMT - Wed, 28 Feb 2024 13:22:34 GMT

File type
HTML document text\012- HTML document, ASCII text, with no line terminators
Size
103 B (103 bytes)
Hash
339fe908b782d533a2dfcaf5ef04a529
1e791f0e3e0c1d1a04cbaddd817080dce64ba620
3370a1fe014eda4355e78696a1f9eec823fb9f12b485aab01397411a97ad05d8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /90z5/ HTTP/1.1
Host: b464.m0rx1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ef7link.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 21:55:39 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1oxynKI0VhD1N0pvK0KP3avvxK0tEEC%2F5GARxk8VfTjqoq5GB7IZ%2B0ToTEkbGCuLOotKXoiyY5BIfKvAcyD6MZ0FcmqS4opg8bBEoWhPwoMKOuTr2qaBJ0qAGFgXvhsXvw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83074b7948d756a8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (15)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations