Report - abramson.cc/xazaoppo/kazkooigfde/felioppre/WzRxMk/bWlrZS5jbG91Z2hAYWFsYmVydHMtaXBzLmNvbQ==

Report Overview

Submitted URL
abramson.cc/xazaoppo/kazkooigfde/felioppre/WzRxMk/bWlrZS5jbG91Z2hAYWFsYmVydHMtaXBzLmNvbQ==
IP
192.185.76.91
ASN
#19871 NETWORK-SOLUTIONS-HOSTING
Submitted
2024-04-23 11:27:12
Access
public
Website Title
6347e135.cdaaf2bc902c005246e781ba.workers.dev/?qrc=mike.clough@aalberts-ips.com
Final URL
6347e135.cdaaf2bc902c005246e781ba.workers.dev/?qrc=mike.clough@aalberts-ips.com
Tags
phishing microsoft outlook
urlquery detections
Phishing - Microsoft Outlook

Detections

urlquery
8
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
abramson.cc	unknown	2020-06-04	2020-07-16	2024-04-18	1.1 kB	1.8 kB	192.185.76.91
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20	2024-04-22	3.9 kB	36 kB	104.17.3.184
6347e135.cdaaf2bc902c005246e781ba.workers.dev	unknown	unknown	No data	No data	2.4 kB	707 kB	172.67.195.39
pn6oqa0q6cy.elektromag.co	unknown	unknown	No data	No data	11 kB	859 kB	5.230.74.74
csp.microsoft.com	7951	1991-05-02	2021-03-09	2024-04-22	958 B	3.3 kB	13.107.213.53

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

JavaScript (22)

	URL	Size	First Seen	Last Seen
	pn6oqa0q6cy.elektromag.co/?2owinjimx=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1taWtlLmNsb3VnaCU0MGFhbGJlcnRzLWlwcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2MzYTdlYTMtMDRiMS1hMWM5LTYyNDMtZDczYWYxOTgyMGNmJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NDY4NDE0OTI0MDQ0NC4wNjQxMDU5MS0xM2Q4LTQwNWItOTUyOC1mYWMzYTVkMzcyYWEmc3RhdGU9RGN0QkRvTWdFRUJSYU1fU0pUREFnTEJvUEVvem9sVlNGRk50dkg1WnZMXzduREYyYjI0Tmh4YldlUnN3b2ctb01Sb0VSSlRnVVlPTFdtZzdCb0hnQmhHZENlSk55WkliYldlSWVIdVZxaGVwdnRRNWI2OGxiLWR6elo5SnBsSl84X0pBSUNyRDlEMFBrZmREcHJyLUFR	23 kB	2024-04-23	2024-04-23
Pretty URL pn6oqa0q6cy.elektromag.co/?2owinjimx=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1taWtlLmNsb3VnaCU0MGFhbGJlcnRzLWlwcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2MzYTdlYTMtMDRiMS1hMWM5LTYyNDMtZDczYWYxOTgyMGNmJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NDY4NDE0OTI0MDQ0NC4wNjQxMDU5MS0xM2Q4LTQwNWItOTUyOC1mYWMzYTVkMzcyYWEmc3RhdGU9RGN0QkRvTWdFRUJSYU1fU0pUREFnTEJvUEVvem9sVlNGRk50dkg1WnZMXzduREYyYjI0Tmh4YldlUnN3b2ctb01Sb0VSSlRnVVlPTFdtZzdCb0hnQmhHZENlSk55WkliYldlSWVIdVZxaGVwdnRRNWI2OGxiLWR6elo5SnBsSl84X0pBSUNyRDlEMFBrZmREcHJyLUFR IP 5.230.74.74 ASN #12586 GHOSTnet GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-23 13:27:18 Last Seen2024-04-23 13:27:18 Times Seen1 Hash c9aea9fcbc2fd8dba78788e4e820563c c43a1414b9cbf30c2df33ca864a0a42a2cc6bdf4 856cc8283780cb0df2ebf27ee700259546e924d2b3299a3eaeeb9ea739da3557 Loading...

	pn6oqa0q6cy.elektromag.co/?2owinjimx=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1taWtlLmNsb3VnaCU0MGFhbGJlcnRzLWlwcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2MzYTdlYTMtMDRiMS1hMWM5LTYyNDMtZDczYWYxOTgyMGNmJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NDY4NDE0OTI0MDQ0NC4wNjQxMDU5MS0xM2Q4LTQwNWItOTUyOC1mYWMzYTVkMzcyYWEmc3RhdGU9RGN0QkRvTWdFRUJSYU1fU0pUREFnTEJvUEVvem9sVlNGRk50dkg1WnZMXzduREYyYjI0Tmh4YldlUnN3b2ctb01Sb0VSSlRnVVlPTFdtZzdCb0hnQmhHZENlSk55WkliYldlSWVIdVZxaGVwdnRRNWI2OGxiLWR6elo5SnBsSl84X0pBSUNyRDlEMFBrZmREcHJyLUFR	12 kB	2023-06-23	2024-05-03
Pretty URL pn6oqa0q6cy.elektromag.co/?2owinjimx=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1taWtlLmNsb3VnaCU0MGFhbGJlcnRzLWlwcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2MzYTdlYTMtMDRiMS1hMWM5LTYyNDMtZDczYWYxOTgyMGNmJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NDY4NDE0OTI0MDQ0NC4wNjQxMDU5MS0xM2Q4LTQwNWItOTUyOC1mYWMzYTVkMzcyYWEmc3RhdGU9RGN0QkRvTWdFRUJSYU1fU0pUREFnTEJvUEVvem9sVlNGRk50dkg1WnZMXzduREYyYjI0Tmh4YldlUnN3b2ctb01Sb0VSSlRnVVlPTFdtZzdCb0hnQmhHZENlSk55WkliYldlSWVIdVZxaGVwdnRRNWI2OGxiLWR6elo5SnBsSl84X0pBSUNyRDlEMFBrZmREcHJyLUFR IP 5.230.74.74 ASN #12586 GHOSTnet GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-23 19:19:51 Last Seen2024-05-03 22:15:57 Times Seen40160 Hash c9d2e88805f41751f718319cbe6921b9 d6663e2e9baa6a0fe4061c11641f054814fef7cd 62250daeb8f66262a50ae4aa5b673340eba07c7a5253c849492eb91459ea9a53 Loading...

	data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX0pKTtkb2N1bWVudC5kb2N1bWVudEVsZW1lbnQuc3R5bGUuZmlsdGVyPSJodWUtcm90YXRlKDRkZWcpIjtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImciXX0pKTtzZXRUaW1lb3V0KGMsMWUzKX19YygpOwo=	341 B	2023-10-02	2024-05-03
Pretty URL data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX0pKTtkb2N1bWVudC5kb2N1bWVudEVsZW1lbnQuc3R5bGUuZmlsdGVyPSJodWUtcm90YXRlKDRkZWcpIjtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImciXX0pKTtzZXRUaW1lb3V0KGMsMWUzKX19YygpOwo= IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-02 01:17:43 Last Seen2024-05-03 22:15:57 Times Seen33199 Hash d6f18bfe02b31db3664d5d27f03ea142 aae6f850e8ea4ff74dcd6213ad6a4565cbd6802e 90682803943448f3acffc81014c87fdd71f30d8cf97335fcea451fac1e568221 Loading...

	pn6oqa0q6cy.elektromag.co/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_0lriinjhzchre9aqecvmpg2.js	55 kB	2024-04-05	2024-05-03
Pretty URL pn6oqa0q6cy.elektromag.co/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_0lriinjhzchre9aqecvmpg2.js IP 5.230.74.74 ASN #12586 GHOSTnet GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-05 18:32:28 Last Seen2024-05-03 22:15:57 Times Seen432 Hash 6466655d95c6e6bee8eba63f44b7ad0c b7d6d27426a255f6f44d3bd67484fc0917d40942 3c76413b4bda026963cc941e9da3955850eca39edf2a2b88ece02f7c4f09016a Loading...

	pn6oqa0q6cy.elektromag.co/aadcdn.msftauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_4aBF4cdky--I3Cpch7JoPw2.js	689 kB	2023-09-04	2024-05-03
Pretty URL pn6oqa0q6cy.elektromag.co/aadcdn.msftauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_4aBF4cdky--I3Cpch7JoPw2.js IP 5.230.74.74 ASN #12586 GHOSTnet GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-04 14:18:21 Last Seen2024-05-03 22:15:58 Times Seen66059 Hash 3e89ae909c6a8d8c56396830471f3373 2632f95a5be7e4c589402bf76e800a8151cd036b 6665ca6a09f770c6679556eb86cf4234c8bdb0271049620e03199b34b4a16099 Loading...

	unknown	37 B	2023-04-11	2024-05-03
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:31:25 Last Seen2024-05-03 22:22:49 Times Seen234088 Hash 29d0c84b9d1d8da446a6062c6a840ad9 6d6b3a6065667c7c50d92f3889c85ed65a9ad784 3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1 Loading...

	pn6oqa0q6cy.elektromag.co/?2owinjimx=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1taWtlLmNsb3VnaCU0MGFhbGJlcnRzLWlwcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2MzYTdlYTMtMDRiMS1hMWM5LTYyNDMtZDczYWYxOTgyMGNmJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NDY4NDE0OTI0MDQ0NC4wNjQxMDU5MS0xM2Q4LTQwNWItOTUyOC1mYWMzYTVkMzcyYWEmc3RhdGU9RGN0QkRvTWdFRUJSYU1fU0pUREFnTEJvUEVvem9sVlNGRk50dkg1WnZMXzduREYyYjI0Tmh4YldlUnN3b2ctb01Sb0VSSlRnVVlPTFdtZzdCb0hnQmhHZENlSk55WkliYldlSWVIdVZxaGVwdnRRNWI2OGxiLWR6elo5SnBsSl84X0pBSUNyRDlEMFBrZmREcHJyLUFR	402 B	2023-03-26	2024-05-03
Pretty URL pn6oqa0q6cy.elektromag.co/?2owinjimx=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1taWtlLmNsb3VnaCU0MGFhbGJlcnRzLWlwcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2MzYTdlYTMtMDRiMS1hMWM5LTYyNDMtZDczYWYxOTgyMGNmJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NDY4NDE0OTI0MDQ0NC4wNjQxMDU5MS0xM2Q4LTQwNWItOTUyOC1mYWMzYTVkMzcyYWEmc3RhdGU9RGN0QkRvTWdFRUJSYU1fU0pUREFnTEJvUEVvem9sVlNGRk50dkg1WnZMXzduREYyYjI0Tmh4YldlUnN3b2ctb01Sb0VSSlRnVVlPTFdtZzdCb0hnQmhHZENlSk55WkliYldlSWVIdVZxaGVwdnRRNWI2OGxiLWR6elo5SnBsSl84X0pBSUNyRDlEMFBrZmREcHJyLUFR IP 5.230.74.74 ASN #12586 GHOSTnet GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-26 06:26:29 Last Seen2024-05-03 22:15:57 Times Seen48681 Hash 87efd6715519349131af142156db73f5 c97a4e521b65745b007efc70d310bc3d881592e7 03bde50da68e75d14367644f9f52809af9b55dbba6c171ce2c7b93523cdc5578 Loading...

	pn6oqa0q6cy.elektromag.co/?2owinjimx=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1taWtlLmNsb3VnaCU0MGFhbGJlcnRzLWlwcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2MzYTdlYTMtMDRiMS1hMWM5LTYyNDMtZDczYWYxOTgyMGNmJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NDY4NDE0OTI0MDQ0NC4wNjQxMDU5MS0xM2Q4LTQwNWItOTUyOC1mYWMzYTVkMzcyYWEmc3RhdGU9RGN0QkRvTWdFRUJSYU1fU0pUREFnTEJvUEVvem9sVlNGRk50dkg1WnZMXzduREYyYjI0Tmh4YldlUnN3b2ctb01Sb0VSSlRnVVlPTFdtZzdCb0hnQmhHZENlSk55WkliYldlSWVIdVZxaGVwdnRRNWI2OGxiLWR6elo5SnBsSl84X0pBSUNyRDlEMFBrZmREcHJyLUFR	35 B	2023-03-07	2024-05-03
Pretty URL pn6oqa0q6cy.elektromag.co/?2owinjimx=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1taWtlLmNsb3VnaCU0MGFhbGJlcnRzLWlwcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2MzYTdlYTMtMDRiMS1hMWM5LTYyNDMtZDczYWYxOTgyMGNmJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NDY4NDE0OTI0MDQ0NC4wNjQxMDU5MS0xM2Q4LTQwNWItOTUyOC1mYWMzYTVkMzcyYWEmc3RhdGU9RGN0QkRvTWdFRUJSYU1fU0pUREFnTEJvUEVvem9sVlNGRk50dkg1WnZMXzduREYyYjI0Tmh4YldlUnN3b2ctb01Sb0VSSlRnVVlPTFdtZzdCb0hnQmhHZENlSk55WkliYldlSWVIdVZxaGVwdnRRNWI2OGxiLWR6elo5SnBsSl84X0pBSUNyRDlEMFBrZmREcHJyLUFR IP 5.230.74.74 ASN #12586 GHOSTnet GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:06:22 Last Seen2024-05-03 22:15:57 Times Seen47829 Hash 2badc56bc4d494e70d476b2e4efd31da 384c5f0842cd2f786b0acc4cb159b75ad3620d46 8684cc6fc8b42cd798a7e1416fda8af6cea601dca2ecd3a253acfd9649f58fcb Loading...

	pn6oqa0q6cy.elektromag.co/?2owinjimx=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1taWtlLmNsb3VnaCU0MGFhbGJlcnRzLWlwcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2MzYTdlYTMtMDRiMS1hMWM5LTYyNDMtZDczYWYxOTgyMGNmJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NDY4NDE0OTI0MDQ0NC4wNjQxMDU5MS0xM2Q4LTQwNWItOTUyOC1mYWMzYTVkMzcyYWEmc3RhdGU9RGN0QkRvTWdFRUJSYU1fU0pUREFnTEJvUEVvem9sVlNGRk50dkg1WnZMXzduREYyYjI0Tmh4YldlUnN3b2ctb01Sb0VSSlRnVVlPTFdtZzdCb0hnQmhHZENlSk55WkliYldlSWVIdVZxaGVwdnRRNWI2OGxiLWR6elo5SnBsSl84X0pBSUNyRDlEMFBrZmREcHJyLUFR	340 B	2023-06-09	2024-05-03
Pretty URL pn6oqa0q6cy.elektromag.co/?2owinjimx=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1taWtlLmNsb3VnaCU0MGFhbGJlcnRzLWlwcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2MzYTdlYTMtMDRiMS1hMWM5LTYyNDMtZDczYWYxOTgyMGNmJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NDY4NDE0OTI0MDQ0NC4wNjQxMDU5MS0xM2Q4LTQwNWItOTUyOC1mYWMzYTVkMzcyYWEmc3RhdGU9RGN0QkRvTWdFRUJSYU1fU0pUREFnTEJvUEVvem9sVlNGRk50dkg1WnZMXzduREYyYjI0Tmh4YldlUnN3b2ctb01Sb0VSSlRnVVlPTFdtZzdCb0hnQmhHZENlSk55WkliYldlSWVIdVZxaGVwdnRRNWI2OGxiLWR6elo5SnBsSl84X0pBSUNyRDlEMFBrZmREcHJyLUFR IP 5.230.74.74 ASN #12586 GHOSTnet GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-09 20:22:55 Last Seen2024-05-03 22:15:57 Times Seen39551 Hash 951181c0a64d95a3862c8f5849fd9489 14ab172c8a715502b6c0d8ae6989da9b4118200a b9bc19381c0d0fcf89fa73acff0d3ee08748249d485b8e458d69f0b837e57fc9 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 9e925e9341b490bfd3b4c4ca3b0c1ef2	4 B	2023-03-07	2024-05-03
Pretty Observations First Seen2023-03-07 01:03:43 Last Seen2024-05-03 22:24:18 Times Seen351446 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	#2 Eval - 43c81e43a6e7d9140033055ff3e04983	62 B	2024-04-18	2024-04-29
Pretty Observations First Seen2024-04-18 21:08:51 Last Seen2024-04-29 16:17:50 Times Seen2736 Hash 43c81e43a6e7d9140033055ff3e04983 b0eca03913678cb38c488c7c79cc4f9d2755ea17 3f7ef931c657c4333a401c40e8b0b8d1ff3b164542af45e14242314c0ec39f34 Loading...

	#3 Eval - 7ac085abfa3c87a7954f3d13da590a53	28 B	2024-04-23	2024-04-23
Pretty Observations First Seen2024-04-23 13:27:18 Last Seen2024-04-23 13:27:18 Times Seen1 Hash 7ac085abfa3c87a7954f3d13da590a53 e51533308401c767b505d9ae7c480905459341ae 1a770f9d1b5e141b96a5c70d3180ac7088334e7ac3b6565426ee3dfca4f49343 Loading...

	#4 Eval - 91103887d59cc5959621f063936e3854	28 B	2024-04-23	2024-04-23
Pretty Observations First Seen2024-04-23 13:27:18 Last Seen2024-04-23 13:27:18 Times Seen1 Hash 91103887d59cc5959621f063936e3854 c62f94a4c00a7a1febbd3d95b1b76ae741a4ad79 3d045d64cd31aae306e60080bcdc0df7bd76885953835a685f545420929da4cc Loading...

	#5 Eval - 7b6bb3537026f6c7f0562a29873aabef	28 B	2024-04-23	2024-04-23
Pretty Observations First Seen2024-04-23 13:27:18 Last Seen2024-04-23 13:27:18 Times Seen1 Hash 7b6bb3537026f6c7f0562a29873aabef 6348eab3781eab65acb5dd0f0ac8264db88c4647 96c6a74dc3e8c28961856477362b12a916bd330e2dbbaf1eda4706194cee1b74 Loading...

	#6 Eval - fafc5c3d798534413ff99902fa145bfc	28 B	2024-04-23	2024-04-23
Pretty Observations First Seen2024-04-23 13:27:18 Last Seen2024-04-23 13:27:18 Times Seen1 Hash fafc5c3d798534413ff99902fa145bfc 585c0d5c75b34dd2267cbc2240e9595745964da9 b60f92d7c9d89e0b8ea0503ce7d6009ed61352056ce8ce832a50a52ffd8c75af Loading...

	#7 Eval - 30cf342778234a428accbe34364cf314	28 B	2024-04-23	2024-04-23
Pretty Observations First Seen2024-04-23 13:27:18 Last Seen2024-04-23 13:27:18 Times Seen1 Hash 30cf342778234a428accbe34364cf314 eddc4e836da9752f361438b5619e08bb3bba945c f957f63752dd5f86e2fdcc3e2ad73ecb6a2f4c49edebddfde2266e3d088e21b0 Loading...

	#8 Eval - 2168f592672bc5a3a17765ae550a88e6	28 B	2024-04-23	2024-04-23
Pretty Observations First Seen2024-04-23 13:27:18 Last Seen2024-04-23 13:27:18 Times Seen1 Hash 2168f592672bc5a3a17765ae550a88e6 96262eff68477acc51e00eaddaed94eee8cffe0e b2fd1bc95b058d7a5b032317f058309a570dd78241c2b7161fde32ac235d9182 Loading...

	#9 Eval - 457e56dca8e218109388b0c4455293ff	28 B	2024-04-23	2024-04-23
Pretty Observations First Seen2024-04-23 13:27:18 Last Seen2024-04-23 13:27:18 Times Seen1 Hash 457e56dca8e218109388b0c4455293ff bbb26665de9377a9d2b684281d3ce668d6bc61b3 05750495ddec97125f262f47da9afdb4d34cb44feac63c51f42bc431d12b8f90 Loading...

	#10 Eval - 1092fa4c04badb21aafea0b9226d0bc5	28 B	2024-04-23	2024-04-23
Pretty Observations First Seen2024-04-23 13:27:18 Last Seen2024-04-23 13:27:19 Times Seen1 Hash 1092fa4c04badb21aafea0b9226d0bc5 fea5b85a0d7297372930d6a34d7ad9478b4beba9 de38c0327b647c909a870cc99ae2c7a8ae206cdfbfb1fd03a1fa23ddafc4fd46 Loading...

	#11 Eval - 0bb9a4be0ef2624a9b756201f9fc652b	28 B	2024-04-23	2024-04-23
Pretty Observations First Seen2024-04-23 13:27:19 Last Seen2024-04-23 13:27:19 Times Seen1 Hash 0bb9a4be0ef2624a9b756201f9fc652b c8e1656be5bddad60c616401d339348e756a1590 e2262737f12344b9c2864305a1c3462d548922963c504d6aa620758ee7c2951f Loading...

	#12 Eval - c152a5ab4fd7b67b4979efb65de4f8b4	28 B	2024-04-23	2024-04-23
Pretty Observations First Seen2024-04-23 13:27:19 Last Seen2024-04-23 13:27:19 Times Seen1 Hash c152a5ab4fd7b67b4979efb65de4f8b4 54b4eb465be59187424b30fe9c9e90448cfb4a0c ab28db505255dc8c326d99089d515cf34026f26d21e531c397547cdc89558d94 Loading...

	#13 Eval - b32e2f3d2e1d5eecb586d0200406c937	28 B	2024-04-23	2024-04-23
Pretty Observations First Seen2024-04-23 13:27:19 Last Seen2024-04-23 13:27:19 Times Seen1 Hash b32e2f3d2e1d5eecb586d0200406c937 927ae8dd58cbeb51bd0d886b37d52349011cd1c4 cb85bf53a2d742b106b774cfa2b0de92cc3d5baaa4df25e7ef9aff284758d952 Loading...

HTTP Transactions (21)

URL IP Response Size

abramson.cc/xazaoppo/kazkooigfde/felioppre/WzRxMk/bWlrZS5jbG91Z2hAYWFsYmVydHMtaXBzLmNvbQ==

192.185.76.91

958 B

URL
abramson.cc/xazaoppo/kazkooigfde/felioppre/WzRxMk/bWlrZS5jbG91Z2hAYWFsYmVydHMtaXBzLmNvbQ==
IP
192.185.76.91:0
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

File type
HTML document, Unicode text, UTF-8 text, with very long lines (628)
Size
958 B (958 bytes)
Hash
46465e3146faf08742028e5cdc53a26b
5dd79ab32fb2ce5350bd04567ba78e34fe6121e4
d79f4f2006bc60d329b3e240dad3ed4207bf7f84d9327c0a410b9e9419682669

HTTP Headers

GET /xazaoppo/kazkooigfde/felioppre/WzRxMk/bWlrZS5jbG91Z2hAYWFsYmVydHMtaXBzLmNvbQ== HTTP/1.1
Host: abramson.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=9bdebfd5f690a13d7964c9ad3ef93ad0; path=/
vary: Accept-Encoding
content-encoding: gzip
content-length: 958
content-type: text/html;charset=UTF-8
date: Tue, 23 Apr 2024 11:26:46 GMT
server: Apache
X-Firefox-Spdy: h2

abramson.cc/xazaoppo/kazkooigfde/felioppre/WzRxMk/site.js

192.185.76.91

148 B

URL
abramson.cc/xazaoppo/kazkooigfde/felioppre/WzRxMk/site.js
IP
192.185.76.91:0
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

File type
HTML document, ASCII text
Size
148 B (148 bytes)
Hash
25993b38cc38f4c9f17b0fb7ec7c2800
125c67a8e04e1773ba004b98f8fc429c4f1dd683
fb45ce024f55b2bb1de5540be1bb24d3aa07587bf22ed9d30a75ab42459bd18f

HTTP Headers

GET /xazaoppo/kazkooigfde/felioppre/WzRxMk/site.js HTTP/1.1
Host: abramson.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://abramson.cc/xazaoppo/kazkooigfde/felioppre/WzRxMk/bWlrZS5jbG91Z2hAYWFsYmVydHMtaXBzLmNvbQ==
Cookie: PHPSESSID=9bdebfd5f690a13d7964c9ad3ef93ad0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
content-encoding: gzip
content-length: 148
content-type: text/html;charset=UTF-8
date: Tue, 23 Apr 2024 11:26:46 GMT
server: Apache
X-Firefox-Spdy: h2

challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback

104.17.3.184

0 B

URL
challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6347e135.cdaaf2bc902c005246e781ba.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Tue, 23 Apr 2024 11:26:47 GMT
content-length: 0
location: /turnstile/v0/b/471dc2adc340/api.js?onload=onloadTurnstileCallback
cache-control: max-age=300, public
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
vary: Accept-Encoding
server: cloudflare
cf-ray: 878d8029fd6c569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D

104.17.3.184

61 B

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Size
61 B (61 bytes)
Hash
9246cca8fc3c00f50035f28e9f6b7f7d
3aa538440f70873b574f40cd793060f53ec17a5d
c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/mo9v5/0x4AAAAAAAX9wxD2JhUuUgpL/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 23 Apr 2024 11:26:47 GMT
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 878d802bb8cab4f3-OSL
alt-svc: h3=":443"; ma=86400

6347e135.cdaaf2bc902c005246e781ba.workers.dev/?qrc=mike.clough@aalberts-ips.com

172.67.195.39

200 OK

11 kB

URL User Request POST HTTP/3
6347e135.cdaaf2bc902c005246e781ba.workers.dev/?qrc=mike.clough@aalberts-ips.com
IP
172.67.195.39:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectcdaaf2bc902c005246e781ba.workers.dev
Fingerprint89:3D:9A:54:18:03:81:14:07:3F:E5:F7:E0:AB:2D:D0:9F:68:0D:43
ValidityTue, 16 Apr 2024 12:51:36 GMT - Mon, 15 Jul 2024 12:51:35 GMT

File type
HTML document, ASCII text, with very long lines (3255), with no line terminators
Size
11 kB (10831 bytes)
Hash
9296ef3dc60787928b32df99d54e6d06
8188e874037d110cdd7348a12c8ee0bc496d2ca3
78f10176cd7e78ca269ad05d83467887eee5ee68e17e2d69a1650c2b4ac1187c

HTTP Headers

GET /?qrc=mike.clough@aalberts-ips.com HTTP/1.1
Host: 6347e135.cdaaf2bc902c005246e781ba.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://abramson.cc/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 23 Apr 2024 11:26:47 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qL5WXFLhIJtMeg%2FoAELfP%2BZg7L87W%2FL34kBdYxz%2BCJs28l22B9EuKGGl%2BZNlsTc%2Fq5TRfVLxCSTPTmnMzFIwgp13EgLooWHLn30PE0UWUr5tPmEwGHCR%2Bywhu5lHaBFq3wS%2B3Rm3%2FtvUGm5udVoJrk%2BqJBrIsEnGcsv5oCSnLwE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 878d8028f89b0b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/878d802acfe0b4f3/1713871607954/f0ad3e93abcaa5864af8613b3ad2a3380f5479e3659b8b9765a9d63453c944e6/V9os3_2G81cKn0z

104.17.3.184

1 B

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/878d802acfe0b4f3/1713871607954/f0ad3e93abcaa5864af8613b3ad2a3380f5479e3659b8b9765a9d63453c944e6/V9os3_2G81cKn0z
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
ff44570aca8241914870afbc310cdb85
58668e7669fd564d99db5d581fcdb6a5618440b5
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/pat/878d802acfe0b4f3/1713871607954/f0ad3e93abcaa5864af8613b3ad2a3380f5479e3659b8b9765a9d63453c944e6/V9os3_2G81cKn0z HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/mo9v5/0x4AAAAAAAX9wxD2JhUuUgpL/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 401 Unauthorized
date: Tue, 23 Apr 2024 11:26:48 GMT
content-type: text/plain; charset=UTF-8
content-length: 1
www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20g8K0-k6vKpYZK-GE7OtKjOA9UeeNlm4uXZanWNFPJROYAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEArny_u1wyrVg8e-Kmwxyfb2WoiwwZ2VR7QAnot_CrcySq56Rui-jZM9090K9_dW6HmpAKhOjYXLCJ7g4U74G4z6SRM_YRj-GLp3EaBxay798DZIeAtv_N7Z9CHI_0VTYiqNXVm2z1bF5VtFasnv3JDaWb4yIjBd8vMfNUM4Y4nXXIeMIyXdVK2hlzVO8VxBkXca7UzhCq51WDKlSYPWUy9ieZTdwNf5Q49DwdF9woTnuKPY26TxVlEHMcf8JJiXLUR2bbdG-Qv1fqbwQloSjintj5uXWLsZd84bMpNedRNJBV22T0PgKNeip6oalvdYbaiHiyDATsKlA6-8KJ-CUQTQIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tIPCtPpOryqWGSvhhOzrSozgPVHnjZZuLl2Wp1jRTyUTmABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEA1FEYykHcK8H9rb_u0aFz3CmWgYloQw4YhedoEOAjJ0vy2Axa4f9UG9Dzs4uXS34_h8l6MDo2nRCvLI9lvebilMnTjCn-6D77bewqYxJKUFZW1z2jBIdu03TrETczfEg7kxgKtJE9NXGDjYJcF_iMgzgNA0PEAVM89tUYXXlFy4cUAGlqU2mPpIEOxm5ARsXC-zlLK60fkJ4cOsZRkZa6EExdhmgdwQ0fEJuSOHrBO_-zJn4hUP8q9g4yqkxW2UrfJgD07F4HaHGBEiei06sGDvH2NEPvswEl5dTGxutNrxlU7W24iYhNa2nhjlc53nNb0mKtszv-czVE9UhXyJ7-RQIDAQAB", max-age=20
server: cloudflare
cf-ray: 878d80307cf8b4f3-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/878d802acfe0b4f3/1713871607956/gBvtd2LT8rQppYQ

104.17.3.184

61 B

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/878d802acfe0b4f3/1713871607956/gBvtd2LT8rQppYQ
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 66 x 21, 8-bit/color RGB, non-interlaced
Size
61 B (61 bytes)
Hash
085365f218e8e7e7875a581e3783d63c
74ac218c8ec54602e6533a29a432000b5ae507e5
de8f7cdaa796d180e1f6a67b60fac69bafffe9516a898e43a15d3823f33d22e5

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/i/878d802acfe0b4f3/1713871607956/gBvtd2LT8rQppYQ HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/mo9v5/0x4AAAAAAAX9wxD2JhUuUgpL/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 23 Apr 2024 11:26:48 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 878d8031bde4b4f3-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1257056331:1713870761:ZbM99xqZoS6tQs3upBUJCQ9VZA3re7HhBeMTACOIiQo/878d802acfe0b4f3/5510d1f59f4e7b4

104.17.3.184

3.9 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1257056331:1713870761:ZbM99xqZoS6tQs3upBUJCQ9VZA3re7HhBeMTACOIiQo/878d802acfe0b4f3/5510d1f59f4e7b4
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (3504), with no line terminators
Size
3.9 kB (3858 bytes)
Hash
2369acc67b16519909c21a4438df6a25
113d2c3aa6f73e5a8587093005550b012decde51
2bc746ad793799a2111b7970d60e8c4e6540096548c977bc1c23329945a2dd6f

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1257056331:1713870761:ZbM99xqZoS6tQs3upBUJCQ9VZA3re7HhBeMTACOIiQo/878d802acfe0b4f3/5510d1f59f4e7b4 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/mo9v5/0x4AAAAAAAX9wxD2JhUuUgpL/auto/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 5510d1f59f4e7b4
Content-Length: 35334
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 23 Apr 2024 11:26:54 GMT
content-type: text/html; charset=UTF-8
cf-chl-out: W18N2iui+HpFfAp/ZqpI+Gf3XcQ+uFKtIznJgkx+Ofq7Jt3DWRr9rWktE5J7ddz44hyDDeQhPqGiwpAvepa9F36eavfwOiCaVtGPFhEwY14CpoDyEc3FQiQ4NsvG9Rul$9NQkiAj2YJj2U1cB+Bw5ww==
cf-chl-out-s: YELI8GGg3cB+NsMBWKWRfZi/w/O1MkANHJrVjShSduN3WAgp26GQeTnzrH+5XanDysxXNWrET9KskQcdsgh6d6z0+EJWDctOpbrYg4EEzCMMfuKBaapUH2ybDNHP1WVZNyq6gACuF7I9jElt8uLIUiC7rUf+InbXPWvyLD+Cno9Al8LtZXqB+o+FPc4AJUBSOF2c/MPdF2+V+mCW64ONQM41etHTf7efkQLhU4ApUb8WpjZplmHPFtwDJbc+zUan3WbiA2xzw89L3yqPF6m0z3JiJAAb2ISF9ZyA7mAZzTQQjxK5jkmkixgf0Wol+mySKD513MGiRTJTlhAOfS/6jDHrMfEAs9kz/cgse1iNEy1IXfJQno1ba0TwEPF22SnImQhFldlDB9AJQodfP9m1NfnerkLRxP5xxzuy3XDPgnNH1wKszb0L7wSGwMF1gUIfkwO2fc0lNDycUUOsTyiyLKFnt5Vfv3jihLxcRcGog9LvZlkCdUWh/qoHZecIljC4CP7hErTZFn4Y2URBTAQxBLu5F2hjN8/neMKxmDFmjQnospALT3sTPlHHwWO8NqW45ePhl85mNKTy4wgATWEi3qpGoC9XIAKbUcBmbq4X5EqI/yFANBpy1fVfvad80T3r$P/8wanaT+Tjw1wOdvo80Mg==
vary: accept-encoding
server: cloudflare
cf-ray: 878d8054ee22b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

6347e135.cdaaf2bc902c005246e781ba.workers.dev/?qrc=mike.clough@aalberts-ips.com

172.67.195.39

200 OK

625 B

URL User Request POST HTTP/3
6347e135.cdaaf2bc902c005246e781ba.workers.dev/?qrc=mike.clough@aalberts-ips.com
IP
172.67.195.39:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectcdaaf2bc902c005246e781ba.workers.dev
Fingerprint89:3D:9A:54:18:03:81:14:07:3F:E5:F7:E0:AB:2D:D0:9F:68:0D:43
ValidityTue, 16 Apr 2024 12:51:36 GMT - Mon, 15 Jul 2024 12:51:35 GMT

File type
HTML document, ASCII text, with very long lines (1206), with no line terminators
Size
625 B (625 bytes)
Hash
6edf1c9b0787193cf84a5a77e51ef4be
260be0b888d53fae198e917cc032947d9e322eb6
590de34e4df662b363ba761431e3993760dccccb63f6e3b5474bb3faf717a55a

HTTP Headers

POST /?qrc=mike.clough@aalberts-ips.com HTTP/1.1
Host: 6347e135.cdaaf2bc902c005246e781ba.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 582
Origin: https://6347e135.cdaaf2bc902c005246e781ba.workers.dev
DNT: 1
Connection: keep-alive
Referer: https://6347e135.cdaaf2bc902c005246e781ba.workers.dev/?qrc=mike.clough@aalberts-ips.com
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 23 Apr 2024 11:26:54 GMT
content-type: text/html;
status: 200
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oyh2OFKmlrKs5jKXSc9uBn8Nt%2FbbjgJ326watI41zLo%2F5VeH6rrrLdOYb6Ja9omUBMG21LRiG7U%2B4nUQSQYC9fM3iR2lI8el3sKDzex5eDsTS7sztcB6WKSY8wd8y9Mx%2FoOzxjWWl0%2FA86qbO78aIfSpFwOhGQCNNOYo9KgbsOs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 878d80555d41b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

pn6oqa0q6cy.elektromag.co/?qrc=mike.clough%40aalberts-ips.com

5.230.74.74

302 Moved Temporarily

0 B

URL GET HTTP/1.1
pn6oqa0q6cy.elektromag.co/?qrc=mike.clough%40aalberts-ips.com
IP
5.230.74.74:443
ASN
#12586 GHOSTnet GmbH

Requested by
https://6347e135.cdaaf2bc902c005246e781ba.workers.dev/?qrc=mike.clough@aalberts-ips.com
Certificate
IssuerLet's Encrypt
Subjectelektromag.co
Fingerprint20:8B:94:A6:09:FA:5D:E4:61:97:FE:FF:6D:12:C2:38:04:1C:7A:AB
ValiditySat, 20 Apr 2024 11:18:39 GMT - Fri, 19 Jul 2024 11:18:38 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /?qrc=mike.clough%40aalberts-ips.com HTTP/1.1
Host: pn6oqa0q6cy.elektromag.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://6347e135.cdaaf2bc902c005246e781ba.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=5ea7aVEzq5L4; qPdM.sig=0lHvGPbuR1GWbgBt1rT444xK_PQ
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache
Pragma: no-cache
Location: https://pn6oqa0q6cy.elektromag.co/owa/?login_hint=mike.clough%40aalberts-ips.com
Server: Microsoft-IIS/10.0
request-id: e779ca68-707e-9a6e-4496-e10bde7ffcac
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-FEServer: FR0P281CA0102, FR0P281CA0102
X-RequestId: e0a9e825-7d72-48de-b522-088d6ad4d197
X-FEProxyInfo: FR0P281CA0102.DEUP281.PROD.OUTLOOK.COM
X-FEEFZInfo: HHN
MS-CV: aMp5535wbppEluEL3n/8rA.0
X-Powered-By: ASP.NET
Date: Tue, 23 Apr 2024 11:26:54 GMT
Connection: close
Content-Length: 0
Content-Security-Policy: default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

pn6oqa0q6cy.elektromag.co/owa/?login_hint=mike.clough%40aalberts-ips.com

5.230.74.74

302 Found

1.4 kB

URL GET HTTP/1.1
pn6oqa0q6cy.elektromag.co/owa/?login_hint=mike.clough%40aalberts-ips.com
IP
5.230.74.74:443
ASN
#12586 GHOSTnet GmbH

Requested by
https://6347e135.cdaaf2bc902c005246e781ba.workers.dev/?qrc=mike.clough@aalberts-ips.com
Certificate
IssuerLet's Encrypt
Subjectelektromag.co
Fingerprint20:8B:94:A6:09:FA:5D:E4:61:97:FE:FF:6D:12:C2:38:04:1C:7A:AB
ValiditySat, 20 Apr 2024 11:18:39 GMT - Fri, 19 Jul 2024 11:18:38 GMT

File type
HTML document, ASCII text, with very long lines (820), with CRLF, LF line terminators
Size
1.4 kB (1400 bytes)
Hash
b5a3ab158132f2a1aa103ff96a169eb7
84ebcd491f27126b9f677e43b5f93844de5b76d2
657159965633bc663da55c6431d044453f3dc8267e5d4af7ea8a96d005180fd3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /owa/?login_hint=mike.clough%40aalberts-ips.com HTTP/1.1
Host: pn6oqa0q6cy.elektromag.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://6347e135.cdaaf2bc902c005246e781ba.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=5ea7aVEzq5L4; qPdM.sig=0lHvGPbuR1GWbgBt1rT444xK_PQ
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
content-length: 1400
Content-Type: text/html; charset=utf-8
Location: https://pn6oqa0q6cy.elektromag.co/?2owinjimx=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1taWtlLmNsb3VnaCU0MGFhbGJlcnRzLWlwcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2MzYTdlYTMtMDRiMS1hMWM5LTYyNDMtZDczYWYxOTgyMGNmJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NDY4NDE0OTI0MDQ0NC4wNjQxMDU5MS0xM2Q4LTQwNWItOTUyOC1mYWMzYTVkMzcyYWEmc3RhdGU9RGN0QkRvTWdFRUJSYU1fU0pUREFnTEJvUEVvem9sVlNGRk50dkg1WnZMXzduREYyYjI0Tmh4YldlUnN3b2ctb01Sb0VSSlRnVVlPTFdtZzdCb0hnQmhHZENlSk55WkliYldlSWVIdVZxaGVwdnRRNWI2OGxiLWR6elo5SnBsSl84X0pBSUNyRDlEMFBrZmREcHJyLUFR
Server: Microsoft-IIS/10.0
request-id: 3c3a7ea3-04b1-a1c9-6243-d73af19820cf
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Alt-Svc: h3=":443";ma=2592000,h3-29=":443";ma=2592000
X-CalculatedFETarget: FR4P281CU015.internal.outlook.com
X-BackEndHttpStatus: 302, 302
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: ClientId=07EC3E2BD102461A93746FFC11547754; expires=Wed, 23-Apr-2025 11:26:54 GMT; path=/;SameSite=None; secure
ClientId=07EC3E2BD102461A93746FFC11547754; expires=Wed, 23-Apr-2025 11:26:54 GMT; path=/;SameSite=None; secure
OIDC=1; expires=Wed, 23-Oct-2024 11:26:54 GMT; path=/;SameSite=None; secure; HttpOnly
RoutingKeyCookie=; expires=Sat, 23-Apr-1994 11:26:54 GMT; path=/; secure
OpenIdConnect.token.v1=; expires=Sat, 23-Apr-1994 11:26:54 GMT; path=/; secure
OpenIdConnect.token.v1=; domain=pn6oqa0q6cy.elektromag.co; expires=Sat, 23-Apr-1994 11:26:54 GMT; path=/; secure
OpenIdConnect.id_token.v1=; expires=Sat, 23-Apr-1994 11:26:54 GMT; path=/; secure
OpenIdConnect.code.v1=; expires=Sat, 23-Apr-1994 11:26:54 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; expires=Sat, 23-Apr-1994 11:26:54 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; expires=Sat, 23-Apr-1994 11:26:54 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; expires=Sat, 23-Apr-1994 11:26:54 GMT; path=/; secure
OpenIdConnect.id_token.v1=; domain=pn6oqa0q6cy.elektromag.co; expires=Sat, 23-Apr-1994 11:26:54 GMT; path=/; secure
OpenIdConnect.code.v1=; domain=pn6oqa0q6cy.elektromag.co; expires=Sat, 23-Apr-1994 11:26:54 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; domain=pn6oqa0q6cy.elektromag.co; expires=Sat, 23-Apr-1994 11:26:54 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; domain=pn6oqa0q6cy.elektromag.co; expires=Sat, 23-Apr-1994 11:26:54 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; domain=pn6oqa0q6cy.elektromag.co; expires=Sat, 23-Apr-1994 11:26:54 GMT; path=/; secure
OpenIdConnect.nonce.v3.eVCmzbtm1ihOhsL5ufJmPo82X9dkBAUAqHgV_c2hasQ=638494684149240444.06410591-13d8-405b-9528-fac3a5d372aa; expires=Tue, 23-Apr-2024 12:26:54 GMT; path=/;SameSite=None; secure; HttpOnly
HostSwitchPrg=; expires=Sat, 23-Apr-1994 11:26:54 GMT; path=/; secure
OptInPrg=; expires=Sat, 23-Apr-1994 11:26:54 GMT; path=/; secure
SuiteServiceProxyKey=; expires=Sat, 23-Apr-1994 11:26:54 GMT; path=/; secure
ClientId=07EC3E2BD102461A93746FFC11547754; expires=Wed, 23-Apr-2025 11:26:54 GMT; path=/;SameSite=None; secure
OIDC=1; expires=Wed, 23-Oct-2024 11:26:54 GMT; path=/;SameSite=None; secure; HttpOnly
RoutingKeyCookie=; expires=Sat, 23-Apr-1994 11:26:54 GMT; path=/; secure
OpenIdConnect.token.v1=; expires=Sat, 23-Apr-1994 11:26:54 GMT; path=/; secure
OpenIdConnect.token.v1=; domain=pn6oqa0q6cy.elektromag.co; expires=Sat, 23-Apr-1994 11:26:54 GMT; path=/; secure
OpenIdConnect.id_token.v1=; expires=Sat, 23-Apr-1994 11:26:54 GMT; path=/; secure
OpenIdConnect.code.v1=; expires=Sat, 23-Apr-1994 11:26:54 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; expires=Sat, 23-Apr-1994 11:26:54 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; expires=Sat, 23-Apr-1994 11:26:54 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; expires=Sat, 23-Apr-1994 11:26:54 GMT; path=/; secure
OpenIdConnect.id_token.v1=; domain=pn6oqa0q6cy.elektromag.co; expires=Sat, 23-Apr-1994 11:26:54 GMT; path=/; secure
OpenIdConnect.code.v1=; domain=pn6oqa0q6cy.elektromag.co; expires=Sat, 23-Apr-1994 11:26:54 GMT; path=/; secure
OpenIdConnect.idp_nonce.v1=; domain=pn6oqa0q6cy.elektromag.co; expires=Sat, 23-Apr-1994 11:26:54 GMT; path=/; secure
OpenIdConnect.idp_correlation_id=; domain=pn6oqa0q6cy.elektromag.co; expires=Sat, 23-Apr-1994 11:26:54 GMT; path=/; secure
OpenIdConnect.tokenPostPath=; domain=pn6oqa0q6cy.elektromag.co; expires=Sat, 23-Apr-1994 11:26:54 GMT; path=/; secure
OpenIdConnect.nonce.v3.eVCmzbtm1ihOhsL5ufJmPo82X9dkBAUAqHgV_c2hasQ=638494684149240444.06410591-13d8-405b-9528-fac3a5d372aa; expires=Tue, 23-Apr-2024 12:26:54 GMT; path=/;SameSite=None; secure; HttpOnly
HostSwitchPrg=; expires=Sat, 23-Apr-1994 11:26:54 GMT; path=/; secure
OptInPrg=; expires=Sat, 23-Apr-1994 11:26:54 GMT; path=/; secure
SuiteServiceProxyKey=; expires=Sat, 23-Apr-1994 11:26:54 GMT; path=/; secure
X-OWA-RedirectHistory=ArLym14BfNKwR4hj3Ag; expires=Tue, 23-Apr-2024 17:28:54 GMT; path=/;SameSite=None; secure; HttpOnly
X-CalculatedBETarget: FRYP281MB2560.DEUP281.PROD.OUTLOOK.COM
X-RUM-Validated: 1
X-RUM-NotUpdateQueriedPath: 1
X-RUM-NotUpdateQueriedDbCopy: 1
X-BeSku: WCS7
X-OWA-DiagnosticsInfo: 3;0;0
X-IIDs: 0
X-BackEnd-Begin: 2024-04-23T11:26:54.924
X-BackEnd-End: 2024-04-23T11:26:54.924
X-DiagInfo: FRYP281MB2560
X-BEServer: FRYP281MB2560
X-UA-Compatible: IE=EmulateIE7
X-Proxy-RoutingCorrectness: 1
X-Proxy-BackendServerStatus: 302
X-FEProxyInfo: FR0P281CA0095.DEUP281.PROD.OUTLOOK.COM
X-FEEFZInfo: HHN
X-FEServer: FR4P281CA0216, FR0P281CA0095
NEL: {"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
X-FirstHopCafeEFZ: HHN
Date: Tue, 23 Apr 2024 11:26:54 GMT
Connection: close
Content-Security-Policy: default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

pn6oqa0q6cy.elektromag.co/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css

5.230.74.74

200 OK

20 kB

URL GET HTTP/1.1
pn6oqa0q6cy.elektromag.co/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css
IP
5.230.74.74:443
ASN
#12586 GHOSTnet GmbH

Requested by
https://pn6oqa0q6cy.elektromag.co/?2owinjimx=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1taWtlLmNsb3VnaCU0MGFhbGJlcnRzLWlwcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2MzYTdlYTMtMDRiMS1hMWM5LTYyNDMtZDczYWYxOTgyMGNmJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NDY4NDE0OTI0MDQ0NC4wNjQxMDU5MS0xM2Q4LTQwNWItOTUyOC1mYWMzYTVkMzcyYWEmc3RhdGU9RGN0QkRvTWdFRUJSYU1fU0pUREFnTEJvUEVvem9sVlNGRk50dkg1WnZMXzduREYyYjI0Tmh4YldlUnN3b2ctb01Sb0VSSlRnVVlPTFdtZzdCb0hnQmhHZENlSk55WkliYldlSWVIdVZxaGVwdnRRNWI2OGxiLWR6elo5SnBsSl84X0pBSUNyRDlEMFBrZmREcHJyLUFR
Certificate
IssuerLet's Encrypt
Subjectelektromag.co
Fingerprint20:8B:94:A6:09:FA:5D:E4:61:97:FE:FF:6D:12:C2:38:04:1C:7A:AB
ValiditySat, 20 Apr 2024 11:18:39 GMT - Fri, 19 Jul 2024 11:18:38 GMT

File type
ASCII text, with very long lines (61177)
Size
20 kB (20314 bytes)
Hash
d62b4edeb512b07abef4688e27ecdde3
981a7825da5e29938ab6fe0cbfe2db622f7b8333
4b01a0a34ce8ed4bc8a8713be0442d49da6a756236b7b4424622ca3dee820f41

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css HTTP/1.1
Host: pn6oqa0q6cy.elektromag.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pn6oqa0q6cy.elektromag.co/?2owinjimx=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1taWtlLmNsb3VnaCU0MGFhbGJlcnRzLWlwcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2MzYTdlYTMtMDRiMS1hMWM5LTYyNDMtZDczYWYxOTgyMGNmJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NDY4NDE0OTI0MDQ0NC4wNjQxMDU5MS0xM2Q4LTQwNWItOTUyOC1mYWMzYTVkMzcyYWEmc3RhdGU9RGN0QkRvTWdFRUJSYU1fU0pUREFnTEJvUEVvem9sVlNGRk50dkg1WnZMXzduREYyYjI0Tmh4YldlUnN3b2ctb01Sb0VSSlRnVVlPTFdtZzdCb0hnQmhHZENlSk55WkliYldlSWVIdVZxaGVwdnRRNWI2OGxiLWR6elo5SnBsSl84X0pBSUNyRDlEMFBrZmREcHJyLUFR
DNT: 1
Connection: keep-alive
Cookie: qPdM=5ea7aVEzq5L4; qPdM.sig=0lHvGPbuR1GWbgBt1rT444xK_PQ; ClientId=07EC3E2BD102461A93746FFC11547754; OIDC=1; OpenIdConnect.nonce.v3.eVCmzbtm1ihOhsL5ufJmPo82X9dkBAUAqHgV_c2hasQ=638494684149240444.06410591-13d8-405b-9528-fac3a5d372aa; X-OWA-RedirectHistory=ArLym14BfNKwR4hj3Ag; buid=0.AV0AMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8qWikaByF4PBGLPbbTQihA4o3TE-dtyXlV0adGjpEhaudCOiMTEK1TEGet6VriSZxni9KSOWG88iVEr26yz9twxrONwa1OpxyGFoTTg5sKOwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8S83QhK2LSALfZj83SaBReKcUXJgBv7y7ZSQ7nTN9X3Z_DDtOxd7vZFSvzymFGHpKe_IduwAgHovjZIEOBnfqsu15IOG1l1RQKJGAqDxGDKxBYvL15GiL0FAOHm8AnPjWx9nrf_cgH9Zbag75MLekWbXWdfVSnN-JCxleQd8MeQogAA; esctx-wvILbsZgwjk=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8E15PFRiIPYUWWbdxHSrsHSx1XZxGz4w2oI6i51qXfCBF16AavpwBDXt0eyLRLd1EwuIwwoxnb1LBxBWOqmvAjcQQxquLKwBuY4xcNR-UmVF686Oe7tvTnvioXTIbwO0_gFMunbGbc2RF6mUFWuY1DiAA; fpc=AhIjpMM9CT1HlZxLkjrw5XaerOTJAQAAAP6Rud0OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Encoding: gzip
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Age: 2619945
Cache-Control: public, max-age=31536000
Content-MD5: kqhA3D0Xczna4D/t8ioitQ==
Content-Type: text/css
Date: Tue, 23 Apr 2024 11:26:55 GMT
Etag: 0x8DC070858CA028D
Last-Modified: Wed, 27 Dec 2023 18:19:21 GMT
Server: ECAcc (frc/4CBB)
Vary: Accept-Encoding
X-Cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: e56748d7-801e-0017-2a9d-7d3b0a000000
x-ms-version: 2009-09-19
Content-Length: 20314
Connection: close

6347e135.cdaaf2bc902c005246e781ba.workers.dev/favicon.ico

172.67.195.39

200 OK

690 kB

URL GET HTTP/3
6347e135.cdaaf2bc902c005246e781ba.workers.dev/favicon.ico
IP
172.67.195.39:443
ASN
#13335 CLOUDFLARENET

Requested by
https://6347e135.cdaaf2bc902c005246e781ba.workers.dev/?qrc=mike.clough@aalberts-ips.com
Certificate
IssuerGoogle Trust Services LLC
Subjectcdaaf2bc902c005246e781ba.workers.dev
Fingerprint89:3D:9A:54:18:03:81:14:07:3F:E5:F7:E0:AB:2D:D0:9F:68:0D:43
ValidityTue, 16 Apr 2024 12:51:36 GMT - Mon, 15 Jul 2024 12:51:35 GMT

File type
HTML document, ASCII text, with very long lines (3255), with no line terminators
Size
690 kB (690366 bytes)
Hash
9296ef3dc60787928b32df99d54e6d06
8188e874037d110cdd7348a12c8ee0bc496d2ca3
78f10176cd7e78ca269ad05d83467887eee5ee68e17e2d69a1650c2b4ac1187c

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 6347e135.cdaaf2bc902c005246e781ba.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6347e135.cdaaf2bc902c005246e781ba.workers.dev/?qrc=mike.clough@aalberts-ips.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 23 Apr 2024 11:26:54 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pEhKRZKfYqD3%2F7VtEwwVBbiugapPKVMMO1WH4Xq74RL%2BSKsEWPeh3BM0vUTosLlZ1yRO%2FcIFE1uZhIPgUA8qHQnGq1jVg5N74QDO02ihjojE%2BaINAYbDroDTJqhX5Hje%2FXNk4acGhs9ST6%2FSULMaGMQdGDB19vuSC3rtFPPIX60%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 878d80570e60b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

6347e135.cdaaf2bc902c005246e781ba.workers.dev/favicon.ico

172.67.195.39

200 OK

2.7 kB

URL GET HTTP/3
6347e135.cdaaf2bc902c005246e781ba.workers.dev/favicon.ico
IP
172.67.195.39:443
ASN
#13335 CLOUDFLARENET

Requested by
https://6347e135.cdaaf2bc902c005246e781ba.workers.dev/?qrc=mike.clough@aalberts-ips.com
Certificate
IssuerGoogle Trust Services LLC
Subjectcdaaf2bc902c005246e781ba.workers.dev
Fingerprint89:3D:9A:54:18:03:81:14:07:3F:E5:F7:E0:AB:2D:D0:9F:68:0D:43
ValidityTue, 16 Apr 2024 12:51:36 GMT - Mon, 15 Jul 2024 12:51:35 GMT

File type
HTML document, ASCII text, with very long lines (3255), with no line terminators
Size
2.7 kB (2728 bytes)
Hash
9296ef3dc60787928b32df99d54e6d06
8188e874037d110cdd7348a12c8ee0bc496d2ca3
78f10176cd7e78ca269ad05d83467887eee5ee68e17e2d69a1650c2b4ac1187c

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 6347e135.cdaaf2bc902c005246e781ba.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6347e135.cdaaf2bc902c005246e781ba.workers.dev/?qrc=mike.clough@aalberts-ips.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 23 Apr 2024 11:26:47 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r9DzK9CQqo%2Fs1dmTechmkoH9J8xp23Shz9VOHCQC2b6rawAQbbgDZaB4cSWfyMXiJAaqrEj3XgjAIUSKpxK26ugsDJomu%2F9HEuwXVxtSFBnCzvMzhwwMAmd7NoTZgKVtMWoXGdoABC3d16yQcC%2BtchTO3N1iGJr8OIVTJLD%2BkWY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 878d802aacaeb527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

csp.microsoft.com/report/ESTS-UX-All

13.107.213.53

504 Gateway Timeout

1.4 kB

URL POST HTTP/2
csp.microsoft.com/report/ESTS-UX-All
IP
13.107.213.53:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://pn6oqa0q6cy.elektromag.co/?2owinjimx=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1taWtlLmNsb3VnaCU0MGFhbGJlcnRzLWlwcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2MzYTdlYTMtMDRiMS1hMWM5LTYyNDMtZDczYWYxOTgyMGNmJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NDY4NDE0OTI0MDQ0NC4wNjQxMDU5MS0xM2Q4LTQwNWItOTUyOC1mYWMzYTVkMzcyYWEmc3RhdGU9RGN0QkRvTWdFRUJSYU1fU0pUREFnTEJvUEVvem9sVlNGRk50dkg1WnZMXzduREYyYjI0Tmh4YldlUnN3b2ctb01Sb0VSSlRnVVlPTFdtZzdCb0hnQmhHZENlSk55WkliYldlSWVIdVZxaGVwdnRRNWI2OGxiLWR6elo5SnBsSl84X0pBSUNyRDlEMFBrZmREcHJyLUFR
Certificate
IssuerDigiCert, Inc.
Subjectcsp.microsoft.com
Fingerprint67:A0:7D:12:6B:27:53:6C:ED:69:FD:D0:1D:9C:95:22:4B:1D:D7:AC
ValidityWed, 27 Mar 2024 00:00:00 GMT - Fri, 27 Sep 2024 23:59:59 GMT

File type
HTML document, ASCII text
Size
1.4 kB (1379 bytes)
Hash
5b351fee775d9c3567efaa1fff82e976
9c273f39f2e2105606eed2e85c7e6ad6af3098c8
52eb974aa60f434cbbe4779572058b638d972ed9232754b6ee1aa5222329bb88

HTTP Headers

POST /report/ESTS-UX-All HTTP/1.1
Host: csp.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 2403
Origin: https://pn6oqa0q6cy.elektromag.co
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 504 Gateway Timeout
date: Tue, 23 Apr 2024 11:26:59 GMT
content-type: text/html
content-length: 1379
cache-control: no-store
x-azure-ref: 20240423T112655Z-16c4f695cc5knmkg80umz0nt7g00000005kg00000000gy1c
x-cache: CONFIG_NOCACHE
X-Firefox-Spdy: h2

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/mo9v5/0x4AAAAAAAX9wxD2JhUuUgpL/auto/normal

104.17.3.184

27 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/mo9v5/0x4AAAAAAAX9wxD2JhUuUgpL/auto/normal
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (41702)
Size
27 kB (27006 bytes)
Hash
f020e93ed671634beda0cfe055d77eb5
85f773deabdbd109875e5aab62bcbc275bc0e848
3a089a4fa5c8944d9ffae0bd8085c1ad1ee3723a7ff6523b73893cdba4b58cae

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/mo9v5/0x4AAAAAAAX9wxD2JhUuUgpL/auto/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6347e135.cdaaf2bc902c005246e781ba.workers.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 23 Apr 2024 11:26:47 GMT
content-type: text/html; charset=UTF-8
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
cross-origin-resource-policy: cross-origin
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
origin-agent-cluster: ?1
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
document-policy: js-profiling
cross-origin-opener-policy: same-origin
vary: accept-encoding
server: cloudflare
cf-ray: 878d802acfe0b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

csp.microsoft.com/report/ESTS-UX-All

13.107.213.53

504 Gateway Timeout

1.4 kB

URL POST HTTP/2
csp.microsoft.com/report/ESTS-UX-All
IP
13.107.213.53:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://pn6oqa0q6cy.elektromag.co/?2owinjimx=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1taWtlLmNsb3VnaCU0MGFhbGJlcnRzLWlwcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2MzYTdlYTMtMDRiMS1hMWM5LTYyNDMtZDczYWYxOTgyMGNmJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NDY4NDE0OTI0MDQ0NC4wNjQxMDU5MS0xM2Q4LTQwNWItOTUyOC1mYWMzYTVkMzcyYWEmc3RhdGU9RGN0QkRvTWdFRUJSYU1fU0pUREFnTEJvUEVvem9sVlNGRk50dkg1WnZMXzduREYyYjI0Tmh4YldlUnN3b2ctb01Sb0VSSlRnVVlPTFdtZzdCb0hnQmhHZENlSk55WkliYldlSWVIdVZxaGVwdnRRNWI2OGxiLWR6elo5SnBsSl84X0pBSUNyRDlEMFBrZmREcHJyLUFR
Certificate
IssuerDigiCert, Inc.
Subjectcsp.microsoft.com
Fingerprint67:A0:7D:12:6B:27:53:6C:ED:69:FD:D0:1D:9C:95:22:4B:1D:D7:AC
ValidityWed, 27 Mar 2024 00:00:00 GMT - Fri, 27 Sep 2024 23:59:59 GMT

File type
HTML document, ASCII text
Size
1.4 kB (1379 bytes)
Hash
dfb94cedeaa6adefb84c70d5b85f69e6
4268f0e2175082b56e59aec2d0c1684869f30fcf
6573e56f850e1ead2803be093ea18a6e491b4c7648bdd050f6906c8696b630f7

HTTP Headers

POST /report/ESTS-UX-All HTTP/1.1
Host: csp.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 3517
Origin: https://pn6oqa0q6cy.elektromag.co
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 504 Gateway Timeout
date: Tue, 23 Apr 2024 11:26:59 GMT
content-type: text/html
content-length: 1379
cache-control: no-store
x-azure-ref: 20240423T112655Z-16c4f695cc5knmkg80umz0nt7g00000005kg00000000gy1e
x-cache: CONFIG_NOCACHE
X-Firefox-Spdy: h2

pn6oqa0q6cy.elektromag.co/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_0lriinjhzchre9aqecvmpg2.js

5.230.74.74

200 OK

55 kB

URL GET HTTP/1.1
pn6oqa0q6cy.elektromag.co/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_0lriinjhzchre9aqecvmpg2.js
IP
5.230.74.74:443
ASN
#12586 GHOSTnet GmbH

Requested by
https://pn6oqa0q6cy.elektromag.co/?2owinjimx=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1taWtlLmNsb3VnaCU0MGFhbGJlcnRzLWlwcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2MzYTdlYTMtMDRiMS1hMWM5LTYyNDMtZDczYWYxOTgyMGNmJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NDY4NDE0OTI0MDQ0NC4wNjQxMDU5MS0xM2Q4LTQwNWItOTUyOC1mYWMzYTVkMzcyYWEmc3RhdGU9RGN0QkRvTWdFRUJSYU1fU0pUREFnTEJvUEVvem9sVlNGRk50dkg1WnZMXzduREYyYjI0Tmh4YldlUnN3b2ctb01Sb0VSSlRnVVlPTFdtZzdCb0hnQmhHZENlSk55WkliYldlSWVIdVZxaGVwdnRRNWI2OGxiLWR6elo5SnBsSl84X0pBSUNyRDlEMFBrZmREcHJyLUFR
Certificate
IssuerLet's Encrypt
Subjectelektromag.co
Fingerprint20:8B:94:A6:09:FA:5D:E4:61:97:FE:FF:6D:12:C2:38:04:1C:7A:AB
ValiditySat, 20 Apr 2024 11:18:39 GMT - Fri, 19 Jul 2024 11:18:38 GMT

File type

Size
55 kB (55037 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_0lriinjhzchre9aqecvmpg2.js HTTP/1.1
Host: pn6oqa0q6cy.elektromag.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pn6oqa0q6cy.elektromag.co/?2owinjimx=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1taWtlLmNsb3VnaCU0MGFhbGJlcnRzLWlwcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2MzYTdlYTMtMDRiMS1hMWM5LTYyNDMtZDczYWYxOTgyMGNmJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NDY4NDE0OTI0MDQ0NC4wNjQxMDU5MS0xM2Q4LTQwNWItOTUyOC1mYWMzYTVkMzcyYWEmc3RhdGU9RGN0QkRvTWdFRUJSYU1fU0pUREFnTEJvUEVvem9sVlNGRk50dkg1WnZMXzduREYyYjI0Tmh4YldlUnN3b2ctb01Sb0VSSlRnVVlPTFdtZzdCb0hnQmhHZENlSk55WkliYldlSWVIdVZxaGVwdnRRNWI2OGxiLWR6elo5SnBsSl84X0pBSUNyRDlEMFBrZmREcHJyLUFR
DNT: 1
Connection: keep-alive
Cookie: qPdM=5ea7aVEzq5L4; qPdM.sig=0lHvGPbuR1GWbgBt1rT444xK_PQ; ClientId=07EC3E2BD102461A93746FFC11547754; OIDC=1; OpenIdConnect.nonce.v3.eVCmzbtm1ihOhsL5ufJmPo82X9dkBAUAqHgV_c2hasQ=638494684149240444.06410591-13d8-405b-9528-fac3a5d372aa; X-OWA-RedirectHistory=ArLym14BfNKwR4hj3Ag; buid=0.AV0AMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8qWikaByF4PBGLPbbTQihA4o3TE-dtyXlV0adGjpEhaudCOiMTEK1TEGet6VriSZxni9KSOWG88iVEr26yz9twxrONwa1OpxyGFoTTg5sKOwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8S83QhK2LSALfZj83SaBReKcUXJgBv7y7ZSQ7nTN9X3Z_DDtOxd7vZFSvzymFGHpKe_IduwAgHovjZIEOBnfqsu15IOG1l1RQKJGAqDxGDKxBYvL15GiL0FAOHm8AnPjWx9nrf_cgH9Zbag75MLekWbXWdfVSnN-JCxleQd8MeQogAA; esctx-wvILbsZgwjk=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8E15PFRiIPYUWWbdxHSrsHSx1XZxGz4w2oI6i51qXfCBF16AavpwBDXt0eyLRLd1EwuIwwoxnb1LBxBWOqmvAjcQQxquLKwBuY4xcNR-UmVF686Oe7tvTnvioXTIbwO0_gFMunbGbc2RF6mUFWuY1DiAA; fpc=AhIjpMM9CT1HlZxLkjrw5XaerOTJAQAAAP6Rud0OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Encoding: gzip
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Age: 1752766
Cache-Control: public, max-age=31536000
Content-MD5: CY0A6RVMGkhI2gFiBcGc6Q==
Content-Type: application/x-javascript
Date: Tue, 23 Apr 2024 11:26:55 GMT
Etag: 0x8DC535BDA2DB838
Last-Modified: Tue, 02 Apr 2024 21:28:34 GMT
Server: ECAcc (frc/4C96)
Vary: Accept-Encoding
X-Cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 1ce9412a-c01e-0057-0880-85e81b000000
x-ms-version: 2009-09-19
content-length: 55037
Connection: close
Content-Security-Policy: default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

pn6oqa0q6cy.elektromag.co/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3BuNm9xYTBxNmN5LmVsZWt0cm9tYWcuY28iLCJkb21haW4iOiJwbjZvcWEwcTZjeS5lbGVrdHJvbWFnLmNvIiwia2V5IjoiNWVhN2FWRXpxNUw0IiwicXJjIjoibWlrZS5jbG91Z2hAYWFsYmVydHMtaXBzLmNvbSIsImlhdCI6MTcxMzg3MTYxNCwiZXhwIjoxNzEzODcxNzM0fQ.Nf5BKF7lckT6JD-xarfgm4Q6h1rZtYFCXTYGDxdkqBU

5.230.74.74

302 Found

40 kB

URL GET HTTP/1.1
pn6oqa0q6cy.elektromag.co/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3BuNm9xYTBxNmN5LmVsZWt0cm9tYWcuY28iLCJkb21haW4iOiJwbjZvcWEwcTZjeS5lbGVrdHJvbWFnLmNvIiwia2V5IjoiNWVhN2FWRXpxNUw0IiwicXJjIjoibWlrZS5jbG91Z2hAYWFsYmVydHMtaXBzLmNvbSIsImlhdCI6MTcxMzg3MTYxNCwiZXhwIjoxNzEzODcxNzM0fQ.Nf5BKF7lckT6JD-xarfgm4Q6h1rZtYFCXTYGDxdkqBU
IP
5.230.74.74:443
ASN
#12586 GHOSTnet GmbH

Requested by
https://6347e135.cdaaf2bc902c005246e781ba.workers.dev/?qrc=mike.clough@aalberts-ips.com
Certificate
IssuerLet's Encrypt
Subjectelektromag.co
Fingerprint20:8B:94:A6:09:FA:5D:E4:61:97:FE:FF:6D:12:C2:38:04:1C:7A:AB
ValiditySat, 20 Apr 2024 11:18:39 GMT - Fri, 19 Jul 2024 11:18:38 GMT

File type

Size
40 kB (39494 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3BuNm9xYTBxNmN5LmVsZWt0cm9tYWcuY28iLCJkb21haW4iOiJwbjZvcWEwcTZjeS5lbGVrdHJvbWFnLmNvIiwia2V5IjoiNWVhN2FWRXpxNUw0IiwicXJjIjoibWlrZS5jbG91Z2hAYWFsYmVydHMtaXBzLmNvbSIsImlhdCI6MTcxMzg3MTYxNCwiZXhwIjoxNzEzODcxNzM0fQ.Nf5BKF7lckT6JD-xarfgm4Q6h1rZtYFCXTYGDxdkqBU HTTP/1.1
Host: pn6oqa0q6cy.elektromag.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6347e135.cdaaf2bc902c005246e781ba.workers.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Set-Cookie: qPdM=5ea7aVEzq5L4; path=/; samesite=none; secure; httponly
qPdM.sig=0lHvGPbuR1GWbgBt1rT444xK_PQ; path=/; samesite=none; secure; httponly
location: /?qrc=mike.clough%40aalberts-ips.com
Date: Tue, 23 Apr 2024 11:26:54 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked

pn6oqa0q6cy.elektromag.co/aadcdn.msftauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_4aBF4cdky--I3Cpch7JoPw2.js

5.230.74.74

200 OK

689 kB

URL GET HTTP/1.1
pn6oqa0q6cy.elektromag.co/aadcdn.msftauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_4aBF4cdky--I3Cpch7JoPw2.js
IP
5.230.74.74:443
ASN
#12586 GHOSTnet GmbH

Requested by
https://pn6oqa0q6cy.elektromag.co/?2owinjimx=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1taWtlLmNsb3VnaCU0MGFhbGJlcnRzLWlwcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2MzYTdlYTMtMDRiMS1hMWM5LTYyNDMtZDczYWYxOTgyMGNmJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NDY4NDE0OTI0MDQ0NC4wNjQxMDU5MS0xM2Q4LTQwNWItOTUyOC1mYWMzYTVkMzcyYWEmc3RhdGU9RGN0QkRvTWdFRUJSYU1fU0pUREFnTEJvUEVvem9sVlNGRk50dkg1WnZMXzduREYyYjI0Tmh4YldlUnN3b2ctb01Sb0VSSlRnVVlPTFdtZzdCb0hnQmhHZENlSk55WkliYldlSWVIdVZxaGVwdnRRNWI2OGxiLWR6elo5SnBsSl84X0pBSUNyRDlEMFBrZmREcHJyLUFR
Certificate
IssuerLet's Encrypt
Subjectelektromag.co
Fingerprint20:8B:94:A6:09:FA:5D:E4:61:97:FE:FF:6D:12:C2:38:04:1C:7A:AB
ValiditySat, 20 Apr 2024 11:18:39 GMT - Fri, 19 Jul 2024 11:18:38 GMT

File type
JavaScript source, ASCII text
Size
689 kB (689017 bytes)
Hash
3e89ae909c6a8d8c56396830471f3373
2632f95a5be7e4c589402bf76e800a8151cd036b
6665ca6a09f770c6679556eb86cf4234c8bdb0271049620e03199b34b4a16099

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /aadcdn.msftauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_4aBF4cdky--I3Cpch7JoPw2.js HTTP/1.1
Host: pn6oqa0q6cy.elektromag.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pn6oqa0q6cy.elektromag.co/?2owinjimx=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1taWtlLmNsb3VnaCU0MGFhbGJlcnRzLWlwcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2MzYTdlYTMtMDRiMS1hMWM5LTYyNDMtZDczYWYxOTgyMGNmJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NDY4NDE0OTI0MDQ0NC4wNjQxMDU5MS0xM2Q4LTQwNWItOTUyOC1mYWMzYTVkMzcyYWEmc3RhdGU9RGN0QkRvTWdFRUJSYU1fU0pUREFnTEJvUEVvem9sVlNGRk50dkg1WnZMXzduREYyYjI0Tmh4YldlUnN3b2ctb01Sb0VSSlRnVVlPTFdtZzdCb0hnQmhHZENlSk55WkliYldlSWVIdVZxaGVwdnRRNWI2OGxiLWR6elo5SnBsSl84X0pBSUNyRDlEMFBrZmREcHJyLUFR
DNT: 1
Connection: keep-alive
Cookie: qPdM=5ea7aVEzq5L4; qPdM.sig=0lHvGPbuR1GWbgBt1rT444xK_PQ; ClientId=07EC3E2BD102461A93746FFC11547754; OIDC=1; OpenIdConnect.nonce.v3.eVCmzbtm1ihOhsL5ufJmPo82X9dkBAUAqHgV_c2hasQ=638494684149240444.06410591-13d8-405b-9528-fac3a5d372aa; X-OWA-RedirectHistory=ArLym14BfNKwR4hj3Ag; buid=0.AV0AMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8qWikaByF4PBGLPbbTQihA4o3TE-dtyXlV0adGjpEhaudCOiMTEK1TEGet6VriSZxni9KSOWG88iVEr26yz9twxrONwa1OpxyGFoTTg5sKOwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8S83QhK2LSALfZj83SaBReKcUXJgBv7y7ZSQ7nTN9X3Z_DDtOxd7vZFSvzymFGHpKe_IduwAgHovjZIEOBnfqsu15IOG1l1RQKJGAqDxGDKxBYvL15GiL0FAOHm8AnPjWx9nrf_cgH9Zbag75MLekWbXWdfVSnN-JCxleQd8MeQogAA; esctx-wvILbsZgwjk=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8E15PFRiIPYUWWbdxHSrsHSx1XZxGz4w2oI6i51qXfCBF16AavpwBDXt0eyLRLd1EwuIwwoxnb1LBxBWOqmvAjcQQxquLKwBuY4xcNR-UmVF686Oe7tvTnvioXTIbwO0_gFMunbGbc2RF6mUFWuY1DiAA; fpc=AhIjpMM9CT1HlZxLkjrw5XaerOTJAQAAAP6Rud0OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 689017
Content-Type: application/x-javascript
Date: Tue, 23 Apr 2024 11:26:55 GMT
Connection: keep-alive
Keep-Alive: timeout=5

pn6oqa0q6cy.elektromag.co/?2owinjimx=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1taWtlLmNsb3VnaCU0MGFhbGJlcnRzLWlwcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2MzYTdlYTMtMDRiMS1hMWM5LTYyNDMtZDczYWYxOTgyMGNmJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NDY4NDE0OTI0MDQ0NC4wNjQxMDU5MS0xM2Q4LTQwNWItOTUyOC1mYWMzYTVkMzcyYWEmc3RhdGU9RGN0QkRvTWdFRUJSYU1fU0pUREFnTEJvUEVvem9sVlNGRk50dkg1WnZMXzduREYyYjI0Tmh4YldlUnN3b2ctb01Sb0VSSlRnVVlPTFdtZzdCb0hnQmhHZENlSk55WkliYldlSWVIdVZxaGVwdnRRNWI2OGxiLWR6elo5SnBsSl84X0pBSUNyRDlEMFBrZmREcHJyLUFR

5.230.74.74

200 OK

40 kB

URL GET HTTP/1.1
pn6oqa0q6cy.elektromag.co/?2owinjimx=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1taWtlLmNsb3VnaCU0MGFhbGJlcnRzLWlwcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2MzYTdlYTMtMDRiMS1hMWM5LTYyNDMtZDczYWYxOTgyMGNmJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NDY4NDE0OTI0MDQ0NC4wNjQxMDU5MS0xM2Q4LTQwNWItOTUyOC1mYWMzYTVkMzcyYWEmc3RhdGU9RGN0QkRvTWdFRUJSYU1fU0pUREFnTEJvUEVvem9sVlNGRk50dkg1WnZMXzduREYyYjI0Tmh4YldlUnN3b2ctb01Sb0VSSlRnVVlPTFdtZzdCb0hnQmhHZENlSk55WkliYldlSWVIdVZxaGVwdnRRNWI2OGxiLWR6elo5SnBsSl84X0pBSUNyRDlEMFBrZmREcHJyLUFR
IP
5.230.74.74:443
ASN
#12586 GHOSTnet GmbH

Requested by
https://6347e135.cdaaf2bc902c005246e781ba.workers.dev/?qrc=mike.clough@aalberts-ips.com
Certificate
IssuerLet's Encrypt
Subjectelektromag.co
Fingerprint20:8B:94:A6:09:FA:5D:E4:61:97:FE:FF:6D:12:C2:38:04:1C:7A:AB
ValiditySat, 20 Apr 2024 11:18:39 GMT - Fri, 19 Jul 2024 11:18:38 GMT

File type

Size
40 kB (39494 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /?2owinjimx=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1taWtlLmNsb3VnaCU0MGFhbGJlcnRzLWlwcy5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2MzYTdlYTMtMDRiMS1hMWM5LTYyNDMtZDczYWYxOTgyMGNmJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NDY4NDE0OTI0MDQ0NC4wNjQxMDU5MS0xM2Q4LTQwNWItOTUyOC1mYWMzYTVkMzcyYWEmc3RhdGU9RGN0QkRvTWdFRUJSYU1fU0pUREFnTEJvUEVvem9sVlNGRk50dkg1WnZMXzduREYyYjI0Tmh4YldlUnN3b2ctb01Sb0VSSlRnVVlPTFdtZzdCb0hnQmhHZENlSk55WkliYldlSWVIdVZxaGVwdnRRNWI2OGxiLWR6elo5SnBsSl84X0pBSUNyRDlEMFBrZmREcHJyLUFR HTTP/1.1
Host: pn6oqa0q6cy.elektromag.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://6347e135.cdaaf2bc902c005246e781ba.workers.dev/
DNT: 1
Connection: keep-alive
Cookie: qPdM=5ea7aVEzq5L4; qPdM.sig=0lHvGPbuR1GWbgBt1rT444xK_PQ; ClientId=07EC3E2BD102461A93746FFC11547754; OIDC=1; OpenIdConnect.nonce.v3.eVCmzbtm1ihOhsL5ufJmPo82X9dkBAUAqHgV_c2hasQ=638494684149240444.06410591-13d8-405b-9528-fac3a5d372aa; X-OWA-RedirectHistory=ArLym14BfNKwR4hj3Ag
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Link: <https://aadcdn.msftauth.net>; rel=preconnect; crossorigin,<https://aadcdn.msftauth.net>; rel=dns-prefetch,<https://aadcdn.msauth.net>; rel=dns-prefetch
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 50015054-f0a3-42f7-a53e-efba74a84900
x-ms-ests-server: 2.1.17910.10 - WEULR1 ProdSlices
x-ms-srs: 1.P
Referrer-Policy: strict-origin-when-cross-origin
Content-Security-Policy-Report-Only: script-src 'self' 'nonce-fvSKixcm02zFrptKEpKBKw' 'unsafe-eval' 'unsafe-inline' 'report-sample'; object-src 'none'; frame-src 'self' https://*.live.com https://*.office.com https://*.microsoft.com https://autologon.microsoftazuread-sso.com https://webshell.suite.office.com https://outlook.office365.com https://portal.azure.com https://signout.sharepoint.com https://portal.microsoftonline.com https://apps.powerapps.com https://admin.microsoft365.com https://account.activedirectory.windowsazure.com https://www.msn.com https://www.microsoftstart.com https://www.start.com https://jarvis-west-int-aux-tm.trafficmanager.net https://www.onenote.com https://admin.exchange.microsoft.com https://www.yammer.com https://web.yammer.com https://businesscentral.dynamics.com https://app.vssps.visualstudio.com https://o365spo-signout.sharepoint-df.com https://admin.teams.microsoft.com https://login.windows.net https://portal.rescueicm.com https://ccs.login.microsoftonline.com https://make.powerautomate.com https://insights.cloud.microsoft https://insights.viva.office.com; base-uri 'self'; report-uri https://csp.microsoft.com/report/ESTS-UX-All
Set-Cookie: buid=0.AV0AMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8qWikaByF4PBGLPbbTQihA4o3TE-dtyXlV0adGjpEhaudCOiMTEK1TEGet6VriSZxni9KSOWG88iVEr26yz9twxrONwa1OpxyGFoTTg5sKOwgAA; expires=Thu, 23-May-2024 11:26:55 GMT; path=/; secure; HttpOnly; SameSite=None
esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8S83QhK2LSALfZj83SaBReKcUXJgBv7y7ZSQ7nTN9X3Z_DDtOxd7vZFSvzymFGHpKe_IduwAgHovjZIEOBnfqsu15IOG1l1RQKJGAqDxGDKxBYvL15GiL0FAOHm8AnPjWx9nrf_cgH9Zbag75MLekWbXWdfVSnN-JCxleQd8MeQogAA; domain=pn6oqa0q6cy.elektromag.co; path=/; secure; HttpOnly; SameSite=None
esctx-wvILbsZgwjk=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8E15PFRiIPYUWWbdxHSrsHSx1XZxGz4w2oI6i51qXfCBF16AavpwBDXt0eyLRLd1EwuIwwoxnb1LBxBWOqmvAjcQQxquLKwBuY4xcNR-UmVF686Oe7tvTnvioXTIbwO0_gFMunbGbc2RF6mUFWuY1DiAA; domain=pn6oqa0q6cy.elektromag.co; path=/; secure; HttpOnly; SameSite=None
fpc=AhIjpMM9CT1HlZxLkjrw5XaerOTJAQAAAP6Rud0OAAAA; expires=Thu, 23-May-2024 11:26:55 GMT; path=/; secure; HttpOnly; SameSite=None
x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
stsservicecookie=estsfd; path=/; secure; samesite=none; httponly
Date: Tue, 23 Apr 2024 11:26:54 GMT
Connection: close
content-length: 39494
Content-Security-Policy: default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

JavaScript (22)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations