| nemetschek-onmircosoft.com/5btx9iklcbdaodb4 | 95.217.177.132 | 200 OK | 21 kB |
URL User Request GET HTTP/2nemetschek-onmircosoft.com/5btx9iklcbdaodb4 IP95.217.177.132:443 ASN#24940 Hetzner Online GmbH
CertificateIssuerLet's Encrypt Subjectnemetschek-onmircosoft.com FingerprintDA:C7:03:01:F3:D3:A2:4F:4D:D6:93:71:DD:95:59:66:DA:AD:35:2D ValiditySat, 13 Apr 2024 11:00:12 GMT - Fri, 12 Jul 2024 11:00:11 GMT
File typeHTML document, ASCII text, with very long lines (65403), with CRLF line terminators Hash0e208ed652a9319e3f36e17b870d71a6 9dda40d65e43c8108b9e8b9acb8fd0e87da219f0 00f254b75d09b4d7b053da75fe3f67a25aceb814cb8984063462e0d7d03fac61
Analyzer | Verdict | Alert | OpenPhish | phishing | Office365 | Quad9 DNS | malicious | Sinkholed |
GET /5btx9iklcbdaodb4 HTTP/1.1
Host: nemetschek-onmircosoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 05:10:08 GMT
server: Lucy
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=8bdont6pig51fd89aht15e8j9v; path=/; secure; HttpOnly
link=5btx9iklcbdaodb4; expires=Sat, 18-May-2024 05:10:08 GMT; Max-Age=2592000; path=/
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-methods: *
access-control-allow-headers: *
content-length: 21099
content-type: text/html; charset=UTF-8
X-Firefox-Spdy: h2
|
|
| nemetschek-onmircosoft.com/js/events.js | 95.217.177.132 | 302 Found | 321 B |
URL GET HTTP/2nemetschek-onmircosoft.com/js/events.js IP95.217.177.132:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://nemetschek-onmircosoft.com/5btx9iklcbdaodb4 CertificateIssuerLet's Encrypt Subjectnemetschek-onmircosoft.com FingerprintDA:C7:03:01:F3:D3:A2:4F:4D:D6:93:71:DD:95:59:66:DA:AD:35:2D ValiditySat, 13 Apr 2024 11:00:12 GMT - Fri, 12 Jul 2024 11:00:11 GMT
File typeHTML document, ASCII text Hash53a87671063ff5661d8d5c51381beef9 478b154c9bee2205c9425a6147e72b9216033e73 1acb8443e9cef7dc19110e65b632a7d144364a2f9c80f4137cea1f4208f827a9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/events.js HTTP/1.1
Host: nemetschek-onmircosoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nemetschek-onmircosoft.com/5btx9iklcbdaodb4
Cookie: PHPSESSID=8bdont6pig51fd89aht15e8j9v; link=5btx9iklcbdaodb4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
date: Thu, 18 Apr 2024 05:10:08 GMT
server: Lucy
location: https://nemetschek-onmircosoft.com/obfuscate?path=js/events.js
cache-control: max-age=1
expires: Thu, 18 Apr 2024 05:10:09 GMT
content-length: 321
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
|
|
| nemetschek-onmircosoft.com/public/system/static/MicrosoftTeams.png | 95.217.177.132 | 200 OK | 1.1 kB |
URL GET HTTP/2nemetschek-onmircosoft.com/public/system/static/MicrosoftTeams.png IP95.217.177.132:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://nemetschek-onmircosoft.com/5btx9iklcbdaodb4 CertificateIssuerLet's Encrypt Subjectnemetschek-onmircosoft.com FingerprintDA:C7:03:01:F3:D3:A2:4F:4D:D6:93:71:DD:95:59:66:DA:AD:35:2D ValiditySat, 13 Apr 2024 11:00:12 GMT - Fri, 12 Jul 2024 11:00:11 GMT
File typePNG image data, 108 x 24, 8-bit/color RGBA, non-interlaced Hashed9c9eb0dce17d752bedea6b5acda6d9 eca56c4904354eed5da0debcd6bd66856ab4784d f664b8138c2da6ec7565500a7cc839da6372614a31dc04c5a2169a26b8d9767c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /public/system/static/MicrosoftTeams.png HTTP/1.1
Host: nemetschek-onmircosoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nemetschek-onmircosoft.com/5btx9iklcbdaodb4
Cookie: PHPSESSID=8bdont6pig51fd89aht15e8j9v; link=5btx9iklcbdaodb4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 05:10:08 GMT
server: Lucy
last-modified: Mon, 25 Oct 2021 14:30:24 GMT
etag: "421-5cf2e338ee000"
accept-ranges: bytes
content-length: 1057
content-type: image/png
X-Firefox-Spdy: h2
|
|
| nemetschek-onmircosoft.com/js/timeme.min.js | 95.217.177.132 | 302 Found | 325 B |
URL GET HTTP/2nemetschek-onmircosoft.com/js/timeme.min.js IP95.217.177.132:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://nemetschek-onmircosoft.com/5btx9iklcbdaodb4 CertificateIssuerLet's Encrypt Subjectnemetschek-onmircosoft.com FingerprintDA:C7:03:01:F3:D3:A2:4F:4D:D6:93:71:DD:95:59:66:DA:AD:35:2D ValiditySat, 13 Apr 2024 11:00:12 GMT - Fri, 12 Jul 2024 11:00:11 GMT
File typeHTML document, ASCII text Hashab3d200881c2ca0dd4b21828fff2e04b f11f09d4abf531140e51e9ce5c5b08b78a9b6fb6 d21dc672cc5148e82f9a10f0945d034c5282117807812bbd41218ddc09625299
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/timeme.min.js HTTP/1.1
Host: nemetschek-onmircosoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nemetschek-onmircosoft.com/5btx9iklcbdaodb4
Cookie: PHPSESSID=8bdont6pig51fd89aht15e8j9v; link=5btx9iklcbdaodb4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
date: Thu, 18 Apr 2024 05:10:08 GMT
server: Lucy
location: https://nemetschek-onmircosoft.com/obfuscate?path=js/timeme.min.js
cache-control: max-age=1
expires: Thu, 18 Apr 2024 05:10:09 GMT
content-length: 325
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
|
|
| nemetschek-onmircosoft.com/js/time-tracker.js | 95.217.177.132 | 302 Found | 327 B |
URL GET HTTP/2nemetschek-onmircosoft.com/js/time-tracker.js IP95.217.177.132:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://nemetschek-onmircosoft.com/5btx9iklcbdaodb4 CertificateIssuerLet's Encrypt Subjectnemetschek-onmircosoft.com FingerprintDA:C7:03:01:F3:D3:A2:4F:4D:D6:93:71:DD:95:59:66:DA:AD:35:2D ValiditySat, 13 Apr 2024 11:00:12 GMT - Fri, 12 Jul 2024 11:00:11 GMT
File typeHTML document, ASCII text Hash195cea8c8766af983f82678119879071 875067c1f8cb1d1526b2630824a28256066c9b5f 97498944a293550d8d953faf2d5988250efc8c4420429d1fd6030ada92bd657e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/time-tracker.js HTTP/1.1
Host: nemetschek-onmircosoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nemetschek-onmircosoft.com/5btx9iklcbdaodb4
Cookie: PHPSESSID=8bdont6pig51fd89aht15e8j9v; link=5btx9iklcbdaodb4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
date: Thu, 18 Apr 2024 05:10:08 GMT
server: Lucy
location: https://nemetschek-onmircosoft.com/obfuscate?path=js/time-tracker.js
cache-control: max-age=1
expires: Thu, 18 Apr 2024 05:10:09 GMT
content-length: 327
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
|
|
| nemetschek-onmircosoft.com/obfuscate?path=js/time-tracker.js | 95.217.177.132 | 200 OK | 1.8 kB |
URL GET HTTP/2nemetschek-onmircosoft.com/obfuscate?path=js/time-tracker.js IP95.217.177.132:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://nemetschek-onmircosoft.com/5btx9iklcbdaodb4 CertificateIssuerLet's Encrypt Subjectnemetschek-onmircosoft.com FingerprintDA:C7:03:01:F3:D3:A2:4F:4D:D6:93:71:DD:95:59:66:DA:AD:35:2D ValiditySat, 13 Apr 2024 11:00:12 GMT - Fri, 12 Jul 2024 11:00:11 GMT
Hashe9e446a83612e4659debad3334eeddf2 596ffc347f2617e2525343ff42b0ee64d1db309b 96221a544faf73682e0e25d24edb83389c5362f51751efc6ab0fa75158f7025e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /obfuscate?path=js/time-tracker.js HTTP/1.1
Host: nemetschek-onmircosoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nemetschek-onmircosoft.com/5btx9iklcbdaodb4
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=8bdont6pig51fd89aht15e8j9v; link=5btx9iklcbdaodb4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 05:10:08 GMT
server: Lucy
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: *
access-control-allow-headers: *
content-type: text/javascript;charset=UTF-8
X-Firefox-Spdy: h2
|
|
| nemetschek-onmircosoft.com/scenario/track-time | 95.217.177.132 | 200 OK | 0 B |
URL POST HTTP/2nemetschek-onmircosoft.com/scenario/track-time IP95.217.177.132:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://nemetschek-onmircosoft.com/5btx9iklcbdaodb4 CertificateIssuerLet's Encrypt Subjectnemetschek-onmircosoft.com FingerprintDA:C7:03:01:F3:D3:A2:4F:4D:D6:93:71:DD:95:59:66:DA:AD:35:2D ValiditySat, 13 Apr 2024 11:00:12 GMT - Fri, 12 Jul 2024 11:00:11 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /scenario/track-time HTTP/1.1
Host: nemetschek-onmircosoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/json
Content-Length: 25
Origin: https://nemetschek-onmircosoft.com
DNT: 1
Connection: keep-alive
Referer: https://nemetschek-onmircosoft.com/5btx9iklcbdaodb4
Cookie: PHPSESSID=8bdont6pig51fd89aht15e8j9v; link=5btx9iklcbdaodb4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 05:10:09 GMT
server: Lucy
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-credentials: true
access-control-max-age: 86400
set-cookie: link=5btx9iklcbdaodb4; expires=Sat, 18-May-2024 05:10:10 GMT; Max-Age=2592000; path=/
access-control-allow-origin: *, *
access-control-allow-methods: GET, POST, OPTIONS, PUT, PATCH, HEAD, *
access-control-allow-headers: Content-Type, *
content-length: 0
content-type: text/html; charset=UTF-8
X-Firefox-Spdy: h2
|
|
| nemetschek-onmircosoft.com/scenario/track-time | 95.217.177.132 | 200 OK | 0 B |
URL POST HTTP/2nemetschek-onmircosoft.com/scenario/track-time IP95.217.177.132:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://nemetschek-onmircosoft.com/5btx9iklcbdaodb4 CertificateIssuerLet's Encrypt Subjectnemetschek-onmircosoft.com FingerprintDA:C7:03:01:F3:D3:A2:4F:4D:D6:93:71:DD:95:59:66:DA:AD:35:2D ValiditySat, 13 Apr 2024 11:00:12 GMT - Fri, 12 Jul 2024 11:00:11 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /scenario/track-time HTTP/1.1
Host: nemetschek-onmircosoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/json
Content-Length: 25
Origin: https://nemetschek-onmircosoft.com
DNT: 1
Connection: keep-alive
Referer: https://nemetschek-onmircosoft.com/5btx9iklcbdaodb4
Cookie: PHPSESSID=8bdont6pig51fd89aht15e8j9v; link=5btx9iklcbdaodb4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 05:10:14 GMT
server: Lucy
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-credentials: true
access-control-max-age: 86400
set-cookie: link=5btx9iklcbdaodb4; expires=Sat, 18-May-2024 05:10:15 GMT; Max-Age=2592000; path=/
access-control-allow-origin: *, *
access-control-allow-methods: GET, POST, OPTIONS, PUT, PATCH, HEAD, *
access-control-allow-headers: Content-Type, *
content-length: 0
content-type: text/html; charset=UTF-8
X-Firefox-Spdy: h2
|
|
| nemetschek-onmircosoft.com/scenario/track-time | 95.217.177.132 | 200 OK | 0 B |
URL POST HTTP/2nemetschek-onmircosoft.com/scenario/track-time IP95.217.177.132:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://nemetschek-onmircosoft.com/5btx9iklcbdaodb4 CertificateIssuerLet's Encrypt Subjectnemetschek-onmircosoft.com FingerprintDA:C7:03:01:F3:D3:A2:4F:4D:D6:93:71:DD:95:59:66:DA:AD:35:2D ValiditySat, 13 Apr 2024 11:00:12 GMT - Fri, 12 Jul 2024 11:00:11 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /scenario/track-time HTTP/1.1
Host: nemetschek-onmircosoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/json
Content-Length: 29
Origin: https://nemetschek-onmircosoft.com
DNT: 1
Connection: keep-alive
Referer: https://nemetschek-onmircosoft.com/5btx9iklcbdaodb4
Cookie: PHPSESSID=8bdont6pig51fd89aht15e8j9v; link=5btx9iklcbdaodb4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 05:10:19 GMT
server: Lucy
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-credentials: true
access-control-max-age: 86400
set-cookie: link=5btx9iklcbdaodb4; expires=Sat, 18-May-2024 05:10:20 GMT; Max-Age=2592000; path=/
access-control-allow-origin: *, *
access-control-allow-methods: GET, POST, OPTIONS, PUT, PATCH, HEAD, *
access-control-allow-headers: Content-Type, *
content-length: 0
content-type: text/html; charset=UTF-8
X-Firefox-Spdy: h2
|
|
| nemetschek-onmircosoft.com/scenario/track-time | 95.217.177.132 | 200 OK | 0 B |
URL POST HTTP/2nemetschek-onmircosoft.com/scenario/track-time IP95.217.177.132:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://nemetschek-onmircosoft.com/5btx9iklcbdaodb4 CertificateIssuerLet's Encrypt Subjectnemetschek-onmircosoft.com FingerprintDA:C7:03:01:F3:D3:A2:4F:4D:D6:93:71:DD:95:59:66:DA:AD:35:2D ValiditySat, 13 Apr 2024 11:00:12 GMT - Fri, 12 Jul 2024 11:00:11 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /scenario/track-time HTTP/1.1
Host: nemetschek-onmircosoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/json
Content-Length: 25
Origin: https://nemetschek-onmircosoft.com
DNT: 1
Connection: keep-alive
Referer: https://nemetschek-onmircosoft.com/5btx9iklcbdaodb4
Cookie: PHPSESSID=8bdont6pig51fd89aht15e8j9v; link=5btx9iklcbdaodb4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 05:10:24 GMT
server: Lucy
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-credentials: true
access-control-max-age: 86400
set-cookie: link=5btx9iklcbdaodb4; expires=Sat, 18-May-2024 05:10:25 GMT; Max-Age=2592000; path=/
access-control-allow-origin: *, *
access-control-allow-methods: GET, POST, OPTIONS, PUT, PATCH, HEAD, *
access-control-allow-headers: Content-Type, *
content-length: 0
content-type: text/html; charset=UTF-8
X-Firefox-Spdy: h2
|
|
| nemetschek-onmircosoft.com/scenario/track-time | 95.217.177.132 | 200 OK | 0 B |
URL POST HTTP/2nemetschek-onmircosoft.com/scenario/track-time IP95.217.177.132:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://nemetschek-onmircosoft.com/5btx9iklcbdaodb4 CertificateIssuerLet's Encrypt Subjectnemetschek-onmircosoft.com FingerprintDA:C7:03:01:F3:D3:A2:4F:4D:D6:93:71:DD:95:59:66:DA:AD:35:2D ValiditySat, 13 Apr 2024 11:00:12 GMT - Fri, 12 Jul 2024 11:00:11 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /scenario/track-time HTTP/1.1
Host: nemetschek-onmircosoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/json
Content-Length: 25
Origin: https://nemetschek-onmircosoft.com
DNT: 1
Connection: keep-alive
Referer: https://nemetschek-onmircosoft.com/5btx9iklcbdaodb4
Cookie: PHPSESSID=8bdont6pig51fd89aht15e8j9v; link=5btx9iklcbdaodb4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 05:10:29 GMT
server: Lucy
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-credentials: true
access-control-max-age: 86400
set-cookie: link=5btx9iklcbdaodb4; expires=Sat, 18-May-2024 05:10:30 GMT; Max-Age=2592000; path=/
access-control-allow-origin: *, *
access-control-allow-methods: GET, POST, OPTIONS, PUT, PATCH, HEAD, *
access-control-allow-headers: Content-Type, *
content-length: 0
content-type: text/html; charset=UTF-8
X-Firefox-Spdy: h2
|
|
| nemetschek-onmircosoft.com/favicon.ico | 95.217.177.132 | 200 OK | 198 B |
URL GET HTTP/2nemetschek-onmircosoft.com/favicon.ico IP95.217.177.132:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://nemetschek-onmircosoft.com/5btx9iklcbdaodb4 CertificateIssuerLet's Encrypt Subjectnemetschek-onmircosoft.com FingerprintDA:C7:03:01:F3:D3:A2:4F:4D:D6:93:71:DD:95:59:66:DA:AD:35:2D ValiditySat, 13 Apr 2024 11:00:12 GMT - Fri, 12 Jul 2024 11:00:11 GMT
File typeMS Windows icon resource - 1 icon, 16x16, 2 colors Hashc6acedaff906029fc5455d9ec52c7f42 92cbd806ca421aa2c9ff5e1ff76bbc20913a2f81 9deb629637088856fe61dc868bf40a7d21ed942e4117659f3d6c3408f59b906b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: nemetschek-onmircosoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nemetschek-onmircosoft.com/5btx9iklcbdaodb4
Cookie: PHPSESSID=8bdont6pig51fd89aht15e8j9v; link=5btx9iklcbdaodb4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 05:10:08 GMT
server: Lucy
accept-ranges: bytes
content-length: 198
cache-control: max-age=1
expires: Thu, 18 Apr 2024 05:10:09 GMT
access-control-allow-origin: *
access-control-allow-methods: *
access-control-allow-headers: *
content-type: image/vnd.microsoft.icon
X-Firefox-Spdy: h2
|
|
| nemetschek-onmircosoft.com/obfuscate?path=js/events.js | 95.217.177.132 | 200 OK | 558 B |
URL GET HTTP/2nemetschek-onmircosoft.com/obfuscate?path=js/events.js IP95.217.177.132:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://nemetschek-onmircosoft.com/5btx9iklcbdaodb4 CertificateIssuerLet's Encrypt Subjectnemetschek-onmircosoft.com FingerprintDA:C7:03:01:F3:D3:A2:4F:4D:D6:93:71:DD:95:59:66:DA:AD:35:2D ValiditySat, 13 Apr 2024 11:00:12 GMT - Fri, 12 Jul 2024 11:00:11 GMT
File typeJavaScript source, ASCII text, with very long lines (578), with no line terminators Hash88a9ef3280b2bd2d97cf2d543fb34a8a 160a4e57039bb916dce84545e50f7c0f902a07e2 68743169b6222597cc2e6646578efd38051e86de6138feaf11c045cd370a4101
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /obfuscate?path=js/events.js HTTP/1.1
Host: nemetschek-onmircosoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nemetschek-onmircosoft.com/5btx9iklcbdaodb4
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=8bdont6pig51fd89aht15e8j9v; link=5btx9iklcbdaodb4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 05:10:08 GMT
server: Lucy
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: *
access-control-allow-headers: *
content-type: text/javascript;charset=UTF-8
X-Firefox-Spdy: h2
|
|
| nemetschek-onmircosoft.com/obfuscate?path=js/timeme.min.js | 95.217.177.132 | 200 OK | 4.2 kB |
URL GET HTTP/2nemetschek-onmircosoft.com/obfuscate?path=js/timeme.min.js IP95.217.177.132:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://nemetschek-onmircosoft.com/5btx9iklcbdaodb4 CertificateIssuerLet's Encrypt Subjectnemetschek-onmircosoft.com FingerprintDA:C7:03:01:F3:D3:A2:4F:4D:D6:93:71:DD:95:59:66:DA:AD:35:2D ValiditySat, 13 Apr 2024 11:00:12 GMT - Fri, 12 Jul 2024 11:00:11 GMT
File typeJavaScript source, ASCII text, with very long lines (4276), with no line terminators Hash58831de6bbe8b981d0a118c8bfc775fb aaee68a38c70ed0770be62ff21bc0f52991fb885 c089ef76fd6ead609ad8bb60c4cba756e2c3fd2e9c9c48e4a112506b18231b62
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /obfuscate?path=js/timeme.min.js HTTP/1.1
Host: nemetschek-onmircosoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nemetschek-onmircosoft.com/5btx9iklcbdaodb4
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=8bdont6pig51fd89aht15e8j9v; link=5btx9iklcbdaodb4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 05:10:08 GMT
server: Lucy
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: *
access-control-allow-headers: *
content-type: text/javascript;charset=UTF-8
X-Firefox-Spdy: h2
|
|