Report - www.google.gg/amp/s/batripendar.com/auth/dVzGc/ZG9kYWlyQGR3a2xhdy5jb20=

Report Overview

Visited public
2023-10-06 23:22:54
Tags
phishing microsoft outlook
URL
www.google.gg/amp/s/batripendar.com/auth/dVzGc/ZG9kYWlyQGR3a2xhdy5jb20=
Finishing URL
genexformulasgasketsinc.xyz/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1kb2RhaXIlNDBkd2tsYXcuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTFjMTc4OTUwLTVlZGQtNmNiNi01ZDYxLTk0MzJlNjExZjFlZiZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02MzgzMjIzMTM2NzE1OTYzNzAuYzg1NDVjMGYtMzE3Yy00ZmZiLTk0YTQtNWVhYTlmZDMyNjMwJnN0YXRlPURjdEJEb01nRUVCUnFGZXhTM1JnQnBDRjZWR2FFVXBMYWlVeEpseV9MTjdmZlNtRUdMcGJKNkZIZUljTEdvTWFuZGMyT1BRd3hjV1NqWkFWYWg4VjVieXBRRXpLdnBoRFRtZ2NndXp2T05mRzgyT3Y3M0k4UC1XNDFsUVRsX05Pa05wMzV6YkYtdnNE
IP / ASN
142.250.74.35
#15169 GOOGLE
Title
Just a moment...
Phishing - Microsoft Outlook

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.google.gg	32639	2003-04-30	2013-07-11 23:02:21	2023-10-06 21:45:59	527 B	1.6 kB	142.250.74.35
batripendar.com	unknown	2023-05-02	2022-02-02 08:36:02	2023-10-05 19:45:03	507 B	477 B	185.126.4.130
28150b9b.719e4a211f53c3df1e2f329f.workers.dev	unknown	unknown	No data	No data	1.3 kB	4.8 kB	172.67.198.120
genexformulasgasketsinc.xyz	unknown	2023-09-27	2023-09-27 23:19:36	2023-10-07 00:20:43	30 kB	1.1 MB	5.230.66.245
outlook.office365.com	51	2005-06-20	2013-04-11 01:09:24	2019-03-28 09:40:06	540 B	4.5 kB	52.98.228.210
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20 07:02:03	2023-10-05 18:59:05	4.9 kB	358 kB	104.17.3.184
r4.res.office365.com	180	2005-06-20	2017-03-03 13:49:03	2023-10-05 18:12:33	3.1 kB	517 kB	23.36.79.11
ocsp.pki.goog	175	2016-06-13	2018-07-01 08:43:07	2023-10-06 18:12:05	666 B	1.4 kB	142.250.74.131

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-10-06	medium	genexformulasgasketsinc.xyz	Sinkholed
2023-10-06	medium	genexformulasgasketsinc.xyz	Sinkholed
2023-10-06	medium	genexformulasgasketsinc.xyz	Sinkholed
2023-10-06	medium	genexformulasgasketsinc.xyz	Sinkholed
2023-10-06	medium	genexformulasgasketsinc.xyz	Sinkholed
2023-10-06	medium	genexformulasgasketsinc.xyz	Sinkholed
2023-10-06	medium	genexformulasgasketsinc.xyz	Sinkholed
2023-10-06	medium	genexformulasgasketsinc.xyz	Sinkholed
2023-10-06	medium	genexformulasgasketsinc.xyz	Sinkholed
2023-10-06	medium	genexformulasgasketsinc.xyz	Sinkholed
2023-10-06	medium	genexformulasgasketsinc.xyz	Sinkholed
2023-10-06	medium	genexformulasgasketsinc.xyz	Sinkholed
2023-10-06	medium	genexformulasgasketsinc.xyz	Sinkholed
2023-10-06	medium	genexformulasgasketsinc.xyz	Sinkholed
2023-10-06	medium	genexformulasgasketsinc.xyz	Sinkholed

ThreatFox

No alerts detected

JavaScript (14)

	URL	From	Size	First Seen	Last Seen
	unknown	Function	135 B	2023-04-12	2025-05-11
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-12 04:45 Last Seen2025-05-11 11:16 Times Seen52842 Hash 8b196f1db4dde2500db87181807a6cf9 db14400ab1f3aeaf42d92486461a69f6c5ff25b3 9aee824af9dcf82139a3622c3419fe8cfef5a05555e57c2c2cf820b8a9a28b54 Loading...

	unknown	Function	127 B	2023-04-12	2025-05-10
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-12 22:43 Last Seen2025-05-10 18:15 Times Seen36866 Hash 6af3e865438c6e99086f4f5820376aea 14c9a4e9a3ea17acf14c32c608db6859e63664be 43a4ee50d79ae2f2cba9c04d2bfd18490cebd26a8a03db5984c81a96ec5c1835 Loading...

	unknown	Function	124 B	2023-04-12	2025-05-10
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-12 22:43 Last Seen2025-05-10 18:15 Times Seen36876 Hash 57f9e83d3aa0320203696ae54eef5583 a399205947a3cb57096aed70495d43f8f08ddd52 92c3d0e0f2b59f73e2b75ef3ab2565780a0cfa20cd2a16795878bd9c0830b5d6 Loading...

	unknown	Function	132 B	2023-04-12	2025-05-11
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-12 17:36 Last Seen2025-05-11 11:16 Times Seen51282 Hash 4136202eafde06eaac5ab30f64c7b6d3 ab0c6bdbbbf20bb433a8717ed4974ab0d7b4b8f2 45808df8f6562e9dbd4558c8a2fbd8985c2bba45d8f48fb209fe8d3ba2291d27 Loading...

	unknown	Function	133 B	2023-04-19	2025-05-09
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-19 15:12 Last Seen2025-05-09 16:45 Times Seen20580 Hash b7cc24b09e57cf1c8f2ee886011b6bed a1bd4b4592e026ebbe8ec0c642942216939c626e f35845c555234c3ac22320a27efcdd28e59f2a1fe7a6e840b04cfa6adb67d614 Loading...

	unknown	Function	136 B	2023-04-12	2025-05-11
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-12 17:36 Last Seen2025-05-11 11:16 Times Seen45900 Hash a2d65244292bca5fc9ff6da3d91cdb5a 2ccc91813a37a46e9e391d75229f2e3f05db5fde f1457d15eedd94183302f9f1b25c2de80c8df455506edfa6c86a213aefcfde41 Loading...

	unknown	Function	221 B	2023-04-12	2025-05-10
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-12 22:43 Last Seen2025-05-10 18:15 Times Seen36942 Hash f8cc969df414d5f5bf4cbbdf359b6957 a40121a26f3ef161110c76eeada72f032ec0e9bd a54cc6305cbf79d2cd6c119b0d21e7bde8d6985a8aca9a3a30a39b1b560cf36d Loading...

	unknown	Function	133 B	2023-04-19	2025-05-09
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-19 15:12 Last Seen2025-05-09 16:45 Times Seen21621 Hash ed0b40efa3548fa369fdf28f486665ad 3e63db35faf42f635b20b61f4ac2fdb0c697f417 63594c92ac43b33cedd7b4f742f8625aaf8f94c3628102a5c4f8ad1443ec7099 Loading...

	unknown	Function	134 B	2023-04-12	2025-05-10
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-12 22:43 Last Seen2025-05-10 18:15 Times Seen36479 Hash bcde8794db7540a9d6187781eb0d15a6 2c465f13eb66d0b112418e7201041e0602c712df 47a156efd1401190276cfad6bd8a965e560f10d7f7916d2f78f226897e30bca9 Loading...

	unknown	Function	137 B	2023-04-12	2025-05-10
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-12 22:43 Last Seen2025-05-10 18:15 Times Seen36462 Hash d33c2ca6fa9f56a9eea4356203f98ff6 21ef638e82d92a9faa7b70b18ebd243e6756b506 c849d4400c50af256ba8fa6009a4f7bfa3195ad0727de5d99b8a956bfe7bc307 Loading...

	unknown	Function	149 B	2023-04-13	2025-05-11
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-13 19:21 Last Seen2025-05-11 11:16 Times Seen41676 Hash 5692e2d6bd998bc0ba205258815d9bf4 dc9652a209a86463785a6037ecb861a6e5fda15a cb6001a3b3bf5229236650c25435ce62abc61fa6f0f380fee6e661510140e9f8 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 9e925e9341b490bfd3b4c4ca3b0c1ef2	4 B	2023-03-07 01:03	2025-05-11 13:17
Pretty Observations First Seen2023-03-07 01:03 Last Seen2025-05-11 13:17 Times Seen369069 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	#2 Eval - 94f1ad76bba3e38dedb1547c4dd87365	1.8 kB	2024-08-21 05:07	2024-08-21 05:07
Pretty Observations First Seen2024-08-21 05:07 Last Seen2024-08-21 05:07 Times Seen6 Hash 94f1ad76bba3e38dedb1547c4dd87365 b167086e053ad4b0b570932de81544c1819cf946 1b85a55addad1db3185e4afa41cea9110d2f46b08edd1ac41ca7d6faaa26521f Loading...

		Size	First Seen	Last Seen
	#1 Write - adfb1bc5b6ba91ec5ab5c54ddc225a7a	3.6 kB	2023-09-22 02:30	2024-08-21 06:07
Pretty Observations First Seen2023-09-22 02:30 Last Seen2024-08-21 06:07 Times Seen41377 Hash adfb1bc5b6ba91ec5ab5c54ddc225a7a 16d4d2247f8f343811417dce829fe7595e73995c ca2d1c64f76c12b39444ddb57fb6a2def9521e9d0d29df80eb309ac34ed23b80 Loading...

HTTP Transactions (36)

URL IP Response Size

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
4ba1494747c8fe9e29113de7dd719a11
456bbab7eddd8c046c8d9c91e025b555a9fc6e1a
3061b838d8a16047e8237dee9a28df61bc58f08134ca2f6851269bccfffe8cd4

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 06 Oct 2023 23:22:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.gg/amp/s/batripendar.com/auth/dVzGc/ZG9kYWlyQGR3a2xhdy5jb20=

142.250.74.35

256 B

URL
www.google.gg/amp/s/batripendar.com/auth/dVzGc/ZG9kYWlyQGR3a2xhdy5jb20=
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
256 B (256 bytes)
Hash
1b6a6d6757bd86e7603641b20d92ab5a
4089104bbd261582973d68ef3469708cf5d632eb
2d0efdee0e9e70815233f5a2f02bc473c6aa8e9db0e67f7111598b20ace210d2

HTTP Headers

GET /amp/s/batripendar.com/auth/dVzGc/ZG9kYWlyQGR3a2xhdy5jb20= HTTP/1.1
Host: www.google.gg
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
location: https://batripendar.com/auth/dVzGc/ZG9kYWlyQGR3a2xhdy5jb20=
cache-control: private
x-robots-tag: noindex
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=31536000
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-znTkBMGobsyh3rQcBkwWHA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/fff
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/fff"}]}
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
date: Fri, 06 Oct 2023 23:22:33 GMT
server: gws
content-length: 256
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: __Secure-ENID=15.SE=gGYEttOgTQHFw2k0jF5PPKhrCrblqgjnsi_taHq70vNvIG8GMIvcQHA51idiu9PzsAxj2CPI1nfo2qUZ5mxw72dNJl_3ns48ehmme9VZKMrwdKym-TqMCMsyghn44e037iU3oQMmMqiJAvT_WUYJ41K7YcAepU9N60w6dJgnUgA; expires=Tue, 05-Nov-2024 15:40:51 GMT; path=/; domain=.google.gg; Secure; HttpOnly; SameSite=lax
CONSENT=PENDING+488; expires=Sun, 05-Oct-2025 23:22:33 GMT; path=/; domain=.google.gg; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

batripendar.com/auth/dVzGc/ZG9kYWlyQGR3a2xhdy5jb20=

185.126.4.130

0 B

URL
batripendar.com/auth/dVzGc/ZG9kYWlyQGR3a2xhdy5jb20=
IP
185.126.4.130:0
ASN
#49100 Pishgaman Toseeh Ertebatat Company (Private Joint Stock)

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /auth/dVzGc/ZG9kYWlyQGR3a2xhdy5jb20= HTTP/1.1
Host: batripendar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
refresh: 0;url=https://28150b9b.719e4a211f53c3df1e2f329f.workers.dev/?&qrc=dodair@dwklaw.com
content-type: text/html; charset=UTF-8
cache-control: public, max-age=0
expires: Fri, 06 Oct 2023 23:22:34 GMT
content-length: 0
date: Fri, 06 Oct 2023 23:22:34 GMT
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
4ba1494747c8fe9e29113de7dd719a11
456bbab7eddd8c046c8d9c91e025b555a9fc6e1a
3061b838d8a16047e8237dee9a28df61bc58f08134ca2f6851269bccfffe8cd4

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 06 Oct 2023 23:22:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

28150b9b.719e4a211f53c3df1e2f329f.workers.dev/?&qrc=dodair@dwklaw.com

172.67.198.120

302 Found

0 B

URL User Request POST HTTP/3
28150b9b.719e4a211f53c3df1e2f329f.workers.dev/?&qrc=dodair@dwklaw.com
IP
172.67.198.120:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subject719e4a211f53c3df1e2f329f.workers.dev
FingerprintCC:FC:F8:5D:4F:75:34:AD:E2:25:7B:92:0F:29:E6:DC:2E:12:C5:BE
ValidityFri, 06 Oct 2023 21:29:11 GMT - Thu, 04 Jan 2024 21:29:10 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

POST /?&qrc=dodair@dwklaw.com HTTP/1.1
Host: 28150b9b.719e4a211f53c3df1e2f329f.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 603
Origin: https://28150b9b.719e4a211f53c3df1e2f329f.workers.dev
DNT: 1
Connection: keep-alive
Referer: https://28150b9b.719e4a211f53c3df1e2f329f.workers.dev/?&qrc=dodair@dwklaw.com
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Fri, 06 Oct 2023 23:22:41 GMT
content-length: 0
location: https://genexformulasgasketsinc.xyz?sign=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2dlbmV4Zm9ybXVsYXNnYXNrZXRzaW5jLnh5eiIsImRvbWFpbiI6ImdlbmV4Zm9ybXVsYXNnYXNrZXRzaW5jLnh5eiIsImtleSI6IkQ1ZW5PaGZWWHNOZCIsInFyYyI6ImRvZGFpckBkd2tsYXcuY29tIiwiaWF0IjoxNjk2NjM0NTYxLCJleHAiOjE2OTY2MzQ2ODF9.gVJ5PseOA01uDdmV7zYubT1f6rFtAVAFw8hSQUy62P8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Esz%2FkMhrWEYA3J5BjpWhzc6s4kFmyCTE9zhPe%2FPd1yG4IjXZPm3JSL0Zvn4DOpgZxJnq8n%2FB6R8ja22uRrpzBPD%2BeFbS%2FnUmHUUvKZDC9rCS6iWV3WJs3kJX%2BWoDUSsxVqhjTdy%2Bo2hwanMkS7gUd1104vVM3q0OTr%2BSxyRoh2A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8121a5d328ef0b59-OSL
alt-svc: h3=":443"; ma=86400

genexformulasgasketsinc.xyz/?sign=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2dlbmV4Zm9ybXVsYXNnYXNrZXRzaW5jLnh5eiIsImRvbWFpbiI6ImdlbmV4Zm9ybXVsYXNnYXNrZXRzaW5jLnh5eiIsImtleSI6IkQ1ZW5PaGZWWHNOZCIsInFyYyI6ImRvZGFpckBkd2tsYXcuY29tIiwiaWF0IjoxNjk2NjM0NTYxLCJleHAiOjE2OTY2MzQ2ODF9.gVJ5PseOA01uDdmV7zYubT1f6rFtAVAFw8hSQUy62P8

5.230.66.245

302 Found

0 B

URL User Request GET HTTP/1.1
genexformulasgasketsinc.xyz/?sign=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2dlbmV4Zm9ybXVsYXNnYXNrZXRzaW5jLnh5eiIsImRvbWFpbiI6ImdlbmV4Zm9ybXVsYXNnYXNrZXRzaW5jLnh5eiIsImtleSI6IkQ1ZW5PaGZWWHNOZCIsInFyYyI6ImRvZGFpckBkd2tsYXcuY29tIiwiaWF0IjoxNjk2NjM0NTYxLCJleHAiOjE2OTY2MzQ2ODF9.gVJ5PseOA01uDdmV7zYubT1f6rFtAVAFw8hSQUy62P8
IP
5.230.66.245:443
ASN
#12586 GHOSTnet GmbH

Certificate
IssuerLet's Encrypt
Subjectgenexformulasgasketsinc.xyz
Fingerprint74:98:FB:A9:D0:ED:2B:11:33:36:60:61:BF:3B:12:BB:B4:A3:E7:F4
ValidityFri, 06 Oct 2023 21:19:02 GMT - Thu, 04 Jan 2024 21:19:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?sign=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2dlbmV4Zm9ybXVsYXNnYXNrZXRzaW5jLnh5eiIsImRvbWFpbiI6ImdlbmV4Zm9ybXVsYXNnYXNrZXRzaW5jLnh5eiIsImtleSI6IkQ1ZW5PaGZWWHNOZCIsInFyYyI6ImRvZGFpckBkd2tsYXcuY29tIiwiaWF0IjoxNjk2NjM0NTYxLCJleHAiOjE2OTY2MzQ2ODF9.gVJ5PseOA01uDdmV7zYubT1f6rFtAVAFw8hSQUy62P8 HTTP/1.1
Host: genexformulasgasketsinc.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://28150b9b.719e4a211f53c3df1e2f329f.workers.dev/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Set-Cookie: qPdM=D5enOhfVXsNd; path=/; samesite=none; secure; httponly
qPdM.sig=o-wRaAe7aWgvVV40x25yz2jQAS0; path=/; samesite=none; secure; httponly
location: /__//?ste=fqfckt%40fymncy.eqo
Date: Fri, 06 Oct 2023 23:22:41 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked

genexformulasgasketsinc.xyz/__//?ste=fqfckt%40fymncy.eqo

5.230.66.245

302 Moved Temporarily

0 B

URL User Request GET HTTP/1.1
genexformulasgasketsinc.xyz/__//?ste=fqfckt%40fymncy.eqo
IP
5.230.66.245:443
ASN
#12586 GHOSTnet GmbH

Certificate
IssuerLet's Encrypt
Subjectgenexformulasgasketsinc.xyz
Fingerprint74:98:FB:A9:D0:ED:2B:11:33:36:60:61:BF:3B:12:BB:B4:A3:E7:F4
ValidityFri, 06 Oct 2023 21:19:02 GMT - Thu, 04 Jan 2024 21:19:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /__//?ste=fqfckt%40fymncy.eqo HTTP/1.1
Host: genexformulasgasketsinc.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://28150b9b.719e4a211f53c3df1e2f329f.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=D5enOhfVXsNd; qPdM.sig=o-wRaAe7aWgvVV40x25yz2jQAS0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache
Pragma: no-cache
Location: https://genexformulasgasketsinc.xyz/owa/?login_hint=dodair%40dwklaw.com
Server: Microsoft-IIS/10.0
request-id: dc94dee4-7d2b-d844-3e2d-6693a5b81f44
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-FEServer: FR2P281CA0183, FR2P281CA0183
X-RequestId: 6783f2bb-e97d-4967-a80d-b9fc41289c99
X-FEProxyInfo: FR2P281CA0183.DEUP281.PROD.OUTLOOK.COM
X-FEEFZInfo: FRA
MS-CV: 5N6U3Ct9RNg+LWaTpbgfRA.0
X-Powered-By: ASP.NET
Date: Fri, 06 Oct 2023 23:22:40 GMT
Connection: close
Content-Length: 0
Content-Security-Policy: default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

genexformulasgasketsinc.xyz/owa/?login_hint=dodair%40dwklaw.com

5.230.66.245

302 Found

1.4 kB

URL User Request GET HTTP/1.1
genexformulasgasketsinc.xyz/owa/?login_hint=dodair%40dwklaw.com
IP
5.230.66.245:443
ASN
#12586 GHOSTnet GmbH

Certificate
IssuerLet's Encrypt
Subjectgenexformulasgasketsinc.xyz
Fingerprint74:98:FB:A9:D0:ED:2B:11:33:36:60:61:BF:3B:12:BB:B4:A3:E7:F4
ValidityFri, 06 Oct 2023 21:19:02 GMT - Thu, 04 Jan 2024 21:19:01 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (794), with CRLF, LF line terminators
Size
1.4 kB (1374 bytes)
Hash
225d0a82ce985b22da485fde7b074e62
b267ec27871a262bd4faf0a6373e5568515e6686
b2626283be1c13d3990a191bb7645f81aaed2af8b6fd87d1731abfade26bb02a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /owa/?login_hint=dodair%40dwklaw.com HTTP/1.1
Host: genexformulasgasketsinc.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://28150b9b.719e4a211f53c3df1e2f329f.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=D5enOhfVXsNd; qPdM.sig=o-wRaAe7aWgvVV40x25yz2jQAS0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
content-length: 1374
Content-Type: text/html; charset=utf-8
Location: https://genexformulasgasketsinc.xyz/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1kb2RhaXIlNDBkd2tsYXcuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTFjMTc4OTUwLTVlZGQtNmNiNi01ZDYxLTk0MzJlNjExZjFlZiZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02MzgzMjIzMTM2NzE1OTYzNzAuYzg1NDVjMGYtMzE3Yy00ZmZiLTk0YTQtNWVhYTlmZDMyNjMwJnN0YXRlPURjdEJEb01nRUVCUnFGZXhTM1JnQnBDRjZWR2FFVXBMYWlVeEpseV9MTjdmZlNtRUdMcGJKNkZIZUljTEdvTWFuZGMyT1BRd3hjV1NqWkFWYWg4VjVieXBRRXpLdnBoRFRtZ2NndXp2T05mRzgyT3Y3M0k4UC1XNDFsUVRsX05Pa05wMzV6YkYtdnNE
Server: Microsoft-IIS/10.0
request-id: 1c178950-5edd-6cb6-5d61-9432e611f1ef
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Alt-Svc: h3=":443",h3-29=":443"
X-CalculatedFETarget: BE1P281CU022.internal.outlook.com
X-BackEndHttpStatus: 302, 302
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: ClientId=886E800EFBE4402082645195156D0D89; expires=Sun, 06-Oct-2024 23:22:47 GMT; path=/;SameSite=None; secure
ClientId=886E800EFBE4402082645195156D0D89; expires=Sun, 06-Oct-2024 23:22:47 GMT; path=/;SameSite=None; secure
OIDC=1; expires=Sat, 06-Apr-2024 23:22:47 GMT; path=/;SameSite=None; secure; HttpOnly
RoutingKeyCookie=; expires=Wed, 06-Oct-1993 23:22:47 GMT; path=/; secure
OpenIdConnect.token.v1=; expires=Wed, 06-Oct-1993 23:22:47 GMT; path=/; secure
OpenIdConnect.token.v1=; domain=genexformulasgasketsinc.xyz; expires=Wed, 06-Oct-1993 23:22:47 GMT; path=/; secure
OpenIdConnect.id_token.v1=; expires=Wed, 06-Oct-1993 23:22:47 GMT; path=/; secure
OpenIdConnect.code.v1=; expires=Wed, 06-Oct-1993 23:22:47 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; expires=Wed, 06-Oct-1993 23:22:47 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; expires=Wed, 06-Oct-1993 23:22:47 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; expires=Wed, 06-Oct-1993 23:22:47 GMT; path=/; secure
OpenIdConnect.id_token.v1=; domain=genexformulasgasketsinc.xyz; expires=Wed, 06-Oct-1993 23:22:47 GMT; path=/; secure
OpenIdConnect.code.v1=; domain=genexformulasgasketsinc.xyz; expires=Wed, 06-Oct-1993 23:22:47 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; domain=genexformulasgasketsinc.xyz; expires=Wed, 06-Oct-1993 23:22:47 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; domain=genexformulasgasketsinc.xyz; expires=Wed, 06-Oct-1993 23:22:47 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; domain=genexformulasgasketsinc.xyz; expires=Wed, 06-Oct-1993 23:22:47 GMT; path=/; secure
OpenIdConnect.nonce.v3.Qyp651jvKsSE12GCZvfi96OzZphy1ceHU6HCtN2OnCY=638322313671596370.c8545c0f-317c-4ffb-94a4-5eaa9fd32630; expires=Sat, 07-Oct-2023 00:22:47 GMT; path=/;SameSite=None; secure; HttpOnly
HostSwitchPrg=; expires=Wed, 06-Oct-1993 23:22:47 GMT; path=/; secure
OptInPrg=; expires=Wed, 06-Oct-1993 23:22:47 GMT; path=/; secure
SuiteServiceProxyKey=; expires=Wed, 06-Oct-1993 23:22:47 GMT; path=/; secure
ClientId=886E800EFBE4402082645195156D0D89; expires=Sun, 06-Oct-2024 23:22:47 GMT; path=/;SameSite=None; secure
OIDC=1; expires=Sat, 06-Apr-2024 23:22:47 GMT; path=/;SameSite=None; secure; HttpOnly
RoutingKeyCookie=; expires=Wed, 06-Oct-1993 23:22:47 GMT; path=/; secure
OpenIdConnect.token.v1=; expires=Wed, 06-Oct-1993 23:22:47 GMT; path=/; secure
OpenIdConnect.token.v1=; domain=genexformulasgasketsinc.xyz; expires=Wed, 06-Oct-1993 23:22:47 GMT; path=/; secure
OpenIdConnect.id_token.v1=; expires=Wed, 06-Oct-1993 23:22:47 GMT; path=/; secure
OpenIdConnect.code.v1=; expires=Wed, 06-Oct-1993 23:22:47 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; expires=Wed, 06-Oct-1993 23:22:47 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; expires=Wed, 06-Oct-1993 23:22:47 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; expires=Wed, 06-Oct-1993 23:22:47 GMT; path=/; secure
OpenIdConnect.id_token.v1=; domain=genexformulasgasketsinc.xyz; expires=Wed, 06-Oct-1993 23:22:47 GMT; path=/; secure
OpenIdConnect.code.v1=; domain=genexformulasgasketsinc.xyz; expires=Wed, 06-Oct-1993 23:22:47 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; domain=genexformulasgasketsinc.xyz; expires=Wed, 06-Oct-1993 23:22:47 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; domain=genexformulasgasketsinc.xyz; expires=Wed, 06-Oct-1993 23:22:47 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; domain=genexformulasgasketsinc.xyz; expires=Wed, 06-Oct-1993 23:22:47 GMT; path=/; secure
OpenIdConnect.nonce.v3.Qyp651jvKsSE12GCZvfi96OzZphy1ceHU6HCtN2OnCY=638322313671596370.c8545c0f-317c-4ffb-94a4-5eaa9fd32630; expires=Sat, 07-Oct-2023 00:22:47 GMT; path=/;SameSite=None; secure; HttpOnly
HostSwitchPrg=; expires=Wed, 06-Oct-1993 23:22:47 GMT; path=/; secure
OptInPrg=; expires=Wed, 06-Oct-1993 23:22:47 GMT; path=/; secure
SuiteServiceProxyKey=; expires=Wed, 06-Oct-1993 23:22:47 GMT; path=/; secure
X-OWA-RedirectHistory=ArLym14BUtmZJsPG2wg; expires=Sat, 07-Oct-2023 05:24:47 GMT; path=/;SameSite=None; secure; HttpOnly
X-CalculatedBETarget: BEXP281MB0279.DEUP281.PROD.OUTLOOK.COM
X-RUM-Validated: 1
X-RUM-NotUpdateQueriedPath: 1
X-RUM-NotUpdateQueriedDbCopy: 1
X-BeSku: WCS6
X-OWA-DiagnosticsInfo: 1;0;0
X-IIDs: 0
X-BackEnd-Begin: 2023-10-06T23:22:47.159
X-BackEnd-End: 2023-10-06T23:22:47.159
X-DiagInfo: BEXP281MB0279
X-BEServer: BEXP281MB0279
X-UA-Compatible: IE=EmulateIE7
X-Proxy-RoutingCorrectness: 1
X-Proxy-BackendServerStatus: 302
X-FEProxyInfo: FR3P281CA0169.DEUP281.PROD.OUTLOOK.COM
X-FEEFZInfo: HHN
X-FEServer: BE1P281CA0279, FR3P281CA0169
Report-To: {"group":"NelOfficeUpload1","max_age":7200,"endpoints":[{"url":"https://exo.nel.measure.office.net/api/report?TenantId=&FrontEnd=Cafe&DestinationEndpoint=HHN"}],"include_subdomains":true}
NEL: {"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
X-FirstHopCafeEFZ: HHN
Date: Fri, 06 Oct 2023 23:22:46 GMT
Connection: close
Content-Security-Policy: default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

genexformulasgasketsinc.xyz/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_ltjvsvk5aekta_kgibi0gg2.css

5.230.66.245

20 kB

URL GET
genexformulasgasketsinc.xyz/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_ltjvsvk5aekta_kgibi0gg2.css
IP
5.230.66.245:0
ASN
#12586 GHOSTnet GmbH

Requested by
https://genexformulasgasketsinc.xyz/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1kb2RhaXIlNDBkd2tsYXcuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTFjMTc4OTUwLTVlZGQtNmNiNi01ZDYxLTk0MzJlNjExZjFlZiZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02MzgzMjIzMTM2NzE1OTYzNzAuYzg1NDVjMGYtMzE3Yy00ZmZiLTk0YTQtNWVhYTlmZDMyNjMwJnN0YXRlPURjdEJEb01nRUVCUnFGZXhTM1JnQnBDRjZWR2FFVXBMYWlVeEpseV9MTjdmZlNtRUdMcGJKNkZIZUljTEdvTWFuZGMyT1BRd3hjV1NqWkFWYWg4VjVieXBRRXpLdnBoRFRtZ2NndXp2T05mRzgyT3Y3M0k4UC1XNDFsUVRsX05Pa05wMzV6YkYtdnNE
Certificate
IssuerLet's Encrypt
Subjectgenexformulasgasketsinc.xyz
Fingerprint74:98:FB:A9:D0:ED:2B:11:33:36:60:61:BF:3B:12:BB:B4:A3:E7:F4
ValidityFri, 06 Oct 2023 21:19:02 GMT - Thu, 04 Jan 2024 21:19:01 GMT

File type
ASCII text, with very long lines (61177)
Size
20 kB (20208 bytes)
Hash
2ed8d5b2f2b901e92d03f9068812341a
8470214fc8e246c3910bcb0eae9070d4abe3a389
1a0ea89ae667420caeae29d594d53258e6ed157dab7e8dfe6f154f0054b0cf99

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_ltjvsvk5aekta_kgibi0gg2.css HTTP/1.1
Host: genexformulasgasketsinc.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://genexformulasgasketsinc.xyz/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1kb2RhaXIlNDBkd2tsYXcuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTFjMTc4OTUwLTVlZGQtNmNiNi01ZDYxLTk0MzJlNjExZjFlZiZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02MzgzMjIzMTM2NzE1OTYzNzAuYzg1NDVjMGYtMzE3Yy00ZmZiLTk0YTQtNWVhYTlmZDMyNjMwJnN0YXRlPURjdEJEb01nRUVCUnFGZXhTM1JnQnBDRjZWR2FFVXBMYWlVeEpseV9MTjdmZlNtRUdMcGJKNkZIZUljTEdvTWFuZGMyT1BRd3hjV1NqWkFWYWg4VjVieXBRRXpLdnBoRFRtZ2NndXp2T05mRzgyT3Y3M0k4UC1XNDFsUVRsX05Pa05wMzV6YkYtdnNE
DNT: 1
Connection: keep-alive
Cookie: qPdM=D5enOhfVXsNd; qPdM.sig=o-wRaAe7aWgvVV40x25yz2jQAS0; ClientId=886E800EFBE4402082645195156D0D89; OIDC=1; OpenIdConnect.nonce.v3.Qyp651jvKsSE12GCZvfi96OzZphy1ceHU6HCtN2OnCY=638322313671596370.c8545c0f-317c-4ffb-94a4-5eaa9fd32630; X-OWA-RedirectHistory=ArLym14BUtmZJsPG2wg; buid=0.ASwAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABAAEAAAAtyolDObpQQ5VtlI4uGjEPa8DyeM1yUvTLS3sMT4N0J_i5KWeqQFyLAdTPRt9NCTIf7LU2bJg8DNNsSFj2D6DfscnQJYi2ksHF93RjP6_9jnOO5btM7ItTM2J_dQcnADIgAA; esctx=PAQABAAEAAAAtyolDObpQQ5VtlI4uGjEPq61Zgu-k8i984vsZpOYTt_D0KtkSG2-n1HtzEMnRWyK4eLYnDdtOz-5oV3YP3vfXWlg94vUrpkZ84d-GUF4jVUY0XKnp7kuKYowWLodiR3HSOZ6qMVFoLcAAe-Df0LpolH95PiEEN698F_L-gqZrxI8j_qlvsmy8nvgBD6woG7cUKYPP2KxLqsuq02dCmAufYFE1p8KZgtFx8ZPjmm0fm0-uC27OZlHyiYHPYZ5JqwogAA; fpc=ArKezIwKtQ9Dl5EUtQl8WReerOTJAQAAAMeNstwOAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Encoding: gzip
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Age: 2528262
Cache-Control: public, max-age=31536000
Content-MD5: znAMuOwBXwRYMjVZ8p4wCw==
Content-Type: text/css
Date: Fri, 06 Oct 2023 23:22:47 GMT
Etag: 0x8DBAF1F9F5D8653
Last-Modified: Wed, 06 Sep 2023 21:24:15 GMT
Server: ECAcc (frc/4CE4)
Vary: Accept-Encoding
X-Cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: ecff88b3-a01e-00e9-70ad-e13c42000000
x-ms-version: 2009-09-19
Content-Length: 20208
Connection: close

genexformulasgasketsinc.xyz/aadcdn.msftauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_jwgqf3nc9rqvzqsw0tyvVA2.js

5.230.66.245

200 OK

689 kB

URL GET HTTP/1.1
genexformulasgasketsinc.xyz/aadcdn.msftauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_jwgqf3nc9rqvzqsw0tyvVA2.js
IP
5.230.66.245:443
ASN
#12586 GHOSTnet GmbH

Requested by
https://genexformulasgasketsinc.xyz/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1kb2RhaXIlNDBkd2tsYXcuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTFjMTc4OTUwLTVlZGQtNmNiNi01ZDYxLTk0MzJlNjExZjFlZiZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02MzgzMjIzMTM2NzE1OTYzNzAuYzg1NDVjMGYtMzE3Yy00ZmZiLTk0YTQtNWVhYTlmZDMyNjMwJnN0YXRlPURjdEJEb01nRUVCUnFGZXhTM1JnQnBDRjZWR2FFVXBMYWlVeEpseV9MTjdmZlNtRUdMcGJKNkZIZUljTEdvTWFuZGMyT1BRd3hjV1NqWkFWYWg4VjVieXBRRXpLdnBoRFRtZ2NndXp2T05mRzgyT3Y3M0k4UC1XNDFsUVRsX05Pa05wMzV6YkYtdnNE
Certificate
IssuerLet's Encrypt
Subjectgenexformulasgasketsinc.xyz
Fingerprint74:98:FB:A9:D0:ED:2B:11:33:36:60:61:BF:3B:12:BB:B4:A3:E7:F4
ValidityFri, 06 Oct 2023 21:19:02 GMT - Thu, 04 Jan 2024 21:19:01 GMT

File type
\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3271), with no line terminators, ASCII text
Size
689 kB (689017 bytes)
Hash
3e89ae909c6a8d8c56396830471f3373
2632f95a5be7e4c589402bf76e800a8151cd036b
6665ca6a09f770c6679556eb86cf4234c8bdb0271049620e03199b34b4a16099

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /aadcdn.msftauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_jwgqf3nc9rqvzqsw0tyvVA2.js HTTP/1.1
Host: genexformulasgasketsinc.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://genexformulasgasketsinc.xyz/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1kb2RhaXIlNDBkd2tsYXcuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTFjMTc4OTUwLTVlZGQtNmNiNi01ZDYxLTk0MzJlNjExZjFlZiZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02MzgzMjIzMTM2NzE1OTYzNzAuYzg1NDVjMGYtMzE3Yy00ZmZiLTk0YTQtNWVhYTlmZDMyNjMwJnN0YXRlPURjdEJEb01nRUVCUnFGZXhTM1JnQnBDRjZWR2FFVXBMYWlVeEpseV9MTjdmZlNtRUdMcGJKNkZIZUljTEdvTWFuZGMyT1BRd3hjV1NqWkFWYWg4VjVieXBRRXpLdnBoRFRtZ2NndXp2T05mRzgyT3Y3M0k4UC1XNDFsUVRsX05Pa05wMzV6YkYtdnNE
DNT: 1
Connection: keep-alive
Cookie: qPdM=D5enOhfVXsNd; qPdM.sig=o-wRaAe7aWgvVV40x25yz2jQAS0; ClientId=886E800EFBE4402082645195156D0D89; OIDC=1; OpenIdConnect.nonce.v3.Qyp651jvKsSE12GCZvfi96OzZphy1ceHU6HCtN2OnCY=638322313671596370.c8545c0f-317c-4ffb-94a4-5eaa9fd32630; X-OWA-RedirectHistory=ArLym14BUtmZJsPG2wg; buid=0.ASwAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABAAEAAAAtyolDObpQQ5VtlI4uGjEPa8DyeM1yUvTLS3sMT4N0J_i5KWeqQFyLAdTPRt9NCTIf7LU2bJg8DNNsSFj2D6DfscnQJYi2ksHF93RjP6_9jnOO5btM7ItTM2J_dQcnADIgAA; esctx=PAQABAAEAAAAtyolDObpQQ5VtlI4uGjEPq61Zgu-k8i984vsZpOYTt_D0KtkSG2-n1HtzEMnRWyK4eLYnDdtOz-5oV3YP3vfXWlg94vUrpkZ84d-GUF4jVUY0XKnp7kuKYowWLodiR3HSOZ6qMVFoLcAAe-Df0LpolH95PiEEN698F_L-gqZrxI8j_qlvsmy8nvgBD6woG7cUKYPP2KxLqsuq02dCmAufYFE1p8KZgtFx8ZPjmm0fm0-uC27OZlHyiYHPYZ5JqwogAA; fpc=ArKezIwKtQ9Dl5EUtQl8WReerOTJAQAAAMeNstwOAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 689017
Content-Type: application/x-javascript
Date: Fri, 06 Oct 2023 23:22:47 GMT
Connection: keep-alive
Keep-Alive: timeout=5

genexformulasgasketsinc.xyz/aadcdn.msftauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico

5.230.66.245

17 kB

URL
genexformulasgasketsinc.xyz/aadcdn.msftauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
IP
5.230.66.245:0
ASN
#12586 GHOSTnet GmbH

Certificate
IssuerLet's Encrypt
Subjectgenexformulasgasketsinc.xyz
Fingerprint74:98:FB:A9:D0:ED:2B:11:33:36:60:61:BF:3B:12:BB:B4:A3:E7:F4
ValidityFri, 06 Oct 2023 21:19:02 GMT - Thu, 04 Jan 2024 21:19:01 GMT

File type
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors\012- data
Size
17 kB (17174 bytes)
Hash
12e3dac858061d088023b2bd48e2fa96
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /aadcdn.msftauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1
Host: genexformulasgasketsinc.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://genexformulasgasketsinc.xyz/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1kb2RhaXIlNDBkd2tsYXcuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTFjMTc4OTUwLTVlZGQtNmNiNi01ZDYxLTk0MzJlNjExZjFlZiZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02MzgzMjIzMTM2NzE1OTYzNzAuYzg1NDVjMGYtMzE3Yy00ZmZiLTk0YTQtNWVhYTlmZDMyNjMwJnN0YXRlPURjdEJEb01nRUVCUnFGZXhTM1JnQnBDRjZWR2FFVXBMYWlVeEpseV9MTjdmZlNtRUdMcGJKNkZIZUljTEdvTWFuZGMyT1BRd3hjV1NqWkFWYWg4VjVieXBRRXpLdnBoRFRtZ2NndXp2T05mRzgyT3Y3M0k4UC1XNDFsUVRsX05Pa05wMzV6YkYtdnNE
DNT: 1
Connection: keep-alive
Cookie: qPdM=D5enOhfVXsNd; qPdM.sig=o-wRaAe7aWgvVV40x25yz2jQAS0; ClientId=886E800EFBE4402082645195156D0D89; OIDC=1; OpenIdConnect.nonce.v3.Qyp651jvKsSE12GCZvfi96OzZphy1ceHU6HCtN2OnCY=638322313671596370.c8545c0f-317c-4ffb-94a4-5eaa9fd32630; X-OWA-RedirectHistory=ArLym14BUtmZJsPG2wg; buid=0.ASwAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABAAEAAAAtyolDObpQQ5VtlI4uGjEPa8DyeM1yUvTLS3sMT4N0J_i5KWeqQFyLAdTPRt9NCTIf7LU2bJg8DNNsSFj2D6DfscnQJYi2ksHF93RjP6_9jnOO5btM7ItTM2J_dQcnADIgAA; esctx=PAQABAAEAAAAtyolDObpQQ5VtlI4uGjEPq61Zgu-k8i984vsZpOYTt_D0KtkSG2-n1HtzEMnRWyK4eLYnDdtOz-5oV3YP3vfXWlg94vUrpkZ84d-GUF4jVUY0XKnp7kuKYowWLodiR3HSOZ6qMVFoLcAAe-Df0LpolH95PiEEN698F_L-gqZrxI8j_qlvsmy8nvgBD6woG7cUKYPP2KxLqsuq02dCmAufYFE1p8KZgtFx8ZPjmm0fm0-uC27OZlHyiYHPYZ5JqwogAA; fpc=ArKezIwKtQ9Dl5EUtQl8WReerOTJAQAAAMeNstwOAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
Age: 1897934
Cache-Control: public, max-age=31536000
Content-MD5: EuPayFgGHQiAI7K9SOL6lg==
Content-Type: image/x-icon
Date: Fri, 06 Oct 2023 23:22:48 GMT
Etag: 0x8D8731240E548EB
Last-Modified: Sun, 18 Oct 2020 03:02:30 GMT
Server: ECAcc (frc/4CBA)
X-Cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 25f90f65-201e-001d-4569-e7351f000000
x-ms-version: 2009-09-19
Content-Length: 17174
Connection: close

outlook.office365.com/owa/prefetch.aspx

52.98.228.210

2.7 kB

URL
outlook.office365.com/owa/prefetch.aspx
IP
52.98.228.210:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1188), with CRLF line terminators
Size
2.7 kB (2745 bytes)
Hash
da57edec2d13ae40604f5bdc30fae950
c98a7aeb3dadd8089862457bc41187a671521090
c6d5a903d07eb61b9444729ccc44ecdac41cd892137630f1ef5ea12364a52296

HTTP Headers

GET /owa/prefetch.aspx HTTP/1.1
Host: outlook.office365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://genexformulasgasketsinc.xyz/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private, no-store
Content-Length: 2745
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/10.0
request-id: c51c25b3-9268-cbdb-43ff-3532e39fca83
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Alt-Svc: h3=":443",h3-29=":443"
X-CalculatedFETarget: MM0P280CU003.internal.outlook.com
Set-Cookie: ClientId=244F826650F241EFBEB206C946B9DC0C; expires=Sun, 06-Oct-2024 23:22:48 GMT; path=/;SameSite=None; secure
ClientId=244F826650F241EFBEB206C946B9DC0C; expires=Sun, 06-Oct-2024 23:22:48 GMT; path=/;SameSite=None; secure
OIDC=1; expires=Sat, 06-Apr-2024 23:22:48 GMT; path=/;SameSite=None; secure; HttpOnly
OWAPF=v:15.20.6863.33&l:mouse; path=/
X-CalculatedBETarget: MM0P280MB0830.SWEP280.PROD.OUTLOOK.COM
X-BackEndHttpStatus: 200, 200
X-RUM-Validated: 1
X-RUM-NotUpdateQueriedPath: 1
X-RUM-NotUpdateQueriedDbCopy: 1
X-Content-Type-Options: nosniff
X-BeSku: WCS7
X-OWA-Version: 15.20.6863.32
X-OWA-DiagnosticsInfo: 2;0;0
X-IIDs: 0
X-BackEnd-Begin: 2023-10-06T23:22:48.344
X-BackEnd-End: 2023-10-06T23:22:48.360
X-DiagInfo: MM0P280MB0830
X-BEServer: MM0P280MB0830
X-UA-Compatible: IE=EmulateIE7
X-Proxy-RoutingCorrectness: 1
X-Proxy-BackendServerStatus: 200
X-FEProxyInfo: GVYP280CA0025.SWEP280.PROD.OUTLOOK.COM
X-FEEFZInfo: GVX
Report-To: {"group":"NelOfficeUpload1","max_age":7200,"endpoints":[{"url":"https://exo.nel.measure.office.net/api/report?TenantId=&FrontEnd=Cafe&DestinationEndpoint=GVX"}],"include_subdomains":true}
NEL: {"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
X-FirstHopCafeEFZ: GVX
X-FEServer: MM0P280CA0071, GVYP280CA0025
Date: Fri, 06 Oct 2023 23:22:48 GMT

genexformulasgasketsinc.xyz/aadcdn.msftauth.net/~/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif

5.230.66.245

2.7 kB

URL
genexformulasgasketsinc.xyz/aadcdn.msftauth.net/~/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif
IP
5.230.66.245:0
ASN
#12586 GHOSTnet GmbH

Certificate
IssuerLet's Encrypt
Subjectgenexformulasgasketsinc.xyz
Fingerprint74:98:FB:A9:D0:ED:2B:11:33:36:60:61:BF:3B:12:BB:B4:A3:E7:F4
ValidityFri, 06 Oct 2023 21:19:02 GMT - Thu, 04 Jan 2024 21:19:01 GMT

File type
GIF image data, version 89a, 352 x 3\012- data
Size
2.7 kB (2672 bytes)
Hash
166de53471265253ab3a456defe6da23
17c6df4d7ccf1fa2c9efd716fbae0fc2c71c8d6d
a46201581a7c7c667fd42787cd1e9adf2f6bf809efb7596e61a03e8dba9ada13

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /aadcdn.msftauth.net/~/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif HTTP/1.1
Host: genexformulasgasketsinc.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://genexformulasgasketsinc.xyz/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1kb2RhaXIlNDBkd2tsYXcuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTFjMTc4OTUwLTVlZGQtNmNiNi01ZDYxLTk0MzJlNjExZjFlZiZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02MzgzMjIzMTM2NzE1OTYzNzAuYzg1NDVjMGYtMzE3Yy00ZmZiLTk0YTQtNWVhYTlmZDMyNjMwJnN0YXRlPURjdEJEb01nRUVCUnFGZXhTM1JnQnBDRjZWR2FFVXBMYWlVeEpseV9MTjdmZlNtRUdMcGJKNkZIZUljTEdvTWFuZGMyT1BRd3hjV1NqWkFWYWg4VjVieXBRRXpLdnBoRFRtZ2NndXp2T05mRzgyT3Y3M0k4UC1XNDFsUVRsX05Pa05wMzV6YkYtdnNE
DNT: 1
Connection: keep-alive
Cookie: qPdM=D5enOhfVXsNd; qPdM.sig=o-wRaAe7aWgvVV40x25yz2jQAS0; ClientId=886E800EFBE4402082645195156D0D89; OIDC=1; OpenIdConnect.nonce.v3.Qyp651jvKsSE12GCZvfi96OzZphy1ceHU6HCtN2OnCY=638322313671596370.c8545c0f-317c-4ffb-94a4-5eaa9fd32630; X-OWA-RedirectHistory=ArLym14BUtmZJsPG2wg; buid=0.ASwAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABAAEAAAAtyolDObpQQ5VtlI4uGjEPa8DyeM1yUvTLS3sMT4N0J_i5KWeqQFyLAdTPRt9NCTIf7LU2bJg8DNNsSFj2D6DfscnQJYi2ksHF93RjP6_9jnOO5btM7ItTM2J_dQcnADIgAA; esctx=PAQABAAEAAAAtyolDObpQQ5VtlI4uGjEPq61Zgu-k8i984vsZpOYTt_D0KtkSG2-n1HtzEMnRWyK4eLYnDdtOz-5oV3YP3vfXWlg94vUrpkZ84d-GUF4jVUY0XKnp7kuKYowWLodiR3HSOZ6qMVFoLcAAe-Df0LpolH95PiEEN698F_L-gqZrxI8j_qlvsmy8nvgBD6woG7cUKYPP2KxLqsuq02dCmAufYFE1p8KZgtFx8ZPjmm0fm0-uC27OZlHyiYHPYZ5JqwogAA; fpc=ArKezIwKtQ9Dl5EUtQl8WReerOTJAQAAAMeNstwOAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; brcap=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
Age: 1897921
Cache-Control: public, max-age=31536000
Content-MD5: Fm3lNHEmUlOrOkVt7+baIw==
Content-Type: image/gif
Date: Fri, 06 Oct 2023 23:22:48 GMT
Etag: 0x8D79A1B9F2C6EC8
Last-Modified: Thu, 16 Jan 2020 00:32:52 GMT
Server: ECAcc (frc/4CDA)
X-Cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 81a6b4bc-101e-00be-2f69-e78e7f000000
x-ms-version: 2009-09-19
Content-Length: 2672
Connection: close

genexformulasgasketsinc.xyz/aadcdn.msftauth.net/~/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif

5.230.66.245

3.6 kB

URL GET
genexformulasgasketsinc.xyz/aadcdn.msftauth.net/~/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif
IP
5.230.66.245:0
ASN
#12586 GHOSTnet GmbH

Requested by
https://genexformulasgasketsinc.xyz/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1kb2RhaXIlNDBkd2tsYXcuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTFjMTc4OTUwLTVlZGQtNmNiNi01ZDYxLTk0MzJlNjExZjFlZiZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02MzgzMjIzMTM2NzE1OTYzNzAuYzg1NDVjMGYtMzE3Yy00ZmZiLTk0YTQtNWVhYTlmZDMyNjMwJnN0YXRlPURjdEJEb01nRUVCUnFGZXhTM1JnQnBDRjZWR2FFVXBMYWlVeEpseV9MTjdmZlNtRUdMcGJKNkZIZUljTEdvTWFuZGMyT1BRd3hjV1NqWkFWYWg4VjVieXBRRXpLdnBoRFRtZ2NndXp2T05mRzgyT3Y3M0k4UC1XNDFsUVRsX05Pa05wMzV6YkYtdnNE
Certificate
IssuerLet's Encrypt
Subjectgenexformulasgasketsinc.xyz
Fingerprint74:98:FB:A9:D0:ED:2B:11:33:36:60:61:BF:3B:12:BB:B4:A3:E7:F4
ValidityFri, 06 Oct 2023 21:19:02 GMT - Thu, 04 Jan 2024 21:19:01 GMT

File type
GIF image data, version 89a, 352 x 3\012- data
Size
3.6 kB (3620 bytes)
Hash
b540a8e518037192e32c4fe58bf2dbab
3047c1db97b86f6981e0ad2f96af40cdf43511af
8737d721808655f37b333f08a90185699e7e8b9bdaaa15cdb63c8448b426f95d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /aadcdn.msftauth.net/~/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif HTTP/1.1
Host: genexformulasgasketsinc.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://genexformulasgasketsinc.xyz/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1kb2RhaXIlNDBkd2tsYXcuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTFjMTc4OTUwLTVlZGQtNmNiNi01ZDYxLTk0MzJlNjExZjFlZiZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02MzgzMjIzMTM2NzE1OTYzNzAuYzg1NDVjMGYtMzE3Yy00ZmZiLTk0YTQtNWVhYTlmZDMyNjMwJnN0YXRlPURjdEJEb01nRUVCUnFGZXhTM1JnQnBDRjZWR2FFVXBMYWlVeEpseV9MTjdmZlNtRUdMcGJKNkZIZUljTEdvTWFuZGMyT1BRd3hjV1NqWkFWYWg4VjVieXBRRXpLdnBoRFRtZ2NndXp2T05mRzgyT3Y3M0k4UC1XNDFsUVRsX05Pa05wMzV6YkYtdnNE
DNT: 1
Connection: keep-alive
Cookie: qPdM=D5enOhfVXsNd; qPdM.sig=o-wRaAe7aWgvVV40x25yz2jQAS0; ClientId=886E800EFBE4402082645195156D0D89; OIDC=1; OpenIdConnect.nonce.v3.Qyp651jvKsSE12GCZvfi96OzZphy1ceHU6HCtN2OnCY=638322313671596370.c8545c0f-317c-4ffb-94a4-5eaa9fd32630; X-OWA-RedirectHistory=ArLym14BUtmZJsPG2wg; buid=0.ASwAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABAAEAAAAtyolDObpQQ5VtlI4uGjEPa8DyeM1yUvTLS3sMT4N0J_i5KWeqQFyLAdTPRt9NCTIf7LU2bJg8DNNsSFj2D6DfscnQJYi2ksHF93RjP6_9jnOO5btM7ItTM2J_dQcnADIgAA; esctx=PAQABAAEAAAAtyolDObpQQ5VtlI4uGjEPq61Zgu-k8i984vsZpOYTt_D0KtkSG2-n1HtzEMnRWyK4eLYnDdtOz-5oV3YP3vfXWlg94vUrpkZ84d-GUF4jVUY0XKnp7kuKYowWLodiR3HSOZ6qMVFoLcAAe-Df0LpolH95PiEEN698F_L-gqZrxI8j_qlvsmy8nvgBD6woG7cUKYPP2KxLqsuq02dCmAufYFE1p8KZgtFx8ZPjmm0fm0-uC27OZlHyiYHPYZ5JqwogAA; fpc=ArKezIwKtQ9Dl5EUtQl8WReerOTJAQAAAMeNstwOAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; brcap=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
Age: 1897921
Cache-Control: public, max-age=31536000
Content-MD5: tUCo5RgDcZLjLE/li/Lbqw==
Content-Type: image/gif
Date: Fri, 06 Oct 2023 23:22:48 GMT
Etag: 0x8D79A1B9F8A840E
Last-Modified: Thu, 16 Jan 2020 00:32:52 GMT
Server: ECAcc (frc/4CFE)
X-Cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 830e51b2-d01e-000a-0a69-e75433000000
x-ms-version: 2009-09-19
Content-Length: 3620
Connection: close

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8121a5b3687bb50b

104.17.3.184

200 OK

240 kB

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8121a5b3687bb50b
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/0hid5/0x4AAAAAAALQjvPNvAHncDor/auto/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
240 kB (239836 bytes)
Hash
70f13cedc46dfc089e01dad49876f235
43bce5b86bff7172f386c03267311f445dc32af9
e23833f1415a324786ce308ded6eaeb0cf76b0d5bd66d56b51b3e3ed8036d7f7

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8121a5b3687bb50b HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/0hid5/0x4AAAAAAALQjvPNvAHncDor/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 06 Oct 2023 23:22:35 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
server: cloudflare
cf-ray: 8121a5b4b940b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

genexformulasgasketsinc.xyz/aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_f7b06b70c72b4590b779.js

5.230.66.245

170 kB

URL GET
genexformulasgasketsinc.xyz/aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_f7b06b70c72b4590b779.js
IP
5.230.66.245:0
ASN
#12586 GHOSTnet GmbH

Requested by
https://genexformulasgasketsinc.xyz/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1kb2RhaXIlNDBkd2tsYXcuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTFjMTc4OTUwLTVlZGQtNmNiNi01ZDYxLTk0MzJlNjExZjFlZiZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02MzgzMjIzMTM2NzE1OTYzNzAuYzg1NDVjMGYtMzE3Yy00ZmZiLTk0YTQtNWVhYTlmZDMyNjMwJnN0YXRlPURjdEJEb01nRUVCUnFGZXhTM1JnQnBDRjZWR2FFVXBMYWlVeEpseV9MTjdmZlNtRUdMcGJKNkZIZUljTEdvTWFuZGMyT1BRd3hjV1NqWkFWYWg4VjVieXBRRXpLdnBoRFRtZ2NndXp2T05mRzgyT3Y3M0k4UC1XNDFsUVRsX05Pa05wMzV6YkYtdnNE
Certificate
IssuerLet's Encrypt
Subjectgenexformulasgasketsinc.xyz
Fingerprint74:98:FB:A9:D0:ED:2B:11:33:36:60:61:BF:3B:12:BB:B4:A3:E7:F4
ValidityFri, 06 Oct 2023 21:19:02 GMT - Thu, 04 Jan 2024 21:19:01 GMT

File type
Unicode text, UTF-8 text, with very long lines (41132), with CRLF, LF line terminators
Size
170 kB (170176 bytes)
Hash
e345253db18f1ee1219de912e4127250
47fee99bb8d7f1aabe5fb97ee293329ecec3aa85
ba05ebae142c96934599b13de0868e190004728fe84251840f01c1dd496bcfb3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_f7b06b70c72b4590b779.js HTTP/1.1
Host: genexformulasgasketsinc.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://genexformulasgasketsinc.xyz/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1kb2RhaXIlNDBkd2tsYXcuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTFjMTc4OTUwLTVlZGQtNmNiNi01ZDYxLTk0MzJlNjExZjFlZiZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02MzgzMjIzMTM2NzE1OTYzNzAuYzg1NDVjMGYtMzE3Yy00ZmZiLTk0YTQtNWVhYTlmZDMyNjMwJnN0YXRlPURjdEJEb01nRUVCUnFGZXhTM1JnQnBDRjZWR2FFVXBMYWlVeEpseV9MTjdmZlNtRUdMcGJKNkZIZUljTEdvTWFuZGMyT1BRd3hjV1NqWkFWYWg4VjVieXBRRXpLdnBoRFRtZ2NndXp2T05mRzgyT3Y3M0k4UC1XNDFsUVRsX05Pa05wMzV6YkYtdnNE
DNT: 1
Connection: keep-alive
Cookie: qPdM=D5enOhfVXsNd; qPdM.sig=o-wRaAe7aWgvVV40x25yz2jQAS0; ClientId=886E800EFBE4402082645195156D0D89; OIDC=1; OpenIdConnect.nonce.v3.Qyp651jvKsSE12GCZvfi96OzZphy1ceHU6HCtN2OnCY=638322313671596370.c8545c0f-317c-4ffb-94a4-5eaa9fd32630; X-OWA-RedirectHistory=ArLym14BUtmZJsPG2wg; buid=0.ASwAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABAAEAAAAtyolDObpQQ5VtlI4uGjEPa8DyeM1yUvTLS3sMT4N0J_i5KWeqQFyLAdTPRt9NCTIf7LU2bJg8DNNsSFj2D6DfscnQJYi2ksHF93RjP6_9jnOO5btM7ItTM2J_dQcnADIgAA; esctx=PAQABAAEAAAAtyolDObpQQ5VtlI4uGjEPq61Zgu-k8i984vsZpOYTt_D0KtkSG2-n1HtzEMnRWyK4eLYnDdtOz-5oV3YP3vfXWlg94vUrpkZ84d-GUF4jVUY0XKnp7kuKYowWLodiR3HSOZ6qMVFoLcAAe-Df0LpolH95PiEEN698F_L-gqZrxI8j_qlvsmy8nvgBD6woG7cUKYPP2KxLqsuq02dCmAufYFE1p8KZgtFx8ZPjmm0fm0-uC27OZlHyiYHPYZ5JqwogAA; fpc=ArKezIwKtQ9Dl5EUtQl8WReerOTJAQAAAMeNstwOAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; brcap=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Encoding: gzip
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Age: 21833699
Cache-Control: public, max-age=31536000
Content-MD5: 4IV54FpGkjhhLLKq6p3FQg==
Content-Type: application/x-javascript
Date: Fri, 06 Oct 2023 23:22:48 GMT
Etag: 0x8DAFF34C512D33E
Last-Modified: Thu, 26 Jan 2023 00:32:13 GMT
Server: ECAcc (frc/4CC5)
Vary: Accept-Encoding
X-Cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: f0133895-601e-0097-2218-328124000000
x-ms-version: 2009-09-19
content-length: 24207
Connection: close
Content-Security-Policy: default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

r4.res.office365.com/owa/prem/15.20.6863.33/scripts/boot.worldwide.2.mouse.js

23.36.79.11

170 kB

URL
r4.res.office365.com/owa/prem/15.20.6863.33/scripts/boot.worldwide.2.mouse.js
IP
23.36.79.11:0
ASN
#20940 Akamai International B.V.

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators
Size
170 kB (169666 bytes)
Hash
12204899d75fc019689a92ed57559b94
ccf6271c6565495b18c1ced2f7273d5875dbfb1f
39dafd5aca286717d9515f24cf9be0c594dfd1ddf746e6973b1ce5de8b2dd21b

HTTP Headers

GET /owa/prem/15.20.6863.33/scripts/boot.worldwide.2.mouse.js HTTP/1.1
Host: r4.res.office365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://outlook.office365.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
last-modified: Thu, 05 Oct 2023 21:30:04 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: public,max-age=630720000, s-maxage=630720000
date: Fri, 06 Oct 2023 23:22:49 GMT
content-length: 169666
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

r4.res.office365.com/owa/prem/15.20.6863.33/scripts/boot.worldwide.3.mouse.js

23.36.79.11

146 kB

URL
r4.res.office365.com/owa/prem/15.20.6863.33/scripts/boot.worldwide.3.mouse.js
IP
23.36.79.11:0
ASN
#20940 Akamai International B.V.

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators
Size
146 kB (145599 bytes)
Hash
d9e3d2ce0228d2a5079478aae5759698
412f45951c6aeda5f3df2c52533171fc7bdd5961
7041d585609800051e4f451792aec2b8bd06a4f2d29ed6f5ad8841aae5107502

HTTP Headers

GET /owa/prem/15.20.6863.33/scripts/boot.worldwide.3.mouse.js HTTP/1.1
Host: r4.res.office365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://outlook.office365.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
last-modified: Thu, 05 Oct 2023 21:29:52 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: public,max-age=630720000, s-maxage=630720000
date: Fri, 06 Oct 2023 23:22:49 GMT
content-length: 145599
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

r4.res.office365.com/owa/prem/15.20.6863.33/resources/images/0/sprite1.mouse.png

23.36.79.11

132 B

URL
r4.res.office365.com/owa/prem/15.20.6863.33/resources/images/0/sprite1.mouse.png
IP
23.36.79.11:0
ASN
#20940 Akamai International B.V.

File type
PNG image data, 600 x 1, 8-bit/color RGBA, non-interlaced\012- data
Size
132 B (132 bytes)
Hash
3eda15637afeac6078f56c9dcc9bbdb8
97b900884183cb8cf99ba069eedc280c599c1b74
68c66d144855ba2bc8b8bee88bb266047367708c1e281a21b9d729b1fbd23429

HTTP Headers

GET /owa/prem/15.20.6863.33/resources/images/0/sprite1.mouse.png HTTP/1.1
Host: r4.res.office365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://outlook.office365.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-length: 132
content-type: image/png
last-modified: Thu, 05 Oct 2023 21:42:08 GMT
server: AkamaiNetStorage
cache-control: public,max-age=630720000, s-maxage=630720000
date: Fri, 06 Oct 2023 23:22:49 GMT
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/687864359:1696633722:LIqcY87eVEOJ14wGq_abP64MTYdDyXpRCmtPs6qhJfY/8121a5b3687bb50b/dc6bfc3f20a7626

104.17.3.184

200 OK

19 kB

URL POST HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/687864359:1696633722:LIqcY87eVEOJ14wGq_abP64MTYdDyXpRCmtPs6qhJfY/8121a5b3687bb50b/dc6bfc3f20a7626
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/0hid5/0x4AAAAAAALQjvPNvAHncDor/auto/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (3584), with no line terminators
Size
19 kB (18963 bytes)
Hash
443f7429cbe61922ff21bf7655b3b84a
09612be12ad449f4ac110f2387edb684b7290764
df575669612dcab81bb57c770be8cd0c94482f79def6a8471ddb5b3a938747ba

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/687864359:1696633722:LIqcY87eVEOJ14wGq_abP64MTYdDyXpRCmtPs6qhJfY/8121a5b3687bb50b/dc6bfc3f20a7626 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/0hid5/0x4AAAAAAALQjvPNvAHncDor/auto/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: dc6bfc3f20a7626
Content-Length: 25202
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 06 Oct 2023 23:22:40 GMT
content-type: text/html; charset=UTF-8
cf-chl-out: YkGKaZFZwQaUhQbg4RHnAxyXoQp38EUlVO4+tztGstO19Kh0E1e63zHvJ3hLwQ2Mo7xhlXg7M157Sm19Io3H7lM+75OxCpfEt/JWQHWZDLVtAyaQz8Gcf8rcHIL69g2U$J0gQTcvLPpTRD1EC3Z/HvQ==
cf-chl-out-s: ULX9Lpzx+AePcKpAkjs507Foo/hqCscyKS4duRLdphXxVvPGWAZ59ceH2ov9XHm9nd6rxb5mQDdmvK+PS9fSJSyFsTv38MvN2o1MnTaAn9JVcnE0d70G0vcFuk9E6/D9XDe/5oDPQMjwO838uNPVg+10CJeqFi0N7eVMVjBVbW1nf/MQGLLneBVyqO/3ICmuDWH/Le+iCHD2mwTpvZwXl7jAhJP3mTDMStlF9d7cHnGWCIE1r0/EJ1Vi0tA2m3HpJUVp8v1bReNuwWKqeCCWJw==$Zmn4S52TD+23gCFUebtuAg==
server: cloudflare
cf-ray: 8121a5d27869b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

r4.res.office365.com/owa/prem/15.20.6863.33/resources/styles/0/boot.worldwide.mouse.css

23.36.79.11

44 kB

URL
r4.res.office365.com/owa/prem/15.20.6863.33/resources/styles/0/boot.worldwide.mouse.css
IP
23.36.79.11:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
44 kB (44144 bytes)
Hash
af8d946b64d139a380cf3a1c27bdbeb0
c76845b6ffeaf14450795c550260eb618abd60ab
37619b16288166cc76403f0b7df6586349b2d5628de00d5850c815d019b17904

HTTP Headers

GET /owa/prem/15.20.6863.33/resources/styles/0/boot.worldwide.mouse.css HTTP/1.1
Host: r4.res.office365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://outlook.office365.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: text/css
last-modified: Thu, 05 Oct 2023 21:42:37 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: public,max-age=630720000, s-maxage=630720000
date: Fri, 06 Oct 2023 23:22:49 GMT
content-length: 44144
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

genexformulasgasketsinc.xyz/aadcdn.msftauth.net/~/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg

5.230.66.245

987 B

URL
genexformulasgasketsinc.xyz/aadcdn.msftauth.net/~/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg
IP
5.230.66.245:0
ASN
#12586 GHOSTnet GmbH

Certificate
IssuerLet's Encrypt
Subjectgenexformulasgasketsinc.xyz
Fingerprint74:98:FB:A9:D0:ED:2B:11:33:36:60:61:BF:3B:12:BB:B4:A3:E7:F4
ValidityFri, 06 Oct 2023 21:19:02 GMT - Thu, 04 Jan 2024 21:19:01 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 4.2.9], baseline, precision 8, 50x28, components 3\012- data
Size
987 B (987 bytes)
Hash
e58aafc980614a9cd7796bea7b5ea8f0
d4cac92dcde0caf7c571e6d791101da94fdbd2ca
8b34a475187302935336bf43a2bf2a4e0adb9a1e87953ea51f6fcf0ef52a4a1d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /aadcdn.msftauth.net/~/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg HTTP/1.1
Host: genexformulasgasketsinc.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://genexformulasgasketsinc.xyz/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1kb2RhaXIlNDBkd2tsYXcuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTFjMTc4OTUwLTVlZGQtNmNiNi01ZDYxLTk0MzJlNjExZjFlZiZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02MzgzMjIzMTM2NzE1OTYzNzAuYzg1NDVjMGYtMzE3Yy00ZmZiLTk0YTQtNWVhYTlmZDMyNjMwJnN0YXRlPURjdEJEb01nRUVCUnFGZXhTM1JnQnBDRjZWR2FFVXBMYWlVeEpseV9MTjdmZlNtRUdMcGJKNkZIZUljTEdvTWFuZGMyT1BRd3hjV1NqWkFWYWg4VjVieXBRRXpLdnBoRFRtZ2NndXp2T05mRzgyT3Y3M0k4UC1XNDFsUVRsX05Pa05wMzV6YkYtdnNE
DNT: 1
Connection: keep-alive
Cookie: qPdM=D5enOhfVXsNd; qPdM.sig=o-wRaAe7aWgvVV40x25yz2jQAS0; ClientId=886E800EFBE4402082645195156D0D89; OIDC=1; OpenIdConnect.nonce.v3.Qyp651jvKsSE12GCZvfi96OzZphy1ceHU6HCtN2OnCY=638322313671596370.c8545c0f-317c-4ffb-94a4-5eaa9fd32630; X-OWA-RedirectHistory=ArLym14BUtmZJsPG2wg; buid=0.ASwAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABAAEAAAAtyolDObpQQ5VtlI4uGjEPa8DyeM1yUvTLS3sMT4N0J_i5KWeqQFyLAdTPRt9NCTIf7LU2bJg8DNNsSFj2D6DfscnQJYi2ksHF93RjP6_9jnOO5btM7ItTM2J_dQcnADIgAA; esctx=PAQABAAEAAAAtyolDObpQQ5VtlI4uGjEPq61Zgu-k8i984vsZpOYTt_D0KtkSG2-n1HtzEMnRWyK4eLYnDdtOz-5oV3YP3vfXWlg94vUrpkZ84d-GUF4jVUY0XKnp7kuKYowWLodiR3HSOZ6qMVFoLcAAe-Df0LpolH95PiEEN698F_L-gqZrxI8j_qlvsmy8nvgBD6woG7cUKYPP2KxLqsuq02dCmAufYFE1p8KZgtFx8ZPjmm0fm0-uC27OZlHyiYHPYZ5JqwogAA; fpc=ArKezIwKtQ9Dl5EUtQl8WReerOTJAQAAAMeNstwOAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; brcap=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
Age: 1896386
Cache-Control: public, max-age=31536000
Content-MD5: 5YqvyYBhSpzXeWvqe16o8A==
Content-Type: image/jpeg
Date: Fri, 06 Oct 2023 23:22:49 GMT
Etag: 0x8D7D287001BC861
Last-Modified: Fri, 27 Mar 2020 19:42:36 GMT
Server: ECAcc (frc/4CBC)
X-Cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 30566150-e01e-0095-676c-e73a5b000000
x-ms-version: 2009-09-19
Content-Length: 987
Connection: close

genexformulasgasketsinc.xyz/aadcdn.msftauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg

5.230.66.245

1.4 kB

URL
genexformulasgasketsinc.xyz/aadcdn.msftauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
IP
5.230.66.245:0
ASN
#12586 GHOSTnet GmbH

Certificate
IssuerLet's Encrypt
Subjectgenexformulasgasketsinc.xyz
Fingerprint74:98:FB:A9:D0:ED:2B:11:33:36:60:61:BF:3B:12:BB:B4:A3:E7:F4
ValidityFri, 06 Oct 2023 21:19:02 GMT - Thu, 04 Jan 2024 21:19:01 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (3651), with no line terminators
Size
1.4 kB (1435 bytes)
Hash
ee5c8d9fb6248c938fd0dc19370e90bd
d01a22720918b781338b5bbf9202b241a5f99ee4
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /aadcdn.msftauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1
Host: genexformulasgasketsinc.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://genexformulasgasketsinc.xyz/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1kb2RhaXIlNDBkd2tsYXcuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTFjMTc4OTUwLTVlZGQtNmNiNi01ZDYxLTk0MzJlNjExZjFlZiZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02MzgzMjIzMTM2NzE1OTYzNzAuYzg1NDVjMGYtMzE3Yy00ZmZiLTk0YTQtNWVhYTlmZDMyNjMwJnN0YXRlPURjdEJEb01nRUVCUnFGZXhTM1JnQnBDRjZWR2FFVXBMYWlVeEpseV9MTjdmZlNtRUdMcGJKNkZIZUljTEdvTWFuZGMyT1BRd3hjV1NqWkFWYWg4VjVieXBRRXpLdnBoRFRtZ2NndXp2T05mRzgyT3Y3M0k4UC1XNDFsUVRsX05Pa05wMzV6YkYtdnNE
DNT: 1
Connection: keep-alive
Cookie: qPdM=D5enOhfVXsNd; qPdM.sig=o-wRaAe7aWgvVV40x25yz2jQAS0; ClientId=886E800EFBE4402082645195156D0D89; OIDC=1; OpenIdConnect.nonce.v3.Qyp651jvKsSE12GCZvfi96OzZphy1ceHU6HCtN2OnCY=638322313671596370.c8545c0f-317c-4ffb-94a4-5eaa9fd32630; X-OWA-RedirectHistory=ArLym14BUtmZJsPG2wg; buid=0.ASwAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABAAEAAAAtyolDObpQQ5VtlI4uGjEPa8DyeM1yUvTLS3sMT4N0J_i5KWeqQFyLAdTPRt9NCTIf7LU2bJg8DNNsSFj2D6DfscnQJYi2ksHF93RjP6_9jnOO5btM7ItTM2J_dQcnADIgAA; esctx=PAQABAAEAAAAtyolDObpQQ5VtlI4uGjEPq61Zgu-k8i984vsZpOYTt_D0KtkSG2-n1HtzEMnRWyK4eLYnDdtOz-5oV3YP3vfXWlg94vUrpkZ84d-GUF4jVUY0XKnp7kuKYowWLodiR3HSOZ6qMVFoLcAAe-Df0LpolH95PiEEN698F_L-gqZrxI8j_qlvsmy8nvgBD6woG7cUKYPP2KxLqsuq02dCmAufYFE1p8KZgtFx8ZPjmm0fm0-uC27OZlHyiYHPYZ5JqwogAA; fpc=ArKezIwKtQ9Dl5EUtQl8WReerOTJAQAAAMeNstwOAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; brcap=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Encoding: gzip
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
Age: 1897931
Cache-Control: public, max-age=31536000
Content-MD5: nzaLxFgP7ZB3dfMcaybWzw==
Content-Type: image/svg+xml
Date: Fri, 06 Oct 2023 23:22:49 GMT
Etag: 0x8D79A1B9F5E121A
Last-Modified: Thu, 16 Jan 2020 00:32:52 GMT
Server: ECAcc (frc/4CFA)
Vary: Accept-Encoding
X-Cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: cc6c0fe3-f01e-00d8-2e69-e73651000000
x-ms-version: 2009-09-19
Content-Length: 1435
Connection: close

genexformulasgasketsinc.xyz/aadcdn.msftauth.net/~/shared/1.0/content/images/appbackgrounds/49_7916a894ebde7d29c2cc29b267f1299f.jpg

5.230.66.245

18 kB

URL
genexformulasgasketsinc.xyz/aadcdn.msftauth.net/~/shared/1.0/content/images/appbackgrounds/49_7916a894ebde7d29c2cc29b267f1299f.jpg
IP
5.230.66.245:0
ASN
#12586 GHOSTnet GmbH

Certificate
IssuerLet's Encrypt
Subjectgenexformulasgasketsinc.xyz
Fingerprint74:98:FB:A9:D0:ED:2B:11:33:36:60:61:BF:3B:12:BB:B4:A3:E7:F4
ValidityFri, 06 Oct 2023 21:19:02 GMT - Thu, 04 Jan 2024 21:19:01 GMT

File type
JPEG image data, baseline, precision 8, 1920x1080, components 3\012- data
Size
18 kB (17453 bytes)
Hash
7916a894ebde7d29c2cc29b267f1299f
78345ca08f9e2c3c2cc9b318950791b349211296
d8f5ab3e00202fd3b45be1acd95d677b137064001e171bc79b06826d98f1e1d3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /aadcdn.msftauth.net/~/shared/1.0/content/images/appbackgrounds/49_7916a894ebde7d29c2cc29b267f1299f.jpg HTTP/1.1
Host: genexformulasgasketsinc.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://genexformulasgasketsinc.xyz/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1kb2RhaXIlNDBkd2tsYXcuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTFjMTc4OTUwLTVlZGQtNmNiNi01ZDYxLTk0MzJlNjExZjFlZiZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02MzgzMjIzMTM2NzE1OTYzNzAuYzg1NDVjMGYtMzE3Yy00ZmZiLTk0YTQtNWVhYTlmZDMyNjMwJnN0YXRlPURjdEJEb01nRUVCUnFGZXhTM1JnQnBDRjZWR2FFVXBMYWlVeEpseV9MTjdmZlNtRUdMcGJKNkZIZUljTEdvTWFuZGMyT1BRd3hjV1NqWkFWYWg4VjVieXBRRXpLdnBoRFRtZ2NndXp2T05mRzgyT3Y3M0k4UC1XNDFsUVRsX05Pa05wMzV6YkYtdnNE
DNT: 1
Connection: keep-alive
Cookie: qPdM=D5enOhfVXsNd; qPdM.sig=o-wRaAe7aWgvVV40x25yz2jQAS0; ClientId=886E800EFBE4402082645195156D0D89; OIDC=1; OpenIdConnect.nonce.v3.Qyp651jvKsSE12GCZvfi96OzZphy1ceHU6HCtN2OnCY=638322313671596370.c8545c0f-317c-4ffb-94a4-5eaa9fd32630; X-OWA-RedirectHistory=ArLym14BUtmZJsPG2wg; buid=0.ASwAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABAAEAAAAtyolDObpQQ5VtlI4uGjEPa8DyeM1yUvTLS3sMT4N0J_i5KWeqQFyLAdTPRt9NCTIf7LU2bJg8DNNsSFj2D6DfscnQJYi2ksHF93RjP6_9jnOO5btM7ItTM2J_dQcnADIgAA; esctx=PAQABAAEAAAAtyolDObpQQ5VtlI4uGjEPq61Zgu-k8i984vsZpOYTt_D0KtkSG2-n1HtzEMnRWyK4eLYnDdtOz-5oV3YP3vfXWlg94vUrpkZ84d-GUF4jVUY0XKnp7kuKYowWLodiR3HSOZ6qMVFoLcAAe-Df0LpolH95PiEEN698F_L-gqZrxI8j_qlvsmy8nvgBD6woG7cUKYPP2KxLqsuq02dCmAufYFE1p8KZgtFx8ZPjmm0fm0-uC27OZlHyiYHPYZ5JqwogAA; fpc=ArKezIwKtQ9Dl5EUtQl8WReerOTJAQAAAMeNstwOAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; brcap=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
Age: 1896386
Cache-Control: public, max-age=31536000
Content-MD5: eRaolOvefSnCzCmyZ/Epnw==
Content-Type: image/jpeg
Date: Fri, 06 Oct 2023 23:22:49 GMT
Etag: 0x8D7D2870015D3DE
Last-Modified: Fri, 27 Mar 2020 19:42:36 GMT
Server: ECAcc (frc/4C92)
X-Cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 59738aa8-c01e-0057-1a6c-e7e81b000000
x-ms-version: 2009-09-19
Content-Length: 17453
Connection: close

genexformulasgasketsinc.xyz/aadcdn.msftauth.net/~/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png

5.230.66.245

5.1 kB

URL
genexformulasgasketsinc.xyz/aadcdn.msftauth.net/~/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png
IP
5.230.66.245:0
ASN
#12586 GHOSTnet GmbH

Certificate
IssuerLet's Encrypt
Subjectgenexformulasgasketsinc.xyz
Fingerprint74:98:FB:A9:D0:ED:2B:11:33:36:60:61:BF:3B:12:BB:B4:A3:E7:F4
ValidityFri, 06 Oct 2023 21:19:02 GMT - Thu, 04 Jan 2024 21:19:01 GMT

File type
PNG image data, 342 x 72, 8-bit/color RGBA, non-interlaced\012- data
Size
5.1 kB (5139 bytes)
Hash
8b36337037cff88c3df203bb73d58e41
1ada36fa207b8b96b2a5f55078bfe2a97acead0e
e4e1e65871749d18aea150643c07e0aab2057da057c6c57ec1c3c43580e1c898

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /aadcdn.msftauth.net/~/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png HTTP/1.1
Host: genexformulasgasketsinc.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://genexformulasgasketsinc.xyz/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1kb2RhaXIlNDBkd2tsYXcuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTFjMTc4OTUwLTVlZGQtNmNiNi01ZDYxLTk0MzJlNjExZjFlZiZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02MzgzMjIzMTM2NzE1OTYzNzAuYzg1NDVjMGYtMzE3Yy00ZmZiLTk0YTQtNWVhYTlmZDMyNjMwJnN0YXRlPURjdEJEb01nRUVCUnFGZXhTM1JnQnBDRjZWR2FFVXBMYWlVeEpseV9MTjdmZlNtRUdMcGJKNkZIZUljTEdvTWFuZGMyT1BRd3hjV1NqWkFWYWg4VjVieXBRRXpLdnBoRFRtZ2NndXp2T05mRzgyT3Y3M0k4UC1XNDFsUVRsX05Pa05wMzV6YkYtdnNE
DNT: 1
Connection: keep-alive
Cookie: qPdM=D5enOhfVXsNd; qPdM.sig=o-wRaAe7aWgvVV40x25yz2jQAS0; ClientId=886E800EFBE4402082645195156D0D89; OIDC=1; OpenIdConnect.nonce.v3.Qyp651jvKsSE12GCZvfi96OzZphy1ceHU6HCtN2OnCY=638322313671596370.c8545c0f-317c-4ffb-94a4-5eaa9fd32630; X-OWA-RedirectHistory=ArLym14BUtmZJsPG2wg; buid=0.ASwAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABAAEAAAAtyolDObpQQ5VtlI4uGjEPa8DyeM1yUvTLS3sMT4N0J_i5KWeqQFyLAdTPRt9NCTIf7LU2bJg8DNNsSFj2D6DfscnQJYi2ksHF93RjP6_9jnOO5btM7ItTM2J_dQcnADIgAA; esctx=PAQABAAEAAAAtyolDObpQQ5VtlI4uGjEPq61Zgu-k8i984vsZpOYTt_D0KtkSG2-n1HtzEMnRWyK4eLYnDdtOz-5oV3YP3vfXWlg94vUrpkZ84d-GUF4jVUY0XKnp7kuKYowWLodiR3HSOZ6qMVFoLcAAe-Df0LpolH95PiEEN698F_L-gqZrxI8j_qlvsmy8nvgBD6woG7cUKYPP2KxLqsuq02dCmAufYFE1p8KZgtFx8ZPjmm0fm0-uC27OZlHyiYHPYZ5JqwogAA; fpc=ArKezIwKtQ9Dl5EUtQl8WReerOTJAQAAAMeNstwOAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; brcap=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
Age: 1896808
Cache-Control: public, max-age=31536000
Content-MD5: izYzcDfP+Iw98gO7c9WOQQ==
Content-Type: image/png
Date: Fri, 06 Oct 2023 23:22:49 GMT
Etag: 0x8D7AF695D6C58F2
Last-Modified: Wed, 12 Feb 2020 03:12:17 GMT
Server: ECAcc (frc/4CB3)
X-Cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 58544140-501e-007a-096b-e7a633000000
x-ms-version: 2009-09-19
Content-Length: 5139
Connection: close

r4.res.office365.com/owa/prem/15.20.6863.33/resources/styles/fonts/office365icons.woff

23.36.79.11

78 kB

URL
r4.res.office365.com/owa/prem/15.20.6863.33/resources/styles/fonts/office365icons.woff
IP
23.36.79.11:0
ASN
#20940 Akamai International B.V.

File type
Web Open Font Format, TrueType, length 77596, version 1.0\012- data
Size
78 kB (77596 bytes)
Hash
343f04165d332680874f4dc072e86cf7
d42b7257282b914c976c00c5024f1cc96759da57
d689295b1e30160484089417c94a24292d734ef091942ef091899fafe62b2b6a

HTTP Headers

GET /owa/prem/15.20.6863.33/resources/styles/fonts/office365icons.woff HTTP/1.1
Host: r4.res.office365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://outlook.office365.com
DNT: 1
Connection: keep-alive
Referer: https://r4.res.office365.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
last-modified: Thu, 05 Oct 2023 21:42:56 GMT
server: AkamaiNetStorage
content-length: 77596
cache-control: public,max-age=630720000, s-maxage=630720000
date: Fri, 06 Oct 2023 23:22:49 GMT
timing-allow-origin: *
access-control-allow-origin: *
content-type: application/font-woff
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

r4.res.office365.com/owa/prem/15.20.6863.33/resources/styles/fonts/office365icons.woff

23.36.79.11

78 kB

URL
r4.res.office365.com/owa/prem/15.20.6863.33/resources/styles/fonts/office365icons.woff
IP
23.36.79.11:0
ASN
#20940 Akamai International B.V.

File type
Web Open Font Format, TrueType, length 77596, version 1.0\012- data
Size
78 kB (77596 bytes)
Hash
343f04165d332680874f4dc072e86cf7
d42b7257282b914c976c00c5024f1cc96759da57
d689295b1e30160484089417c94a24292d734ef091942ef091899fafe62b2b6a

HTTP Headers

GET /owa/prem/15.20.6863.33/resources/styles/fonts/office365icons.woff HTTP/1.1
Host: r4.res.office365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://outlook.office365.com
DNT: 1
Connection: keep-alive
Referer: https://outlook.office365.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
last-modified: Thu, 05 Oct 2023 21:42:56 GMT
server: AkamaiNetStorage
content-length: 77596
cache-control: public,max-age=630720000, s-maxage=630720000
date: Fri, 06 Oct 2023 23:22:49 GMT
timing-allow-origin: *
access-control-allow-origin: *
content-type: application/font-woff
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8121a5b3687bb50b/1696634555979/VL6kvwimoJhQZ3s

104.17.3.184

200 OK

61 B

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8121a5b3687bb50b/1696634555979/VL6kvwimoJhQZ3s
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/0hid5/0x4AAAAAAALQjvPNvAHncDor/auto/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
PNG image data, 87 x 2, 8-bit/color RGB, non-interlaced\012- data
Size
61 B (61 bytes)
Hash
c7a5fd91ff7f4d5d48401f927018c1f8
c33b8e92227d84a1cdfb2c514b7d45c30acfe6ea
3184e25eb8d7fb9b058f8d9d3a2a325d382f4a337de53a810eabed330286f7ba

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/i/8121a5b3687bb50b/1696634555979/VL6kvwimoJhQZ3s HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/0hid5/0x4AAAAAAALQjvPNvAHncDor/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 06 Oct 2023 23:22:37 GMT
content-type: image/png
server: cloudflare
cf-ray: 8121a5c2a84fb50b-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/0hid5/0x4AAAAAAALQjvPNvAHncDor/auto/normal

104.17.3.184

200 OK

27 kB

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/0hid5/0x4AAAAAAALQjvPNvAHncDor/auto/normal
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://28150b9b.719e4a211f53c3df1e2f329f.workers.dev/?&qrc=dodair@dwklaw.com
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (14577)
Size
27 kB (27344 bytes)
Hash
a59ab10488ac8e835c930945674473d1
8fdce20a5b444f185672f7d43dc0b364a47e378e
f664c634ef03f30122f8d6d6f168e4b3c66535efbe976e3a97b80c8fc04ccb26

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/0hid5/0x4AAAAAAALQjvPNvAHncDor/auto/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://28150b9b.719e4a211f53c3df1e2f329f.workers.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 06 Oct 2023 23:22:35 GMT
content-type: text/html; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self'
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
document-policy: js-profiling
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare
cf-ray: 8121a5b3687bb50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/8121a5b3687bb50b/1696634555977/e972638fb4b850b836fd2cd5838db798e44399c10833ee5247ffa40b607b76d7/Dxo3lyXK3MObCVE

104.17.3.184

401 Unauthorized

1 B

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/8121a5b3687bb50b/1696634555977/e972638fb4b850b836fd2cd5838db798e44399c10833ee5247ffa40b607b76d7/Dxo3lyXK3MObCVE
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/0hid5/0x4AAAAAAALQjvPNvAHncDor/auto/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
ff44570aca8241914870afbc310cdb85
58668e7669fd564d99db5d581fcdb6a5618440b5
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/pat/8121a5b3687bb50b/1696634555977/e972638fb4b850b836fd2cd5838db798e44399c10833ee5247ffa40b607b76d7/Dxo3lyXK3MObCVE HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/0hid5/0x4AAAAAAALQjvPNvAHncDor/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 401 Unauthorized
date: Fri, 06 Oct 2023 23:22:37 GMT
content-type: text/plain; charset=UTF-8
www-authenticate: PrivateToken challenge=AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20g6XJjj7S4ULg2_SzVg423mORDmcEIM-5SR_-kC2B7dtcAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=, token-key=MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEA6lhnO9WkgWBEe_yC3V_mgrHdrPd31rFOv_T-Cc-kex8yXz-Q7EFWV34B6w5sgBbcWRimMjJRqMLeFsNDj6vvyRPVQZhXbTUiXaEn2Tu9P4KQo0W5ITWDSzg-T0gjIHvsafQog56mT3Bf47mYoVkBPVZXQ2wUytvDoOdhp7KfXpKSXNGqiH9SmHHbe2jZGj5qY_IPUEbNhtbSrbNBlEbWmp24OZPFRFaQueYw_4SFUHgZHLzcItw8FBXHjBPavPXixX9v5JRhapmZuLdWTCZr-EnhFfgMKMIM0ugiQWXfPR6d5-jNTJOEMniAZyR2VXJA34SBrxYSr1n96dvVw84FsQIDAQAB, max-age=20
server: cloudflare
cf-ray: 8121a5c24832b50b-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/turnstile/v0/g/dffb14d6/api.js?onload=onloadTurnstileCallback

104.17.3.184

200 OK

34 kB

URL GET HTTP/2
challenges.cloudflare.com/turnstile/v0/g/dffb14d6/api.js?onload=onloadTurnstileCallback
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://28150b9b.719e4a211f53c3df1e2f329f.workers.dev/?&qrc=dodair@dwklaw.com
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (33998)
Size
34 kB (33999 bytes)
Hash
cc3e43876d80dbb4f1bff1e8b15a9c60
3b43cbd347df372f7c1daf463b1229e4a8849195
06d063d7e58bade3ae244489087afa82f9f7c59276cdd7dcfbb2a9b5b600c5da

HTTP Headers

GET /turnstile/v0/g/dffb14d6/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://28150b9b.719e4a211f53c3df1e2f329f.workers.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 06 Oct 2023 23:22:35 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Accept-Encoding
server: cloudflare
cf-ray: 8121a5b248c3b523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

28150b9b.719e4a211f53c3df1e2f329f.workers.dev/favicon.ico

172.67.198.120

200 OK

3.3 kB

URL GET HTTP/3
28150b9b.719e4a211f53c3df1e2f329f.workers.dev/favicon.ico
IP
172.67.198.120:443
ASN
#13335 CLOUDFLARENET

Requested by
https://28150b9b.719e4a211f53c3df1e2f329f.workers.dev/?&qrc=dodair@dwklaw.com
Certificate
IssuerGoogle Trust Services LLC
Subject719e4a211f53c3df1e2f329f.workers.dev
FingerprintCC:FC:F8:5D:4F:75:34:AD:E2:25:7B:92:0F:29:E6:DC:2E:12:C5:BE
ValidityFri, 06 Oct 2023 21:29:11 GMT - Thu, 04 Jan 2024 21:29:10 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3271), with no line terminators
Size
3.3 kB (3255 bytes)
Hash
532b2a88979d76065baa0d6258cc16cc
34e3eccae6550cb6e81f2bf56de343d477d133ed
5bb6499f034299cbe39676db44c438d55a022ddb00ea8d28c3f1c078a1f70689

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 28150b9b.719e4a211f53c3df1e2f329f.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://28150b9b.719e4a211f53c3df1e2f329f.workers.dev/?&qrc=dodair@dwklaw.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 06 Oct 2023 23:22:35 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uowlXkWRBLCywGkhcUx%2B9kfq3YkG9pWepbzx2DC8comAkF0LQjL76%2BhFtQThWZsJK3ZKPtka2GNomXty5PJtKIi5IIuhfRIRYXX2FbVkIi2pOaMUDzv9H%2FxjMK%2FYcaIOC8nq6boD6rtKFxWyXrdmaPaqWQA%2BIXjANyRdmd7PR%2FQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8121a5b24b650b59-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback

104.17.3.184

302 Found

34 kB

URL GET HTTP/2
challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://28150b9b.719e4a211f53c3df1e2f329f.workers.dev/?&qrc=dodair@dwklaw.com
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type

Size
34 kB (33999 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://28150b9b.719e4a211f53c3df1e2f329f.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 06 Oct 2023 23:22:35 GMT
cache-control: max-age=300, public
access-control-allow-origin: *
vary: accept-encoding
location: /turnstile/v0/g/dffb14d6/api.js?onload=onloadTurnstileCallback
server: cloudflare
cf-ray: 8121a5b1984bb523-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/9DKbiDfWH6ZjHxgSNTG3KHa3ucVmP6rj9MHN3bQn2+U=

104.17.3.184

200 OK

61 B

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/9DKbiDfWH6ZjHxgSNTG3KHa3ucVmP6rj9MHN3bQn2+U=
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/0hid5/0x4AAAAAAALQjvPNvAHncDor/auto/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced\012- data
Size
61 B (61 bytes)
Hash
9246cca8fc3c00f50035f28e9f6b7f7d
3aa538440f70873b574f40cd793060f53ec17a5d
c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/cmg/1/9DKbiDfWH6ZjHxgSNTG3KHa3ucVmP6rj9MHN3bQn2+U= HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/0hid5/0x4AAAAAAALQjvPNvAHncDor/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 06 Oct 2023 23:22:35 GMT
content-type: image/png
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 8121a5b4a938b50b-OSL
alt-svc: h3=":443"; ma=86400

genexformulasgasketsinc.xyz/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1kb2RhaXIlNDBkd2tsYXcuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTFjMTc4OTUwLTVlZGQtNmNiNi01ZDYxLTk0MzJlNjExZjFlZiZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02MzgzMjIzMTM2NzE1OTYzNzAuYzg1NDVjMGYtMzE3Yy00ZmZiLTk0YTQtNWVhYTlmZDMyNjMwJnN0YXRlPURjdEJEb01nRUVCUnFGZXhTM1JnQnBDRjZWR2FFVXBMYWlVeEpseV9MTjdmZlNtRUdMcGJKNkZIZUljTEdvTWFuZGMyT1BRd3hjV1NqWkFWYWg4VjVieXBRRXpLdnBoRFRtZ2NndXp2T05mRzgyT3Y3M0k4UC1XNDFsUVRsX05Pa05wMzV6YkYtdnNE

5.230.66.245

200 OK

39 kB

URL User Request GET HTTP/1.1
genexformulasgasketsinc.xyz/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1kb2RhaXIlNDBkd2tsYXcuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTFjMTc4OTUwLTVlZGQtNmNiNi01ZDYxLTk0MzJlNjExZjFlZiZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02MzgzMjIzMTM2NzE1OTYzNzAuYzg1NDVjMGYtMzE3Yy00ZmZiLTk0YTQtNWVhYTlmZDMyNjMwJnN0YXRlPURjdEJEb01nRUVCUnFGZXhTM1JnQnBDRjZWR2FFVXBMYWlVeEpseV9MTjdmZlNtRUdMcGJKNkZIZUljTEdvTWFuZGMyT1BRd3hjV1NqWkFWYWg4VjVieXBRRXpLdnBoRFRtZ2NndXp2T05mRzgyT3Y3M0k4UC1XNDFsUVRsX05Pa05wMzV6YkYtdnNE
IP
5.230.66.245:443
ASN
#12586 GHOSTnet GmbH

Certificate
IssuerLet's Encrypt
Subjectgenexformulasgasketsinc.xyz
Fingerprint74:98:FB:A9:D0:ED:2B:11:33:36:60:61:BF:3B:12:BB:B4:A3:E7:F4
ValidityFri, 06 Oct 2023 21:19:02 GMT - Thu, 04 Jan 2024 21:19:01 GMT

File type

Size
39 kB (39323 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1kb2RhaXIlNDBkd2tsYXcuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTFjMTc4OTUwLTVlZGQtNmNiNi01ZDYxLTk0MzJlNjExZjFlZiZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02MzgzMjIzMTM2NzE1OTYzNzAuYzg1NDVjMGYtMzE3Yy00ZmZiLTk0YTQtNWVhYTlmZDMyNjMwJnN0YXRlPURjdEJEb01nRUVCUnFGZXhTM1JnQnBDRjZWR2FFVXBMYWlVeEpseV9MTjdmZlNtRUdMcGJKNkZIZUljTEdvTWFuZGMyT1BRd3hjV1NqWkFWYWg4VjVieXBRRXpLdnBoRFRtZ2NndXp2T05mRzgyT3Y3M0k4UC1XNDFsUVRsX05Pa05wMzV6YkYtdnNE HTTP/1.1
Host: genexformulasgasketsinc.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://28150b9b.719e4a211f53c3df1e2f329f.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=D5enOhfVXsNd; qPdM.sig=o-wRaAe7aWgvVV40x25yz2jQAS0; ClientId=886E800EFBE4402082645195156D0D89; OIDC=1; OpenIdConnect.nonce.v3.Qyp651jvKsSE12GCZvfi96OzZphy1ceHU6HCtN2OnCY=638322313671596370.c8545c0f-317c-4ffb-94a4-5eaa9fd32630; X-OWA-RedirectHistory=ArLym14BUtmZJsPG2wg
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Referer: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&login_hint=dodair%40dwklaw.com&client-request-id=1c178950-5edd-6cb6-5d61-9432e611f1ef&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638322313671596370.c8545c0f-317c-4ffb-94a4-5eaa9fd32630&state=DctBDoMgEEBRqFexS3RgBpCF6VGaEUpLaiUxJly_LN7ffSmEGLpbJ6FHeIcLGoMandc2OPQwxcWSjZAVah8V5bypQEzKvphDTmgcguzvONfG82Ov73I8P-W41lQTl_NOkNp35zbF-vsD
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Link: <https://aadcdn.msftauth.net>; rel=preconnect; crossorigin, <https://aadcdn.msftauth.net>; rel=dns-prefetch, <https://aadcdn.msauth.net>; rel=dns-prefetch
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: c0542b7d-93d0-4181-9622-ec0540df5900
x-ms-ests-server: 2.1.16482.8 - EUS ProdSlices
Referrer-Policy: strict-origin-when-cross-origin
Set-Cookie: buid=0.ASwAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABAAEAAAAtyolDObpQQ5VtlI4uGjEPa8DyeM1yUvTLS3sMT4N0J_i5KWeqQFyLAdTPRt9NCTIf7LU2bJg8DNNsSFj2D6DfscnQJYi2ksHF93RjP6_9jnOO5btM7ItTM2J_dQcnADIgAA; expires=Sun, 05-Nov-2023 23:22:47 GMT; path=/; secure; HttpOnly; SameSite=None
esctx=PAQABAAEAAAAtyolDObpQQ5VtlI4uGjEPq61Zgu-k8i984vsZpOYTt_D0KtkSG2-n1HtzEMnRWyK4eLYnDdtOz-5oV3YP3vfXWlg94vUrpkZ84d-GUF4jVUY0XKnp7kuKYowWLodiR3HSOZ6qMVFoLcAAe-Df0LpolH95PiEEN698F_L-gqZrxI8j_qlvsmy8nvgBD6woG7cUKYPP2KxLqsuq02dCmAufYFE1p8KZgtFx8ZPjmm0fm0-uC27OZlHyiYHPYZ5JqwogAA; domain=genexformulasgasketsinc.xyz; path=/; secure; HttpOnly; SameSite=None
fpc=ArKezIwKtQ9Dl5EUtQl8WReerOTJAQAAAMeNstwOAAAA; expires=Sun, 05-Nov-2023 23:22:47 GMT; path=/; secure; HttpOnly; SameSite=None
x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
stsservicecookie=estsfd; path=/; secure; samesite=none; httponly
Date: Fri, 06 Oct 2023 23:22:46 GMT
Connection: close
content-length: 39323
Content-Security-Policy: default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

genexformulasgasketsinc.xyz/aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js

0.0.0.0

110 kB

URL GET
genexformulasgasketsinc.xyz/aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js
IP
0.0.0.0:0
ASN
#0

Requested by
https://genexformulasgasketsinc.xyz/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1kb2RhaXIlNDBkd2tsYXcuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTFjMTc4OTUwLTVlZGQtNmNiNi01ZDYxLTk0MzJlNjExZjFlZiZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02MzgzMjIzMTM2NzE1OTYzNzAuYzg1NDVjMGYtMzE3Yy00ZmZiLTk0YTQtNWVhYTlmZDMyNjMwJnN0YXRlPURjdEJEb01nRUVCUnFGZXhTM1JnQnBDRjZWR2FFVXBMYWlVeEpseV9MTjdmZlNtRUdMcGJKNkZIZUljTEdvTWFuZGMyT1BRd3hjV1NqWkFWYWg4VjVieXBRRXpLdnBoRFRtZ2NndXp2T05mRzgyT3Y3M0k4UC1XNDFsUVRsX05Pa05wMzV6YkYtdnNE
Certificate
IssuerLet's Encrypt
Subjectgenexformulasgasketsinc.xyz
Fingerprint74:98:FB:A9:D0:ED:2B:11:33:36:60:61:BF:3B:12:BB:B4:A3:E7:F4
ValidityFri, 06 Oct 2023 21:19:02 GMT - Thu, 04 Jan 2024 21:19:01 GMT

File type
ASCII text, with very long lines (32960)
Size
110 kB (109863 bytes)
Hash
46c21d0acecbd2212374b27c7d1b078a
5861965e506acaaa7d10e5b9c31e99d254b85560
5f5fbee72883732799d75f6c08679ed8a6e769ae4f3afdcd3721103a481afa80

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js HTTP/1.1
Host: genexformulasgasketsinc.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://genexformulasgasketsinc.xyz/redirect.cgi?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1kb2RhaXIlNDBkd2tsYXcuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTFjMTc4OTUwLTVlZGQtNmNiNi01ZDYxLTk0MzJlNjExZjFlZiZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02MzgzMjIzMTM2NzE1OTYzNzAuYzg1NDVjMGYtMzE3Yy00ZmZiLTk0YTQtNWVhYTlmZDMyNjMwJnN0YXRlPURjdEJEb01nRUVCUnFGZXhTM1JnQnBDRjZWR2FFVXBMYWlVeEpseV9MTjdmZlNtRUdMcGJKNkZIZUljTEdvTWFuZGMyT1BRd3hjV1NqWkFWYWg4VjVieXBRRXpLdnBoRFRtZ2NndXp2T05mRzgyT3Y3M0k4UC1XNDFsUVRsX05Pa05wMzV6YkYtdnNE
DNT: 1
Connection: keep-alive
Cookie: qPdM=D5enOhfVXsNd; qPdM.sig=o-wRaAe7aWgvVV40x25yz2jQAS0; ClientId=886E800EFBE4402082645195156D0D89; OIDC=1; OpenIdConnect.nonce.v3.Qyp651jvKsSE12GCZvfi96OzZphy1ceHU6HCtN2OnCY=638322313671596370.c8545c0f-317c-4ffb-94a4-5eaa9fd32630; X-OWA-RedirectHistory=ArLym14BUtmZJsPG2wg; buid=0.ASwAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABAAEAAAAtyolDObpQQ5VtlI4uGjEPa8DyeM1yUvTLS3sMT4N0J_i5KWeqQFyLAdTPRt9NCTIf7LU2bJg8DNNsSFj2D6DfscnQJYi2ksHF93RjP6_9jnOO5btM7ItTM2J_dQcnADIgAA; esctx=PAQABAAEAAAAtyolDObpQQ5VtlI4uGjEPq61Zgu-k8i984vsZpOYTt_D0KtkSG2-n1HtzEMnRWyK4eLYnDdtOz-5oV3YP3vfXWlg94vUrpkZ84d-GUF4jVUY0XKnp7kuKYowWLodiR3HSOZ6qMVFoLcAAe-Df0LpolH95PiEEN698F_L-gqZrxI8j_qlvsmy8nvgBD6woG7cUKYPP2KxLqsuq02dCmAufYFE1p8KZgtFx8ZPjmm0fm0-uC27OZlHyiYHPYZ5JqwogAA; fpc=ArKezIwKtQ9Dl5EUtQl8WReerOTJAQAAAMeNstwOAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; brcap=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Encoding: gzip
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Age: 21874039
Cache-Control: public, max-age=31536000
Content-MD5: todPgSbCBNAfnMYQ5LVdvw==
Content-Type: application/x-javascript
Date: Fri, 06 Oct 2023 23:22:48 GMT
Etag: 0x8DAFF34C449D50E
Last-Modified: Thu, 26 Jan 2023 00:32:12 GMT
Server: ECAcc (frc/4CFA)
Vary: Accept-Encoding
X-Cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 3f2c8d0d-f01e-0014-47ba-318a01000000
x-ms-version: 2009-09-19
content-length: 109863
Connection: close
Content-Security-Policy: default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (14)

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (36)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP