Report - jerfm.com/gkvd/hGhk/2a20367f1bdb7a55184e1bd29ca00492/4LezyZ/Y2FuZGljZS5qb3ljZUBkZmFzLm1pbA==

Report Overview

Submitted URL
jerfm.com/gkvd/hGhk/2a20367f1bdb7a55184e1bd29ca00492/4LezyZ/Y2FuZGljZS5qb3ljZUBkZmFzLm1pbA==
IP
192.99.71.92
ASN
#16276 OVH SAS
Submitted
2024-04-20 11:54:32
Access
public
Website Title
Just a moment...
Final URL
94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=candice.joyce@dfas.mil
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
jerfm.com	unknown	2023-06-27	2015-02-06	2024-04-18	546 B	292 B	192.99.71.92
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20	2024-04-20	5.0 kB	611 kB	104.17.2.184
94e6f5a7.58598891ef09ac737cee0cf3.workers.dev	unknown	2019-02-08	2024-04-12	2024-04-18	1.0 kB	7.7 kB	104.21.88.101

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-04-20 11:54:06	low	Client IP	104.21.88.101	ET INFO Observed Cloudflare workers.dev Domain in TLS SNI

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-16	medium	jerfm.com/gkvd/hGhk/2a20367f1bdb7a55184e1bd29ca00492/4LezyZ/Y2FuZGljZS5qb3ljZUBkZmFzLm1pbA==	Office365
2024-04-14	medium	94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/	Office365
2024-04-14	medium	94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/	Office365

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-20	medium	jerfm.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (47)

	URL	Size	First Seen	Last Seen
	94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=candice.joyce@dfas.mil	311 B	2024-04-12	2024-04-28
Pretty URL 94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=candice.joyce@dfas.mil IP 104.21.88.101 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-12 18:49:52 Last Seen2024-04-28 15:07:35 Times Seen74 Hash aaca1f4d05478b4382beddfdbd4a854b dba5271c67fe07d2293e8f75306005638e170bee 4c1c37fca410fb27d54bf20678f64596e20d27eb6ca088f60eaaa23394a97058 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8774f012ea2f5689	440 kB	2024-04-20	2024-04-20
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8774f012ea2f5689 IP 104.17.2.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-20 13:54:32 Last Seen2024-04-20 13:54:33 Times Seen2 Hash f01ed0b3f00341b2617196165ebd6720 8cf78cced63256fb8c7b50562f2717502bd1d59a 56f409db1f8c458c3051bea6be711889e411fca4741b3cf1060d8069f03b8983 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/racyg/0x4AAAAAAAW-lbDQI7I0Z-Zf/auto/normal	3.6 kB	2024-04-20	2024-04-20
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/racyg/0x4AAAAAAAW-lbDQI7I0Z-Zf/auto/normal IP 104.17.2.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-20 13:54:32 Last Seen2024-04-20 13:54:32 Times Seen1 Hash 9d089a5849d9a63bae1090444568a3a5 0f651a5ca25c82cc86b86353bbbe5b0578ea7c07 25d373d52f28499f3f27f476f67bec5f71e266ec6e78c3e7c139d845acded0cc Loading...

	challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback	42 kB	2024-04-18	2024-04-29
Pretty URL challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback IP 104.17.2.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 21:08:49 Last Seen2024-04-29 16:17:51 Times Seen2594 Hash f94a2211ce789a95a7c67e8c660d63e8 f1fc19b6bcb96d0a905bf3192aaff0885ff9f36f 926dc3302f99ec05e4206e965ddeb7250f5910a8c38e82c7beafb724bbaaf37b Loading...

		Size	First Seen	Last Seen
	#1 Eval - d61d543ec42c68e29164b83536bf906a	28 B	2024-04-20	2024-04-20
Pretty Observations First Seen2024-04-20 13:54:32 Last Seen2024-04-20 13:54:32 Times Seen1 Hash d61d543ec42c68e29164b83536bf906a 2f0e5631db0e144bd1a34cbccef1dfd8af17a2a4 49007accbf197aabf1dc820098b6176b78c9a586aca410cd89a045fb89adb659 Loading...

	#2 Eval - 35abc5bcf78813222a31a47dc74ec8ef	28 B	2024-04-20	2024-04-20
Pretty Observations First Seen2024-04-20 13:54:32 Last Seen2024-04-20 13:54:32 Times Seen1 Hash 35abc5bcf78813222a31a47dc74ec8ef 06b0354c3caf464ec013592bada11fb657d6577f 3617a38616953f399d8f6a46e8216fca9949350d5d9ddf37a44b50e8dcec1bc4 Loading...

	#3 Eval - 228f174bc222c29b04d735730d6d136f	28 B	2024-04-20	2024-04-20
Pretty Observations First Seen2024-04-20 13:54:32 Last Seen2024-04-20 13:54:32 Times Seen1 Hash 228f174bc222c29b04d735730d6d136f db3a536ecf2361d2c477f40ba51821bfb5531d00 b76f39f20e3f9b4f2cc04f32241526bd897b8993642095fd39ea925d14c07bed Loading...

	#4 Eval - 5af64f72869e236b440ddd0b6778631a	28 B	2024-04-20	2024-04-20
Pretty Observations First Seen2024-04-20 13:54:32 Last Seen2024-04-20 13:54:32 Times Seen1 Hash 5af64f72869e236b440ddd0b6778631a 400f95793a98223aae459116deef44ba289982eb 9c9a9337006671db4346af9fb464f544693743f60f320f9a519dcb9d41e4c373 Loading...

	#5 Eval - 0cd34400c5a1ee47823d907d27b3e569	28 B	2024-04-20	2024-04-20
Pretty Observations First Seen2024-04-20 13:54:32 Last Seen2024-04-20 13:54:32 Times Seen1 Hash 0cd34400c5a1ee47823d907d27b3e569 bc24240eb4fd4c7225dee755742d642eae397b86 eb1e0ae44406cc7bdb23902455e792138669cdb96e082b5c66e5a7c2c9c14b9a Loading...

	#6 Eval - 4bb8506ea96d5b52b1450dfbb94890b2	28 B	2024-04-20	2024-04-20
Pretty Observations First Seen2024-04-20 13:54:32 Last Seen2024-04-20 13:54:32 Times Seen1 Hash 4bb8506ea96d5b52b1450dfbb94890b2 fa622eac8dd3ea24382ca6b4399339413eb2e4e4 653135856d37b3ed4df8d5dbc24dac270f31615d5be91d851771afb34efb568d Loading...

	#7 Eval - a2abc675a23b952444aef78ffda2051a	28 B	2024-04-20	2024-04-20
Pretty Observations First Seen2024-04-20 13:54:32 Last Seen2024-04-20 13:54:32 Times Seen1 Hash a2abc675a23b952444aef78ffda2051a 7a7aac3d15e2a4ba4994230bc1b3c444307506ed 5f2de0d2da9303914fa9537b5221d344827f4c8aea08589726b5e927ba9c4213 Loading...

	#8 Eval - 43c81e43a6e7d9140033055ff3e04983	62 B	2024-04-18	2024-04-29
Pretty Observations First Seen2024-04-18 21:08:51 Last Seen2024-04-29 16:17:50 Times Seen2736 Hash 43c81e43a6e7d9140033055ff3e04983 b0eca03913678cb38c488c7c79cc4f9d2755ea17 3f7ef931c657c4333a401c40e8b0b8d1ff3b164542af45e14242314c0ec39f34 Loading...

	#9 Eval - 05a5215426aa0c511fcc1a2f8edfa3f1	28 B	2024-04-20	2024-04-20
Pretty Observations First Seen2024-04-20 13:54:32 Last Seen2024-04-20 13:54:32 Times Seen1 Hash 05a5215426aa0c511fcc1a2f8edfa3f1 6280525d8530605f5cfd52b7af5ce65e3f7d22a2 e8644fd60b6280615bcbe1e891da8509a7e007680845ed97bac618969d4ba170 Loading...

	#10 Eval - 23745ae069aba800ee9b6cb5ca9fdacf	28 B	2024-04-20	2024-04-20
Pretty Observations First Seen2024-04-20 13:54:32 Last Seen2024-04-20 13:54:32 Times Seen1 Hash 23745ae069aba800ee9b6cb5ca9fdacf 8ac37ea7cefb0be9ddcc9b50cf7cc908b555f99e 0df6437c8b4c742a09b3dcf68fd23e5e970a72b6782b3c7c947764e418d6a8bc Loading...

	#11 Eval - 57e8d67e129f417c4d43ae4c6dfd922b	28 B	2024-04-20	2024-04-20
Pretty Observations First Seen2024-04-20 13:54:32 Last Seen2024-04-20 13:54:32 Times Seen1 Hash 57e8d67e129f417c4d43ae4c6dfd922b f9614ed3595fd76bf8a4f08f795235e946173784 76a82924a008d90429d5a7bf40f583427d5b73127bdf0eadd3a03a037ebde185 Loading...

	#12 Eval - 5881c7b338858620d619194dba12b8cd	28 B	2024-04-20	2024-04-20
Pretty Observations First Seen2024-04-20 13:54:32 Last Seen2024-04-20 13:54:32 Times Seen1 Hash 5881c7b338858620d619194dba12b8cd ba774219ea5621d4b5a1768604c1e2fd7cae2180 c918cdda4192763d7f33eb525a00cc34318c07d652de330dbad8276ad1169078 Loading...

	#13 Eval - 100e97377cf6b537924ebf1dd60b1ca8	28 B	2024-04-20	2024-04-20
Pretty Observations First Seen2024-04-20 13:54:32 Last Seen2024-04-20 13:54:32 Times Seen1 Hash 100e97377cf6b537924ebf1dd60b1ca8 0092269cf5ad7558fcf244d468c1e0e2442d3a38 fcafcc67612a895c32f5c90bf7fdc5dea9583670803bd8b011f4a22b66481a05 Loading...

	#14 Eval - 68c1cc88453b97981f22e8c2e8111047	28 B	2024-04-20	2024-04-20
Pretty Observations First Seen2024-04-20 13:54:32 Last Seen2024-04-20 13:54:32 Times Seen1 Hash 68c1cc88453b97981f22e8c2e8111047 ce1a3fc1fb276709768f582517771b58e3c92e21 7df25ca747dfb1383b38dcd537562c6cb350e25d03861f8ff324f3b8b71f8c77 Loading...

	#15 Eval - eaec468b3413abbb9972dc55ae7e3f91	28 B	2024-04-20	2024-04-20
Pretty Observations First Seen2024-04-20 13:54:32 Last Seen2024-04-20 13:54:32 Times Seen1 Hash eaec468b3413abbb9972dc55ae7e3f91 1d3ed53a3753cf3ae684ed9cde64914ed0b33f55 8386f8566fba5cb10513ff71de0d19cbcb049175d5676f06c9b17ead24519fc4 Loading...

	#16 Eval - d1632fffb2c30e929c3704ca86f1a2e3	28 B	2024-04-20	2024-04-20
Pretty Observations First Seen2024-04-20 13:54:32 Last Seen2024-04-20 13:54:32 Times Seen1 Hash d1632fffb2c30e929c3704ca86f1a2e3 ca7b4b3f05a92b22a15d9d88a7cca797ea8497fb 8223e8f43bed8a17cd517b7fd48ca25270ac0e5ddaeadd7f17b4c1ae392c6dd9 Loading...

	#17 Eval - 082d52c9fc5b7380bcf7d546f5a4d691	28 B	2024-04-20	2024-04-20
Pretty Observations First Seen2024-04-20 13:54:32 Last Seen2024-04-20 13:54:32 Times Seen1 Hash 082d52c9fc5b7380bcf7d546f5a4d691 ee1a93d2c4b6dad7b1dab9d82c318a73bd0f1c9c 5b289b98cbbb8fdbe39fe830b7e9b334e09f58e93ab216574bed32c513541729 Loading...

	#18 Eval - 7a83d79b45691446e58ddf8ce8264b7b	28 B	2024-04-20	2024-04-20
Pretty Observations First Seen2024-04-20 13:54:32 Last Seen2024-04-20 13:54:32 Times Seen1 Hash 7a83d79b45691446e58ddf8ce8264b7b 606cac0bdb6a537e5f2bc773178eb77e63b66ea5 660e85bdb7eda182771bd8e5663df8592327dc1f16c7e50e8c88363f7fd35975 Loading...

	#19 Eval - 9cc226114b57589c756d79d8acc7408d	28 B	2024-04-20	2024-04-20
Pretty Observations First Seen2024-04-20 13:54:32 Last Seen2024-04-20 13:54:32 Times Seen1 Hash 9cc226114b57589c756d79d8acc7408d d5bc295b0777f7407d1c8ab36288ac2fa4352ed8 591e5f17916d78e84aaf190f88437198c318247a882fe4af1bad567d8e3f907a Loading...

	#20 Eval - 5c7338570ba434db7e385427029545f5	28 B	2024-04-20	2024-04-20
Pretty Observations First Seen2024-04-20 13:54:33 Last Seen2024-04-20 13:54:33 Times Seen1 Hash 5c7338570ba434db7e385427029545f5 c4bfed18d4602039c0491745e4681a67a83f9834 e3daa1f4ffc0f70b029ee9e596ad59fb2efc3fb1f2ffba6e53f6f8a08649a5ee Loading...

	#21 Eval - 2bf965da4c99bdac7e874b09b5e4beca	28 B	2024-04-20	2024-04-20
Pretty Observations First Seen2024-04-20 13:54:33 Last Seen2024-04-20 13:54:33 Times Seen1 Hash 2bf965da4c99bdac7e874b09b5e4beca 18fd25c72740d70bd24733847404ee2087733969 ef32d6a5ddcdb04abfc67ef680aafd40f020765eceab45821bce8c6d5c4c7b88 Loading...

	#22 Eval - 2ff9bd19647f6c958419b312c2770d3b	28 B	2024-04-20	2024-04-20
Pretty Observations First Seen2024-04-20 13:54:33 Last Seen2024-04-20 13:54:33 Times Seen1 Hash 2ff9bd19647f6c958419b312c2770d3b fe90e88e0a9c0dbd1f94e2674eca121b1c2f69ab f25fc1ebaffab2f841d8fdda81a8b2fccef833bbb8e83cdab619b1be57bf813e Loading...

	#23 Eval - 97de8d1caef72f8306ba0e164aa91bcf	28 B	2024-04-20	2024-04-20
Pretty Observations First Seen2024-04-20 13:54:33 Last Seen2024-04-20 13:54:33 Times Seen1 Hash 97de8d1caef72f8306ba0e164aa91bcf 73620639f9e7cbad82883c9ef0eed025f50ca53c 0e56356b2f4316c5ac8b9b019e858337c7fff42f151048e76573e06cda39a41f Loading...

	#24 Eval - 380df4923e58175ff0369d44914ba48b	28 B	2024-04-20	2024-04-20
Pretty Observations First Seen2024-04-20 13:54:33 Last Seen2024-04-20 13:54:33 Times Seen1 Hash 380df4923e58175ff0369d44914ba48b a495e4076ebcbca5f839e14f9a753379dd252ce5 b92a24aa7c6e319bca25fb3ee6c0f90e5b28f06f06fbec24e851f667f72cc2ec Loading...

	#25 Eval - f572a8aa1249986cfacfebf9d4292dd2	28 B	2024-04-20	2024-04-20
Pretty Observations First Seen2024-04-20 13:54:33 Last Seen2024-04-20 13:54:33 Times Seen1 Hash f572a8aa1249986cfacfebf9d4292dd2 ee8ee7a9fbde7bd6d87a120f3ffefde419e4e759 c2c2d2b60e7cf7e3ecd7b5d1b30f5845bfb1aa86d1c386aed6d10a98a5dbe72c Loading...

	#26 Eval - 77bd70dc69b3ec4576f17086470258f8	28 B	2024-04-20	2024-04-20
Pretty Observations First Seen2024-04-20 13:54:33 Last Seen2024-04-20 13:54:33 Times Seen1 Hash 77bd70dc69b3ec4576f17086470258f8 8e0e574dc2c7a10484c02f925c0dcb05955c33fa bd92fb6d7250dc3ae8c0bd1539cfb2bdb0906ccd79295719edc2bfe186b6738b Loading...

	#27 Eval - 4c5b04bd5aa46c213fa88275f1804b3e	28 B	2024-04-20	2024-04-20
Pretty Observations First Seen2024-04-20 13:54:33 Last Seen2024-04-20 13:54:33 Times Seen1 Hash 4c5b04bd5aa46c213fa88275f1804b3e fa9738b1130e22fab71caeeb8d17fff31273fc81 72ead3f166de4b2aa26c1041d07bb55dedbef23abc35078048c642cdc221d58a Loading...

	#28 Eval - 6404893bfe9eb87eb66c497635e37759	28 B	2024-04-20	2024-04-20
Pretty Observations First Seen2024-04-20 13:54:33 Last Seen2024-04-20 13:54:33 Times Seen1 Hash 6404893bfe9eb87eb66c497635e37759 c645fa2ba4e4d70441f355e964538f110dfb96aa 73f47a095c8dd74c7bf9803b7a2894609ba02b203819c717f6e7508c20075e54 Loading...

	#29 Eval - f70a7a5e784df5d98c01a392fb331a68	28 B	2024-04-20	2024-04-20
Pretty Observations First Seen2024-04-20 13:54:33 Last Seen2024-04-20 13:54:33 Times Seen1 Hash f70a7a5e784df5d98c01a392fb331a68 2bbd00e85d4cc231c198efdfe1588dec16ab2022 4766e67250133d401f0ed9ca893d4cb5fed7163ba20ddaf034c29f47b0e1de07 Loading...

	#30 Eval - da59bd5c10c7f0d3bc4badefce6d4944	28 B	2024-04-20	2024-04-20
Pretty Observations First Seen2024-04-20 13:54:33 Last Seen2024-04-20 13:54:33 Times Seen1 Hash da59bd5c10c7f0d3bc4badefce6d4944 5114f763d0dbba9e09a89129f365839128487e58 049ff6621b37847f0722ae4ace6d5336801652a16fdd03e4a4ac2ee2e3ee4bc1 Loading...

	#31 Eval - e418461e68dd06083a7cb9793c956d7c	28 B	2024-04-20	2024-04-20
Pretty Observations First Seen2024-04-20 13:54:33 Last Seen2024-04-20 13:54:33 Times Seen1 Hash e418461e68dd06083a7cb9793c956d7c e5c3f25fb565c1a2dda1652ed0cf3e53221235ac 2a905790620dea225c9f86ad534b7e3ead012aa398ae8d0229cad4bff4f0547c Loading...

	#32 Eval - de1aad0e5e839b5911810a0bd1bc07d6	28 B	2024-04-20	2024-04-20
Pretty Observations First Seen2024-04-20 13:54:33 Last Seen2024-04-20 13:54:33 Times Seen1 Hash de1aad0e5e839b5911810a0bd1bc07d6 26c291c878fefdae2024f8958b132d73bf1ad587 1639521fc93d67bcbb9e199895d4c58aab03537d350ebe754473a5e3cb8c940b Loading...

	#33 Eval - 03476765563949a183b3a1d7d955d1d7	28 B	2024-04-20	2024-04-20
Pretty Observations First Seen2024-04-20 13:54:33 Last Seen2024-04-20 13:54:33 Times Seen1 Hash 03476765563949a183b3a1d7d955d1d7 618c8a789ad2ef1ab6a320e4082875c745ec3650 d7dbcda9e5fa6b5967d81ead38d0ffe222f9a5ce9f5868deafcfee67e7908ee4 Loading...

	#34 Eval - 2b9ea648b73d1c07d6a4efbb097e30fb	28 B	2024-04-20	2024-04-20
Pretty Observations First Seen2024-04-20 13:54:33 Last Seen2024-04-20 13:54:33 Times Seen1 Hash 2b9ea648b73d1c07d6a4efbb097e30fb 668f29a27d1cf52eaaf01e61a7f6ed889e240dc5 6607e3c18784d95f1db3a2a7cb589c8754d7682bd47d1cd88e7b3b1202f4724e Loading...

	#35 Eval - 9e925e9341b490bfd3b4c4ca3b0c1ef2	4 B	2023-03-07	2024-05-03
Pretty Observations First Seen2023-03-07 01:03:43 Last Seen2024-05-03 07:05:35 Times Seen351342 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	#36 Eval - 96eb2b3902689804dcab9f69fe782f0f	28 B	2024-04-20	2024-04-20
Pretty Observations First Seen2024-04-20 13:54:33 Last Seen2024-04-20 13:54:33 Times Seen1 Hash 96eb2b3902689804dcab9f69fe782f0f 79c065ccc38296aadd65a54dbd7c90ea0b367fb2 e289f285f7265944f714a47f513994932af35084ad9b76a47ae0341598cce189 Loading...

	#37 Eval - 6c7ec900563e45f2f59ebf83efa39a9b	28 B	2024-04-20	2024-04-20
Pretty Observations First Seen2024-04-20 13:54:33 Last Seen2024-04-20 13:54:33 Times Seen1 Hash 6c7ec900563e45f2f59ebf83efa39a9b b4f958c34819bbc9bfea40291ea4f6000bb5fb34 eb181812af0b178be477b575fbd7e65083e6c5dca426020e5374c7ce1fa731ec Loading...

	#38 Eval - f00a44f4f5e60f7438756e4fc76d0d0c	28 B	2024-04-20	2024-04-20
Pretty Observations First Seen2024-04-20 13:54:33 Last Seen2024-04-20 13:54:33 Times Seen1 Hash f00a44f4f5e60f7438756e4fc76d0d0c 1978524ddff3bbe89ab974a0a65b44ee94a81232 7bcbe98db70ba69173a7c175cbe1f4822737d02caa4cfa7673544815a181eebe Loading...

	#39 Eval - 1592ae55aba216d96e23919887f1f7fd	28 B	2024-04-20	2024-04-20
Pretty Observations First Seen2024-04-20 13:54:33 Last Seen2024-04-20 13:54:33 Times Seen1 Hash 1592ae55aba216d96e23919887f1f7fd 9f4bec9a65db6ba6f7a56f572d7283428e489d0c 3595a20beb4372091179cb528a27142d28280ebf7f4785d496ac44d1d3d9fabf Loading...

	#40 Eval - ddfd7c4b0fda1110dee9348ed6e35be0	28 B	2024-04-20	2024-04-20
Pretty Observations First Seen2024-04-20 13:54:33 Last Seen2024-04-20 13:54:33 Times Seen1 Hash ddfd7c4b0fda1110dee9348ed6e35be0 22c83923f953432a33b1d134bf97ece39323f41f bc2ef64446173e4029142847da71ce7be0d4900d10016cd3ea2877c6a8f17cff Loading...

	#41 Eval - 42f07a5e5e71f10377c3a502aa918750	28 B	2024-04-20	2024-04-20
Pretty Observations First Seen2024-04-20 13:54:33 Last Seen2024-04-20 13:54:33 Times Seen1 Hash 42f07a5e5e71f10377c3a502aa918750 14f079bd9d627f190ac0412a9b3d14d87ec32893 737ff423b45b518f2647bfb9cc74121fad688e1b641e2e5afbb9348791a15697 Loading...

	#42 Eval - f769ed99fc048922ab741a7ba1918a99	28 B	2024-04-20	2024-04-20
Pretty Observations First Seen2024-04-20 13:54:33 Last Seen2024-04-20 13:54:33 Times Seen1 Hash f769ed99fc048922ab741a7ba1918a99 989bd78c80191457d1a26b6b96dc425e42b99a40 d6ccde7d55f53aee58e15bc2b8ce982ce73227b182caf0918faa08a6bc73eca4 Loading...

	#43 Eval - 664740dc35fa062d01ce025b84996f10	28 B	2024-04-20	2024-04-20
Pretty Observations First Seen2024-04-20 13:54:33 Last Seen2024-04-20 13:54:33 Times Seen1 Hash 664740dc35fa062d01ce025b84996f10 03a9f70e8203993443bc1c7383518847363a4fb7 ef6b0051e8389f38dcfd86366e8b635a503b9d6d4821cd0af8a0e7a1263d14d0 Loading...

HTTP Transactions (11)

URL IP Response Size

jerfm.com/gkvd/hGhk/2a20367f1bdb7a55184e1bd29ca00492/4LezyZ/Y2FuZGljZS5qb3ljZUBkZmFzLm1pbA==

192.99.71.92

0 B

URL
jerfm.com/gkvd/hGhk/2a20367f1bdb7a55184e1bd29ca00492/4LezyZ/Y2FuZGljZS5qb3ljZUBkZmFzLm1pbA==
IP
192.99.71.92:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Office365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /gkvd/hGhk/2a20367f1bdb7a55184e1bd29ca00492/4LezyZ/Y2FuZGljZS5qb3ljZUBkZmFzLm1pbA== HTTP/1.1
Host: jerfm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 20 Apr 2024 11:54:06 GMT
Server: Apache
refresh: 0;url=https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=candice.joyce@dfas.mil
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback

104.17.2.184

302 Found

0 B

URL GET HTTP/2
challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
IP
104.17.2.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=candice.joyce@dfas.mil
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sat, 20 Apr 2024 11:54:07 GMT
content-length: 0
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=300, public
location: /turnstile/v0/b/471dc2adc340/api.js?onload=onloadTurnstileCallback
vary: Accept-Encoding
server: cloudflare
cf-ray: 8774f0124cd31c02-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D

104.17.2.184

200 OK

61 B

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D
IP
104.17.2.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/racyg/0x4AAAAAAAW-lbDQI7I0Z-Zf/auto/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Size
61 B (61 bytes)
Hash
9246cca8fc3c00f50035f28e9f6b7f7d
3aa538440f70873b574f40cd793060f53ec17a5d
c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/racyg/0x4AAAAAAAW-lbDQI7I0Z-Zf/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 20 Apr 2024 11:54:07 GMT
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 8774f0139ac75689-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/racyg/0x4AAAAAAAW-lbDQI7I0Z-Zf/auto/normal

104.17.2.184

200 OK

31 kB

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/racyg/0x4AAAAAAAW-lbDQI7I0Z-Zf/auto/normal
IP
104.17.2.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=candice.joyce@dfas.mil
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (41702)
Size
31 kB (30629 bytes)
Hash
4eaf579a95a9f04e75f1634fd4b56052
569acaa77b33ca095773d9a44c1b43bf05511f37
6d6235a33ada7719d597fa9f6e12b96c4f2e17c770c6efaa1047e93fea2d85c3

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/racyg/0x4AAAAAAAW-lbDQI7I0Z-Zf/auto/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 20 Apr 2024 11:54:07 GMT
content-type: text/html; charset=UTF-8
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cross-origin-opener-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
referrer-policy: same-origin
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
document-policy: js-profiling
origin-agent-cluster: ?1
vary: accept-encoding
server: cloudflare
cf-ray: 8774f012ea2f5689-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/turnstile/v0/b/471dc2adc340/api.js?onload=onloadTurnstileCallback

104.17.2.184

200 OK

19 kB

URL GET HTTP/2
challenges.cloudflare.com/turnstile/v0/b/471dc2adc340/api.js?onload=onloadTurnstileCallback
IP
104.17.2.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=candice.joyce@dfas.mil
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (42414)
Size
19 kB (18682 bytes)
Hash
f94a2211ce789a95a7c67e8c660d63e8
f1fc19b6bcb96d0a905bf3192aaff0885ff9f36f
926dc3302f99ec05e4206e965ddeb7250f5910a8c38e82c7beafb724bbaaf37b

HTTP Headers

GET /turnstile/v0/b/471dc2adc340/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 20 Apr 2024 11:54:07 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 8774f0126ce11c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/8774f012ea2f5689/1713614047584/abf110912eaf3aa71df7d572ec4fd795521aff30bd593d01db0fa37479eaebbe/QjLZThGATXuNylD

104.17.2.184

401 Unauthorized

1 B

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/8774f012ea2f5689/1713614047584/abf110912eaf3aa71df7d572ec4fd795521aff30bd593d01db0fa37479eaebbe/QjLZThGATXuNylD
IP
104.17.2.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/racyg/0x4AAAAAAAW-lbDQI7I0Z-Zf/auto/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
ff44570aca8241914870afbc310cdb85
58668e7669fd564d99db5d581fcdb6a5618440b5
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/pat/8774f012ea2f5689/1713614047584/abf110912eaf3aa71df7d572ec4fd795521aff30bd593d01db0fa37479eaebbe/QjLZThGATXuNylD HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/racyg/0x4AAAAAAAW-lbDQI7I0Z-Zf/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 401 Unauthorized
date: Sat, 20 Apr 2024 11:54:07 GMT
content-type: text/plain; charset=UTF-8
content-length: 1
www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gq_EQkS6vOqcd99Vy7E_XlVIa_zC9WT0B2w-jdHnq674AGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEArny_u1wyrVg8e-Kmwxyfb2WoiwwZ2VR7QAnot_CrcySq56Rui-jZM9090K9_dW6HmpAKhOjYXLCJ7g4U74G4z6SRM_YRj-GLp3EaBxay798DZIeAtv_N7Z9CHI_0VTYiqNXVm2z1bF5VtFasnv3JDaWb4yIjBd8vMfNUM4Y4nXXIeMIyXdVK2hlzVO8VxBkXca7UzhCq51WDKlSYPWUy9ieZTdwNf5Q49DwdF9woTnuKPY26TxVlEHMcf8JJiXLUR2bbdG-Qv1fqbwQloSjintj5uXWLsZd84bMpNedRNJBV22T0PgKNeip6oalvdYbaiHiyDATsKlA6-8KJ-CUQTQIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tIKvxEJEurzqnHffVcuxP15VSGv8wvVk9AdsPo3R56uu-ABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEA1FEYykHcK8H9rb_u0aFz3CmWgYloQw4YhedoEOAjJ0vy2Axa4f9UG9Dzs4uXS34_h8l6MDo2nRCvLI9lvebilMnTjCn-6D77bewqYxJKUFZW1z2jBIdu03TrETczfEg7kxgKtJE9NXGDjYJcF_iMgzgNA0PEAVM89tUYXXlFy4cUAGlqU2mPpIEOxm5ARsXC-zlLK60fkJ4cOsZRkZa6EExdhmgdwQ0fEJuSOHrBO_-zJn4hUP8q9g4yqkxW2UrfJgD07F4HaHGBEiei06sGDvH2NEPvswEl5dTGxutNrxlU7W24iYhNa2nhjlc53nNb0mKtszv-czVE9UhXyJ7-RQIDAQAB", max-age=20
server: cloudflare
cf-ray: 8774f017ff0d5689-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8774f012ea2f5689/1713614047589/q6627uR8x9GP5mw

104.17.2.184

200 OK

61 B

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8774f012ea2f5689/1713614047589/q6627uR8x9GP5mw
IP
104.17.2.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/racyg/0x4AAAAAAAW-lbDQI7I0Z-Zf/auto/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
PNG image data, 91 x 86, 8-bit/color RGB, non-interlaced
Size
61 B (61 bytes)
Hash
8664326f8002998e4cc1667078ed6e8b
e2e07bbefba41b054b8742ed9318c04c90e2abca
7205c397b0ce3d0998e0825f3149defb4115365e9b2e8792f4bc6b772a3d7d8b

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/i/8774f012ea2f5689/1713614047589/q6627uR8x9GP5mw HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/racyg/0x4AAAAAAAW-lbDQI7I0Z-Zf/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 20 Apr 2024 11:54:08 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 8774f018cf9d5689-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1135833051:1713611668:diRgjh6sg24e61uKyIT8LP-VapPWz3BimvI5WAJBHSE/8774f012ea2f5689/c7f893a053259cd

104.17.2.184

200 OK

116 kB

URL POST HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1135833051:1713611668:diRgjh6sg24e61uKyIT8LP-VapPWz3BimvI5WAJBHSE/8774f012ea2f5689/c7f893a053259cd
IP
104.17.2.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/racyg/0x4AAAAAAAW-lbDQI7I0Z-Zf/auto/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
116 kB (116109 bytes)
Hash
b70c76e3418895ed067349515e6187f8
8101683514ada1a95996d909fcc8eaf3936c228f
b3661c3f44207b1140cc82255f8999ba9e43fb40fd7463b3451b7aa011a7ac63

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1135833051:1713611668:diRgjh6sg24e61uKyIT8LP-VapPWz3BimvI5WAJBHSE/8774f012ea2f5689/c7f893a053259cd HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/racyg/0x4AAAAAAAW-lbDQI7I0Z-Zf/auto/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: c7f893a053259cd
Content-Length: 2623
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 20 Apr 2024 11:54:07 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: iCcEpN01cXg6WtSVPzDjBa0jUO+9WMTIs8SOr5Knu2Rr+d085QLetC9ZcGR6bhHyBUprTGYdvxOFDP8HkeEnNoiAEm+XnSZqtYhH+ZmAoZUjfWt6qeAL8ujemo+K3GXbBWiADiMru7w2ttlFy3DR4lffW8jExQaeaix5ZeZzzGANeLWXZ5yWkTdV5Uu4feqORi2MwCIFjth1t6Yrmc+KF19zhdddKn4YgNAPjXKlk09FE+pghboJJbH7wR2S0RVidswL0FiSAmsBsLMdz4XPG27xsBBOp4dE1/h//2fiOfmgElECd+kKAxt7hfmPKx/iE4/EAV1S+UhqZa1U7MGqp0u/PlT0rUOPsHnQQNh+jUYNiib1HWBScMG7NQJ/jx1knlblc2a6N2oze2VnQDIiCf6y5NByisynP0CQixvchxE=$R7jZpxmx8HwooKR3HUhh4Q==
vary: accept-encoding
server: cloudflare
cf-ray: 8774f0155c675689-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/favicon.ico

104.21.88.101

200 OK

3.3 kB

URL GET HTTP/3
94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/favicon.ico
IP
104.21.88.101:443
ASN
#13335 CLOUDFLARENET

Requested by
https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=candice.joyce@dfas.mil
Certificate
IssuerGoogle Trust Services LLC
Subject58598891ef09ac737cee0cf3.workers.dev
FingerprintD0:7E:0D:A9:25:22:78:7A:45:69:2E:89:48:E8:33:A8:4A:15:BD:DF
ValidityFri, 12 Apr 2024 13:36:58 GMT - Thu, 11 Jul 2024 13:36:57 GMT

File type
HTML document, ASCII text, with very long lines (3271), with no line terminators
Size
3.3 kB (3255 bytes)
Hash
47234cb372fd223e370a6bf1c38942d1
06d24783cdd2b5206b9e5ab999519ebdd4abc656
7920553c5a5aa9de58ebe3934c2759bab7c7bc30ba35a6949cc6ed8a8c7158f4

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Office365

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 94e6f5a7.58598891ef09ac737cee0cf3.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=candice.joyce@dfas.mil
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 20 Apr 2024 11:54:07 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n8vm0sqXvkPxGYSNTM5hZpDiq5mpA4GFCbjoxdSZGcUSNwPUL3f7g%2F2Vwr4UkK6N7FLrVYDooq2wJtsHeWULZ%2Byv%2B6479Ngy5gYAQEOQNcQbE8D%2BODyZcWxDmk8vTn%2F%2BJHtPDJCmegoX1F0A2Ycwm5oyM7aLZkeY8MPaZFDaNww%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8774f012da9db4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=candice.joyce@dfas.mil

104.21.88.101

200 OK

3.3 kB

URL User Request GET HTTP/2
94e6f5a7.58598891ef09ac737cee0cf3.workers.dev/?qrc=candice.joyce@dfas.mil
IP
104.21.88.101:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subject58598891ef09ac737cee0cf3.workers.dev
FingerprintD0:7E:0D:A9:25:22:78:7A:45:69:2E:89:48:E8:33:A8:4A:15:BD:DF
ValidityFri, 12 Apr 2024 13:36:58 GMT - Thu, 11 Jul 2024 13:36:57 GMT

File type
HTML document, ASCII text, with very long lines (3271), with no line terminators
Size
3.3 kB (3255 bytes)
Hash
47234cb372fd223e370a6bf1c38942d1
06d24783cdd2b5206b9e5ab999519ebdd4abc656
7920553c5a5aa9de58ebe3934c2759bab7c7bc30ba35a6949cc6ed8a8c7158f4

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Office365

HTTP Headers

GET /?qrc=candice.joyce@dfas.mil HTTP/1.1
Host: 94e6f5a7.58598891ef09ac737cee0cf3.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 20 Apr 2024 11:54:06 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FVXJO1gxjcXIS2pTNKFRUtVgsqu9pwQyTC%2FiKZdZdmWnaSXURkwpjCfodWkrsYLPpOrgDtR6nxBh%2BKE6cQYozzgwDn5pLZJz3SnAq9948qr5m3v%2BMiifdqnNW1im07SeFDi%2B0vdAQduViFAgI0NWFcFQMpQA9UXOl5BFfsJQZkU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8774f0115ca356c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8774f012ea2f5689

104.17.2.184

200 OK

440 kB

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8774f012ea2f5689
IP
104.17.2.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/racyg/0x4AAAAAAAW-lbDQI7I0Z-Zf/auto/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
440 kB (440030 bytes)
Hash
f01ed0b3f00341b2617196165ebd6720
8cf78cced63256fb8c7b50562f2717502bd1d59a
56f409db1f8c458c3051bea6be711889e411fca4741b3cf1060d8069f03b8983

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8774f012ea2f5689 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/racyg/0x4AAAAAAAW-lbDQI7I0Z-Zf/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 20 Apr 2024 11:54:07 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
server: cloudflare
cf-ray: 8774f0139acd5689-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (47)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash