Report - benaturalfitnese.sa.com/new/auth/sf_rand_string

Report Overview

URL

benaturalfitnese.sa.com/new/auth/sf_rand_string_lowercase6/Y2VsbGlzQG13c2Uub3Jn
IP

162.241.69.179

ASN

#46606 UNIFIEDLAYER-AS-1
Submitted

2023-06-05T22:15:31Z

Access

public
Tags

phishing microsoft outlook
urlquery detections

Phishing - Microsoft Outlook

Detections

urlquery

3
Network Intrusion Detection

0
Threat Detection Systems

0

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
benaturalfitnese.sa.com (1)	unknown	2023-02-18 19:31:37	2023-06-01 12:37:57	535	260	162.241.69.179
tg99cjqxtr647a2a44d78d6.casagr.ru (5)	unknown	No data	No data	2943	191338	172.67.215.174
challenges.cloudflare.com (7)	unknown	2021-10-20 07:02:03	2023-06-05 13:13:24	4536	318059	104.18.7.185

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

HTTP Transactions (13)

URL IP Response Size

benaturalfitnese.sa.com/new/auth/sf_rand_string_lowercase6/Y2VsbGlzQG13c2Uub3Jn

162.241.69.179

200 OK

URL User Request GET HTTP/1.1

benaturalfitnese.sa.com/new/auth/sf_rand_string_lowercase6/Y2VsbGlzQG13c2Uub3Jn
IP

162.241.69.179:443
ASN

#46606 UNIFIEDLAYER-AS-1

Certificate

IssuerLet's Encrypt

Subject*.benaturalfitnese.sa.com

FingerprintF5:B4:8B:5E:FE:26:11:E8:3D:9B:A1:D6:0A:AD:21:4C:05:29:95:20

ValidityThu, 01 Jun 2023 09:13:09 GMT - Wed, 30 Aug 2023 09:13:08 GMT

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

                                        GET /new/auth/sf_rand_string_lowercase6/Y2VsbGlzQG13c2Uub3Jn HTTP/1.1
Host: benaturalfitnese.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Mon, 05 Jun 2023 22:15:10 GMT
Server: Apache
refresh: 0;url=https://tg99cjqxtr647a2a44d78d6.casagr.ru/Mcellis@mwse.org
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

tg99cjqxtr647a2a44d78d6.casagr.ru/Mcellis@mwse.org

172.67.215.174

403 Forbidden

4496

URL User Request GET HTTP/2

tg99cjqxtr647a2a44d78d6.casagr.ru/Mcellis@mwse.org
IP

172.67.215.174:443
ASN

#13335 CLOUDFLARENET

Certificate

IssuerGoogle Trust Services LLC

Subjectcasagr.ru

Fingerprint5E:EB:99:7F:EB:19:12:0F:D0:30:78:09:34:F1:37:14:0E:1E:A9:09

ValidityWed, 10 May 2023 10:30:47 GMT - Tue, 08 Aug 2023 10:30:46 GMT

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3049), with CRLF, LF line terminators

Size

4496
Hash

549cec2701df2a37164d6d740e135df8

aa13902fe50e0bf9307f100466c3dbae6abdb1a1

7d9bd47e77cc422644bd385ece93dc723b1f22c147e24363c8dfa8e40da97bc8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

                                        GET /Mcellis@mwse.org HTTP/1.1
Host: tg99cjqxtr647a2a44d78d6.casagr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 403 Forbidden
date: Mon, 05 Jun 2023 22:15:12 GMT
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z8SZlKQm%2B7SWP2A%2F76fPan8cqbSdGfT9NY%2FwHZBr1Rb%2BcMmLBtGVLFaeyghTZIs0173xxbAH9FiwA8X2YGRolilXUIQnKxmvjcV3AzgnVlVptoHyesabSXW%2BCYgECsVBjKVu8s6sJFCGgewotgBDfBNyTO0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d2bc5de6ea2b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

tg99cjqxtr647a2a44d78d6.casagr.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7d2bc5de6ea2b4f4

172.67.215.174

200 OK

URL GET HTTP/3

tg99cjqxtr647a2a44d78d6.casagr.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7d2bc5de6ea2b4f4
IP

172.67.215.174:443
ASN

#13335 CLOUDFLARENET

Requested by

https://tg99cjqxtr647a2a44d78d6.casagr.ru/Mcellis@mwse.org
Certificate

IssuerGoogle Trust Services LLC

Subjectcasagr.ru

Fingerprint5E:EB:99:7F:EB:19:12:0F:D0:30:78:09:34:F1:37:14:0E:1E:A9:09

ValidityWed, 10 May 2023 10:30:47 GMT - Tue, 08 Aug 2023 10:30:46 GMT

Magic

GIF image data, version 89a, 1 x 1\012- data

Size

42
Hash

d89746888da2d9510b64a9f031eaecd5

d5fceb6532643d0d84ffe09c40c481ecdf59e15a

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

                                        GET /cdn-cgi/images/trace/managed/js/transparent.gif?ray=7d2bc5de6ea2b4f4 HTTP/1.1
Host: tg99cjqxtr647a2a44d78d6.casagr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tg99cjqxtr647a2a44d78d6.casagr.ru/Mcellis@mwse.org
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 05 Jun 2023 22:15:12 GMT
content-type: image/gif
content-length: 42
last-modified: Tue, 30 May 2023 15:20:42 GMT
etag: "6476144a-2a"
server: cloudflare
cf-ray: 7d2bc5df59c2069b-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Tue, 06 Jun 2023 00:15:12 GMT
cache-control: max-age=7200, public
accept-ranges: bytes

challenges.cloudflare.com/turnstile/v0/g/68662470/api.js?onload=_cf_chl_turnstile_l&render=explicit

104.18.7.185

200 OK

19176

URL GET HTTP/2

challenges.cloudflare.com/turnstile/v0/g/68662470/api.js?onload=_cf_chl_turnstile_l&render=explicit
IP

104.18.7.185:443
ASN

#13335 CLOUDFLARENET

Requested by

https://tg99cjqxtr647a2a44d78d6.casagr.ru/Mcellis@mwse.org
Certificate

IssuerCloudflare, Inc.

Subjectchallenges.cloudflare.com

Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5

ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (19175)

Size

19176
Hash

21a964474a4841c3e62893476cfec550

af06eb1e31d451fe557b7581e707cd88a3107491

fb479d9c5db685793fd57b4cacb188d2aa9ab40d660d54e1cf35d0f54b390c12

HTTP Headers

                                        GET /turnstile/v0/g/68662470/api.js?onload=_cf_chl_turnstile_l&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tg99cjqxtr647a2a44d78d6.casagr.ru
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
date: Mon, 05 Jun 2023 22:15:12 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d2bc5dffe67b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

tg99cjqxtr647a2a44d78d6.casagr.ru/favicon.ico

172.67.215.174

403 Forbidden

7140

URL GET HTTP/3

tg99cjqxtr647a2a44d78d6.casagr.ru/favicon.ico
IP

172.67.215.174:443
ASN

#13335 CLOUDFLARENET

Requested by

https://tg99cjqxtr647a2a44d78d6.casagr.ru/Mcellis@mwse.org
Certificate

IssuerGoogle Trust Services LLC

Subjectcasagr.ru

Fingerprint5E:EB:99:7F:EB:19:12:0F:D0:30:78:09:34:F1:37:14:0E:1E:A9:09

ValidityWed, 10 May 2023 10:30:47 GMT - Tue, 08 Aug 2023 10:30:46 GMT

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7308), with no line terminators

Size

7140
Hash

d692af215b9670c88b9c0040491336ba

a937770cbb9adfe2cc2d087b1a5b9bafeab04837

2336e89e8b8ce8881ead156947dc5ae9859df7c3965c26e8c40ef69fa469e2b2

HTTP Headers

                                        GET /favicon.ico HTTP/1.1
Host: tg99cjqxtr647a2a44d78d6.casagr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tg99cjqxtr647a2a44d78d6.casagr.ru/Mcellis@mwse.org?__cf_chl_rt_tk=80dljflCPl6zNCj3TJJGIttoDU.lsl7C1conTQ_oy0M-1686003312-0-gaNycGzNC7s
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 403 Forbidden
date: Mon, 05 Jun 2023 22:15:12 GMT
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=orWG5YpZL2h9KiX2THvCU%2B4vI%2BvnTVnFOY5S3%2FejuZnGIU2%2B%2BIE46tzqF1zOvZBpUWRmtTj2bc4X%2BmA8JBEwg1APAr02L2HwOxO5LetDUvgTzrCsTnPBhIaFn2Z4fa0X1xkGGh56uV4ARUm1YI7ddya%2FmTo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d2bc5df99dc069b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

tg99cjqxtr647a2a44d78d6.casagr.ru/cdn-cgi/challenge-platform/h/g/flow/ov1/65642712:1685999310:fyh8LdBckFT8Zc2gm8iFbv-dbwV40FoDfjlkExR8t_w/7d2bc5de6ea2b4f4/7776e49da67c63c

172.67.215.174

200 OK

7408

URL POST HTTP/3

tg99cjqxtr647a2a44d78d6.casagr.ru/cdn-cgi/challenge-platform/h/g/flow/ov1/65642712:1685999310:fyh8LdBckFT8Zc2gm8iFbv-dbwV40FoDfjlkExR8t_w/7d2bc5de6ea2b4f4/7776e49da67c63c
IP

172.67.215.174:443
ASN

#13335 CLOUDFLARENET

Requested by

https://tg99cjqxtr647a2a44d78d6.casagr.ru/Mcellis@mwse.org
Certificate

IssuerGoogle Trust Services LLC

Subjectcasagr.ru

Fingerprint5E:EB:99:7F:EB:19:12:0F:D0:30:78:09:34:F1:37:14:0E:1E:A9:09

ValidityWed, 10 May 2023 10:30:47 GMT - Tue, 08 Aug 2023 10:30:46 GMT

Magic

ASCII text, with very long lines (7408), with no line terminators

Size

7408
Hash

c23d2553f4fbe92c70331ac865c1106f

b60828ed5f22ea559737c99ef9717573559e7d09

6246b6c28b04a0febd9c431c6df6e95065ed4dc20f5e03c619b4aba8e0a86048

HTTP Headers

                                        POST /cdn-cgi/challenge-platform/h/g/flow/ov1/65642712:1685999310:fyh8LdBckFT8Zc2gm8iFbv-dbwV40FoDfjlkExR8t_w/7d2bc5de6ea2b4f4/7776e49da67c63c HTTP/1.1
Host: tg99cjqxtr647a2a44d78d6.casagr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tg99cjqxtr647a2a44d78d6.casagr.ru/Mcellis@mwse.org
Content-type: application/x-www-form-urlencoded
CF-Challenge: 7776e49da67c63c
Content-Length: 1802
Origin: https://tg99cjqxtr647a2a44d78d6.casagr.ru
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 05 Jun 2023 22:15:12 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: 9ai7BLZrZsuGFn8ZpwDBlDwzpPHvUdinBPYsd90/zbmXL0AdFgu8G7Dp9qfaj3Sh$SmdxHBzbCq7FGEvURoQwhg==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u0%2FYYqMdShLEXdXJvM5JtghS4jpXj03bApdjFXp6LH0pBPrC7eE9GIqx37S2pgxi67Z6I3NJBtTZw2M4T5RWJ7rPH8FZF68bR9GXf0afBoj%2BN8XdUK%2Fkg11oPuoLPWhSasypr2U87UmBHw%2FHO78LVFsrqYg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2bc5e09a5b069b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7d2bc5e0e891fab8

104.18.7.185

200 OK

176869

URL GET HTTP/3

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7d2bc5e0e891fab8
IP

104.18.7.185:443
ASN

#13335 CLOUDFLARENET

Requested by

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/rowmh/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Certificate

IssuerCloudflare, Inc.

Subjectchallenges.cloudflare.com

Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5

ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (65536), with no line terminators

Size

176869
Hash

ab43c05f05d423b871c942be4dcaca3f

abbe753132679b1833cb1e32b38f830e72b92315

c84b17612bdc34d9f42620eee9138885d8f3c74c3084ca6f05337102edae3c86

HTTP Headers

                                        GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7d2bc5e0e891fab8 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/rowmh/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 05 Jun 2023 22:15:12 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, must-revalidate
server: cloudflare
cf-ray: 7d2bc5e148c7fab8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/703991290:1685999389:wGwN9wbsF_-tXZzC8jElDv_ml-Sc3JLw2mJz_84cwuc/7d2bc5e0e891fab8/9706baacdb859a6

104.18.7.185

200 OK

81388

URL POST HTTP/3

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/703991290:1685999389:wGwN9wbsF_-tXZzC8jElDv_ml-Sc3JLw2mJz_84cwuc/7d2bc5e0e891fab8/9706baacdb859a6
IP

104.18.7.185:443
ASN

#13335 CLOUDFLARENET

Requested by

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/rowmh/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Certificate

IssuerCloudflare, Inc.

Subjectchallenges.cloudflare.com

Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5

ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (65536), with no line terminators

Size

81388
Hash

cc26e45ae5c52ae860c46df147517674

4528ff0eadee4dca7a3842798661ef571c9290a9

b7c3c0c4b0abffa326e37f0db5228ecd25604ecdffe3d7904e4857f4da1dd5d3

HTTP Headers

                                        POST /cdn-cgi/challenge-platform/h/g/flow/ov1/703991290:1685999389:wGwN9wbsF_-tXZzC8jElDv_ml-Sc3JLw2mJz_84cwuc/7d2bc5e0e891fab8/9706baacdb859a6 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/rowmh/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 9706baacdb859a6
Content-Length: 2766
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 05 Jun 2023 22:15:13 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: 5e2tq8kYcrleTWgAeUadLfRzC47+ByZJFOIOkYOaVqNyofU4P79lMqATdJ7c5n6fqEvSZ11raglGRgCjQkAOJwqsnyR1To/Quu98HLMb6cJgDICFe/4/ZJ7rR85uVMlC7QaM19vx6cOjvroDsqtlprhPSGQ+GdWTPUYtvMf0cHNZ2sn7sISax6ino8DG7XappwkCNLHaFk5OyNhnZX55fbx44t5EmwL99zELyen/fhK94Ho/zGJgsiG5G5euU215hHZjjGBOOPh4D41DVSsgwX2icxtHvL9PQt8cM9RyH3KHq/OQNrmvMEQyN+PBJIJKpHARy7Rj6y8JZUO0CTsMZA==$33TBA+pbUTv+4Gt40V9zQw==
server: cloudflare
cf-ray: 7d2bc5e27967fab8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/7d2bc5e0e891fab8/1686003313051/7a688da170824e6d88c93ba6faff315b9301ae080cf5ad747264827f4f895aed/nio86Y8-uvypT17

104.18.7.185

401 Unauthorized

URL GET HTTP/3

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/7d2bc5e0e891fab8/1686003313051/7a688da170824e6d88c93ba6faff315b9301ae080cf5ad747264827f4f895aed/nio86Y8-uvypT17
IP

104.18.7.185:443
ASN

#13335 CLOUDFLARENET

Requested by

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/rowmh/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Certificate

IssuerCloudflare, Inc.

Subjectchallenges.cloudflare.com

Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5

ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT

Magic

very short file (no magic)

Size

1
Hash

ff44570aca8241914870afbc310cdb85

58668e7669fd564d99db5d581fcdb6a5618440b5

6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5

HTTP Headers

                                        GET /cdn-cgi/challenge-platform/h/g/pat/7d2bc5e0e891fab8/1686003313051/7a688da170824e6d88c93ba6faff315b9301ae080cf5ad747264827f4f895aed/nio86Y8-uvypT17 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/rowmh/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 401 Unauthorized
date: Mon, 05 Jun 2023 22:15:14 GMT
content-type: text/plain; charset=UTF-8
www-authenticate: PrivateToken challenge=AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gemiNoXCCTm2IyTum-v8xW5MBrggM9a10cmSCf0-JWu0AGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=, token-key=MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEA2QmmahoTCdzzWU_cjTkt9rzQkK7r0JRDfy3Ug31wK-hp3n5Nlkur9cyfSmGhvETNfzP7DjBWLuFe3BGfCvaMn-2I8epeGGFpx57OKWenWkS0ozAVw8pZwpCGNdPD2eeeWcC63BypcwUcZnnJKohILWHt5HcJ6e71kKJNsOrcX9gfLt3ZesHAVwc1uJomYnRcvyLUtAXgg8B8n-H2X664Z3WqgUtqA8ZprXuyXHIjXxHORfViPZWU-y48WLmCWq4SgzW8OJH-fB8OU4naRCAme2w1bQV7r8xfE0uHuhhsMqoI6A_Q-BHk2mkZDHYaScQrq-E1vjk9ZMN1gVzfLYDHgwIDAQAB, max-age=20
server: cloudflare
cf-ray: 7d2bc5ed3884fab8-OSL
alt-svc: h3=":443"; ma=86400

tg99cjqxtr647a2a44d78d6.casagr.ru/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=7d2bc5de6ea2b4f4

172.67.215.174

200 OK

168146

URL GET HTTP/3

tg99cjqxtr647a2a44d78d6.casagr.ru/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=7d2bc5de6ea2b4f4
IP

172.67.215.174:443
ASN

#13335 CLOUDFLARENET

Requested by

https://tg99cjqxtr647a2a44d78d6.casagr.ru/Mcellis@mwse.org
Certificate

IssuerGoogle Trust Services LLC

Subjectcasagr.ru

Fingerprint5E:EB:99:7F:EB:19:12:0F:D0:30:78:09:34:F1:37:14:0E:1E:A9:09

ValidityWed, 10 May 2023 10:30:47 GMT - Tue, 08 Aug 2023 10:30:46 GMT

Magic

ASCII text, with very long lines (65536), with no line terminators

Size

168146
Hash

fe9c708c151eaa22659bf51293cf7fee

d0af9703d3d8dec022459abc3b77281a938af7d7

d916e7ca7d3f45c079f51cd03be9bdd749ba8a519c1d6425f887e80d93756350

HTTP Headers

                                        GET /cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=7d2bc5de6ea2b4f4 HTTP/1.1
Host: tg99cjqxtr647a2a44d78d6.casagr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tg99cjqxtr647a2a44d78d6.casagr.ru/Mcellis@mwse.org?__cf_chl_rt_tk=80dljflCPl6zNCj3TJJGIttoDU.lsl7C1conTQ_oy0M-1686003312-0-gaNycGzNC7s
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 05 Jun 2023 22:15:12 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, must-revalidate
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hbI%2BkoREy%2BdsyCq%2B6kW1p8%2F3o03QmcoemZsZ3EJkYlsLOqwJTKO2UidE%2FX7%2F0dG6LeGZzOBApuCxRHdWDl0tns39U5QxXt3QZY0HqZiskWRIaEWa9H9d42ajOOcSQiWuwl%2BZZJlxWeZJoLlK8Qf5zgN%2FfyA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2bc5df59c4069b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/rowmh/0x4AAAAAAADnPIDROrmt1Wwj/light/normal

104.18.7.185

200 OK

24085

URL GET HTTP/3

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/rowmh/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
IP

104.18.7.185:443
ASN

#13335 CLOUDFLARENET

Requested by

https://tg99cjqxtr647a2a44d78d6.casagr.ru/Mcellis@mwse.org
Certificate

IssuerCloudflare, Inc.

Subjectchallenges.cloudflare.com

Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5

ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (10899)

Size

24085
Hash

921234395048f4a26bfe3cbbbf0103e5

c349b5cb4647dc7f4478c62d2e2c84bd194fdf88

96b901e3fd8ed659cf31bc8698064767dc6fad55c6ec8479a791b21d9602929b

HTTP Headers

                                        GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/rowmh/0x4AAAAAAADnPIDROrmt1Wwj/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 05 Jun 2023 22:15:12 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=0, must-revalidate
content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self'
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
document-policy: js-profiling
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare
cf-ray: 7d2bc5e0e891fab8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/img/7d2bc5e0e891fab8/1686003313051/LbHhPKpnLa_yACB

104.18.7.185

200 OK

URL GET HTTP/3

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/img/7d2bc5e0e891fab8/1686003313051/LbHhPKpnLa_yACB
IP

104.18.7.185:443
ASN

#13335 CLOUDFLARENET

Requested by

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/rowmh/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Certificate

IssuerCloudflare, Inc.

Subjectchallenges.cloudflare.com

Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5

ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT

Magic

PNG image data, 43 x 34, 8-bit/color RGB, non-interlaced\012- data

Size

61
Hash

9ca222582f450b7cada589c2450b2853

134105090f5583e5bb4f028735d202204e64e942

80e9c8f2149057651a7679754875d8586bd17c425ccdfeb500273029e345cc84

HTTP Headers

                                        GET /cdn-cgi/challenge-platform/h/g/img/7d2bc5e0e891fab8/1686003313051/LbHhPKpnLa_yACB HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/rowmh/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 05 Jun 2023 22:15:14 GMT
content-type: image/png
server: cloudflare
cf-ray: 7d2bc5ecf86ffab8-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/703991290:1685999389:wGwN9wbsF_-tXZzC8jElDv_ml-Sc3JLw2mJz_84cwuc/7d2bc5e0e891fab8/9706baacdb859a6

104.18.7.185

200 OK

13256

URL POST HTTP/3

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/703991290:1685999389:wGwN9wbsF_-tXZzC8jElDv_ml-Sc3JLw2mJz_84cwuc/7d2bc5e0e891fab8/9706baacdb859a6
IP

104.18.7.185:443
ASN

#13335 CLOUDFLARENET

Requested by

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/rowmh/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Certificate

IssuerCloudflare, Inc.

Subjectchallenges.cloudflare.com

Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5

ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (13256), with no line terminators

Size

13256
Hash

d29b07ea0c817d14d0156777807a21cd

875d8b74f9a21137b511abef11b10bade00eee6f

9988487098fdb883d640444021c9ff90d0385bc18d4c7a40cf9d68be317b2f0e

HTTP Headers

                                        POST /cdn-cgi/challenge-platform/h/g/flow/ov1/703991290:1685999389:wGwN9wbsF_-tXZzC8jElDv_ml-Sc3JLw2mJz_84cwuc/7d2bc5e0e891fab8/9706baacdb859a6 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/rowmh/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 9706baacdb859a6
Content-Length: 21078
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 05 Jun 2023 22:15:15 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: fX2KVKtQ1eQP1j8kpxCDNESDU8gmn9pbP3iCp7+ciR1+6bI3m3Myt/tNunL58rYj$PxIfeWDkMrXGHgMRX4Ku8A==
server: cloudflare
cf-ray: 7d2bc5f23b43fab8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (10)

#1 JS:Script (size: 176869)

#2 JS:Script (size: 26)

#3 JS:Script (size: 626)

#4 JS:Script (size: 0)

#5 JS:Script (size: 168146)

#6 JS:Script (size: 19176)

#7 JS:Script (size: 2146)

#1 JS:Eval (size: 4)

#2 JS:Eval (size: 2269)

#3 JS:Eval (size: 1015)

HTTP Transactions (13)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

Magic

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

Magic

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

Magic

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

Magic

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

Magic

Size

Hash

HTTP Headers