nku.metaverse-place.sa.com/css/folder/sf_rand_string_lowercase6/c2NpX3Blcm1pdHNfbm9yZXBseUBzZWF0dGxlLmdvdg==
200 OK
0
URL
User Request
GET
HTTP/1.1
nku.metaverse-place.sa.com/css/folder/sf_rand_string_lowercase6/c2NpX3Blcm1pdHNfbm9yZXBseUBzZWF0dGxlLmdvdg==
IP
Certificate
IssuerLet's Encrypt
Subjectmetaverse-place.sa.com
FingerprintE7:78:C9:4C:87:93:14:89:DA:61:01:75:4B:AE:7B:05:AB:AE:D0:D8
ValidityMon, 05 Jun 2023 22:48:37 GMT - Sun, 03 Sep 2023 22:48:36 GMT
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer
Verdict
Alert
urlquery
phishing
Phishing - Microsoft Outlook
GET /css/folder/sf_rand_string_lowercase6/c2NpX3Blcm1pdHNfbm9yZXBseUBzZWF0dGxlLmdvdg== HTTP/1.1
Host: nku.metaverse-place.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 10 Jun 2023 00:31:52 GMT
Server: Apache
refresh: 0;url=https://z2uhqfc.salonnghi.com/Msci_permits_noreply@seattle.gov
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
z2uhqfc.salonnghi.com/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7d4d839589ab0b02
42
URL
z2uhqfc.salonnghi.com/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7d4d839589ab0b02
IP
Magic
GIF image data, version 89a, 1 x 1\012- data
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /cdn-cgi/images/trace/managed/js/transparent.gif?ray=7d4d839589ab0b02 HTTP/1.1
Host: z2uhqfc.salonnghi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://z2uhqfc.salonnghi.com/Msci_permits_noreply@seattle.gov
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 10 Jun 2023 00:31:53 GMT
content-type: image/gif
content-length: 42
last-modified: Tue, 06 Jun 2023 11:54:00 GMT
etag: "647f1e58-2a"
server: cloudflare
cf-ray: 7d4d83967dba1bfe-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Sat, 10 Jun 2023 02:31:53 GMT
cache-control: max-age=7200, public
accept-ranges: bytes
z2uhqfc.salonnghi.com/jm/d5545046006a632b0f79db3917c3ece96483c47b42c6f
200 OK
10965
URL
GET
HTTP/3
z2uhqfc.salonnghi.com/jm/d5545046006a632b0f79db3917c3ece96483c47b42c6f
IP
Requested by
https://z2uhqfc.salonnghi.com/beebb091955c06fa68b3eb8afc0bae516483c47b35777PASbeebb091955c06fa68b3eb8afc0bae516483c47b35779
Certificate
IssuerGoogle Trust Services LLC
Subjectsalonnghi.com
FingerprintD7:80:3D:92:53:F8:24:75:49:8C:99:9A:0B:5E:8D:CE:DD:9D:AA:07
ValidityTue, 06 Jun 2023 17:22:48 GMT - Mon, 04 Sep 2023 17:22:47 GMT
Magic
ASCII text, with very long lines (6149), with no line terminators
Hash
93aae148989a78e99a23d9ca0c363c8a
b692873e3b6523458a636a50a736b0e9265963a8
24222e1acb18736764d7d4234f3772529beb02c3979cd5bbff51791809ead525
GET /jm/d5545046006a632b0f79db3917c3ece96483c47b42c6f HTTP/1.1
Host: z2uhqfc.salonnghi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z2uhqfc.salonnghi.com/beebb091955c06fa68b3eb8afc0bae516483c47b35777PASbeebb091955c06fa68b3eb8afc0bae516483c47b35779
Cookie: cf_clearance=YkqcRS.QOpIVhtEwy31I_kufSEjqJL89Mbq_3s4r3.w-1686357113-0-160; PHPSESSID=df24daef27535c6c1d283aa1efdcba19
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 10 Jun 2023 00:31:56 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Sat, 17 Jun 2023 00:31:55 GMT
last-modified: Mon, 29 May 2023 13:08:58 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q1I1GkH%2FLFNFlTTHbC6x3phhfCGuhFV4R6%2BzIvR%2BFlGUQI9ydRE3pjLsTsXBg4EPd09vn9G2K2%2Fs9gDPNJKYnrUpU76dcC3Sz6WP5ZOHYz5K2kjs0x2jXrEYpv3vIyZRnWmdgbxCOYM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d4d83a7ddff1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
z2uhqfc.salonnghi.com/o/d5545046006a632b0f79db3917c3ece96483c47ba9cee
200 OK
144726
URL
GET
HTTP/3
z2uhqfc.salonnghi.com/o/d5545046006a632b0f79db3917c3ece96483c47ba9cee
IP
Requested by
https://z2uhqfc.salonnghi.com/beebb091955c06fa68b3eb8afc0bae516483c47b35777PASbeebb091955c06fa68b3eb8afc0bae516483c47b35779
Certificate
IssuerGoogle Trust Services LLC
Subjectsalonnghi.com
FingerprintD7:80:3D:92:53:F8:24:75:49:8C:99:9A:0B:5E:8D:CE:DD:9D:AA:07
ValidityTue, 06 Jun 2023 17:22:48 GMT - Mon, 04 Sep 2023 17:22:47 GMT
Magic
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (3651), with no line terminators
Hash
ee5c8d9fb6248c938fd0dc19370e90bd
d01a22720918b781338b5bbf9202b241a5f99ee4
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
GET /o/d5545046006a632b0f79db3917c3ece96483c47ba9cee HTTP/1.1
Host: z2uhqfc.salonnghi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z2uhqfc.salonnghi.com/beebb091955c06fa68b3eb8afc0bae516483c47b35777PASbeebb091955c06fa68b3eb8afc0bae516483c47b35779
Cookie: cf_clearance=YkqcRS.QOpIVhtEwy31I_kufSEjqJL89Mbq_3s4r3.w-1686357113-0-160; PHPSESSID=df24daef27535c6c1d283aa1efdcba19
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 10 Jun 2023 00:31:56 GMT
content-type: image/svg+xml
cache-control: public, max-age=604800
expires: Sat, 17 Jun 2023 00:31:55 GMT
last-modified: Sun, 16 Apr 2023 00:00:06 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dnuRZwfilb%2Btp4kzMttv7oB5uI2gTuY5VvGoXdWkYOLDHyUQ3pOq6ReIQ5xosAYGxR0V1zBjmQljTWwnkL176el8qt6aFXLgUtU14sp6kCTfQVZm93QUAdVJlep7Y52%2FTOrhi7gbdHs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d4d83a9feec1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
z2uhqfc.salonnghi.com/2
200 OK
39299
IP
Requested by
https://z2uhqfc.salonnghi.com/beebb091955c06fa68b3eb8afc0bae516483c47b35777PASbeebb091955c06fa68b3eb8afc0bae516483c47b35779
Certificate
IssuerGoogle Trust Services LLC
Subjectsalonnghi.com
FingerprintD7:80:3D:92:53:F8:24:75:49:8C:99:9A:0B:5E:8D:CE:DD:9D:AA:07
ValidityTue, 06 Jun 2023 17:22:48 GMT - Mon, 04 Sep 2023 17:22:47 GMT
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /2 HTTP/1.1
Host: z2uhqfc.salonnghi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z2uhqfc.salonnghi.com/beebb091955c06fa68b3eb8afc0bae516483c47b35777PASbeebb091955c06fa68b3eb8afc0bae516483c47b35779
Cookie: cf_clearance=YkqcRS.QOpIVhtEwy31I_kufSEjqJL89Mbq_3s4r3.w-1686357113-0-160; PHPSESSID=df24daef27535c6c1d283aa1efdcba19
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 10 Jun 2023 00:31:56 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J4VNd8XueX73Id7lOyIGCnzEvnDPztjODC33HxDSNEfSCoUetvgzyCYyIMcIqm2Z4q%2B2CbsH7R2ajtK%2FmSktGsRgxMPqrgRZ5f8k2eRRqSETntaSFmxFp6lS4FBlis8mUtNrGBy1nO4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d4d83a96ea71bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
z2uhqfc.salonnghi.com/APP-I0NYKG/d5545046006a632b0f79db3917c3ece96483c47ba9caf
200 OK
105369
URL
GET
HTTP/3
z2uhqfc.salonnghi.com/APP-I0NYKG/d5545046006a632b0f79db3917c3ece96483c47ba9caf
IP
Requested by
https://z2uhqfc.salonnghi.com/beebb091955c06fa68b3eb8afc0bae516483c47b35777PASbeebb091955c06fa68b3eb8afc0bae516483c47b35779
Certificate
IssuerGoogle Trust Services LLC
Subjectsalonnghi.com
FingerprintD7:80:3D:92:53:F8:24:75:49:8C:99:9A:0B:5E:8D:CE:DD:9D:AA:07
ValidityTue, 06 Jun 2023 17:22:48 GMT - Mon, 04 Sep 2023 17:22:47 GMT
Magic
ASCII text, with very long lines (65536), with no line terminators
Hash
8e6b0f88563f9c33f78bce65cf287df7
ef7765cd2a7d64ed27dd7344702597aff6f8c397
a7057bebfff43e7281ca31da00d40bd88c8d02d1576b9c45891dd56a3853269a
GET /APP-I0NYKG/d5545046006a632b0f79db3917c3ece96483c47ba9caf HTTP/1.1
Host: z2uhqfc.salonnghi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z2uhqfc.salonnghi.com/beebb091955c06fa68b3eb8afc0bae516483c47b35777PASbeebb091955c06fa68b3eb8afc0bae516483c47b35779
Cookie: cf_clearance=YkqcRS.QOpIVhtEwy31I_kufSEjqJL89Mbq_3s4r3.w-1686357113-0-160; PHPSESSID=df24daef27535c6c1d283aa1efdcba19
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 10 Jun 2023 00:31:57 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Sat, 17 Jun 2023 00:31:56 GMT
last-modified: Sun, 16 Apr 2023 00:00:06 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YxxYXPr0apyh9%2FQNf47bf%2FJpUZPG4%2FA9iMu7GLyIDGnGAu%2F03iF5K3JLGX%2Bw29OE5XlAiidz%2FQMsZxJwVflil%2B%2FOS5IzwRqkjSOGTZd7pz6h3NO10BrbBbKzZHyD5HjQrBKQs79OCAQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d4d83aa1efc1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
aadcdn.msauthimages.net/dbd5a2dd-2nwggyjlixhr1aucyxmrsdswj9-cisdwzmuvy2y155q/logintenantbranding/0/illustration?ts=637486843221067517
200 OK
143315
URL
GET
HTTP/2
aadcdn.msauthimages.net/dbd5a2dd-2nwggyjlixhr1aucyxmrsdswj9-cisdwzmuvy2y155q/logintenantbranding/0/illustration?ts=637486843221067517
IP
Requested by
https://z2uhqfc.salonnghi.com/beebb091955c06fa68b3eb8afc0bae516483c47b35777PASbeebb091955c06fa68b3eb8afc0bae516483c47b35779
Certificate
IssuerMicrosoft Corporation
Subjectaadcdn.msauthimages.net
Fingerprint6B:EB:AC:06:FC:06:82:11:17:1C:6B:72:7D:B5:95:2D:CF:E7:A3:5D
ValidityWed, 08 Mar 2023 11:16:34 GMT - Sat, 02 Mar 2024 11:16:34 GMT
Magic
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1420x1080, components 3\012- data
Hash
63075dc50ec54cd6e0d128f0ab853582
076e37d3936235b91cd4ff1a9b17da316df51d24
e0f41fd5f16710a3e9d38b96ffeb3bd296339fd2fcad5aebf610900227cabde0
GET /dbd5a2dd-2nwggyjlixhr1aucyxmrsdswj9-cisdwzmuvy2y155q/logintenantbranding/0/illustration?ts=637486843221067517 HTTP/1.1
Host: aadcdn.msauthimages.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z2uhqfc.salonnghi.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
cache-control: public, max-age=86400
content-md5: YwddxQ7FTNbg0Sjwq4U1gg==
content-type: image/*
date: Sat, 10 Jun 2023 00:31:58 GMT
etag: 0x8D8CEE8079082B8
last-modified: Thu, 11 Feb 2021 23:52:02 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
vary: Origin
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: d3437868-701e-010c-5d32-9b28fd000000
x-ms-version: 2009-09-19
content-length: 143315
X-Firefox-Spdy: h2
unpkg.com/axios/dist/axios.min.js
302 Found
31842
URL
GET
HTTP/2
unpkg.com/axios/dist/axios.min.js
IP
Requested by
https://z2uhqfc.salonnghi.com/beebb091955c06fa68b3eb8afc0bae516483c47b35777PASbeebb091955c06fa68b3eb8afc0bae516483c47b35779
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintF7:B6:41:CA:15:FD:D1:0C:27:39:55:5D:C5:CE:3F:1C:A6:BB:9D:6F
ValidityTue, 02 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /axios/dist/axios.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z2uhqfc.salonnghi.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Sat, 10 Jun 2023 00:31:56 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /axios@1.4.0/dist/axios.min.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01H2HAYY6ZCQV2T5ZCKAS8YYY1-fra
cf-cache-status: HIT
age: 528
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d4d83a80950b52d-OSL
X-Firefox-Spdy: h2
z2uhqfc.salonnghi.com/api-as1f?email=sci_permits_noreply@seattle.gov&data=logo
200 OK
168
URL
GET
HTTP/3
z2uhqfc.salonnghi.com/api-as1f?email=sci_permits_noreply@seattle.gov&data=logo
IP
Requested by
https://z2uhqfc.salonnghi.com/beebb091955c06fa68b3eb8afc0bae516483c47b35777PASbeebb091955c06fa68b3eb8afc0bae516483c47b35779
Certificate
IssuerGoogle Trust Services LLC
Subjectsalonnghi.com
FingerprintD7:80:3D:92:53:F8:24:75:49:8C:99:9A:0B:5E:8D:CE:DD:9D:AA:07
ValidityTue, 06 Jun 2023 17:22:48 GMT - Mon, 04 Sep 2023 17:22:47 GMT
Magic
troff or preprocessor input, ASCII text, with no line terminators
Hash
c5adc5c77c1e5bce19ee51927ac8938a
bc85d885ce140d0292ade0b5186aacf37e95ba05
61e0fa6c6a1e3ad2e29a939e3af6174793553322e067c983283552a612398cb3
GET /api-as1f?email=sci_permits_noreply@seattle.gov&data=logo HTTP/1.1
Host: z2uhqfc.salonnghi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z2uhqfc.salonnghi.com/beebb091955c06fa68b3eb8afc0bae516483c47b35777PASbeebb091955c06fa68b3eb8afc0bae516483c47b35779
Cookie: cf_clearance=YkqcRS.QOpIVhtEwy31I_kufSEjqJL89Mbq_3s4r3.w-1686357113-0-160; PHPSESSID=df24daef27535c6c1d283aa1efdcba19
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 10 Jun 2023 00:31:57 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rx3zqkIG8KFHQbuorcl%2FXm4G8QjDzVci9rhYcKXzm%2FiBcg6rC%2BADKQc8dI6TG1XxTjiuH8j%2B40PEL1Kq6NFGrMZXIyA7R%2F2mIvua44yFWrD3mO9WgEUXXZZxB%2FnjJymxeW2UWKhEENY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d4d83aa0ef81bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
z2uhqfc.salonnghi.com/e/d5545046006a632b0f79db3917c3ece96483c47ba9d06
200 OK
513
URL
GET
HTTP/3
z2uhqfc.salonnghi.com/e/d5545046006a632b0f79db3917c3ece96483c47ba9d06
IP
Requested by
https://z2uhqfc.salonnghi.com/beebb091955c06fa68b3eb8afc0bae516483c47b35777PASbeebb091955c06fa68b3eb8afc0bae516483c47b35779
Certificate
IssuerGoogle Trust Services LLC
Subjectsalonnghi.com
FingerprintD7:80:3D:92:53:F8:24:75:49:8C:99:9A:0B:5E:8D:CE:DD:9D:AA:07
ValidityTue, 06 Jun 2023 17:22:48 GMT - Mon, 04 Sep 2023 17:22:47 GMT
Magic
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (529), with no line terminators
Hash
adc405f5fd089662209870ca5d2106f7
3a8b776df84bf251afc6ddd802cc5bbeddfb0e36
e7bacc97751689afaae192e103fe9851664365c57c7d783560860ad456db7e49
GET /e/d5545046006a632b0f79db3917c3ece96483c47ba9d06 HTTP/1.1
Host: z2uhqfc.salonnghi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z2uhqfc.salonnghi.com/beebb091955c06fa68b3eb8afc0bae516483c47b35777PASbeebb091955c06fa68b3eb8afc0bae516483c47b35779
Cookie: cf_clearance=YkqcRS.QOpIVhtEwy31I_kufSEjqJL89Mbq_3s4r3.w-1686357113-0-160; PHPSESSID=df24daef27535c6c1d283aa1efdcba19
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 10 Jun 2023 00:31:56 GMT
content-type: image/svg+xml
cache-control: public, max-age=604800
expires: Sat, 17 Jun 2023 00:31:55 GMT
last-modified: Sun, 16 Apr 2023 00:00:06 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WErxKyAhRqYe07eCKJdXaLfSWqx%2FCj57NMUMaeDMKfYbDx25SQ%2FBQw6cEn27BurRhQXjEDL%2BrHpKR0f7M2x5kNNznXQYmKpQF2Z4%2BuBLmCVQTEsrE8Gk1k%2Bzbh9eRcOLvQSD%2BhJKtHM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d4d83a9feee1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
z2uhqfc.salonnghi.com/cdn-cgi/challenge-platform/scripts/invisible.js
302 Found
0
URL
GET
HTTP/3
z2uhqfc.salonnghi.com/cdn-cgi/challenge-platform/scripts/invisible.js
IP
Requested by
https://z2uhqfc.salonnghi.com/beebb091955c06fa68b3eb8afc0bae516483c47b35777PASbeebb091955c06fa68b3eb8afc0bae516483c47b35779
Certificate
IssuerGoogle Trust Services LLC
Subjectsalonnghi.com
FingerprintD7:80:3D:92:53:F8:24:75:49:8C:99:9A:0B:5E:8D:CE:DD:9D:AA:07
ValidityTue, 06 Jun 2023 17:22:48 GMT - Mon, 04 Sep 2023 17:22:47 GMT
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cdn-cgi/challenge-platform/scripts/invisible.js HTTP/1.1
Host: z2uhqfc.salonnghi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=YkqcRS.QOpIVhtEwy31I_kufSEjqJL89Mbq_3s4r3.w-1686357113-0-160; PHPSESSID=df24daef27535c6c1d283aa1efdcba19
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 302 Found
date: Sat, 10 Jun 2023 00:31:56 GMT
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/5da7637f/invisible.js
vary: accept-encoding
access-control-allow-origin: *
cache-control: max-age=300, public
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5q36NALXctIDPXIuFbWFraX1NSwXvCMvizlT0Bl0wITtPqqRzp0AXijgvHwoTEm48SQylrTzHcC2I7TfplYSS5IK9mLUGeSMXqEqIZF9vzIUepuC%2BeTb4aQFL8RJnte3v48znI5GoRY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d4d83aa0efb1bfe-OSL
alt-svc: h3=":443"; ma=86400
z2uhqfc.salonnghi.com/jq/d5545046006a632b0f79db3917c3ece96483c47b42c69
200 OK
85578
URL
GET
HTTP/3
z2uhqfc.salonnghi.com/jq/d5545046006a632b0f79db3917c3ece96483c47b42c69
IP
Requested by
https://z2uhqfc.salonnghi.com/beebb091955c06fa68b3eb8afc0bae516483c47b35777PASbeebb091955c06fa68b3eb8afc0bae516483c47b35779
Certificate
IssuerGoogle Trust Services LLC
Subjectsalonnghi.com
FingerprintD7:80:3D:92:53:F8:24:75:49:8C:99:9A:0B:5E:8D:CE:DD:9D:AA:07
ValidityTue, 06 Jun 2023 17:22:48 GMT - Mon, 04 Sep 2023 17:22:47 GMT
Magic
ASCII text, with very long lines (32065)
Hash
2f6b11a7e914718e0290410e85366fe9
69bb69e25ca7d5ef0935317584e6153f3fd9a88c
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
GET /jq/d5545046006a632b0f79db3917c3ece96483c47b42c69 HTTP/1.1
Host: z2uhqfc.salonnghi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z2uhqfc.salonnghi.com/beebb091955c06fa68b3eb8afc0bae516483c47b35777PASbeebb091955c06fa68b3eb8afc0bae516483c47b35779
Cookie: cf_clearance=YkqcRS.QOpIVhtEwy31I_kufSEjqJL89Mbq_3s4r3.w-1686357113-0-160; PHPSESSID=df24daef27535c6c1d283aa1efdcba19
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 10 Jun 2023 00:31:56 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Sat, 17 Jun 2023 00:31:55 GMT
last-modified: Sun, 16 Apr 2023 00:00:06 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A4PANTcbiQconcRPv5PHlBR57W4ruHjWuMfDyJQyJj61IgCesdOFZhohb93u2dom0qYlvvsfGgkHXsxsHcKSw2fcjFDAM3auwcVKWekRP9FTnhSiTLmmqSBjr5XXAch7XFYbkr3a7Eo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d4d83a7ddfd1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
unpkg.com/axios@1.4.0/dist/axios.min.js
200 OK
31842
URL
GET
HTTP/2
unpkg.com/axios@1.4.0/dist/axios.min.js
IP
Requested by
https://z2uhqfc.salonnghi.com/beebb091955c06fa68b3eb8afc0bae516483c47b35777PASbeebb091955c06fa68b3eb8afc0bae516483c47b35779
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintF7:B6:41:CA:15:FD:D1:0C:27:39:55:5D:C5:CE:3F:1C:A6:BB:9D:6F
ValidityTue, 02 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT
Magic
ASCII text, with very long lines (31803)
Hash
6470a918ba1fd4b8d0882df0269ddb82
97814fdab64aa7d1b30f082f9eb272d4b1ce18a2
fd4ce12a87594281afcee9c73a40fe7acc282bcc9e764fbb3afa1481a96a091e
GET /axios@1.4.0/dist/axios.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://z2uhqfc.salonnghi.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 10 Jun 2023 00:31:56 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"7c62-l4FP2rZKp9GzDwgvnrJy1LHOGKI"
via: 1.1 fly.io
fly-request-id: 01GZP8TZEXW4PFCT61FHX2WRTS-fra
cf-cache-status: HIT
age: 3056208
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d4d83a83967b52d-OSL
content-encoding: br
X-Firefox-Spdy: h2
z2uhqfc.salonnghi.com/api-as1f?email=sci_permits_noreply@seattle.gov&data=background
200 OK
176
URL
GET
HTTP/3
z2uhqfc.salonnghi.com/api-as1f?email=sci_permits_noreply@seattle.gov&data=background
IP
Requested by
https://z2uhqfc.salonnghi.com/beebb091955c06fa68b3eb8afc0bae516483c47b35777PASbeebb091955c06fa68b3eb8afc0bae516483c47b35779
Certificate
IssuerGoogle Trust Services LLC
Subjectsalonnghi.com
FingerprintD7:80:3D:92:53:F8:24:75:49:8C:99:9A:0B:5E:8D:CE:DD:9D:AA:07
ValidityTue, 06 Jun 2023 17:22:48 GMT - Mon, 04 Sep 2023 17:22:47 GMT
Magic
troff or preprocessor input, ASCII text, with no line terminators
Hash
49ca9fba14276bc083795c102a67c45d
6b43fbf6c9c1e1c0385e09f520734a94f93d136c
4ff4ad0d01a3f04936fd9045274fbed55da354354748510d9c844dfa725cc04a
GET /api-as1f?email=sci_permits_noreply@seattle.gov&data=background HTTP/1.1
Host: z2uhqfc.salonnghi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z2uhqfc.salonnghi.com/beebb091955c06fa68b3eb8afc0bae516483c47b35777PASbeebb091955c06fa68b3eb8afc0bae516483c47b35779
Cookie: cf_clearance=YkqcRS.QOpIVhtEwy31I_kufSEjqJL89Mbq_3s4r3.w-1686357113-0-160; PHPSESSID=df24daef27535c6c1d283aa1efdcba19
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 10 Jun 2023 00:31:58 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sHoVZrY0UCWfK736S1HW8xGYkUE1TsJKYCrNS5QwlIO5gEz9MMWFWVnBDyyagd1VjhfX6bxMkSMLFPeaAiL9%2F06p7w0jLZphaPX61qFDyLf1AqkAWxdiOxDrplv77oaym3U4y5%2B6I1c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d4d83aa0efa1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
z2uhqfc.salonnghi.com/Msci_permits_noreply@seattle.gov
403 Forbidden
7767
URL
User Request
GET
HTTP/2
z2uhqfc.salonnghi.com/Msci_permits_noreply@seattle.gov
IP
Certificate
IssuerGoogle Trust Services LLC
Subjectsalonnghi.com
FingerprintD7:80:3D:92:53:F8:24:75:49:8C:99:9A:0B:5E:8D:CE:DD:9D:AA:07
ValidityTue, 06 Jun 2023 17:22:48 GMT - Mon, 04 Sep 2023 17:22:47 GMT
Magic
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7936), with no line terminators
Hash
f4709c41f66242d336dcd43716a21222
ed435b9a60b4bf38f366d0acaa22a1ee182f7429
a2b4758d5a202fd180536fa6f5b80d9e3f350f263e11bd44cce2e69148ff7f3b
Analyzer
Verdict
Alert
urlquery
phishing
Phishing - Microsoft Outlook
GET /Msci_permits_noreply@seattle.gov HTTP/1.1
Host: z2uhqfc.salonnghi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 403 Forbidden
date: Sat, 10 Jun 2023 00:31:53 GMT
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cP3v%2FFPS%2F5JkrG3I0mLr5oN1ksEvJYeuBm7iuWcBYkQfs5fFy9DrZTfW3UeBX3vTgtNgr6X5qQTHdjzHCDW7eSw%2B0epla5j0HMqDy9igArZDIa%2FUV464q0iVm6JcndN2gl7n%2BQ9M9Ho%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d4d839589ab0b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
z2uhqfc.salonnghi.com/boot/d5545046006a632b0f79db3917c3ece96483c47b42c6e
200 OK
51039
URL
GET
HTTP/3
z2uhqfc.salonnghi.com/boot/d5545046006a632b0f79db3917c3ece96483c47b42c6e
IP
Requested by
https://z2uhqfc.salonnghi.com/beebb091955c06fa68b3eb8afc0bae516483c47b35777PASbeebb091955c06fa68b3eb8afc0bae516483c47b35779
Certificate
IssuerGoogle Trust Services LLC
Subjectsalonnghi.com
FingerprintD7:80:3D:92:53:F8:24:75:49:8C:99:9A:0B:5E:8D:CE:DD:9D:AA:07
ValidityTue, 06 Jun 2023 17:22:48 GMT - Mon, 04 Sep 2023 17:22:47 GMT
Magic
ASCII text, with very long lines (50758)
Hash
67176c242e1bdc20603c878dee836df3
27a71b00383d61ef3c489326b3564d698fc1227c
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
GET /boot/d5545046006a632b0f79db3917c3ece96483c47b42c6e HTTP/1.1
Host: z2uhqfc.salonnghi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z2uhqfc.salonnghi.com/beebb091955c06fa68b3eb8afc0bae516483c47b35777PASbeebb091955c06fa68b3eb8afc0bae516483c47b35779
Cookie: cf_clearance=YkqcRS.QOpIVhtEwy31I_kufSEjqJL89Mbq_3s4r3.w-1686357113-0-160; PHPSESSID=df24daef27535c6c1d283aa1efdcba19
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 10 Jun 2023 00:31:56 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Sat, 17 Jun 2023 00:31:55 GMT
last-modified: Sun, 16 Apr 2023 00:00:06 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bhjpEBSH4qXzd%2FWp1EPyr9AvQkzrWWLvQ89wdm6gf97jsVQU0XKxq4C3lI0BYusm%2B6mp8m0fJ33SH8ZIUEa7RPCFsVKd88%2FI2lCABVJ7OY5%2BJfJcs29WXg7aoSVNbSZ%2B5BjoPEEYZJ4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d4d83a7ddfe1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
aadcdn.msauthimages.net/dbd5a2dd-2nwggyjlixhr1aucyxmrsdswj9-cisdwzmuvy2y155q/logintenantbranding/0/bannerlogo?ts=637486843234061094
200 OK
8627
URL
GET
HTTP/2
aadcdn.msauthimages.net/dbd5a2dd-2nwggyjlixhr1aucyxmrsdswj9-cisdwzmuvy2y155q/logintenantbranding/0/bannerlogo?ts=637486843234061094
IP
Requested by
https://z2uhqfc.salonnghi.com/beebb091955c06fa68b3eb8afc0bae516483c47b35777PASbeebb091955c06fa68b3eb8afc0bae516483c47b35779
Certificate
IssuerMicrosoft Corporation
Subjectaadcdn.msauthimages.net
Fingerprint6B:EB:AC:06:FC:06:82:11:17:1C:6B:72:7D:B5:95:2D:CF:E7:A3:5D
ValidityWed, 08 Mar 2023 11:16:34 GMT - Sat, 02 Mar 2024 11:16:34 GMT
Magic
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 230x70, components 3\012- data
Hash
2a243fb794b9b8867957ae5a23604733
ac0298b9baf391bb51cd0a44f76b5699cf4a959a
d68a0033ab9e6843cbaff1c4008cd4d009e6c5f10426130baaab3fa3f7e33bae
GET /dbd5a2dd-2nwggyjlixhr1aucyxmrsdswj9-cisdwzmuvy2y155q/logintenantbranding/0/bannerlogo?ts=637486843234061094 HTTP/1.1
Host: aadcdn.msauthimages.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z2uhqfc.salonnghi.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
cache-control: public, max-age=86400
content-md5: KiQ/t5S5uIZ5V65aI2BHMw==
content-type: image/*
date: Sat, 10 Jun 2023 00:31:57 GMT
etag: 0x8D8CEE8084C7A52
last-modified: Thu, 11 Feb 2021 23:52:03 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
vary: Origin
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: d59075a3-201e-005f-6632-9b72a7000000
x-ms-version: 2009-09-19
content-length: 8627
X-Firefox-Spdy: h2
z2uhqfc.salonnghi.com/beebb091955c06fa68b3eb8afc0bae516483c47b35777PASbeebb091955c06fa68b3eb8afc0bae516483c47b35779
200 OK
24167
URL
User Request
GET
HTTP/3
z2uhqfc.salonnghi.com/beebb091955c06fa68b3eb8afc0bae516483c47b35777PASbeebb091955c06fa68b3eb8afc0bae516483c47b35779
IP
Certificate
IssuerGoogle Trust Services LLC
Subjectsalonnghi.com
FingerprintD7:80:3D:92:53:F8:24:75:49:8C:99:9A:0B:5E:8D:CE:DD:9D:AA:07
ValidityTue, 06 Jun 2023 17:22:48 GMT - Mon, 04 Sep 2023 17:22:47 GMT
Magic
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (22448)
Hash
5e30c912517e8beeacc19aba04e07218
4fb17aab0d935d057f6fbd83db21e16dbdb86cb4
02791a013dbe784c8984dd5da87d24de5ad58b01d6f25a05bf2e65ec931f3e82
GET /beebb091955c06fa68b3eb8afc0bae516483c47b35777PASbeebb091955c06fa68b3eb8afc0bae516483c47b35779 HTTP/1.1
Host: z2uhqfc.salonnghi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://z2uhqfc.salonnghi.com/Msci_permits_noreply@seattle.gov?__cf_chl_tk=JdrQiYs.T2veq8.LsDjwbybzG8wXa6FsuGL5iLMfJIo-1686357113-0-gaNycGzNC9A
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=YkqcRS.QOpIVhtEwy31I_kufSEjqJL89Mbq_3s4r3.w-1686357113-0-160; PHPSESSID=df24daef27535c6c1d283aa1efdcba19
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 10 Jun 2023 00:31:56 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f%2FgtJGbP1UgAEbdN0nncrzejbdBeJ8LwwyFWYkit597EJotr6H4FNHDrJ0SpzLjxrrsgCZsUqT0lKy016qqY%2BS2TZ2Na7VSu1d%2BBy0hzljSy1rO8ZFO9iWKekpUUszEn2pSSv7BGLCU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d4d83a6dd951bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
z2uhqfc.salonnghi.com/Msci_permits_noreply@seattle.gov
302 Found
24167
URL
User Request
POST
HTTP/3
z2uhqfc.salonnghi.com/Msci_permits_noreply@seattle.gov
IP
Certificate
IssuerGoogle Trust Services LLC
Subjectsalonnghi.com
FingerprintD7:80:3D:92:53:F8:24:75:49:8C:99:9A:0B:5E:8D:CE:DD:9D:AA:07
ValidityTue, 06 Jun 2023 17:22:48 GMT - Mon, 04 Sep 2023 17:22:47 GMT
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer
Verdict
Alert
urlquery
phishing
Phishing - Microsoft Outlook
POST /Msci_permits_noreply@seattle.gov HTTP/1.1
Host: z2uhqfc.salonnghi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://z2uhqfc.salonnghi.com/Msci_permits_noreply@seattle.gov?__cf_chl_tk=JdrQiYs.T2veq8.LsDjwbybzG8wXa6FsuGL5iLMfJIo-1686357113-0-gaNycGzNC9A
Content-Type: application/x-www-form-urlencoded
Content-Length: 3190
Origin: https://z2uhqfc.salonnghi.com
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 302 Found
date: Sat, 10 Jun 2023 00:31:55 GMT
content-type: text/html; charset=UTF-8
location: ./beebb091955c06fa68b3eb8afc0bae516483c47b35777PASbeebb091955c06fa68b3eb8afc0bae516483c47b35779
set-cookie: cf_clearance=YkqcRS.QOpIVhtEwy31I_kufSEjqJL89Mbq_3s4r3.w-1686357113-0-160; path=/; expires=Sun, 09-Jun-24 00:31:55 GMT; domain=.salonnghi.com; HttpOnly; Secure; SameSite=None
PHPSESSID=df24daef27535c6c1d283aa1efdcba19; path=/; secure
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qx3ByZH%2Fjv0QSZtS6xCnJW9RSOcfVLX64Mlbc1TNYhgJQm6dojOoZL1%2BRMs8stQuowBZ6uIDJ0IDlm0M7KyZI1nL6kwCA91%2FtMfzKc13tg7nn4RtM35H4nXK8R9gje1SF048eGGStA0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d4d83a4acb01bfe-OSL
alt-svc: h3=":443"; ma=86400
z2uhqfc.salonnghi.com/favicon.ico
0
URL
GET
z2uhqfc.salonnghi.com/favicon.ico
IP
Requested by
https://z2uhqfc.salonnghi.com/beebb091955c06fa68b3eb8afc0bae516483c47b35777PASbeebb091955c06fa68b3eb8afc0bae516483c47b35779
Certificate
IssuerGoogle Trust Services LLC
Subjectsalonnghi.com
FingerprintD7:80:3D:92:53:F8:24:75:49:8C:99:9A:0B:5E:8D:CE:DD:9D:AA:07
ValidityTue, 06 Jun 2023 17:22:48 GMT - Mon, 04 Sep 2023 17:22:47 GMT
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: z2uhqfc.salonnghi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z2uhqfc.salonnghi.com/beebb091955c06fa68b3eb8afc0bae516483c47b35777PASbeebb091955c06fa68b3eb8afc0bae516483c47b35779
Cookie: cf_clearance=YkqcRS.QOpIVhtEwy31I_kufSEjqJL89Mbq_3s4r3.w-1686357113-0-160; PHPSESSID=df24daef27535c6c1d283aa1efdcba19
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
z2uhqfc.salonnghi.com/ic/d5545046006a632b0f79db3917c3ece96483c47ba9ca6
200 OK
17174
URL
GET
HTTP/3
z2uhqfc.salonnghi.com/ic/d5545046006a632b0f79db3917c3ece96483c47ba9ca6
IP
Requested by
https://z2uhqfc.salonnghi.com/beebb091955c06fa68b3eb8afc0bae516483c47b35777PASbeebb091955c06fa68b3eb8afc0bae516483c47b35779
Certificate
IssuerGoogle Trust Services LLC
Subjectsalonnghi.com
FingerprintD7:80:3D:92:53:F8:24:75:49:8C:99:9A:0B:5E:8D:CE:DD:9D:AA:07
ValidityTue, 06 Jun 2023 17:22:48 GMT - Mon, 04 Sep 2023 17:22:47 GMT
Magic
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors\012- data
Hash
12e3dac858061d088023b2bd48e2fa96
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
GET /ic/d5545046006a632b0f79db3917c3ece96483c47ba9ca6 HTTP/1.1
Host: z2uhqfc.salonnghi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z2uhqfc.salonnghi.com/beebb091955c06fa68b3eb8afc0bae516483c47b35777PASbeebb091955c06fa68b3eb8afc0bae516483c47b35779
Cookie: cf_clearance=YkqcRS.QOpIVhtEwy31I_kufSEjqJL89Mbq_3s4r3.w-1686357113-0-160; PHPSESSID=df24daef27535c6c1d283aa1efdcba19
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 10 Jun 2023 00:31:57 GMT
content-type: image/x-icon
cache-control: public, max-age=604800
expires: Sat, 17 Jun 2023 00:31:56 GMT
last-modified: Sun, 16 Apr 2023 00:00:06 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bJo7oavYOX4C%2FxZ1bl%2BtHsNwfi2uv%2FUgj9pbEBA9gnD32dAuqDJMSLLzDmROb0X1%2FF2ZVNeR%2FTQ4oMBj7uWQxMTmXWxba06Lw8SFh0w8fe4ZdBf9l3fmtbL2cM6sW6Mjl%2F17DVn7b5c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d4d83ad18ee1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
172.111.230.78
104.16.126.175
188.114.96.1![URL z2uhqfc.salonnghi.com/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7d4d839589ab0b02](/search?q=http.url.addr:"z2uhqfc.salonnghi.com%2fcdn-cgi%2fimages%2ftrace%2fmanaged%2fjs%2ftransparent.gif%3fray%3d7d4d839589ab0b02"){kind=link}