Report - landvape.com/linkedin.com/linkedin.com/linkedin.com/linkedin.com/linkedin.com/Supdepus/cnF1aW5sZXZhbkBsZXJuZXJjby5jb20=

Report Overview

Submitted URL
landvape.com/linkedin.com/linkedin.com/linkedin.com/linkedin.com/linkedin.com/Supdepus/cnF1aW5sZXZhbkBsZXJuZXJjby5jb20=
IP
192.185.84.87
ASN
#19871 NETWORK-SOLUTIONS-HOSTING
Submitted
2024-05-08 14:23:00
Access
public
Website Title
365adf4d75209975e0ab2c540e5e3eba663b8aadd6a99
Final URL
kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/beebb091955c06fa68b3eb8afc0bae51663b8aadd6ac9PASbeebb091955c06fa68b3eb8afc0bae51663b8aadd6aca
Tags
microsoft phishing outlook
urlquery detections
Phishing - Microsoft
Phishing - Microsoft Outlook

Detections

urlquery
15
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
landvape.com	unknown	2024-02-01	2020-08-24	2022-06-27	573 B	517 B	192.185.84.87
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20	2024-05-08	3.2 kB	128 kB	104.17.2.184
kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com	unknown	unknown	No data	No data	13 kB	604 kB	172.67.194.207
unpkg.com	11693	2016-01-06	2016-01-08	2024-05-07	910 B	84 kB	104.17.247.203

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (38)

	URL	Size	First Seen	Last Seen
	unpkg.com/axios/dist/axios.min.js	42 kB	2024-03-15	2024-05-19
Pretty URL unpkg.com/axios/dist/axios.min.js IP 104.17.247.203 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-15 17:36:33 Last Seen2024-05-19 19:18:53 Times Seen11335 Hash 3b5b3d36fde8ffe8ed76b1efbfc65410 d63107d0912fdb387530d5ce2d512c928d73d122 29d600462a30694efd15b9848b4ca42d178cd067009275c35a30580121114304 Loading...

	kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/beebb091955c06fa68b3eb8afc0bae51663b8aadd6ac9PASbeebb091955c06fa68b3eb8afc0bae51663b8aadd6aca	0 B	2023-03-07	2024-05-20
Pretty URL kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/beebb091955c06fa68b3eb8afc0bae51663b8aadd6ac9PASbeebb091955c06fa68b3eb8afc0bae51663b8aadd6aca IP 172.67.194.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-20 00:27:00 Times Seen37847253 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/jq/6f030cd5f96a8cf6fe558ef446f60aef663b8aade9b18	86 kB	2023-03-07	2024-05-20
Pretty URL kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/jq/6f030cd5f96a8cf6fe558ef446f60aef663b8aade9b18 IP 172.67.194.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-05-20 00:16:05 Times Seen394529 Hash 2f6b11a7e914718e0290410e85366fe9 69bb69e25ca7d5ef0935317584e6153f3fd9a88c 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Loading...

	unknown	37 B	2023-04-11	2024-05-20
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:31:25 Last Seen2024-05-20 00:07:06 Times Seen238387 Hash 29d0c84b9d1d8da446a6062c6a840ad9 6d6b3a6065667c7c50d92f3889c85ed65a9ad784 3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1 Loading...

	unknown	79 B	2023-04-11	2024-05-20
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:38:58 Last Seen2024-05-20 00:07:06 Times Seen126659 Hash aa049e2749b8531cb8f233c2f64fc2b2 b611a5a62c1813ae5b4763378b3a4a565556530a e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2 Loading...

	kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/jm/6f030cd5f96a8cf6fe558ef446f60aef663b8aade9b22	6.4 kB	2023-10-11	2024-05-18
Pretty URL kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/jm/6f030cd5f96a8cf6fe558ef446f60aef663b8aade9b22 IP 172.67.194.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-11 19:03:08 Last Seen2024-05-18 20:52:02 Times Seen44472 Hash 82ff6e77e3b8f004b23294185e108264 03c685b50fd4587427495348cd1231882a8c48d0 0e230a53a5d5abd125c2a8e1cdd97b32ddd84a9f7fd07c23bff95413886b05fa Loading...

	kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/boot/6f030cd5f96a8cf6fe558ef446f60aef663b8aade9b20	51 kB	2023-03-07	2024-05-20
Pretty URL kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/boot/6f030cd5f96a8cf6fe558ef446f60aef663b8aade9b20 IP 172.67.194.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2024-05-20 00:08:29 Times Seen249912 Hash 67176c242e1bdc20603c878dee836df3 27a71b00383d61ef3c489326b3564d698fc1227c 56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 33f392df6b46265ca9bf380ed7f6239b	28 B	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 16:23:06 Last Seen2024-05-08 16:23:06 Times Seen1 Hash 33f392df6b46265ca9bf380ed7f6239b 80c9157c0cf5d3a81e0a0a14369b12b84c6f722c 7d3d4d5d2619e76e0427523609527996d17efaf8236588871d818993e331044e Loading...

	#2 Eval - a74382737922d099248b92ae9201df70	28 B	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 16:23:06 Last Seen2024-05-08 16:23:06 Times Seen1 Hash a74382737922d099248b92ae9201df70 19846e79da55c85d6b6f1e7109a135211e47f4a5 5d17b7a68a12c1131edb9525983852f8338e6236bb3b7e52a473299bfa4bf47c Loading...

	#3 Eval - 263822916321e5e6dc2d63276c6cb418	28 B	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 16:23:06 Last Seen2024-05-08 16:23:06 Times Seen1 Hash 263822916321e5e6dc2d63276c6cb418 de10db1929cdc37956c91d3621f99ddf6fcc9bfd 661512d3ae7bbc7ce483e0c7af40ae7b699c74dc7e28a3250ec9fbebd731037b Loading...

	#4 Eval - 3d156e1ef34215a638917900bfd968e8	28 B	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 16:23:07 Last Seen2024-05-08 16:23:07 Times Seen1 Hash 3d156e1ef34215a638917900bfd968e8 d535baf84f14614e321ae6276e4d36c13769a169 447852dbe7720ce5c26a25e031f4757611485688ea0550b5b5294f363ea556ba Loading...

	#5 Eval - 99991f6d3b766f9e540fbf6b98bdba64	28 B	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 16:23:07 Last Seen2024-05-08 16:23:07 Times Seen1 Hash 99991f6d3b766f9e540fbf6b98bdba64 9dc35193ad87a35c67b158f7013dbe1955929484 7b7149b0078deb30b4729c926c987458da957d6abc3fa5675593aeba73819be0 Loading...

	#6 Eval - 567cde314ba13eaf7b594dd67fd9167a	28 B	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 16:23:07 Last Seen2024-05-08 16:23:07 Times Seen1 Hash 567cde314ba13eaf7b594dd67fd9167a 77374f83fc482f83e85d26da9ff6dea209c0db4d 685fea84f1a3b8c4c150bc233e6ffac28a3c06d89dfdb3d555841e9af8965be8 Loading...

	#7 Eval - b51552623764e6040637f011a22577eb	28 B	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 16:23:07 Last Seen2024-05-08 16:23:07 Times Seen1 Hash b51552623764e6040637f011a22577eb b0a9f852658931b741b9568ca195642ce53bfe17 a87ed7bcb9392a745754a0bfb97403b73abd26411102f6001be17726af8ed838 Loading...

	#8 Eval - 21177573deee7520141e33809e36764c	28 B	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 16:23:07 Last Seen2024-05-08 16:23:07 Times Seen1 Hash 21177573deee7520141e33809e36764c a65c54cb34a365d04fa9d89efc0c0793e04ba391 565f7322cc3001fac2002955d81b262f513efa94dc7b89a197c44e1b9a31a6ef Loading...

	#9 Eval - 2273cf1cc603195397eacef3aa7faf35	28 B	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 16:23:07 Last Seen2024-05-08 16:23:07 Times Seen1 Hash 2273cf1cc603195397eacef3aa7faf35 45fd3bf57a396b43866e2df35e7581201806d01a 86222b5cfa4ba2c73272c79cb153e43f58795dd62eb5b1420de715347c65640d Loading...

	#10 Eval - 67cbddd2e3a21c3105ba0ca6e8298412	28 B	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 16:23:07 Last Seen2024-05-08 16:23:07 Times Seen1 Hash 67cbddd2e3a21c3105ba0ca6e8298412 15e45248e76652c1e64234029aefd43f46d64864 eb1317bd369b37ad2ccc24eb090b7df6476543b43d7d0e423b81284040fe8927 Loading...

	#11 Eval - 1d812bf0038db5ff43798129b539094a	28 B	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 16:23:07 Last Seen2024-05-08 16:23:07 Times Seen1 Hash 1d812bf0038db5ff43798129b539094a e87a9b1811a31ef92870b3544d65f10cdd22c665 68851378f614ac86b8465ff52e87dec2b3de44128b08b9ca3f5b1d48ef8256ac Loading...

	#12 Eval - 44ce9c2b5dbdc0f28d7037c070550b74	62 B	2024-05-03	2024-05-09
Pretty Observations First Seen2024-05-03 14:37:29 Last Seen2024-05-09 15:26:38 Times Seen386 Hash 44ce9c2b5dbdc0f28d7037c070550b74 a9d8ff605c113bef81e606ea0bb2d8b0d65bd13e b87899b17160a1ab0138f3ff2eacc0c7c9107f22f6ab3ad6e9d9973b98deb26d Loading...

	#13 Eval - f4e647d050aa45117d363f9538a15688	28 B	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 16:23:07 Last Seen2024-05-08 16:23:07 Times Seen1 Hash f4e647d050aa45117d363f9538a15688 3b29d5f4b0f0bb75338a4810dc0b849912f90f51 480194921bd0a96c65c6efb3139cfb43fee01eaafa1da3d1c6ae7830638a3913 Loading...

	#14 Eval - 51b498fd5719c24bdce89bf07e081f8e	28 B	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 16:23:07 Last Seen2024-05-08 16:23:07 Times Seen1 Hash 51b498fd5719c24bdce89bf07e081f8e eef3aedefbfcc466e33042da7cd8111761148141 921cf3cd20fa89a1f857a82c3e3fb560eebe5f13c885d2cd52521b93815d385c Loading...

	#15 Eval - 7a20d0ba71a725683fc044a9f2bdbc78	2.8 kB	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 16:23:07 Last Seen2024-05-08 16:23:07 Times Seen1 Hash 7a20d0ba71a725683fc044a9f2bdbc78 66dafb912e2c28d4c30f9ce4356a30623f69cfd8 6af18284c0479f9b77dafb9355944f150cdcb582819e95207c943854370834ff Loading...

	#16 Eval - 9e925e9341b490bfd3b4c4ca3b0c1ef2	4 B	2023-03-07	2024-05-20
Pretty Observations First Seen2023-03-07 01:03:43 Last Seen2024-05-20 00:17:32 Times Seen353139 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	#17 Eval - ca4e05138d10c7c8874bcc3ee2249926	28 B	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 16:23:07 Last Seen2024-05-08 16:23:07 Times Seen1 Hash ca4e05138d10c7c8874bcc3ee2249926 1641ab927b7ce0aba70a81dc6bb87f3c5552d9dc 6d6c297e019ff1d26a164ce821baee0d778e64616cf386dc7bd3afb600b49942 Loading...

	#18 Eval - 1fe0b462d2486a83df5c5d3cbfd7ca94	28 B	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 16:23:07 Last Seen2024-05-08 16:23:07 Times Seen1 Hash 1fe0b462d2486a83df5c5d3cbfd7ca94 eedf9c202bc47194da9d9f695483b9ae0a9d2a06 d433f165fed81d1ba0b6c66e9004e5155721693fb373c0316777db0727acc9c5 Loading...

	#19 Eval - de06b47dceabcd38ff1aee0321c6b33a	28 B	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 16:23:07 Last Seen2024-05-08 16:23:07 Times Seen1 Hash de06b47dceabcd38ff1aee0321c6b33a 11ed1ae8c95387d036136119baa567a4a19f357f caf6dc667353b02f8787228a5ac6a14ef08703f8391119faa5c31336cdd217a6 Loading...

	#20 Eval - a637ffea029c0e8212635bae7263edaa	28 B	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 16:23:07 Last Seen2024-05-08 16:23:07 Times Seen1 Hash a637ffea029c0e8212635bae7263edaa e9a040c4fcf5d5b15120e62a3f5b94f72b67f4cb eb4236d732bc413d4381c7375b8a1dbb61f9b1e774f5435d3a68e42d46f6b42d Loading...

	#21 Eval - 3eeea99644e3bb98ff190805778689e4	28 B	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 16:23:07 Last Seen2024-05-08 16:23:07 Times Seen1 Hash 3eeea99644e3bb98ff190805778689e4 221b57efb0583cafe78eab0fb0152780dd4ce43d 9682aa453130a9ccf1f11c4b80b48bbdddf5ec57d3fdb98772c66663f00409dd Loading...

	#22 Eval - 213ba3b54b9b4ce060be69f03620f30c	28 B	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 16:23:07 Last Seen2024-05-08 16:23:07 Times Seen1 Hash 213ba3b54b9b4ce060be69f03620f30c 1e1a0960403e7ce5594dadfbf016774627cfc729 5f8844b0f75d5707a45d4a59b7d5308831b2e360117a29af9889efa150835e93 Loading...

	#23 Eval - dfdede45fbcdd515cedde879c48c95dd	28 B	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 16:23:07 Last Seen2024-05-08 16:23:07 Times Seen1 Hash dfdede45fbcdd515cedde879c48c95dd af5f09e7dc5a5399514c6daf448e3fb7fb608b27 1fec45eedc6b95dfe857ff35d1314d275f518bee564d1199c77249eea8194138 Loading...

	#24 Eval - 04df6d390400f4782d8cd6b47b82ef6c	28 B	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 16:23:07 Last Seen2024-05-08 16:23:07 Times Seen1 Hash 04df6d390400f4782d8cd6b47b82ef6c 9b1aaf315c687cbda2e4f9711d3c146d4b39f3a1 b9d8e5edc030a7c1866a89df813f94b8aac8ceb508fc226852010d4c62bfb432 Loading...

	#25 Eval - 6a9c9944e33c04a3d9ac78e2274155ea	28 B	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 16:23:07 Last Seen2024-05-08 16:23:07 Times Seen1 Hash 6a9c9944e33c04a3d9ac78e2274155ea ea5859b7321c1fe716956fce49805837c709bb02 57a27057862be51572ce171fbba9e0af1692a71deb1d504d1a1b73a224be153f Loading...

	#26 Eval - 359b31a444fdbb8a6d6976f5c8c20175	1.1 kB	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 16:22:55 Last Seen2024-05-08 16:23:07 Times Seen2 Hash 359b31a444fdbb8a6d6976f5c8c20175 344b7b554496c7474914aabeb2fb71c73fdbed36 562fd7d1772244e5eb358cc311b43a94ad9cf55bdba06e4efa196d05bdc51555 Loading...

	#27 Eval - 3138b8fb020dfd4df1faba1a78134de9	28 B	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 16:23:07 Last Seen2024-05-08 16:23:07 Times Seen1 Hash 3138b8fb020dfd4df1faba1a78134de9 258e9f3deaf289aabd4006aa85a8453290feb413 bfa6794ecf5709b2919221cbc94b857d3ab00fbd3b3d93b99dbac0b45025fc24 Loading...

	#28 Eval - 5bb4d3c1ca21a7492cc4350800912f06	28 B	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 16:23:07 Last Seen2024-05-08 16:23:07 Times Seen1 Hash 5bb4d3c1ca21a7492cc4350800912f06 554fea17094bcaef90696d3a0c8def6b865f6a93 fe037469610430e6d1e5125d1c9b4abef744496add2c320604997cd0a61e1d6d Loading...

	#29 Eval - e0ba76736dbe2af95e0d181a23304db4	28 B	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 16:23:07 Last Seen2024-05-08 16:23:07 Times Seen1 Hash e0ba76736dbe2af95e0d181a23304db4 45d33d55052793c6315f80ead4241d86e11358a7 be284dc70dcf9b9ac6dc1ea6c3d24410d3cebb72b6af527cbb1eaad3e74f62fa Loading...

	#30 Eval - f9739acb44b40d4e7dfcc10be7517453	28 B	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 16:23:07 Last Seen2024-05-08 16:23:07 Times Seen1 Hash f9739acb44b40d4e7dfcc10be7517453 6279d6199410bbb909d243b310a0f6c9e77768f3 4b580da1f3a7610663cbe5baafe9990eec0397fc1e7fb1dba528f36310879aa0 Loading...

	#31 Eval - 6af43e594b28e8cf9c074b0c3d200932	28 B	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 16:23:07 Last Seen2024-05-08 16:23:07 Times Seen1 Hash 6af43e594b28e8cf9c074b0c3d200932 e6593115ca7e33b355f3ffb510c2ac68a7e7aa24 24c1ef7e2b9843c4f1879a72243d15a1bc2e6fd5a0d60c524d8661aaff175b30 Loading...

HTTP Transactions (23)

URL IP Response Size

landvape.com/linkedin.com/linkedin.com/linkedin.com/linkedin.com/linkedin.com/Supdepus/cnF1aW5sZXZhbkBsZXJuZXJjby5jb20=

192.185.84.87

200 OK

147 B

URL User Request GET HTTP/2
landvape.com/linkedin.com/linkedin.com/linkedin.com/linkedin.com/linkedin.com/Supdepus/cnF1aW5sZXZhbkBsZXJuZXJjby5jb20=
IP
192.185.84.87:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Certificate
IssuerLet's Encrypt
Subject*.landvape.com
Fingerprint48:AE:A3:DE:14:8A:7A:BC:2B:C3:83:C9:82:8E:32:47:D3:BC:8A:BE
ValiditySun, 05 May 2024 01:24:22 GMT - Sat, 03 Aug 2024 01:24:21 GMT

File type
HTML document, ASCII text
Size
147 B (147 bytes)
Hash
f1e909bfbead29c46fd1ae9e17ea403a
89766a098ef52a4bd3b911568a766e6c2c1a3994
10e4cffe47f3e7d3ad1873d8f73d2bb70adeb3441ea31c0e87737a23b4e17595

HTTP Headers

GET /linkedin.com/linkedin.com/linkedin.com/linkedin.com/linkedin.com/Supdepus/cnF1aW5sZXZhbkBsZXJuZXJjby5jb20= HTTP/1.1
Host: landvape.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=9ee4155601a605fc23c8dfb73ea098e8; path=/
vary: Accept-Encoding
content-encoding: gzip
content-length: 147
content-type: text/html; charset=UTF-8
date: Wed, 08 May 2024 14:22:28 GMT
server: Apache
X-Firefox-Spdy: h2

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D

104.17.2.184

61 B

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Size
61 B (61 bytes)
Hash
9246cca8fc3c00f50035f28e9f6b7f7d
3aa538440f70873b574f40cd793060f53ec17a5d
c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/up8lz/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 14:22:29 GMT
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 880a1a2b6a3db4f3-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/turnstile/v0/b/ce7818f50e39/api.js?onload=Ialy2&render=explicit

104.17.2.184

21 kB

URL
challenges.cloudflare.com/turnstile/v0/b/ce7818f50e39/api.js?onload=Ialy2&render=explicit
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (42565)
Size
21 kB (21211 bytes)
Hash
a5b92920e25651d2058f4982a108347b
caeeadd68d38fdb681c52006c68880abc2e8a1a6
49a5abedf03eb8ad9a66eca7c5ccb8e59a440e06958e1e7b71d078f494178dc5

HTTP Headers

GET /turnstile/v0/b/ce7818f50e39/api.js?onload=Ialy2&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 14:22:29 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: max-age=604800, public
vary: Accept-Encoding
server: cloudflare
cf-ray: 880a1a290dfe5690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/848194658:1715175094:NkKTCv8nncJSEWxs2fpC80hF4pvS3pRV96XWxts3o_s/880a1a2a990db4f3/b6e854bb664c873

104.17.2.184

104 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/848194658:1715175094:NkKTCv8nncJSEWxs2fpC80hF4pvS3pRV96XWxts3o_s/880a1a2a990db4f3/b6e854bb664c873
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
104 kB (103450 bytes)
Hash
0cb30bea1f6ad2b68350e7bd914bd775
ee7466a7efc536be0631e64f28fbbebd71374c2e
567173ce1e34a21e5e8f5e054cad789ec137f221d933b0ca8531e716dece496b

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/848194658:1715175094:NkKTCv8nncJSEWxs2fpC80hF4pvS3pRV96XWxts3o_s/880a1a2a990db4f3/b6e854bb664c873 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/up8lz/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: b6e854bb664c873
Content-Length: 3758
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 14:22:30 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: CNDwELOfo/6bhkpBmnQh8vX8mGkDdZdGjE4k/qc1Ir6DEckEjgkjKxvotnNlToGW7JZ3SNDj8A28TLT/bD2G2wO8enu+wCVsGKyNRQa+vqzhyB+ObPbTbMpQDvWfyS7+9g8rBl8ieYpeEvAxLVrv24yXBkx8tRFMC9dUtJuMt9BhN1UzKdBMLul1o7fF+afPQLrednv6vq1XlPwVI9fkyN5P1fd/Cm4vEDfILFpDxp2QQJLhTALhCJ4Df2GloMZmBPr+4ezTyo28g9EN/zJvwbSxihnkhWh3NNOi5LqTnIkooeI3CasR/RX+R1As927gmfer96uLc+g50rgH16UNcIaPwd1q1Q2GiKKy7ePVcQ3zlv/qjEg+vAJyKf6nsqdNpi0ZzXYXzn8imHvxTwE6zV53J/61y880JzIJ/O+ylEk=$aDhMXsfeNI1fjxVb8zoNRA==
vary: accept-encoding
server: cloudflare
cf-ray: 880a1a2d6cf3b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/880a1a2a990db4f3/1715178150003/77kgsHZD8V4WbFN

104.17.2.184

61 B

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/880a1a2a990db4f3/1715178150003/77kgsHZD8V4WbFN
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 12 x 67, 8-bit/color RGB, non-interlaced
Size
61 B (61 bytes)
Hash
d1ae49e46a03b86aa33abb535306d87e
9631b255fa9184c637d53ffbabc0f8f0faca80d8
8a27f5d60265c36dada918407442630523735e076065c7cc40de2393091da8b4

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/i/880a1a2a990db4f3/1715178150003/77kgsHZD8V4WbFN HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/up8lz/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 14:22:30 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 880a1a313ab9b4f3-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/880a1a2a990db4f3/1715178150009/c10ed1701ec7d8df8bce9e0416377f7f81cb478ed86e6765d038560f2ba42112/Y0741wXocFjb1pc

104.17.2.184

1 B

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/880a1a2a990db4f3/1715178150009/c10ed1701ec7d8df8bce9e0416377f7f81cb478ed86e6765d038560f2ba42112/Y0741wXocFjb1pc
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
ff44570aca8241914870afbc310cdb85
58668e7669fd564d99db5d581fcdb6a5618440b5
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/pat/880a1a2a990db4f3/1715178150009/c10ed1701ec7d8df8bce9e0416377f7f81cb478ed86e6765d038560f2ba42112/Y0741wXocFjb1pc HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/up8lz/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 401 Unauthorized
date: Wed, 08 May 2024 14:22:31 GMT
content-type: text/plain; charset=UTF-8
content-length: 1
www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gwQ7RcB7H2N-Lzp4EFjd_f4HLR47Ybmdl0DhWDyukIRIAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAwJNLx-F--HQ4G6w81Lqhm55Wqle9iE4E64E37YL7QkK_ylJ-Dsmf1v3knq_MpBi8JncpUaWMssdL2Aha6xVtTuit-n3zEDZCW0VR_73N-Mc6DxdptQ_jsmIxis7apwux2f5L0gN0Z4K9C36tRcIL-chm-gijHvxrbhcCYusNwrgAlFaiqNWBqxKTiuPduHX4CNzNb7BAiNPz7ppY7Xn1WjmxSB-BaqSVLCYtDy-Mw41UBzE3QEcVUcRH9er-MksFvohzvhlnTTonFaMyAUYx3d_uCdDannmVQhRsm-aJs_P_GGe1TX3e9g5Sy-NmhGrro0kncbPlfTwFxa8SwJ5-8QIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tIMEO0XAex9jfi86eBBY3f3-By0eO2G5nZdA4Vg8rpCESABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAi_Bv1vvWWnyuOfVJgRV-AQLxEJECUUmMRrMnYz-gJA-oMd79ajvP3atoTZqB_EsZIq7SMmpbCRFhPolqzIrtXh7AF1Q-ZWY2RoRVRgKr7d6iJMZ49iZUmbz837eqBZJrEMuXftZmY35str5sb0GjzklF8z_hcQJC9vancYXncsYoiMDaROW0tLwSQA9BGfbmA6GlbVj4XH8DH19cKifxmO6RlIPPKlL1KmZbrRakkpuqvJO2-x1Zc2S5GCpponuvQTqJQH8Ud9loZLI75e-Xa9KAUNtBTM0t9WSEsv8cSJLV1BPBVTy1lOnwghofw4fqmlYv6CXClzAUqWouSTJ7uwIDAQAB", max-age=20
server: cloudflare
cf-ray: 880a1a38fcf4b4f3-OSL
alt-svc: h3=":443"; ma=86400

kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/Trquinlevan@lernerco.com

172.67.194.207

403 Forbidden

15 kB

URL User Request GET HTTP/2
kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/Trquinlevan@lernerco.com
IP
172.67.194.207:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectintermediaselections.com
Fingerprint4A:C7:E9:02:83:23:1D:7C:E2:55:F2:11:13:39:98:BD:CA:AB:0C:3E
ValidityMon, 06 May 2024 10:19:46 GMT - Sun, 04 Aug 2024 10:19:45 GMT

File type
data
Size
15 kB (15282 bytes)
Hash
e0d59d6ed168d267f719e75607f8d290
60c399fabf571697c260e0254d173fa33d3ba860
0afd7c6adb842ad22bf6604f1f38f9073ef8af9e336c27265d68e49ab9a6134f

HTTP Headers

POST /Trquinlevan@lernerco.com HTTP/1.1
Host: kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/Trquinlevan@lernerco.com?__cf_chl_tk=j7VV0rJ6Ed9b6ANbj3Y.NvaqRYdoxIfA8.rcEmaSP5g-1715178148-0.0.1.1-1685
Content-Type: application/x-www-form-urlencoded
Content-Length: 4753
Origin: https://kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Wed, 08 May 2024 14:22:37 GMT
content-type: text/html; charset=UTF-8
location: ./beebb091955c06fa68b3eb8afc0bae51663b8aadd6ac9PASbeebb091955c06fa68b3eb8afc0bae51663b8aadd6aca
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: cf_clearance=CiQYkbbYvl7.ZoE0eJc.Qoh7blt2UAFVHML2buA.Y8A-1715178148-1.0.1.1-pJmd54J.Pn9AfWG.x5bvCJfGv237xMUmQyrXL02hJXeuunTasfilb4_6XjoED4UiwkVxE_XxNOYpo_t2mYpRrg; Path=/; Expires=Thu, 08-May-25 14:22:37 GMT; Domain=.intermediaselections.com; HttpOnly; Secure; SameSite=None; Partitioned
PHPSESSID=f91c6fff9f6c1acdfa34147ec8804943; path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yXCHjKNyfPRYLee5WYalzg34Kwx2g9praRGLZxj%2B3IyQx1yiacXMsucg7X%2F9mWhb7uJmR14x1Fc9MLZIbP%2BrZktaaAH6SOvhwqmkL9gd5l0HzaXV82AyhquEgynshQmIIL6gto%2BbFPLZRgravV7kUUcmWKDJuerJdMjkPc%2BhC7%2FolBNIwX1TRFjEzdl8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880a1a5c6a3a5699-OSL
alt-svc: h3=":443"; ma=86400

kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/jq/6f030cd5f96a8cf6fe558ef446f60aef663b8aade9b18

172.67.194.207

200 OK

36 kB

URL GET HTTP/3
kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/jq/6f030cd5f96a8cf6fe558ef446f60aef663b8aade9b18
IP
172.67.194.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/beebb091955c06fa68b3eb8afc0bae51663b8aadd6ac9PASbeebb091955c06fa68b3eb8afc0bae51663b8aadd6aca
Certificate
IssuerLet's Encrypt
Subjectintermediaselections.com
Fingerprint4A:C7:E9:02:83:23:1D:7C:E2:55:F2:11:13:39:98:BD:CA:AB:0C:3E
ValidityMon, 06 May 2024 10:19:46 GMT - Sun, 04 Aug 2024 10:19:45 GMT

File type
JavaScript source, ASCII text, with very long lines (32065)
Size
36 kB (35671 bytes)
Hash
2f6b11a7e914718e0290410e85366fe9
69bb69e25ca7d5ef0935317584e6153f3fd9a88c
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /jq/6f030cd5f96a8cf6fe558ef446f60aef663b8aade9b18 HTTP/1.1
Host: kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/beebb091955c06fa68b3eb8afc0bae51663b8aadd6ac9PASbeebb091955c06fa68b3eb8afc0bae51663b8aadd6aca
Cookie: cf_clearance=CiQYkbbYvl7.ZoE0eJc.Qoh7blt2UAFVHML2buA.Y8A-1715178148-1.0.1.1-pJmd54J.Pn9AfWG.x5bvCJfGv237xMUmQyrXL02hJXeuunTasfilb4_6XjoED4UiwkVxE_XxNOYpo_t2mYpRrg; PHPSESSID=f91c6fff9f6c1acdfa34147ec8804943
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 14:22:38 GMT
content-type: text/javascript
last-modified: Mon, 06 May 2024 11:39:52 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z5bX44dWh5tDgFI6%2Boi5dyZbG9%2B2YZkyiSab1fa93GNVdRm3uSNld15X6HL%2BXNIqsMangA7iGeYpiUmp1XUcCjBQtN0pZyiG045c3W7pc5KWJSn4zAECot1M9XM8yWPwtrm9bRcImdJkG%2FWFqwB3Ebc5w5GB6iC2wJrRQR3%2FfuQTrz5snoUKuT%2B%2FhWt2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880a1a600ef45699-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/ASSETS/img/LIMG-663b8aaed2784.css

172.67.194.207

200 OK

8.3 kB

URL GET HTTP/3
kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/ASSETS/img/LIMG-663b8aaed2784.css
IP
172.67.194.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/beebb091955c06fa68b3eb8afc0bae51663b8aadd6ac9PASbeebb091955c06fa68b3eb8afc0bae51663b8aadd6aca
Certificate
IssuerLet's Encrypt
Subjectintermediaselections.com
Fingerprint4A:C7:E9:02:83:23:1D:7C:E2:55:F2:11:13:39:98:BD:CA:AB:0C:3E
ValidityMon, 06 May 2024 10:19:46 GMT - Sun, 04 Aug 2024 10:19:45 GMT

File type
PNG image data, 108 x 24, 8-bit colormap, non-interlaced
Size
8.3 kB (8260 bytes)
Hash
d7810f24ea82fdf4787c541c17dfeb80
798a952473100e3fb95bb7ec3b1fcc95d23d71e6
56e7ed6d425a11abe8355f438adc0c07e9c405d51a7fa663df74cc5dae6899bc

HTTP Headers

GET /ASSETS/img/LIMG-663b8aaed2784.css HTTP/1.1
Host: kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=CiQYkbbYvl7.ZoE0eJc.Qoh7blt2UAFVHML2buA.Y8A-1715178148-1.0.1.1-pJmd54J.Pn9AfWG.x5bvCJfGv237xMUmQyrXL02hJXeuunTasfilb4_6XjoED4UiwkVxE_XxNOYpo_t2mYpRrg; PHPSESSID=f91c6fff9f6c1acdfa34147ec8804943
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 14:22:39 GMT
content-type: image/png
last-modified: Mon, 06 May 2024 11:39:52 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fG3cQe3qJig%2BSAFL0Y%2F7QxdzCu4cpL4t7LU%2FAe5cTRD4a0zBK%2BnJYlCAZJ798BWCIjfctZs7oS8UUxOD67TIWDz0%2Fiwg2C2FAoDZ8VMSXi%2B4zhTW3ClyyeQx92BZDbiF7xONiG5UGB2WBVz5apCcgjkj%2FjZwBUH95EIq%2BdGUYy4yRpOaxaJQftXHRQ9o"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880a1a654e3b5699-OSL
alt-svc: h3=":443"; ma=86400

kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/favicon.ico

172.67.194.207

404 Not Found

315 B

URL GET HTTP/3
kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/favicon.ico
IP
172.67.194.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/beebb091955c06fa68b3eb8afc0bae51663b8aadd6ac9PASbeebb091955c06fa68b3eb8afc0bae51663b8aadd6aca
Certificate
IssuerLet's Encrypt
Subjectintermediaselections.com
Fingerprint4A:C7:E9:02:83:23:1D:7C:E2:55:F2:11:13:39:98:BD:CA:AB:0C:3E
ValidityMon, 06 May 2024 10:19:46 GMT - Sun, 04 Aug 2024 10:19:45 GMT

File type
HTML document, ASCII text, with very long lines (326), with no line terminators
Size
315 B (315 bytes)
Hash
97ef40509b73c101d6815511c3adf98d
a4242322497ea630ea72e26ba297a95a2bbe5ccd
322c1f60d9d454c801f7cff3173ef16b61cf9963a64e09a4d9e21d36218b56be

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/beebb091955c06fa68b3eb8afc0bae51663b8aadd6ac9PASbeebb091955c06fa68b3eb8afc0bae51663b8aadd6aca
Cookie: cf_clearance=CiQYkbbYvl7.ZoE0eJc.Qoh7blt2UAFVHML2buA.Y8A-1715178148-1.0.1.1-pJmd54J.Pn9AfWG.x5bvCJfGv237xMUmQyrXL02hJXeuunTasfilb4_6XjoED4UiwkVxE_XxNOYpo_t2mYpRrg; PHPSESSID=f91c6fff9f6c1acdfa34147ec8804943
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Wed, 08 May 2024 14:22:38 GMT
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-cache-status: HIT
age: 133
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xFdCDcAyR1RmJIFzcGsGxDdn9BLul%2FoyD3RxGGHmThOe1Ei82eT82HRH3epgbq3jL%2BZTCP7rKmQTIDSQU%2FAcD9NYlTkpZggdozk3xKdI48lup76%2FdcNMGo7tb4JDxU5n5QEMoaZl73TvQgY9owIZfRa8kIvoDWva8o6dWKO1PEzObAzbSJ07I6vnPvQW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880a1a62ca885699-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/api-as1f?email=rquinlevan@lernerco.com&data=background

172.67.194.207

200 OK

133 B

URL GET HTTP/3
kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/api-as1f?email=rquinlevan@lernerco.com&data=background
IP
172.67.194.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/beebb091955c06fa68b3eb8afc0bae51663b8aadd6ac9PASbeebb091955c06fa68b3eb8afc0bae51663b8aadd6aca
Certificate
IssuerLet's Encrypt
Subjectintermediaselections.com
Fingerprint4A:C7:E9:02:83:23:1D:7C:E2:55:F2:11:13:39:98:BD:CA:AB:0C:3E
ValidityMon, 06 May 2024 10:19:46 GMT - Sun, 04 Aug 2024 10:19:45 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
133 B (133 bytes)
Hash
338f201cd5bc63adc095db2789ab0e82
8db003f7d4109074bb7b28a5335c16d09bbc94db
063ab53020cda50366d17a44bb76bb23af5fd7b9a2c216eb207b6cba2634611d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /api-as1f?email=rquinlevan@lernerco.com&data=background HTTP/1.1
Host: kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/beebb091955c06fa68b3eb8afc0bae51663b8aadd6ac9PASbeebb091955c06fa68b3eb8afc0bae51663b8aadd6aca
Cookie: cf_clearance=CiQYkbbYvl7.ZoE0eJc.Qoh7blt2UAFVHML2buA.Y8A-1715178148-1.0.1.1-pJmd54J.Pn9AfWG.x5bvCJfGv237xMUmQyrXL02hJXeuunTasfilb4_6XjoED4UiwkVxE_XxNOYpo_t2mYpRrg; PHPSESSID=f91c6fff9f6c1acdfa34147ec8804943
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 14:22:39 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tk3oYnYfYuaOpZ%2B2w24zpLMzOoY2UNhYA4JBTIec2tEoqndu78RaziTBUCRixa2S%2Fn6QkOx9bkked7kfxKZlhag4I41gsM5LcNSUjhgdyxVv39BYBVjXLRDW9FYY0CjeuBeJVAjEYhqReubSBwUe6GnTfSJF5S%2BU4mTx94uWpe4m0bmo%2FD0fgfrCqkQp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880a1a632b275699-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/beebb091955c06fa68b3eb8afc0bae51663b8aadd6ac9PASbeebb091955c06fa68b3eb8afc0bae51663b8aadd6aca

172.67.194.207

200 OK

5.5 kB

URL User Request GET HTTP/3
kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/beebb091955c06fa68b3eb8afc0bae51663b8aadd6ac9PASbeebb091955c06fa68b3eb8afc0bae51663b8aadd6aca
IP
172.67.194.207:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectintermediaselections.com
Fingerprint4A:C7:E9:02:83:23:1D:7C:E2:55:F2:11:13:39:98:BD:CA:AB:0C:3E
ValidityMon, 06 May 2024 10:19:46 GMT - Sun, 04 Aug 2024 10:19:45 GMT

File type
HTML document, ASCII text, with very long lines (5541), with no line terminators
Size
5.5 kB (5502 bytes)
Hash
fd2af7d248c5c5ddd7c7457979efcf3c
d447e767147ae4bca48969cceaf6ed371f2f9688
4297838dda68192d7ed93916aab590a094e47228de61ab88423e18b008183f67

HTTP Headers

GET /beebb091955c06fa68b3eb8afc0bae51663b8aadd6ac9PASbeebb091955c06fa68b3eb8afc0bae51663b8aadd6aca HTTP/1.1
Host: kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/Trquinlevan@lernerco.com?__cf_chl_tk=j7VV0rJ6Ed9b6ANbj3Y.NvaqRYdoxIfA8.rcEmaSP5g-1715178148-0.0.1.1-1685
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=CiQYkbbYvl7.ZoE0eJc.Qoh7blt2UAFVHML2buA.Y8A-1715178148-1.0.1.1-pJmd54J.Pn9AfWG.x5bvCJfGv237xMUmQyrXL02hJXeuunTasfilb4_6XjoED4UiwkVxE_XxNOYpo_t2mYpRrg; PHPSESSID=f91c6fff9f6c1acdfa34147ec8804943
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 14:22:37 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mUr9JC7FCjV0s%2ByIfqZWQrgGDYu%2B%2FPZyRDfrl0pzwCLkWrU8sKjdjQlUG%2BODInp0jy7vuGFpNT1uATuq4%2BUj0j%2BvSYjV%2BR4yiqMbM0b6%2FwzewqHWX9wCM8iv6v%2FX95aa7RIX5yepGnjcpvwqSekCZTgSV%2FCsDfQjAJ7Ml8LolvH2g3bCkldBHNDYqUbC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880a1a5efd9d5699-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

unpkg.com/axios/dist/axios.min.js

104.17.247.203

302 Found

42 kB

URL GET HTTP/2
unpkg.com/axios/dist/axios.min.js
IP
104.17.247.203:443
ASN
#13335 CLOUDFLARENET

Requested by
https://kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/beebb091955c06fa68b3eb8afc0bae51663b8aadd6ac9PASbeebb091955c06fa68b3eb8afc0bae51663b8aadd6aca
Certificate
IssuerGoogle Trust Services LLC
Subjectunpkg.com
Fingerprint2E:F1:F6:31:28:EC:29:20:41:F4:58:4B:B1:CF:51:16:77:7E:BF:E3
ValidityMon, 01 Apr 2024 02:40:24 GMT - Sun, 30 Jun 2024 02:40:23 GMT

File type

Size
42 kB (41481 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /axios/dist/axios.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Wed, 08 May 2024 14:22:38 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /axios@1.6.8/dist/axios.min.js
vary: Accept, Accept-Encoding
content-encoding: br
via: 1.1 fly.io
fly-request-id: 01HXC8XY0P5BQ7ZXSZAQMC6AJW-arn
cf-cache-status: HIT
age: 442
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 880a1a601a6a56b1-OSL
X-Firefox-Spdy: h2

unpkg.com/axios@1.6.8/dist/axios.min.js

104.17.247.203

200 OK

42 kB

URL GET HTTP/2
unpkg.com/axios@1.6.8/dist/axios.min.js
IP
104.17.247.203:443
ASN
#13335 CLOUDFLARENET

Requested by
https://kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/beebb091955c06fa68b3eb8afc0bae51663b8aadd6ac9PASbeebb091955c06fa68b3eb8afc0bae51663b8aadd6aca
Certificate
IssuerGoogle Trust Services LLC
Subjectunpkg.com
Fingerprint2E:F1:F6:31:28:EC:29:20:41:F4:58:4B:B1:CF:51:16:77:7E:BF:E3
ValidityMon, 01 Apr 2024 02:40:24 GMT - Sun, 30 Jun 2024 02:40:23 GMT

File type
JavaScript source, ASCII text, with very long lines (41442)
Size
42 kB (41481 bytes)
Hash
3b5b3d36fde8ffe8ed76b1efbfc65410
d63107d0912fdb387530d5ce2d512c928d73d122
29d600462a30694efd15b9848b4ca42d178cd067009275c35a30580121114304

HTTP Headers

GET /axios@1.6.8/dist/axios.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 14:22:38 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
content-encoding: br
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: "a209-1jEH0JEv2zh1MNXOLVEsko1z0SI"
via: 1.1 fly.io
fly-request-id: 01HWR4SQ10CZK3T39W1B2GFCAN-arn
cf-cache-status: HIT
age: 675864
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 880a1a603a8d56b1-OSL
X-Firefox-Spdy: h2

kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/e/6f030cd5f96a8cf6fe558ef446f60aef663b8aae6f2f7

172.67.194.207

200 OK

513 B

URL GET HTTP/3
kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/e/6f030cd5f96a8cf6fe558ef446f60aef663b8aae6f2f7
IP
172.67.194.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/beebb091955c06fa68b3eb8afc0bae51663b8aadd6ac9PASbeebb091955c06fa68b3eb8afc0bae51663b8aadd6aca
Certificate
IssuerLet's Encrypt
Subjectintermediaselections.com
Fingerprint4A:C7:E9:02:83:23:1D:7C:E2:55:F2:11:13:39:98:BD:CA:AB:0C:3E
ValidityMon, 06 May 2024 10:19:46 GMT - Sun, 04 Aug 2024 10:19:45 GMT

File type
SVG Scalable Vector Graphics image
Size
513 B (513 bytes)
Hash
adc405f5fd089662209870ca5d2106f7
3a8b776df84bf251afc6ddd802cc5bbeddfb0e36
e7bacc97751689afaae192e103fe9851664365c57c7d783560860ad456db7e49

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /e/6f030cd5f96a8cf6fe558ef446f60aef663b8aae6f2f7 HTTP/1.1
Host: kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/beebb091955c06fa68b3eb8afc0bae51663b8aadd6ac9PASbeebb091955c06fa68b3eb8afc0bae51663b8aadd6aca
Cookie: cf_clearance=CiQYkbbYvl7.ZoE0eJc.Qoh7blt2UAFVHML2buA.Y8A-1715178148-1.0.1.1-pJmd54J.Pn9AfWG.x5bvCJfGv237xMUmQyrXL02hJXeuunTasfilb4_6XjoED4UiwkVxE_XxNOYpo_t2mYpRrg; PHPSESSID=f91c6fff9f6c1acdfa34147ec8804943
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 14:22:38 GMT
content-type: image/svg+xml
last-modified: Mon, 06 May 2024 11:39:52 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zk4nkxLg0pGexQlk1Zm3Hdaz1icYIGCTVhJQR9KZ3%2Fy8Po%2FMikCDppVqio8XxynZ93R3vPZC1rUrgyOhdceP60zTE%2BXrkSn5DOGt1kTwfoO7OC9LaWaajMgof%2FHIxABSl1XecDkQP3wVNblFlgG0qJBvnlr05qFXlqswdFz2xor4ybJj9gdIGikOUlkX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880a1a630afe5699-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/2

172.67.194.207

200 OK

37 kB

URL GET HTTP/3
kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/2
IP
172.67.194.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/beebb091955c06fa68b3eb8afc0bae51663b8aadd6ac9PASbeebb091955c06fa68b3eb8afc0bae51663b8aadd6aca
Certificate
IssuerLet's Encrypt
Subjectintermediaselections.com
Fingerprint4A:C7:E9:02:83:23:1D:7C:E2:55:F2:11:13:39:98:BD:CA:AB:0C:3E
ValidityMon, 06 May 2024 10:19:46 GMT - Sun, 04 Aug 2024 10:19:45 GMT

File type

Size
37 kB (37195 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /2 HTTP/1.1
Host: kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/beebb091955c06fa68b3eb8afc0bae51663b8aadd6ac9PASbeebb091955c06fa68b3eb8afc0bae51663b8aadd6aca
Cookie: cf_clearance=CiQYkbbYvl7.ZoE0eJc.Qoh7blt2UAFVHML2buA.Y8A-1715178148-1.0.1.1-pJmd54J.Pn9AfWG.x5bvCJfGv237xMUmQyrXL02hJXeuunTasfilb4_6XjoED4UiwkVxE_XxNOYpo_t2mYpRrg; PHPSESSID=f91c6fff9f6c1acdfa34147ec8804943
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 14:22:38 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Tj3rB2jp167Q7X%2B3g%2Fh7gL7qIEoTgTnN45gn%2BVBHMYTj1J8zTUWp15b97rx6iqb7k5hHg2UTdtpZwRnNxNMDV4F3qXD31yb%2FCrjTdYb2jXVbJG7Roku899Om%2B0ti5zhtaqTH2f6fZNwuCmxZNydrW8dac69uibEinV7JUYBGelsiQ1ftud0Y%2B6PuNuOS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880a1a6219835699-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/ic/6f030cd5f96a8cf6fe558ef446f60aef663b8aae6f1c1

172.67.194.207

200 OK

17 kB

URL GET HTTP/3
kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/ic/6f030cd5f96a8cf6fe558ef446f60aef663b8aae6f1c1
IP
172.67.194.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/beebb091955c06fa68b3eb8afc0bae51663b8aadd6ac9PASbeebb091955c06fa68b3eb8afc0bae51663b8aadd6aca
Certificate
IssuerLet's Encrypt
Subjectintermediaselections.com
Fingerprint4A:C7:E9:02:83:23:1D:7C:E2:55:F2:11:13:39:98:BD:CA:AB:0C:3E
ValidityMon, 06 May 2024 10:19:46 GMT - Sun, 04 Aug 2024 10:19:45 GMT

File type
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Size
17 kB (17174 bytes)
Hash
12e3dac858061d088023b2bd48e2fa96
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /ic/6f030cd5f96a8cf6fe558ef446f60aef663b8aae6f1c1 HTTP/1.1
Host: kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/beebb091955c06fa68b3eb8afc0bae51663b8aadd6ac9PASbeebb091955c06fa68b3eb8afc0bae51663b8aadd6aca
Cookie: cf_clearance=CiQYkbbYvl7.ZoE0eJc.Qoh7blt2UAFVHML2buA.Y8A-1715178148-1.0.1.1-pJmd54J.Pn9AfWG.x5bvCJfGv237xMUmQyrXL02hJXeuunTasfilb4_6XjoED4UiwkVxE_XxNOYpo_t2mYpRrg; PHPSESSID=f91c6fff9f6c1acdfa34147ec8804943
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 14:22:39 GMT
content-type: image/x-icon
last-modified: Mon, 06 May 2024 11:39:52 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BCEN5pWM3I%2BJptdGCeoQfEfk6eBGJyGnsqWe375vbbozpl%2BfjR%2BzxU3geAyWtBPQ09c373%2B6esvNrYHj2lGkDTAqIcT3ue2cexyhqNLJQppwzS%2Bi0Kq%2BpKbU%2FK44hfJhfQt%2B3oGXnkARSqjml2xmS%2BBxxT%2BcZiGRBqrjNhjyjLEQdFGVUqdUrGYYV1Rh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880a1a668fc75699-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/APP-A0MF8Q/6f030cd5f96a8cf6fe558ef446f60aef663b8aae6f1ce

172.67.194.207

200 OK

105 kB

URL GET HTTP/3
kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/APP-A0MF8Q/6f030cd5f96a8cf6fe558ef446f60aef663b8aae6f1ce
IP
172.67.194.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/beebb091955c06fa68b3eb8afc0bae51663b8aadd6ac9PASbeebb091955c06fa68b3eb8afc0bae51663b8aadd6aca
Certificate
IssuerLet's Encrypt
Subjectintermediaselections.com
Fingerprint4A:C7:E9:02:83:23:1D:7C:E2:55:F2:11:13:39:98:BD:CA:AB:0C:3E
ValidityMon, 06 May 2024 10:19:46 GMT - Sun, 04 Aug 2024 10:19:45 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
105 kB (105369 bytes)
Hash
8e6b0f88563f9c33f78bce65cf287df7
ef7765cd2a7d64ed27dd7344702597aff6f8c397
a7057bebfff43e7281ca31da00d40bd88c8d02d1576b9c45891dd56a3853269a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /APP-A0MF8Q/6f030cd5f96a8cf6fe558ef446f60aef663b8aae6f1ce HTTP/1.1
Host: kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/beebb091955c06fa68b3eb8afc0bae51663b8aadd6ac9PASbeebb091955c06fa68b3eb8afc0bae51663b8aadd6aca
Cookie: cf_clearance=CiQYkbbYvl7.ZoE0eJc.Qoh7blt2UAFVHML2buA.Y8A-1715178148-1.0.1.1-pJmd54J.Pn9AfWG.x5bvCJfGv237xMUmQyrXL02hJXeuunTasfilb4_6XjoED4UiwkVxE_XxNOYpo_t2mYpRrg; PHPSESSID=f91c6fff9f6c1acdfa34147ec8804943
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 14:22:38 GMT
content-type: text/css
last-modified: Mon, 06 May 2024 11:39:52 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NmS%2BkzCssk4uERmu8wb5XOmMa4Nluy1OG0xxWuz%2FcQxbM%2FtEwdDRffL5%2FQmmJihdNy2goyn2YIWx2BeJidDvSpYveOLMTI7aEV1HR4%2B0RJ%2FqmxD%2BMCuTNilFDenDkuDAniA%2B7moHF9avR5bbRvv%2Bz7z4GlHSrCQNcIsXNmxMlVYZ30mG1cAVwwgQfUPG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880a1a632b355699-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/boot/6f030cd5f96a8cf6fe558ef446f60aef663b8aade9b20

172.67.194.207

200 OK

51 kB

URL GET HTTP/3
kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/boot/6f030cd5f96a8cf6fe558ef446f60aef663b8aade9b20
IP
172.67.194.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/beebb091955c06fa68b3eb8afc0bae51663b8aadd6ac9PASbeebb091955c06fa68b3eb8afc0bae51663b8aadd6aca
Certificate
IssuerLet's Encrypt
Subjectintermediaselections.com
Fingerprint4A:C7:E9:02:83:23:1D:7C:E2:55:F2:11:13:39:98:BD:CA:AB:0C:3E
ValidityMon, 06 May 2024 10:19:46 GMT - Sun, 04 Aug 2024 10:19:45 GMT

File type
JavaScript source, ASCII text, with very long lines (50758)
Size
51 kB (51039 bytes)
Hash
67176c242e1bdc20603c878dee836df3
27a71b00383d61ef3c489326b3564d698fc1227c
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /boot/6f030cd5f96a8cf6fe558ef446f60aef663b8aade9b20 HTTP/1.1
Host: kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/beebb091955c06fa68b3eb8afc0bae51663b8aadd6ac9PASbeebb091955c06fa68b3eb8afc0bae51663b8aadd6aca
Cookie: cf_clearance=CiQYkbbYvl7.ZoE0eJc.Qoh7blt2UAFVHML2buA.Y8A-1715178148-1.0.1.1-pJmd54J.Pn9AfWG.x5bvCJfGv237xMUmQyrXL02hJXeuunTasfilb4_6XjoED4UiwkVxE_XxNOYpo_t2mYpRrg; PHPSESSID=f91c6fff9f6c1acdfa34147ec8804943
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 14:22:38 GMT
content-type: text/javascript
last-modified: Mon, 06 May 2024 11:39:52 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yhhlB3RvK3oCWVPyn%2BmQn3JJysP6Y2%2FcQBkf2MDTib1KAc0shtC4aOq2KheOorUxDq1aVKKuJ3TUle3q5oU8Cph8YmZZWxQ5wgYARCz6s%2FPZMPgMdbOlA9sWYzqG368hTXdXd%2BD%2FLnHHSJ8PZw4jKA9yHOMu%2FXJOPdH0Lz%2FFPnEjorg83TwjnsI2Y6hO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880a1a600ef75699-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/jm/6f030cd5f96a8cf6fe558ef446f60aef663b8aade9b22

172.67.194.207

200 OK

6.4 kB

URL GET HTTP/3
kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/jm/6f030cd5f96a8cf6fe558ef446f60aef663b8aade9b22
IP
172.67.194.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/beebb091955c06fa68b3eb8afc0bae51663b8aadd6ac9PASbeebb091955c06fa68b3eb8afc0bae51663b8aadd6aca
Certificate
IssuerLet's Encrypt
Subjectintermediaselections.com
Fingerprint4A:C7:E9:02:83:23:1D:7C:E2:55:F2:11:13:39:98:BD:CA:AB:0C:3E
ValidityMon, 06 May 2024 10:19:46 GMT - Sun, 04 Aug 2024 10:19:45 GMT

File type
JavaScript source, ASCII text, with very long lines (6376), with no line terminators
Size
6.4 kB (6357 bytes)
Hash
1e07a363eef4b40ab4a38d5e4371da5c
7351be2a378540a016aec380141927221a45f19b
01ba4de80540981fd34be681b5c1fce8b205e341ac6fa73a61817068ff566510

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /jm/6f030cd5f96a8cf6fe558ef446f60aef663b8aade9b22 HTTP/1.1
Host: kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/beebb091955c06fa68b3eb8afc0bae51663b8aadd6ac9PASbeebb091955c06fa68b3eb8afc0bae51663b8aadd6aca
Cookie: cf_clearance=CiQYkbbYvl7.ZoE0eJc.Qoh7blt2UAFVHML2buA.Y8A-1715178148-1.0.1.1-pJmd54J.Pn9AfWG.x5bvCJfGv237xMUmQyrXL02hJXeuunTasfilb4_6XjoED4UiwkVxE_XxNOYpo_t2mYpRrg; PHPSESSID=f91c6fff9f6c1acdfa34147ec8804943
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 14:22:38 GMT
content-type: text/javascript
last-modified: Mon, 06 May 2024 11:39:52 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ilVg%2F8NkXOGMwXw5ZATS%2FodGM7PjEozQxT3vIruZM30KK4qUjcTMWL4BGb8SrlJ7%2B14OVWFDqLN5T6wDwFEaDjgo7XEs%2FasO%2FSATqf69KfFcVPjqVThK0z39jk2IsdcUxc%2BoH%2B9LXRs4uMxdcmWtj7m%2B%2FeIPbakkpL9zslIn3ZcuKoe6gWvD2nOHV%2FGL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880a1a600ef95699-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/ASSETS/img/BIMG-663b8aaf15edf.css

172.67.194.207

200 OK

306 kB

URL GET HTTP/3
kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/ASSETS/img/BIMG-663b8aaf15edf.css
IP
172.67.194.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/beebb091955c06fa68b3eb8afc0bae51663b8aadd6ac9PASbeebb091955c06fa68b3eb8afc0bae51663b8aadd6aca
Certificate
IssuerLet's Encrypt
Subjectintermediaselections.com
Fingerprint4A:C7:E9:02:83:23:1D:7C:E2:55:F2:11:13:39:98:BD:CA:AB:0C:3E
ValidityMon, 06 May 2024 10:19:46 GMT - Sun, 04 Aug 2024 10:19:45 GMT

File type
PNG image data, 1920 x 1080, 8-bit/color RGBA, non-interlaced
Size
306 kB (306493 bytes)
Hash
7d07c247e8dfd5bfaf9a7169b5c402bd
392cc7836ca5418f3e65cc67f5680b2a359399dc
345f500582fb5cfc20df5426c6b54bb0bcaa62eb0249a4a661dc9716a9edc006

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /ASSETS/img/BIMG-663b8aaf15edf.css HTTP/1.1
Host: kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=CiQYkbbYvl7.ZoE0eJc.Qoh7blt2UAFVHML2buA.Y8A-1715178148-1.0.1.1-pJmd54J.Pn9AfWG.x5bvCJfGv237xMUmQyrXL02hJXeuunTasfilb4_6XjoED4UiwkVxE_XxNOYpo_t2mYpRrg; PHPSESSID=f91c6fff9f6c1acdfa34147ec8804943
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 14:22:39 GMT
content-type: image/png
last-modified: Mon, 06 May 2024 11:39:52 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NnGK5yBXJv%2Fj7jd2HhnpVkeNfWZlNry7v0f4Ux2ftfaUSdAPiSGLSDCbtW%2BxKR2Yj04%2BWbAXfbu8z1UPMUrjxscno1mZurRC6PucnLCz3a2FUEQanQYonItyet3T6I%2F5IxPCblv6SD0%2BH%2FmxGccGXjHO7TaOv9%2BA6UqTdmYJ14J3KLPfSJ7gZxyOg12G"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880a1a669fee5699-OSL
alt-svc: h3=":443"; ma=86400

kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/o/6f030cd5f96a8cf6fe558ef446f60aef663b8aae6f2f0

172.67.194.207

200 OK

3.7 kB

URL GET HTTP/3
kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/o/6f030cd5f96a8cf6fe558ef446f60aef663b8aae6f2f0
IP
172.67.194.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/beebb091955c06fa68b3eb8afc0bae51663b8aadd6ac9PASbeebb091955c06fa68b3eb8afc0bae51663b8aadd6aca
Certificate
IssuerLet's Encrypt
Subjectintermediaselections.com
Fingerprint4A:C7:E9:02:83:23:1D:7C:E2:55:F2:11:13:39:98:BD:CA:AB:0C:3E
ValidityMon, 06 May 2024 10:19:46 GMT - Sun, 04 Aug 2024 10:19:45 GMT

File type
SVG Scalable Vector Graphics image
Size
3.7 kB (3651 bytes)
Hash
d633a913e6f3b1f45774b9874dfc85e0
5ba1344048578062c93cfddfdf8458477eaca476
c1fbfbd9a81fc4d9c9539a65bdfb4c6738926b8d4681b0346706196413e92714

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /o/6f030cd5f96a8cf6fe558ef446f60aef663b8aae6f2f0 HTTP/1.1
Host: kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/beebb091955c06fa68b3eb8afc0bae51663b8aadd6ac9PASbeebb091955c06fa68b3eb8afc0bae51663b8aadd6aca
Cookie: cf_clearance=CiQYkbbYvl7.ZoE0eJc.Qoh7blt2UAFVHML2buA.Y8A-1715178148-1.0.1.1-pJmd54J.Pn9AfWG.x5bvCJfGv237xMUmQyrXL02hJXeuunTasfilb4_6XjoED4UiwkVxE_XxNOYpo_t2mYpRrg; PHPSESSID=f91c6fff9f6c1acdfa34147ec8804943
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 14:22:38 GMT
content-type: image/svg+xml
last-modified: Mon, 06 May 2024 11:39:52 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=siZxsy5Zte5OfVvU5EQ3cIvYprVKOKnhxZJBEgb2G6MPoyknUt3PD9ueZXTYJDCBEzquuecEo9zboMAIRXR%2FhzLDxKiFSqHMVQbR2bmkFAEtNKE9NldPrpSPTIe63oNRtcILi%2FRmsOHChAilHq2SCwrljO4Z5wU%2FYKQgFMPJTTd63HFPiRT7KvxuZhkh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880a1a630af85699-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/api-as1f?email=rquinlevan@lernerco.com&data=logo

172.67.194.207

200 OK

127 B

URL GET HTTP/3
kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/api-as1f?email=rquinlevan@lernerco.com&data=logo
IP
172.67.194.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/beebb091955c06fa68b3eb8afc0bae51663b8aadd6ac9PASbeebb091955c06fa68b3eb8afc0bae51663b8aadd6aca
Certificate
IssuerLet's Encrypt
Subjectintermediaselections.com
Fingerprint4A:C7:E9:02:83:23:1D:7C:E2:55:F2:11:13:39:98:BD:CA:AB:0C:3E
ValidityMon, 06 May 2024 10:19:46 GMT - Sun, 04 Aug 2024 10:19:45 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
127 B (127 bytes)
Hash
06f7973fc599d3c186f51f45af0bd55a
3e7baf58f76cb809512e90cd7ccdbf9d7e966785
27c3ebe9b1186b836daea8ab8e9525a72176324a2eb23ebce49fd04ea24b32b1

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /api-as1f?email=rquinlevan@lernerco.com&data=logo HTTP/1.1
Host: kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdiiakfwpaknfoowrpkjaldoqalo03u1j.intermediaselections.com/beebb091955c06fa68b3eb8afc0bae51663b8aadd6ac9PASbeebb091955c06fa68b3eb8afc0bae51663b8aadd6aca
Cookie: cf_clearance=CiQYkbbYvl7.ZoE0eJc.Qoh7blt2UAFVHML2buA.Y8A-1715178148-1.0.1.1-pJmd54J.Pn9AfWG.x5bvCJfGv237xMUmQyrXL02hJXeuunTasfilb4_6XjoED4UiwkVxE_XxNOYpo_t2mYpRrg; PHPSESSID=f91c6fff9f6c1acdfa34147ec8804943
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 14:22:38 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0Dsw9WSQukfe2UkSL2BZxVjdkLcGOvZhB0mfy71N%2B3Sm8zGlIMn0cCBIWFAwGKy3OQAnL7dHRKwuTuJ%2FthNH6PkjM3l9ToOtXlvjYmEb0oIPHGwvi9hIcLiNUu9Sa9ZowE7meebaxgdm%2BunuzqUQXQZ6ezVQQIunMy8LUCf2PQ%2Bde0y%2F4ZG6HSHbbCDJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880a1a631b255699-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (38)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations