Report - cleo-bc3.pages.dev/

Report Overview

Submitted URL
cleo-bc3.pages.dev/
IP
188.114.97.1
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-20 06:20:21
Access
public
Website Title
Sign in to your account
Final URL
cleo-bc3.pages.dev/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ajax.googleapis.com	12905	2005-01-25	2013-08-16	2024-04-19	433 B	31 kB	172.217.21.170
login.live.com	79	1994-12-28	2012-05-21	2024-04-18	408 B	13 kB	20.190.177.21
cleo-bc3.pages.dev	unknown	2020-09-02	2023-12-30	2024-02-02	475 B	476 kB	188.114.97.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-19	medium	cleo-bc3.pages.dev/	Office365

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-20	medium	cleo-bc3.pages.dev	Sinkholed

ThreatFox

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js	87 kB	2023-03-07	2024-05-03
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js IP 172.217.21.170 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-05-03 14:08:34 Times Seen108083 Hash a09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Loading...

	cleo-bc3.pages.dev/	991 B	2023-03-09	2024-05-03
Pretty URL cleo-bc3.pages.dev/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-09 10:24:33 Last Seen2024-05-03 03:38:45 Times Seen197 Hash 47cef218e0327b0239ce5d262d0c419d 918662c7beb586bf6d88d48cd9027ab4be63a861 156242a63112116c1db782ba14677419490629bb2a1f005239fb172fa54c9eb8 Loading...

	cleo-bc3.pages.dev/	9.6 kB	2024-01-01	2024-05-03
Pretty URL cleo-bc3.pages.dev/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-01 06:17:24 Last Seen2024-05-03 03:38:45 Times Seen6 Hash 89efedcf367fe0a12bb7c8bb72f6a47b 4042b85b22e488bcf3e486832343ca38c0cd8037 06003327b819dfcde062ddf763cd20b224c88a52c1e1cd6227f3f77a336e6dab Loading...

HTTP Transactions (3)

URL IP Response Size

ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js

172.217.21.170

200 OK

30 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP
172.217.21.170:443
ASN
#15169 GOOGLE

Requested by
https://cleo-bc3.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2
ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
30 kB (30399 bytes)
Hash
a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

HTTP Headers

GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cleo-bc3.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 11:06:16 GMT
expires: Fri, 18 Apr 2025 11:06:16 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 155619
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

20.190.177.21

200 OK

11 kB

URL GET HTTP/1.1
login.live.com/
IP
20.190.177.21:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://cleo-bc3.pages.dev/
Certificate
IssuerDigiCert Inc
Subjectlogin.live.com
Fingerprint7C:A4:1B:29:3E:A1:BF:5E:7E:96:CD:E4:E3:B6:B5:D3:02:3B:E8:6E
ValidityThu, 08 Feb 2024 00:00:00 GMT - Sat, 08 Feb 2025 23:59:59 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (23772)
Size
11 kB (10678 bytes)
Hash
1424d9062eab3db6ddef783c5b025fe2
24de089cdcf3935de47b878e6f8d0024e269705c
0653fb9db4622d6d317174f3f8889fb6eab091372d36a8552d8031da12acd08b

HTTP Headers

GET / HTTP/1.1
Host: login.live.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cleo-bc3.pages.dev/
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: Sat, 20 Apr 2024 06:18:55 GMT
Vary: Accept-Encoding
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
X-DNS-Prefetch-Control: on
Link: <https://logincdn.msauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msftauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msauth.net/>; rel=dns-prefetch, <https://acctcdn.msftauth.net/>; rel=dns-prefetch, <https://acctcdnmsftuswe2.azureedge.net/>; rel=dns-prefetch, <https://acctcdnvzeuno.azureedge.net/>; rel=dns-prefetch, <https://logincdn.msauth.net/>; rel=dns-prefetch, <https://logincdn.msftauth.net/>; rel=dns-prefetch, <https://lgincdnvzeuno.azureedge.net/>; rel=dns-prefetch, <https://lgincdnmsftuswe2.azureedge.net/>; rel=dns-prefetch
Referrer-Policy: strict-origin-when-cross-origin
x-ms-route-info: C543_BL2
x-ms-request-id: b756ea5a-9bb6-41f2-8f26-0fc2a08a9b32
PPServer: PPV: 30 H: BL02EPF0001D954 V: 0
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1; mode=block
Set-Cookie: uaid=d1376f1399dd46f99c1328c8771b4169; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
MSPRequ=id=N&lt=1713593995&co=1; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
MSCC=91.90.42.154-NO; expires=Thu, 15-May-2025 06:19:55 GMT; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
MSPOK=$uuid-0bfa8d87-3d60-4df5-b21d-b845c0d15966; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
OParams=11O.DpW7iFR9mIvzxeDHCy78!MWM1DnHDCkHXNL9sXQ2TosCFT1dQsNAcWvjI1P9f8CZu1FZ*A8Cw5yd1rS0acdnGy2POnPxTLhOZONV4Zm8Q3e8Fjg!RWZXRIU9agtu7EGJCpBssGk1svgFtaQZ97W73*s$; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
Date: Sat, 20 Apr 2024 06:19:55 GMT
Content-Length: 10678

cleo-bc3.pages.dev/

188.114.97.1

200 OK

476 kB

URL User Request GET HTTP/2
cleo-bc3.pages.dev/
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectcleo-bc3.pages.dev
Fingerprint78:FC:75:44:EC:5E:28:5F:38:D6:6E:3D:9D:43:04:CB:04:7D:5E:94
ValidityTue, 27 Feb 2024 14:08:48 GMT - Mon, 27 May 2024 14:08:47 GMT

File type
HTML document, ASCII text, with very long lines (23074)
Size
476 kB (475617 bytes)
Hash
e9b20ee6bbbb1ca05d13438e9f56ecef
436fc21ac31ee81622d12c571095324a7ebafa4e
265695a833afb69c373d58e51ccc5af4a6e012da7240bc92559c289906a81d95

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Office365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: cleo-bc3.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 20 Apr 2024 06:19:55 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"d22e18025cfb946b2d7c39d6e92b3e19"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fw2Y%2BU3l1S7Z4yaSzDJk5nEZAHtSzdMJ1KqJrdzu3XH5wxz0hN%2Fvojnjys3pRZgLjytQokillp1Q6z3GVyv8Tp4Fu4aApQMRJnC1zduziMW5guyPngHfjqCfAbpnicC%2Fj6%2F4H%2F8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87730684bdeb56a2-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (3)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers