| pub-d172ccfab50c4eb3b25bcfe4c60bd498.r2.dev/auhindex/ple12index.html | 104.18.2.35 | 200 OK | 518 kB |
URL User Request GET HTTP/1.1pub-d172ccfab50c4eb3b25bcfe4c60bd498.r2.dev/auhindex/ple12index.html IP104.18.2.35:443
CertificateIssuerLet's Encrypt Subject*.r2.dev Fingerprint48:74:F0:98:E0:A1:57:3E:86:18:BF:B3:DC:C9:7A:5B:53:50:FE:E0 ValidityFri, 05 Apr 2024 15:25:24 GMT - Thu, 04 Jul 2024 15:25:23 GMT
File typeHTML document, ASCII text, with very long lines (23074) Size518 kB (518107 bytes) Hashf8670f265b18125b596571e7dab93d95 0744c2ad17b644b7122d109db9f28495d0462c0e 0fa2212497b78b5d080f9d422df709529636c53f7e3e6d62fb06bfc102079b88
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - Suspicious Javascript code | OpenPhish | phishing | Office365 | PhishTank | phishing | Other | Quad9 DNS | malicious | Sinkholed |
GET /auhindex/ple12index.html HTTP/1.1
Host: pub-d172ccfab50c4eb3b25bcfe4c60bd498.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 16:14:17 GMT
Content-Type: text/html
Content-Length: 518107
Connection: keep-alive
Accept-Ranges: bytes
ETag: "f8670f265b18125b596571e7dab93d95"
Last-Modified: Wed, 03 Apr 2024 12:44:30 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 876e2fd0cf2856ca-OSL
|
| ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js | 142.250.74.106 | 200 OK | 30 kB |
URL GET HTTP/2ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js IP142.250.74.106:443
Requested byhttps://pub-d172ccfab50c4eb3b25bcfe4c60bd498.r2.dev/auhindex/ple12index.html CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT
File typeJavaScript source, ASCII text, with very long lines (65451) Hasha09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-d172ccfab50c4eb3b25bcfe4c60bd498.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 11:06:16 GMT
expires: Fri, 18 Apr 2025 11:06:16 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 104882
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
IP20.190.181.1:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://pub-d172ccfab50c4eb3b25bcfe4c60bd498.r2.dev/auhindex/ple12index.html CertificateIssuerDigiCert Inc Subjectlogin.live.com Fingerprint82:2F:20:E4:BD:99:37:36:52:F8:AF:FC:4D:86:73:BA:3A:7A:65:3E ValidityFri, 29 Mar 2024 00:00:00 GMT - Sat, 29 Mar 2025 23:59:59 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (23872) Hash58c01676d8cf2f4acb1a3ff5e57d6f7b 21c562d0bb1d53686e5157ee50daae5cfe92eb9d df25c3bb7fb73e39fe8bf3a44ec878d1738277f53419a29a9c9068467721fee8
GET / HTTP/1.1
Host: login.live.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://pub-d172ccfab50c4eb3b25bcfe4c60bd498.r2.dev/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: Fri, 19 Apr 2024 16:13:18 GMT
Vary: Accept-Encoding
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
X-DNS-Prefetch-Control: on
Link: <https://logincdn.msauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msftauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msauth.net/>; rel=dns-prefetch, <https://acctcdn.msftauth.net/>; rel=dns-prefetch, <https://acctcdnmsftuswe2.azureedge.net/>; rel=dns-prefetch, <https://acctcdnvzeuno.azureedge.net/>; rel=dns-prefetch, <https://logincdn.msauth.net/>; rel=dns-prefetch, <https://logincdn.msftauth.net/>; rel=dns-prefetch, <https://lgincdnvzeuno.azureedge.net/>; rel=dns-prefetch, <https://lgincdnmsftuswe2.azureedge.net/>; rel=dns-prefetch
Referrer-Policy: strict-origin-when-cross-origin
x-ms-route-info: C538_BL2
x-ms-request-id: 16e5eb2a-98e3-4bb4-bf89-54beb920e0d5
PPServer: PPV: 30 H: BL02EPF0001D905 V: 0
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1; mode=block
Set-Cookie: uaid=5bb1c7d69de84c73b717f3869a4894e5; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
MSPRequ=id=N<=1713543258&co=1; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
MSCC=91.90.42.154-NO; expires=Wed, 14-May-2025 16:14:18 GMT; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
MSPOK=$uuid-91373411-8d85-4365-955a-cec26bae29ad; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
OParams=11O.DvavFruFfKYctH947MTHSCdlfXxKVBnsRSUKEbraaUin84B*S3wrxVteUB9vBn54XskEi3AyJGjckEgWGlOsBY5EYG9U!!YDJMzqowyIzp!4DKHavaKl3r08ECyl2h1!NcurSJAFbU*tQ5smApwDU7U$; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
Date: Fri, 19 Apr 2024 16:14:18 GMT
Content-Length: 10734
|