Report - slickdeals.net/?adobeRef=4796c816dd6211edbcf236987a0a01ff0000&sdtid=16572596&sdpid=162856616&sdfid=30&lno=3&trd=https%20go%20redirectinga%20wbr%20t%20com%20&pv&au&u2=https%3A%2F%2F3nhoh3.codesandbox.io%2F%3Fmandate=ZGFubnlfY2hvd0BtYW51bGlmZS5jb20=

Report Overview

URL

slickdeals.net/?adobeRef=4796c816dd6211edbcf236987a0a01ff0000&sdtid=16572596&sdpid=162856616&sdfid=30&lno=3&trd=https%20go%20redirectinga%20wbr%20t%20com%20&pv&au&u2=https%3A%2F%2F3nhoh3.codesandbox.io%2F%3Fmandate=ZGFubnlfY2hvd0BtYW51bGlmZS5jb20=
IP

104.17.125.18

ASN

#13335 CLOUDFLARENET
Submitted

2023-05-29T07:31:25Z

Access

public
Tags

phishing microsoft outlook
urlquery detections

Phishing - Microsoft Outlook

Detections

urlquery

4
Network Intrusion Detection

0
Threat Detection Systems

16

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
3nhoh3.codesandbox.io (4)	unknown	2023-05-25 20:49:16	2023-05-27 07:33:31	2285	59185	104.18.7.114
unpkg.com (2)	11693	2016-01-08 00:26:01	2023-05-28 05:11:47	836	64801	104.16.122.175
go.redirectingat.com (2)	49804	2012-07-12 09:54:20	2023-05-28 06:27:45	1176	1052	35.190.25.30
www.kimiora.school.nz (1)	unknown	2017-01-29 06:10:42	2023-05-27 05:09:44	570	226	185.184.154.1
4nla.steelaoats.com (7)	unknown	2023-05-23 21:20:34	2023-05-27 11:27:10	4644	172280	188.114.96.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator
2023-05-29	medium	4nla.steelaoats.com/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7ced09507f9a0b69
2023-05-29	medium	4nla.steelaoats.com/boot/e0bcd7c940e5672bca733472cc6ffb91647454c242c45
2023-05-29	medium	4nla.steelaoats.com/jm/e0bcd7c940e5672bca733472cc6ffb91647454c242c49
2023-05-29	medium	3nhoh3.codesandbox.io/cdn-cgi/challenge-platform/h/b/scripts/jsd/938e2b5c/invisible.js
2023-05-29	medium	4nla.steelaoats.com/Mdanny_chow@manulife.com
2023-05-29	medium	4nla.steelaoats.com/jq/e0bcd7c940e5672bca733472cc6ffb91647454c242c3d
2023-05-29	medium	3nhoh3.codesandbox.io/cdn-cgi/challenge-platform/scripts/invisible.js
2023-05-29	medium	3nhoh3.codesandbox.io/cdn-cgi/challenge-platform/h/b/scripts/pica.js
2023-05-29	medium	3nhoh3.codesandbox.io/cdn-cgi/challenge-platform/h/b/cv/result/7ced093b4bc0b503
2023-05-29	medium	4nla.steelaoats.com/Mdanny_chow@manulife.com
2023-05-29	medium	4nla.steelaoats.com/beebb091955c06fa68b3eb8afc0bae51647454c2342adPASbeebb091955c06fa68b3eb8afc0bae51647454c2342b0

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator
2023-05-29	medium	steelaoats.com
2023-05-29	medium	steelaoats.com
2023-05-29	medium	steelaoats.com
2023-05-29	medium	steelaoats.com
2023-05-29	medium	steelaoats.com

ThreatFox

No alerts detected

JavaScript (9)

HTTP Transactions (16)

URL IP Response Size

go.redirectingat.com/?id=355X561&test=off&xcust=c725df1cfdf211eda794f614d5ddb5b20INT&url=https%3A%2F%2F3nhoh3.codesandbox.io%2F%3Fmandate%3DZGFubnlfY2hvd0BtYW51bGlmZS5jb20%3D

35.190.25.30

151

URL

go.redirectingat.com/?id=355X561&test=off&xcust=c725df1cfdf211eda794f614d5ddb5b20INT&url=https%3A%2F%2F3nhoh3.codesandbox.io%2F%3Fmandate%3DZGFubnlfY2hvd0BtYW51bGlmZS5jb20%3D
IP

35.190.25.30:0
ASN

#15169 GOOGLE

Magic

HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators

Size

151
Hash

c15cb23782f11cc460e23cb1935327da

e97431744a49c79282a30de7a17c7b537c08253e

0660a33678dbfee5f5e0cc1c20f8987a9174d2b076d88ba853f394ee5a105145

HTTP Headers

                                        GET /?id=355X561&test=off&xcust=c725df1cfdf211eda794f614d5ddb5b20INT&url=https%3A%2F%2F3nhoh3.codesandbox.io%2F%3Fmandate%3DZGFubnlfY2hvd0BtYW51bGlmZS5jb20%3D HTTP/1.1
Host: go.redirectingat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 302 Moved Temporarily
Server: openresty/1.19.9.1
Date: Mon, 29 May 2023 07:31:08 GMT
Content-Type: text/html
Content-Length: 151
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://go.redirectingat.com/?id=355X561&test=off&xcust=c725df1cfdf211eda794f614d5ddb5b20INT&url=https%3A%2F%2F3nhoh3.codesandbox.io%2F%3Fmandate%3DZGFubnlfY2hvd0BtYW51bGlmZS5jb20%3D
Via: 1.1 google

go.redirectingat.com/?id=355X561&test=off&xcust=c725df1cfdf211eda794f614d5ddb5b20INT&url=https%3A%2F%2F3nhoh3.codesandbox.io%2F%3Fmandate%3DZGFubnlfY2hvd0BtYW51bGlmZS5jb20%3D

35.190.25.30

URL

go.redirectingat.com/?id=355X561&test=off&xcust=c725df1cfdf211eda794f614d5ddb5b20INT&url=https%3A%2F%2F3nhoh3.codesandbox.io%2F%3Fmandate%3DZGFubnlfY2hvd0BtYW51bGlmZS5jb20%3D
IP

35.190.25.30:0
ASN

#15169 GOOGLE

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /?id=355X561&test=off&xcust=c725df1cfdf211eda794f614d5ddb5b20INT&url=https%3A%2F%2F3nhoh3.codesandbox.io%2F%3Fmandate%3DZGFubnlfY2hvd0BtYW51bGlmZS5jb20%3D HTTP/1.1
Host: go.redirectingat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 302 Found
server: openresty/1.19.9.1
date: Mon, 29 May 2023 07:31:08 GMT
content-type: text/plain
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-skimhost: cookie-dealer-waypoint-747d65dd7c-2v4pg
location: https://3nhoh3.codesandbox.io/?mandate=ZGFubnlfY2hvd0BtYW51bGlmZS5jb20=
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.kimiora.school.nz/wom/figure/lobatan/ZGFubnlfY2hvd0BtYW51bGlmZS5jb20=

United Arab Emirates Dreamscape Networks Limited

185.184.154.1

200 OK

URL User Request GET HTTP/2

www.kimiora.school.nz/wom/figure/lobatan/ZGFubnlfY2hvd0BtYW51bGlmZS5jb20=
IP

185.184.154.1:443
ASN

#38719 Dreamscape Networks Limited

Certificate

IssuerLet's Encrypt

Subjectwww.kimiora.school.nz

FingerprintD1:25:2B:3C:66:0A:77:30:93:87:9F:CD:FC:91:62:49:53:12:2B:B2

ValidityMon, 24 Apr 2023 03:32:30 GMT - Sun, 23 Jul 2023 03:32:29 GMT

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

                                        GET /wom/figure/lobatan/ZGFubnlfY2hvd0BtYW51bGlmZS5jb20= HTTP/1.1
Host: www.kimiora.school.nz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3nhoh3.codesandbox.io/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 07:31:11 GMT
content-type: text/html
content-length: 0
x-powered-by: PHP/5.4.45
refresh: 0;url=https://4nla.steelaoats.com/Mdanny_chow@manulife.com
X-Firefox-Spdy: h2

4nla.steelaoats.com/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7ced09507f9a0b69

188.114.96.1

URL

4nla.steelaoats.com/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7ced09507f9a0b69
IP

188.114.96.1:0
ASN

#13335 CLOUDFLARENET

Magic

GIF image data, version 89a, 1 x 1\012- data

Size

42
Hash

d89746888da2d9510b64a9f031eaecd5

d5fceb6532643d0d84ffe09c40c481ecdf59e15a

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

                                        GET /cdn-cgi/images/trace/managed/js/transparent.gif?ray=7ced09507f9a0b69 HTTP/1.1
Host: 4nla.steelaoats.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://4nla.steelaoats.com/Mdanny_chow@manulife.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 07:31:12 GMT
content-type: image/gif
content-length: 42
last-modified: Thu, 25 May 2023 08:39:03 GMT
etag: "646f1ea7-2a"
server: cloudflare
cf-ray: 7ced09515c6db4f9-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Mon, 29 May 2023 09:31:12 GMT
cache-control: max-age=7200, public
accept-ranges: bytes

4nla.steelaoats.com/boot/e0bcd7c940e5672bca733472cc6ffb91647454c242c45

188.114.96.1

200 OK

51039

URL GET HTTP/3

4nla.steelaoats.com/boot/e0bcd7c940e5672bca733472cc6ffb91647454c242c45
IP

188.114.96.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://4nla.steelaoats.com/beebb091955c06fa68b3eb8afc0bae51647454c2342adPASbeebb091955c06fa68b3eb8afc0bae51647454c2342b0
Certificate

IssuerLet's Encrypt

Subjectsteelaoats.com

Fingerprint5C:01:B8:CD:AA:BC:1E:7B:DD:6B:93:75:07:6F:11:A9:A1:0C:38:51

ValidityThu, 18 May 2023 09:52:27 GMT - Wed, 16 Aug 2023 09:52:26 GMT

Magic

ASCII text, with very long lines (50758)

Size

51039
Hash

67176c242e1bdc20603c878dee836df3

27a71b00383d61ef3c489326b3564d698fc1227c

56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

                                        GET /boot/e0bcd7c940e5672bca733472cc6ffb91647454c242c45 HTTP/1.1
Host: 4nla.steelaoats.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4nla.steelaoats.com/beebb091955c06fa68b3eb8afc0bae51647454c2342adPASbeebb091955c06fa68b3eb8afc0bae51647454c2342b0
Cookie: cf_clearance=XBW.n0GvB99Z.KTT1Un2gNEXc5yVj7ALuQfxWXzOoqE-1685345472-0-160; PHPSESSID=8c48947b658e636e0407fc8f8b763a16
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 07:31:14 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Mon, 05 Jun 2023 07:31:14 GMT
last-modified: Tue, 23 May 2023 17:38:47 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cmSWYfa70qZngu93zm3W%2F9ZCAbIwIScR5cSZd%2BSnjIaSEa4B6MrYmzU0ptOC%2Bca%2FSSHBpncdXOMCfvRKAy0JssSIXwtwWaBUX8KiKS%2FlKcjtFE0zYHVekSffJOzFhobC3%2F9nGVD3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ced095eced9b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

4nla.steelaoats.com/jm/e0bcd7c940e5672bca733472cc6ffb91647454c242c49

188.114.96.1

200 OK

7309

URL GET HTTP/3

4nla.steelaoats.com/jm/e0bcd7c940e5672bca733472cc6ffb91647454c242c49
IP

188.114.96.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://4nla.steelaoats.com/beebb091955c06fa68b3eb8afc0bae51647454c2342adPASbeebb091955c06fa68b3eb8afc0bae51647454c2342b0
Certificate

IssuerLet's Encrypt

Subjectsteelaoats.com

Fingerprint5C:01:B8:CD:AA:BC:1E:7B:DD:6B:93:75:07:6F:11:A9:A1:0C:38:51

ValidityThu, 18 May 2023 09:52:27 GMT - Wed, 16 Aug 2023 09:52:26 GMT

Magic

ASCII text, with very long lines (7344), with no line terminators

Size

7309
Hash

f335e180c66cfa35ea3152a33884ec67

0b99d4d6d595e23b8c864f9c39d16813f886e850

7e317dfd820ab1a6759f565d267e82ecb5bd797b6fe89be4858f0174b709c324

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

                                        GET /jm/e0bcd7c940e5672bca733472cc6ffb91647454c242c49 HTTP/1.1
Host: 4nla.steelaoats.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4nla.steelaoats.com/beebb091955c06fa68b3eb8afc0bae51647454c2342adPASbeebb091955c06fa68b3eb8afc0bae51647454c2342b0
Cookie: cf_clearance=XBW.n0GvB99Z.KTT1Un2gNEXc5yVj7ALuQfxWXzOoqE-1685345472-0-160; PHPSESSID=8c48947b658e636e0407fc8f8b763a16
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 07:31:14 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Mon, 05 Jun 2023 07:31:14 GMT
last-modified: Tue, 23 May 2023 17:38:47 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZvK11owb4sf9z3x2zcyi09%2FueNM3bV3Bjc70ZOsJk6Ad3gpATXIkguMd0UMgcee5wiHuYEplTLOrvZE3M4MRDUG0pn7u%2Fk2BU2KI9MiR4MkDMwCw9Qp7F%2FHZ1EKHB77mViaAl4If"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ced095ecedab4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

3nhoh3.codesandbox.io/cdn-cgi/challenge-platform/h/b/scripts/jsd/938e2b5c/invisible.js

104.18.7.114

200 OK

26067

URL GET HTTP/3

3nhoh3.codesandbox.io/cdn-cgi/challenge-platform/h/b/scripts/jsd/938e2b5c/invisible.js
IP

104.18.7.114:443
ASN

#13335 CLOUDFLARENET

Requested by

https://3nhoh3.codesandbox.io/?mandate=ZGFubnlfY2hvd0BtYW51bGlmZS5jb20=
Certificate

IssuerCloudflare, Inc.

Subjectcodesandbox.io

Fingerprint14:F4:C5:24:54:D0:BB:4B:E2:57:EC:E2:38:6D:AF:82:42:92:99:5A

ValiditySun, 19 Mar 2023 00:00:00 GMT - Mon, 18 Mar 2024 23:59:59 GMT

Magic

ASCII text, with very long lines (26067), with no line terminators

Size

26067
Hash

4f502ab4d93efa44e20c8cd9863282ba

ba96a799a55b61967e7a98cf915b27ff043dfb90

4530edcd5d84503b9705cae81a94fbfeced5ab466653554bf4f0f7032c29a772

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/938e2b5c/invisible.js HTTP/1.1
Host: 3nhoh3.codesandbox.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: _cfuvid=HVSSUxP.RoTgOpYvTeBPH9QEGjSxLDJ14h5BHKeBYFc-1685345468776-0-604800000
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 07:31:09 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
vary: accept-encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7ced0940ba4cfac4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

4nla.steelaoats.com/Mdanny_chow@manulife.com

188.114.96.1

302 Found

7351

URL User Request POST HTTP/3

4nla.steelaoats.com/Mdanny_chow@manulife.com
IP

188.114.96.1:443
ASN

#13335 CLOUDFLARENET

Certificate

IssuerLet's Encrypt

Subjectsteelaoats.com

Fingerprint5C:01:B8:CD:AA:BC:1E:7B:DD:6B:93:75:07:6F:11:A9:A1:0C:38:51

ValidityThu, 18 May 2023 09:52:27 GMT - Wed, 16 Aug 2023 09:52:26 GMT

Magic

Size

7351
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook
fortinet	Phishing

HTTP Headers

                                        POST /Mdanny_chow@manulife.com HTTP/1.1
Host: 4nla.steelaoats.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://4nla.steelaoats.com/Mdanny_chow@manulife.com?__cf_chl_tk=yli8Ecvy_S5rp3xgT_c3xJkS_UgE3i6ct1_xdO7xKrM-1685345472-0-gaNycGzNDVA
Content-Type: application/x-www-form-urlencoded
Content-Length: 3574
Origin: https://4nla.steelaoats.com
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 302 Found
date: Mon, 29 May 2023 07:31:14 GMT
content-type: text/html; charset=UTF-8
location: ./beebb091955c06fa68b3eb8afc0bae51647454c2342adPASbeebb091955c06fa68b3eb8afc0bae51647454c2342b0
set-cookie: cf_clearance=XBW.n0GvB99Z.KTT1Un2gNEXc5yVj7ALuQfxWXzOoqE-1685345472-0-160; path=/; expires=Tue, 28-May-24 07:31:13 GMT; domain=.steelaoats.com; HttpOnly; Secure; SameSite=None
PHPSESSID=8c48947b658e636e0407fc8f8b763a16; path=/; secure
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OWPaZnPkF7C171Dz9mQJY%2FnflMaer%2BDxjWGEDs9JsZ9mnXxIp8ykIs944RiaU0PwevaS5RzocfELIesIgULCvifs1xVXCSUqpDK4T5Zs9c3ZGjwodenWvbbI8zRKjUVoMK4gt%2Bj6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ced095ada54b4f9-OSL
alt-svc: h3=":443"; ma=86400

4nla.steelaoats.com/jq/e0bcd7c940e5672bca733472cc6ffb91647454c242c3d

188.114.96.1

200 OK

85578

URL GET HTTP/3

4nla.steelaoats.com/jq/e0bcd7c940e5672bca733472cc6ffb91647454c242c3d
IP

188.114.96.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://4nla.steelaoats.com/beebb091955c06fa68b3eb8afc0bae51647454c2342adPASbeebb091955c06fa68b3eb8afc0bae51647454c2342b0
Certificate

IssuerLet's Encrypt

Subjectsteelaoats.com

Fingerprint5C:01:B8:CD:AA:BC:1E:7B:DD:6B:93:75:07:6F:11:A9:A1:0C:38:51

ValidityThu, 18 May 2023 09:52:27 GMT - Wed, 16 Aug 2023 09:52:26 GMT

Magic

ASCII text, with very long lines (32065)

Size

85578
Hash

2f6b11a7e914718e0290410e85366fe9

69bb69e25ca7d5ef0935317584e6153f3fd9a88c

05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

                                        GET /jq/e0bcd7c940e5672bca733472cc6ffb91647454c242c3d HTTP/1.1
Host: 4nla.steelaoats.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4nla.steelaoats.com/beebb091955c06fa68b3eb8afc0bae51647454c2342adPASbeebb091955c06fa68b3eb8afc0bae51647454c2342b0
Cookie: cf_clearance=XBW.n0GvB99Z.KTT1Un2gNEXc5yVj7ALuQfxWXzOoqE-1685345472-0-160; PHPSESSID=8c48947b658e636e0407fc8f8b763a16
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 07:31:14 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Mon, 05 Jun 2023 07:31:14 GMT
last-modified: Tue, 23 May 2023 17:38:47 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zXG1%2FU85tWeuvzQfgnHEnxKGUPA67%2Bsdjkxxma2bcrEwJJhdFR3%2FQHXNdPV6ZaCTwM9%2BS%2B8gmxhGAde1nVtAZ4pg3YAHocWGwhCNO%2BQfFEtUKOVff0Rfbu56ObAACY49XGjmYOHD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ced095eced8b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

3nhoh3.codesandbox.io/cdn-cgi/challenge-platform/scripts/invisible.js

104.18.7.114

302 Found

26067

URL GET HTTP/3

3nhoh3.codesandbox.io/cdn-cgi/challenge-platform/scripts/invisible.js
IP

104.18.7.114:443
ASN

#13335 CLOUDFLARENET

Requested by

https://3nhoh3.codesandbox.io/?mandate=ZGFubnlfY2hvd0BtYW51bGlmZS5jb20=
Certificate

IssuerCloudflare, Inc.

Subjectcodesandbox.io

Fingerprint14:F4:C5:24:54:D0:BB:4B:E2:57:EC:E2:38:6D:AF:82:42:92:99:5A

ValiditySun, 19 Mar 2023 00:00:00 GMT - Mon, 18 Mar 2024 23:59:59 GMT

Magic

Size

26067
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /cdn-cgi/challenge-platform/scripts/invisible.js HTTP/1.1
Host: 3nhoh3.codesandbox.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: _cfuvid=HVSSUxP.RoTgOpYvTeBPH9QEGjSxLDJ14h5BHKeBYFc-1685345468776-0-604800000
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 302 Found
date: Mon, 29 May 2023 07:31:09 GMT
access-control-allow-origin: *
cache-control: max-age=300, public
vary: accept-encoding
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/938e2b5c/invisible.js
server: cloudflare
cf-ray: 7ced0940aa38fac4-OSL
alt-svc: h3=":443"; ma=86400

3nhoh3.codesandbox.io/cdn-cgi/challenge-platform/h/b/scripts/pica.js

104.18.7.114

200 OK

5652

URL GET HTTP/3

3nhoh3.codesandbox.io/cdn-cgi/challenge-platform/h/b/scripts/pica.js
IP

104.18.7.114:443
ASN

#13335 CLOUDFLARENET

Requested by

https://3nhoh3.codesandbox.io/?mandate=ZGFubnlfY2hvd0BtYW51bGlmZS5jb20=
Certificate

IssuerCloudflare, Inc.

Subjectcodesandbox.io

Fingerprint14:F4:C5:24:54:D0:BB:4B:E2:57:EC:E2:38:6D:AF:82:42:92:99:5A

ValiditySun, 19 Mar 2023 00:00:00 GMT - Mon, 18 Mar 2024 23:59:59 GMT

Magic

ASCII text, with very long lines (5655), with no line terminators

Size

5652
Hash

503d85e6b118702cc3d7adc5b32e1b98

d98812aeb57da048dc3bae0e454e66d451047f39

861efabfba2f4fe20e6fcf4027ec51dcc074fa3886a693d42e24a8560ab386a3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /cdn-cgi/challenge-platform/h/b/scripts/pica.js HTTP/1.1
Host: 3nhoh3.codesandbox.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3nhoh3.codesandbox.io/?mandate=ZGFubnlfY2hvd0BtYW51bGlmZS5jb20=
Cookie: _cfuvid=HVSSUxP.RoTgOpYvTeBPH9QEGjSxLDJ14h5BHKeBYFc-1685345468776-0-604800000
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 07:31:09 GMT
content-type: application/javascript; charset=UTF-8
vary: accept-encoding
x-content-type-options: nosniff
cache-control: max-age=14400, public
server: cloudflare
cf-ray: 7ced0940fa7afac4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

3nhoh3.codesandbox.io/cdn-cgi/challenge-platform/h/b/cv/result/7ced093b4bc0b503

104.18.7.114

200 OK

URL POST HTTP/3

3nhoh3.codesandbox.io/cdn-cgi/challenge-platform/h/b/cv/result/7ced093b4bc0b503
IP

104.18.7.114:443
ASN

#13335 CLOUDFLARENET

Requested by

https://3nhoh3.codesandbox.io/?mandate=ZGFubnlfY2hvd0BtYW51bGlmZS5jb20=
Certificate

IssuerCloudflare, Inc.

Subjectcodesandbox.io

Fingerprint14:F4:C5:24:54:D0:BB:4B:E2:57:EC:E2:38:6D:AF:82:42:92:99:5A

ValiditySun, 19 Mar 2023 00:00:00 GMT - Mon, 18 Mar 2024 23:59:59 GMT

Magic

ASCII text, with no line terminators

Size

2
Hash

444bcb3a3fcf8389296c49467f27e1d6

7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb

2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        POST /cdn-cgi/challenge-platform/h/b/cv/result/7ced093b4bc0b503 HTTP/1.1
Host: 3nhoh3.codesandbox.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12460
Origin: https://3nhoh3.codesandbox.io
DNT: 1
Connection: keep-alive
Referer: https://3nhoh3.codesandbox.io/?mandate=ZGFubnlfY2hvd0BtYW51bGlmZS5jb20=
Cookie: _cfuvid=HVSSUxP.RoTgOpYvTeBPH9QEGjSxLDJ14h5BHKeBYFc-1685345468776-0-604800000
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 07:31:09 GMT
content-type: text/plain; charset=UTF-8
set-cookie: __cf_bm=6q2JphGs12ba4RQKwfCtrC5BCb14ha_aqKYjIna1434-1685345469-0-Aa0S76C4m/FOgAsMwvT1O1bcrnCszZLvLIYkTLvI4iPPaQYbitxHvBU2rY7951ReRuN4A0dUYanqNPVKiUdKKycTBxsiq7MrjbJP6byXeOtb; path=/; expires=Mon, 29-May-23 08:01:09 GMT; domain=.codesandbox.io; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7ced09421b71fac4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

unpkg.com/axios@1.4.0/dist/axios.min.js

104.16.122.175

200 OK

31842

URL GET HTTP/2

unpkg.com/axios@1.4.0/dist/axios.min.js
IP

104.16.122.175:443
ASN

#13335 CLOUDFLARENET

Requested by

https://4nla.steelaoats.com/beebb091955c06fa68b3eb8afc0bae51647454c2342adPASbeebb091955c06fa68b3eb8afc0bae51647454c2342b0
Certificate

IssuerCloudflare, Inc.

Subjectsni.cloudflaressl.com

FingerprintF7:B6:41:CA:15:FD:D1:0C:27:39:55:5D:C5:CE:3F:1C:A6:BB:9D:6F

ValidityTue, 02 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT

Magic

ASCII text, with very long lines (31803)

Size

31842
Hash

6470a918ba1fd4b8d0882df0269ddb82

97814fdab64aa7d1b30f082f9eb272d4b1ce18a2

fd4ce12a87594281afcee9c73a40fe7acc282bcc9e764fbb3afa1481a96a091e

HTTP Headers

                                        GET /axios@1.4.0/dist/axios.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://4nla.steelaoats.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
date: Mon, 29 May 2023 07:31:14 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"7c62-l4FP2rZKp9GzDwgvnrJy1LHOGKI"
via: 1.1 fly.io
fly-request-id: 01GZP8TZEXW4PFCT61FHX2WRTS-fra
cf-cache-status: HIT
age: 2044566
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7ced095efb4cb523-OSL
content-encoding: br
X-Firefox-Spdy: h2

unpkg.com/axios/dist/axios.min.js

104.16.122.175

302 Found

31842

URL GET HTTP/2

unpkg.com/axios/dist/axios.min.js
IP

104.16.122.175:443
ASN

#13335 CLOUDFLARENET

Requested by

https://4nla.steelaoats.com/beebb091955c06fa68b3eb8afc0bae51647454c2342adPASbeebb091955c06fa68b3eb8afc0bae51647454c2342b0
Certificate

IssuerCloudflare, Inc.

Subjectsni.cloudflaressl.com

FingerprintF7:B6:41:CA:15:FD:D1:0C:27:39:55:5D:C5:CE:3F:1C:A6:BB:9D:6F

ValidityTue, 02 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT

Magic

Size

31842
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /axios/dist/axios.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4nla.steelaoats.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 302 Found
date: Mon, 29 May 2023 07:31:14 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /axios@1.4.0/dist/axios.min.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01H1K6GPZPNEYMC595E2MZ1M2N-arn
cf-cache-status: HIT
age: 179
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7ced095eeb34b523-OSL
X-Firefox-Spdy: h2

4nla.steelaoats.com/Mdanny_chow@manulife.com

188.114.96.1

403 Forbidden

8062

URL User Request GET HTTP/2

4nla.steelaoats.com/Mdanny_chow@manulife.com
IP

188.114.96.1:443
ASN

#13335 CLOUDFLARENET

Certificate

IssuerLet's Encrypt

Subjectsteelaoats.com

Fingerprint5C:01:B8:CD:AA:BC:1E:7B:DD:6B:93:75:07:6F:11:A9:A1:0C:38:51

ValidityThu, 18 May 2023 09:52:27 GMT - Wed, 16 Aug 2023 09:52:26 GMT

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (8230), with no line terminators

Size

8062
Hash

f7cdd5860d79f75f0d25e03b50029fca

61d125f35ea3b5784d1c8b6c592c987c567a5aa7

a7cb423258a03b8478458cce148c77063be081dfcbca63366f2d9dfbdf14bfef

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook
fortinet	Phishing

HTTP Headers

                                        GET /Mdanny_chow@manulife.com HTTP/1.1
Host: 4nla.steelaoats.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 403 Forbidden
date: Mon, 29 May 2023 07:31:12 GMT
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QirfXww4IMrqYi4hk4VgYFwHunS%2B7XGSEzjpJFeb%2B0ziOcUWKF2G51s5o3qpwiOi%2B7SGzRCEjfwwPodg9Xfa32v0Ix%2Ffc0bc4JvYZXfX0ony0wdAEBjPxRpuAGxG5gkoN6R0BfdT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ced09507f9a0b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

4nla.steelaoats.com/beebb091955c06fa68b3eb8afc0bae51647454c2342adPASbeebb091955c06fa68b3eb8afc0bae51647454c2342b0

188.114.96.1

200 OK

7351

URL User Request GET HTTP/3

4nla.steelaoats.com/beebb091955c06fa68b3eb8afc0bae51647454c2342adPASbeebb091955c06fa68b3eb8afc0bae51647454c2342b0
IP

188.114.96.1:443
ASN

#13335 CLOUDFLARENET

Certificate

IssuerLet's Encrypt

Subjectsteelaoats.com

Fingerprint5C:01:B8:CD:AA:BC:1E:7B:DD:6B:93:75:07:6F:11:A9:A1:0C:38:51

ValidityThu, 18 May 2023 09:52:27 GMT - Wed, 16 Aug 2023 09:52:26 GMT

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7407), with no line terminators

Size

7351
Hash

a1064ba554b34d5b046e0c43de962f89

910537f5ce7ea0175f7b6eb795b2289b76061d0b

e03f6e2ba90676854b13f5b32a7fc96842f61c9283dc896b768e706985613e54

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

                                        GET /beebb091955c06fa68b3eb8afc0bae51647454c2342adPASbeebb091955c06fa68b3eb8afc0bae51647454c2342b0 HTTP/1.1
Host: 4nla.steelaoats.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://4nla.steelaoats.com/Mdanny_chow@manulife.com?__cf_chl_tk=yli8Ecvy_S5rp3xgT_c3xJkS_UgE3i6ct1_xdO7xKrM-1685345472-0-gaNycGzNDVA
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=XBW.n0GvB99Z.KTT1Un2gNEXc5yVj7ALuQfxWXzOoqE-1685345472-0-160; PHPSESSID=8c48947b658e636e0407fc8f8b763a16
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 07:31:14 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7K2LLjLnvAnrrDIKy37BO%2B0IkdvfD6dPoCJHvcmERQP%2FMcAezLZ8q7bZAbUhOUKJhXxIOzUiX%2BAuC222lHyMK3bkBs477FAED8OXDanTYisMY%2Bq9rR%2B3rUQwFaVBQ5sz0o%2FLm14I"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ced095e0de7b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

#1 JS:Script (size: 7309)

#2 JS:Script (size: 51039)

#3 JS:Script (size: 85578)

#4 JS:Script (size: 79)

#5 JS:Script (size: 34)

#6 JS:Script (size: 37)

#1 JS:Eval (size: 575)

#2 JS:Eval (size: 2275)

#3 JS:Eval (size: 4)

HTTP Transactions (16)

URL

IP

ASN

Magic

Size

Hash

HTTP Headers

URL

IP

ASN

Magic

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

Magic

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

Magic

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

Magic

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate