Report - banyan-edu.com/getit/b25lc3RyZWFtc29mdHdhcmU=/192.168.131.244/R3dpbGxtb3R0/Z3dpbGxtb3R0QG9uZXN0cmVhbXNvZnR3YXJlLmNvbQ==?af_ad=crm_nl_PDA_SneakPeek_NP_X_290124__&af_adset=email&is

Report Overview

Submitted URL
banyan-edu.com/getit/b25lc3RyZWFtc29mdHdhcmU=/192.168.131.244/R3dpbGxtb3R0/Z3dpbGxtb3R0QG9uZXN0cmVhbXNvZnR3YXJlLmNvbQ==?af_ad=crm_nl_PDA_SneakPeek_NP_X_290124__&af_adset=email&is_retargeting=true&pid=CRM
IP
188.114.97.1
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-08 13:47:15
Access
public
Website Title
3ddc47ac.6d2e589211c0928645bd553e.workers.dev/?qrc=gwillmott@onestreamsoftware.com
Final URL
3ddc47ac.6d2e589211c0928645bd553e.workers.dev/?qrc=gwillmott@onestreamsoftware.com
Tags
phishing microsoft outlook
urlquery detections
Phishing - Microsoft Outlook

Detections

urlquery
6
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20	2024-05-07	1.8 kB	2.1 kB	104.17.3.184
3ddc47ac.6d2e589211c0928645bd553e.workers.dev	unknown	unknown	No data	No data	1.6 kB	38 kB	104.21.34.84
marvelcakemarvelcake.us	unknown	unknown	No data	No data	6.8 kB	16 kB	5.230.73.190

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (17)

	URL	Size	First Seen	Last Seen
	data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX0pKTtkb2N1bWVudC5kb2N1bWVudEVsZW1lbnQuc3R5bGUuZmlsdGVyPSJodWUtcm90YXRlKDRkZWcpIjtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImciXX0pKTtzZXRUaW1lb3V0KGMsMWUzKX19YygpOwo=	341 B	2023-10-02	2024-05-18
Pretty URL data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX0pKTtkb2N1bWVudC5kb2N1bWVudEVsZW1lbnQuc3R5bGUuZmlsdGVyPSJodWUtcm90YXRlKDRkZWcpIjtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImciXX0pKTtzZXRUaW1lb3V0KGMsMWUzKX19YygpOwo= IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-02 01:17:43 Last Seen2024-05-18 17:56:42 Times Seen33527 Hash d6f18bfe02b31db3664d5d27f03ea142 aae6f850e8ea4ff74dcd6213ad6a4565cbd6802e 90682803943448f3acffc81014c87fdd71f30d8cf97335fcea451fac1e568221 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 9e925e9341b490bfd3b4c4ca3b0c1ef2	4 B	2023-03-07	2024-05-20
Pretty Observations First Seen2023-03-07 01:03:43 Last Seen2024-05-20 01:35:31 Times Seen353145 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	#2 Eval - 727c515a091f4056f7762d53df94e901	2.8 kB	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 15:47:21 Last Seen2024-05-08 15:47:21 Times Seen1 Hash 727c515a091f4056f7762d53df94e901 c6ed16d0c7d455dc65fe22f774f048b42b62bca7 90351bd58a487501191deb75aad5638b5afab0ab927448db6b907ee117159101 Loading...

	#3 Eval - a2cc04d4561f02a671a14897fc09f9fa	2.8 kB	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 15:47:21 Last Seen2024-05-08 15:47:21 Times Seen1 Hash a2cc04d4561f02a671a14897fc09f9fa cb8c54f2bb0e28b9fdfb9790164ddece391e79d6 970ff66723008d8a50ffe0be592249a0311e61eeacbcc7111661e26a1ac13ea3 Loading...

	#4 Eval - 3cb01679a343c046e400ba5e77995110	28 B	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 15:47:21 Last Seen2024-05-08 15:47:21 Times Seen1 Hash 3cb01679a343c046e400ba5e77995110 3392e0d1654810ac1e434eb137defd7b29b443a1 75cbb9361097bc52bfc5d7909ea46723b3af1b8bd54fbc5ebcebe6754ba5f86e Loading...

	#5 Eval - a8ce7b727dcd2a0e7a89d5a2e6c66fe0	28 B	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 15:47:21 Last Seen2024-05-08 15:47:21 Times Seen1 Hash a8ce7b727dcd2a0e7a89d5a2e6c66fe0 a4b32d8e7456aad2113f945730d651c527e18836 c641c4c9a0a0fedbd63780e96561ed02c04735b3789196672bb487fcdbef7255 Loading...

	#6 Eval - 92da9c4666e17d50a434ae07229aca66	28 B	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 15:47:21 Last Seen2024-05-08 15:47:21 Times Seen1 Hash 92da9c4666e17d50a434ae07229aca66 7b14991bd1e14977908a0b7e3599777c5c06e5a8 1794b84437943d1327fe6d4db3f75a102e163eaf7bc0915e8d9cc0f9d000560e Loading...

	#7 Eval - 75749b79ef6352dae391d1e2d3482d5c	28 B	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 15:47:21 Last Seen2024-05-08 15:47:21 Times Seen1 Hash 75749b79ef6352dae391d1e2d3482d5c 9e6ad838163d14bfc41360592e61a2cc82fed4d7 a2ef537019e7ce8424a4a9da75ba8b80351bb04cfad26b9853766d0a2554f7d9 Loading...

	#8 Eval - 940249a63c1f7e49c58d28f4ad73455e	28 B	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 15:47:21 Last Seen2024-05-08 15:47:21 Times Seen1 Hash 940249a63c1f7e49c58d28f4ad73455e 3d302e7ffb4bcd746ced10e6d608258447f40e73 d2b2edd558de6f22a93d43540c09b46bbd551a417a6fecb3e6c592cd82c87647 Loading...

	#9 Eval - b98dc515fa4c0c890d8cba5b482ee9c4	28 B	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 15:47:21 Last Seen2024-05-08 15:47:21 Times Seen1 Hash b98dc515fa4c0c890d8cba5b482ee9c4 6f417a05167917369eceb2beef917040e6a3a529 ffd93cfc5eea7a419c3709db812f03f6deed2ff3b9a7b012081199b64b1a9f66 Loading...

	#10 Eval - f66eb10fc144df2ccaaab1ee8edeb9a6	28 B	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 15:47:21 Last Seen2024-05-08 15:47:21 Times Seen1 Hash f66eb10fc144df2ccaaab1ee8edeb9a6 f4e639776af2d65444e202d8c4aa57a6e45d233f 6e924814e1955e33196c8a1fe3b8e3fd7d9fbeefa2bcc37c143b2af8d8463b6e Loading...

	#11 Eval - 912776c0b8aaa973486f80957ba6876b	28 B	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 15:47:21 Last Seen2024-05-08 15:47:21 Times Seen1 Hash 912776c0b8aaa973486f80957ba6876b 75a7d527c85f9c9d4a886bcc05cc77ceeb0d1093 d4562aa409ec87cca0e10bafe983eb066b5fad3fa3c29fac5289ad060049bea1 Loading...

	#12 Eval - 81b0f0ef054d3e2a53ae032fd0b55cb2	28 B	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 15:47:21 Last Seen2024-05-08 15:47:21 Times Seen1 Hash 81b0f0ef054d3e2a53ae032fd0b55cb2 65ec985e3c33b901125e5105fb5bebd44664c06a 51552d272a89373124514e0136bf40ae0c7c659725774c6cb4fd9c6d256efd85 Loading...

	#13 Eval - 44ce9c2b5dbdc0f28d7037c070550b74	62 B	2024-05-03	2024-05-09
Pretty Observations First Seen2024-05-03 14:37:29 Last Seen2024-05-09 15:26:38 Times Seen386 Hash 44ce9c2b5dbdc0f28d7037c070550b74 a9d8ff605c113bef81e606ea0bb2d8b0d65bd13e b87899b17160a1ab0138f3ff2eacc0c7c9107f22f6ab3ad6e9d9973b98deb26d Loading...

	#14 Eval - 40a7755583a2ed2bc1b2aa094cda1172	28 B	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 15:47:21 Last Seen2024-05-08 15:47:21 Times Seen1 Hash 40a7755583a2ed2bc1b2aa094cda1172 00b42a603d0b2d70308a2d9bf26b3459c70eac9d b02887025d9d94c7be535969009f5c953b6237d9ce8bd03db79759ce6842cded Loading...

	#15 Eval - 6778e1584ef9d5e0a294b6619a51abbb	28 B	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 15:47:21 Last Seen2024-05-08 15:47:21 Times Seen1 Hash 6778e1584ef9d5e0a294b6619a51abbb 705c2be4f7340ef1c4742f5aba0c6ab2ef3bf03e 369b63f4daf498550d3542613e53f793e90368dca2a28296ee8a20872f2d0332 Loading...

	#16 Eval - aceffbbfec6cfdffcc0b654f72ad3a94	28 B	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 15:47:21 Last Seen2024-05-08 15:47:21 Times Seen1 Hash aceffbbfec6cfdffcc0b654f72ad3a94 b2574e10d39c682d466ee78a6f5fd8ff971d8d3a c01dd5ab1d12eabb211bd41db78be79e8c8c3f0b89dbb605963079ac562cf92e Loading...

HTTP Transactions (11)

URL IP Response Size

challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback

104.17.3.184

0 B

URL
challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3ddc47ac.6d2e589211c0928645bd553e.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Wed, 08 May 2024 13:46:51 GMT
content-length: 0
location: /turnstile/v0/b/ce7818f50e39/api.js
cross-origin-resource-policy: cross-origin
cache-control: max-age=300, public
access-control-allow-origin: *
vary: Accept-Encoding
server: cloudflare
cf-ray: 8809e5f72e06569d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

3ddc47ac.6d2e589211c0928645bd553e.workers.dev/favicon.ico

104.21.34.84

200 OK

27 kB

URL GET HTTP/3
3ddc47ac.6d2e589211c0928645bd553e.workers.dev/favicon.ico
IP
104.21.34.84:443
ASN
#13335 CLOUDFLARENET

Requested by
https://3ddc47ac.6d2e589211c0928645bd553e.workers.dev/?qrc=gwillmott@onestreamsoftware.com
Certificate
IssuerGoogle Trust Services LLC
Subject6d2e589211c0928645bd553e.workers.dev
Fingerprint35:77:55:8C:C0:B8:75:C5:15:2E:9A:77:6D:A7:31:38:73:3B:A6:14
ValidityMon, 29 Apr 2024 15:39:04 GMT - Sun, 28 Jul 2024 15:39:03 GMT

File type
HTML document, ASCII text, with very long lines (3255), with no line terminators
Size
27 kB (27033 bytes)
Hash
22ce1585d61e28bdc35623fab27c880f
228be3ef0c1b2d927f4c940fd01bb7420d61ba72
46105f6ec31f1f810658d69596dc724cba70cc7ce94674ab964727f725283cdb

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 3ddc47ac.6d2e589211c0928645bd553e.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3ddc47ac.6d2e589211c0928645bd553e.workers.dev/?qrc=gwillmott@onestreamsoftware.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 13:46:51 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gT6trAYiPjdQjOLWXL%2F94ltDji6w0fhAq3%2BXpMyTCRbzWjgpihDh05AnQrXyvkkHvMFo%2BKWYSkuoCKpKRH4lmuVeCx9tu17t%2BT44UoHoJvuUhP0Zum7hQGpWmgz1TMYPwsau1S%2BjHXP0SaVlRKv6uIaHmdgXUpW9McywykL5czk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8809e5f7cd0e0afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8809e5f7ebbe56b5/1715176011896/ot-AsdkRhjX87Ee

104.17.3.184

61 B

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8809e5f7ebbe56b5/1715176011896/ot-AsdkRhjX87Ee
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 45 x 4, 8-bit/color RGB, non-interlaced
Size
61 B (61 bytes)
Hash
c9fe4644e326d23e9b321181174a8912
d4b8eb883ac8422cec27a6acb74df3eb6c199901
7db4cb8a787127b2374572d0266d3ec1ad2b54d8259f2c83851e5f3c092de9a4

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/i/8809e5f7ebbe56b5/1715176011896/ot-AsdkRhjX87Ee HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/r9oii/0x4AAAAAAAYt4FhnWY1SjmrS/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 13:46:52 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 8809e5fe6c7256b5-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/8809e5f7ebbe56b5/1715176011896/dcb8cd17a83acb2764d48af2d0bd038d0cc2e08408e07a54929f8d86a22bdb97/mYvRhS9SD3-Y3_D

104.17.3.184

1 B

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/8809e5f7ebbe56b5/1715176011896/dcb8cd17a83acb2764d48af2d0bd038d0cc2e08408e07a54929f8d86a22bdb97/mYvRhS9SD3-Y3_D
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
ff44570aca8241914870afbc310cdb85
58668e7669fd564d99db5d581fcdb6a5618440b5
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/pat/8809e5f7ebbe56b5/1715176011896/dcb8cd17a83acb2764d48af2d0bd038d0cc2e08408e07a54929f8d86a22bdb97/mYvRhS9SD3-Y3_D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/r9oii/0x4AAAAAAAYt4FhnWY1SjmrS/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 401 Unauthorized
date: Wed, 08 May 2024 13:46:52 GMT
content-type: text/plain; charset=UTF-8
content-length: 1
www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20g3LjNF6g6yydk1Iry0L0DjQzC4IQI4HpUkp-NhqIr25cAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAwJNLx-F--HQ4G6w81Lqhm55Wqle9iE4E64E37YL7QkK_ylJ-Dsmf1v3knq_MpBi8JncpUaWMssdL2Aha6xVtTuit-n3zEDZCW0VR_73N-Mc6DxdptQ_jsmIxis7apwux2f5L0gN0Z4K9C36tRcIL-chm-gijHvxrbhcCYusNwrgAlFaiqNWBqxKTiuPduHX4CNzNb7BAiNPz7ppY7Xn1WjmxSB-BaqSVLCYtDy-Mw41UBzE3QEcVUcRH9er-MksFvohzvhlnTTonFaMyAUYx3d_uCdDannmVQhRsm-aJs_P_GGe1TX3e9g5Sy-NmhGrro0kncbPlfTwFxa8SwJ5-8QIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tINy4zReoOssnZNSK8tC9A40MwuCECOB6VJKfjYaiK9uXABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAi_Bv1vvWWnyuOfVJgRV-AQLxEJECUUmMRrMnYz-gJA-oMd79ajvP3atoTZqB_EsZIq7SMmpbCRFhPolqzIrtXh7AF1Q-ZWY2RoRVRgKr7d6iJMZ49iZUmbz837eqBZJrEMuXftZmY35str5sb0GjzklF8z_hcQJC9vancYXncsYoiMDaROW0tLwSQA9BGfbmA6GlbVj4XH8DH19cKifxmO6RlIPPKlL1KmZbrRakkpuqvJO2-x1Zc2S5GCpponuvQTqJQH8Ud9loZLI75e-Xa9KAUNtBTM0t9WSEsv8cSJLV1BPBVTy1lOnwghofw4fqmlYv6CXClzAUqWouSTJ7uwIDAQAB", max-age=20
server: cloudflare
cf-ray: 8809e5feaccb56b5-OSL
alt-svc: h3=":443"; ma=86400

3ddc47ac.6d2e589211c0928645bd553e.workers.dev/?qrc=gwillmott@onestreamsoftware.com

104.21.34.84

200 OK

8.0 kB

URL User Request POST HTTP/3
3ddc47ac.6d2e589211c0928645bd553e.workers.dev/?qrc=gwillmott@onestreamsoftware.com
IP
104.21.34.84:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subject6d2e589211c0928645bd553e.workers.dev
Fingerprint35:77:55:8C:C0:B8:75:C5:15:2E:9A:77:6D:A7:31:38:73:3B:A6:14
ValidityMon, 29 Apr 2024 15:39:04 GMT - Sun, 28 Jul 2024 15:39:03 GMT

File type
HTML document, ASCII text, with very long lines (3255), with no line terminators
Size
8.0 kB (7971 bytes)
Hash
22ce1585d61e28bdc35623fab27c880f
228be3ef0c1b2d927f4c940fd01bb7420d61ba72
46105f6ec31f1f810658d69596dc724cba70cc7ce94674ab964727f725283cdb

HTTP Headers

GET /?qrc=gwillmott@onestreamsoftware.com HTTP/1.1
Host: 3ddc47ac.6d2e589211c0928645bd553e.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 13:46:51 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3rrCl2ID%2B%2FxEU81YZyR8i6KxNfyZojHDcfhkDe7OsBXwfNz1oyZkOiksoqkqVINw4wwMTx2uAWFT%2FsorNz29vMfT5wAtmMVE1%2Fvs3w3g7udlB%2BBq3JRwh%2FQzdQ6eibS8lUDocSEECSRHJvIhibysriGSllDUR0VDo3G%2FkqcB60c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8809e5f59e7b1c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

marvelcakemarvelcake.us/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL21hcnZlbGNha2VtYXJ2ZWxjYWtlLnVzIiwiZG9tYWluIjoibWFydmVsY2FrZW1hcnZlbGNha2UudXMiLCJrZXkiOiJjbGJDTjByTFJvb0IiLCJxcmMiOiJnd2lsbG1vdHRAb25lc3RyZWFtc29mdHdhcmUuY29tIiwiaWF0IjoxNzE1MTc2MDE5LCJleHAiOjE3MTUxNzYxMzl9.np9jF25_x04ACx-ClOrh4jsc7c7kI0aONiDsm5fF4xQ

5.230.73.190

302 Found

0 B

URL GET HTTP/1.1
marvelcakemarvelcake.us/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL21hcnZlbGNha2VtYXJ2ZWxjYWtlLnVzIiwiZG9tYWluIjoibWFydmVsY2FrZW1hcnZlbGNha2UudXMiLCJrZXkiOiJjbGJDTjByTFJvb0IiLCJxcmMiOiJnd2lsbG1vdHRAb25lc3RyZWFtc29mdHdhcmUuY29tIiwiaWF0IjoxNzE1MTc2MDE5LCJleHAiOjE3MTUxNzYxMzl9.np9jF25_x04ACx-ClOrh4jsc7c7kI0aONiDsm5fF4xQ
IP
5.230.73.190:443
ASN
#12586 GHOSTnet GmbH

Requested by
https://3ddc47ac.6d2e589211c0928645bd553e.workers.dev/?qrc=gwillmott@onestreamsoftware.com
Certificate
IssuerLet's Encrypt
Subjectmarvelcakemarvelcake.us
FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD
ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL21hcnZlbGNha2VtYXJ2ZWxjYWtlLnVzIiwiZG9tYWluIjoibWFydmVsY2FrZW1hcnZlbGNha2UudXMiLCJrZXkiOiJjbGJDTjByTFJvb0IiLCJxcmMiOiJnd2lsbG1vdHRAb25lc3RyZWFtc29mdHdhcmUuY29tIiwiaWF0IjoxNzE1MTc2MDE5LCJleHAiOjE3MTUxNzYxMzl9.np9jF25_x04ACx-ClOrh4jsc7c7kI0aONiDsm5fF4xQ HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3ddc47ac.6d2e589211c0928645bd553e.workers.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Set-Cookie: qPdM=clbCN0rLRooB; path=/; samesite=none; secure; httponly
qPdM.sig=hkjmU6FtFbFe98Dq_5DlHRp9EOI; path=/; samesite=none; secure; httponly
location: /?qrc=gwillmott%40onestreamsoftware.com
Date: Wed, 08 May 2024 13:46:59 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked

3ddc47ac.6d2e589211c0928645bd553e.workers.dev/favicon.ico

104.21.34.84

200 OK

1.3 kB

URL GET HTTP/3
3ddc47ac.6d2e589211c0928645bd553e.workers.dev/favicon.ico
IP
104.21.34.84:443
ASN
#13335 CLOUDFLARENET

Requested by
https://3ddc47ac.6d2e589211c0928645bd553e.workers.dev/?qrc=gwillmott@onestreamsoftware.com
Certificate
IssuerGoogle Trust Services LLC
Subject6d2e589211c0928645bd553e.workers.dev
Fingerprint35:77:55:8C:C0:B8:75:C5:15:2E:9A:77:6D:A7:31:38:73:3B:A6:14
ValidityMon, 29 Apr 2024 15:39:04 GMT - Sun, 28 Jul 2024 15:39:03 GMT

File type
HTML document, ASCII text, with very long lines (3255), with no line terminators
Size
1.3 kB (1348 bytes)
Hash
22ce1585d61e28bdc35623fab27c880f
228be3ef0c1b2d927f4c940fd01bb7420d61ba72
46105f6ec31f1f810658d69596dc724cba70cc7ce94674ab964727f725283cdb

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 3ddc47ac.6d2e589211c0928645bd553e.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3ddc47ac.6d2e589211c0928645bd553e.workers.dev/?qrc=gwillmott@onestreamsoftware.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 13:46:59 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SA6ddR%2FmujHCsxP0%2FcSH9T3kKeqgVME3f4TWZJkhgcAG0n99C%2BuRzNTJmEcxTR3JeDnGyE%2B4T0JYLDOiM0WXw%2BeJW8%2F%2FEiNF%2BsJP0gcbDz0dQD5PZBxUXfoWccQfKnGc7INQ%2FyiJD%2BI7ISCjd6V%2Frw63fA2DinaHxaKFSp4j9K0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8809e6283bf50afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

marvelcakemarvelcake.us/owa/?login_hint=gwillmott%40onestreamsoftware.com

5.230.73.190

302 Found

1.4 kB

URL GET HTTP/1.1
marvelcakemarvelcake.us/owa/?login_hint=gwillmott%40onestreamsoftware.com
IP
5.230.73.190:443
ASN
#12586 GHOSTnet GmbH

Requested by
https://3ddc47ac.6d2e589211c0928645bd553e.workers.dev/?qrc=gwillmott@onestreamsoftware.com
Certificate
IssuerLet's Encrypt
Subjectmarvelcakemarvelcake.us
FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD
ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT

File type
HTML document, ASCII text, with very long lines (820), with CRLF, LF line terminators
Size
1.4 kB (1400 bytes)
Hash
8015afb1ef38cb46c4d13119dbe097f1
8e7cdd8b2adf49bc7e49ea9c7198220bc85b39c5
1514658fb638eb30443ce8a0324260f6147b13f15264ff437ae13e14cd9bdcd0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /owa/?login_hint=gwillmott%40onestreamsoftware.com HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3ddc47ac.6d2e589211c0928645bd553e.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=clbCN0rLRooB; qPdM.sig=hkjmU6FtFbFe98Dq_5DlHRp9EOI
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
content-length: 1400
Content-Type: text/html; charset=utf-8
Location: https://marvelcakemarvelcake.us/?uahpkyt6k=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1nd2lsbG1vdHQlNDBvbmVzdHJlYW1zb2Z0d2FyZS5jb20mY2xpZW50LXJlcXVlc3QtaWQ9NWJmOTliYTQtOWMyYi05Nzg2LTI2MjMtMTdhM2M5ODc1M2ZhJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUwNzcyODE5ODY4MDk4MC4wZmUzNjdkZC1hMTJjLTQ2ODAtOTg1My1jNDFkZTFmYjMzMzgmc3RhdGU9RFl0TENzTWdGQUMxUFV1WEp2NFNuNHZTb3hUckp4WFVCNG5nOWVOaVpqRXdsQkR5bkR3bWxFOFJzeXZZdURFU2hJVWR1QVctOEJUVmJrSmdUa2pQOUt6TXdxYVkxeUpFa1g1S0thRHpsU3NPdDM0S0hybDlfN24xOXpGeUtSVjdmMm1PTFY3OWpLNWVtUHB3WjF3ODFocw==
Server: Microsoft-IIS/10.0
request-id: 5bf99ba4-9c2b-9786-2623-17a3c98753fa
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Alt-Svc: h3=":443";ma=2592000,h3-29=":443";ma=2592000
X-CalculatedBETarget: FR3P281MB3232.DEUP281.PROD.OUTLOOK.COM
X-BackEndHttpStatus: 302
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: ClientId=725AD44C1270454B877962511C32AF7F; expires=Thu, 08-May-2025 13:46:59 GMT; path=/;SameSite=None; secure
ClientId=725AD44C1270454B877962511C32AF7F; expires=Thu, 08-May-2025 13:46:59 GMT; path=/;SameSite=None; secure
OIDC=1; expires=Fri, 08-Nov-2024 13:46:59 GMT; path=/;SameSite=None; secure; HttpOnly
RoutingKeyCookie=; expires=Sun, 08-May-1994 13:46:59 GMT; path=/; secure
OpenIdConnect.token.v1=; expires=Sun, 08-May-1994 13:46:59 GMT; path=/; secure
OpenIdConnect.token.v1=; domain=marvelcakemarvelcake.us; expires=Sun, 08-May-1994 13:46:59 GMT; path=/; secure
OpenIdConnect.id_token.v1=; expires=Sun, 08-May-1994 13:46:59 GMT; path=/; secure
OpenIdConnect.code.v1=; expires=Sun, 08-May-1994 13:46:59 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; expires=Sun, 08-May-1994 13:46:59 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; expires=Sun, 08-May-1994 13:46:59 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; expires=Sun, 08-May-1994 13:46:59 GMT; path=/; secure
OpenIdConnect.id_token.v1=; domain=marvelcakemarvelcake.us; expires=Sun, 08-May-1994 13:46:59 GMT; path=/; secure
OpenIdConnect.code.v1=; domain=marvelcakemarvelcake.us; expires=Sun, 08-May-1994 13:46:59 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; domain=marvelcakemarvelcake.us; expires=Sun, 08-May-1994 13:46:59 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; domain=marvelcakemarvelcake.us; expires=Sun, 08-May-1994 13:46:59 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; domain=marvelcakemarvelcake.us; expires=Sun, 08-May-1994 13:46:59 GMT; path=/; secure
OpenIdConnect.nonce.v3.DQm536So2QbTZ6QaZYmjcPXoLOBcq2pRJnJwN_rKZtQ=638507728198680980.0fe367dd-a12c-4680-9853-c41de1fb3338; expires=Wed, 08-May-2024 14:46:59 GMT; path=/;SameSite=None; secure; HttpOnly
HostSwitchPrg=; expires=Sun, 08-May-1994 13:46:59 GMT; path=/; secure
OptInPrg=; expires=Sun, 08-May-1994 13:46:59 GMT; path=/; secure
SuiteServiceProxyKey=; expires=Sun, 08-May-1994 13:46:59 GMT; path=/; secure
ClientId=725AD44C1270454B877962511C32AF7F; expires=Thu, 08-May-2025 13:46:59 GMT; path=/;SameSite=None; secure
OIDC=1; expires=Fri, 08-Nov-2024 13:46:59 GMT; path=/;SameSite=None; secure; HttpOnly
RoutingKeyCookie=; expires=Sun, 08-May-1994 13:46:59 GMT; path=/; secure
OpenIdConnect.token.v1=; expires=Sun, 08-May-1994 13:46:59 GMT; path=/; secure
OpenIdConnect.token.v1=; domain=marvelcakemarvelcake.us; expires=Sun, 08-May-1994 13:46:59 GMT; path=/; secure
OpenIdConnect.id_token.v1=; expires=Sun, 08-May-1994 13:46:59 GMT; path=/; secure
OpenIdConnect.code.v1=; expires=Sun, 08-May-1994 13:46:59 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; expires=Sun, 08-May-1994 13:46:59 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; expires=Sun, 08-May-1994 13:46:59 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; expires=Sun, 08-May-1994 13:46:59 GMT; path=/; secure
OpenIdConnect.id_token.v1=; domain=marvelcakemarvelcake.us; expires=Sun, 08-May-1994 13:46:59 GMT; path=/; secure
OpenIdConnect.code.v1=; domain=marvelcakemarvelcake.us; expires=Sun, 08-May-1994 13:46:59 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; domain=marvelcakemarvelcake.us; expires=Sun, 08-May-1994 13:46:59 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; domain=marvelcakemarvelcake.us; expires=Sun, 08-May-1994 13:46:59 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; domain=marvelcakemarvelcake.us; expires=Sun, 08-May-1994 13:46:59 GMT; path=/; secure
OpenIdConnect.nonce.v3.DQm536So2QbTZ6QaZYmjcPXoLOBcq2pRJnJwN_rKZtQ=638507728198680980.0fe367dd-a12c-4680-9853-c41de1fb3338; expires=Wed, 08-May-2024 14:46:59 GMT; path=/;SameSite=None; secure; HttpOnly
HostSwitchPrg=; expires=Sun, 08-May-1994 13:46:59 GMT; path=/; secure
OptInPrg=; expires=Sun, 08-May-1994 13:46:59 GMT; path=/; secure
SuiteServiceProxyKey=; expires=Sun, 08-May-1994 13:46:59 GMT; path=/; secure
X-OWA-RedirectHistory=ArLym14BlMGfVWVv3Ag; expires=Wed, 08-May-2024 19:48:59 GMT; path=/;SameSite=None; secure; HttpOnly
X-RUM-Validated: 1
X-RUM-NotUpdateQueriedPath: 1
X-RUM-NotUpdateQueriedDbCopy: 1
X-BeSku: WCS7
X-OWA-DiagnosticsInfo: 2;0;0
X-IIDs: 0
X-BackEnd-Begin: 2024-05-08T13:46:59.868
X-BackEnd-End: 2024-05-08T13:46:59.868
X-DiagInfo: FR3P281MB3232
X-BEServer: FR3P281MB3232
X-UA-Compatible: IE=EmulateIE7
X-Proxy-RoutingCorrectness: 1
NEL: {"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
X-Proxy-BackendServerStatus: 302
X-FirstHopCafeEFZ: HHN
X-FEProxyInfo: FR3P281CA0143.DEUP281.PROD.OUTLOOK.COM
X-FEEFZInfo: HHN
X-FEServer: FR3P281CA0143
Date: Wed, 08 May 2024 13:46:59 GMT
Connection: close
Content-Security-Policy: default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

marvelcakemarvelcake.us/?uahpkyt6k=aHR0cHM6Ly9vbmVzdHJlYW0ub2t0YS5jb20vYXBwL29mZmljZTM2NS9leGs2M2x2cGc0TVB4ZkpMRzF0Ny9zc28vd3NmZWQvcGFzc2l2ZT9sb2dpbl9oaW50PWd3aWxsbW90dCU0MG9uZXN0cmVhbXNvZnR3YXJlLmNvbSZjbGllbnQtcmVxdWVzdC1pZD01YmY5OWJhNC05YzJiLTk3ODYtMjYyMy0xN2EzYzk4NzUzZmEmdXNlcm5hbWU9Z3dpbGxtb3R0JTQwb25lc3RyZWFtc29mdHdhcmUuY29tJndhPXdzaWduaW4xLjAmd3RyZWFsbT11cm4lM2FmZWRlcmF0aW9uJTNhTWljcm9zb2Z0T25saW5lJndjdHg9ZXN0c3JlZGlyZWN0JTNkMiUyNmVzdHNyZXF1ZXN0JTNkclFRSUFSQUFqVkU3Yk5OUUFNeUxVOU9XWDlXRmdhSElvQTVGVHZ4aUo3WWpJVFdwVTRXNGJhSTZfYVFWaWx6bk9YRmotd1ZfNGlSVlYyQ3NXQ3BSeEFCSVNFWGlONkZPU0V4MG9Rc01uVHBXQ0NIRVZCQURDU3hzY01QcGREcmRjRGRCd0NoTVhXSC1JRTczbVdaMEhkSWE2cXVfNEl3T2p6emUtYjU2OWY2dDdmSExGeDY5dTYzODJBVmpkYzlydXFsWURQdWVpWEVqaW5YZDBGQlV3MVlNQjJyc05RQUhBQndEY0RjOFZnc00wN1N3NTAxaUc3bWVnMVRMeGJvWHFNN3ZfRzZZVDdKQ2d1SDV1QUJGSVNrd29zQkVHUjJ4U2I1YXBWVVkxMml1NTlLaWtHQnBqWU5WQlBVMWxtV0Z3X0Q1UXRyMzZ2RS1ZY2Zvb21faElSMDdWcVdKWGU4ZXNRMmtzamN6NWM3V3B0TlRzTGpnTC1kYm5HSnpMUVczUzA2LXZieVE0ZXlhaU9hTWxmVnNZR2FramkwRmxwa1Y1dDFPcS14TFdhVi1mYUhxcDVkb0lWTmFYR3ZrYTZYR2VsR1V1N1BCVGJVTU9fbHNZemtoeTZyVU5SVzM0TEdjbkhOTXNjTGJVT3hPZC1UNVJWNlBXNFdaUlY1Y2x4UElLamFERlJnSXNPN3VFdjgxX1N1QzdPMWpZWHVmSUhFVDJVYjFJQUtPSXVCVEpNd01ua1RBdzRIZU44bm5GMWZmSDMtY2ZEbi01TUhScFpYUV9rQnNacWx0VHRkTkp5TVZiZG1BMlhKQkVscnBYTGRrS0hHajRkZlJ2RjlMS05xY21IT3Y4U200UllJdGt0d2pod2FKa1JCRlRCWGhNUW0ta3VET3FkRGUwTC1PUGpnTkRzOXd3NlJtcW9ibGprNXNVRWExNHVFR3NxblVCdFcyM0lxbTlWVkxOWDNrVXFsVnF0ZFAzZGpjM0h4ek5uUnk3dW5ibjg4LWZONzVrbnN4RXZvRjAj

5.230.73.190

403 Forbidden

625 B

URL GET HTTP/1.1
marvelcakemarvelcake.us/?uahpkyt6k=aHR0cHM6Ly9vbmVzdHJlYW0ub2t0YS5jb20vYXBwL29mZmljZTM2NS9leGs2M2x2cGc0TVB4ZkpMRzF0Ny9zc28vd3NmZWQvcGFzc2l2ZT9sb2dpbl9oaW50PWd3aWxsbW90dCU0MG9uZXN0cmVhbXNvZnR3YXJlLmNvbSZjbGllbnQtcmVxdWVzdC1pZD01YmY5OWJhNC05YzJiLTk3ODYtMjYyMy0xN2EzYzk4NzUzZmEmdXNlcm5hbWU9Z3dpbGxtb3R0JTQwb25lc3RyZWFtc29mdHdhcmUuY29tJndhPXdzaWduaW4xLjAmd3RyZWFsbT11cm4lM2FmZWRlcmF0aW9uJTNhTWljcm9zb2Z0T25saW5lJndjdHg9ZXN0c3JlZGlyZWN0JTNkMiUyNmVzdHNyZXF1ZXN0JTNkclFRSUFSQUFqVkU3Yk5OUUFNeUxVOU9XWDlXRmdhSElvQTVGVHZ4aUo3WWpJVFdwVTRXNGJhSTZfYVFWaWx6bk9YRmotd1ZfNGlSVlYyQ3NXQ3BSeEFCSVNFWGlONkZPU0V4MG9Rc01uVHBXQ0NIRVZCQURDU3hzY01QcGREcmRjRGRCd0NoTVhXSC1JRTczbVdaMEhkSWE2cXVfNEl3T2p6emUtYjU2OWY2dDdmSExGeDY5dTYzODJBVmpkYzlydXFsWURQdWVpWEVqaW5YZDBGQlV3MVlNQjJyc05RQUhBQndEY0RjOFZnc00wN1N3NTAxaUc3bWVnMVRMeGJvWHFNN3ZfRzZZVDdKQ2d1SDV1QUJGSVNrd29zQkVHUjJ4U2I1YXBWVVkxMml1NTlLaWtHQnBqWU5WQlBVMWxtV0Z3X0Q1UXRyMzZ2RS1ZY2Zvb21faElSMDdWcVdKWGU4ZXNRMmtzamN6NWM3V3B0TlRzTGpnTC1kYm5HSnpMUVczUzA2LXZieVE0ZXlhaU9hTWxmVnNZR2FramkwRmxwa1Y1dDFPcS14TFdhVi1mYUhxcDVkb0lWTmFYR3ZrYTZYR2VsR1V1N1BCVGJVTU9fbHNZemtoeTZyVU5SVzM0TEdjbkhOTXNjTGJVT3hPZC1UNVJWNlBXNFdaUlY1Y2x4UElLamFERlJnSXNPN3VFdjgxX1N1QzdPMWpZWHVmSUhFVDJVYjFJQUtPSXVCVEpNd01ua1RBdzRIZU44bm5GMWZmSDMtY2ZEbi01TUhScFpYUV9rQnNacWx0VHRkTkp5TVZiZG1BMlhKQkVscnBYTGRrS0hHajRkZlJ2RjlMS05xY21IT3Y4U200UllJdGt0d2pod2FKa1JCRlRCWGhNUW0ta3VET3FkRGUwTC1PUGpnTkRzOXd3NlJtcW9ibGprNXNVRWExNHVFR3NxblVCdFcyM0lxbTlWVkxOWDNrVXFsVnF0ZFAzZGpjM0h4ek5uUnk3dW5ibjg4LWZONzVrbnN4RXZvRjAj
IP
5.230.73.190:443
ASN
#12586 GHOSTnet GmbH

Requested by
https://3ddc47ac.6d2e589211c0928645bd553e.workers.dev/?qrc=gwillmott@onestreamsoftware.com
Certificate
IssuerLet's Encrypt
Subjectmarvelcakemarvelcake.us
FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD
ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT

File type
HTML document, ASCII text, with very long lines (508), with CRLF, LF line terminators
Size
625 B (625 bytes)
Hash
427df96e9f358b56849353d8cc13b2af
bb74bd876662f28f5f50e776f5faf45bf63a6def
d7fcdbcf3f5a316a8555b57fc1828f55d2b7e2222bc7794e2e19144fe9cbc375

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /?uahpkyt6k=aHR0cHM6Ly9vbmVzdHJlYW0ub2t0YS5jb20vYXBwL29mZmljZTM2NS9leGs2M2x2cGc0TVB4ZkpMRzF0Ny9zc28vd3NmZWQvcGFzc2l2ZT9sb2dpbl9oaW50PWd3aWxsbW90dCU0MG9uZXN0cmVhbXNvZnR3YXJlLmNvbSZjbGllbnQtcmVxdWVzdC1pZD01YmY5OWJhNC05YzJiLTk3ODYtMjYyMy0xN2EzYzk4NzUzZmEmdXNlcm5hbWU9Z3dpbGxtb3R0JTQwb25lc3RyZWFtc29mdHdhcmUuY29tJndhPXdzaWduaW4xLjAmd3RyZWFsbT11cm4lM2FmZWRlcmF0aW9uJTNhTWljcm9zb2Z0T25saW5lJndjdHg9ZXN0c3JlZGlyZWN0JTNkMiUyNmVzdHNyZXF1ZXN0JTNkclFRSUFSQUFqVkU3Yk5OUUFNeUxVOU9XWDlXRmdhSElvQTVGVHZ4aUo3WWpJVFdwVTRXNGJhSTZfYVFWaWx6bk9YRmotd1ZfNGlSVlYyQ3NXQ3BSeEFCSVNFWGlONkZPU0V4MG9Rc01uVHBXQ0NIRVZCQURDU3hzY01QcGREcmRjRGRCd0NoTVhXSC1JRTczbVdaMEhkSWE2cXVfNEl3T2p6emUtYjU2OWY2dDdmSExGeDY5dTYzODJBVmpkYzlydXFsWURQdWVpWEVqaW5YZDBGQlV3MVlNQjJyc05RQUhBQndEY0RjOFZnc00wN1N3NTAxaUc3bWVnMVRMeGJvWHFNN3ZfRzZZVDdKQ2d1SDV1QUJGSVNrd29zQkVHUjJ4U2I1YXBWVVkxMml1NTlLaWtHQnBqWU5WQlBVMWxtV0Z3X0Q1UXRyMzZ2RS1ZY2Zvb21faElSMDdWcVdKWGU4ZXNRMmtzamN6NWM3V3B0TlRzTGpnTC1kYm5HSnpMUVczUzA2LXZieVE0ZXlhaU9hTWxmVnNZR2FramkwRmxwa1Y1dDFPcS14TFdhVi1mYUhxcDVkb0lWTmFYR3ZrYTZYR2VsR1V1N1BCVGJVTU9fbHNZemtoeTZyVU5SVzM0TEdjbkhOTXNjTGJVT3hPZC1UNVJWNlBXNFdaUlY1Y2x4UElLamFERlJnSXNPN3VFdjgxX1N1QzdPMWpZWHVmSUhFVDJVYjFJQUtPSXVCVEpNd01ua1RBdzRIZU44bm5GMWZmSDMtY2ZEbi01TUhScFpYUV9rQnNacWx0VHRkTkp5TVZiZG1BMlhKQkVscnBYTGRrS0hHajRkZlJ2RjlMS05xY21IT3Y4U200UllJdGt0d2pod2FKa1JCRlRCWGhNUW0ta3VET3FkRGUwTC1PUGpnTkRzOXd3NlJtcW9ibGprNXNVRWExNHVFR3NxblVCdFcyM0lxbTlWVkxOWDNrVXFsVnF0ZFAzZGpjM0h4ek5uUnk3dW5ibjg4LWZONzVrbnN4RXZvRjAj HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3ddc47ac.6d2e589211c0928645bd553e.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=clbCN0rLRooB; qPdM.sig=hkjmU6FtFbFe98Dq_5DlHRp9EOI; ClientId=725AD44C1270454B877962511C32AF7F; OIDC=1; OpenIdConnect.nonce.v3.DQm536So2QbTZ6QaZYmjcPXoLOBcq2pRJnJwN_rKZtQ=638507728198680980.0fe367dd-a12c-4680-9853-c41de1fb3338; X-OWA-RedirectHistory=ArLym14BlMGfVWVv3Ag; buid=0.AREAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8vhSME9C8GYQIQutjJpNZq0ljRusW9pPK3dkZ2tVr4zwa47yz8t0XOn1uT_f7LjHs87i3hboLHELxN4idSPvbzMj6pWP-m_N0T-22K216k7EgAA; fpc=Au5w59oQ_6dGmUnqoju2aTKerOTJAQAAAFN5zd0OAAAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8zq6xu8Y0H90W6H6nBVNv801KEv6sM4mj10oPvOCkhR2Rlt3-2N45aSKIIB51932vmvB6m4Tyw1vNOVhnvESoJ3GBcXIbKTenrZ_4C49vl7fWmaGNIPIb9V7VZNjErcGsTXSBLCdRi5j1fL_P1YvPzYoTZD0ntMX0z33-NNkZryMgAA; cltm=CgAQABoAIgQIDBAF; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: awselb/2.0
Date: Wed, 08 May 2024 13:47:01 GMT
Content-Type: text/html
content-length: 625
Connection: close
Content-Security-Policy: default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

marvelcakemarvelcake.us/?uahpkyt6k=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1nd2lsbG1vdHQlNDBvbmVzdHJlYW1zb2Z0d2FyZS5jb20mY2xpZW50LXJlcXVlc3QtaWQ9NWJmOTliYTQtOWMyYi05Nzg2LTI2MjMtMTdhM2M5ODc1M2ZhJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUwNzcyODE5ODY4MDk4MC4wZmUzNjdkZC1hMTJjLTQ2ODAtOTg1My1jNDFkZTFmYjMzMzgmc3RhdGU9RFl0TENzTWdGQUMxUFV1WEp2NFNuNHZTb3hUckp4WFVCNG5nOWVOaVpqRXdsQkR5bkR3bWxFOFJzeXZZdURFU2hJVWR1QVctOEJUVmJrSmdUa2pQOUt6TXdxYVkxeUpFa1g1S0thRHpsU3NPdDM0S0hybDlfN24xOXpGeUtSVjdmMm1PTFY3OWpLNWVtUHB3WjF3ODFocw==

5.230.73.190

302 Found

625 B

URL GET HTTP/1.1
marvelcakemarvelcake.us/?uahpkyt6k=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1nd2lsbG1vdHQlNDBvbmVzdHJlYW1zb2Z0d2FyZS5jb20mY2xpZW50LXJlcXVlc3QtaWQ9NWJmOTliYTQtOWMyYi05Nzg2LTI2MjMtMTdhM2M5ODc1M2ZhJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUwNzcyODE5ODY4MDk4MC4wZmUzNjdkZC1hMTJjLTQ2ODAtOTg1My1jNDFkZTFmYjMzMzgmc3RhdGU9RFl0TENzTWdGQUMxUFV1WEp2NFNuNHZTb3hUckp4WFVCNG5nOWVOaVpqRXdsQkR5bkR3bWxFOFJzeXZZdURFU2hJVWR1QVctOEJUVmJrSmdUa2pQOUt6TXdxYVkxeUpFa1g1S0thRHpsU3NPdDM0S0hybDlfN24xOXpGeUtSVjdmMm1PTFY3OWpLNWVtUHB3WjF3ODFocw==
IP
5.230.73.190:443
ASN
#12586 GHOSTnet GmbH

Requested by
https://3ddc47ac.6d2e589211c0928645bd553e.workers.dev/?qrc=gwillmott@onestreamsoftware.com
Certificate
IssuerLet's Encrypt
Subjectmarvelcakemarvelcake.us
FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD
ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT

File type

Size
625 B (625 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /?uahpkyt6k=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1nd2lsbG1vdHQlNDBvbmVzdHJlYW1zb2Z0d2FyZS5jb20mY2xpZW50LXJlcXVlc3QtaWQ9NWJmOTliYTQtOWMyYi05Nzg2LTI2MjMtMTdhM2M5ODc1M2ZhJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUwNzcyODE5ODY4MDk4MC4wZmUzNjdkZC1hMTJjLTQ2ODAtOTg1My1jNDFkZTFmYjMzMzgmc3RhdGU9RFl0TENzTWdGQUMxUFV1WEp2NFNuNHZTb3hUckp4WFVCNG5nOWVOaVpqRXdsQkR5bkR3bWxFOFJzeXZZdURFU2hJVWR1QVctOEJUVmJrSmdUa2pQOUt6TXdxYVkxeUpFa1g1S0thRHpsU3NPdDM0S0hybDlfN24xOXpGeUtSVjdmMm1PTFY3OWpLNWVtUHB3WjF3ODFocw== HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3ddc47ac.6d2e589211c0928645bd553e.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=clbCN0rLRooB; qPdM.sig=hkjmU6FtFbFe98Dq_5DlHRp9EOI; ClientId=725AD44C1270454B877962511C32AF7F; OIDC=1; OpenIdConnect.nonce.v3.DQm536So2QbTZ6QaZYmjcPXoLOBcq2pRJnJwN_rKZtQ=638507728198680980.0fe367dd-a12c-4680-9853-c41de1fb3338; X-OWA-RedirectHistory=ArLym14BlMGfVWVv3Ag
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Location: https://marvelcakemarvelcake.us/?uahpkyt6k=aHR0cHM6Ly9vbmVzdHJlYW0ub2t0YS5jb20vYXBwL29mZmljZTM2NS9leGs2M2x2cGc0TVB4ZkpMRzF0Ny9zc28vd3NmZWQvcGFzc2l2ZT9sb2dpbl9oaW50PWd3aWxsbW90dCU0MG9uZXN0cmVhbXNvZnR3YXJlLmNvbSZjbGllbnQtcmVxdWVzdC1pZD01YmY5OWJhNC05YzJiLTk3ODYtMjYyMy0xN2EzYzk4NzUzZmEmdXNlcm5hbWU9Z3dpbGxtb3R0JTQwb25lc3RyZWFtc29mdHdhcmUuY29tJndhPXdzaWduaW4xLjAmd3RyZWFsbT11cm4lM2FmZWRlcmF0aW9uJTNhTWljcm9zb2Z0T25saW5lJndjdHg9ZXN0c3JlZGlyZWN0JTNkMiUyNmVzdHNyZXF1ZXN0JTNkclFRSUFSQUFqVkU3Yk5OUUFNeUxVOU9XWDlXRmdhSElvQTVGVHZ4aUo3WWpJVFdwVTRXNGJhSTZfYVFWaWx6bk9YRmotd1ZfNGlSVlYyQ3NXQ3BSeEFCSVNFWGlONkZPU0V4MG9Rc01uVHBXQ0NIRVZCQURDU3hzY01QcGREcmRjRGRCd0NoTVhXSC1JRTczbVdaMEhkSWE2cXVfNEl3T2p6emUtYjU2OWY2dDdmSExGeDY5dTYzODJBVmpkYzlydXFsWURQdWVpWEVqaW5YZDBGQlV3MVlNQjJyc05RQUhBQndEY0RjOFZnc00wN1N3NTAxaUc3bWVnMVRMeGJvWHFNN3ZfRzZZVDdKQ2d1SDV1QUJGSVNrd29zQkVHUjJ4U2I1YXBWVVkxMml1NTlLaWtHQnBqWU5WQlBVMWxtV0Z3X0Q1UXRyMzZ2RS1ZY2Zvb21faElSMDdWcVdKWGU4ZXNRMmtzamN6NWM3V3B0TlRzTGpnTC1kYm5HSnpMUVczUzA2LXZieVE0ZXlhaU9hTWxmVnNZR2FramkwRmxwa1Y1dDFPcS14TFdhVi1mYUhxcDVkb0lWTmFYR3ZrYTZYR2VsR1V1N1BCVGJVTU9fbHNZemtoeTZyVU5SVzM0TEdjbkhOTXNjTGJVT3hPZC1UNVJWNlBXNFdaUlY1Y2x4UElLamFERlJnSXNPN3VFdjgxX1N1QzdPMWpZWHVmSUhFVDJVYjFJQUtPSXVCVEpNd01ua1RBdzRIZU44bm5GMWZmSDMtY2ZEbi01TUhScFpYUV9rQnNacWx0VHRkTkp5TVZiZG1BMlhKQkVscnBYTGRrS0hHajRkZlJ2RjlMS05xY21IT3Y4U200UllJdGt0d2pod2FKa1JCRlRCWGhNUW0ta3VET3FkRGUwTC1PUGpnTkRzOXd3NlJtcW9ibGprNXNVRWExNHVFR3NxblVCdFcyM0lxbTlWVkxOWDNrVXFsVnF0ZFAzZGpjM0h4ek5uUnk3dW5ibjg4LWZONzVrbnN4RXZvRjAj
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 5b1baf36-e8cf-40d6-b126-a79ee0205a00
x-ms-ests-server: 2.1.17968.10 - SEC ProdSlices
x-ms-srs: 1.P
Referrer-Policy: strict-origin-when-cross-origin
Set-Cookie: buid=0.AREAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8vhSME9C8GYQIQutjJpNZq0ljRusW9pPK3dkZ2tVr4zwa47yz8t0XOn1uT_f7LjHs87i3hboLHELxN4idSPvbzMj6pWP-m_N0T-22K216k7EgAA; expires=Fri, 07-Jun-2024 13:47:00 GMT; path=/; secure; HttpOnly; SameSite=None
fpc=Au5w59oQ_6dGmUnqoju2aTKerOTJAQAAAFN5zd0OAAAA; expires=Fri, 07-Jun-2024 13:47:01 GMT; path=/; secure; HttpOnly; SameSite=None
esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8zq6xu8Y0H90W6H6nBVNv801KEv6sM4mj10oPvOCkhR2Rlt3-2N45aSKIIB51932vmvB6m4Tyw1vNOVhnvESoJ3GBcXIbKTenrZ_4C49vl7fWmaGNIPIb9V7VZNjErcGsTXSBLCdRi5j1fL_P1YvPzYoTZD0ntMX0z33-NNkZryMgAA; domain=marvelcakemarvelcake.us; path=/; secure; HttpOnly; SameSite=None
cltm=CgAQABoAIgQIDBAF; domain=marvelcakemarvelcake.us; path=/; secure; HttpOnly; SameSite=None
x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
stsservicecookie=estsfd; path=/; secure; samesite=none; httponly
Date: Wed, 08 May 2024 13:47:00 GMT
Connection: close
content-length: 1741
Content-Security-Policy: default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

marvelcakemarvelcake.us/?qrc=gwillmott%40onestreamsoftware.com

5.230.73.190

302 Moved Temporarily

625 B

URL GET HTTP/1.1
marvelcakemarvelcake.us/?qrc=gwillmott%40onestreamsoftware.com
IP
5.230.73.190:443
ASN
#12586 GHOSTnet GmbH

Requested by
https://3ddc47ac.6d2e589211c0928645bd553e.workers.dev/?qrc=gwillmott@onestreamsoftware.com
Certificate
IssuerLet's Encrypt
Subjectmarvelcakemarvelcake.us
FingerprintC8:12:A0:A2:28:1A:14:D0:CE:B1:9E:29:74:F6:4A:F7:45:2A:9F:CD
ValidityWed, 01 May 2024 10:45:36 GMT - Tue, 30 Jul 2024 10:45:35 GMT

File type

Size
625 B (625 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /?qrc=gwillmott%40onestreamsoftware.com HTTP/1.1
Host: marvelcakemarvelcake.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3ddc47ac.6d2e589211c0928645bd553e.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=clbCN0rLRooB; qPdM.sig=hkjmU6FtFbFe98Dq_5DlHRp9EOI
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache
Pragma: no-cache
Location: https://marvelcakemarvelcake.us/owa/?login_hint=gwillmott%40onestreamsoftware.com
Server: Microsoft-IIS/10.0
request-id: e44070b1-4a00-f78c-649d-7631d02bc26a
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-FEServer: FR2P281CA0092, FR2P281CA0092
X-RequestId: 87a5c577-e9f8-4e01-9612-4815bc6d9ad4
X-FEProxyInfo: FR2P281CA0092.DEUP281.PROD.OUTLOOK.COM
X-FEEFZInfo: FRA
MS-CV: sXBA5ABKjPdknXYx0CvCag.0
X-Powered-By: ASP.NET
Date: Wed, 08 May 2024 13:46:58 GMT
Connection: close
Content-Length: 0
Content-Security-Policy: default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (17)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (11)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size