Report Overview

  1. Visited public
    2025-07-15 19:25:12
    Tags
    microsoftphishingsuspicioustycoon
    Submit Tags
  2. URL

    rqu.yjzkqbs.es/XBY!ATUdZs7SfMU1c/$wbarmen@slurpmail.net

  3. Finishing URL

    rqu.yjzkqbs.es/yapz7rcnhien?common/oauth2/v2.0/authorize?client_id=23d48c944e73305-72ad6a44c72f7a-fec87935ac3bf-40bcc90c38-4b9ab700043ae-56732e49f99213&locales=en

  4. IP / ASN
    172.67.191.101

    #13335 CLOUDFLARENET

    Title
    Secure Login Portal Access

  5. Phishing - Microsoft

    Suspicious - Anti-debugging code

    Phishing - Tycoon Phishing Kit

Detections
urlquery
70
Network Intrusion Detection
1
Threat Detection Systems
2

Domain Summary

Domain / FQDNRankRegisteredFirst SeenLast Seen
aadcdn.msauth.net14212018-10-252018-11-192025-07-10
rqu.yjzkqbs.esunknownunknown2025-07-152025-07-15
challenges.cloudflare.comunknown2009-02-172021-10-202025-07-09
ok4static.oktacdn.com165922014-11-112018-06-152025-07-09
release-assets.githubusercontent.comunknown2014-02-062025-05-112025-07-09
lv0xcbylaahdg4xsvs5uttowzavjjqoooheb3tdzeoioexedcu7nesdxsu.jcfjtltxrz.esunknownunknown2025-07-152025-07-15
get.geojs.io174182017-02-182017-03-302025-07-10
cdn.jsdelivr.net4392012-05-162012-09-302025-07-09
github.com14232007-10-092016-07-132025-07-09
cdnjs.cloudflare.com2352009-02-172012-05-232025-07-09
code.jquery.com6342005-12-102012-05-212025-07-09
y8qg.kvcirm.esunknownunknown2025-07-152025-07-15

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

SeveritySource IPDestination IPAlert
mediumClient IP 104.26.0.100
ET INFO External IP Address Lookup Domain (get .geojs .io) in TLS SNI

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected


OpenPhish

No alerts detected


PhishTank

No alerts detected


Quad9 DNS
SeverityIndicatorAlert
mediumjcfjtltxrz.esSinkholed

ThreatFox

No alerts detected


JavaScript (139)

HTTP Transactions (65)

URLIPResponseSize
GET rqu.yjzkqbs.es/12qQGm3183c2oMZcdm3M6720
188.114.97.1200 OK28 kB
GET rqu.yjzkqbs.es/favicon.ico
188.114.97.1404 Not Found0 B
POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1197143911:1752604000:Aydb2N42sAZH7t3rNUcK1SoE9_4dee4KOH8KWaey-M8/95fba403ded25697/6.xUYq9Jp0xim8tB5tf6likgsgh3JOTLrfi1.kpLxps-1752607473-1.2.1.1-aiAphzKmqgbeDnsTO3tbrdUM9orhKlPzwJljTIt.dn1VPPM8NSJjytGWdA4vjNaL
104.18.94.41200 OK4.9 kB
GET rqu.yjzkqbs.es/GDSherpa-bold.woff2
188.114.97.1200 OK28 kB
GET rqu.yjzkqbs.es/wx0Z8CdjCjf952KbopsjrvIOaS2ciNEvY1ntRBgopinui9WAQzpstLPuIdab171
188.114.97.1200 OK2.9 kB
GET ok4static.oktacdn.com/assets/loginpage/font/assets/proximanova-sbold-webfont.41acb8650115f83780fc.woff2
3.167.2.112200 OK20 kB
GET rqu.yjzkqbs.es/uvbCXW4J2PCsDpjtW6tvhyUGyKrrop8Zh4NkudSSb7c434121
188.114.97.1200 OK644 B
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/95fba403ded25697/1752607473961/bca81c1ad2f3f566a47e51072b504a642b8467cdfa728160753f56c90a5ac13a/nl6ewZR7-NGb7r7
104.18.94.41401 Unauthorized1 B
GET rqu.yjzkqbs.es/klncIwTEL0emqSat47WOvPGnqQH89COKale5vLIumRTgHdclBgwpTdY288HLyyz230
188.114.97.1200 OK1.3 kB
GET rqu.yjzkqbs.es/mnOY4XrNAbVpWneRiq4U9dOmKh8uvAV16I3VeszKI6FZRp90150
188.114.97.1200 OK270 B
GET rqu.yjzkqbs.es/favicon.ico
188.114.97.1404 Not Found0 B
POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1197143911:1752604000:Aydb2N42sAZH7t3rNUcK1SoE9_4dee4KOH8KWaey-M8/95fba403ded25697/6.xUYq9Jp0xim8tB5tf6likgsgh3JOTLrfi1.kpLxps-1752607473-1.2.1.1-aiAphzKmqgbeDnsTO3tbrdUM9orhKlPzwJljTIt.dn1VPPM8NSJjytGWdA4vjNaL
104.18.94.41200 OK30 kB
GET rqu.yjzkqbs.es/ijDtpvBntAjbhqGBcymfwx3iMRh4n2GthsSql56163
188.114.97.1200 OK7.4 kB
GET release-assets.githubusercontent.com/github-production-release-asset/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?sp=r&sv=2018-11-09&sr=b&spr=https&se=2025-07-15T20%3A23%3A55Z&rscd=attachment%3B+filename%3Drandexp.min.js&rsct=application%2Foctet-stream&skoid=96c2d410-5711-43a1-aedd-ab1947aa7ab0&sktid=398a6654-997b-47e9-b12b-9515b896b4de&skt=2025-07-15T19%3A23%3A34Z&ske=2025-07-15T20%3A23%3A55Z&sks=b&skv=2018-11-09&sig=MY9H%2BkDNp8xqjFY2gXb4IxJhzoxN8y4UA9t92bBxtwo%3D&jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmVsZWFzZS1hc3NldHMuZ2l0aHVidXNlcmNvbnRlbnQuY29tIiwia2V5Ijoia2V5MSIsImV4cCI6MTc1MjYwNzc2MCwibmJmIjoxNzUyNjA3NDYwLCJwYXRoIjoicmVsZWFzZWFzc2V0cHJvZHVjdGlvbi5ibG9iLmNvcmUud2luZG93cy5uZXQifQ.j0rmfgrNYLXAMkDYxchFSiXo0dYOyiXfZjMX9Zm_2cw&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
185.199.110.133200 OK10 kB
GET challenges.cloudflare.com/turnstile/v0/api.js?render=explicit
104.18.94.41302 Found49 kB
POST rqu.yjzkqbs.es/zcQ1VLLxlmCyN0H1bJZA12Sf5aAzBd7njuldYX50devGCU6B7h6fw
188.114.97.1200 OK402 B
GET rqu.yjzkqbs.es/GDSherpa-vf.woff2
188.114.97.1200 OK44 kB
POST lv0xcbylaahdg4xsvs5uttowzavjjqoooheb3tdzeoioexedcu7nesdxsu.jcfjtltxrz.es/KNZiOQYtgNvcFWTegAlGrzQdutSRMGHYFOXCDQDLKGZDDUWWJPNYXSBUWRIVNRFAPHVYAZXOKLMCrs57VKHUVCm9I4I012yJOwx34
172.67.173.83200 OK536 B
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1
104.18.94.41200 OK86 B
POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1197143911:1752604000:Aydb2N42sAZH7t3rNUcK1SoE9_4dee4KOH8KWaey-M8/95fba403ded25697/6.xUYq9Jp0xim8tB5tf6likgsgh3JOTLrfi1.kpLxps-1752607473-1.2.1.1-aiAphzKmqgbeDnsTO3tbrdUM9orhKlPzwJljTIt.dn1VPPM8NSJjytGWdA4vjNaL
104.18.94.41200 OK283 kB
GET cdn.jsdelivr.net/npm/lz-string@1.4.4/libs/lz-string.min.js
151.101.129.229200 OK4.7 kB
GET github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js
140.82.121.3302 Found10 kB
GET ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/img/ui/forms/checkbox-sign-in-widget.png
3.167.2.112200 OK3.1 kB
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/d/95fba403ded25697/1752607473963/xYuimPO89YLAPVR
104.18.94.41200 OK300 B
GET rqu.yjzkqbs.es/GDSherpa-regular.woff
188.114.97.1200 OK37 kB
GET get.geojs.io/v1/ip/geo.json
104.26.0.100200 OK335 B
GET rqu.yjzkqbs.es/GDSherpa-vf2.woff2
188.114.97.1200 OK93 kB
GET ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css
3.167.2.112200 OK223 kB
GET ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css
3.167.2.112200 OK10 kB
GET rqu.yjzkqbs.es/qraAFhdXthI1l6mBiXSWrjPM7rgFv1aXpn0hUpw7Ak62SeWuvzLym8JHfKY7zKrCH9jAwTPkef240
188.114.97.1200 OK9.6 kB
GET ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/img/security/default.png
3.167.2.112200 OK1.8 kB
GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
104.17.24.14200 OK48 kB
GET ok4static.oktacdn.com/assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2
3.167.2.112200 OK20 kB
GET rqu.yjzkqbs.es/XBY!ATUdZs7SfMU1c/$wbarmen@slurpmail.net
188.114.97.1200 OK7.2 kB
GET code.jquery.com/jquery-3.6.0.min.js
151.101.66.137200 OK90 kB
GET rqu.yjzkqbs.es/rse7quVzmhql4Gi1YCclwV0StpOuvxTbu3rHQWmLYd9mFwFFGjKW5yI2Fef200
188.114.97.1200 OK268 B
GET rqu.yjzkqbs.es/op2WlUrjha3qzhp8Lz7efX77FcYxjWPxN45140
188.114.97.1200 OK892 B
GET rqu.yjzkqbs.es/uvP8Lat2BNY25MRWzmIlpcS8JWbE9455gsns8rxsbqjodwCIJ8faBZpnkRpi8ief255
188.114.97.1200 OK18 kB
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/a07hf/0x4AAAAAABgwsYRSaGvLZvP-/auto/fbE/new/normal/auto/
104.18.94.41200 OK27 kB
GET rqu.yjzkqbs.es/yapz7rcnhien?common/oauth2/v2.0/authorize?client_id=23d48c944e73305-72ad6a44c72f7a-fec87935ac3bf-40bcc90c38-4b9ab700043ae-56732e49f99213&locales=en
188.114.97.1200 OK217 kB
GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
104.17.24.14200 OK48 kB
GET rqu.yjzkqbs.es/GDSherpa-bold.woff
188.114.97.1200 OK36 kB
GET rqu.yjzkqbs.es/GDSherpa-regular.woff2
188.114.97.1200 OK29 kB
GET code.jquery.com/jquery-3.6.0.min.js
151.101.66.137200 OK90 kB
GET rqu.yjzkqbs.es/abLzEv86HrsOuTef22
188.114.97.1200 OK36 kB
GET rqu.yjzkqbs.es/56bJg9bpiEyyPwuhhghsJ595VL2uLMJ67108
188.114.97.1200 OK294 kB
GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
104.17.24.14200 OK48 kB
GET ok4static.oktacdn.com/assets/loginpage/font/assets/proximanova-light-webfont.aba797dabec6686294a9.woff2
3.167.2.112200 OK20 kB
GET get.geojs.io/v1/ip/geo.json
104.26.0.100200 OK335 B
GET rqu.yjzkqbs.es/XBY!ATUdZs7SfMU1c/$wbarmen@slurpmail.net
188.114.97.1200 OK1.9 kB
POST rqu.yjzkqbs.es/XBY!ATUdZs7SfMU1c/$wbarmen@slurpmail.net
188.114.97.1200 OK90 B
GET y8qg.kvcirm.es/kanjari!jd4zd
104.21.61.214200 OK1 B
GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
104.17.24.14200 OK48 kB
GET rqu.yjzkqbs.es/ijZYLZBaoDlZgOQdr53b8QsfDJ0rhrsq72zPVU60JP3mnGYw48EiUCqiPhfysXpP7uWc3kUM12202
188.114.97.1200 OK25 kB
GET challenges.cloudflare.com/turnstile/v0/g/01a6b50f61fd/api.js
104.18.94.41200 OK49 kB
POST rqu.yjzkqbs.es/yrP8hhTkYf7i1Y7Cu28psTsquUI9t5CEqhmq9kgQvywjKPBVD4af5bh5dz
188.114.97.1200 OK1 B
GET aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg
13.107.246.67200 OK1.9 kB
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=95fba403ded25697&lang=auto
104.18.94.41200 OK142 kB
POST rqu.yjzkqbs.es/bg0FcdExZ39pfSHvHN2DYBhjd
188.114.97.1200 OK20 B
GET rqu.yjzkqbs.es/XBY!ATUdZs7SfMU1c/$wbarmen@slurpmail.net
188.114.97.1200 OK26 kB
GET code.jquery.com/jquery-3.6.0.min.js
151.101.66.137200 OK90 kB
GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
104.17.24.14200 OK48 kB
GET rqu.yjzkqbs.es/favicon.ico
188.114.97.1404 Not Found0 B
GET rqu.yjzkqbs.es/favicon.ico
188.114.97.1404 Not Found0 B
GET ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7
3.167.2.112200 OK11 kB