| aiitpune.com/js/ext1/ZmVybmFuZGEudG9tYXpAYzZiYW5rLmNvbQ== | 132.148.128.8 | | 0 B |
URL aiitpune.com/js/ext1/ZmVybmFuZGEudG9tYXpAYzZiYW5rLmNvbQ== IP132.148.128.8:0 ASN#398101 GO-DADDY-COM-LLC
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /js/ext1/ZmVybmFuZGEudG9tYXpAYzZiYW5rLmNvbQ== HTTP/1.1
Host: aiitpune.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 12:37:51 GMT
Server: Apache
refresh: 0;url=https://dc3889e1.b24b366159a504c34a2004dc.workers.dev/?qrc=fernanda.tomaz@c6bank.com
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
|
|
| challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback | 104.17.2.184 | | 0 B |
URL challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback IP104.17.2.184:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dc3889e1.b24b366159a504c34a2004dc.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Tue, 16 Apr 2024 12:37:52 GMT
content-length: 0
location: /turnstile/v0/b/bcc5fb0a8815/api.js?onload=onloadTurnstileCallback
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=300, public
vary: Accept-Encoding
server: cloudflare
cf-ray: 87543aa81b931bfa-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87543aa8ddbc568f | 104.17.2.184 | | 119 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87543aa8ddbc568f IP104.17.2.184:0
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size119 kB (119444 bytes) Hashc35c8b024729053e0822831249917739 65351547b23821d1780bfd4f3b76daf90dd31b63 b0e39416a5de181ff94c83d8ef0dedd706ba9e0f6f80276c946f63809082f3cb
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87543aa8ddbc568f HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/j72mo/0x4AAAAAAAW6FMm8tl7BXPFe/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 16 Apr 2024 12:37:52 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
server: cloudflare
cf-ray: 87543aa94ea1568f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/j72mo/0x4AAAAAAAW6FMm8tl7BXPFe/auto/normal | 104.17.2.184 | | 28 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/j72mo/0x4AAAAAAAW6FMm8tl7BXPFe/auto/normal IP104.17.2.184:0
File typeHTML document, ASCII text, with very long lines (41919) Hash409e66fc01fc3f0155b6587c54741965 5aed065ea8caf6c3ba0b17c381051813d4ec6858 c5cd150776fae354579d9749a140dcf4f2142845440dc3798503a69f3660f2a4
GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/j72mo/0x4AAAAAAAW6FMm8tl7BXPFe/auto/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dc3889e1.b24b366159a504c34a2004dc.workers.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 16 Apr 2024 12:37:52 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
document-policy: js-profiling
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare
cf-ray: 87543aa8ddbc568f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1476008901:1713267186:zR3GurVkVCAlVXKBrGV4dUnN0_Uewb3OHtd5jrOHBtU/87543aa8ddbc568f/01309b368780bc7 | 104.17.2.184 | | 5.1 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1476008901:1713267186:zR3GurVkVCAlVXKBrGV4dUnN0_Uewb3OHtd5jrOHBtU/87543aa8ddbc568f/01309b368780bc7 IP104.17.2.184:0
File typeASCII text, with very long lines (976), with no line terminators Hash3fe4a9ad158492b629673913e6cdb14c c4f13efd55c8bbe67d1658bed734777a98558941 094b935c3e34533d9ac44cf2bcf1c2920f9898491aad3908b92b380c3a6d8944
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1476008901:1713267186:zR3GurVkVCAlVXKBrGV4dUnN0_Uewb3OHtd5jrOHBtU/87543aa8ddbc568f/01309b368780bc7 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/j72mo/0x4AAAAAAAW6FMm8tl7BXPFe/auto/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 01309b368780bc7
Content-Length: 37596
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 16 Apr 2024 12:37:57 GMT
content-type: text/html; charset=UTF-8
cf-chl-out: OtUbkDuyITkA4ZF+D0gxjUohFzKMacqSpDNzcCA/dkZtY9zkB8+xFeSsiLqr5TCXytNUbCUmkn/F1qmN9YnJSGkUbxmqDXDyDU83816D7XA=$wjcHXgqmp8qj4hgE+/v0Bw==
cf-chl-out-s: tB91JCYs3SM13ssNXbSbVR6puWZLA2b3PR+WdtOabZenbPnAnPcsTQOC8wlADRhriIa7h4Tn5BahGr3dw/Fi0nrXjNGbJ9PeVMZ0OWrPv1yvMmN/FDIE9tXWbphO8Fys11eqo9k+p7v3X3HTCQp3iA==$Z6+YFCdp1jU3yJ1SGFRAZQ==
server: cloudflare
cf-ray: 87543ac809a0568f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/87543aa8ddbc568f/1713271072567/c21113ba58e4dde1881c470191f077a23b644b41829db693625efbdaf7ed6c9c/Z3DZGMnzw_dlgrS | 104.17.2.184 | | 504 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/87543aa8ddbc568f/1713271072567/c21113ba58e4dde1881c470191f077a23b644b41829db693625efbdaf7ed6c9c/Z3DZGMnzw_dlgrS IP104.17.2.184:0
Hash3fc9658caa9b5e1698fb41f92c4d5fd8 b48329cd8951983a94d9010f9a48535b45e2e840 a435b1762b94674b45263630fb06c79b64c7c15c9e70c7758f46d2ee511139ee
GET /cdn-cgi/challenge-platform/h/b/pat/87543aa8ddbc568f/1713271072567/c21113ba58e4dde1881c470191f077a23b644b41829db693625efbdaf7ed6c9c/Z3DZGMnzw_dlgrS HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/j72mo/0x4AAAAAAAW6FMm8tl7BXPFe/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 401 Unauthorized
date: Tue, 16 Apr 2024 12:37:52 GMT
content-type: text/plain; charset=UTF-8
www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gwhETuljk3eGIHEcBkfB3ojtkS0GCnbaTYl772vftbJwAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEA1QvuFhVj8-HIEpd2829MedEvnrcAHahftJq4lCTdordKDtEpBDr1tC6_z1kq102Fe8SVbT4nRFRPCH_vL6Pwcc16C8jLMMvXraoC-BiyzAX3Yyr6lZj9UCQ7aK3JEr-tlD2wmLRtqyXfZQu9FdZsCMm0LU5LDAKE1uUBeAV-vLkP_1imLjHgbFE2lJH52yahbxiIjoqT_3PjB45ow3W9ciKiR89cUoS7X-sc6I2Lo7P_Y_FH4aGxC4fBDbjKZDO7UYOs3i1xJCHhgRA2dPWk0tZTjV7-jJE-oyRiReJNq7shr4jYws0e9BzlY1UCMa-U_JWdRb9So4JnoGPmfvSU_QIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tIMIRE7pY5N3hiBxHAZHwd6I7ZEtBgp22k2Je-9r37WycABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEA1FEYykHcK8H9rb_u0aFz3CmWgYloQw4YhedoEOAjJ0vy2Axa4f9UG9Dzs4uXS34_h8l6MDo2nRCvLI9lvebilMnTjCn-6D77bewqYxJKUFZW1z2jBIdu03TrETczfEg7kxgKtJE9NXGDjYJcF_iMgzgNA0PEAVM89tUYXXlFy4cUAGlqU2mPpIEOxm5ARsXC-zlLK60fkJ4cOsZRkZa6EExdhmgdwQ0fEJuSOHrBO_-zJn4hUP8q9g4yqkxW2UrfJgD07F4HaHGBEiei06sGDvH2NEPvswEl5dTGxutNrxlU7W24iYhNa2nhjlc53nNb0mKtszv-czVE9UhXyJ7-RQIDAQAB", max-age=20
server: cloudflare
cf-ray: 87543aadce3f568f-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv1/toL804vmeDYrjlL/j72mo/0x4AAAAAAAW6FMm8tl7BXPFe/auto/normal | 104.17.2.184 | | 21 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv1/toL804vmeDYrjlL/j72mo/0x4AAAAAAAW6FMm8tl7BXPFe/auto/normal IP104.17.2.184:0
File typeHTML document, ASCII text, with very long lines (41919) Hash911a300cc8485ca30d212d3e7b24ba77 81b4d073ed7dc55d2bf96c2cba85885593b3ca11 6e55518e960a50cd3795ca94b05cf2a9c20623b493aae84c9ba7a7266310f731
GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv1/toL804vmeDYrjlL/j72mo/0x4AAAAAAAW6FMm8tl7BXPFe/auto/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dc3889e1.b24b366159a504c34a2004dc.workers.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 16 Apr 2024 12:38:07 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
document-policy: js-profiling
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare
cf-ray: 87543b06fe67568f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87543b06fe67568f | 104.17.2.184 | | 119 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87543b06fe67568f IP104.17.2.184:0
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size119 kB (118878 bytes) Hash51fcf3ab4dcf5d868fa53ab96257df0b dacb7320cb37c9e967471a19fb348eca84348330 637714e6a9d5e1d5f717ce0958f8b3a4b99b849ef06ec883bbe40fa06467a92c
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87543b06fe67568f HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv1/toL804vmeDYrjlL/j72mo/0x4AAAAAAAW6FMm8tl7BXPFe/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 16 Apr 2024 12:38:07 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
server: cloudflare
cf-ray: 87543b074efd568f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| mailfoneuscellular.com/owa/?login_hint=fernanda.tomaz%40c6bank.com | 51.161.109.46 | | 1.4 kB |
URL GET mailfoneuscellular.com/owa/?login_hint=fernanda.tomaz%40c6bank.com IP51.161.109.46:0
Requested byhttps://dc3889e1.b24b366159a504c34a2004dc.workers.dev/?qrc=fernanda.tomaz@c6bank.com
File typeHTML document, ASCII text, with very long lines (809), with CRLF, LF line terminators Hash9ee0ac20cd64b5f18e2660e071afcfc1 4ff4cd7809e2f9225deaf743577ee7fc37134751 076415d59f748a6c486ddebc07b1aeb89b9b485b8ac7aa9660e9918a4945505d
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Microsoft Outlook |
GET /owa/?login_hint=fernanda.tomaz%40c6bank.com HTTP/1.1
Host: mailfoneuscellular.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dc3889e1.b24b366159a504c34a2004dc.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=vdIzGvYZa21T; qPdM.sig=gy59XUN6-L-Z4ufCUpp24tm3ynw
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
content-length: 1389
Content-Type: text/html; charset=utf-8
Location: https://mailfoneuscellular.com/?2e3q8az7x=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1mZXJuYW5kYS50b21heiU0MGM2YmFuay5jb20mY2xpZW50LXJlcXVlc3QtaWQ9MDgyNGVkY2ItY2RiMi1iY2QzLWEyNjItMTdjZWM0YWVlODA4JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ4ODY3ODkzOTA2ODU0MC5hZGQ5M2MwZi1kNTU5LTQ3YjQtODA4Mi0wZGQ5ZTIxYTIzMWQmc3RhdGU9RFl0QkRzSWdFQUJCMy1KTjZCWVdXQTdHcDVndHROclVMb2xwWXVMcjVUQnptR1MwVXVyY09YVTBkS2tVUFNGUlRKUjloa2dCd1hLdDJSZFlUQTBoRzB3VEdnSnlCbnFmM2NqT2oxWDM5enEwTHdfM2QzdXU4bml0Y3R5Vy1TTXNsZTNSZHY1ZEVFcWNXRFpiMnY0SA==
Server: Microsoft-IIS/10.0
request-id: 0824edcb-cdb2-bcd3-a262-17cec4aee808
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Alt-Svc: h3=":443";ma=2592000,h3-29=":443";ma=2592000
X-CalculatedFETarget: PR1P264CU007.internal.outlook.com
X-BackEndHttpStatus: 302, 302
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: ClientId=0A9CFDC9B80B4EDE8FAA222760E55669; expires=Wed, 16-Apr-2025 12:38:13 GMT; path=/;SameSite=None; secure
ClientId=0A9CFDC9B80B4EDE8FAA222760E55669; expires=Wed, 16-Apr-2025 12:38:13 GMT; path=/;SameSite=None; secure
OIDC=1; expires=Wed, 16-Oct-2024 12:38:13 GMT; path=/;SameSite=None; secure; HttpOnly
RoutingKeyCookie=; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.token.v1=; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.token.v1=; domain=mailfoneuscellular.com; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.id_token.v1=; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.code.v1=; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.id_token.v1=; domain=mailfoneuscellular.com; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.code.v1=; domain=mailfoneuscellular.com; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; domain=mailfoneuscellular.com; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; domain=mailfoneuscellular.com; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; domain=mailfoneuscellular.com; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.nonce.v3.FnJBYRF770Qgz8t4HKU722DN7mQOD3lRS2qQJcjXSiQ=638488678939068540.add93c0f-d559-47b4-8082-0dd9e21a231d; expires=Tue, 16-Apr-2024 13:38:13 GMT; path=/;SameSite=None; secure; HttpOnly
HostSwitchPrg=; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OptInPrg=; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
SuiteServiceProxyKey=; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
ClientId=0A9CFDC9B80B4EDE8FAA222760E55669; expires=Wed, 16-Apr-2025 12:38:13 GMT; path=/;SameSite=None; secure
OIDC=1; expires=Wed, 16-Oct-2024 12:38:13 GMT; path=/;SameSite=None; secure; HttpOnly
RoutingKeyCookie=; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.token.v1=; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.token.v1=; domain=mailfoneuscellular.com; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.id_token.v1=; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.code.v1=; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.id_token.v1=; domain=mailfoneuscellular.com; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.code.v1=; domain=mailfoneuscellular.com; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; domain=mailfoneuscellular.com; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; domain=mailfoneuscellular.com; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; domain=mailfoneuscellular.com; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.nonce.v3.FnJBYRF770Qgz8t4HKU722DN7mQOD3lRS2qQJcjXSiQ=638488678939068540.add93c0f-d559-47b4-8082-0dd9e21a231d; expires=Tue, 16-Apr-2024 13:38:13 GMT; path=/;SameSite=None; secure; HttpOnly
HostSwitchPrg=; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OptInPrg=; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
SuiteServiceProxyKey=; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
X-OWA-RedirectHistory=ArLym14BfIhFFRJe3Ag; expires=Tue, 16-Apr-2024 18:40:13 GMT; path=/;SameSite=None; secure; HttpOnly
X-CalculatedBETarget: PR0P264MB1961.FRAP264.PROD.OUTLOOK.COM
X-RUM-Validated: 1
X-RUM-NotUpdateQueriedPath: 1
X-RUM-NotUpdateQueriedDbCopy: 1
X-BeSku: WCS6
X-OWA-DiagnosticsInfo: 2;0;0
X-IIDs: 0
X-BackEnd-Begin: 2024-04-16T12:38:13.906
X-BackEnd-End: 2024-04-16T12:38:13.906
X-DiagInfo: PR0P264MB1961
X-BEServer: PR0P264MB1961
X-UA-Compatible: IE=EmulateIE7
X-Proxy-RoutingCorrectness: 1
X-Proxy-BackendServerStatus: 302
X-FEProxyInfo: PAZP264CA0119.FRAP264.PROD.OUTLOOK.COM
X-FEEFZInfo: ORY
X-FEServer: PR1P264CA0099, PAZP264CA0119
NEL: {"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
X-FirstHopCafeEFZ: ORY
Date: Tue, 16 Apr 2024 12:38:13 GMT
Connection: close
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|
| dc3889e1.b24b366159a504c34a2004dc.workers.dev/favicon.ico | 104.21.94.180 | 200 OK | 3.3 kB |
URL GET HTTP/3dc3889e1.b24b366159a504c34a2004dc.workers.dev/favicon.ico IP104.21.94.180:443
Requested byhttps://dc3889e1.b24b366159a504c34a2004dc.workers.dev/?qrc=fernanda.tomaz@c6bank.com CertificateIssuerGoogle Trust Services LLC Subjectb24b366159a504c34a2004dc.workers.dev FingerprintBC:41:71:93:F8:C2:C5:7E:66:EE:C8:3A:E4:16:06:3D:23:73:EE:5F ValidityThu, 11 Apr 2024 15:41:38 GMT - Wed, 10 Jul 2024 15:41:37 GMT
File typeHTML document, ASCII text, with very long lines (3271), with no line terminators Hashade935fdb28f6baa87d11e6a17499976 959d967f84b0c84423c25be6a41565929327f4c1 d4f7590edfe99b50c22b6d0a64768f419a2654233a88bdfd7fc3e9150ab9314c
GET /favicon.ico HTTP/1.1
Host: dc3889e1.b24b366159a504c34a2004dc.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dc3889e1.b24b366159a504c34a2004dc.workers.dev/?qrc=fernanda.tomaz@c6bank.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 16 Apr 2024 12:38:12 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fQUGDtYjjFHj1C37K%2B1jiWn1PJFO983%2FcyTNKb%2FFSD23i7PdSo%2F06tf0uUAN2HNL1EyfQ50QzHWVgtBIVV6TDczIIsBdzBBbeicYPIda%2FCPqpBWRbboRjLxABgD7uN8k4ScCuP1J5Vw4cVWas5d%2FN6zUMJEGEjl5Trozsk%2FILng%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87543b274efc56bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| mailfoneuscellular.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL21haWxmb25ldXNjZWxsdWxhci5jb20iLCJkb21haW4iOiJtYWlsZm9uZXVzY2VsbHVsYXIuY29tIiwia2V5IjoidmRJekd2WVphMjFUIiwicXJjIjoiZmVybmFuZGEudG9tYXpAYzZiYW5rLmNvbSIsImlhdCI6MTcxMzI3MTA5MiwiZXhwIjoxNzEzMjcxMjEyfQ.mWeQBnTlzVW5t3z8YdiyUXedbQNHBtRBTO-3ulhTo8I | 0.0.0.0 | | 0 B |
URL GET mailfoneuscellular.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL21haWxmb25ldXNjZWxsdWxhci5jb20iLCJkb21haW4iOiJtYWlsZm9uZXVzY2VsbHVsYXIuY29tIiwia2V5IjoidmRJekd2WVphMjFUIiwicXJjIjoiZmVybmFuZGEudG9tYXpAYzZiYW5rLmNvbSIsImlhdCI6MTcxMzI3MTA5MiwiZXhwIjoxNzEzMjcxMjEyfQ.mWeQBnTlzVW5t3z8YdiyUXedbQNHBtRBTO-3ulhTo8I IP0.0.0.0:0
Requested byhttps://dc3889e1.b24b366159a504c34a2004dc.workers.dev/?qrc=fernanda.tomaz@c6bank.com
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Microsoft Outlook |
GET /?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL21haWxmb25ldXNjZWxsdWxhci5jb20iLCJkb21haW4iOiJtYWlsZm9uZXVzY2VsbHVsYXIuY29tIiwia2V5IjoidmRJekd2WVphMjFUIiwicXJjIjoiZmVybmFuZGEudG9tYXpAYzZiYW5rLmNvbSIsImlhdCI6MTcxMzI3MTA5MiwiZXhwIjoxNzEzMjcxMjEyfQ.mWeQBnTlzVW5t3z8YdiyUXedbQNHBtRBTO-3ulhTo8I HTTP/1.1
Host: mailfoneuscellular.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dc3889e1.b24b366159a504c34a2004dc.workers.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Set-Cookie: qPdM=vdIzGvYZa21T; path=/; samesite=none; secure; httponly
qPdM.sig=gy59XUN6-L-Z4ufCUpp24tm3ynw; path=/; samesite=none; secure; httponly
location: /?qrc=fernanda.tomaz%40c6bank.com
Date: Tue, 16 Apr 2024 12:38:12 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked
|
|
| mailfoneuscellular.com/?qrc=fernanda.tomaz%40c6bank.com | 0.0.0.0 | | 0 B |
URL GET mailfoneuscellular.com/?qrc=fernanda.tomaz%40c6bank.com IP0.0.0.0:0
Requested byhttps://dc3889e1.b24b366159a504c34a2004dc.workers.dev/?qrc=fernanda.tomaz@c6bank.com
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Microsoft Outlook |
GET /?qrc=fernanda.tomaz%40c6bank.com HTTP/1.1
Host: mailfoneuscellular.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dc3889e1.b24b366159a504c34a2004dc.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=vdIzGvYZa21T; qPdM.sig=gy59XUN6-L-Z4ufCUpp24tm3ynw
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache
Pragma: no-cache
Location: https://mailfoneuscellular.com/owa/?login_hint=fernanda.tomaz%40c6bank.com
Server: Microsoft-IIS/10.0
request-id: 3b383978-18a3-db23-2b5d-70541a60d703
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-FEServer: YQBPR0101CA0089, YQBPR0101CA0089
X-RequestId: 4b9a5ad5-ae45-4105-b821-1a56ade9b349
X-FEProxyInfo: YQBPR0101CA0089.CANPRD01.PROD.OUTLOOK.COM
X-FEEFZInfo: YQB
MS-CV: eDk4O6MYI9srXXBUGmDXAw.0
X-Powered-By: ASP.NET
Date: Tue, 16 Apr 2024 12:38:12 GMT
Connection: close
Content-Length: 0
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
|
|
| dc3889e1.b24b366159a504c34a2004dc.workers.dev/?qrc=fernanda.tomaz@c6bank.com | 104.21.94.180 | 200 OK | 1.2 kB |
URL User Request POST HTTP/3dc3889e1.b24b366159a504c34a2004dc.workers.dev/?qrc=fernanda.tomaz@c6bank.com IP104.21.94.180:443
CertificateIssuerGoogle Trust Services LLC Subjectb24b366159a504c34a2004dc.workers.dev FingerprintBC:41:71:93:F8:C2:C5:7E:66:EE:C8:3A:E4:16:06:3D:23:73:EE:5F ValidityThu, 11 Apr 2024 15:41:38 GMT - Wed, 10 Jul 2024 15:41:37 GMT
File typeHTML document, ASCII text, with very long lines (1211), with no line terminators Hash6cf46898fee65be4223acf985c280869 1dd999a5ef747dbcd55658d2c20a771e75d94b34 45a5d135667743ffa9b099225dc9d97de8f74af7b7b05d9a1970c32728fecb71
POST /?qrc=fernanda.tomaz@c6bank.com HTTP/1.1
Host: dc3889e1.b24b366159a504c34a2004dc.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 582
Origin: https://dc3889e1.b24b366159a504c34a2004dc.workers.dev
DNT: 1
Connection: keep-alive
Referer: https://dc3889e1.b24b366159a504c34a2004dc.workers.dev/?qrc=fernanda.tomaz@c6bank.com
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 16 Apr 2024 12:38:12 GMT
content-type: text/html;
status: 200
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nVqxDkk8qe0PZBOtMIZOhDCP%2B8rucsW16Tujbf55FviBNDQJDC%2FD58tVl35eFmJvhpAQ2iQ8qrb7uoiiAsLbClriPnw8jspvN4sPk8sPRvXLhlCAkgtKzxkRNTRh1nRpkeEaWYS2Q2XkKh31plTzV46XCynKXx2ubb7qGO%2BJwMM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87543b224cf356bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|