| challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback |  104.17.3.184 | | 0 B |
URL challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback IP104.17.3.184:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3ddc47ac.6d2e589211c0928645bd553e.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Fri, 10 May 2024 13:59:41 GMT
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, public
cross-origin-resource-policy: cross-origin
location: /turnstile/v0/g/1b3559406bc8/api.js
vary: Accept-Encoding
server: cloudflare
cf-ray: 881a73869d291c0e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D | 104.17.3.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D IP104.17.3.184:0
File typePNG image data, 2 x 2, 8-bit/color RGB, non-interlaced Hash9246cca8fc3c00f50035f28e9f6b7f7d 3aa538440f70873b574f40cd793060f53ec17a5d c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84
GET /cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/1cm4t/0x4AAAAAAAYt4FhnWY1SjmrS/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 13:59:42 GMT
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 881a73880dc45697-OSL
alt-svc: h3=":443"; ma=86400
|
|
| 3ddc47ac.6d2e589211c0928645bd553e.workers.dev/?qrc=michael@obbpictures.com |  172.67.201.254 | 200 OK | 16 kB |
URL User Request POST HTTP/33ddc47ac.6d2e589211c0928645bd553e.workers.dev/?qrc=michael@obbpictures.com IP172.67.201.254:443
CertificateIssuerGoogle Trust Services LLC Subject6d2e589211c0928645bd553e.workers.dev Fingerprint35:77:55:8C:C0:B8:75:C5:15:2E:9A:77:6D:A7:31:38:73:3B:A6:14 ValidityMon, 29 Apr 2024 15:39:04 GMT - Sun, 28 Jul 2024 15:39:03 GMT
File typeHTML document, ASCII text, with very long lines (3255), with no line terminators Hash22ce1585d61e28bdc35623fab27c880f 228be3ef0c1b2d927f4c940fd01bb7420d61ba72 46105f6ec31f1f810658d69596dc724cba70cc7ce94674ab964727f725283cdb
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Office365 |
GET /?qrc=michael@obbpictures.com HTTP/1.1
Host: 3ddc47ac.6d2e589211c0928645bd553e.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 13:59:41 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F0HYGvMMbGCsUB0ZgUFUJ9ZJZGxpH0VAVFPNFSEiPdFOi7V4QEBGen92HqjPuRgYL3GvrCAcaBA3oTujr3rjBSE7Ue8c5g04raW%2BbgAE3vi0RKOWglyxBgWTaf4%2BgNUlA7kGTAkilKj7h7GnLGe8ldTGmiovqnn4ZOlpwv1Qau8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881a7384fc990b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/1cm4t/0x4AAAAAAAYt4FhnWY1SjmrS/auto/normal | 104.17.3.184 | | 152 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/1cm4t/0x4AAAAAAAYt4FhnWY1SjmrS/auto/normal IP104.17.3.184:0
File typeHTML document, ASCII text, with very long lines (42150) Size152 kB (151472 bytes) Hash010899c970c9fa184b3084520639ca45 79d18ef9442cfa5f7f1d048d17f1cf729147a5ea 3565bc3105ce4d062c1ab940d45b9dc3bbbd46397a98e6863f3b243b1ece3104
GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/1cm4t/0x4AAAAAAAYt4FhnWY1SjmrS/auto/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3ddc47ac.6d2e589211c0928645bd553e.workers.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 13:59:42 GMT
content-type: text/html; charset=UTF-8
origin-agent-cluster: ?1
content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self'
cross-origin-opener-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
document-policy: js-profiling
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare
cf-ray: 881a73877d2b5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/881a73877d2b5697/1715349582412/1e4510fa674583e187bbc790583bfe293d91a860869c192a34a9e7a6ef1099f0/hg_l6v_sde447le | 104.17.3.184 | | 1 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/881a73877d2b5697/1715349582412/1e4510fa674583e187bbc790583bfe293d91a860869c192a34a9e7a6ef1099f0/hg_l6v_sde447le IP104.17.3.184:0
File typevery short file (no magic) Hashff44570aca8241914870afbc310cdb85 58668e7669fd564d99db5d581fcdb6a5618440b5 6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5
GET /cdn-cgi/challenge-platform/h/g/pat/881a73877d2b5697/1715349582412/1e4510fa674583e187bbc790583bfe293d91a860869c192a34a9e7a6ef1099f0/hg_l6v_sde447le HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/1cm4t/0x4AAAAAAAYt4FhnWY1SjmrS/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 401 Unauthorized
date: Fri, 10 May 2024 13:59:43 GMT
content-type: text/plain; charset=UTF-8
content-length: 1
www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gHkUQ-mdFg-GHu8eQWDv-KT2RqGCGnBkqNKnnpu8QmfAAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAwJNLx-F--HQ4G6w81Lqhm55Wqle9iE4E64E37YL7QkK_ylJ-Dsmf1v3knq_MpBi8JncpUaWMssdL2Aha6xVtTuit-n3zEDZCW0VR_73N-Mc6DxdptQ_jsmIxis7apwux2f5L0gN0Z4K9C36tRcIL-chm-gijHvxrbhcCYusNwrgAlFaiqNWBqxKTiuPduHX4CNzNb7BAiNPz7ppY7Xn1WjmxSB-BaqSVLCYtDy-Mw41UBzE3QEcVUcRH9er-MksFvohzvhlnTTonFaMyAUYx3d_uCdDannmVQhRsm-aJs_P_GGe1TX3e9g5Sy-NmhGrro0kncbPlfTwFxa8SwJ5-8QIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tIB5FEPpnRYPhh7vHkFg7_ik9kahghpwZKjSp56bvEJnwABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAi_Bv1vvWWnyuOfVJgRV-AQLxEJECUUmMRrMnYz-gJA-oMd79ajvP3atoTZqB_EsZIq7SMmpbCRFhPolqzIrtXh7AF1Q-ZWY2RoRVRgKr7d6iJMZ49iZUmbz837eqBZJrEMuXftZmY35str5sb0GjzklF8z_hcQJC9vancYXncsYoiMDaROW0tLwSQA9BGfbmA6GlbVj4XH8DH19cKifxmO6RlIPPKlL1KmZbrRakkpuqvJO2-x1Zc2S5GCpponuvQTqJQH8Ud9loZLI75e-Xa9KAUNtBTM0t9WSEsv8cSJLV1BPBVTy1lOnwghofw4fqmlYv6CXClzAUqWouSTJ7uwIDAQAB", max-age=20
server: cloudflare
cf-ray: 881a7392ea565697-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/881a73877d2b5697/1715349582415/KYBS8MDb6J9oNaV | 104.17.3.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/881a73877d2b5697/1715349582415/KYBS8MDb6J9oNaV IP104.17.3.184:0
File typePNG image data, 2 x 77, 8-bit/color RGB, non-interlaced Hash0f50bebdc1f029b06e77665eb4cd363a 737c2561947febc4504eae60493a3fd68fcdf288 3bb2dae90b008b44c84e0e4ecf69bd6d60ff846a4eb2d5f4253bf92247faec58
GET /cdn-cgi/challenge-platform/h/g/i/881a73877d2b5697/1715349582415/KYBS8MDb6J9oNaV HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/1cm4t/0x4AAAAAAAYt4FhnWY1SjmrS/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 13:59:43 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 881a73932ad15697-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/50841967:1715346657:58YMgSjm18jv8ru0daEGvHi0bxvw2UJg2Fg3piHoaKU/881a73877d2b5697/be64bc3825fd7b5 | 104.17.3.184 | | 87 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/50841967:1715346657:58YMgSjm18jv8ru0daEGvHi0bxvw2UJg2Fg3piHoaKU/881a73877d2b5697/be64bc3825fd7b5 IP104.17.3.184:0
File typeASCII text, with very long lines (65536), with no line terminators Hashd14b97f0558b6dca6b8600944451325b c516d5eb61ad5f03a0df6a952003fd0dd38474d2 ffad1a79c3c216b2439c84d8a4261077065b43541530b852a0c1c9d6cdb4216e
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/50841967:1715346657:58YMgSjm18jv8ru0daEGvHi0bxvw2UJg2Fg3piHoaKU/881a73877d2b5697/be64bc3825fd7b5 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/1cm4t/0x4AAAAAAAYt4FhnWY1SjmrS/auto/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: be64bc3825fd7b5
Content-Length: 2634
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 13:59:42 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: pjDNlsqJoHUxTDk4CTUtfo1frbyNdPUD/998TESwgk+NRcjCRh1JzIj1jvMIzXgkK3iAVdckJSUcf3qv9TL15Vz6Hojz6ngq0+SayG0jAVhDERNoRNT9zkInls3v54Z9It94h3/+JO9PdKu19A1OP2b5dqk6+FrfCpPudXhEVILgvooCKCGooK/oASzFW/E22NUIRCa9emsZG0PiOp8PYU2tcQfxz3Kdvh6NuCL7+EwPedDv1Wn4W/SLOEeo7TLPe4b747ohgquCSlCOfrbxM2xd/fUzRdSZ8NlKzq9M5yqdme6YEx1cGMS5zeJY6WTWAx1h7yw3x9tEupEfAcIJW/1JfvZT5pUEyZaRIXDTBYNfX87JoYaifm/6nP2p+JlAKe8ffL9IV0Tcr1BY9wNASvsVmR1Gql3qIYlf0Fc1exMRekH1J9Uv5VTZuhVVq8na$UXAMh5Le2SAB8Jt9sOIDag==
server: cloudflare
cf-ray: 881a7389ffd95697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| marvelcakemarvelcake.us/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL21hcnZlbGNha2VtYXJ2ZWxjYWtlLnVzIiwiZG9tYWluIjoibWFydmVsY2FrZW1hcnZlbGNha2UudXMiLCJrZXkiOiJlMWJ0OU9yeUh0ak8iLCJxcmMiOiJtaWNoYWVsQG9iYnBpY3R1cmVzLmNvbSIsImlhdCI6MTcxNTM0OTU4OCwiZXhwIjoxNzE1MzQ5NzA4fQ.a10hKEzQ8AT8AWyTcXfcG2RXyEeb-osLBpyCR5vSJ88 |  5.230.73.190 | 302 Found | 0 B |
URL GET HTTP/1.1marvelcakemarvelcake.us/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL21hcnZlbGNha2VtYXJ2ZWxjYWtlLnVzIiwiZG9tYWluIjoibWFydmVsY2FrZW1hcnZlbGNha2UudXMiLCJrZXkiOiJlMWJ0OU9yeUh0ak8iLCJxcmMiOiJtaWNoYWVsQG9iYnBpY3R1cmVzLmNvbSIsImlhdCI6MTcxNTM0OTU4OCwiZXhwIjoxNzE1MzQ5NzA4fQ.a10hKEzQ8AT8AWyTcXfcG2RXyEeb-osLBpyCR5vSJ88 IP5.230.73.190:443
Requested byhttps://3ddc47ac.6d2e589211c0928645bd553e.workers.dev/?qrc=michael@obbpictures.com CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL21hcnZlbGNha2VtYXJ2ZWxjYWtlLnVzIiwiZG9tYWluIjoibWFydmVsY2FrZW1hcnZlbGNha2UudXMiLCJrZXkiOiJlMWJ0OU9yeUh0ak8iLCJxcmMiOiJtaWNoYWVsQG9iYnBpY3R1cmVzLmNvbSIsImlhdCI6MTcxNTM0OTU4OCwiZXhwIjoxNzE1MzQ5NzA4fQ.a10hKEzQ8AT8AWyTcXfcG2RXyEeb-osLBpyCR5vSJ88 HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3ddc47ac.6d2e589211c0928645bd553e.workers.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Set-Cookie: qPdM=e1bt9OryHtjO; path=/; samesite=none; secure; httponly
qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; path=/; samesite=none; secure; httponly
location: /?qrc=michael%40obbpictures.com
Date: Fri, 10 May 2024 13:59:48 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked
|
|
| marvelcakemarvelcake.us/?qrc=michael%40obbpictures.com | 5.230.73.190 | 302 Moved Temporarily | 0 B |
URL GET HTTP/1.1marvelcakemarvelcake.us/?qrc=michael%40obbpictures.com IP5.230.73.190:443
Requested byhttps://3ddc47ac.6d2e589211c0928645bd553e.workers.dev/?qrc=michael@obbpictures.com CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /?qrc=michael%40obbpictures.com HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3ddc47ac.6d2e589211c0928645bd553e.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache
Pragma: no-cache
Location: https://marvelcakemarvelcake.us/owa/?login_hint=michael%40obbpictures.com
Server: Microsoft-IIS/10.0
request-id: 59e7e3d1-bdf1-9d5d-714d-bfec071e8f36
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-FEServer: FR0P281CA0201, FR0P281CA0201
X-RequestId: 22691d38-7f25-4494-8816-46f703f5c065
X-FEProxyInfo: FR0P281CA0201.DEUP281.PROD.OUTLOOK.COM
X-FEEFZInfo: HHN
MS-CV: 0ePnWfG9XZ1xTb/sBx6PNg.0
X-Powered-By: ASP.NET
Date: Fri, 10 May 2024 13:59:48 GMT
Connection: close
Content-Length: 0
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|
| marvelcakemarvelcake.us/owa/?login_hint=michael%40obbpictures.com | 5.230.73.190 | 302 Found | 1.4 kB |
URL GET HTTP/1.1marvelcakemarvelcake.us/owa/?login_hint=michael%40obbpictures.com IP5.230.73.190:443
Requested byhttps://3ddc47ac.6d2e589211c0928645bd553e.workers.dev/?qrc=michael@obbpictures.com CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
File typeHTML document, ASCII text, with very long lines (808), with CRLF, LF line terminators Hash452b73e674717a71b8ac6e41388edf35 b6ce20209dba72f54a8945a7d1c07dbf3ba11e0f 2c966ab32be9a7290f622ed1c8b8b4e9bcb9bf3d26d31ad220c23e4d18b67512
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /owa/?login_hint=michael%40obbpictures.com HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3ddc47ac.6d2e589211c0928645bd553e.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
content-length: 1388
Content-Type: text/html; charset=utf-8
Location: https://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1taWNoYWVsJTQwb2JicGljdHVyZXMuY29tJmNsaWVudC1yZXF1ZXN0LWlkPWQ2NjgzMmMzLWJjOTctNDZlNi05Njc0LWI3YWYzNWE5YTlkZSZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg1MDk0NjM4ODcxOTc0MjAuMjU3MDljZWMtMDVhNy00NjJlLTg3MTMtMzgyNjMzYjkyMmU1JnN0YXRlPURZdExEc0l3REFVVE9Bc2JwTFRHLVRoWklJNkNFaXVpa2RxbWdsYTlQbDdNbThYVGFLWFVWYmdJR21RVUJSczlKQ2VLOUVqa0VBYjBCSWtyR19DWmpBdFlqWHpXMklqQjJwSVFxOWZTM3NkLTV2RTE5MDliMzFOYjktZlNlTXAxdmpub3BXeU45LU5iZndQMzVROA==
Server: Microsoft-IIS/10.0
request-id: d66832c3-bc97-46e6-9674-b7af35a9a9de
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Alt-Svc: h3=":443";ma=2592000,h3-29=":443";ma=2592000
X-CalculatedFETarget: BE1P281CU019.internal.outlook.com
X-BackEndHttpStatus: 302, 302
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: ClientId=1D38D54DA4AA42B489D2E1334826CB6B; expires=Sat, 10-May-2025 13:59:48 GMT; path=/;SameSite=None; secure
ClientId=1D38D54DA4AA42B489D2E1334826CB6B; expires=Sat, 10-May-2025 13:59:48 GMT; path=/;SameSite=None; secure
OIDC=1; expires=Sun, 10-Nov-2024 13:59:48 GMT; path=/;SameSite=None; secure; HttpOnly
RoutingKeyCookie=; expires=Tue, 10-May-1994 13:59:48 GMT; path=/; secure
OpenIdConnect.token.v1=; expires=Tue, 10-May-1994 13:59:48 GMT; path=/; secure
OpenIdConnect.token.v1=; domain=marvelcakemarvelcake.us; expires=Tue, 10-May-1994 13:59:48 GMT; path=/; secure
OpenIdConnect.id_token.v1=; expires=Tue, 10-May-1994 13:59:48 GMT; path=/; secure
OpenIdConnect.code.v1=; expires=Tue, 10-May-1994 13:59:48 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; expires=Tue, 10-May-1994 13:59:48 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; expires=Tue, 10-May-1994 13:59:48 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; expires=Tue, 10-May-1994 13:59:48 GMT; path=/; secure
OpenIdConnect.id_token.v1=; domain=marvelcakemarvelcake.us; expires=Tue, 10-May-1994 13:59:48 GMT; path=/; secure
OpenIdConnect.code.v1=; domain=marvelcakemarvelcake.us; expires=Tue, 10-May-1994 13:59:48 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; domain=marvelcakemarvelcake.us; expires=Tue, 10-May-1994 13:59:48 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; domain=marvelcakemarvelcake.us; expires=Tue, 10-May-1994 13:59:48 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; domain=marvelcakemarvelcake.us; expires=Tue, 10-May-1994 13:59:48 GMT; path=/; secure
OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; expires=Fri, 10-May-2024 14:59:48 GMT; path=/;SameSite=None; secure; HttpOnly
HostSwitchPrg=; expires=Tue, 10-May-1994 13:59:48 GMT; path=/; secure
OptInPrg=; expires=Tue, 10-May-1994 13:59:48 GMT; path=/; secure
SuiteServiceProxyKey=; expires=Tue, 10-May-1994 13:59:48 GMT; path=/; secure
ClientId=1D38D54DA4AA42B489D2E1334826CB6B; expires=Sat, 10-May-2025 13:59:48 GMT; path=/;SameSite=None; secure
OIDC=1; expires=Sun, 10-Nov-2024 13:59:48 GMT; path=/;SameSite=None; secure; HttpOnly
RoutingKeyCookie=; expires=Tue, 10-May-1994 13:59:48 GMT; path=/; secure
OpenIdConnect.token.v1=; expires=Tue, 10-May-1994 13:59:48 GMT; path=/; secure
OpenIdConnect.token.v1=; domain=marvelcakemarvelcake.us; expires=Tue, 10-May-1994 13:59:48 GMT; path=/; secure
OpenIdConnect.id_token.v1=; expires=Tue, 10-May-1994 13:59:48 GMT; path=/; secure
OpenIdConnect.code.v1=; expires=Tue, 10-May-1994 13:59:48 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; expires=Tue, 10-May-1994 13:59:48 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; expires=Tue, 10-May-1994 13:59:48 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; expires=Tue, 10-May-1994 13:59:48 GMT; path=/; secure
OpenIdConnect.id_token.v1=; domain=marvelcakemarvelcake.us; expires=Tue, 10-May-1994 13:59:48 GMT; path=/; secure
OpenIdConnect.code.v1=; domain=marvelcakemarvelcake.us; expires=Tue, 10-May-1994 13:59:48 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; domain=marvelcakemarvelcake.us; expires=Tue, 10-May-1994 13:59:48 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; domain=marvelcakemarvelcake.us; expires=Tue, 10-May-1994 13:59:48 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; domain=marvelcakemarvelcake.us; expires=Tue, 10-May-1994 13:59:48 GMT; path=/; secure
OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; expires=Fri, 10-May-2024 14:59:48 GMT; path=/;SameSite=None; secure; HttpOnly
HostSwitchPrg=; expires=Tue, 10-May-1994 13:59:48 GMT; path=/; secure
OptInPrg=; expires=Tue, 10-May-1994 13:59:48 GMT; path=/; secure
SuiteServiceProxyKey=; expires=Tue, 10-May-1994 13:59:48 GMT; path=/; secure
X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag; expires=Fri, 10-May-2024 20:01:48 GMT; path=/;SameSite=None; secure; HttpOnly
X-CalculatedBETarget: BEYP281MB4560.DEUP281.PROD.OUTLOOK.COM
X-RUM-Validated: 1
X-RUM-NotUpdateQueriedPath: 1
X-RUM-NotUpdateQueriedDbCopy: 1
X-BeSku: WCS7
X-OWA-DiagnosticsInfo: 2;0;0
X-IIDs: 0
X-BackEnd-Begin: 2024-05-10T13:59:48.719
X-BackEnd-End: 2024-05-10T13:59:48.719
X-DiagInfo: BEYP281MB4560
X-BEServer: BEYP281MB4560
X-UA-Compatible: IE=EmulateIE7
X-Proxy-RoutingCorrectness: 1
X-Proxy-BackendServerStatus: 302
X-FEProxyInfo: FR0P281CA0204.DEUP281.PROD.OUTLOOK.COM
X-FEEFZInfo: HHN
X-FEServer: BE1P281CA0234, FR0P281CA0204
NEL: {"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
X-FirstHopCafeEFZ: HHN
Date: Fri, 10 May 2024 13:59:48 GMT
Connection: close
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|
| 3ddc47ac.6d2e589211c0928645bd553e.workers.dev/?qrc=michael@obbpictures.com | 172.67.201.254 | 200 OK | 9.0 kB |
URL User Request POST HTTP/33ddc47ac.6d2e589211c0928645bd553e.workers.dev/?qrc=michael@obbpictures.com IP172.67.201.254:443
CertificateIssuerGoogle Trust Services LLC Subject6d2e589211c0928645bd553e.workers.dev Fingerprint35:77:55:8C:C0:B8:75:C5:15:2E:9A:77:6D:A7:31:38:73:3B:A6:14 ValidityMon, 29 Apr 2024 15:39:04 GMT - Sun, 28 Jul 2024 15:39:03 GMT
File typeHTML document, ASCII text, with very long lines (1192), with no line terminators Hashed3baa5f1d6e026b8527750f4bd5693f d263d42dc8c5b2cabb6b1ba85ecea744c11a8b7a 7436f97693b9fe87148d361d4606af25ff1fce333c952c6762f3785f89b922af
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Office365 |
POST /?qrc=michael@obbpictures.com HTTP/1.1
Host: 3ddc47ac.6d2e589211c0928645bd553e.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 582
Origin: https://3ddc47ac.6d2e589211c0928645bd553e.workers.dev
DNT: 1
Connection: keep-alive
Referer: https://3ddc47ac.6d2e589211c0928645bd553e.workers.dev/?qrc=michael@obbpictures.com
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 13:59:48 GMT
content-type: text/html;
status: 200
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fdPiMWNFoskPBDZLVrAKKiHU2vkGgZ0zR%2FIlEjB6Et3eOuu5p1fA60cCJRopoTEJ1PQzmlZlxYd6jM7Wxa0DmeXpu8ko7Ck%2Broh%2FBDGzMrD1SBgOARP%2FCD9Nw1QkVj3ySKaSAbzAoBYmF4hn7qTlIdcXp947DbqbJnTrTUEWgqA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881a73a9e90f569a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj | 5.230.73.190 | 200 OK | 49 kB |
URL GET HTTP/1.1marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj IP5.230.73.190:443
Requested byhttps://3ddc47ac.6d2e589211c0928645bd553e.workers.dev/?qrc=michael@obbpictures.com CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (31337) Hash24cd04044a5c5fa6f4bf8955e36ca639 bd2af793255e8744eb7ce91b41aa83e8ce71ec6a 3be18c43d4386896e838fab1045c2e0e8e9c64d7e4883bca7ffca64e4f53c678
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3ddc47ac.6d2e589211c0928645bd553e.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; ClientId=1D38D54DA4AA42B489D2E1334826CB6B; OIDC=1; OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag; buid=0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_7KISNINyIoLSGH_WYFs3VcZF27NMbzhEVbal0jhawZuzBNH9LoxDuxxn0A2r1uw_DOrYwjz_Xls2QIzO3c4GhAD8r5jVWuyKTmEftq89ikgAA; fpc=Ahna59r_JqdFuwMtjwffy_WerOTJAQAAAFQf0N0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8aWZI_dYbanJlRaY5FqD7vjEESWiom4a7UPSAbDs2v_OZXGnkOSlf4Al810PHEm-J0nGBaGSS4RMAt6OYdkstIy1T8YZH8EzDuWYPodz7AeEmNMJMVUHodbqF4WXyjk3ofKUNSOrlEOtZc7EuUK85L-JHDvpNgGCyPDaHY9-dYscgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
expect-ct: max-age=0
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
referrer-policy: no-referrer
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
x-envoy-upstream-service-time: 23
Server: envoy
Vary: Accept-Encoding
Content-Encoding: gzip
Expires: Fri, 10 May 2024 13:59:49 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 10 May 2024 13:59:49 GMT
Transfer-Encoding: chunked
Connection: close, Transfer-Encoding
Set-Cookie: pathway=f0dc62a1-f886-4460-b349-49445f081e97; Domain=marvelcakemarvelcake.us; Path=/; Expires=Fri, 10 May 2024 14:19:49 GMT
fb_sessiontraffic=S_TOUCH=&pathway=f0dc62a1-f886-4460-b349-49445f081e97&V_DATE=&pc=0; Domain=marvelcakemarvelcake.us; Path=/; Expires=Fri, 10 May 2024 14:19:49 GMT
visitor=vid=f0dc62a1-f886-4460-b349-49445f081e97; Domain=marvelcakemarvelcake.us; Path=/; Expires=Sat, 10 May 2025 13:59:49 GMT
|
|
| marvelcakemarvelcake.us/identity-static-assets/_next/static/css/95c2f81e5812e203.css | 5.230.73.190 | 200 OK | 418 B |
URL GET HTTP/1.1marvelcakemarvelcake.us/identity-static-assets/_next/static/css/95c2f81e5812e203.css IP5.230.73.190:443
Requested byhttps://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
File typeASCII text, with very long lines (2521), with no line terminators Hash798aacb1ff37348b6f7bfbb362fb7bcd 4640d8ad40d3676ace09ddc27d88b5a68556c0a0 565515d221be71be8857e7865e473279a4524f76f312dcb4f3a5851bce1420f5
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /identity-static-assets/_next/static/css/95c2f81e5812e203.css HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; ClientId=1D38D54DA4AA42B489D2E1334826CB6B; OIDC=1; OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag; buid=0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_7KISNINyIoLSGH_WYFs3VcZF27NMbzhEVbal0jhawZuzBNH9LoxDuxxn0A2r1uw_DOrYwjz_Xls2QIzO3c4GhAD8r5jVWuyKTmEftq89ikgAA; fpc=Ahna59r_JqdFuwMtjwffy_WerOTJAQAAAFQf0N0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8aWZI_dYbanJlRaY5FqD7vjEESWiom4a7UPSAbDs2v_OZXGnkOSlf4Al810PHEm-J0nGBaGSS4RMAt6OYdkstIy1T8YZH8EzDuWYPodz7AeEmNMJMVUHodbqF4WXyjk3ofKUNSOrlEOtZc7EuUK85L-JHDvpNgGCyPDaHY9-dYscgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Accept-Ranges: bytes
Content-Encoding: br
ETag: "798aacb1ff37348b6f7bfbb362fb7bcd:1711610659.142134"
Last-Modified: Thu, 28 Mar 2024 08:18:24 GMT
Vary: Accept-Encoding
Content-Length: 418
Cache-Control: max-age=31536000
Date: Fri, 10 May 2024 13:59:50 GMT
Connection: close
Server-Timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1715349590378_34824380_160823440_19_1336_26_33_-";dur=1
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
|
|
| marvelcakemarvelcake.us/wrhs/65e723d1323a15a62b64824a8d885bac/uxcore2.min.css | 5.230.73.190 | 200 OK | 19 kB |
URL GET HTTP/1.1marvelcakemarvelcake.us/wrhs/65e723d1323a15a62b64824a8d885bac/uxcore2.min.css IP5.230.73.190:443
Requested byhttps://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
File typeUnicode text, UTF-8 text, with very long lines (65527), with no line terminators Hashb2b4f015b4e7eb5a7730bcad24929852 5123fd2262ca04ef1e588b87257991fe5c8df876 a7cd1bba025dd4dd612cbfd1641e4292152a04e2ebbf6af5bcd7b4a5eeefe037
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /wrhs/65e723d1323a15a62b64824a8d885bac/uxcore2.min.css HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; ClientId=1D38D54DA4AA42B489D2E1334826CB6B; OIDC=1; OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag; buid=0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_7KISNINyIoLSGH_WYFs3VcZF27NMbzhEVbal0jhawZuzBNH9LoxDuxxn0A2r1uw_DOrYwjz_Xls2QIzO3c4GhAD8r5jVWuyKTmEftq89ikgAA; fpc=Ahna59r_JqdFuwMtjwffy_WerOTJAQAAAFQf0N0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8aWZI_dYbanJlRaY5FqD7vjEESWiom4a7UPSAbDs2v_OZXGnkOSlf4Al810PHEm-J0nGBaGSS4RMAt6OYdkstIy1T8YZH8EzDuWYPodz7AeEmNMJMVUHodbqF4WXyjk3ofKUNSOrlEOtZc7EuUK85L-JHDvpNgGCyPDaHY9-dYscgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Accept-Ranges: bytes
Content-Encoding: br
ETag: "b2b4f015b4e7eb5a7730bcad24929852"
Last-Modified: Wed, 03 Jan 2024 22:00:31 GMT
Vary: Accept-Encoding
x-amz-id-2: RP2UcXvYeYqQrWReGW+luKCXKeapJxR8zaB92yHncaCnQcAszAxA5ipynxvoGLCT0Yq4myCG8ws=
x-amz-request-id: KP8P9N7G379F6RA4
x-amz-server-side-encryption: AES256
x-amz-version-id: hK0AYa.pD1smdrzkiw78Iqlw5RsZ6YGZ
Content-Length: 18600
Cache-Control: max-age=31536000
Date: Fri, 10 May 2024 13:59:50 GMT
Connection: close
Server-Timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1715349590377_34824380_160823439_20_1348_26_33_-";dur=1
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
|
|
| marvelcakemarvelcake.us/ux-assets/@ux/fonts/4.5.0/GDSherpa-vf4.woff2 | 5.230.73.190 | 200 OK | 103 kB |
URL GET HTTP/1.1marvelcakemarvelcake.us/ux-assets/@ux/fonts/4.5.0/GDSherpa-vf4.woff2 IP5.230.73.190:443
Requested byhttps://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 103388, version 1.0 Size103 kB (103388 bytes) Hashff3f79fc43d0bcfd04d8cac73f56d8c7 0854a53b94336710dc505a459c66dae72a73d6c7 07d6825e414a3a09444251ae7def1c796ed2fcefe9e1c0838adab86270d346fa
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /ux-assets/@ux/fonts/4.5.0/GDSherpa-vf4.woff2 HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; ClientId=1D38D54DA4AA42B489D2E1334826CB6B; OIDC=1; OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag; buid=0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_7KISNINyIoLSGH_WYFs3VcZF27NMbzhEVbal0jhawZuzBNH9LoxDuxxn0A2r1uw_DOrYwjz_Xls2QIzO3c4GhAD8r5jVWuyKTmEftq89ikgAA; fpc=Ahna59r_JqdFuwMtjwffy_WerOTJAQAAAFQf0N0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8aWZI_dYbanJlRaY5FqD7vjEESWiom4a7UPSAbDs2v_OZXGnkOSlf4Al810PHEm-J0nGBaGSS4RMAt6OYdkstIy1T8YZH8EzDuWYPodz7AeEmNMJMVUHodbqF4WXyjk3ofKUNSOrlEOtZc7EuUK85L-JHDvpNgGCyPDaHY9-dYscgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: 4RGIiMkez1uT6EG9sVgSJb6btAwqmFOW85T+iDeRLPBJ7YLyQMYJHSVO+yIl7XHMe9LQKHnzFF4eWmYNREiWMA==
x-amz-request-id: H9FKYDWK4PVWB3W1
Last-Modified: Thu, 15 Feb 2024 19:20:15 GMT
ETag: "ff3f79fc43d0bcfd04d8cac73f56d8c7"
x-amz-server-side-encryption: AES256
x-amz-version-id: gtDXqN6ljHBNqetR3srXwgG1vEcyDy8y
Accept-Ranges: bytes
Content-Type: font/woff2
Content-Length: 103388
Cache-Control: public, max-age=2592000
Date: Fri, 10 May 2024 13:59:50 GMT
Connection: close
Server-Timing: cdn-cache; desc=HIT, edge; dur=2, ak_p; desc="1715349590396_34824396_189603937_22_1787_27_40_-";dur=1
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
|
|
| marvelcakemarvelcake.us/ux-assets/@ux/fonts/4.5.0/GDSage-bold.woff2 | 5.230.73.190 | 200 OK | 40 kB |
URL GET HTTP/1.1marvelcakemarvelcake.us/ux-assets/@ux/fonts/4.5.0/GDSage-bold.woff2 IP5.230.73.190:443
Requested byhttps://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
File typeWeb Open Font Format (Version 2), CFF, length 40132, version 1.66 Hash162c9e176014c90e76618bd4b7a8a3f0 7fec64f1167b3086a533379a307f257eb777c129 89e3135e8430b71c9470eebafc1bb498233cdde661240a03d3e864fb59a890be
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /ux-assets/@ux/fonts/4.5.0/GDSage-bold.woff2 HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; ClientId=1D38D54DA4AA42B489D2E1334826CB6B; OIDC=1; OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag; buid=0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_7KISNINyIoLSGH_WYFs3VcZF27NMbzhEVbal0jhawZuzBNH9LoxDuxxn0A2r1uw_DOrYwjz_Xls2QIzO3c4GhAD8r5jVWuyKTmEftq89ikgAA; fpc=Ahna59r_JqdFuwMtjwffy_WerOTJAQAAAFQf0N0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8aWZI_dYbanJlRaY5FqD7vjEESWiom4a7UPSAbDs2v_OZXGnkOSlf4Al810PHEm-J0nGBaGSS4RMAt6OYdkstIy1T8YZH8EzDuWYPodz7AeEmNMJMVUHodbqF4WXyjk3ofKUNSOrlEOtZc7EuUK85L-JHDvpNgGCyPDaHY9-dYscgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: BsrwDfCkFGg869r0WLubmWMxcJtPGz81FFTfo2BwFnVOpIrtobTo199Ubpjgu9tQioTSKidzRfapCHh5eMzQig==
x-amz-request-id: H9FSXWH2NFWD1BGP
Last-Modified: Thu, 15 Feb 2024 19:20:15 GMT
ETag: "162c9e176014c90e76618bd4b7a8a3f0"
x-amz-server-side-encryption: AES256
x-amz-version-id: iHVT1MQFNAfNwelT_If4D_6XL.BVTLz.
Accept-Ranges: bytes
Content-Type: font/woff2
Content-Length: 40132
Cache-Control: public, max-age=2592000
Date: Fri, 10 May 2024 13:59:51 GMT
Connection: close
Server-Timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1715349591088_34824380_160823924_27_1715_26_120_-";dur=1
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
|
|
| marvelcakemarvelcake.us/ux-assets/@ux/fonts/4.5.0/GDSage-regular.woff2 | 5.230.73.190 | 200 OK | 39 kB |
URL GET HTTP/1.1marvelcakemarvelcake.us/ux-assets/@ux/fonts/4.5.0/GDSage-regular.woff2 IP5.230.73.190:443
Requested byhttps://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
File typeWeb Open Font Format (Version 2), CFF, length 38559, version 1.66 Hash65bd0f4edeaa0e243cdca23ec72a5ae6 a94449be1a5531fc7970bd8688a93f08ecde68ad 400d3e1ebc917911020d89b505933e1816e138f4163d71575a707f93b6cc302f
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /ux-assets/@ux/fonts/4.5.0/GDSage-regular.woff2 HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; ClientId=1D38D54DA4AA42B489D2E1334826CB6B; OIDC=1; OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag; buid=0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_7KISNINyIoLSGH_WYFs3VcZF27NMbzhEVbal0jhawZuzBNH9LoxDuxxn0A2r1uw_DOrYwjz_Xls2QIzO3c4GhAD8r5jVWuyKTmEftq89ikgAA; fpc=Ahna59r_JqdFuwMtjwffy_WerOTJAQAAAFQf0N0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8aWZI_dYbanJlRaY5FqD7vjEESWiom4a7UPSAbDs2v_OZXGnkOSlf4Al810PHEm-J0nGBaGSS4RMAt6OYdkstIy1T8YZH8EzDuWYPodz7AeEmNMJMVUHodbqF4WXyjk3ofKUNSOrlEOtZc7EuUK85L-JHDvpNgGCyPDaHY9-dYscgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: rmUbm9kF/09TRoD6PtVxGcjoZFNN+E4/Pj7dZbBK1WqqDoWMw7zgr7TmFyyzPXvfGIdoRem5UpM=
x-amz-request-id: H9FH5PC2N6WFT6DT
Last-Modified: Thu, 15 Feb 2024 19:20:15 GMT
ETag: "65bd0f4edeaa0e243cdca23ec72a5ae6"
x-amz-server-side-encryption: AES256
x-amz-version-id: dCoH6yD4MUvPT0SEiulwN8LbovYUHGnt
Accept-Ranges: bytes
Content-Type: font/woff2
Content-Length: 38559
Cache-Control: public, max-age=2592000
Date: Fri, 10 May 2024 13:59:51 GMT
Connection: close
Server-Timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1715349591641_34824380_160824263_25_1549_26_47_-";dur=1
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
|
|
| marvelcakemarvelcake.us/wrhs-next/e7f82d9a309ba3cd2d3ed91c2f600423/utility-header.css | 5.230.73.190 | 200 OK | 14 kB |
URL GET HTTP/1.1marvelcakemarvelcake.us/wrhs-next/e7f82d9a309ba3cd2d3ed91c2f600423/utility-header.css IP5.230.73.190:443
Requested byhttps://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
File typeASCII text, with very long lines (65536), with no line terminators Hashe7f82d9a309ba3cd2d3ed91c2f600423 337ab504a501ac44df7e95a0b84069abfed434fe a7906df2b698f34d2940441e65f3283f42d34735ecc66c7218cbb568cdf3bce6
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /wrhs-next/e7f82d9a309ba3cd2d3ed91c2f600423/utility-header.css HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; ClientId=1D38D54DA4AA42B489D2E1334826CB6B; OIDC=1; OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag; buid=0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_7KISNINyIoLSGH_WYFs3VcZF27NMbzhEVbal0jhawZuzBNH9LoxDuxxn0A2r1uw_DOrYwjz_Xls2QIzO3c4GhAD8r5jVWuyKTmEftq89ikgAA; fpc=Ahna59r_JqdFuwMtjwffy_WerOTJAQAAAFQf0N0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8aWZI_dYbanJlRaY5FqD7vjEESWiom4a7UPSAbDs2v_OZXGnkOSlf4Al810PHEm-J0nGBaGSS4RMAt6OYdkstIy1T8YZH8EzDuWYPodz7AeEmNMJMVUHodbqF4WXyjk3ofKUNSOrlEOtZc7EuUK85L-JHDvpNgGCyPDaHY9-dYscgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Accept-Ranges: bytes
Content-Encoding: br
ETag: "e7f82d9a309ba3cd2d3ed91c2f600423"
Last-Modified: Tue, 23 Apr 2024 20:06:34 GMT
Vary: Accept-Encoding
x-amz-id-2: l7QCUgMH28rXfO1Bj2OP01VwyniH8pOefOadCBa6fB3WIaKFlxg7lzseGESMlSTOPQqj+kToYSo=
x-amz-request-id: KHBGBBYB89MSMMEW
x-amz-server-side-encryption: AES256
x-amz-version-id: aEeWLKjzKGgiXKcPjA9jDHoD50BNkdXU
Content-Length: 14303
Cache-Control: max-age=31536000
Date: Fri, 10 May 2024 13:59:51 GMT
Connection: close
Server-Timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1715349591717_34824396_189605046_21_1887_26_104_-";dur=1
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
|
|
| marvelcakemarvelcake.us/hivemind/hivemind-3.1.0.js | 5.230.73.190 | | 0 B |
URL GET marvelcakemarvelcake.us/hivemind/hivemind-3.1.0.js IP5.230.73.190:0
Requested byhttps://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /hivemind/hivemind-3.1.0.js HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; ClientId=1D38D54DA4AA42B489D2E1334826CB6B; OIDC=1; OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag; buid=0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_7KISNINyIoLSGH_WYFs3VcZF27NMbzhEVbal0jhawZuzBNH9LoxDuxxn0A2r1uw_DOrYwjz_Xls2QIzO3c4GhAD8r5jVWuyKTmEftq89ikgAA; fpc=Ahna59r_JqdFuwMtjwffy_WerOTJAQAAAFQf0N0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8aWZI_dYbanJlRaY5FqD7vjEESWiom4a7UPSAbDs2v_OZXGnkOSlf4Al810PHEm-J0nGBaGSS4RMAt6OYdkstIy1T8YZH8EzDuWYPodz7AeEmNMJMVUHodbqF4WXyjk3ofKUNSOrlEOtZc7EuUK85L-JHDvpNgGCyPDaHY9-dYscgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=utf-8
Content-Length: 0
Server: envoy
Location: https://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly93d3cuZ29kYWRkeS5jb20vZ29kYWRkeS00MDQ=
x-request-id: 51a1f789-d50d-9afa-b166-d6c0fff07910
x-amzn-trace-id: Root=1-663e285c-61b9bc0753376e8d16f88955
apm-trace-id: 310ecea794f72ae75e14515259e8a185
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Vary: Accept-Language
Content-Language: en_US
x-envoy-upstream-service-time: 18
Expires: Fri, 10 May 2024 13:59:56 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 10 May 2024 13:59:56 GMT
Connection: close
|
|
| marvelcakemarvelcake.us/149e9513-01fa-4fb0-aad4-566afd725d1b/2d206a39-8ed7-437e-a3be-862e0f06eea3/p.js | 5.230.73.190 | 200 OK | 70 kB |
URL GET HTTP/1.1marvelcakemarvelcake.us/149e9513-01fa-4fb0-aad4-566afd725d1b/2d206a39-8ed7-437e-a3be-862e0f06eea3/p.js IP5.230.73.190:443
Requested byhttps://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hashb461e1fe6fd4dd3ca04b758d865b3ad6 c739d943aaeb783d2edbd1fb10ab3f1a701e9810 cb987e0696339ce11e97883c46013a7d795f5f576bc0bcb427012146705f425d
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /149e9513-01fa-4fb0-aad4-566afd725d1b/2d206a39-8ed7-437e-a3be-862e0f06eea3/p.js HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; ClientId=1D38D54DA4AA42B489D2E1334826CB6B; OIDC=1; OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag; buid=0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_7KISNINyIoLSGH_WYFs3VcZF27NMbzhEVbal0jhawZuzBNH9LoxDuxxn0A2r1uw_DOrYwjz_Xls2QIzO3c4GhAD8r5jVWuyKTmEftq89ikgAA; fpc=Ahna59r_JqdFuwMtjwffy_WerOTJAQAAAFQf0N0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8aWZI_dYbanJlRaY5FqD7vjEESWiom4a7UPSAbDs2v_OZXGnkOSlf4Al810PHEm-J0nGBaGSS4RMAt6OYdkstIy1T8YZH8EzDuWYPodz7AeEmNMJMVUHodbqF4WXyjk3ofKUNSOrlEOtZc7EuUK85L-JHDvpNgGCyPDaHY9-dYscgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
content-length: 217589
Content-Encoding: br
ETag: 5a0e46117a4d40bd943c56fef1d629f73e2c5d1a-+PH6+WrvmSW6ElFovJ4YjZ+kUlk=-Mj90VmeMSdq4D2Rx+lHbXSzOfEw=-U86/Nk/jE5ss+7l1ZEfWbVdXOOQ=
Last-Modified: Fri, 10 May 2024 12:39:41 GMT
Access-Control-Expose-Headers: x-kpsdk-ct,x-kpsdk-r,x-kpsdk-c
x-envoy-upstream-service-time: 5
Server: envoy
Cache-Control: public, max-age=52
Expires: Fri, 10 May 2024 14:00:43 GMT
Date: Fri, 10 May 2024 13:59:51 GMT
Connection: close
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|
| marvelcakemarvelcake.us/ux-assets/@ux/fonts/4.5.0/GDSherpa-vf4.woff2 | 5.230.73.190 | 200 OK | 103 kB |
URL GET HTTP/1.1marvelcakemarvelcake.us/ux-assets/@ux/fonts/4.5.0/GDSherpa-vf4.woff2 IP5.230.73.190:443
Requested byhttps://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 103388, version 1.0 Size103 kB (103388 bytes) Hashff3f79fc43d0bcfd04d8cac73f56d8c7 0854a53b94336710dc505a459c66dae72a73d6c7 07d6825e414a3a09444251ae7def1c796ed2fcefe9e1c0838adab86270d346fa
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /ux-assets/@ux/fonts/4.5.0/GDSherpa-vf4.woff2 HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; ClientId=1D38D54DA4AA42B489D2E1334826CB6B; OIDC=1; OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag; buid=0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_7KISNINyIoLSGH_WYFs3VcZF27NMbzhEVbal0jhawZuzBNH9LoxDuxxn0A2r1uw_DOrYwjz_Xls2QIzO3c4GhAD8r5jVWuyKTmEftq89ikgAA; fpc=Ahna59r_JqdFuwMtjwffy_WerOTJAQAAAFQf0N0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8aWZI_dYbanJlRaY5FqD7vjEESWiom4a7UPSAbDs2v_OZXGnkOSlf4Al810PHEm-J0nGBaGSS4RMAt6OYdkstIy1T8YZH8EzDuWYPodz7AeEmNMJMVUHodbqF4WXyjk3ofKUNSOrlEOtZc7EuUK85L-JHDvpNgGCyPDaHY9-dYscgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: 4RGIiMkez1uT6EG9sVgSJb6btAwqmFOW85T+iDeRLPBJ7YLyQMYJHSVO+yIl7XHMe9LQKHnzFF4eWmYNREiWMA==
x-amz-request-id: H9FKYDWK4PVWB3W1
Last-Modified: Thu, 15 Feb 2024 19:20:15 GMT
ETag: "ff3f79fc43d0bcfd04d8cac73f56d8c7"
x-amz-server-side-encryption: AES256
x-amz-version-id: gtDXqN6ljHBNqetR3srXwgG1vEcyDy8y
Accept-Ranges: bytes
Content-Type: font/woff2
Content-Length: 103388
Cache-Control: public, max-age=2592000
Date: Fri, 10 May 2024 13:59:56 GMT
Connection: close
Server-Timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1715349596754_386904628_711537602_26_1322_29_51_-";dur=1
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
|
|
| marvelcakemarvelcake.us/de-de/godaddy-404 | 5.230.73.190 | | 0 B |
URL GET marvelcakemarvelcake.us/de-de/godaddy-404 IP5.230.73.190:0
Requested byhttps://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /de-de/godaddy-404 HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; ClientId=1D38D54DA4AA42B489D2E1334826CB6B; OIDC=1; OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag; buid=0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_7KISNINyIoLSGH_WYFs3VcZF27NMbzhEVbal0jhawZuzBNH9LoxDuxxn0A2r1uw_DOrYwjz_Xls2QIzO3c4GhAD8r5jVWuyKTmEftq89ikgAA; fpc=Ahna59r_JqdFuwMtjwffy_WerOTJAQAAAFQf0N0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8aWZI_dYbanJlRaY5FqD7vjEESWiom4a7UPSAbDs2v_OZXGnkOSlf4Al810PHEm-J0nGBaGSS4RMAt6OYdkstIy1T8YZH8EzDuWYPodz7AeEmNMJMVUHodbqF4WXyjk3ofKUNSOrlEOtZc7EuUK85L-JHDvpNgGCyPDaHY9-dYscgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=utf-8
Content-Length: 0
Server: envoy
Location: https://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly93d3cuZ29kYWRkeS5jb20vZ29kYWRkeS00MDQ=
x-request-id: 7990bf27-1829-9f6a-81dd-3733372ad599
x-amzn-trace-id: Root=1-663e285d-035423226ef7c4e112f05c09
apm-trace-id: d5c645225427a952b80708bc3090dfcd
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Vary: Accept-Language
Content-Language: en_US
x-envoy-upstream-service-time: 7
Expires: Fri, 10 May 2024 13:59:57 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 10 May 2024 13:59:57 GMT
Connection: close
|
|
| marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly93d3cuZ29kYWRkeS5jb20vZ29kYWRkeS00MDQ= | 5.230.73.190 | | 0 B |
URL GET marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly93d3cuZ29kYWRkeS5jb20vZ29kYWRkeS00MDQ= IP5.230.73.190:0
Requested byhttps://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /?2a24qc746=aHR0cHM6Ly93d3cuZ29kYWRkeS5jb20vZ29kYWRkeS00MDQ= HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; ClientId=1D38D54DA4AA42B489D2E1334826CB6B; OIDC=1; OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag; buid=0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_7KISNINyIoLSGH_WYFs3VcZF27NMbzhEVbal0jhawZuzBNH9LoxDuxxn0A2r1uw_DOrYwjz_Xls2QIzO3c4GhAD8r5jVWuyKTmEftq89ikgAA; fpc=Ahna59r_JqdFuwMtjwffy_WerOTJAQAAAFQf0N0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8aWZI_dYbanJlRaY5FqD7vjEESWiom4a7UPSAbDs2v_OZXGnkOSlf4Al810PHEm-J0nGBaGSS4RMAt6OYdkstIy1T8YZH8EzDuWYPodz7AeEmNMJMVUHodbqF4WXyjk3ofKUNSOrlEOtZc7EuUK85L-JHDvpNgGCyPDaHY9-dYscgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: https://marvelcakemarvelcake.us/de-de/godaddy-404
Date: Fri, 10 May 2024 13:59:57 GMT
Connection: close
Set-Cookie: market=de-DE; expires=Sat, 10-May-2025 13:59:57 GMT; path=/; domain=marvelcakemarvelcake.us
_abck=837B51A6D3FCA58C24FCA1B0090BF0EC~-1~YAAQs3sTAqAL5UyPAQAAIa7NYgtl7zMUi/ubHvtDf7q/4mcNTnvXQFguSEB/hI6KHY1Hf8ythuc5p4s3TRN8mhgkJeUgIA8OHVnWham2aZm15NMgqVx5gaZWrO86CqHlTIaIEiBub5DAWbjNzGSVbO5REY3bMpgS/PqA5qijyYOZe+di0Ram0gChWbEOd8l13xhLPYvjmEJJoHh7GeqRs13f3JcGytRin+DZOPsWn0YnqtOPwriKFDemEKnTeIBtJioQ72WSQoHOdx52ZipRsuggpVL78yiqhX2fq/V6FGAxOV38C9FATnrk41fPE7U2SwlX9QtChOhvjtgjiDOBefpdP0pV6dQhiUeq8HMm7npePT04bP6cyAlfiaQ1wztRc4HX9zSnPg==~-1~-1~-1; Domain=marvelcakemarvelcake.us; Path=/; Expires=Sat, 10 May 2025 13:59:57 GMT; Max-Age=31536000; Secure
bm_sz=1C5B37DE1C4592828F982E4FF18D4B71~YAAQs3sTAqEL5UyPAQAAIa7NYhfujBdG1Jvx0pdXZqNLctH69GgqQTuwmw+TIDCEeTarhwQZiMdPqvOphNlN9QHL51WLg9GUpMNBN7yjx9T/mptrIkAvpbov52E8DEb5uYwWA1noC3+HtuqsCsuaT25cLe98SfyhACReZ//IWeKkHpItOdyPK0yncGDhidmCaKY2F5cJysParzbiVeQtOAlHksysKP3XPbsaDmJN/Yir8bR62I2Qlo91rcHV7+dZkLzw3cPkvtiigUkAgkMKZeus4sQqLxViZkwRs/7BndevtpA41zk8K43c8rLtF3uzwCwiAvvxYH8NEkYYEzHes2k9uh2jPlf0aXj5ne0=~4340034~4403510; Domain=marvelcakemarvelcake.us; Path=/; Expires=Fri, 10 May 2024 17:59:57 GMT; Max-Age=14400
X-ORIGIN-TAG: frontdoor
X-ARC: 2, 6a
Server-Timing: ak_p; desc="1715349597670_34831283_299195056_17_19357_37_38_-";dur=1
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|
| marvelcakemarvelcake.us/de-de/godaddy-404 | 5.230.73.190 | | 0 B |
URL GET marvelcakemarvelcake.us/de-de/godaddy-404 IP5.230.73.190:0
Requested byhttps://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /de-de/godaddy-404 HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; ClientId=1D38D54DA4AA42B489D2E1334826CB6B; OIDC=1; OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag; buid=0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_7KISNINyIoLSGH_WYFs3VcZF27NMbzhEVbal0jhawZuzBNH9LoxDuxxn0A2r1uw_DOrYwjz_Xls2QIzO3c4GhAD8r5jVWuyKTmEftq89ikgAA; fpc=Ahna59r_JqdFuwMtjwffy_WerOTJAQAAAFQf0N0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8aWZI_dYbanJlRaY5FqD7vjEESWiom4a7UPSAbDs2v_OZXGnkOSlf4Al810PHEm-J0nGBaGSS4RMAt6OYdkstIy1T8YZH8EzDuWYPodz7AeEmNMJMVUHodbqF4WXyjk3ofKUNSOrlEOtZc7EuUK85L-JHDvpNgGCyPDaHY9-dYscgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=utf-8
Content-Length: 0
Server: envoy
Location: https://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly93d3cuZ29kYWRkeS5jb20vZ29kYWRkeS00MDQ=
x-request-id: 2201f3aa-d203-9b6a-ac67-58a823a489f4
x-amzn-trace-id: Root=1-663e285e-4488917c3b43e0ee78e0698f
apm-trace-id: c0955d6e484c069026a6aff1e8439c88
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Vary: Accept-Language
Content-Language: en_US
x-envoy-upstream-service-time: 7
Expires: Fri, 10 May 2024 13:59:58 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 10 May 2024 13:59:58 GMT
Connection: close
|
|
| marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly93d3cuZ29kYWRkeS5jb20vZ29kYWRkeS00MDQ= | 5.230.73.190 | | 0 B |
URL GET marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly93d3cuZ29kYWRkeS5jb20vZ29kYWRkeS00MDQ= IP5.230.73.190:0
Requested byhttps://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /?2a24qc746=aHR0cHM6Ly93d3cuZ29kYWRkeS5jb20vZ29kYWRkeS00MDQ= HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; ClientId=1D38D54DA4AA42B489D2E1334826CB6B; OIDC=1; OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag; buid=0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_7KISNINyIoLSGH_WYFs3VcZF27NMbzhEVbal0jhawZuzBNH9LoxDuxxn0A2r1uw_DOrYwjz_Xls2QIzO3c4GhAD8r5jVWuyKTmEftq89ikgAA; fpc=Ahna59r_JqdFuwMtjwffy_WerOTJAQAAAFQf0N0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8aWZI_dYbanJlRaY5FqD7vjEESWiom4a7UPSAbDs2v_OZXGnkOSlf4Al810PHEm-J0nGBaGSS4RMAt6OYdkstIy1T8YZH8EzDuWYPodz7AeEmNMJMVUHodbqF4WXyjk3ofKUNSOrlEOtZc7EuUK85L-JHDvpNgGCyPDaHY9-dYscgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: https://marvelcakemarvelcake.us/de-de/godaddy-404
Date: Fri, 10 May 2024 13:59:58 GMT
Connection: close
Set-Cookie: market=de-DE; expires=Sat, 10-May-2025 13:59:58 GMT; path=/; domain=marvelcakemarvelcake.us
_abck=7D3EABA92F7AC351BF3E4CC4102A47CA~-1~YAAQs3sTAqQL5UyPAQAA27DNYgt7d8Ua2s+WqrAPNFUW6rGRcvC8Vyn3FHmbUviEAXWJuB0LuQcFBhIbD6jP/WV2QL5N9I+1TPAUL5UceIoPGb9tGUPF81ZsGcTujkba+5C34msLSmxA+sU4YmajxMrAetn64MgZXUHNX5/M4bbjqQhY+jSPI/Estjd7njc7T7Yn18/X65iTNxSMkUdvWRe6G7SiWkw2P25oaK8633MghH4ks6RZW+g0XIKiixQg4NULcZWDzwh7HwLrfxbbnFAwJB77eRY0hdC9tBE4ylnl6tSp/fTpMMRyt1zx6ngpsS2ZRBnhpUnIS6ilq5Zjm4x/xvsm5ug5y3BJtmvCLXOiILhRmerSCXqsPiTQkxrjAr5MO3yMtw==~-1~-1~-1; Domain=marvelcakemarvelcake.us; Path=/; Expires=Sat, 10 May 2025 13:59:58 GMT; Max-Age=31536000; Secure
bm_sz=F29CBA80F891B14E9D177DB47E965F8C~YAAQs3sTAqUL5UyPAQAA27DNYhdSXUf3S/G0REPd7/pe0if3VVXQw76ZPfCg6cjCNWux3wjgAmEoV1kzWmV1NwtStHjboGgkIINbauRu76Ukwg+XDV90UwAWBdAu0jDqMYXHje41DazJGarc+Dc5yqvgdf00Na0y0DdCIfiVUcrq8JBZ/5ExSF9NvCOEnEZfB2bjg3AzPBdI/mx1rXvVIISdH6DJr+/ezcLQCJLOjUpixa91PTj/UdLNkX50Q/vSDI7czzNRwnb7A9ij6VpSSGSc/XkJnx+NZt5yLx8l16niNaMNWSoyjIoxBeQQImJHOANIq6kTqpoS5XwxS8LmKtirOa1RpjDY8zPsJjw=~3224390~4274502; Domain=marvelcakemarvelcake.us; Path=/; Expires=Fri, 10 May 2024 17:59:58 GMT; Max-Age=14400
X-ORIGIN-TAG: frontdoor
X-ARC: 2, 6a
Server-Timing: ak_p; desc="1715349598375_34831283_299195508_19_21591_28_30_-";dur=1
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|
| marvelcakemarvelcake.us/de-de/godaddy-404 | 5.230.73.190 | | 0 B |
URL GET marvelcakemarvelcake.us/de-de/godaddy-404 IP5.230.73.190:0
Requested byhttps://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /de-de/godaddy-404 HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; ClientId=1D38D54DA4AA42B489D2E1334826CB6B; OIDC=1; OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag; buid=0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_7KISNINyIoLSGH_WYFs3VcZF27NMbzhEVbal0jhawZuzBNH9LoxDuxxn0A2r1uw_DOrYwjz_Xls2QIzO3c4GhAD8r5jVWuyKTmEftq89ikgAA; fpc=Ahna59r_JqdFuwMtjwffy_WerOTJAQAAAFQf0N0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8aWZI_dYbanJlRaY5FqD7vjEESWiom4a7UPSAbDs2v_OZXGnkOSlf4Al810PHEm-J0nGBaGSS4RMAt6OYdkstIy1T8YZH8EzDuWYPodz7AeEmNMJMVUHodbqF4WXyjk3ofKUNSOrlEOtZc7EuUK85L-JHDvpNgGCyPDaHY9-dYscgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=utf-8
Content-Length: 0
Server: envoy
Location: https://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly93d3cuZ29kYWRkeS5jb20vZ29kYWRkeS00MDQ=
x-request-id: 414d3234-e2fa-9bfa-be7b-5fd0187ce600
x-amzn-trace-id: Root=1-663e285e-0f60bce26fdeb122460d75f9
apm-trace-id: ca49a2fcc66ac954a7f5c6c260ccf048
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Vary: Accept-Language
Content-Language: en_US
x-envoy-upstream-service-time: 7
Expires: Fri, 10 May 2024 13:59:58 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 10 May 2024 13:59:58 GMT
Connection: close
|
|
| marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly93d3cuZ29kYWRkeS5jb20vZ29kYWRkeS00MDQ= | 5.230.73.190 | | 0 B |
URL GET marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly93d3cuZ29kYWRkeS5jb20vZ29kYWRkeS00MDQ= IP5.230.73.190:0
Requested byhttps://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /?2a24qc746=aHR0cHM6Ly93d3cuZ29kYWRkeS5jb20vZ29kYWRkeS00MDQ= HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; ClientId=1D38D54DA4AA42B489D2E1334826CB6B; OIDC=1; OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag; buid=0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_7KISNINyIoLSGH_WYFs3VcZF27NMbzhEVbal0jhawZuzBNH9LoxDuxxn0A2r1uw_DOrYwjz_Xls2QIzO3c4GhAD8r5jVWuyKTmEftq89ikgAA; fpc=Ahna59r_JqdFuwMtjwffy_WerOTJAQAAAFQf0N0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8aWZI_dYbanJlRaY5FqD7vjEESWiom4a7UPSAbDs2v_OZXGnkOSlf4Al810PHEm-J0nGBaGSS4RMAt6OYdkstIy1T8YZH8EzDuWYPodz7AeEmNMJMVUHodbqF4WXyjk3ofKUNSOrlEOtZc7EuUK85L-JHDvpNgGCyPDaHY9-dYscgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: https://marvelcakemarvelcake.us/de-de/godaddy-404
Date: Fri, 10 May 2024 13:59:59 GMT
Connection: close
Set-Cookie: market=de-DE; expires=Sat, 10-May-2025 13:59:59 GMT; path=/; domain=marvelcakemarvelcake.us
_abck=6F5EB52AC41A792C787C82B5C4191E61~-1~YAAQs3sTAqgL5UyPAQAAW7PNYgtTIopof771XP+triTpr0dZ8jq2er+9D7zJDh3CXnqe50KH/oguuLB6cIVWgZ9f1eCFmRJbww8O66ZHkKb1M1d4xhOhfgZ16hDkSUhyMC523XHyCsrjAv3oolT5z/7F5kpX43sj+jxPJmWyK6qEM9ZJrVQUi2r5FaxepQ5lJSUDNb/Dj4CosEt8HI0vrLDRN3OxETASn9AZckrZ6aqI1qzgpxqsMKk6WRMq9OLbyeHEfngiWusNFLZe2s7YMbqcxJHDpzu86ug0DbPHgR2rvLuE+V/9y89IGaxAzpEw6J+J/02Vw2l4BtXmNZuge2PX8Iosjwtj0+expgC2HkCSHW5ox1W8Dse/EnlkWL4nVRWrFWCWZA==~-1~-1~-1; Domain=marvelcakemarvelcake.us; Path=/; Expires=Sat, 10 May 2025 13:59:59 GMT; Max-Age=31536000; Secure
bm_sz=C0A3C15B01192095790B8EBBCE2B6C4E~YAAQs3sTAqkL5UyPAQAAW7PNYhd/Cg/YwrzBYZJHx2Hm0V65n3QePpIgOsMjnL5kyMrrykf6f00pV51IhlR9UjBcQTCo6eUgch8W7faVCgDayWfaZ0WkM8JdhSam0lbQhF6mu27+9NAvGfuJ5x88whl72CwOc5gPrUgic1S56vZ1nZpVJh3nY+Uz0u8gpESK5j7E+XQw99cGnz7MP5M0cX/WEB7ZPKKs+hv6S9qDnCuTP3DbpyGvQI7ipnLJDUljlgW4qbozo0Q7j5/PNjaK2EiFlLkujUx5yUaX2buTNYKcyfPxZ7XeJRFDboWkAbmJ3GsCn8tCBv81EUpBGKKzYgMA0FzUgsnZ3zi2c9o=~3160119~3425078; Domain=marvelcakemarvelcake.us; Path=/; Expires=Fri, 10 May 2024 17:59:59 GMT; Max-Age=14400
X-ORIGIN-TAG: frontdoor
X-ARC: 2, 6a
Server-Timing: ak_p; desc="1715349599011_34831283_299195886_23_20953_29_34_-";dur=1
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|
| marvelcakemarvelcake.us/de-de/godaddy-404 | 5.230.73.190 | | 0 B |
URL GET marvelcakemarvelcake.us/de-de/godaddy-404 IP5.230.73.190:0
Requested byhttps://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /de-de/godaddy-404 HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; ClientId=1D38D54DA4AA42B489D2E1334826CB6B; OIDC=1; OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag; buid=0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_7KISNINyIoLSGH_WYFs3VcZF27NMbzhEVbal0jhawZuzBNH9LoxDuxxn0A2r1uw_DOrYwjz_Xls2QIzO3c4GhAD8r5jVWuyKTmEftq89ikgAA; fpc=Ahna59r_JqdFuwMtjwffy_WerOTJAQAAAFQf0N0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8aWZI_dYbanJlRaY5FqD7vjEESWiom4a7UPSAbDs2v_OZXGnkOSlf4Al810PHEm-J0nGBaGSS4RMAt6OYdkstIy1T8YZH8EzDuWYPodz7AeEmNMJMVUHodbqF4WXyjk3ofKUNSOrlEOtZc7EuUK85L-JHDvpNgGCyPDaHY9-dYscgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=utf-8
Content-Length: 0
Server: envoy
Location: https://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly93d3cuZ29kYWRkeS5jb20vZ29kYWRkeS00MDQ=
x-request-id: 336f7c3c-2da6-93c7-bb43-32609f90d0bf
x-amzn-trace-id: Root=1-663e285f-6481ef11278ae78e41814eb9
apm-trace-id: aca688300b92cefa0bfec1aaa1c9cb99
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Vary: Accept-Language
Content-Language: en_US
x-envoy-upstream-service-time: 6
Expires: Fri, 10 May 2024 13:59:59 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 10 May 2024 13:59:59 GMT
Connection: close
|
|
| marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly93d3cuZ29kYWRkeS5jb20vZ29kYWRkeS00MDQ= | 5.230.73.190 | | 0 B |
URL GET marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly93d3cuZ29kYWRkeS5jb20vZ29kYWRkeS00MDQ= IP5.230.73.190:0
Requested byhttps://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /?2a24qc746=aHR0cHM6Ly93d3cuZ29kYWRkeS5jb20vZ29kYWRkeS00MDQ= HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; ClientId=1D38D54DA4AA42B489D2E1334826CB6B; OIDC=1; OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag; buid=0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_7KISNINyIoLSGH_WYFs3VcZF27NMbzhEVbal0jhawZuzBNH9LoxDuxxn0A2r1uw_DOrYwjz_Xls2QIzO3c4GhAD8r5jVWuyKTmEftq89ikgAA; fpc=Ahna59r_JqdFuwMtjwffy_WerOTJAQAAAFQf0N0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8aWZI_dYbanJlRaY5FqD7vjEESWiom4a7UPSAbDs2v_OZXGnkOSlf4Al810PHEm-J0nGBaGSS4RMAt6OYdkstIy1T8YZH8EzDuWYPodz7AeEmNMJMVUHodbqF4WXyjk3ofKUNSOrlEOtZc7EuUK85L-JHDvpNgGCyPDaHY9-dYscgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: https://marvelcakemarvelcake.us/de-de/godaddy-404
Date: Fri, 10 May 2024 13:59:59 GMT
Connection: close
Set-Cookie: market=de-DE; expires=Sat, 10-May-2025 13:59:59 GMT; path=/; domain=marvelcakemarvelcake.us
_abck=367B06A5896BDD6DC0B6122CFC0D6203~-1~YAAQs3sTAqsL5UyPAQAAkrbNYgs+zPZbDRhSVxQWeKHjG/DkCiJq4ISNkmGYBMmApC9/z2rKz9hdp0PIALP3ehJPLt4VGjgqxMGBCPS7ivRNFt7N7VOfBkK5Ax/DJU0/0AqAalH8o2KHtQcQXRPFAcyGsZFukEh1KUhdwk47k+3zbiVTcEWMR2r5O73pqavj5VUyJrIGbs2/gl4qTbltu7aVEzFcaQoih7bt+q8aQqijAa7TAZncjEqwURlYJSCYe9LHH/y3OrhCZNLC1Nj94MxrPX8L0rgFRzJKM49lFhioKn5bfqK59nHx8Mdi1/9LsRSC/x2ekdLL/m7aKiJBn4pmbUPS79nuJK0TOeBwVODO0ix6zC58AbI/QLLDe6I7AcRF3AC81w==~-1~-1~-1; Domain=marvelcakemarvelcake.us; Path=/; Expires=Sat, 10 May 2025 13:59:59 GMT; Max-Age=31536000; Secure
bm_sz=7A2982E03F6C08A78DFFF32BEC9D0419~YAAQs3sTAqwL5UyPAQAAkrbNYhdsNDTniTdGO3bo4gBi9t2dmx2fawJ9Jbs1CUBwIKRaA2lmp7l9JX59do8Y0v2+oTAHI5eF2bdQSYXsTX34sq9zpyBEq7B1G28fJMTNYObDdG4WRbDEZNCaEeUpJWeWHEG7XJiGgg0tUoNF0v0iLXWDk5pwgZnulF1PJVs1aNJOYlhPRJ1nQzKgqe5ZaGUGvnebDT9TO+jRFDwMJSrcAK5pG44nkvIkTQAwTFBHTFXEq9FNNauAjVSF555CocNxaBz+iPSl5jZUiqwRwQjCQQ7/XQ9Mp9UbtIdXbeSStRMc4kCRscXB7yvjY5mi2JSXUVqEUkm54X4iQdY=~3160119~3425078; Domain=marvelcakemarvelcake.us; Path=/; Expires=Fri, 10 May 2024 17:59:59 GMT; Max-Age=14400
X-ORIGIN-TAG: frontdoor
X-ARC: 2, 6a
Server-Timing: ak_p; desc="1715349599830_34831283_299196336_18_20738_37_38_-";dur=1
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|
| marvelcakemarvelcake.us/de-de/godaddy-404 | 5.230.73.190 | | 0 B |
URL GET marvelcakemarvelcake.us/de-de/godaddy-404 IP5.230.73.190:0
Requested byhttps://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /de-de/godaddy-404 HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; ClientId=1D38D54DA4AA42B489D2E1334826CB6B; OIDC=1; OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag; buid=0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_7KISNINyIoLSGH_WYFs3VcZF27NMbzhEVbal0jhawZuzBNH9LoxDuxxn0A2r1uw_DOrYwjz_Xls2QIzO3c4GhAD8r5jVWuyKTmEftq89ikgAA; fpc=Ahna59r_JqdFuwMtjwffy_WerOTJAQAAAFQf0N0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8aWZI_dYbanJlRaY5FqD7vjEESWiom4a7UPSAbDs2v_OZXGnkOSlf4Al810PHEm-J0nGBaGSS4RMAt6OYdkstIy1T8YZH8EzDuWYPodz7AeEmNMJMVUHodbqF4WXyjk3ofKUNSOrlEOtZc7EuUK85L-JHDvpNgGCyPDaHY9-dYscgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=utf-8
Content-Length: 0
Server: envoy
Location: https://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly93d3cuZ29kYWRkeS5jb20vZ29kYWRkeS00MDQ=
x-request-id: ebae0904-c9fb-9a72-91fb-9072ce44c202
x-amzn-trace-id: Root=1-663e2860-2e706e7235d407320f376cc6
apm-trace-id: 5d341deb24c5b40fb1026a289dc6f13d
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Vary: Accept-Language
Content-Language: en_US
x-envoy-upstream-service-time: 8
Expires: Fri, 10 May 2024 14:00:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 10 May 2024 14:00:00 GMT
Connection: close
|
|
| marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly93d3cuZ29kYWRkeS5jb20vZ29kYWRkeS00MDQ= | 5.230.73.190 | | 0 B |
URL GET marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly93d3cuZ29kYWRkeS5jb20vZ29kYWRkeS00MDQ= IP5.230.73.190:0
Requested byhttps://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /?2a24qc746=aHR0cHM6Ly93d3cuZ29kYWRkeS5jb20vZ29kYWRkeS00MDQ= HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; ClientId=1D38D54DA4AA42B489D2E1334826CB6B; OIDC=1; OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag; buid=0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_7KISNINyIoLSGH_WYFs3VcZF27NMbzhEVbal0jhawZuzBNH9LoxDuxxn0A2r1uw_DOrYwjz_Xls2QIzO3c4GhAD8r5jVWuyKTmEftq89ikgAA; fpc=Ahna59r_JqdFuwMtjwffy_WerOTJAQAAAFQf0N0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8aWZI_dYbanJlRaY5FqD7vjEESWiom4a7UPSAbDs2v_OZXGnkOSlf4Al810PHEm-J0nGBaGSS4RMAt6OYdkstIy1T8YZH8EzDuWYPodz7AeEmNMJMVUHodbqF4WXyjk3ofKUNSOrlEOtZc7EuUK85L-JHDvpNgGCyPDaHY9-dYscgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: https://marvelcakemarvelcake.us/de-de/godaddy-404
Date: Fri, 10 May 2024 14:00:00 GMT
Connection: close
Set-Cookie: market=de-DE; expires=Sat, 10-May-2025 14:00:00 GMT; path=/; domain=marvelcakemarvelcake.us
_abck=CD89A538D1E1389D54DAD8316D6B5645~-1~YAAQs3sTAq0L5UyPAQAAgLnNYgtJrkD33GCFIfw5TlOkCfEDarsMhTMcY+VLWBduy3ocrE414LNxc4hEC27ZAHVkMoC+8b/LNjfG5JoXwhm/emMuBzHdKpa3dfw9XDY5f6N87np0RmQJVx0XticnstOTPjEsvTjGCVtqFfBqJ+rAWo+4FOP6SvF2bQUClgIlA2pl7JQ9M1Tq6AIvKarvp1YuYMDtGKOLeFoyQdpnUNJ6baLxdeRnhF6PNbmKtMgxWFXn/W5wijJaJUWUa2ws6iMg76VUoidO7zSCbCPs8Wl1f9amDbmW8X3mlSkLMpekLqRP8bB7EiGa3c8Habdkwwi+7fgZjszzlD6ybHgBaqvA1AeFoDg2ocL4dGyWt2wStInFJOZpoQ==~-1~-1~-1; Domain=marvelcakemarvelcake.us; Path=/; Expires=Sat, 10 May 2025 14:00:00 GMT; Max-Age=31536000; Secure
bm_sz=C6F7D457C2595E0A9865CB4A31BB483E~YAAQs3sTAq4L5UyPAQAAgLnNYhdzZa6HYjvETXjLeOimD42cJZxsCB5EKbfkzEBck16LLOLfGyErb5FiCGfSpmU/VcmgJUYePNPs0KJgAwwNIGlTEltQbRq9sqZsZMCz4uHoLXVqy8H/gisanpxFvRkOQ2pxBXPn7WOWg02jXlviVp1nnxo2yFGuTl0Al4zOvEh9AQcXyZCbBMLBu89ko2Xc4lQkfAyMA93pK95uHR49pXCm86Wdi30wlSJTgc6bMmlwRHbeq7gRI8053DT+YVzkjG9dFhNQawv9JrpQ9clwgLbKsCShrIsK4UVWPyG3TQLtsgxpB0TYbPIMzz+9cuYwbNBlMt2O7K3S8bk=~4604978~4342582; Domain=marvelcakemarvelcake.us; Path=/; Expires=Fri, 10 May 2024 18:00:00 GMT; Max-Age=14400
X-ORIGIN-TAG: frontdoor
X-ARC: 2, 6a
Server-Timing: ak_p; desc="1715349600590_34831283_299196750_20_20638_27_28_-";dur=1
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|
| marvelcakemarvelcake.us/de-de/godaddy-404 | 5.230.73.190 | | 0 B |
URL GET marvelcakemarvelcake.us/de-de/godaddy-404 IP5.230.73.190:0
Requested byhttps://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /de-de/godaddy-404 HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; ClientId=1D38D54DA4AA42B489D2E1334826CB6B; OIDC=1; OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag; buid=0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_7KISNINyIoLSGH_WYFs3VcZF27NMbzhEVbal0jhawZuzBNH9LoxDuxxn0A2r1uw_DOrYwjz_Xls2QIzO3c4GhAD8r5jVWuyKTmEftq89ikgAA; fpc=Ahna59r_JqdFuwMtjwffy_WerOTJAQAAAFQf0N0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8aWZI_dYbanJlRaY5FqD7vjEESWiom4a7UPSAbDs2v_OZXGnkOSlf4Al810PHEm-J0nGBaGSS4RMAt6OYdkstIy1T8YZH8EzDuWYPodz7AeEmNMJMVUHodbqF4WXyjk3ofKUNSOrlEOtZc7EuUK85L-JHDvpNgGCyPDaHY9-dYscgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=utf-8
Content-Length: 0
Server: envoy
Location: https://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly93d3cuZ29kYWRkeS5jb20vZ29kYWRkeS00MDQ=
x-request-id: 0dc3fedf-d77a-96bc-b256-993bb8be43c0
x-amzn-trace-id: Root=1-663e2861-3176c8c45d35b8d7760c4ddc
apm-trace-id: 96c80d208c2f152f81e08240edb7b2a9
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Vary: Accept-Language
Content-Language: en_US
x-envoy-upstream-service-time: 10
Expires: Fri, 10 May 2024 14:00:01 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 10 May 2024 14:00:01 GMT
Connection: close
|
|
| marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly93d3cuZ29kYWRkeS5jb20vZ29kYWRkeS00MDQ= | 5.230.73.190 | | 0 B |
URL GET marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly93d3cuZ29kYWRkeS5jb20vZ29kYWRkeS00MDQ= IP5.230.73.190:0
Requested byhttps://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /?2a24qc746=aHR0cHM6Ly93d3cuZ29kYWRkeS5jb20vZ29kYWRkeS00MDQ= HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; ClientId=1D38D54DA4AA42B489D2E1334826CB6B; OIDC=1; OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag; buid=0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_7KISNINyIoLSGH_WYFs3VcZF27NMbzhEVbal0jhawZuzBNH9LoxDuxxn0A2r1uw_DOrYwjz_Xls2QIzO3c4GhAD8r5jVWuyKTmEftq89ikgAA; fpc=Ahna59r_JqdFuwMtjwffy_WerOTJAQAAAFQf0N0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8aWZI_dYbanJlRaY5FqD7vjEESWiom4a7UPSAbDs2v_OZXGnkOSlf4Al810PHEm-J0nGBaGSS4RMAt6OYdkstIy1T8YZH8EzDuWYPodz7AeEmNMJMVUHodbqF4WXyjk3ofKUNSOrlEOtZc7EuUK85L-JHDvpNgGCyPDaHY9-dYscgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: https://marvelcakemarvelcake.us/de-de/godaddy-404
Date: Fri, 10 May 2024 14:00:01 GMT
Connection: close
Set-Cookie: market=de-DE; expires=Sat, 10-May-2025 14:00:01 GMT; path=/; domain=marvelcakemarvelcake.us
_abck=0BF13DB2FA8868C66E30336397E2F3A8~-1~YAAQs3sTArQL5UyPAQAAdLzNYgsbdyq4Avd7Q3PvkLkc9WiFPD7+oInRWH3WXArdChsVUtASSB9CFsuzBLrdjGkvzc4GcKQShy8p55r/7Ty0vT7V7sCjK4xzy9mHrM/J+vF8/8TI1PjysBoN9YbVMkPs8e18jtOgei3cQ8M/Sslb5aucKNazN4xNxWOAk2gdnQ3+Fx0nZwsLDbYpg56DZFp8v8mZbfeuQuvd70rzVq0bplnAD9WaW24YDttVpkzYUdNBLkZLDYWd6qavjLAvM1L6xGo4eSDE+SekH0MCcaaDD9hDYPnFhoIBtY3apvJvUu6lmzyLHlrM6RTl1TULEbrLMJe1D81sYWKPyYxPM1vzkXPIwTPukYjncTCI5LNontHmbEyiPQ==~-1~-1~-1; Domain=marvelcakemarvelcake.us; Path=/; Expires=Sat, 10 May 2025 14:00:01 GMT; Max-Age=31536000; Secure
bm_sz=2C80B866BD5B6A7E4205FE583217D95B~YAAQs3sTArUL5UyPAQAAdLzNYhfKhbb/ldkSHedGzM8tZjbJePbG79NDhUwwhyXCfHUC4cu8D4ZAjynZlt1HlOcu12ddmNEkB3GDAByCyRuA+5Q4DyIqw8X8OPcxxmpYBi7RWeM6Ii0AgaV/lgnYjg/pNYSD5Tz4eR5hsGYBryKeLoFda9//bFN5xARRMvb2ZjRlVGk43NqOp5rGdDD+3FB4wDRiPOW1EuPxgbdLKo33yQ7fE7I2lffRIopzXgJ4DzvwrSfgGRwJwfQWn4EKhEKTfjoNwLCcyVUUpVu4V/H/gZNGipz1axS12baUdg0REordaTRF0ttZ1wxF9EWEv53DVkXCC/MDb+IajTw=~3687472~3162421; Domain=marvelcakemarvelcake.us; Path=/; Expires=Fri, 10 May 2024 18:00:01 GMT; Max-Age=14400
X-ORIGIN-TAG: frontdoor
X-ARC: 2, 6a
Server-Timing: ak_p; desc="1715349601343_34831283_299197157_25_21300_29_30_-";dur=1
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|
| marvelcakemarvelcake.us/de-de/godaddy-404 | 5.230.73.190 | | 0 B |
URL GET marvelcakemarvelcake.us/de-de/godaddy-404 IP5.230.73.190:0
Requested byhttps://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /de-de/godaddy-404 HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; ClientId=1D38D54DA4AA42B489D2E1334826CB6B; OIDC=1; OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag; buid=0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_7KISNINyIoLSGH_WYFs3VcZF27NMbzhEVbal0jhawZuzBNH9LoxDuxxn0A2r1uw_DOrYwjz_Xls2QIzO3c4GhAD8r5jVWuyKTmEftq89ikgAA; fpc=Ahna59r_JqdFuwMtjwffy_WerOTJAQAAAFQf0N0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8aWZI_dYbanJlRaY5FqD7vjEESWiom4a7UPSAbDs2v_OZXGnkOSlf4Al810PHEm-J0nGBaGSS4RMAt6OYdkstIy1T8YZH8EzDuWYPodz7AeEmNMJMVUHodbqF4WXyjk3ofKUNSOrlEOtZc7EuUK85L-JHDvpNgGCyPDaHY9-dYscgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=utf-8
Content-Length: 0
Server: envoy
Location: https://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly93d3cuZ29kYWRkeS5jb20vZ29kYWRkeS00MDQ=
x-request-id: daafb2cc-4335-91b2-94e0-174e88c2513e
x-amzn-trace-id: Root=1-663e2861-3c9ee26b7a2b72715c790f2a
apm-trace-id: aa4b1512442c8d84e973753fa96cfb13
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Vary: Accept-Language
Content-Language: en_US
x-envoy-upstream-service-time: 9
Expires: Fri, 10 May 2024 14:00:01 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 10 May 2024 14:00:01 GMT
Connection: close
|
|
| marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly93d3cuZ29kYWRkeS5jb20vZ29kYWRkeS00MDQ= | 5.230.73.190 | | 0 B |
URL GET marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly93d3cuZ29kYWRkeS5jb20vZ29kYWRkeS00MDQ= IP5.230.73.190:0
Requested byhttps://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /?2a24qc746=aHR0cHM6Ly93d3cuZ29kYWRkeS5jb20vZ29kYWRkeS00MDQ= HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; ClientId=1D38D54DA4AA42B489D2E1334826CB6B; OIDC=1; OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag; buid=0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_7KISNINyIoLSGH_WYFs3VcZF27NMbzhEVbal0jhawZuzBNH9LoxDuxxn0A2r1uw_DOrYwjz_Xls2QIzO3c4GhAD8r5jVWuyKTmEftq89ikgAA; fpc=Ahna59r_JqdFuwMtjwffy_WerOTJAQAAAFQf0N0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8aWZI_dYbanJlRaY5FqD7vjEESWiom4a7UPSAbDs2v_OZXGnkOSlf4Al810PHEm-J0nGBaGSS4RMAt6OYdkstIy1T8YZH8EzDuWYPodz7AeEmNMJMVUHodbqF4WXyjk3ofKUNSOrlEOtZc7EuUK85L-JHDvpNgGCyPDaHY9-dYscgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: https://marvelcakemarvelcake.us/de-de/godaddy-404
Date: Fri, 10 May 2024 14:00:02 GMT
Connection: close
Set-Cookie: market=de-DE; expires=Sat, 10-May-2025 14:00:02 GMT; path=/; domain=marvelcakemarvelcake.us
_abck=DE361A85CE04457ECCA6C80F65042228~-1~YAAQs3sTArwL5UyPAQAAbMDNYgvvIDzTwQQD1Swc3mgHbDTDIYNH9CP5Mf7HJPuvnKM1oSaHehgv0ThGcHD1/OecbSSnxl9d0TUtGqUt8RY26WYtnbwIDRY1slxqXgU5OO53LZwCTK7pULkiHbBFhsj3jiZwNN1b+M694rim7CcMaVWCbXqul9PvNSLspwx/x1F9q+qFmseaeJeAEE/PHPuqiiQhLSuzJsOIonFVe1PIQOfNiNYMPT8Y3Y/5plTOsjgdE9CygFnIig6Dpr+IDWp/lH4I2bPgx0ZRXdPahEnTvwGXhQ+TBRI9V6sR76LZQfYI9taDRd1FZsoN6qwvfJAJhKUJqi5WEVn2WsEO97RxwERKWkzDrrfJfoC0sjU19FCmkd+8cg==~-1~-1~-1; Domain=marvelcakemarvelcake.us; Path=/; Expires=Sat, 10 May 2025 14:00:02 GMT; Max-Age=31536000; Secure
bm_sz=9BFDBAB6AD0FAC951374F86C0D0B4320~YAAQs3sTAr0L5UyPAQAAbMDNYhefMSW0ezJO4HN7vNATiTp/C+atxl/49dw1orAV72BRfOOQfDsVm8/pI7P2iqLyxB5k6ppaxgxMrHV3mamfXS3COilJYD5cZIUXXOHwAD8fjJIN7vZm+mZHkIx8hHhzHpyvsbyf+oPG1eNgYIdHxld9F3DNUxm9lgCC2fLr3QrQ0jJptiBepiuu9GAPjBqkqllAc1ZfYzZHk8sWitX7kayCXglX9ethCZqnGZLmj7zG25uFU4ZZ6uty5NOUeZj9tl3ZMLfOTPusgvqidVZt1Q4h9CqqKl91QPUxLiO5HaSjTQqNp4NE0Qyktm9VKeM5LkaX23SZgN7lwQM=~3552569~3225412; Domain=marvelcakemarvelcake.us; Path=/; Expires=Fri, 10 May 2024 18:00:02 GMT; Max-Age=14400
X-ORIGIN-TAG: frontdoor
X-ARC: 2, 6a
Server-Timing: ak_p; desc="1715349602351_34831283_299197766_21_21085_27_39_-";dur=1
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|
| marvelcakemarvelcake.us/de-de/godaddy-404 | 5.230.73.190 | | 0 B |
URL GET marvelcakemarvelcake.us/de-de/godaddy-404 IP5.230.73.190:0
Requested byhttps://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /de-de/godaddy-404 HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; ClientId=1D38D54DA4AA42B489D2E1334826CB6B; OIDC=1; OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag; buid=0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_7KISNINyIoLSGH_WYFs3VcZF27NMbzhEVbal0jhawZuzBNH9LoxDuxxn0A2r1uw_DOrYwjz_Xls2QIzO3c4GhAD8r5jVWuyKTmEftq89ikgAA; fpc=Ahna59r_JqdFuwMtjwffy_WerOTJAQAAAFQf0N0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8aWZI_dYbanJlRaY5FqD7vjEESWiom4a7UPSAbDs2v_OZXGnkOSlf4Al810PHEm-J0nGBaGSS4RMAt6OYdkstIy1T8YZH8EzDuWYPodz7AeEmNMJMVUHodbqF4WXyjk3ofKUNSOrlEOtZc7EuUK85L-JHDvpNgGCyPDaHY9-dYscgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=utf-8
Content-Length: 0
Server: envoy
Location: https://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly93d3cuZ29kYWRkeS5jb20vZ29kYWRkeS00MDQ=
x-request-id: 4002f8ec-68fd-99c0-a684-85a0555bdbc1
x-amzn-trace-id: Root=1-663e2863-4eced8893cb415f10bc2f04a
apm-trace-id: 640a90772977a7775dca0fd36ba6f501
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Vary: Accept-Language
Content-Language: en_US
x-envoy-upstream-service-time: 8
Expires: Fri, 10 May 2024 14:00:03 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 10 May 2024 14:00:03 GMT
Connection: close
|
|
| marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly93d3cuZ29kYWRkeS5jb20vZ29kYWRkeS00MDQ= | 5.230.73.190 | | 0 B |
URL GET marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly93d3cuZ29kYWRkeS5jb20vZ29kYWRkeS00MDQ= IP5.230.73.190:0
Requested byhttps://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /?2a24qc746=aHR0cHM6Ly93d3cuZ29kYWRkeS5jb20vZ29kYWRkeS00MDQ= HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; ClientId=1D38D54DA4AA42B489D2E1334826CB6B; OIDC=1; OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag; buid=0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_7KISNINyIoLSGH_WYFs3VcZF27NMbzhEVbal0jhawZuzBNH9LoxDuxxn0A2r1uw_DOrYwjz_Xls2QIzO3c4GhAD8r5jVWuyKTmEftq89ikgAA; fpc=Ahna59r_JqdFuwMtjwffy_WerOTJAQAAAFQf0N0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8aWZI_dYbanJlRaY5FqD7vjEESWiom4a7UPSAbDs2v_OZXGnkOSlf4Al810PHEm-J0nGBaGSS4RMAt6OYdkstIy1T8YZH8EzDuWYPodz7AeEmNMJMVUHodbqF4WXyjk3ofKUNSOrlEOtZc7EuUK85L-JHDvpNgGCyPDaHY9-dYscgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: https://marvelcakemarvelcake.us/de-de/godaddy-404
Date: Fri, 10 May 2024 14:00:03 GMT
Connection: close
Set-Cookie: market=de-DE; expires=Sat, 10-May-2025 14:00:03 GMT; path=/; domain=marvelcakemarvelcake.us
_abck=497D7E071C78D4E9617E275C48FDB6DE~-1~YAAQs3sTAs4L5UyPAQAAvMXNYgvEiiCNxs55VQv4RhD8B36W/rMqUNtJ1HfQu0557Ar0rpHDUbiKyEIxA090ljUFEk1A0s+3f5A1Q/tIOEV76B4lpD26BF+K6U1JQEuxHF3LV28sNHShIQoF7c67zQ2oKchXPY0EcjjWCUFwL8zZ/Lrdk5dAV3881paSW9Jk9UnlZaYp+ZtfWu+qkstA+Gvi7ruQthRFCQyyP12ofthkXFZAjKVerZx6mEI/0lMavK1dWaNsPxYrxcBVWg+c0Pa4WgMCXwDUsIQt/L3WT3EHGzboQLDnx6bqqMRFCwnamAqCPoJsw5OVRfGsHo9PnV8PKQV4aaJg9OLm2qF+xYPOctH1Iwueb2G9W4BEmf3DqldQyOh4Ug==~-1~-1~-1; Domain=marvelcakemarvelcake.us; Path=/; Expires=Sat, 10 May 2025 14:00:03 GMT; Max-Age=31536000; Secure
bm_sz=FCB9B8ABBD6680C9E220AE6666E61879~YAAQs3sTAs8L5UyPAQAAvMXNYheawvk1RuqQloChJcy8iTclqop8tb+I5fURr7nPvASTtWyI+Is7wjM9V425XnDfqKN623J8hHtUo4xqk60iEWvIIofiWwpjZQQwafKyg56G+kijGlwrVobAc9ADFoZekp+4G7y4SPCehpEwaPfh5xqI+wJvJN8ew3dRC3IK9cGwDk2q0Nzdg8yEfQe4Rv25adCcgOCWvktcViWECTVJ8ixLjAdL52JUzGixwnUxMpGNh193Km0Ks2458Q1yL4jJ/hWM9P0+qr385fbSnJwBJRHpqilnJ5VHyJ+1dkyJ2/dTEql3dsAd28R2gCTOwChtP/+QYG5VSqJT1OQ=~3421251~3684164; Domain=marvelcakemarvelcake.us; Path=/; Expires=Fri, 10 May 2024 18:00:03 GMT; Max-Age=14400
X-ORIGIN-TAG: frontdoor
X-ARC: 2, 6a
Server-Timing: ak_p; desc="1715349603721_34831283_299198578_19_20347_59_30_-";dur=1
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|
| marvelcakemarvelcake.us/de-de/godaddy-404 | 5.230.73.190 | | 0 B |
URL GET marvelcakemarvelcake.us/de-de/godaddy-404 IP5.230.73.190:0
Requested byhttps://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /de-de/godaddy-404 HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; ClientId=1D38D54DA4AA42B489D2E1334826CB6B; OIDC=1; OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag; buid=0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_7KISNINyIoLSGH_WYFs3VcZF27NMbzhEVbal0jhawZuzBNH9LoxDuxxn0A2r1uw_DOrYwjz_Xls2QIzO3c4GhAD8r5jVWuyKTmEftq89ikgAA; fpc=Ahna59r_JqdFuwMtjwffy_WerOTJAQAAAFQf0N0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8aWZI_dYbanJlRaY5FqD7vjEESWiom4a7UPSAbDs2v_OZXGnkOSlf4Al810PHEm-J0nGBaGSS4RMAt6OYdkstIy1T8YZH8EzDuWYPodz7AeEmNMJMVUHodbqF4WXyjk3ofKUNSOrlEOtZc7EuUK85L-JHDvpNgGCyPDaHY9-dYscgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=utf-8
Content-Length: 0
Server: envoy
Location: https://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly93d3cuZ29kYWRkeS5jb20vZ29kYWRkeS00MDQ=
x-request-id: 9bc8b975-7260-92e7-9aa5-70fc7780131f
x-amzn-trace-id: Root=1-663e2864-1c79eec672ca65a87c8555fe
apm-trace-id: 33f7d75202dace815c855f0763b600bd
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Vary: Accept-Language
Content-Language: en_US
x-envoy-upstream-service-time: 6
Expires: Fri, 10 May 2024 14:00:04 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 10 May 2024 14:00:04 GMT
Connection: close
|
|
| marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly93d3cuZ29kYWRkeS5jb20vZ29kYWRkeS00MDQ= | 5.230.73.190 | | 0 B |
URL GET marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly93d3cuZ29kYWRkeS5jb20vZ29kYWRkeS00MDQ= IP5.230.73.190:0
Requested byhttps://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /?2a24qc746=aHR0cHM6Ly93d3cuZ29kYWRkeS5jb20vZ29kYWRkeS00MDQ= HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; ClientId=1D38D54DA4AA42B489D2E1334826CB6B; OIDC=1; OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag; buid=0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_7KISNINyIoLSGH_WYFs3VcZF27NMbzhEVbal0jhawZuzBNH9LoxDuxxn0A2r1uw_DOrYwjz_Xls2QIzO3c4GhAD8r5jVWuyKTmEftq89ikgAA; fpc=Ahna59r_JqdFuwMtjwffy_WerOTJAQAAAFQf0N0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8aWZI_dYbanJlRaY5FqD7vjEESWiom4a7UPSAbDs2v_OZXGnkOSlf4Al810PHEm-J0nGBaGSS4RMAt6OYdkstIy1T8YZH8EzDuWYPodz7AeEmNMJMVUHodbqF4WXyjk3ofKUNSOrlEOtZc7EuUK85L-JHDvpNgGCyPDaHY9-dYscgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: https://marvelcakemarvelcake.us/de-de/godaddy-404
Date: Fri, 10 May 2024 14:00:04 GMT
Connection: close
Set-Cookie: market=de-DE; expires=Sat, 10-May-2025 14:00:04 GMT; path=/; domain=marvelcakemarvelcake.us
_abck=EC64AFFAF7D48656EF4354E005F750E9~-1~YAAQs3sTAtQL5UyPAQAACcrNYgvqyqrV6M9ZmZTmttebJBdQC1Ev8oCeySS8q5yRaznNVL0w6bf/UVc1xT/PdYM7W35RbZaz1+8mj8mIBzqcK0wC0ndN8otKlO8fTbObf1Gk90+86cWDbV/u6XJwHoTsl9ZEV2EL14BkBH5J/64ylZpQcohTxZmj8QceLrWyw3qLvqJl9zwUJinIETt9oPrvBHrrVvnNI6FI7k+K5KPkzATmY07y+Xbbr9JVYQU4kN5uo9rHHtKP6PnWYEueoVTOaOX3oQkpZHn3YPvmezoN22saQhywXF1ruhhbfQAd9QAMCMdpVYDAq6TGAwxq47qUI6XhYXGvKgbtzd4gZjkcG44X7HfrYJ4F8Emu/iReRsvxKHzfdw==~-1~-1~-1; Domain=marvelcakemarvelcake.us; Path=/; Expires=Sat, 10 May 2025 14:00:04 GMT; Max-Age=31536000; Secure
bm_sz=0F50B24026ABC90E1E88B71A71D2AFEE~YAAQs3sTAtUL5UyPAQAACcrNYhcw0Uqio04VeDlFVVV2rDzzqXeO/7v1NJtP3Q6XI3PF2jcRBYAvj1XemuTXRUiJwHrFZeim1qQ65LPCyq8AobBM0FmReaNSY6b6qcJlDfiMK+LLwA5Kw4vFCacWe8laarhvGGmOoSs+YVmOaysnMj6iomk/KQi9HoZISLww6/uz/cKu41p+dkoZqtFft1mANtcZKwGZ+MsWLpjYEEpP1FGlvrBqtXAlfg/492k/qFnwF9Wku3tsP+NIzZGSiwiumFOhNZXp/jZfYuIyDTlJTi5aR7A5boEMXJ494agILimyQzxAgCxg8hjMfRxMDbhs/u+8XgpAhtvu1tk=~3682358~3420985; Domain=marvelcakemarvelcake.us; Path=/; Expires=Fri, 10 May 2024 18:00:04 GMT; Max-Age=14400
X-ORIGIN-TAG: frontdoor
X-ARC: 2, 6a
Server-Timing: ak_p; desc="1715349604823_34831283_299199244_19_20674_27_28_-";dur=1
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|
| marvelcakemarvelcake.us/auth-assets/f5d911271c28aedd739cf0ed3bac8356e8b12aaf/login-panel.js | 5.230.73.190 | 200 OK | 556 kB |
URL GET HTTP/1.1marvelcakemarvelcake.us/auth-assets/f5d911271c28aedd739cf0ed3bac8356e8b12aaf/login-panel.js IP5.230.73.190:443
Requested byhttps://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
Size556 kB (555835 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /auth-assets/f5d911271c28aedd739cf0ed3bac8356e8b12aaf/login-panel.js HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; ClientId=1D38D54DA4AA42B489D2E1334826CB6B; OIDC=1; OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag; buid=0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_7KISNINyIoLSGH_WYFs3VcZF27NMbzhEVbal0jhawZuzBNH9LoxDuxxn0A2r1uw_DOrYwjz_Xls2QIzO3c4GhAD8r5jVWuyKTmEftq89ikgAA; fpc=Ahna59r_JqdFuwMtjwffy_WerOTJAQAAAFQf0N0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8aWZI_dYbanJlRaY5FqD7vjEESWiom4a7UPSAbDs2v_OZXGnkOSlf4Al810PHEm-J0nGBaGSS4RMAt6OYdkstIy1T8YZH8EzDuWYPodz7AeEmNMJMVUHodbqF4WXyjk3ofKUNSOrlEOtZc7EuUK85L-JHDvpNgGCyPDaHY9-dYscgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Encoding: br
ETag: "9737de133bce91d37b5a18634ecac344"
Last-Modified: Mon, 06 May 2024 23:47:21 GMT
Vary: Accept-Encoding
x-amz-request-id: tx00000cab5c7a89dba509f-0066396c06-3242e1f5b-default
x-rgw-object-type: Normal
content-length: 555835
Cache-Control: max-age=31536000
Date: Fri, 10 May 2024 13:59:50 GMT
Connection: close
Server-Timing: cdn-cache; desc=HIT, edge; dur=3, ak_p; desc="1715349590379_34824396_189603923_315_1739_27_35_-";dur=1
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|
| marvelcakemarvelcake.us/identity-static-assets/_next/static/chunks/framework-cf02f566e862df36.js | 5.230.73.190 | 200 OK | 804 B |
URL GET HTTP/1.1marvelcakemarvelcake.us/identity-static-assets/_next/static/chunks/framework-cf02f566e862df36.js IP5.230.73.190:443
Requested byhttps://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (814), with no line terminators Hashfa8061bff06a1c0b05e562323e636b05 ff8d245d3c327612cbd4ff539dca8a22c43aca38 92dcd125a8b8e859bb3bf1005bb23d53f434759ab503d09ea4a39947cb41c6be
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /identity-static-assets/_next/static/chunks/framework-cf02f566e862df36.js HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; ClientId=1D38D54DA4AA42B489D2E1334826CB6B; OIDC=1; OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag; buid=0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_7KISNINyIoLSGH_WYFs3VcZF27NMbzhEVbal0jhawZuzBNH9LoxDuxxn0A2r1uw_DOrYwjz_Xls2QIzO3c4GhAD8r5jVWuyKTmEftq89ikgAA; fpc=Ahna59r_JqdFuwMtjwffy_WerOTJAQAAAFQf0N0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8aWZI_dYbanJlRaY5FqD7vjEESWiom4a7UPSAbDs2v_OZXGnkOSlf4Al810PHEm-J0nGBaGSS4RMAt6OYdkstIy1T8YZH8EzDuWYPodz7AeEmNMJMVUHodbqF4WXyjk3ofKUNSOrlEOtZc7EuUK85L-JHDvpNgGCyPDaHY9-dYscgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Accept-Ranges: bytes
Content-Encoding: br
ETag: "3d2870162db102916e683c7dd6d65dce:1715238505.610143"
Last-Modified: Thu, 09 May 2024 07:49:02 GMT
Vary: Accept-Encoding
content-length: 804
Cache-Control: max-age=31536000
Date: Fri, 10 May 2024 13:59:52 GMT
Connection: close
Server-Timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1715349592138_34824380_160824544_23_1870_26_28_-";dur=1
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|
| marvelcakemarvelcake.us/identity-static-assets/_next/static/chunks/pages/_app-123e75471d7079fb.js | 5.230.73.190 | 200 OK | 411 kB |
URL GET HTTP/1.1marvelcakemarvelcake.us/identity-static-assets/_next/static/chunks/pages/_app-123e75471d7079fb.js IP5.230.73.190:443
Requested byhttps://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size411 kB (410889 bytes) Hash43ba82125306fb99a4a7b29c72c85640 4b4afcee935043e2168f61b5e4faae082182a263 751155700004403979060eba1ecb2974839005e4607691b10d357bace6ceeef6
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /identity-static-assets/_next/static/chunks/pages/_app-123e75471d7079fb.js HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; ClientId=1D38D54DA4AA42B489D2E1334826CB6B; OIDC=1; OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag; buid=0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_7KISNINyIoLSGH_WYFs3VcZF27NMbzhEVbal0jhawZuzBNH9LoxDuxxn0A2r1uw_DOrYwjz_Xls2QIzO3c4GhAD8r5jVWuyKTmEftq89ikgAA; fpc=Ahna59r_JqdFuwMtjwffy_WerOTJAQAAAFQf0N0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8aWZI_dYbanJlRaY5FqD7vjEESWiom4a7UPSAbDs2v_OZXGnkOSlf4Al810PHEm-J0nGBaGSS4RMAt6OYdkstIy1T8YZH8EzDuWYPodz7AeEmNMJMVUHodbqF4WXyjk3ofKUNSOrlEOtZc7EuUK85L-JHDvpNgGCyPDaHY9-dYscgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Accept-Ranges: bytes
Content-Encoding: br
ETag: "8545ae6776165f146056266e738b66af:1715238518.784536"
Last-Modified: Thu, 09 May 2024 07:48:42 GMT
Vary: Accept-Encoding
content-length: 410889
Cache-Control: max-age=31536000
Date: Fri, 10 May 2024 13:59:54 GMT
Connection: close
Server-Timing: cdn-cache; desc=HIT, edge; dur=5, ak_p; desc="1715349594762_34824396_189607606_528_1548_26_48_-";dur=1
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|
| marvelcakemarvelcake.us/wrhs-next/90885773439e942d65550923fefe99fc/utility-header.js | 5.230.73.190 | 200 OK | 447 kB |
URL GET HTTP/1.1marvelcakemarvelcake.us/wrhs-next/90885773439e942d65550923fefe99fc/utility-header.js IP5.230.73.190:443
Requested byhttps://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
Size447 kB (447280 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /wrhs-next/90885773439e942d65550923fefe99fc/utility-header.js HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; ClientId=1D38D54DA4AA42B489D2E1334826CB6B; OIDC=1; OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag; buid=0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_7KISNINyIoLSGH_WYFs3VcZF27NMbzhEVbal0jhawZuzBNH9LoxDuxxn0A2r1uw_DOrYwjz_Xls2QIzO3c4GhAD8r5jVWuyKTmEftq89ikgAA; fpc=Ahna59r_JqdFuwMtjwffy_WerOTJAQAAAFQf0N0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8aWZI_dYbanJlRaY5FqD7vjEESWiom4a7UPSAbDs2v_OZXGnkOSlf4Al810PHEm-J0nGBaGSS4RMAt6OYdkstIy1T8YZH8EzDuWYPodz7AeEmNMJMVUHodbqF4WXyjk3ofKUNSOrlEOtZc7EuUK85L-JHDvpNgGCyPDaHY9-dYscgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Encoding: br
ETag: "90885773439e942d65550923fefe99fc"
Last-Modified: Tue, 23 Apr 2024 20:03:52 GMT
Vary: Accept-Encoding
x-amz-id-2: j06dSef/7pBK2acimSuEoC6/4RQXsLKbspqtVeXvKo3WYner9gOrNjgiDnASqVHR5hH7nERbvV4=
x-amz-request-id: VGEMT7WMM6QV0GWT
x-amz-server-side-encryption: AES256
x-amz-version-id: KNXJhRiuj9yl3peRBQ_C4V7RDpDbb5iB
content-length: 447280
Cache-Control: max-age=31536000
Date: Fri, 10 May 2024 13:59:56 GMT
Connection: close
Server-Timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1715349596482_386904628_711537446_36_2059_28_33_-";dur=1
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|
| marvelcakemarvelcake.us/identity-static-assets/_next/static/chunks/main-94408688863f3085.js | 5.230.73.190 | 200 OK | 125 kB |
URL GET HTTP/1.1marvelcakemarvelcake.us/identity-static-assets/_next/static/chunks/main-94408688863f3085.js IP5.230.73.190:443
Requested byhttps://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size125 kB (124674 bytes) Hash3480e30fde6612a402b2df47dae246c4 5ed27744594ca72db66e8029d5a892022af91145 36ce56f7bb26314c08b84c3cb5b72a0fc77e129a1713b89f738db3ff13322359
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /identity-static-assets/_next/static/chunks/main-94408688863f3085.js HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; ClientId=1D38D54DA4AA42B489D2E1334826CB6B; OIDC=1; OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag; buid=0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_7KISNINyIoLSGH_WYFs3VcZF27NMbzhEVbal0jhawZuzBNH9LoxDuxxn0A2r1uw_DOrYwjz_Xls2QIzO3c4GhAD8r5jVWuyKTmEftq89ikgAA; fpc=Ahna59r_JqdFuwMtjwffy_WerOTJAQAAAFQf0N0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8aWZI_dYbanJlRaY5FqD7vjEESWiom4a7UPSAbDs2v_OZXGnkOSlf4Al810PHEm-J0nGBaGSS4RMAt6OYdkstIy1T8YZH8EzDuWYPodz7AeEmNMJMVUHodbqF4WXyjk3ofKUNSOrlEOtZc7EuUK85L-JHDvpNgGCyPDaHY9-dYscgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Accept-Ranges: bytes
Content-Encoding: br
ETag: "c6ab097865257137de0018a8335d53a5:1715238517.451342"
Last-Modified: Thu, 09 May 2024 07:48:47 GMT
Vary: Accept-Encoding
content-length: 124674
Cache-Control: max-age=31536000
Date: Fri, 10 May 2024 13:59:54 GMT
Connection: close
Server-Timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1715349594761_34824380_160826317_12_1369_26_31_-";dur=1
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|
| marvelcakemarvelcake.us/wrhs-next/5a3c09ada3e8754d1f83b97656867399/heartbeat.js | 5.230.73.190 | 200 OK | 2.6 kB |
URL GET HTTP/1.1marvelcakemarvelcake.us/wrhs-next/5a3c09ada3e8754d1f83b97656867399/heartbeat.js IP5.230.73.190:443
Requested byhttps://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
File typeJavaScript source, ASCII text, with very long lines (2663), with no line terminators Hashfc8ccd62997ba0778fa00cd8ccb7a54e 6f836004f2ca643f4bdfbf163d7af9da44623341 25c3e4eb630ebb95e597d2bbdeaec195244c709b1c4f775e999c7e0f2117c366
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /wrhs-next/5a3c09ada3e8754d1f83b97656867399/heartbeat.js HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; ClientId=1D38D54DA4AA42B489D2E1334826CB6B; OIDC=1; OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag; buid=0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_7KISNINyIoLSGH_WYFs3VcZF27NMbzhEVbal0jhawZuzBNH9LoxDuxxn0A2r1uw_DOrYwjz_Xls2QIzO3c4GhAD8r5jVWuyKTmEftq89ikgAA; fpc=Ahna59r_JqdFuwMtjwffy_WerOTJAQAAAFQf0N0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8aWZI_dYbanJlRaY5FqD7vjEESWiom4a7UPSAbDs2v_OZXGnkOSlf4Al810PHEm-J0nGBaGSS4RMAt6OYdkstIy1T8YZH8EzDuWYPodz7AeEmNMJMVUHodbqF4WXyjk3ofKUNSOrlEOtZc7EuUK85L-JHDvpNgGCyPDaHY9-dYscgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Encoding: br
ETag: "5a3c09ada3e8754d1f83b97656867399"
Last-Modified: Wed, 17 Jan 2024 19:40:32 GMT
Vary: Accept-Encoding
x-amz-id-2: USwwrm2tJaP5k8Xnx+9Sl4doePB/4EcU1eTfvbEqKRqmsopYmpVmTFARKXw5eBcWIqcaT6NfpUyPuCCWgtXnEg==
x-amz-request-id: B7M1K3RC238RNET8
x-amz-server-side-encryption: AES256
x-amz-version-id: F5k6D.7X4MlgV1Dlb8zET7a5uAkFUkMO
content-length: 2566
Cache-Control: max-age=31536000
Date: Fri, 10 May 2024 13:59:50 GMT
Connection: close
Server-Timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1715349590915_34824396_189604357_21_1683_28_53_-";dur=1
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|
| marvelcakemarvelcake.us/identity-static-assets/_next/static/chunks/1845-7ade75786a4c6d01.js | 5.230.73.190 | 200 OK | 13 kB |
URL GET HTTP/1.1marvelcakemarvelcake.us/identity-static-assets/_next/static/chunks/1845-7ade75786a4c6d01.js IP5.230.73.190:443
Requested byhttps://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
File typeJavaScript source, ASCII text, with very long lines (12987), with no line terminators Hash909cd9f7ca61279db1efd830251c8955 16d9c3172db3f08129f2877058b989bd8e1b09f2 18e3b740276cb29926539a99ce77bfb5f39d953e56bfbea2722cefc6ebf7b06f
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /identity-static-assets/_next/static/chunks/1845-7ade75786a4c6d01.js HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; ClientId=1D38D54DA4AA42B489D2E1334826CB6B; OIDC=1; OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag; buid=0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_7KISNINyIoLSGH_WYFs3VcZF27NMbzhEVbal0jhawZuzBNH9LoxDuxxn0A2r1uw_DOrYwjz_Xls2QIzO3c4GhAD8r5jVWuyKTmEftq89ikgAA; fpc=Ahna59r_JqdFuwMtjwffy_WerOTJAQAAAFQf0N0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8aWZI_dYbanJlRaY5FqD7vjEESWiom4a7UPSAbDs2v_OZXGnkOSlf4Al810PHEm-J0nGBaGSS4RMAt6OYdkstIy1T8YZH8EzDuWYPodz7AeEmNMJMVUHodbqF4WXyjk3ofKUNSOrlEOtZc7EuUK85L-JHDvpNgGCyPDaHY9-dYscgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Accept-Ranges: bytes
Content-Encoding: br
ETag: "909cd9f7ca61279db1efd830251c8955:1715276139.507463"
Last-Modified: Thu, 09 May 2024 18:02:56 GMT
Vary: Accept-Encoding
content-length: 12987
Cache-Control: max-age=31536000
Date: Fri, 10 May 2024 13:59:55 GMT
Connection: close
Server-Timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1715349595683_386904606_388379392_20_1261_39_40_-";dur=1
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|
| marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1taWNoYWVsJTQwb2JicGljdHVyZXMuY29tJmNsaWVudC1yZXF1ZXN0LWlkPWQ2NjgzMmMzLWJjOTctNDZlNi05Njc0LWI3YWYzNWE5YTlkZSZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg1MDk0NjM4ODcxOTc0MjAuMjU3MDljZWMtMDVhNy00NjJlLTg3MTMtMzgyNjMzYjkyMmU1JnN0YXRlPURZdExEc0l3REFVVE9Bc2JwTFRHLVRoWklJNkNFaXVpa2RxbWdsYTlQbDdNbThYVGFLWFVWYmdJR21RVUJSczlKQ2VLOUVqa0VBYjBCSWtyR19DWmpBdFlqWHpXMklqQjJwSVFxOWZTM3NkLTV2RTE5MDliMzFOYjktZlNlTXAxdmpub3BXeU45LU5iZndQMzVROA== | 5.230.73.190 | 302 Found | 220 kB |
URL GET HTTP/1.1marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1taWNoYWVsJTQwb2JicGljdHVyZXMuY29tJmNsaWVudC1yZXF1ZXN0LWlkPWQ2NjgzMmMzLWJjOTctNDZlNi05Njc0LWI3YWYzNWE5YTlkZSZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg1MDk0NjM4ODcxOTc0MjAuMjU3MDljZWMtMDVhNy00NjJlLTg3MTMtMzgyNjMzYjkyMmU1JnN0YXRlPURZdExEc0l3REFVVE9Bc2JwTFRHLVRoWklJNkNFaXVpa2RxbWdsYTlQbDdNbThYVGFLWFVWYmdJR21RVUJSczlKQ2VLOUVqa0VBYjBCSWtyR19DWmpBdFlqWHpXMklqQjJwSVFxOWZTM3NkLTV2RTE5MDliMzFOYjktZlNlTXAxdmpub3BXeU45LU5iZndQMzVROA== IP5.230.73.190:443
Requested byhttps://3ddc47ac.6d2e589211c0928645bd553e.workers.dev/?qrc=michael@obbpictures.com CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
Size220 kB (219984 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /?2a24qc746=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1taWNoYWVsJTQwb2JicGljdHVyZXMuY29tJmNsaWVudC1yZXF1ZXN0LWlkPWQ2NjgzMmMzLWJjOTctNDZlNi05Njc0LWI3YWYzNWE5YTlkZSZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg1MDk0NjM4ODcxOTc0MjAuMjU3MDljZWMtMDVhNy00NjJlLTg3MTMtMzgyNjMzYjkyMmU1JnN0YXRlPURZdExEc0l3REFVVE9Bc2JwTFRHLVRoWklJNkNFaXVpa2RxbWdsYTlQbDdNbThYVGFLWFVWYmdJR21RVUJSczlKQ2VLOUVqa0VBYjBCSWtyR19DWmpBdFlqWHpXMklqQjJwSVFxOWZTM3NkLTV2RTE5MDliMzFOYjktZlNlTXAxdmpub3BXeU45LU5iZndQMzVROA== HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3ddc47ac.6d2e589211c0928645bd553e.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; ClientId=1D38D54DA4AA42B489D2E1334826CB6B; OIDC=1; OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Location: https://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 1016aca9-9a65-42bc-8eaf-7bbf81ca3e00
x-ms-ests-server: 2.1.18037.7 - EUS ProdSlices
x-ms-srs: 1.P
Referrer-Policy: strict-origin-when-cross-origin
Set-Cookie: buid=0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_7KISNINyIoLSGH_WYFs3VcZF27NMbzhEVbal0jhawZuzBNH9LoxDuxxn0A2r1uw_DOrYwjz_Xls2QIzO3c4GhAD8r5jVWuyKTmEftq89ikgAA; expires=Sun, 09-Jun-2024 13:59:49 GMT; path=/; secure; HttpOnly; SameSite=None
fpc=Ahna59r_JqdFuwMtjwffy_WerOTJAQAAAFQf0N0OAAAA; expires=Sun, 09-Jun-2024 13:59:49 GMT; path=/; secure; HttpOnly; SameSite=None
esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8aWZI_dYbanJlRaY5FqD7vjEESWiom4a7UPSAbDs2v_OZXGnkOSlf4Al810PHEm-J0nGBaGSS4RMAt6OYdkstIy1T8YZH8EzDuWYPodz7AeEmNMJMVUHodbqF4WXyjk3ofKUNSOrlEOtZc7EuUK85L-JHDvpNgGCyPDaHY9-dYscgAA; domain=marvelcakemarvelcake.us; path=/; secure; HttpOnly; SameSite=None
cltm=CgAQABoAIgQIDBAF; domain=marvelcakemarvelcake.us; path=/; secure; HttpOnly; SameSite=None
x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
stsservicecookie=estsfd; path=/; secure; samesite=none; httponly
Date: Fri, 10 May 2024 13:59:48 GMT
Connection: close
content-length: 1719
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|
| marvelcakemarvelcake.us/wrhs-next/5cb2b92a0487b6d43802b82c60508446/scc-gd-c1.min.js | 5.230.73.190 | 200 OK | 182 kB |
URL GET HTTP/1.1marvelcakemarvelcake.us/wrhs-next/5cb2b92a0487b6d43802b82c60508446/scc-gd-c1.min.js IP5.230.73.190:443
Requested byhttps://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size182 kB (182162 bytes) Hash2b7a84e55008f992b5e64b017b5100ad a5430cb821ee250ccf92b5e0eed4b04e6ad3c588 3e3004412a49c667e8d3bb2e06b250a1989085be537112b873831a426b48fe65
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /wrhs-next/5cb2b92a0487b6d43802b82c60508446/scc-gd-c1.min.js HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; ClientId=1D38D54DA4AA42B489D2E1334826CB6B; OIDC=1; OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag; buid=0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_7KISNINyIoLSGH_WYFs3VcZF27NMbzhEVbal0jhawZuzBNH9LoxDuxxn0A2r1uw_DOrYwjz_Xls2QIzO3c4GhAD8r5jVWuyKTmEftq89ikgAA; fpc=Ahna59r_JqdFuwMtjwffy_WerOTJAQAAAFQf0N0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8aWZI_dYbanJlRaY5FqD7vjEESWiom4a7UPSAbDs2v_OZXGnkOSlf4Al810PHEm-J0nGBaGSS4RMAt6OYdkstIy1T8YZH8EzDuWYPodz7AeEmNMJMVUHodbqF4WXyjk3ofKUNSOrlEOtZc7EuUK85L-JHDvpNgGCyPDaHY9-dYscgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Encoding: br
ETag: "5cb2b92a0487b6d43802b82c60508446"
Last-Modified: Mon, 06 May 2024 15:16:03 GMT
Vary: Accept-Encoding
x-amz-id-2: cpB2ERd5JGpNxEOnWLUlDiiDssHbHcshV6qsXFrCz/F+stNnzwoZYwLoaNcdElKH+NGW0Lx4A9s=
x-amz-request-id: MXZ4RVTDFCWMECGH
x-amz-server-side-encryption: AES256
x-amz-version-id: XGA71QhHrfefV5luLGC0bZ41ErUsxdlg
content-length: 182162
Cache-Control: max-age=31536000
Date: Fri, 10 May 2024 13:59:50 GMT
Connection: close
Server-Timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1715349590878_34824380_160823754_19_1614_26_59_-";dur=1
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|
| marvelcakemarvelcake.us/identity-static-assets/_next/static/chunks/webpack-c5d750cff28f4fa2.js | 5.230.73.190 | 200 OK | 12 kB |
URL GET HTTP/1.1marvelcakemarvelcake.us/identity-static-assets/_next/static/chunks/webpack-c5d750cff28f4fa2.js IP5.230.73.190:443
Requested byhttps://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
File typeJavaScript source, ASCII text, with very long lines (11650), with no line terminators Hashd6cd3f746e3851c9f8da49d83c415ea4 147d75e300e01b562b642d1cf59f1c23f4ec5d85 699657a1977cfca8ec46e17dae67c5f5fe72eef6798da6717f0de8413724fe0d
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /identity-static-assets/_next/static/chunks/webpack-c5d750cff28f4fa2.js HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; ClientId=1D38D54DA4AA42B489D2E1334826CB6B; OIDC=1; OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag; buid=0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_7KISNINyIoLSGH_WYFs3VcZF27NMbzhEVbal0jhawZuzBNH9LoxDuxxn0A2r1uw_DOrYwjz_Xls2QIzO3c4GhAD8r5jVWuyKTmEftq89ikgAA; fpc=Ahna59r_JqdFuwMtjwffy_WerOTJAQAAAFQf0N0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8aWZI_dYbanJlRaY5FqD7vjEESWiom4a7UPSAbDs2v_OZXGnkOSlf4Al810PHEm-J0nGBaGSS4RMAt6OYdkstIy1T8YZH8EzDuWYPodz7AeEmNMJMVUHodbqF4WXyjk3ofKUNSOrlEOtZc7EuUK85L-JHDvpNgGCyPDaHY9-dYscgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Accept-Ranges: bytes
Content-Encoding: br
ETag: "647f3e555e9a6773366ea4f523fae6de:1715329387.429782"
Last-Modified: Fri, 10 May 2024 08:49:57 GMT
Vary: Accept-Encoding
content-length: 11650
Cache-Control: max-age=31536000
Date: Fri, 10 May 2024 13:59:52 GMT
Connection: close
Server-Timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1715349592138_34824396_189605357_22_4056_26_37_-";dur=1
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|
| marvelcakemarvelcake.us/wrhs/31aa663a306bb8fc0cb65e5d696fb1bf/uxcore2.min.js | 5.230.73.190 | 200 OK | 63 kB |
URL GET HTTP/1.1marvelcakemarvelcake.us/wrhs/31aa663a306bb8fc0cb65e5d696fb1bf/uxcore2.min.js IP5.230.73.190:443
Requested byhttps://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
File typeJavaScript source, ASCII text, with very long lines (62956) Hash31aa663a306bb8fc0cb65e5d696fb1bf d73430da2440e60097306f2137524428397520b3 1acbb8e280ff3f9f8c53d6427886d08f4d700ec24ac1c73e6a538d1c2eeeb08a
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /wrhs/31aa663a306bb8fc0cb65e5d696fb1bf/uxcore2.min.js HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; ClientId=1D38D54DA4AA42B489D2E1334826CB6B; OIDC=1; OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag; buid=0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_7KISNINyIoLSGH_WYFs3VcZF27NMbzhEVbal0jhawZuzBNH9LoxDuxxn0A2r1uw_DOrYwjz_Xls2QIzO3c4GhAD8r5jVWuyKTmEftq89ikgAA; fpc=Ahna59r_JqdFuwMtjwffy_WerOTJAQAAAFQf0N0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8aWZI_dYbanJlRaY5FqD7vjEESWiom4a7UPSAbDs2v_OZXGnkOSlf4Al810PHEm-J0nGBaGSS4RMAt6OYdkstIy1T8YZH8EzDuWYPodz7AeEmNMJMVUHodbqF4WXyjk3ofKUNSOrlEOtZc7EuUK85L-JHDvpNgGCyPDaHY9-dYscgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Encoding: br
ETag: "31aa663a306bb8fc0cb65e5d696fb1bf"
Last-Modified: Mon, 26 Feb 2024 22:03:00 GMT
Vary: Accept-Encoding
x-amz-id-2: CGPkgkCnLG2EfZQRwLzMfBiu4rSJ2R7TOdfufStVCkAyFsTaypGzMKcnjGAar3c3PNSUbxGv0ovDQIgybKRfOw==
x-amz-request-id: 2FH81BTAJJBZGN9G
x-amz-server-side-encryption: AES256
x-amz-version-id: Zn1IeOyklMiHukT2gXdv04Wbqqsp3k13
content-length: 62996
Cache-Control: max-age=31536000
Date: Fri, 10 May 2024 13:59:50 GMT
Connection: close
Server-Timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1715349590395_34824380_160823449_24_1388_26_34_-";dur=1
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|
| marvelcakemarvelcake.us/identity-static-assets/_next/static/-Lh1-F-JKpDbnPU4A_RiV/_ssgManifest.js | 5.230.73.190 | 200 OK | 77 B |
URL GET HTTP/1.1marvelcakemarvelcake.us/identity-static-assets/_next/static/-Lh1-F-JKpDbnPU4A_RiV/_ssgManifest.js IP5.230.73.190:443
Requested byhttps://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
File typeASCII text, with no line terminators Hashb6652df95db52feb4daf4eca35380933 65451d110137761b318c82d9071c042db80c4036 6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /identity-static-assets/_next/static/-Lh1-F-JKpDbnPU4A_RiV/_ssgManifest.js HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; ClientId=1D38D54DA4AA42B489D2E1334826CB6B; OIDC=1; OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag; buid=0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_7KISNINyIoLSGH_WYFs3VcZF27NMbzhEVbal0jhawZuzBNH9LoxDuxxn0A2r1uw_DOrYwjz_Xls2QIzO3c4GhAD8r5jVWuyKTmEftq89ikgAA; fpc=Ahna59r_JqdFuwMtjwffy_WerOTJAQAAAFQf0N0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8aWZI_dYbanJlRaY5FqD7vjEESWiom4a7UPSAbDs2v_OZXGnkOSlf4Al810PHEm-J0nGBaGSS4RMAt6OYdkstIy1T8YZH8EzDuWYPodz7AeEmNMJMVUHodbqF4WXyjk3ofKUNSOrlEOtZc7EuUK85L-JHDvpNgGCyPDaHY9-dYscgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Accept-Ranges: bytes
Content-Encoding: br
ETag: "b6652df95db52feb4daf4eca35380933:1715329364.350307"
Last-Modified: Fri, 10 May 2024 09:21:39 GMT
Vary: Accept-Encoding
content-length: 77
Cache-Control: max-age=31536000
Date: Fri, 10 May 2024 13:59:56 GMT
Connection: close
Server-Timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1715349596423_386904628_711537422_22_1784_29_60_-";dur=1
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|
| marvelcakemarvelcake.us/identity-static-assets/_next/static/chunks/pages/index-5a9c8454fe81cc9e.js | 5.230.73.190 | 200 OK | 3.5 kB |
URL GET HTTP/1.1marvelcakemarvelcake.us/identity-static-assets/_next/static/chunks/pages/index-5a9c8454fe81cc9e.js IP5.230.73.190:443
Requested byhttps://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
File typeJavaScript source, ASCII text, with very long lines (3546), with no line terminators Hash8ce24b31a9e38b7895a85e2880d13803 d52bcab0e783cf1663b73868a1976ba77159b7ec bf60f55707a0da70e5e7b6079ccbf25ecc7ec7e0d52c0d46b02c74eec6c11ff2
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /identity-static-assets/_next/static/chunks/pages/index-5a9c8454fe81cc9e.js HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; ClientId=1D38D54DA4AA42B489D2E1334826CB6B; OIDC=1; OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag; buid=0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_7KISNINyIoLSGH_WYFs3VcZF27NMbzhEVbal0jhawZuzBNH9LoxDuxxn0A2r1uw_DOrYwjz_Xls2QIzO3c4GhAD8r5jVWuyKTmEftq89ikgAA; fpc=Ahna59r_JqdFuwMtjwffy_WerOTJAQAAAFQf0N0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8aWZI_dYbanJlRaY5FqD7vjEESWiom4a7UPSAbDs2v_OZXGnkOSlf4Al810PHEm-J0nGBaGSS4RMAt6OYdkstIy1T8YZH8EzDuWYPodz7AeEmNMJMVUHodbqF4WXyjk3ofKUNSOrlEOtZc7EuUK85L-JHDvpNgGCyPDaHY9-dYscgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Accept-Ranges: bytes
Content-Encoding: br
ETag: "60ccdca0e32c917fce7ca5c62f1bcc5b:1715238519.611686"
Last-Modified: Thu, 09 May 2024 07:50:45 GMT
Vary: Accept-Encoding
content-length: 3476
Cache-Control: max-age=31536000
Date: Fri, 10 May 2024 13:59:55 GMT
Connection: close
Server-Timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1715349595674_386904628_711537137_27_1586_28_29_-";dur=1
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|
| unpkg.com/@elastic/apm-rum@5.9.1/dist/bundles/elastic-apm-rum.umd.min.js | 104.17.245.203 | 200 OK | 58 kB |
URL GET HTTP/2unpkg.com/@elastic/apm-rum@5.9.1/dist/bundles/elastic-apm-rum.umd.min.js IP104.17.245.203:443
Requested byhttps://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj CertificateIssuerGoogle Trust Services LLC Subjectunpkg.com Fingerprint2E:F1:F6:31:28:EC:29:20:41:F4:58:4B:B1:CF:51:16:77:7E:BF:E3 ValidityMon, 01 Apr 2024 02:40:24 GMT - Sun, 30 Jun 2024 02:40:23 GMT
File typeJavaScript source, ASCII text, with very long lines (58454) Hash0be4c885d07e54abb224234982b34fd7 82ba6a8b59f75a865bcc0ce7e242491156ead595 8d79c92638e9125038fb1faad3896558febee2ed0c34f87e9d01c6f161999342
GET /@elastic/apm-rum@5.9.1/dist/bundles/elastic-apm-rum.umd.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 13:59:50 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
content-encoding: br
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: "e48a-grpqi1n3WoZbzAzn4kJJEVbq1ZU"
via: 1.1 fly.io
fly-request-id: 01HWQWTNGM8A5AA324SR93BA6S-arn
cf-cache-status: HIT
age: 855653
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 881a73bb4bc70afa-OSL
X-Firefox-Spdy: h2
|
|
| marvelcakemarvelcake.us/identity-static-assets/_next/static/-Lh1-F-JKpDbnPU4A_RiV/_buildManifest.js | 5.230.73.190 | 200 OK | 10 kB |
URL GET HTTP/1.1marvelcakemarvelcake.us/identity-static-assets/_next/static/-Lh1-F-JKpDbnPU4A_RiV/_buildManifest.js IP5.230.73.190:443
Requested byhttps://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
File typeASCII text, with very long lines (10157), with no line terminators Hashe8c810c2b79c6cc8be440eb442f5a12c c3b02f548977c9fcdc50254a063b2a5f4ce7e724 6c784b4e9288d32729d19b7b67c0f922716d8719116614ad998b78e81a54733f
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /identity-static-assets/_next/static/-Lh1-F-JKpDbnPU4A_RiV/_buildManifest.js HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; ClientId=1D38D54DA4AA42B489D2E1334826CB6B; OIDC=1; OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag; buid=0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_7KISNINyIoLSGH_WYFs3VcZF27NMbzhEVbal0jhawZuzBNH9LoxDuxxn0A2r1uw_DOrYwjz_Xls2QIzO3c4GhAD8r5jVWuyKTmEftq89ikgAA; fpc=Ahna59r_JqdFuwMtjwffy_WerOTJAQAAAFQf0N0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8aWZI_dYbanJlRaY5FqD7vjEESWiom4a7UPSAbDs2v_OZXGnkOSlf4Al810PHEm-J0nGBaGSS4RMAt6OYdkstIy1T8YZH8EzDuWYPodz7AeEmNMJMVUHodbqF4WXyjk3ofKUNSOrlEOtZc7EuUK85L-JHDvpNgGCyPDaHY9-dYscgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Accept-Ranges: bytes
Content-Encoding: br
ETag: "e8c810c2b79c6cc8be440eb442f5a12c:1715329364.188172"
Last-Modified: Fri, 10 May 2024 09:19:54 GMT
Vary: Accept-Encoding
content-length: 10157
Cache-Control: max-age=31536000
Date: Fri, 10 May 2024 13:59:56 GMT
Connection: close
Server-Timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1715349595992_386904628_711537302_24_1760_80_138_-";dur=1
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|
| marvelcakemarvelcake.us/wrhs/5dca119939463a11b5bba26a8dc03d3c/vendor.min.js | 5.230.73.190 | 200 OK | 294 kB |
URL GET HTTP/1.1marvelcakemarvelcake.us/wrhs/5dca119939463a11b5bba26a8dc03d3c/vendor.min.js IP5.230.73.190:443
Requested byhttps://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
File typeJavaScript source, ASCII text, with very long lines (65472) Size294 kB (293903 bytes) Hash98bf9b385859e14cf408a9006b8c2754 8113f426a4acf540615f552d83b7dc6c256c4826 91d1466eb2c440cba1cfa79672d492b5d1e86ec6ff0ad9d0da7fb1d8af26b71b
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /wrhs/5dca119939463a11b5bba26a8dc03d3c/vendor.min.js HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; ClientId=1D38D54DA4AA42B489D2E1334826CB6B; OIDC=1; OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag; buid=0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_7KISNINyIoLSGH_WYFs3VcZF27NMbzhEVbal0jhawZuzBNH9LoxDuxxn0A2r1uw_DOrYwjz_Xls2QIzO3c4GhAD8r5jVWuyKTmEftq89ikgAA; fpc=Ahna59r_JqdFuwMtjwffy_WerOTJAQAAAFQf0N0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8aWZI_dYbanJlRaY5FqD7vjEESWiom4a7UPSAbDs2v_OZXGnkOSlf4Al810PHEm-J0nGBaGSS4RMAt6OYdkstIy1T8YZH8EzDuWYPodz7AeEmNMJMVUHodbqF4WXyjk3ofKUNSOrlEOtZc7EuUK85L-JHDvpNgGCyPDaHY9-dYscgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Encoding: br
ETag: "5dca119939463a11b5bba26a8dc03d3c"
Last-Modified: Mon, 26 Feb 2024 22:03:05 GMT
Vary: Accept-Encoding
x-amz-id-2: WY4tHLcwhxkfLAUgwjhzlV8pm9wKNZWJ3ktB71qkSf6T9BhLPtVHZT5VpZexDPz08SAPndhW2zMi7SIoMFkong==
x-amz-request-id: ZVC1TB3RK5FB9AG9
x-amz-server-side-encryption: AES256
x-amz-version-id: iptehPMO.thZpKYfokWiFrkiZjx7cKe7
content-length: 293903
Cache-Control: max-age=31536000
Date: Fri, 10 May 2024 13:59:50 GMT
Connection: close
Server-Timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1715349590397_34824396_189603934_24_1675_27_36_-";dur=1
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|
| 3ddc47ac.6d2e589211c0928645bd553e.workers.dev/favicon.ico | 172.67.201.254 | 200 OK | 3.3 kB |
URL GET HTTP/33ddc47ac.6d2e589211c0928645bd553e.workers.dev/favicon.ico IP172.67.201.254:443
Requested byhttps://3ddc47ac.6d2e589211c0928645bd553e.workers.dev/?qrc=michael@obbpictures.com CertificateIssuerGoogle Trust Services LLC Subject6d2e589211c0928645bd553e.workers.dev Fingerprint35:77:55:8C:C0:B8:75:C5:15:2E:9A:77:6D:A7:31:38:73:3B:A6:14 ValidityMon, 29 Apr 2024 15:39:04 GMT - Sun, 28 Jul 2024 15:39:03 GMT
File typeHTML document, ASCII text, with very long lines (3271), with no line terminators Hashe3bc29125f0923ea44ec97c6d18a2cdd 0139df7427157741869dd64095912427d957a3ef a48b0bb1a3f7eb1472b54014c43f65dd3745752d8c5abea6b306c8f7322b0473
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Office365 |
GET /favicon.ico HTTP/1.1
Host: 3ddc47ac.6d2e589211c0928645bd553e.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3ddc47ac.6d2e589211c0928645bd553e.workers.dev/?qrc=michael@obbpictures.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 13:59:48 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=shmymgY80iLsgWA9gQSTlpo%2BU%2BbtA%2FTotCVfc97wjycIe3ZdfFS8Y%2F3WdZTzXoaC5NQ5Zjf4M9pnK7tn%2Bdh90Id32Y1NGctbtu8BEcJwnbKj5cwcLQTVX6lyKimbU%2B8NhCPoKuiNVeDsmnbjx7tpoS%2FgsUPO5%2Fj1SuBA2jjuB0Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881a73ad9e53569a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| marvelcakemarvelcake.us/identity-static-assets/_next/static/chunks/5703-359a988454297d60.js | 5.230.73.190 | 200 OK | 14 kB |
URL GET HTTP/1.1marvelcakemarvelcake.us/identity-static-assets/_next/static/chunks/5703-359a988454297d60.js IP5.230.73.190:443
Requested byhttps://marvelcakemarvelcake.us/?2a24qc746=aHR0cHM6Ly9zc28uZ29kYWRkeS5jb20vP2RvbWFpbj1vYmJwaWN0dXJlcy5jb20mcmVhbG09cGFzcyZhcHA9bzM2NSZsb2dpbl9oaW50PW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDY2ODMyYzMtYmM5Ny00NmU2LTk2NzQtYjdhZjM1YTlhOWRlJnVzZXJuYW1lPW1pY2hhZWwlNDBvYmJwaWN0dXJlcy5jb20md2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpWRTlhQk54SE0wX2w1NU5fUW9kZEJRT3A4SWw5NUhMNVI5UXpGZmoyVFFmVFdLVGlJUzd5Xy1TUy03eXYtWXVIMjNwNE9Za1JjRkNFUVFYU1JBcUxrb3BLTGgxNnVSUVVKeWtPQlJ4NmlLWTRPS21iM2lfQi1feEc5NWJJRmdfRzduT19BRkhUNWxtTkkybFZUUlZmNkU3UC1mN3lEVV83Ung4VzN6cXZOMFRScU12WTNDdDZUaVdIUWtFY004eE1HNzdzYWJwS3ZLcjJBemdnUng0QjhBUkFDY0FQSFpmTlhXMUtTUGpGbFlVUzFlZFhoZlowOXpZTFliNHNNREE0T1NFUlJhS1FZN3hjNExJUUJXcE5DUElJaDBNY1lpZWVEek5oN2tRenl1UTQ1Qnc3TDZjamZhY0pqY2wzTlUzMEUtM1Y4TmRzMlpoMjlrbG5vQkV4VWtuYkdtUWlKYUsyYWl0V09saWlpNDJxNUlVaWlmMW50NnVyNWtOUTRZNVExdzJ3LVdpdkZRdTNWVWFVc3JNbDJJck5yd1RSMHN3Mldvbm93b1RrOXJkVkMxZWJVV2RTcXU4c2NwSnJSaG5TZmsxcUJWNHUwNExfU1FMR2Fqd2JFYUJ0RlpBeXhiYmIzV3d0YnFlZ1hSRzBRWTVYc2lIeDhSXzFmMkdJQ2ZkbUxoelNKRFlRaDI5ZnVRQlh6M2d1OGZOeko1NXdJdVp5UjZqVjFkOGFQY2c5bWh2OF8yRHc1dXV3NWxBeFM2eGhtb2tnMHBVTXd0cFdGNlByWEQxdGx6c09tb21XRjBVaDlwS0k1VE9Eb3VsRzJLRTNTYkJOa251azk1Wnd1ZWlpSGlPUFNIQkR4SThQT2ZhOV81cjNLUHo0UGhDY0k1VURWazM3Zm1GVFVxdjF4emNSaDBxc2trTlRidW1xbFBWbDQwZXNxbklQV3J5bjdxX3RiWDE0YUxyN05Mblg2Y3ZkNTRfTzczOTJ1ZjZEUTIj CertificateIssuerLet's Encrypt Subjectmarvelcakemarvelcake.us FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT
File typeJavaScript source, ASCII text, with very long lines (13526), with no line terminators Hash6a7b682b8c4851b3747d5771fbd8be90 c27c379b9350ae6c4aae24d3e256733007eedeb6 22cdca0139cf935f2cb7c4086ef2e547c9c0a9c9c0ab4a4f9e68955af599fc7d
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft Outlook |
GET /identity-static-assets/_next/static/chunks/5703-359a988454297d60.js HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: qPdM=e1bt9OryHtjO; qPdM.sig=2Y7BQZHpWOR5lxIbNUq-idzVCpI; ClientId=1D38D54DA4AA42B489D2E1334826CB6B; OIDC=1; OpenIdConnect.nonce.v3.HqsNtGUBYIjhldjJ4dB3iL_fhez87fOYFebeDRA_K5I=638509463887197420.25709cec-05a7-462e-8713-382633b922e5; X-OWA-RedirectHistory=ArLym14B7LS4dPlw3Ag; buid=0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8_7KISNINyIoLSGH_WYFs3VcZF27NMbzhEVbal0jhawZuzBNH9LoxDuxxn0A2r1uw_DOrYwjz_Xls2QIzO3c4GhAD8r5jVWuyKTmEftq89ikgAA; fpc=Ahna59r_JqdFuwMtjwffy_WerOTJAQAAAFQf0N0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8aWZI_dYbanJlRaY5FqD7vjEESWiom4a7UPSAbDs2v_OZXGnkOSlf4Al810PHEm-J0nGBaGSS4RMAt6OYdkstIy1T8YZH8EzDuWYPodz7AeEmNMJMVUHodbqF4WXyjk3ofKUNSOrlEOtZc7EuUK85L-JHDvpNgGCyPDaHY9-dYscgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Accept-Ranges: bytes
Content-Encoding: br
ETag: "6a7b682b8c4851b3747d5771fbd8be90:1715238494.564943"
Last-Modified: Thu, 09 May 2024 07:48:49 GMT
Vary: Accept-Encoding
content-length: 13526
Cache-Control: max-age=31536000
Date: Fri, 10 May 2024 13:59:55 GMT
Connection: close
Server-Timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1715349595116_34824380_160826550_19_1655_27_34_-";dur=1
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|
0.0.0.0