Report - massdot-physicals.com/crossler/?/c2hhaW5hQHR4Y29uc3RydWN0aW9ubGF3LmNvbQ==

Report Overview

Submitted URL
massdot-physicals.com/crossler/?/c2hhaW5hQHR4Y29uc3RydWN0aW9ubGF3LmNvbQ==
IP
192.185.97.195
ASN
#19871 NETWORK-SOLUTIONS-HOSTING
Submitted
2024-03-29 14:53:24
Access
public
Website Title
dlfpublicidad.com.ar/blr.htm#shaina@txconstructionlaw.com
Final URL
dlfpublicidad.com.ar/blr.htm#shaina@txconstructionlaw.com
Tags
phishing microsoft outlook
urlquery detections
Phishing - Microsoft Outlook

Detections

urlquery
5
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
dlfpublicidad.com.ar	unknown	2008-08-29	2016-10-02	2024-01-08	1.4 kB	2.0 kB	167.250.5.2
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20	2024-03-28	939 B	20 kB	104.17.3.184
opticamendella.com.ar	unknown	2013-05-13	2015-12-29	2024-03-23	464 B	0 B	0.0.0.0
massdot-physicals.com	unknown	2014-12-23	2017-02-02	2024-03-12	527 B	321 B	192.185.97.195

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-03-29	medium	dlfpublicidad.com.ar/blr.htm	Generic/Spear Phishing
2024-03-29	medium	dlfpublicidad.com.ar/blr.htm	Generic/Spear Phishing

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (1)

	URL	Size	First Seen	Last Seen
	challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback	40 kB	2024-03-22	2024-04-04
Pretty URL challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback IP 104.17.3.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-22 10:31:41 Last Seen2024-04-04 15:54:59 Times Seen3338 Hash 7f3fe50b0f2ad92528ff217c1b608b27 54fc4814c739c7142ef4a5b562140ee764bcbdfc d2e584d67a5b1a868363ed5e83a72ea6bc2cad8a052f64583d0fe95e7fa36e97 Loading...

HTTP Transactions (7)

URL IP Response Size

massdot-physicals.com/crossler/?/c2hhaW5hQHR4Y29uc3RydWN0aW9ubGF3LmNvbQ==

192.185.97.195

125 B

URL
massdot-physicals.com/crossler/?/c2hhaW5hQHR4Y29uc3RydWN0aW9ubGF3LmNvbQ==
IP
192.185.97.195:0
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

File type
HTML document, ASCII text
Size
125 B (125 bytes)
Hash
da50d52b7985cf4150fe24f97cc7429d
8c230c287629b098abdf3f9c7ab4ac448004a5c7
5c8a924ac5f86ff2ce84672473bbf13f89f96b33e0288d13b7eeefb4efe1ae12

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /crossler/?/c2hhaW5hQHR4Y29uc3RydWN0aW9ubGF3LmNvbQ== HTTP/1.1
Host: massdot-physicals.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-length: 125
content-type: text/html; charset=UTF-8
date: Fri, 29 Mar 2024 14:52:59 GMT
server: Apache
X-Firefox-Spdy: h2

dlfpublicidad.com.ar/blr.htm

167.250.5.2

717 B

URL
dlfpublicidad.com.ar/blr.htm
IP
167.250.5.2:0
ASN
#264649 NUT HOST SRL

File type
HTML document, ASCII text, with very long lines (717), with no line terminators
Size
717 B (717 bytes)
Hash
648f96f26c854a22e50b81a486916a2d
b79d8150080154859fa4ac8f47727f448e0033a6
fe3ba2f604a3a20e14e54a787a41211deba3acf79a13d7535c2035781ab21a32

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /blr.htm HTTP/1.1
Host: dlfpublicidad.com.ar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 29 Mar 2024 14:53:00 GMT
server: Apache/2.4.46 (cPanel) OpenSSL/1.1.1h mod_bwlimited/1.4
last-modified: Thu, 28 Mar 2024 16:21:53 GMT
etag: "363ee4-2cd-614baebd1834a"
accept-ranges: bytes
content-length: 717
content-type: text/html
X-Firefox-Spdy: h2

challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback

104.17.3.184

302 Found

0 B

URL GET HTTP/2
challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dlfpublicidad.com.ar/blr.htm#shaina@txconstructionlaw.com
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dlfpublicidad.com.ar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 29 Mar 2024 14:53:00 GMT
content-length: 0
cross-origin-resource-policy: cross-origin
location: /turnstile/v0/g/dc6b543c1346/api.js?onload=onloadTurnstileCallback
access-control-allow-origin: *
cache-control: max-age=300, public
vary: Accept-Encoding
server: cloudflare
cf-ray: 86c0afdedb9356bd-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

challenges.cloudflare.com/turnstile/v0/g/dc6b543c1346/api.js?onload=onloadTurnstileCallback

104.17.3.184

200 OK

20 kB

URL GET HTTP/2
challenges.cloudflare.com/turnstile/v0/g/dc6b543c1346/api.js?onload=onloadTurnstileCallback
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dlfpublicidad.com.ar/blr.htm#shaina@txconstructionlaw.com
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (39928)
Size
20 kB (19604 bytes)
Hash
7f3fe50b0f2ad92528ff217c1b608b27
54fc4814c739c7142ef4a5b562140ee764bcbdfc
d2e584d67a5b1a868363ed5e83a72ea6bc2cad8a052f64583d0fe95e7fa36e97

HTTP Headers

GET /turnstile/v0/g/dc6b543c1346/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dlfpublicidad.com.ar/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 29 Mar 2024 14:53:00 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 86c0afdeeba056bd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

opticamendella.com.ar/installer[24.0]/host[24.0]/admin/js/sc.php?r=ZW0sZW1haWwsYWRk

0.0.0.0

0 B

URL GET
opticamendella.com.ar/installer[24.0]/host[24.0]/admin/js/sc.php?r=ZW0sZW1haWwsYWRk
IP
0.0.0.0:0
ASN
#0

Requested by
https://dlfpublicidad.com.ar/blr.htm#shaina@txconstructionlaw.com

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /installer[24.0]/host[24.0]/admin/js/sc.php?r=ZW0sZW1haWwsYWRk HTTP/1.1
Host: opticamendella.com.ar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dlfpublicidad.com.ar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

dlfpublicidad.com.ar/favicon.ico

0.0.0.0

0 B

URL GET
dlfpublicidad.com.ar/favicon.ico
IP
0.0.0.0:0
ASN
#0

Requested by
https://dlfpublicidad.com.ar/blr.htm#shaina@txconstructionlaw.com

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: dlfpublicidad.com.ar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dlfpublicidad.com.ar/blr.htm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

dlfpublicidad.com.ar/blr.htm

167.250.5.2

200 OK

717 B

URL User Request GET HTTP/2
dlfpublicidad.com.ar/blr.htm
IP
167.250.5.2:443
ASN
#264649 NUT HOST SRL

Certificate
IssuercPanel, Inc.
Subjectdlfpublicidad.com.ar
FingerprintC1:18:A8:FC:2D:79:90:06:D9:71:7E:C9:61:98:E0:47:78:34:E2:02
ValidityMon, 08 Jan 2024 00:00:00 GMT - Sun, 07 Apr 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (754), with no line terminators
Size
717 B (717 bytes)
Hash
9c7eb077bb67943742b1ed66019ca5a9
c4fa9696aa2cf5f270b954cb6214906ae57e238b
6d9cae3e9f941dee95e5d3180053f5be6ab15fc63b3d111b8d5488a601da24a1

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /blr.htm HTTP/1.1
Host: dlfpublicidad.com.ar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 29 Mar 2024 14:53:00 GMT
server: Apache/2.4.46 (cPanel) OpenSSL/1.1.1h mod_bwlimited/1.4
last-modified: Thu, 28 Mar 2024 16:21:53 GMT
etag: "363ee4-2cd-614baebd1834a"
accept-ranges: bytes
content-length: 717
content-type: text/html
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (7)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by