Report - webmin.com/cgi-bin/redirect.cgi/install/https:/afterkoma.com/go/aCdGQ4t/Y21hbXJha0BkY25keC5jb20=

Report Overview

Submitted URL
webmin.com/cgi-bin/redirect.cgi/install/https:/afterkoma.com/go/aCdGQ4t/Y21hbXJha0BkY25keC5jb20=
IP
216.105.38.11
ASN
#6130 AIS-WEST
Submitted
2024-04-17 19:14:47
Access
public
Website Title
Outlook
Final URL
hudforsolutionsinc.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.dcndx.com%2fowa%2f
Tags
microsoft phishing outlook
urlquery detections
Phishing - Microsoft
Phishing - Microsoft Outlook

Detections

urlquery
22
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
webmin.com	111411	1997-09-05	2012-12-16	2024-04-17	550 B	564 B	216.105.38.11
afterkoma.com	unknown	unknown	No data	No data	503 B	239 B	192.185.84.90
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20	2024-04-17	4.9 kB	610 kB	104.17.3.184
abbe3156.9b1fed916247e2ac344e288a.workers.dev	unknown	unknown	No data	No data	1.8 kB	66 kB	104.21.21.152
hudforsolutionsinc.com	unknown	2024-04-16	2024-04-17	2024-04-17	7.1 kB	196 kB	31.220.31.168

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (27)

	URL	Size	First Seen	Last Seen
	hudforsolutionsinc.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.dcndx.com%2fowa%2f	14 kB	2023-03-07	2024-04-29
Pretty URL hudforsolutionsinc.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.dcndx.com%2fowa%2f IP 31.220.31.168 ASN #47583 Hostinger International Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:58 Last Seen2024-04-29 05:22:08 Times Seen518 Hash 8e2bc1b488831cdc5841d3abfb0ba6bb 50aed9715e2a5c3018ae336875294f64a202eaf2 b7cd8d9758300e4190d07cfc88be4aabadff6e837e68d93eb73648dbcd89351b Loading...

	hudforsolutionsinc.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.dcndx.com%2fowa%2f	1.4 kB	2023-03-07	2024-04-29
Pretty URL hudforsolutionsinc.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.dcndx.com%2fowa%2f IP 31.220.31.168 ASN #47583 Hostinger International Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:58 Last Seen2024-04-29 05:22:08 Times Seen441 Hash 97eb9cc59146b048bdf9f61b499bf16f 3bcf316328c997d9768a59393894a989052e5198 d656711ef4d2a655d04b516c9dbafbe90bc4b24b57b0c3bc3c197ef4d287b641 Loading...

	hudforsolutionsinc.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.dcndx.com%2fowa%2f	1.8 kB	2023-03-07	2024-04-29
Pretty URL hudforsolutionsinc.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.dcndx.com%2fowa%2f IP 31.220.31.168 ASN #47583 Hostinger International Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:34:50 Last Seen2024-04-29 05:22:08 Times Seen154 Hash 25162df66169bb02d171cefb0705b9aa d14d0b165804e5bc0af701aab04c896206f99189 a581e957006f4ce637991baad1381f69785a4a9f183afbf67602b22eb3ab6a7a Loading...

	hudforsolutionsinc.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.dcndx.com%2fowa%2f	19 B	2023-03-07	2024-04-29
Pretty URL hudforsolutionsinc.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.dcndx.com%2fowa%2f IP 31.220.31.168 ASN #47583 Hostinger International Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:54 Last Seen2024-04-29 19:04:57 Times Seen1529 Hash 24f6a9c606199b766addcdaf630a6f4a e25cfd579629e6e410927500f3e9a728261c0553 e74b3de0ef4501689fdd96e8ecf0f120e7761bb3d9bfe6544e38790c0d386bf0 Loading...

	hudforsolutionsinc.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.dcndx.com%2fowa%2f	137 B	2023-03-07	2024-04-29
Pretty URL hudforsolutionsinc.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.dcndx.com%2fowa%2f IP 31.220.31.168 ASN #47583 Hostinger International Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:54 Last Seen2024-04-29 19:04:57 Times Seen1567 Hash 3012703a3a5c709a38f2cba896e8e5e6 d574b12ce7043b1ee47eb6934c39f19379fcf0ec 2c65e217804431e380651ce713d311bd5b5a5fb81cebc58392505cb35c854cdc Loading...

	hudforsolutionsinc.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.dcndx.com%2fowa%2f	68 B	2023-03-07	2024-04-29
Pretty URL hudforsolutionsinc.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.dcndx.com%2fowa%2f IP 31.220.31.168 ASN #47583 Hostinger International Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:58 Last Seen2024-04-29 05:22:08 Times Seen981 Hash db8216e217de9a14420fa187142b00b5 50f9fdaa34b7caa061db879baa23a7d75f048e9e ebc3102ee92075887df69ec8c18ca2c24015e728566d302598a63c06697754ed Loading...

	unknown	8 B	2023-04-13	2024-04-17
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-13 15:16:40 Last Seen2024-04-17 21:14:54 Times Seen57 Hash e37bdd6ca6a32873766623c7c1290150 5a3f98bdca518518f3ec707539b8950a7ef5a373 d62d44f72f6f7c228f6613219fb10059e99e51de03d75163210712f8ebd6788a Loading...

		Size	First Seen	Last Seen
	#1 Eval - b5808cdecf0e4f347b2ae5ecf8157e06	28 B	2024-04-17	2024-04-17
Pretty Observations First Seen2024-04-17 21:14:54 Last Seen2024-04-17 21:14:54 Times Seen1 Hash b5808cdecf0e4f347b2ae5ecf8157e06 f747df3ce43532184a08d24e6806917c72bf8408 74ce9ac9508cc7eac7d4635108c05c119869d5c9d1188114bfecec252693a5bb Loading...

	#2 Eval - f24b6a2dd97a331765373170908c713a	28 B	2024-04-17	2024-04-17
Pretty Observations First Seen2024-04-17 21:14:54 Last Seen2024-04-17 21:14:54 Times Seen1 Hash f24b6a2dd97a331765373170908c713a 4633db83f7cf9c1b8efe4a9e3a9b7d54540b7dd0 d0c7a2c4f19cf25c345489c0c71cf884476bcebd4bfda0f007d91df84324734c Loading...

	#3 Eval - 42e31648593c49a1aefc86e728763c50	28 B	2024-04-17	2024-04-17
Pretty Observations First Seen2024-04-17 21:14:54 Last Seen2024-04-17 21:14:54 Times Seen1 Hash 42e31648593c49a1aefc86e728763c50 1474a7109a4b22724ed9a3caa4371728a601a56e 57d17d1be25f8c37e4ffb64c4196c070a62c577e0a16dce49ad129d06b404214 Loading...

	#4 Eval - 329b204240ea6c78f0f967865bcd0a43	28 B	2024-04-17	2024-04-17
Pretty Observations First Seen2024-04-17 21:14:54 Last Seen2024-04-17 21:14:54 Times Seen1 Hash 329b204240ea6c78f0f967865bcd0a43 80273a282606c4a2e000826211bce1f533041fd5 6e87fbd87016fa21e929588308bae9a4740332f20e871df4e2b281eaf2202ecb Loading...

	#5 Eval - 9e925e9341b490bfd3b4c4ca3b0c1ef2	4 B	2023-03-07	2024-04-30
Pretty Observations First Seen2023-03-07 01:03:43 Last Seen2024-04-30 13:16:16 Times Seen350732 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	#6 Eval - 75ae6621f5f26ca9e0bdab00fa40d308	28 B	2024-04-17	2024-04-17
Pretty Observations First Seen2024-04-17 21:14:54 Last Seen2024-04-17 21:14:54 Times Seen1 Hash 75ae6621f5f26ca9e0bdab00fa40d308 19cea32da58d39a6e66fcbb60d831199b88239d6 f9e87a2fb2c3bf837d03a3cb7368de74d1f6b010090d58a1aab3bb200ab9668f Loading...

	#7 Eval - b736f5fb94aea52bb6ac2cf798736ca7	28 B	2024-04-17	2024-04-17
Pretty Observations First Seen2024-04-17 21:14:54 Last Seen2024-04-17 21:14:54 Times Seen1 Hash b736f5fb94aea52bb6ac2cf798736ca7 83a326000e5513503f2b0e6c3d66bea46b0f5845 4d799fc38ef8a406cc65261709cf5e85a6c92b378ebe18ef2b918e8a2f01a7ff Loading...

	#8 Eval - 9fba386b83419a08ff1faa8007dd23a1	60 B	2024-04-17	2024-04-19
Pretty Observations First Seen2024-04-17 14:11:25 Last Seen2024-04-19 12:29:21 Times Seen535 Hash 9fba386b83419a08ff1faa8007dd23a1 c6148c7d249ddcfe37f49e99ac7cb60fe3bd43f2 a197c137af56d7b49dd589ed67e397152047dea7b7a147b0403d07bd1c6d59ee Loading...

	#9 Eval - 6a3c142227b4a87cba5fe8162aea4589	28 B	2024-04-17	2024-04-17
Pretty Observations First Seen2024-04-17 21:14:54 Last Seen2024-04-17 21:14:54 Times Seen1 Hash 6a3c142227b4a87cba5fe8162aea4589 a660725170d72d965c9161b10c31f270e6377394 21aa9f05bd8d92e1bd0ac821aca8331acfb7b62aca3a6ad3b22a266003f36467 Loading...

	#10 Eval - 16a2ee122d8be23be5449b5c2bea9b30	28 B	2024-04-17	2024-04-17
Pretty Observations First Seen2024-04-17 21:14:54 Last Seen2024-04-17 21:14:54 Times Seen1 Hash 16a2ee122d8be23be5449b5c2bea9b30 78a597865d3d0a6a08e4a0e5a096e5491f540c4c 6a5889714249b06dc2fd436e4ebee15b35e38c55680662b0f60649b88188deaf Loading...

	#11 Eval - 939eae1e44113f6db3256c96c8c829be	28 B	2024-04-17	2024-04-17
Pretty Observations First Seen2024-04-17 21:14:54 Last Seen2024-04-17 21:14:54 Times Seen1 Hash 939eae1e44113f6db3256c96c8c829be 4e46c4774cce09e001de6e0b5d2a05c562794573 5fd5ecc7a551d977d84a99738709cf4dc640540fb588fe1dbc5fdd8b21e0bb0d Loading...

	#12 Eval - 4f3572ff6fc11dfe2e8e8a98555df33d	28 B	2024-04-17	2024-04-17
Pretty Observations First Seen2024-04-17 21:14:54 Last Seen2024-04-17 21:14:54 Times Seen1 Hash 4f3572ff6fc11dfe2e8e8a98555df33d 3ac05a44de3ca9fce8fb123ba0e14acde2a9ca6f ce05b79dded6350ab85afa7dfc924251215630ecfa748afc38e70e4531a1583a Loading...

	#13 Eval - fb162d98ba6578a6083ac6420b58a9b1	28 B	2024-04-17	2024-04-17
Pretty Observations First Seen2024-04-17 21:14:54 Last Seen2024-04-17 21:14:54 Times Seen1 Hash fb162d98ba6578a6083ac6420b58a9b1 8b480d15611ffb9c782dcc14f3ef3e0864ad7500 f7f7eb69098251dad004e56a27197375e86161ace50da1dae1f9c1bc2ee61156 Loading...

	#14 Eval - 1133db85e9cab564af562293b9a0863d	28 B	2024-04-17	2024-04-17
Pretty Observations First Seen2024-04-17 21:14:54 Last Seen2024-04-17 21:14:54 Times Seen1 Hash 1133db85e9cab564af562293b9a0863d 923b9bd73bf4245399eb18339903e6746666b2c8 c75462c0f79d25b324f8e4de25bbf044c4e17ee61ba603f3334cdfac1d9e5385 Loading...

	#15 Eval - c20cff49f2be585219a15a7473b68629	28 B	2024-04-17	2024-04-17
Pretty Observations First Seen2024-04-17 21:14:55 Last Seen2024-04-17 21:14:55 Times Seen1 Hash c20cff49f2be585219a15a7473b68629 05a468b79b660439a031397d3b65c24077ae74f4 b0fa5a608015a315d3235cee2bcb57f073747e08732af4ebe879ec2c65cf8b43 Loading...

	#16 Eval - 4c2a9d6ef46c7956497583ec126c6171	28 B	2024-04-17	2024-04-17
Pretty Observations First Seen2024-04-17 21:14:55 Last Seen2024-04-17 21:14:55 Times Seen1 Hash 4c2a9d6ef46c7956497583ec126c6171 447825e90c99c55004b64e42798efdd2bccec077 e505a80c2e4e3a185178a5d879688446622507c7b1b13220abeb41991ac6770a Loading...

	#17 Eval - b413891da13de2a334ac89bd6bc24840	28 B	2024-04-17	2024-04-17
Pretty Observations First Seen2024-04-17 21:14:55 Last Seen2024-04-17 21:14:55 Times Seen1 Hash b413891da13de2a334ac89bd6bc24840 21b3a20aafb967fdd1ed9f3442948e2d8457502a 7b55710f6ace6a09202dd08c4c97af76ae06356fd2bab9ab58e4de15e4fd9fa9 Loading...

	#18 Eval - e89b02b714feddbc26267a9463316d6f	28 B	2024-04-17	2024-04-17
Pretty Observations First Seen2024-04-17 21:14:55 Last Seen2024-04-17 21:14:55 Times Seen1 Hash e89b02b714feddbc26267a9463316d6f 28c32fb1a6fcc4a1c8d762e23a04dc451533da63 fa84d44ddb9d20dd4e9a763e0955ebf6bc871cbc29d41eec299048d971a7830c Loading...

	#19 Eval - 2da037be521a6465dda7667374dfd17b	28 B	2024-04-17	2024-04-17
Pretty Observations First Seen2024-04-17 21:14:55 Last Seen2024-04-17 21:14:55 Times Seen1 Hash 2da037be521a6465dda7667374dfd17b 9ca457f489844cc4c350805bcc066163986aa1a2 cc3697f0bab69e13ccbbaa52ea0f1495d0d831e5af1aad58adeaceb452fa9935 Loading...

	#20 Eval - ee62d92e5bbbac2f6790ff24d0cf1af2	28 B	2024-04-17	2024-04-17
Pretty Observations First Seen2024-04-17 21:14:55 Last Seen2024-04-17 21:14:55 Times Seen1 Hash ee62d92e5bbbac2f6790ff24d0cf1af2 586c2bd2ae194ff5c39091e0c1dc662142e2e4c3 d7c28f3489b5ac6b8dd8ee49961cce4833ab90bbdf4e863c9276e7c5f29ad188 Loading...

HTTP Transactions (23)

URL IP Response Size

webmin.com/cgi-bin/redirect.cgi/install/https:/afterkoma.com/go/aCdGQ4t/Y21hbXJha0BkY25keC5jb20=

216.105.38.11

241 B

URL
webmin.com/cgi-bin/redirect.cgi/install/https:/afterkoma.com/go/aCdGQ4t/Y21hbXJha0BkY25keC5jb20=
IP
216.105.38.11:0
ASN
#6130 AIS-WEST

File type
HTML document, ASCII text
Size
241 B (241 bytes)
Hash
ade0c16eb2948db2bb33ce87b619900b
ca53a2a4eb320f5a7b1e7ef42562b2a06ac68c42
c38aeee6e70cd377161d5d6df20fc7b31d7db96ae5c8c60b37df1e82e1de1bbc

HTTP Headers

GET /cgi-bin/redirect.cgi/install/https:/afterkoma.com/go/aCdGQ4t/Y21hbXJha0BkY25keC5jb20= HTTP/1.1
Host: webmin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Wed, 17 Apr 2024 19:14:22 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 241
Connection: keep-alive
location: https://afterkoma.com/go/aCdGQ4t/Y21hbXJha0BkY25keC5jb20=
cache-control: max-age=3600
expires: Wed, 17 Apr 2024 20:14:16 GMT
vary: Accept-Encoding

afterkoma.com/go/aCdGQ4t/Y21hbXJha0BkY25keC5jb20=

192.185.84.90

0 B

URL
afterkoma.com/go/aCdGQ4t/Y21hbXJha0BkY25keC5jb20=
IP
192.185.84.90:0
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /go/aCdGQ4t/Y21hbXJha0BkY25keC5jb20= HTTP/1.1
Host: afterkoma.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
refresh: 0;url=https://abbe3156.9b1fed916247e2ac344e288a.workers.dev?qrc=cmamrak@dcndx.com
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 17 Apr 2024 19:14:23 GMT
server: Apache
X-Firefox-Spdy: h2

challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback

104.17.3.184

302 Found

0 B

URL GET HTTP/2
challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://abbe3156.9b1fed916247e2ac344e288a.workers.dev/?qrc=cmamrak@dcndx.com
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://abbe3156.9b1fed916247e2ac344e288a.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Wed, 17 Apr 2024 19:14:23 GMT
content-length: 0
cache-control: max-age=300, public
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
location: /turnstile/v0/g/54ea73d52131/api.js?onload=onloadTurnstileCallback
vary: Accept-Encoding
server: cloudflare
cf-ray: 875ebce34a4f0b55-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

abbe3156.9b1fed916247e2ac344e288a.workers.dev/?qrc=cmamrak@dcndx.com

104.21.21.152

0 B

URL
abbe3156.9b1fed916247e2ac344e288a.workers.dev/?qrc=cmamrak@dcndx.com
IP
104.21.21.152:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /?qrc=cmamrak@dcndx.com HTTP/1.1
Host: abbe3156.9b1fed916247e2ac344e288a.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 582
Origin: https://abbe3156.9b1fed916247e2ac344e288a.workers.dev
DNT: 1
Connection: keep-alive
Referer: https://abbe3156.9b1fed916247e2ac344e288a.workers.dev/?qrc=cmamrak@dcndx.com
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Wed, 17 Apr 2024 19:14:29 GMT
content-length: 0
location: https://hudforsolutionsinc.com?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2h1ZGZvcnNvbHV0aW9uc2luYy5jb20iLCJkb21haW4iOiJodWRmb3Jzb2x1dGlvbnNpbmMuY29tIiwia2V5IjoibUJ3bTlZeDlOUWdBIiwicXJjIjoiY21hbXJha0BkY25keC5jb20iLCJpYXQiOjE3MTMzODEyNjksImV4cCI6MTcxMzM4MTM4OX0.sSvMgKiGuaTmlQJnX8gHo5Wg8OIxGtIBlRlSRN0qheY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hsqL2GreBKZXvHK30qoVcOZYSx1X6vzIq3wD8taQ4LL2l4GkIEqx5uGEaCrq93DrXLfIa678A4gF5si3AMo9etc0%2BkKm3z2Dzcw2JImPuvrkU9tF7eQUlOagp8riXIJ5jIHpGFaKG%2B7t8Kpq8JZczCgy9CMg9433M5ulz1Y5UAk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875ebd010bf9b51b-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/2041661280:1713377685:iLOQjqKbx6dNAPxy5R2mERHzG03zGUVocmaYD99hLlw/875ebce44f63569b/a98e78c4b7fb353

104.17.3.184

200 OK

13 kB

URL POST HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/2041661280:1713377685:iLOQjqKbx6dNAPxy5R2mERHzG03zGUVocmaYD99hLlw/875ebce44f63569b/a98e78c4b7fb353
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/cnwy7/0x4AAAAAAAXZk7rBJwoGVTXO/auto/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (3500), with no line terminators
Size
13 kB (12748 bytes)
Hash
66648549f0830534b29b853ae1f9491b
7faf05dc71e50bd6f228a9dc3076885a6693643e
f9f8aa2028f22cdb83c430ae988bde864f25142edd1926d22a2e3f452010487e

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/2041661280:1713377685:iLOQjqKbx6dNAPxy5R2mERHzG03zGUVocmaYD99hLlw/875ebce44f63569b/a98e78c4b7fb353 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/cnwy7/0x4AAAAAAAXZk7rBJwoGVTXO/auto/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: a98e78c4b7fb353
Content-Length: 35203
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 19:14:28 GMT
content-type: text/html; charset=UTF-8
cf-chl-out: h6uhrpYryN3h0gDTI+EUyWGNu90wH1CZtUPdQZoLXiEaRvTckFfHA5zQxOQvzID9AxFX/gAsNy5Ud0CrSKALKL8dBH2CHSoFdCFp4i9NTXo3cmERF7QtjtZdlO7UTkgC$HOwbv9pi8Qde71C25FgRZA==
cf-chl-out-s: lirLLsjbspRdxUaRQuQlMdXi+B7yXbgHuH/pXwJ5yM3Q9OlcghjN0GASOD+OTjK0fL5EzdxinW9Wi8UJi/twbxP7NpiuJwq1k5RFJD1D0FzN3wKqMaoGrk0bWYjgWlbqqtQkBwMmJg6cXA6ge8xD9M36dbzEAnUhKlfuBoBYJRuBLNZlO/if4GiW2bSVH0lMnX9nuR4EzVBqAQ0c+iuc8fSDryuHmFsnD8bpO8sUIOzrNb76B2GH7udxAAfKWy0yNp660Ns4c1sQOdRAIvOMCB9KCJuL2gwgzdmOXIKbVQNUVB2b6XIhL/SU85FOQpoVMO2xHLcTuYmD41tJ4ghAMGvxqEVXr6uACGvhCRyIEuBtm+aYZaJhi2QIaNzLn4XOoiEigU6yS0xLWt/MPQ/UChngiNZz8LS231Ne2PVCxx7w/9Or/9sUP359DuTJIMm30xBMnp5fmdLbg3FFUsi/8v9auyGoH6lA49Bl7yl0H4Mz1S0nmpwFjR/WSl9fjpjFLuRgo/u1PCV3WAWgE+jsv03L7fZuqLICLrm+JVUpYJaccaACbtRMHy3NbO1wgNxuzPFRIhljiz6kk3I8NuK3mruMBVmgwdA+5h7HX6qe3TsddaQdtoJ/TrZpJklcwgY+$yHo6/kIvWvCUNKO3JUUBPg==
server: cloudflare
cf-ray: 875ebd007f6f569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

hudforsolutionsinc.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2h1ZGZvcnNvbHV0aW9uc2luYy5jb20iLCJkb21haW4iOiJodWRmb3Jzb2x1dGlvbnNpbmMuY29tIiwia2V5IjoibUJ3bTlZeDlOUWdBIiwicXJjIjoiY21hbXJha0BkY25keC5jb20iLCJpYXQiOjE3MTMzODEyNjksImV4cCI6MTcxMzM4MTM4OX0.sSvMgKiGuaTmlQJnX8gHo5Wg8OIxGtIBlRlSRN0qheY

31.220.31.168

0 B

URL
hudforsolutionsinc.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2h1ZGZvcnNvbHV0aW9uc2luYy5jb20iLCJkb21haW4iOiJodWRmb3Jzb2x1dGlvbnNpbmMuY29tIiwia2V5IjoibUJ3bTlZeDlOUWdBIiwicXJjIjoiY21hbXJha0BkY25keC5jb20iLCJpYXQiOjE3MTMzODEyNjksImV4cCI6MTcxMzM4MTM4OX0.sSvMgKiGuaTmlQJnX8gHo5Wg8OIxGtIBlRlSRN0qheY
IP
31.220.31.168:0
ASN
#47583 Hostinger International Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2h1ZGZvcnNvbHV0aW9uc2luYy5jb20iLCJkb21haW4iOiJodWRmb3Jzb2x1dGlvbnNpbmMuY29tIiwia2V5IjoibUJ3bTlZeDlOUWdBIiwicXJjIjoiY21hbXJha0BkY25keC5jb20iLCJpYXQiOjE3MTMzODEyNjksImV4cCI6MTcxMzM4MTM4OX0.sSvMgKiGuaTmlQJnX8gHo5Wg8OIxGtIBlRlSRN0qheY HTTP/1.1
Host: hudforsolutionsinc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://abbe3156.9b1fed916247e2ac344e288a.workers.dev/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Set-Cookie: qPdM=mBwm9Yx9NQgA; path=/; samesite=none; secure; httponly
qPdM.sig=0DdfdQ-dNHhH2_-b1MtLGQtxjlA; path=/; samesite=none; secure; httponly
location: /__//qyc/0cwvj/kfgpvkva?ste=eocotcm%40fepfz.eqo
Date: Wed, 17 Apr 2024 19:14:30 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked

hudforsolutionsinc.com/__//qyc/0cwvj/kfgpvkva?ste=eocotcm%40fepfz.eqo

31.220.31.168

2 B

URL
hudforsolutionsinc.com/__//qyc/0cwvj/kfgpvkva?ste=eocotcm%40fepfz.eqo
IP
31.220.31.168:0
ASN
#47583 Hostinger International Limited

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /__//qyc/0cwvj/kfgpvkva?ste=eocotcm%40fepfz.eqo HTTP/1.1
Host: hudforsolutionsinc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://abbe3156.9b1fed916247e2ac344e288a.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=mBwm9Yx9NQgA; qPdM.sig=0DdfdQ-dNHhH2_-b1MtLGQtxjlA
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Status: 302 Found
Location: /owa/0auth/migrate?qrc=cmamrak@dcndx.com
Content-Type: text/plain
Date: Wed, 17 Apr 2024 19:14:30 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked

hudforsolutionsinc.com/owa/0auth/migrate?qrc=cmamrak@dcndx.com

31.220.31.168

0 B

URL
hudforsolutionsinc.com/owa/0auth/migrate?qrc=cmamrak@dcndx.com
IP
31.220.31.168:0
ASN
#47583 Hostinger International Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /owa/0auth/migrate?qrc=cmamrak@dcndx.com HTTP/1.1
Host: hudforsolutionsinc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://abbe3156.9b1fed916247e2ac344e288a.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=mBwm9Yx9NQgA; qPdM.sig=0DdfdQ-dNHhH2_-b1MtLGQtxjlA
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
location: /
Set-Cookie: logondata=acc=0&lgn=cmamrak@dcndx.com;path=/
Date: Wed, 17 Apr 2024 19:14:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked

hudforsolutionsinc.com/

31.220.31.168

0 B

URL
hudforsolutionsinc.com/
IP
31.220.31.168:0
ASN
#47583 Hostinger International Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET / HTTP/1.1
Host: hudforsolutionsinc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://abbe3156.9b1fed916247e2ac344e288a.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=mBwm9Yx9NQgA; qPdM.sig=0DdfdQ-dNHhH2_-b1MtLGQtxjlA; logondata=acc=0&lgn=cmamrak@dcndx.com
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache
Pragma: no-cache
Location: https://hudforsolutionsinc.com/owa/
Server: Microsoft-IIS/10.0
X-FEServer: DCNSRV21-EX16
X-RequestId: 34ef3075-b1e2-42e2-92c6-8da024cac5c2
Date: Wed, 17 Apr 2024 19:14:32 GMT
Connection: close
Content-Length: 0

hudforsolutionsinc.com/owa/

31.220.31.168

222 B

URL
hudforsolutionsinc.com/owa/
IP
31.220.31.168:0
ASN
#47583 Hostinger International Limited

File type
HTML document, ASCII text, with CRLF line terminators
Size
222 B (222 bytes)
Hash
10304c15221dad4096954ee96fbf8703
8d8b513c6488118df84e144cc5fc76a7b4c8678c
a82803f65e67e655df5eec8375e3518f236bfc386f9f03e6abbb5534edbada15

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /owa/ HTTP/1.1
Host: hudforsolutionsinc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://abbe3156.9b1fed916247e2ac344e288a.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=mBwm9Yx9NQgA; qPdM.sig=0DdfdQ-dNHhH2_-b1MtLGQtxjlA; logondata=acc=0&lgn=cmamrak@dcndx.com
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
Location: https://hudforsolutionsinc.com/owa/auth/logon.aspx?url=https%3a%2f%2fmail.dcndx.com%2fowa%2f&reason=0
Server: Microsoft-IIS/10.0
request-id: 8fd785ef-8a13-4fb5-9ee4-43ae2cfeed12
X-OWA-Version: 15.1.2507.37
X-Powered-By: ASP.NET
X-FEServer: DCNSRV21-EX16
Date: Wed, 17 Apr 2024 19:14:32 GMT
Connection: close
content-length: 222

challenges.cloudflare.com/turnstile/v0/g/54ea73d52131/api.js?onload=onloadTurnstileCallback

104.17.3.184

200 OK

42 kB

URL GET HTTP/3
challenges.cloudflare.com/turnstile/v0/g/54ea73d52131/api.js?onload=onloadTurnstileCallback
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://abbe3156.9b1fed916247e2ac344e288a.workers.dev/?qrc=cmamrak@dcndx.com
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (42414)
Size
42 kB (41725 bytes)
Hash
374fec8b5e50cd6ab980f3fef21a5aa0
7f474607991a19b6f1b78cc32e0f75b501b60774
8af2da74872f03e058ab79a584176d2086afc01bbd42dd2ed14259179341be6a

HTTP Headers

GET /turnstile/v0/g/54ea73d52131/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://abbe3156.9b1fed916247e2ac344e288a.workers.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 19:14:23 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 875ebce37db7569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

hudforsolutionsinc.com/owa/auth/logon.aspx?url=https%3a%2f%2fmail.dcndx.com%2fowa%2f&reason=0

31.220.31.168

28 kB

URL
hudforsolutionsinc.com/owa/auth/logon.aspx?url=https%3a%2f%2fmail.dcndx.com%2fowa%2f&reason=0
IP
31.220.31.168:0
ASN
#47583 Hostinger International Limited

File type
HTML document, ASCII text, with very long lines (1062), with CRLF, LF line terminators
Size
28 kB (27974 bytes)
Hash
85d87435f892159d2059e5ea7127c198
4f8092392c6cd4259bb7c89c72a9ad9856267abc
54ac10e95c362be0dfdf9c3191ea6dc62249e21b1dc53db6988c2c152950082c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /owa/auth/logon.aspx?url=https%3a%2f%2fmail.dcndx.com%2fowa%2f&reason=0 HTTP/1.1
Host: hudforsolutionsinc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://abbe3156.9b1fed916247e2ac344e288a.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=mBwm9Yx9NQgA; qPdM.sig=0DdfdQ-dNHhH2_-b1MtLGQtxjlA; logondata=acc=0&lgn=cmamrak@dcndx.com
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/10.0
request-id: bdab0be2-1a9e-432e-93a8-681f327cee0e
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 17 Apr 2024 19:14:33 GMT
Connection: close
content-length: 27974

abbe3156.9b1fed916247e2ac344e288a.workers.dev/?qrc=cmamrak@dcndx.com

104.21.21.152

60 kB

URL
abbe3156.9b1fed916247e2ac344e288a.workers.dev/?qrc=cmamrak@dcndx.com
IP
104.21.21.152:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (3255), with no line terminators
Size
60 kB (60144 bytes)
Hash
d22e653365d8b34dfa996b5aeeb47950
10f8c033cbed063c0d2d78a0875f3297458110b2
006867f93cba8caac5d8b849643db2db1969a17d4b623bb5206a685858698cfe

HTTP Headers

GET /?qrc=cmamrak@dcndx.com HTTP/1.1
Host: abbe3156.9b1fed916247e2ac344e288a.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 17 Apr 2024 19:14:23 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R4SWjzqn1dQdbSLwQXZXSebSwgy6Q6noBN0POGb2lbK%2BIZWHwHcxrVB5g2dqcx4LRHdxnbGEYgStV1HVyE7lfMqoDEhSMEFS62vnACYfZhfHe5GruvThnQsVehwIvUidoD8rwlaR5gAXnYxwlOn9uyJX3CfxUP47smAooxjYUh8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875ebce22ab57127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/875ebce44f63569b/1713381264393/1b50ccbc716ff47ecd4f4f1a1ba523404826dfcae46b84b18c92bad7692c0ff5/S_SJZoIyefSRQ4k

104.17.3.184

401 Unauthorized

42 kB

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/875ebce44f63569b/1713381264393/1b50ccbc716ff47ecd4f4f1a1ba523404826dfcae46b84b18c92bad7692c0ff5/S_SJZoIyefSRQ4k
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/cnwy7/0x4AAAAAAAXZk7rBJwoGVTXO/auto/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
data
Size
42 kB (41561 bytes)
Hash
b5959a7238ba7b99a78f0dee63d85f24
d2ac252f6afedcd6e2e87fc17e84f5be59bfea17
97fdb6a2e44e383d9ac0a4b99c92243404380c04d05bcf59309e4257444cdfdc

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/pat/875ebce44f63569b/1713381264393/1b50ccbc716ff47ecd4f4f1a1ba523404826dfcae46b84b18c92bad7692c0ff5/S_SJZoIyefSRQ4k HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/cnwy7/0x4AAAAAAAXZk7rBJwoGVTXO/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 401 Unauthorized
date: Wed, 17 Apr 2024 19:14:24 GMT
content-type: text/plain; charset=UTF-8
www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gG1DMvHFv9H7NT08aG6UjQEgm38rka4SxjJK612ksD_UAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEArny_u1wyrVg8e-Kmwxyfb2WoiwwZ2VR7QAnot_CrcySq56Rui-jZM9090K9_dW6HmpAKhOjYXLCJ7g4U74G4z6SRM_YRj-GLp3EaBxay798DZIeAtv_N7Z9CHI_0VTYiqNXVm2z1bF5VtFasnv3JDaWb4yIjBd8vMfNUM4Y4nXXIeMIyXdVK2hlzVO8VxBkXca7UzhCq51WDKlSYPWUy9ieZTdwNf5Q49DwdF9woTnuKPY26TxVlEHMcf8JJiXLUR2bbdG-Qv1fqbwQloSjintj5uXWLsZd84bMpNedRNJBV22T0PgKNeip6oalvdYbaiHiyDATsKlA6-8KJ-CUQTQIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tIBtQzLxxb_R-zU9PGhulI0BIJt_K5GuEsYySutdpLA_1ABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEA1FEYykHcK8H9rb_u0aFz3CmWgYloQw4YhedoEOAjJ0vy2Axa4f9UG9Dzs4uXS34_h8l6MDo2nRCvLI9lvebilMnTjCn-6D77bewqYxJKUFZW1z2jBIdu03TrETczfEg7kxgKtJE9NXGDjYJcF_iMgzgNA0PEAVM89tUYXXlFy4cUAGlqU2mPpIEOxm5ARsXC-zlLK60fkJ4cOsZRkZa6EExdhmgdwQ0fEJuSOHrBO_-zJn4hUP8q9g4yqkxW2UrfJgD07F4HaHGBEiei06sGDvH2NEPvswEl5dTGxutNrxlU7W24iYhNa2nhjlc53nNb0mKtszv-czVE9UhXyJ7-RQIDAQAB", max-age=20
server: cloudflare
cf-ray: 875ebce939bb569b-OSL
alt-svc: h3=":443"; ma=86400

hudforsolutionsinc.com/owa/auth/15.1.2507/themes/resources/favicon.ico

31.220.31.168

200 OK

7.9 kB

URL GET HTTP/1.1
hudforsolutionsinc.com/owa/auth/15.1.2507/themes/resources/favicon.ico
IP
31.220.31.168:443
ASN
#47583 Hostinger International Limited

Requested by
https://hudforsolutionsinc.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.dcndx.com%2fowa%2f
Certificate
IssuerLet's Encrypt
Subjecthudforsolutionsinc.com
Fingerprint43:DB:AD:80:AB:B0:67:C0:64:CB:80:67:A8:35:84:C3:82:A2:84:A2
ValidityWed, 17 Apr 2024 10:28:47 GMT - Tue, 16 Jul 2024 10:28:46 GMT

File type
MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
Size
7.9 kB (7886 bytes)
Hash
759fade9033aa298629e4b000dcd6dde
34a1adf5c7326d7bde5b5735471b5d81e611c189
cf0808a61ec571e0c4975663903b288009d55502ac0445d9948983b339a5cf6e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /owa/auth/15.1.2507/themes/resources/favicon.ico HTTP/1.1
Host: hudforsolutionsinc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hudforsolutionsinc.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.dcndx.com%2fowa%2f
Cookie: qPdM=mBwm9Yx9NQgA; qPdM.sig=0DdfdQ-dNHhH2_-b1MtLGQtxjlA; logondata=acc=0&lgn=cmamrak@dcndx.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public,max-age=2592000
Content-Type: image/x-icon
Last-Modified: Sat, 26 Mar 2022 18:40:39 GMT
Accept-Ranges: bytes
ETag: "806d40fd4041d81:0"
Server: Microsoft-IIS/10.0
request-id: 33808d11-c599-449b-9221-c6d80ddc7b07
X-Powered-By: ASP.NET
Date: Wed, 17 Apr 2024 19:14:35 GMT
Connection: close
Content-Length: 7886

hudforsolutionsinc.com/owa/auth/15.1.2507/themes/resources/segoeui-regular.ttf

31.220.31.168

200 OK

57 kB

URL GET HTTP/1.1
hudforsolutionsinc.com/owa/auth/15.1.2507/themes/resources/segoeui-regular.ttf
IP
31.220.31.168:443
ASN
#47583 Hostinger International Limited

Requested by
https://hudforsolutionsinc.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.dcndx.com%2fowa%2f
Certificate
IssuerLet's Encrypt
Subjecthudforsolutionsinc.com
Fingerprint43:DB:AD:80:AB:B0:67:C0:64:CB:80:67:A8:35:84:C3:82:A2:84:A2
ValidityWed, 17 Apr 2024 10:28:47 GMT - Tue, 16 Jul 2024 10:28:46 GMT

File type
TrueType Font data, 18 tables, 1st "LTSH", 11 names, Microsoft, language 0x409, � 2010 Microsoft Corporation. All Rights Reserved.RegularSegoe UI RegularVersion 0.81 Build 159S
Size
57 kB (56760 bytes)
Hash
8af990b6ad3ba192c2dd6a193890bf5f
4db5bf117ff8f1392fab3b438216d7cff4ae4976
c147c2ec76a8ab8bd5082f1f4d3f80a43c689165cb164cdd812e44048fe38708

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /owa/auth/15.1.2507/themes/resources/segoeui-regular.ttf HTTP/1.1
Host: hudforsolutionsinc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hudforsolutionsinc.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.dcndx.com%2fowa%2f
Cookie: qPdM=mBwm9Yx9NQgA; qPdM.sig=0DdfdQ-dNHhH2_-b1MtLGQtxjlA; logondata=acc=0&lgn=cmamrak@dcndx.com
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public,max-age=2592000
Content-Type: application/octet-stream
Last-Modified: Sun, 20 Mar 2022 14:39:34 GMT
Accept-Ranges: bytes
ETag: "017f650683cd81:0"
Server: Microsoft-IIS/10.0
request-id: a91d7a50-980d-46cb-9e25-e136b2a89d57
X-Powered-By: ASP.NET
Date: Wed, 17 Apr 2024 19:14:35 GMT
Connection: close
Content-Length: 56760

abbe3156.9b1fed916247e2ac344e288a.workers.dev/favicon.ico

104.21.21.152

200 OK

3.3 kB

URL GET HTTP/3
abbe3156.9b1fed916247e2ac344e288a.workers.dev/favicon.ico
IP
104.21.21.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://abbe3156.9b1fed916247e2ac344e288a.workers.dev/?qrc=cmamrak@dcndx.com
Certificate
IssuerLet's Encrypt
Subject9b1fed916247e2ac344e288a.workers.dev
Fingerprint52:5B:40:D9:34:5A:76:10:9C:86:2D:EE:64:83:78:C4:A3:7B:29:59
ValidityWed, 17 Apr 2024 11:43:02 GMT - Tue, 16 Jul 2024 11:43:01 GMT

File type
HTML document, ASCII text, with very long lines (3271), with no line terminators
Size
3.3 kB (3255 bytes)
Hash
42e2e83133f6f5b29196e786e7dbc965
be5149126f032bf72354a7b1f54ccd7d2db6aaa5
38de13c52f9b952d29b608e92465c8b84faea87fec64b501e769ee6962c6fe67

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: abbe3156.9b1fed916247e2ac344e288a.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://abbe3156.9b1fed916247e2ac344e288a.workers.dev/?qrc=cmamrak@dcndx.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 19:14:24 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Iu%2BQskWs%2BEmXwJs2wbipEvxwpKyfgsAxpRXQUXAQYs%2BgD50uYlYLQT%2FobojpEx8gfkWsBZr%2BW7bYGBAmvioHfFLmPlKhE5Y4zNy0zIme4YlNtQyoeiRiRWrqq7B0xs6%2FhY00ccy9cmIJ1MV4BsTNRDzc4fJKm%2FB%2F8p36QTclPXU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875ebce41a56b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D

104.17.3.184

200 OK

61 B

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/cnwy7/0x4AAAAAAAXZk7rBJwoGVTXO/auto/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Size
61 B (61 bytes)
Hash
9246cca8fc3c00f50035f28e9f6b7f7d
3aa538440f70873b574f40cd793060f53ec17a5d
c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/cnwy7/0x4AAAAAAAXZk7rBJwoGVTXO/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 19:14:24 GMT
content-type: image/png
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 875ebce4e891569b-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/875ebce44f63569b/1713381264393/o4wOxGaAlm4HgKY

104.17.3.184

200 OK

61 B

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/875ebce44f63569b/1713381264393/o4wOxGaAlm4HgKY
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/cnwy7/0x4AAAAAAAXZk7rBJwoGVTXO/auto/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
PNG image data, 9 x 80, 8-bit/color RGB, non-interlaced
Size
61 B (61 bytes)
Hash
ffbcfc1568b18ffa164255adb76c6b4d
71b18639bc6846be60872a9161696f78d5ed8f64
f6217f881623a2f5c349edca38b1c65508c9c78525615737f298ed0927b51833

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/i/875ebce44f63569b/1713381264393/o4wOxGaAlm4HgKY HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/cnwy7/0x4AAAAAAAXZk7rBJwoGVTXO/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 19:14:24 GMT
content-type: image/png
server: cloudflare
cf-ray: 875ebce90942569b-OSL
alt-svc: h3=":443"; ma=86400

hudforsolutionsinc.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.dcndx.com%2fowa%2f

31.220.31.168

200 OK

59 kB

URL User Request GET HTTP/1.1
hudforsolutionsinc.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.dcndx.com%2fowa%2f
IP
31.220.31.168:443
ASN
#47583 Hostinger International Limited

Certificate
IssuerLet's Encrypt
Subjecthudforsolutionsinc.com
Fingerprint43:DB:AD:80:AB:B0:67:C0:64:CB:80:67:A8:35:84:C3:82:A2:84:A2
ValidityWed, 17 Apr 2024 10:28:47 GMT - Tue, 16 Jul 2024 10:28:46 GMT

File type
HTML document, ASCII text, with very long lines (10414), with CRLF, LF line terminators
Size
59 kB (58794 bytes)
Hash
8dedc1b412824afd220588ad9175b834
e58ac8576ece37aad03628a7e39efeaccb05c929
630fdf2ca435475e7de47f3d99a644b7461a11c1c18ee8d27437525d7b5db0a5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.dcndx.com%2fowa%2f HTTP/1.1
Host: hudforsolutionsinc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hudforsolutionsinc.com/owa/auth/logon.aspx?url=https%3a%2f%2fmail.dcndx.com%2fowa%2f&reason=0
Cookie: qPdM=mBwm9Yx9NQgA; qPdM.sig=0DdfdQ-dNHhH2_-b1MtLGQtxjlA; logondata=acc=0&lgn=cmamrak@dcndx.com
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/10.0
request-id: 06533ad0-abb4-4bd3-97c8-45da897e6f42
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 17 Apr 2024 19:14:34 GMT
Connection: close
content-length: 58794

hudforsolutionsinc.com/owa/auth/15.1.2507/themes/resources/segoeui-semilight.ttf

31.220.31.168

200 OK

42 kB

URL GET HTTP/1.1
hudforsolutionsinc.com/owa/auth/15.1.2507/themes/resources/segoeui-semilight.ttf
IP
31.220.31.168:443
ASN
#47583 Hostinger International Limited

Requested by
https://hudforsolutionsinc.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.dcndx.com%2fowa%2f
Certificate
IssuerLet's Encrypt
Subjecthudforsolutionsinc.com
Fingerprint43:DB:AD:80:AB:B0:67:C0:64:CB:80:67:A8:35:84:C3:82:A2:84:A2
ValidityWed, 17 Apr 2024 10:28:47 GMT - Tue, 16 Jul 2024 10:28:46 GMT

File type
TrueType Font data, 16 tables, 1st "OS/2", 11 names, Microsoft, language 0x409, � 2010 Microsoft Corporation. All Rights Reserved.RegularSegoe UI SemilightVersion 1.00 build 16
Size
42 kB (41560 bytes)
Hash
6c26c24aabe31040657665b1e0d9505c
b3bdc48643752665e3e5798a192b27432a87d234
2d508a6e8979bba74b6fdf804c01a09a620c781e0fea73a8eefda904f5bcab25

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /owa/auth/15.1.2507/themes/resources/segoeui-semilight.ttf HTTP/1.1
Host: hudforsolutionsinc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hudforsolutionsinc.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.dcndx.com%2fowa%2f
Cookie: qPdM=mBwm9Yx9NQgA; qPdM.sig=0DdfdQ-dNHhH2_-b1MtLGQtxjlA; logondata=acc=0&lgn=cmamrak@dcndx.com
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public,max-age=2592000
Content-Type: application/octet-stream
Last-Modified: Sun, 20 Mar 2022 14:41:26 GMT
Accept-Ranges: bytes
ETag: "0efb793683cd81:0"
Server: Microsoft-IIS/10.0
request-id: d0a9b68f-a092-44b6-a9b6-cd2776dc8560
X-Powered-By: ASP.NET
Date: Wed, 17 Apr 2024 19:14:35 GMT
Connection: close
Content-Length: 41560

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=875ebce44f63569b

104.17.3.184

200 OK

428 kB

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=875ebce44f63569b
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/cnwy7/0x4AAAAAAAXZk7rBJwoGVTXO/auto/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
428 kB (428076 bytes)
Hash
3313f638a442359dd4f1460097f0bf83
e7baf754bb756f5fcdf7ce0953d06814dd1c1595
c48936d7aa586638159ecfed209a6b55c5fae6c96fcbebc43f1a4f27c606f327

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=875ebce44f63569b HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/cnwy7/0x4AAAAAAAXZk7rBJwoGVTXO/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 19:14:24 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
server: cloudflare
cf-ray: 875ebce4e897569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/cnwy7/0x4AAAAAAAXZk7rBJwoGVTXO/auto/normal

104.17.3.184

200 OK

80 kB

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/cnwy7/0x4AAAAAAAXZk7rBJwoGVTXO/auto/normal
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://abbe3156.9b1fed916247e2ac344e288a.workers.dev/?qrc=cmamrak@dcndx.com
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (41702)
Size
80 kB (80016 bytes)
Hash
ed4128431f0c84c1d1192642b6e0031c
71542eef5fa5389e9b0300ee873fadb385948654
9923b6e7fbea4642c5e0cc21d48c444e18b78db2bf5dedb1e02ffc8437c0d601

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/cnwy7/0x4AAAAAAAXZk7rBJwoGVTXO/auto/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://abbe3156.9b1fed916247e2ac344e288a.workers.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 19:14:24 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
document-policy: js-profiling
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare
cf-ray: 875ebce44f63569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (27)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash