Report - aiitpune.com/js/ext1/ZmVybmFuZGEudG9tYXpAYzZiYW5rLmNvbQ==

Report Overview

Submitted URL
aiitpune.com/js/ext1/ZmVybmFuZGEudG9tYXpAYzZiYW5rLmNvbQ==
IP
132.148.128.8
ASN
#398101 GO-DADDY-COM-LLC
Submitted
2024-04-16 12:38:16
Access
public
Website Title
dc3889e1.b24b366159a504c34a2004dc.workers.dev/?qrc=fernanda.tomaz@c6bank.com
Final URL
dc3889e1.b24b366159a504c34a2004dc.workers.dev/?qrc=fernanda.tomaz@c6bank.com
Tags
phishing microsoft outlook
urlquery detections
Phishing - Microsoft Outlook

Detections

urlquery
4
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
aiitpune.com	unknown	2013-02-06	2017-08-24	2024-04-15	511 B	295 B	132.148.128.8
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20	2024-04-16	4.5 kB	299 kB	104.17.2.184
mailfoneuscellular.com	unknown	2024-01-23	2024-04-11	2024-04-12	2.1 kB	9.7 kB	51.161.109.46
dc3889e1.b24b366159a504c34a2004dc.workers.dev	unknown	2019-02-08	2024-04-11	2024-04-15	1.3 kB	5.6 kB	104.21.94.180

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (40)

		Size	First Seen	Last Seen
	#1 Eval - 4510a25da04dd6bb18a2885209cd60aa	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 14:38:16 Last Seen2024-04-16 14:38:16 Times Seen1 Hash 4510a25da04dd6bb18a2885209cd60aa ded268fffe0535f70c8d9eca795183967cd59c79 0952118058953b9e93ea568ea8eabc569947f4b43b97019858bfe7d5a8fdcf05 Loading...

	#2 Eval - ab3a167e55168b64937a6e162d075944	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 14:38:16 Last Seen2024-04-16 14:38:16 Times Seen1 Hash ab3a167e55168b64937a6e162d075944 c31a6f96e9846e3ef5b015e01f761caed327d844 c531f950a03ac40e8df4e869d03eb978c5ba6b21b437ef740e48141dc578ac3c Loading...

	#3 Eval - f24837d5be80082d59f08f087e29e90b	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 14:38:16 Last Seen2024-04-16 14:38:17 Times Seen1 Hash f24837d5be80082d59f08f087e29e90b ca8ec00de596bfd6cddc0c866d72deaad2748250 27360ab6d86f1c81f568e2371f9a7e1799aef69412d0191b8f800597a6608f9d Loading...

	#4 Eval - f6e62debf7f056fade9780317b94d583	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 14:38:17 Last Seen2024-04-16 14:38:17 Times Seen1 Hash f6e62debf7f056fade9780317b94d583 5ebf6742dd3f328ca39de606f06ad9139d24b860 5f223816906bd8d5a25ce16d4c878aafd030f6f7158d32a547befb57f7acf865 Loading...

	#5 Eval - 1bed84006c6f473b72ae3f7361b335be	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 14:38:17 Last Seen2024-04-16 14:38:17 Times Seen1 Hash 1bed84006c6f473b72ae3f7361b335be 87287db6ad8685fa713837c0c4240ef9de8302cc 151587a0e37d87494eacd438d8d57c933270f6c39702740703c725391fdd7f09 Loading...

	#6 Eval - d66c2a3ec9471ac41eb636dd35e68740	162 B	2024-04-04	2024-04-17
Pretty Observations First Seen2024-04-04 13:51:49 Last Seen2024-04-17 16:04:30 Times Seen745 Hash d66c2a3ec9471ac41eb636dd35e68740 0a0df48399a54f5e9e1cc314afb47809429fabe0 06da1a9d19030d0ef1321621c16fd90ef543821b71b017219501fe046a536973 Loading...

	#7 Eval - b64363f7ef9f8a5e69a6ee25e62aa3d9	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 14:38:17 Last Seen2024-04-16 14:38:17 Times Seen1 Hash b64363f7ef9f8a5e69a6ee25e62aa3d9 caa5e98467f24cc109146a42a6d84d34a6c16c09 a3b8acc6b6cdc668862d0f428b60747aa674b970a07e4aac6d0fe73fe5a3f787 Loading...

	#8 Eval - edb5cf7f3ec70ae3dafb1500bd9fd681	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 14:38:17 Last Seen2024-04-16 14:38:17 Times Seen1 Hash edb5cf7f3ec70ae3dafb1500bd9fd681 ec055d98ceb1245ca019aa79cd154ce1420c37a3 5f0dc9f905e53bd6cd7fb69436535126058debbd9f5cacc94503d172abde1a74 Loading...

	#9 Eval - 01a9c276a72c99836866261803393907	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 14:38:17 Last Seen2024-04-16 14:38:17 Times Seen1 Hash 01a9c276a72c99836866261803393907 b064f67a7bb53c9c34c5568c9d3c2f9b9d6a87f3 42e9675ff17e1e260f82b266b2d26cd55015394dcdc790dde1950c135ccd0db4 Loading...

	#10 Eval - e85a956b0a0c76d6baa520ca1f7fc04f	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 14:38:17 Last Seen2024-04-16 14:38:17 Times Seen1 Hash e85a956b0a0c76d6baa520ca1f7fc04f 082b2611b7407f4fba1639346ed292e5a455f998 74610c02e91a6e45a6b4e8052a8257e90d3d0269ffa0ce9bebe39ffe0c4cfe2b Loading...

	#11 Eval - 0885801cdde20eebdd6fbdf346c643c1	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 14:38:17 Last Seen2024-04-16 14:38:17 Times Seen1 Hash 0885801cdde20eebdd6fbdf346c643c1 e1dc5dee5cf052ba35ccb445a7175e7ae56ffcbf a34609410d12a4a21b6107b7418fd39056d43f533dd6788af46e6f316b7b7095 Loading...

	#12 Eval - a02817f7b18e0e7e2f44b573987874ea	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 14:38:17 Last Seen2024-04-16 14:38:17 Times Seen1 Hash a02817f7b18e0e7e2f44b573987874ea 6cc3866a1dfa3c16d676c10531ef767d2a61c73e 9fe4665c243733ae878f56c85a3c82b5391ef21c1ab0cd2cbd52d002671b9145 Loading...

	#13 Eval - ac6d43b49aec2f87daf340337b6a7882	60 B	2024-04-04	2024-04-17
Pretty Observations First Seen2024-04-04 12:28:09 Last Seen2024-04-17 16:04:31 Times Seen3428 Hash ac6d43b49aec2f87daf340337b6a7882 d3874a31a6b7fe11121edc3ed80fdc8b66f6589a 1af55b64e0b39e0f5f760a8050b284a66fe404ddff945697590f8240798311b2 Loading...

	#14 Eval - c945d02f0dfb7daabf7c33a6ce6f520a	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 14:38:17 Last Seen2024-04-16 14:38:17 Times Seen1 Hash c945d02f0dfb7daabf7c33a6ce6f520a 342941ef3ee851f8a71f259f7985d347bada7d52 1b118beff748d8e8a0b8fe33b08f4cf3052fcc498c31144fddd4ac1c556a40ba Loading...

	#15 Eval - 64b38e9a879e340c38a5e59fc86ff83b	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 14:38:17 Last Seen2024-04-16 14:38:17 Times Seen1 Hash 64b38e9a879e340c38a5e59fc86ff83b 2e1dbde245323706e81afc343725f0a9361c6a7d 21e70509c83fc6fd7d35c3aaca93dbf11ec944687d089ed0d68e2ef55df0afe2 Loading...

	#16 Eval - 2fc45cc6b1900d6225c244abb1855fa5	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 14:38:17 Last Seen2024-04-16 14:38:17 Times Seen1 Hash 2fc45cc6b1900d6225c244abb1855fa5 dc1575cb92fc71047c82c6a354e41313fd0136d8 2304d05e83f2f381388a5a5116048adaf3d0c06c5a261a7d05ff013b156c3a1c Loading...

	#17 Eval - a1d39eaeccb29d8fe6b989508e0ca6e0	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 14:38:17 Last Seen2024-04-16 14:38:17 Times Seen1 Hash a1d39eaeccb29d8fe6b989508e0ca6e0 3606b7d726aa5b849b9155c4bc18d579c54f9ae0 b9b9b4c0b97547b1931a25cb1ae81c9494392ba67cb0403b91520bbacb142ead Loading...

	#18 Eval - 414fe833e0e12db979e6a1a61fc8e4e9	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 14:38:17 Last Seen2024-04-16 14:38:17 Times Seen1 Hash 414fe833e0e12db979e6a1a61fc8e4e9 a78b2a92504a4754a70769b617e5483f119de33c ca48b8a54b5657b5e392e060dc944dcdb3027493e2113dcad2a1b8f85c1de4e1 Loading...

	#19 Eval - 9e925e9341b490bfd3b4c4ca3b0c1ef2	4 B	2023-03-07	2024-05-02
Pretty Observations First Seen2023-03-07 01:03:43 Last Seen2024-05-02 13:10:49 Times Seen351105 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	#20 Eval - 1c5ea4e8f3000cdfc3299b473a6409e0	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 14:38:17 Last Seen2024-04-16 14:38:17 Times Seen1 Hash 1c5ea4e8f3000cdfc3299b473a6409e0 7dbbd6c06d0e68dabd3aeb0fc1e7964e7dcabdd3 6a98b232eb41c105ad6994cf2159bf82eb9d03f9375c39e74d48485ef9b84ada Loading...

	#21 Eval - 483c38a2efbd414fe045f6361b0045be	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 14:38:17 Last Seen2024-04-16 14:38:17 Times Seen1 Hash 483c38a2efbd414fe045f6361b0045be 247c38d96f762e932a005596c0080beeaf922e2c 69f9b042be291efb901ab71334d99ffbc7a99ae83982dea7d04d7011bb7cc463 Loading...

	#22 Eval - 86ead2a8422b2b5ac057716299fc3961	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 14:38:17 Last Seen2024-04-16 14:38:17 Times Seen1 Hash 86ead2a8422b2b5ac057716299fc3961 051555711008605c1dc0a131d5d51735d51911bc 8cfaea3f2d2df502aeabfba54b5b96753c92e81207c6f041764bc492b98d5061 Loading...

	#23 Eval - 1dafd107b5d75bd2842def8abe832ecc	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 14:38:17 Last Seen2024-04-16 14:38:17 Times Seen1 Hash 1dafd107b5d75bd2842def8abe832ecc fa30e68052630ce8e8f9ec3f1234c2aac097a66c 582a6e26b0052edc2a280c595916f418ff337d55a4b1dd4a29ec1946b3985200 Loading...

	#24 Eval - 8faa69da1c5e252e29917956e2debec1	1.1 kB	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 13:46:23 Last Seen2024-04-16 14:41:51 Times Seen3 Hash 8faa69da1c5e252e29917956e2debec1 aa27217ef48f6958dbc49943555d5908bc516b73 c5f9fe65bab7923d89fb842e2861b5dcf3b46e12b02b31fb649ea614bfc44588 Loading...

	#25 Eval - 653e7ba59bab7c1aa3daded0ca9bdd45	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 14:38:17 Last Seen2024-04-16 14:38:17 Times Seen1 Hash 653e7ba59bab7c1aa3daded0ca9bdd45 2a3221772f0aeb0ad44c749c4dfbfc23f62caed2 f82eae832bb3bf3e1820acfc9e7da807db993d5c8552ee4839056ea8ef9608b8 Loading...

	#26 Eval - 14be822cfcbedeed44ab7cc5e710dfdf	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 14:38:17 Last Seen2024-04-16 14:38:17 Times Seen1 Hash 14be822cfcbedeed44ab7cc5e710dfdf 135f8aeb106885743fc6ec0deb7b4d38207b5a00 d326f8d5065e1dd0f597623c4b3f060714f0ddcfaedf24745edc19f17425db36 Loading...

	#27 Eval - a98af68f37426d9dbc2a36714f0cf680	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 14:38:17 Last Seen2024-04-16 14:38:17 Times Seen1 Hash a98af68f37426d9dbc2a36714f0cf680 dd88bc80986be771abee433d2917cd7477bd6344 8b835a82826cbeba8d65ecbfd3d6925a043909a56bf1bb2402d130331a5694b5 Loading...

	#28 Eval - 90aae21c3920193a9abdcb91e0944a1e	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 14:38:17 Last Seen2024-04-16 14:38:17 Times Seen1 Hash 90aae21c3920193a9abdcb91e0944a1e 47ef509e309de55985a2d9c46a4d0fee1bee8308 3ab186ff8b6ad721a276cf8fd5f63c445b1fd8b6749036228818a856922c40ee Loading...

	#29 Eval - 1e66325872c5c51fdb883aa5e105d44d	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 14:38:17 Last Seen2024-04-16 14:38:17 Times Seen1 Hash 1e66325872c5c51fdb883aa5e105d44d 42759f296fd89f345061f621439e4c400013a975 0ad9d26992b293a5511b353b6f1add9d98baaa7c31826797187e427fa9bd1e65 Loading...

	#30 Eval - b5b8dedb3bcb243a400f344d7e2188bc	144 B	2024-04-04	2024-04-17
Pretty Observations First Seen2024-04-04 13:15:39 Last Seen2024-04-17 14:03:52 Times Seen765 Hash b5b8dedb3bcb243a400f344d7e2188bc deb6d93bb172dc9fa4a5ac9141b54b7600f5eb1b bd8aa22f6ba3314fb18e581bf8a4cd701096bb8604a9eb5de195869407e4ce43 Loading...

	#31 Eval - 9e37e57e5d2ad4c1581c64163deaae13	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 14:38:17 Last Seen2024-04-16 14:38:17 Times Seen1 Hash 9e37e57e5d2ad4c1581c64163deaae13 ea2a42bed44440d1499f2dc34faa2c76337d29b1 1b7f3d5c9c7daa97544c5140aa18cb739f8f51a8118b79da2f8e4f2cb16f36e6 Loading...

	#32 Eval - 8381fadf9f8fa1a6dda4ae4ec5bf9cbc	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 14:38:17 Last Seen2024-04-16 14:38:17 Times Seen1 Hash 8381fadf9f8fa1a6dda4ae4ec5bf9cbc 22f15ae8f889709c96f717b6743f980fcaa05354 14caacd2d2f664a3af4849c8829327ffbb46371a411eef59861b0fcbbeafb0f4 Loading...

	#33 Eval - c96ff9abace2600d45593393f5393f9e	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 14:38:17 Last Seen2024-04-16 14:38:17 Times Seen1 Hash c96ff9abace2600d45593393f5393f9e 43e09dd78de2ecd4c0028f6cae054c9052cbae1c 337565e55cc2ad8713f4c63dfcc9e7d0cf73fca41803a62281d0b7efe82a7a55 Loading...

	#34 Eval - a84697d0e87f4cd2543d543da3949a35	504 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 14:38:17 Last Seen2024-04-16 14:38:17 Times Seen1 Hash a84697d0e87f4cd2543d543da3949a35 e39027c623252c0a59d24ab546df36d60af7c9f9 d9c860184e4da0c95cd8c6f84c82961a6235b4ddcd5e09f4f70dec637c977871 Loading...

	#35 Eval - 48b03ac9dfc3f65cf365193ddc623bde	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 14:38:17 Last Seen2024-04-16 14:38:17 Times Seen1 Hash 48b03ac9dfc3f65cf365193ddc623bde 704a0668725bbeb5e616d4740663ef4f3053b992 3834291034bc1c10fce6d2a1615ab93d6361b384bbc4aaa5f4e9d8cc53f9743c Loading...

	#36 Eval - 8d0a74c83645a9ea2284fff035dd71c2	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 14:38:17 Last Seen2024-04-16 14:38:17 Times Seen1 Hash 8d0a74c83645a9ea2284fff035dd71c2 66b41846289202fdfe4b8c4b121541f78465dfa8 5f2b7ad71fd0036b2616dcea0f2142e6128aadb2f89ac7e866568549b942b48a Loading...

	#37 Eval - 924e760a9717b8be1e8aec47d23d861b	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 14:38:18 Last Seen2024-04-16 14:38:18 Times Seen1 Hash 924e760a9717b8be1e8aec47d23d861b 68a317aa2d12c98d98e11b4d311483ebc800c3fd b0b430c469042899dad7a94e463b299692029ef237e4fe9cbd8235b27604d93b Loading...

	#38 Eval - a013941c9f6b87d23efc7741f52c4b8a	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 14:38:18 Last Seen2024-04-16 14:38:18 Times Seen1 Hash a013941c9f6b87d23efc7741f52c4b8a 3bc9c9f1c6e902fc057ef7562feb722690633fbc c35f6b89f07d0160c18b93dd13883968d820fdf91166b29d612645fd5d041ed9 Loading...

	#39 Eval - f7011579ea14bcfa1ad2175af2b3c1e8	28 B	2024-04-16	2024-04-16
Pretty Observations First Seen2024-04-16 14:38:18 Last Seen2024-04-16 14:38:18 Times Seen1 Hash f7011579ea14bcfa1ad2175af2b3c1e8 afee4670265f1aab057035853994940432ab877a 18c65a8ea6602689020064a66ce25e4c2c6c808de116c420b4172eb1055fdb8b Loading...

		Size	First Seen	Last Seen
	#1 Write - 086707e4369f60afedcafb16050a7618	39 B	2023-03-07	2024-05-02
Pretty Observations First Seen2023-03-07 01:03:24 Last Seen2024-05-02 11:48:11 Times Seen44707 Hash 086707e4369f60afedcafb16050a7618 8216b0cc6876cbd44f01c158e7dff3833ceccd41 a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e Loading...

HTTP Transactions (13)

URL IP Response Size

aiitpune.com/js/ext1/ZmVybmFuZGEudG9tYXpAYzZiYW5rLmNvbQ==

132.148.128.8

0 B

URL
aiitpune.com/js/ext1/ZmVybmFuZGEudG9tYXpAYzZiYW5rLmNvbQ==
IP
132.148.128.8:0
ASN
#398101 GO-DADDY-COM-LLC

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /js/ext1/ZmVybmFuZGEudG9tYXpAYzZiYW5rLmNvbQ== HTTP/1.1
Host: aiitpune.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 12:37:51 GMT
Server: Apache
refresh: 0;url=https://dc3889e1.b24b366159a504c34a2004dc.workers.dev/?qrc=fernanda.tomaz@c6bank.com
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback

104.17.2.184

0 B

URL
challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dc3889e1.b24b366159a504c34a2004dc.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Tue, 16 Apr 2024 12:37:52 GMT
content-length: 0
location: /turnstile/v0/b/bcc5fb0a8815/api.js?onload=onloadTurnstileCallback
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=300, public
vary: Accept-Encoding
server: cloudflare
cf-ray: 87543aa81b931bfa-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87543aa8ddbc568f

104.17.2.184

119 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87543aa8ddbc568f
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
119 kB (119444 bytes)
Hash
c35c8b024729053e0822831249917739
65351547b23821d1780bfd4f3b76daf90dd31b63
b0e39416a5de181ff94c83d8ef0dedd706ba9e0f6f80276c946f63809082f3cb

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87543aa8ddbc568f HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/j72mo/0x4AAAAAAAW6FMm8tl7BXPFe/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 12:37:52 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
server: cloudflare
cf-ray: 87543aa94ea1568f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/j72mo/0x4AAAAAAAW6FMm8tl7BXPFe/auto/normal

104.17.2.184

28 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/j72mo/0x4AAAAAAAW6FMm8tl7BXPFe/auto/normal
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (41919)
Size
28 kB (28421 bytes)
Hash
409e66fc01fc3f0155b6587c54741965
5aed065ea8caf6c3ba0b17c381051813d4ec6858
c5cd150776fae354579d9749a140dcf4f2142845440dc3798503a69f3660f2a4

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/j72mo/0x4AAAAAAAW6FMm8tl7BXPFe/auto/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dc3889e1.b24b366159a504c34a2004dc.workers.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 12:37:52 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
document-policy: js-profiling
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare
cf-ray: 87543aa8ddbc568f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1476008901:1713267186:zR3GurVkVCAlVXKBrGV4dUnN0_Uewb3OHtd5jrOHBtU/87543aa8ddbc568f/01309b368780bc7

104.17.2.184

5.1 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1476008901:1713267186:zR3GurVkVCAlVXKBrGV4dUnN0_Uewb3OHtd5jrOHBtU/87543aa8ddbc568f/01309b368780bc7
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (976), with no line terminators
Size
5.1 kB (5075 bytes)
Hash
3fe4a9ad158492b629673913e6cdb14c
c4f13efd55c8bbe67d1658bed734777a98558941
094b935c3e34533d9ac44cf2bcf1c2920f9898491aad3908b92b380c3a6d8944

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1476008901:1713267186:zR3GurVkVCAlVXKBrGV4dUnN0_Uewb3OHtd5jrOHBtU/87543aa8ddbc568f/01309b368780bc7 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/j72mo/0x4AAAAAAAW6FMm8tl7BXPFe/auto/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 01309b368780bc7
Content-Length: 37596
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 12:37:57 GMT
content-type: text/html; charset=UTF-8
cf-chl-out: OtUbkDuyITkA4ZF+D0gxjUohFzKMacqSpDNzcCA/dkZtY9zkB8+xFeSsiLqr5TCXytNUbCUmkn/F1qmN9YnJSGkUbxmqDXDyDU83816D7XA=$wjcHXgqmp8qj4hgE+/v0Bw==
cf-chl-out-s: tB91JCYs3SM13ssNXbSbVR6puWZLA2b3PR+WdtOabZenbPnAnPcsTQOC8wlADRhriIa7h4Tn5BahGr3dw/Fi0nrXjNGbJ9PeVMZ0OWrPv1yvMmN/FDIE9tXWbphO8Fys11eqo9k+p7v3X3HTCQp3iA==$Z6+YFCdp1jU3yJ1SGFRAZQ==
server: cloudflare
cf-ray: 87543ac809a0568f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/87543aa8ddbc568f/1713271072567/c21113ba58e4dde1881c470191f077a23b644b41829db693625efbdaf7ed6c9c/Z3DZGMnzw_dlgrS

104.17.2.184

504 B

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/87543aa8ddbc568f/1713271072567/c21113ba58e4dde1881c470191f077a23b644b41829db693625efbdaf7ed6c9c/Z3DZGMnzw_dlgrS
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
504 B (504 bytes)
Hash
3fc9658caa9b5e1698fb41f92c4d5fd8
b48329cd8951983a94d9010f9a48535b45e2e840
a435b1762b94674b45263630fb06c79b64c7c15c9e70c7758f46d2ee511139ee

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/pat/87543aa8ddbc568f/1713271072567/c21113ba58e4dde1881c470191f077a23b644b41829db693625efbdaf7ed6c9c/Z3DZGMnzw_dlgrS HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/j72mo/0x4AAAAAAAW6FMm8tl7BXPFe/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 401 Unauthorized
date: Tue, 16 Apr 2024 12:37:52 GMT
content-type: text/plain; charset=UTF-8
www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gwhETuljk3eGIHEcBkfB3ojtkS0GCnbaTYl772vftbJwAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEA1QvuFhVj8-HIEpd2829MedEvnrcAHahftJq4lCTdordKDtEpBDr1tC6_z1kq102Fe8SVbT4nRFRPCH_vL6Pwcc16C8jLMMvXraoC-BiyzAX3Yyr6lZj9UCQ7aK3JEr-tlD2wmLRtqyXfZQu9FdZsCMm0LU5LDAKE1uUBeAV-vLkP_1imLjHgbFE2lJH52yahbxiIjoqT_3PjB45ow3W9ciKiR89cUoS7X-sc6I2Lo7P_Y_FH4aGxC4fBDbjKZDO7UYOs3i1xJCHhgRA2dPWk0tZTjV7-jJE-oyRiReJNq7shr4jYws0e9BzlY1UCMa-U_JWdRb9So4JnoGPmfvSU_QIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tIMIRE7pY5N3hiBxHAZHwd6I7ZEtBgp22k2Je-9r37WycABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEA1FEYykHcK8H9rb_u0aFz3CmWgYloQw4YhedoEOAjJ0vy2Axa4f9UG9Dzs4uXS34_h8l6MDo2nRCvLI9lvebilMnTjCn-6D77bewqYxJKUFZW1z2jBIdu03TrETczfEg7kxgKtJE9NXGDjYJcF_iMgzgNA0PEAVM89tUYXXlFy4cUAGlqU2mPpIEOxm5ARsXC-zlLK60fkJ4cOsZRkZa6EExdhmgdwQ0fEJuSOHrBO_-zJn4hUP8q9g4yqkxW2UrfJgD07F4HaHGBEiei06sGDvH2NEPvswEl5dTGxutNrxlU7W24iYhNa2nhjlc53nNb0mKtszv-czVE9UhXyJ7-RQIDAQAB", max-age=20
server: cloudflare
cf-ray: 87543aadce3f568f-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv1/toL804vmeDYrjlL/j72mo/0x4AAAAAAAW6FMm8tl7BXPFe/auto/normal

104.17.2.184

21 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv1/toL804vmeDYrjlL/j72mo/0x4AAAAAAAW6FMm8tl7BXPFe/auto/normal
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (41919)
Size
21 kB (20948 bytes)
Hash
911a300cc8485ca30d212d3e7b24ba77
81b4d073ed7dc55d2bf96c2cba85885593b3ca11
6e55518e960a50cd3795ca94b05cf2a9c20623b493aae84c9ba7a7266310f731

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv1/toL804vmeDYrjlL/j72mo/0x4AAAAAAAW6FMm8tl7BXPFe/auto/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dc3889e1.b24b366159a504c34a2004dc.workers.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 12:38:07 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
document-policy: js-profiling
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare
cf-ray: 87543b06fe67568f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87543b06fe67568f

104.17.2.184

119 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87543b06fe67568f
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
119 kB (118878 bytes)
Hash
51fcf3ab4dcf5d868fa53ab96257df0b
dacb7320cb37c9e967471a19fb348eca84348330
637714e6a9d5e1d5f717ce0958f8b3a4b99b849ef06ec883bbe40fa06467a92c

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87543b06fe67568f HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv1/toL804vmeDYrjlL/j72mo/0x4AAAAAAAW6FMm8tl7BXPFe/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 12:38:07 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
server: cloudflare
cf-ray: 87543b074efd568f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

mailfoneuscellular.com/owa/?login_hint=fernanda.tomaz%40c6bank.com

51.161.109.46

1.4 kB

URL GET
mailfoneuscellular.com/owa/?login_hint=fernanda.tomaz%40c6bank.com
IP
51.161.109.46:0
ASN
#16276 OVH SAS

Requested by
https://dc3889e1.b24b366159a504c34a2004dc.workers.dev/?qrc=fernanda.tomaz@c6bank.com

File type
HTML document, ASCII text, with very long lines (809), with CRLF, LF line terminators
Size
1.4 kB (1389 bytes)
Hash
9ee0ac20cd64b5f18e2660e071afcfc1
4ff4cd7809e2f9225deaf743577ee7fc37134751
076415d59f748a6c486ddebc07b1aeb89b9b485b8ac7aa9660e9918a4945505d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /owa/?login_hint=fernanda.tomaz%40c6bank.com HTTP/1.1
Host: mailfoneuscellular.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dc3889e1.b24b366159a504c34a2004dc.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=vdIzGvYZa21T; qPdM.sig=gy59XUN6-L-Z4ufCUpp24tm3ynw
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
content-length: 1389
Content-Type: text/html; charset=utf-8
Location: https://mailfoneuscellular.com/?2e3q8az7x=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1mZXJuYW5kYS50b21heiU0MGM2YmFuay5jb20mY2xpZW50LXJlcXVlc3QtaWQ9MDgyNGVkY2ItY2RiMi1iY2QzLWEyNjItMTdjZWM0YWVlODA4JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ4ODY3ODkzOTA2ODU0MC5hZGQ5M2MwZi1kNTU5LTQ3YjQtODA4Mi0wZGQ5ZTIxYTIzMWQmc3RhdGU9RFl0QkRzSWdFQUJCMy1KTjZCWVdXQTdHcDVndHROclVMb2xwWXVMcjVUQnptR1MwVXVyY09YVTBkS2tVUFNGUlRKUjloa2dCd1hLdDJSZFlUQTBoRzB3VEdnSnlCbnFmM2NqT2oxWDM5enEwTHdfM2QzdXU4bml0Y3R5Vy1TTXNsZTNSZHY1ZEVFcWNXRFpiMnY0SA==
Server: Microsoft-IIS/10.0
request-id: 0824edcb-cdb2-bcd3-a262-17cec4aee808
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Alt-Svc: h3=":443";ma=2592000,h3-29=":443";ma=2592000
X-CalculatedFETarget: PR1P264CU007.internal.outlook.com
X-BackEndHttpStatus: 302, 302
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: ClientId=0A9CFDC9B80B4EDE8FAA222760E55669; expires=Wed, 16-Apr-2025 12:38:13 GMT; path=/;SameSite=None; secure
ClientId=0A9CFDC9B80B4EDE8FAA222760E55669; expires=Wed, 16-Apr-2025 12:38:13 GMT; path=/;SameSite=None; secure
OIDC=1; expires=Wed, 16-Oct-2024 12:38:13 GMT; path=/;SameSite=None; secure; HttpOnly
RoutingKeyCookie=; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.token.v1=; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.token.v1=; domain=mailfoneuscellular.com; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.id_token.v1=; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.code.v1=; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.id_token.v1=; domain=mailfoneuscellular.com; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.code.v1=; domain=mailfoneuscellular.com; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; domain=mailfoneuscellular.com; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; domain=mailfoneuscellular.com; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; domain=mailfoneuscellular.com; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.nonce.v3.FnJBYRF770Qgz8t4HKU722DN7mQOD3lRS2qQJcjXSiQ=638488678939068540.add93c0f-d559-47b4-8082-0dd9e21a231d; expires=Tue, 16-Apr-2024 13:38:13 GMT; path=/;SameSite=None; secure; HttpOnly
HostSwitchPrg=; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OptInPrg=; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
SuiteServiceProxyKey=; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
ClientId=0A9CFDC9B80B4EDE8FAA222760E55669; expires=Wed, 16-Apr-2025 12:38:13 GMT; path=/;SameSite=None; secure
OIDC=1; expires=Wed, 16-Oct-2024 12:38:13 GMT; path=/;SameSite=None; secure; HttpOnly
RoutingKeyCookie=; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.token.v1=; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.token.v1=; domain=mailfoneuscellular.com; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.id_token.v1=; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.code.v1=; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.id_token.v1=; domain=mailfoneuscellular.com; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.code.v1=; domain=mailfoneuscellular.com; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; domain=mailfoneuscellular.com; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; domain=mailfoneuscellular.com; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; domain=mailfoneuscellular.com; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OpenIdConnect.nonce.v3.FnJBYRF770Qgz8t4HKU722DN7mQOD3lRS2qQJcjXSiQ=638488678939068540.add93c0f-d559-47b4-8082-0dd9e21a231d; expires=Tue, 16-Apr-2024 13:38:13 GMT; path=/;SameSite=None; secure; HttpOnly
HostSwitchPrg=; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
OptInPrg=; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
SuiteServiceProxyKey=; expires=Sat, 16-Apr-1994 12:38:13 GMT; path=/; secure
X-OWA-RedirectHistory=ArLym14BfIhFFRJe3Ag; expires=Tue, 16-Apr-2024 18:40:13 GMT; path=/;SameSite=None; secure; HttpOnly
X-CalculatedBETarget: PR0P264MB1961.FRAP264.PROD.OUTLOOK.COM
X-RUM-Validated: 1
X-RUM-NotUpdateQueriedPath: 1
X-RUM-NotUpdateQueriedDbCopy: 1
X-BeSku: WCS6
X-OWA-DiagnosticsInfo: 2;0;0
X-IIDs: 0
X-BackEnd-Begin: 2024-04-16T12:38:13.906
X-BackEnd-End: 2024-04-16T12:38:13.906
X-DiagInfo: PR0P264MB1961
X-BEServer: PR0P264MB1961
X-UA-Compatible: IE=EmulateIE7
X-Proxy-RoutingCorrectness: 1
X-Proxy-BackendServerStatus: 302
X-FEProxyInfo: PAZP264CA0119.FRAP264.PROD.OUTLOOK.COM
X-FEEFZInfo: ORY
X-FEServer: PR1P264CA0099, PAZP264CA0119
NEL: {"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
X-FirstHopCafeEFZ: ORY
Date: Tue, 16 Apr 2024 12:38:13 GMT
Connection: close
Content-Security-Policy: default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

dc3889e1.b24b366159a504c34a2004dc.workers.dev/favicon.ico

104.21.94.180

200 OK

3.3 kB

URL GET HTTP/3
dc3889e1.b24b366159a504c34a2004dc.workers.dev/favicon.ico
IP
104.21.94.180:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dc3889e1.b24b366159a504c34a2004dc.workers.dev/?qrc=fernanda.tomaz@c6bank.com
Certificate
IssuerGoogle Trust Services LLC
Subjectb24b366159a504c34a2004dc.workers.dev
FingerprintBC:41:71:93:F8:C2:C5:7E:66:EE:C8:3A:E4:16:06:3D:23:73:EE:5F
ValidityThu, 11 Apr 2024 15:41:38 GMT - Wed, 10 Jul 2024 15:41:37 GMT

File type
HTML document, ASCII text, with very long lines (3271), with no line terminators
Size
3.3 kB (3255 bytes)
Hash
ade935fdb28f6baa87d11e6a17499976
959d967f84b0c84423c25be6a41565929327f4c1
d4f7590edfe99b50c22b6d0a64768f419a2654233a88bdfd7fc3e9150ab9314c

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: dc3889e1.b24b366159a504c34a2004dc.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dc3889e1.b24b366159a504c34a2004dc.workers.dev/?qrc=fernanda.tomaz@c6bank.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 12:38:12 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fQUGDtYjjFHj1C37K%2B1jiWn1PJFO983%2FcyTNKb%2FFSD23i7PdSo%2F06tf0uUAN2HNL1EyfQ50QzHWVgtBIVV6TDczIIsBdzBBbeicYPIda%2FCPqpBWRbboRjLxABgD7uN8k4ScCuP1J5Vw4cVWas5d%2FN6zUMJEGEjl5Trozsk%2FILng%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87543b274efc56bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

mailfoneuscellular.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL21haWxmb25ldXNjZWxsdWxhci5jb20iLCJkb21haW4iOiJtYWlsZm9uZXVzY2VsbHVsYXIuY29tIiwia2V5IjoidmRJekd2WVphMjFUIiwicXJjIjoiZmVybmFuZGEudG9tYXpAYzZiYW5rLmNvbSIsImlhdCI6MTcxMzI3MTA5MiwiZXhwIjoxNzEzMjcxMjEyfQ.mWeQBnTlzVW5t3z8YdiyUXedbQNHBtRBTO-3ulhTo8I

0.0.0.0

0 B

URL GET
mailfoneuscellular.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL21haWxmb25ldXNjZWxsdWxhci5jb20iLCJkb21haW4iOiJtYWlsZm9uZXVzY2VsbHVsYXIuY29tIiwia2V5IjoidmRJekd2WVphMjFUIiwicXJjIjoiZmVybmFuZGEudG9tYXpAYzZiYW5rLmNvbSIsImlhdCI6MTcxMzI3MTA5MiwiZXhwIjoxNzEzMjcxMjEyfQ.mWeQBnTlzVW5t3z8YdiyUXedbQNHBtRBTO-3ulhTo8I
IP
0.0.0.0:0
ASN
#0

Requested by
https://dc3889e1.b24b366159a504c34a2004dc.workers.dev/?qrc=fernanda.tomaz@c6bank.com

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL21haWxmb25ldXNjZWxsdWxhci5jb20iLCJkb21haW4iOiJtYWlsZm9uZXVzY2VsbHVsYXIuY29tIiwia2V5IjoidmRJekd2WVphMjFUIiwicXJjIjoiZmVybmFuZGEudG9tYXpAYzZiYW5rLmNvbSIsImlhdCI6MTcxMzI3MTA5MiwiZXhwIjoxNzEzMjcxMjEyfQ.mWeQBnTlzVW5t3z8YdiyUXedbQNHBtRBTO-3ulhTo8I HTTP/1.1
Host: mailfoneuscellular.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dc3889e1.b24b366159a504c34a2004dc.workers.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Set-Cookie: qPdM=vdIzGvYZa21T; path=/; samesite=none; secure; httponly
qPdM.sig=gy59XUN6-L-Z4ufCUpp24tm3ynw; path=/; samesite=none; secure; httponly
location: /?qrc=fernanda.tomaz%40c6bank.com
Date: Tue, 16 Apr 2024 12:38:12 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked

mailfoneuscellular.com/?qrc=fernanda.tomaz%40c6bank.com

0.0.0.0

0 B

URL GET
mailfoneuscellular.com/?qrc=fernanda.tomaz%40c6bank.com
IP
0.0.0.0:0
ASN
#0

Requested by
https://dc3889e1.b24b366159a504c34a2004dc.workers.dev/?qrc=fernanda.tomaz@c6bank.com

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /?qrc=fernanda.tomaz%40c6bank.com HTTP/1.1
Host: mailfoneuscellular.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dc3889e1.b24b366159a504c34a2004dc.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=vdIzGvYZa21T; qPdM.sig=gy59XUN6-L-Z4ufCUpp24tm3ynw
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache
Pragma: no-cache
Location: https://mailfoneuscellular.com/owa/?login_hint=fernanda.tomaz%40c6bank.com
Server: Microsoft-IIS/10.0
request-id: 3b383978-18a3-db23-2b5d-70541a60d703
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-FEServer: YQBPR0101CA0089, YQBPR0101CA0089
X-RequestId: 4b9a5ad5-ae45-4105-b821-1a56ade9b349
X-FEProxyInfo: YQBPR0101CA0089.CANPRD01.PROD.OUTLOOK.COM
X-FEEFZInfo: YQB
MS-CV: eDk4O6MYI9srXXBUGmDXAw.0
X-Powered-By: ASP.NET
Date: Tue, 16 Apr 2024 12:38:12 GMT
Connection: close
Content-Length: 0
Content-Security-Policy: default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

dc3889e1.b24b366159a504c34a2004dc.workers.dev/?qrc=fernanda.tomaz@c6bank.com

104.21.94.180

200 OK

1.2 kB

URL User Request POST HTTP/3
dc3889e1.b24b366159a504c34a2004dc.workers.dev/?qrc=fernanda.tomaz@c6bank.com
IP
104.21.94.180:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectb24b366159a504c34a2004dc.workers.dev
FingerprintBC:41:71:93:F8:C2:C5:7E:66:EE:C8:3A:E4:16:06:3D:23:73:EE:5F
ValidityThu, 11 Apr 2024 15:41:38 GMT - Wed, 10 Jul 2024 15:41:37 GMT

File type
HTML document, ASCII text, with very long lines (1211), with no line terminators
Size
1.2 kB (1191 bytes)
Hash
6cf46898fee65be4223acf985c280869
1dd999a5ef747dbcd55658d2c20a771e75d94b34
45a5d135667743ffa9b099225dc9d97de8f74af7b7b05d9a1970c32728fecb71

HTTP Headers

POST /?qrc=fernanda.tomaz@c6bank.com HTTP/1.1
Host: dc3889e1.b24b366159a504c34a2004dc.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 582
Origin: https://dc3889e1.b24b366159a504c34a2004dc.workers.dev
DNT: 1
Connection: keep-alive
Referer: https://dc3889e1.b24b366159a504c34a2004dc.workers.dev/?qrc=fernanda.tomaz@c6bank.com
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 12:38:12 GMT
content-type: text/html;
status: 200
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nVqxDkk8qe0PZBOtMIZOhDCP%2B8rucsW16Tujbf55FviBNDQJDC%2FD58tVl35eFmJvhpAQ2iQ8qrb7uoiiAsLbClriPnw8jspvN4sPk8sPRvXLhlCAkgtKzxkRNTRh1nRpkeEaWYS2Q2XkKh31plTzV46XCynKXx2ubb7qGO%2BJwMM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87543b224cf356bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (40)

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash