Report - late-truth-c09c.bbptlmq.workers.dev/

Report Overview

Submitted URL
late-truth-c09c.bbptlmq.workers.dev/
IP
172.67.191.16
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-24 17:50:29
Access
public
Website Title
Sign | SharePoint
Final URL
late-truth-c09c.bbptlmq.workers.dev/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
code.jquery.com	634	2005-12-10	2012-05-21	2024-04-23	425 B	80 kB	151.101.66.137
icons.iconarchive.com	80681	2000-08-02	2012-06-20	2024-04-22	451 B	4.7 kB	104.21.235.213
late-truth-c09c.bbptlmq.workers.dev	unknown	2019-02-08	2023-04-01	2024-01-24	960 B	75 kB	104.21.84.103

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-24	medium	late-truth-c09c.bbptlmq.workers.dev/	Office365
2024-04-24	medium	late-truth-c09c.bbptlmq.workers.dev/	Office365

PhishTank

Scan Date	Severity	Indicator	Alert
2023-12-16	medium	late-truth-c09c.bbptlmq.workers.dev/	Microsoft
2023-12-16	medium	late-truth-c09c.bbptlmq.workers.dev/index_files/myscr584876.js.download	Microsoft

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	late-truth-c09c.bbptlmq.workers.dev/	416 B	2023-03-07	2024-05-01
Pretty URL late-truth-c09c.bbptlmq.workers.dev/ IP 104.21.84.103 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 13:52:25 Last Seen2024-05-01 18:41:59 Times Seen24 Hash 529cb07a7ac8b1f36c271f14eac085cc 3dfcec935eb109b9e1fb43cc830cc7cf9d603c3b e8754e9f7a4d868a1a33aba3643dbd81adc4368f930330724ef841ec76e3707e Loading...

	late-truth-c09c.bbptlmq.workers.dev/	1.2 kB	2023-12-16	2024-04-24
Pretty URL late-truth-c09c.bbptlmq.workers.dev/ IP 104.21.84.103 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-16 04:36:08 Last Seen2024-04-24 19:50:30 Times Seen4 Hash bdb188611509a2bdcfbc87451b658f26 bff9dfabad7b33a53cb30499212119ea76b3e65a d176dd4d9c601dde332fde6fe887f33571605baef58c0e0836d326aa6fc2599f Loading...

	code.jquery.com/jquery-1.9.1.js	268 kB	2023-03-07	2024-05-05
Pretty URL code.jquery.com/jquery-1.9.1.js IP 151.101.66.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:57 Last Seen2024-05-05 12:22:09 Times Seen44001 Hash 08c235d357750c657ac1db7d1cf656a9 9257afd2d46c3a189ec0d40a45722701d47e9ca5 7bd80d06c01c0340c1b9159b9b4a197db882ca18cbac8e9b9aa025e68f998d40 Loading...

HTTP Transactions (4)

URL IP Response Size

code.jquery.com/jquery-1.9.1.js

151.101.66.137

200 OK

80 kB

URL GET HTTP/2
code.jquery.com/jquery-1.9.1.js
IP
151.101.66.137:443
ASN
#54113 FASTLY

Requested by
https://late-truth-c09c.bbptlmq.workers.dev/
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
80 kB (79506 bytes)
Hash
08c235d357750c657ac1db7d1cf656a9
9257afd2d46c3a189ec0d40a45722701d47e9ca5
7bd80d06c01c0340c1b9159b9b4a197db882ca18cbac8e9b9aa025e68f998d40

HTTP Headers

GET /jquery-1.9.1.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://late-truth-c09c.bbptlmq.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-4185d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 24 Apr 2024 17:50:04 GMT
age: 8556866
x-served-by: cache-lga21952-LGA, cache-hel1410024-HEL
x-cache: HIT, HIT
x-cache-hits: 31, 3398
x-timer: S1713981005.641969,VS0,VE0
vary: Accept-Encoding
content-length: 79506
X-Firefox-Spdy: h2

icons.iconarchive.com/icons/dakirby309/simply-styled/256/Microsoft-SharePoint-2013-icon.png

104.21.235.213

200 OK

4.0 kB

URL GET HTTP/2
icons.iconarchive.com/icons/dakirby309/simply-styled/256/Microsoft-SharePoint-2013-icon.png
IP
104.21.235.213:443
ASN
#13335 CLOUDFLARENET

Requested by
https://late-truth-c09c.bbptlmq.workers.dev/
Certificate
IssuerLet's Encrypt
Subjecticonarchive.com
Fingerprint8B:23:86:CB:64:E6:12:B0:43:92:24:1F:EF:CD:6E:15:6D:DC:54:82
ValidityWed, 03 Apr 2024 02:30:20 GMT - Tue, 02 Jul 2024 02:30:19 GMT

File type
PNG image data, 256 x 256, 8-bit colormap, non-interlaced
Size
4.0 kB (4033 bytes)
Hash
3a583cb9b1e02f29498c63dcf6422f68
dc055fd8bc58c384e2d00a677d9581acf5e4775e
98af5967761222708dc79f43df493e4cc2e085376bf8d50be5560d6c6e1fa7de

HTTP Headers

GET /icons/dakirby309/simply-styled/256/Microsoft-SharePoint-2013-icon.png HTTP/1.1
Host: icons.iconarchive.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 17:50:04 GMT
content-type: image/png
content-length: 4033
last-modified: Tue, 07 Feb 2023 10:06:28 GMT
etag: "63e222a4-fc1"
cache-control: max-age=5356800
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sw7MnysKWCc4zPoeAu6jA%2F4K3negTDq2iYXeQfTsmeu9%2BRAd%2BoEt3fcIiN57t6adyMNbWIF3pbTIRXQXB7tbfRSUFbsowfpOx4uP%2Fq80EomkT3WFs91iDmqw89eSAMlZnzomSAHR5P4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8797ef000ca676de-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

late-truth-c09c.bbptlmq.workers.dev/

104.21.84.103

200 OK

37 kB

URL User Request GET HTTP/2
late-truth-c09c.bbptlmq.workers.dev/
IP
104.21.84.103:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectbbptlmq.workers.dev
FingerprintC6:B7:29:82:80:03:03:CC:F1:DC:B9:EC:29:3C:BB:64:E1:C9:00:9C
ValidityWed, 20 Mar 2024 22:34:10 GMT - Tue, 18 Jun 2024 22:34:09 GMT

File type

Size
37 kB (37092 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Office365
PhishTank	phishing	Microsoft

HTTP Headers

GET / HTTP/1.1
Host: late-truth-c09c.bbptlmq.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 17:50:04 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XpyHdQZxmvJ988ibhN4abiTk%2B8Hk0BW%2FUmB6geObbi8qy%2F20NYo7QUk9n0m51cZnPdUpM1EUcNc4wyaz2uRdY9bgLShMbm6ScjB4Q5%2BEcG7FToEC2Q4NzyR%2BQVAjnG6yK0hJNE8ULCBonC9myJ5s4D4kEsD9tg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8797eefd6ef67129-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

late-truth-c09c.bbptlmq.workers.dev/index_files/myscr584876.js.download

104.21.84.103

200 OK

37 kB

URL GET HTTP/3
late-truth-c09c.bbptlmq.workers.dev/index_files/myscr584876.js.download
IP
104.21.84.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://late-truth-c09c.bbptlmq.workers.dev/
Certificate
IssuerLet's Encrypt
Subjectbbptlmq.workers.dev
FingerprintC6:B7:29:82:80:03:03:CC:F1:DC:B9:EC:29:3C:BB:64:E1:C9:00:9C
ValidityWed, 20 Mar 2024 22:34:10 GMT - Tue, 18 Jun 2024 22:34:09 GMT

File type

Size
37 kB (37092 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Office365
PhishTank	phishing	Microsoft

HTTP Headers

GET /index_files/myscr584876.js.download HTTP/1.1
Host: late-truth-c09c.bbptlmq.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://late-truth-c09c.bbptlmq.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 17:50:04 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OZEmPhDEysqqPDqV3FiPrILv7JuUFxoz8Qlytr8GPvQbFChOPbWWrnRHIjJQ6c4VTft7kwoMSCo7wAYpLTkKEL17YeNGRVMK0Z5n6n%2BjsxEYRfAz8Aj4wy9EWMLFa13jf7U5qUJ1nOnM%2FL2xZuCOER8rlncy4w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8797eefeb9375684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (4)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate