Report - topsummeressentials.sa.com/now/auth/sf_rand_string

Report Overview

URL

topsummeressentials.sa.com/now/auth/sf_rand_string_lowercase6/ZGVmQGVjY28uY29t
IP

172.111.230.78

ASN

#9009 M247 Ltd
Submitted

2023-05-29T04:30:01Z

Access

public
Tags

phishing microsoft outlook
urlquery detections

Phishing - Microsoft Outlook

Detections

urlquery

4
Network Intrusion Detection

0
Threat Detection Systems

7

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
topsummeressentials.sa.com (1)	unknown	2023-04-30 12:32:10	2023-05-25 08:28:00	534	249	172.111.230.78
nrezf.creaap.com (7)	unknown	2023-05-25 01:36:30	2023-05-25 01:36:30	4547	171742	188.114.97.1
unpkg.com (2)	11693	2016-01-08 00:26:01	2023-05-28 05:11:47	830	64801	104.16.122.175

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator
2023-05-29	medium	nrezf.creaap.com/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7cebff803832b500
2023-05-29	medium	nrezf.creaap.com/jq/21c8909dc708f21178919587c52accee64742a3ae7a19
2023-05-29	medium	nrezf.creaap.com/Mdef@ecco.com
2023-05-29	medium	nrezf.creaap.com/beebb091955c06fa68b3eb8afc0bae5164742a3ad9435PASbeebb091955c06fa68b3eb8afc0bae5164742a3ad944c
2023-05-29	medium	nrezf.creaap.com/boot/21c8909dc708f21178919587c52accee64742a3ae7a28
2023-05-29	medium	nrezf.creaap.com/jm/21c8909dc708f21178919587c52accee64742a3ae7a2a
2023-05-29	medium	nrezf.creaap.com/Mdef@ecco.com

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (9)

HTTP Transactions (10)

URL IP Response Size

topsummeressentials.sa.com/now/auth/sf_rand_string_lowercase6/ZGVmQGVjY28uY29t

172.111.230.78

200 OK

URL User Request GET HTTP/1.1

topsummeressentials.sa.com/now/auth/sf_rand_string_lowercase6/ZGVmQGVjY28uY29t
IP

172.111.230.78:443
ASN

#9009 M247 Ltd

Certificate

IssuerLet's Encrypt

Subjecttopsummeressentials.sa.com

FingerprintE2:C2:68:8E:C6:C3:72:5B:E3:EE:67:08:96:62:6B:CF:93:FB:9D:53

ValiditySun, 21 May 2023 09:36:20 GMT - Sat, 19 Aug 2023 09:36:19 GMT

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

                                        GET /now/auth/sf_rand_string_lowercase6/ZGVmQGVjY28uY29t HTTP/1.1
Host: topsummeressentials.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Mon, 29 May 2023 04:29:43 GMT
Server: Apache
refresh: 0;url=https://nrezf.creaap.com/Mdef@ecco.com
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

nrezf.creaap.com/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7cebff803832b500

188.114.97.1

URL

nrezf.creaap.com/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7cebff803832b500
IP

188.114.97.1:0
ASN

#13335 CLOUDFLARENET

Magic

GIF image data, version 89a, 1 x 1\012- data

Size

42
Hash

d89746888da2d9510b64a9f031eaecd5

d5fceb6532643d0d84ffe09c40c481ecdf59e15a

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Detections

Analyzer	Verdict	Alert
fortinet	Spam

HTTP Headers

                                        GET /cdn-cgi/images/trace/managed/js/transparent.gif?ray=7cebff803832b500 HTTP/1.1
Host: nrezf.creaap.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nrezf.creaap.com/Mdef@ecco.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 04:29:44 GMT
content-type: image/gif
content-length: 42
last-modified: Thu, 25 May 2023 08:39:03 GMT
etag: "646f1ea7-2a"
server: cloudflare
cf-ray: 7cebff815c09b4f4-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Mon, 29 May 2023 06:29:44 GMT
cache-control: max-age=7200, public
accept-ranges: bytes

nrezf.creaap.com/jq/21c8909dc708f21178919587c52accee64742a3ae7a19

188.114.97.1

200 OK

85578

URL GET HTTP/3

nrezf.creaap.com/jq/21c8909dc708f21178919587c52accee64742a3ae7a19
IP

188.114.97.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://nrezf.creaap.com/beebb091955c06fa68b3eb8afc0bae5164742a3ad9435PASbeebb091955c06fa68b3eb8afc0bae5164742a3ad944c
Certificate

IssuerGoogle Trust Services LLC

Subjectcreaap.com

FingerprintE1:22:08:A3:DF:A6:FE:A2:46:AD:B5:A7:78:F0:C3:BF:10:FE:BE:61

ValidityWed, 24 May 2023 18:21:44 GMT - Tue, 22 Aug 2023 18:21:43 GMT

Magic

ASCII text, with very long lines (32065)

Size

85578
Hash

2f6b11a7e914718e0290410e85366fe9

69bb69e25ca7d5ef0935317584e6153f3fd9a88c

05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Detections

Analyzer	Verdict	Alert
fortinet	Spam

HTTP Headers

                                        GET /jq/21c8909dc708f21178919587c52accee64742a3ae7a19 HTTP/1.1
Host: nrezf.creaap.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nrezf.creaap.com/beebb091955c06fa68b3eb8afc0bae5164742a3ad9435PASbeebb091955c06fa68b3eb8afc0bae5164742a3ad944c
Cookie: cf_clearance=2miM3qfGU9w.7KcKduAy38XeuUCBiyWMUlzrSEcs87w-1685334584-0-160; PHPSESSID=f056bb6728efeea722f3d62af0063fd8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 04:29:47 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Mon, 05 Jun 2023 04:29:47 GMT
last-modified: Wed, 24 May 2023 22:45:34 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aSmHsJLLhNrDh0MkxI5CqG8Nhg8QiPqLp1P4Nyxg5%2FcLxRjzvtQhGflxvVn7sIubTn0XVSz6xG3ewu%2BUd8xuyRZuIb2ZvyO%2FK2QmuEE2vWHUmEvkYGoiV%2B67IJJ880Jj9qLM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cebff918ca1b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

unpkg.com/axios@1.4.0/dist/axios.min.js

104.16.122.175

200 OK

31842

URL GET HTTP/2

unpkg.com/axios@1.4.0/dist/axios.min.js
IP

104.16.122.175:443
ASN

#13335 CLOUDFLARENET

Requested by

https://nrezf.creaap.com/beebb091955c06fa68b3eb8afc0bae5164742a3ad9435PASbeebb091955c06fa68b3eb8afc0bae5164742a3ad944c
Certificate

IssuerCloudflare, Inc.

Subjectsni.cloudflaressl.com

FingerprintF7:B6:41:CA:15:FD:D1:0C:27:39:55:5D:C5:CE:3F:1C:A6:BB:9D:6F

ValidityTue, 02 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT

Magic

ASCII text, with very long lines (31803)

Size

31842
Hash

6470a918ba1fd4b8d0882df0269ddb82

97814fdab64aa7d1b30f082f9eb272d4b1ce18a2

fd4ce12a87594281afcee9c73a40fe7acc282bcc9e764fbb3afa1481a96a091e

HTTP Headers

                                        GET /axios@1.4.0/dist/axios.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nrezf.creaap.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
date: Mon, 29 May 2023 04:29:47 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"7c62-l4FP2rZKp9GzDwgvnrJy1LHOGKI"
via: 1.1 fly.io
fly-request-id: 01GZP8TZEXW4PFCT61FHX2WRTS-fra
cf-cache-status: HIT
age: 2033679
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7cebff91dcf6b51d-OSL
content-encoding: br
X-Firefox-Spdy: h2

nrezf.creaap.com/Mdef@ecco.com

188.114.97.1

302 Found

7351

URL User Request POST HTTP/3

nrezf.creaap.com/Mdef@ecco.com
IP

188.114.97.1:443
ASN

#13335 CLOUDFLARENET

Certificate

IssuerGoogle Trust Services LLC

Subjectcreaap.com

FingerprintE1:22:08:A3:DF:A6:FE:A2:46:AD:B5:A7:78:F0:C3:BF:10:FE:BE:61

ValidityWed, 24 May 2023 18:21:44 GMT - Tue, 22 Aug 2023 18:21:43 GMT

Magic

Size

7351
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook
fortinet	Spam

HTTP Headers

                                        POST /Mdef@ecco.com HTTP/1.1
Host: nrezf.creaap.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nrezf.creaap.com/Mdef@ecco.com?__cf_chl_tk=YC3fm3pzdrbnP57iMvuHcoj7ImzJUmcq0Apd3Lvf.Ng-1685334584-0-gaNycGzNC5A
Content-Type: application/x-www-form-urlencoded
Content-Length: 3126
Origin: https://nrezf.creaap.com
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 302 Found
date: Mon, 29 May 2023 04:29:46 GMT
content-type: text/html; charset=UTF-8
location: ./beebb091955c06fa68b3eb8afc0bae5164742a3ad9435PASbeebb091955c06fa68b3eb8afc0bae5164742a3ad944c
set-cookie: cf_clearance=2miM3qfGU9w.7KcKduAy38XeuUCBiyWMUlzrSEcs87w-1685334584-0-160; path=/; expires=Tue, 28-May-24 04:29:46 GMT; domain=.creaap.com; HttpOnly; Secure; SameSite=None
PHPSESSID=f056bb6728efeea722f3d62af0063fd8; path=/; secure
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nk0E4HEtgXOB%2BnxN5QCHu9TK4DLeJgsjX8KNqt5%2FPOMjd295JiGNoDnGrPiwCRIQeMtaQ%2BpltzRIrKPGbK%2Fi1e829CRbAfpgieOmHr%2BROnsf5mKSq%2BlRdTfraxD2nt2D3Bqh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cebff8bd9d1b4f4-OSL
alt-svc: h3=":443"; ma=86400

nrezf.creaap.com/beebb091955c06fa68b3eb8afc0bae5164742a3ad9435PASbeebb091955c06fa68b3eb8afc0bae5164742a3ad944c

188.114.97.1

200 OK

7351

URL User Request GET HTTP/3

nrezf.creaap.com/beebb091955c06fa68b3eb8afc0bae5164742a3ad9435PASbeebb091955c06fa68b3eb8afc0bae5164742a3ad944c
IP

188.114.97.1:443
ASN

#13335 CLOUDFLARENET

Certificate

IssuerGoogle Trust Services LLC

Subjectcreaap.com

FingerprintE1:22:08:A3:DF:A6:FE:A2:46:AD:B5:A7:78:F0:C3:BF:10:FE:BE:61

ValidityWed, 24 May 2023 18:21:44 GMT - Tue, 22 Aug 2023 18:21:43 GMT

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7407), with no line terminators

Size

7351
Hash

3df176d53d95f952e7bbe369028a7c82

35ca5952d1c67b18007bef46bed1544d0613a99e

2a255187abe4d4a1b785333fd06d932eee6ab5254e5f3d570a7207e99f06a0a9

Detections

Analyzer	Verdict	Alert
fortinet	Spam

HTTP Headers

                                        GET /beebb091955c06fa68b3eb8afc0bae5164742a3ad9435PASbeebb091955c06fa68b3eb8afc0bae5164742a3ad944c HTTP/1.1
Host: nrezf.creaap.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nrezf.creaap.com/Mdef@ecco.com?__cf_chl_tk=YC3fm3pzdrbnP57iMvuHcoj7ImzJUmcq0Apd3Lvf.Ng-1685334584-0-gaNycGzNC5A
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=2miM3qfGU9w.7KcKduAy38XeuUCBiyWMUlzrSEcs87w-1685334584-0-160; PHPSESSID=f056bb6728efeea722f3d62af0063fd8
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 04:29:46 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eyUi0M1AHf1JmFGhm5dLb530yL3XkHmeblOXRhJ%2FpgUp%2BRmNu%2B9NKMSBy%2Bt2IeA%2FiY69Ml1a6df72IwCCC%2Bl649R%2B6zhWF%2BjANLkKfel9dqjde3AMjEOspu1BVWWEkbXtE9p"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cebff903c02b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nrezf.creaap.com/boot/21c8909dc708f21178919587c52accee64742a3ae7a28

188.114.97.1

200 OK

51039

URL GET HTTP/3

nrezf.creaap.com/boot/21c8909dc708f21178919587c52accee64742a3ae7a28
IP

188.114.97.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://nrezf.creaap.com/beebb091955c06fa68b3eb8afc0bae5164742a3ad9435PASbeebb091955c06fa68b3eb8afc0bae5164742a3ad944c
Certificate

IssuerGoogle Trust Services LLC

Subjectcreaap.com

FingerprintE1:22:08:A3:DF:A6:FE:A2:46:AD:B5:A7:78:F0:C3:BF:10:FE:BE:61

ValidityWed, 24 May 2023 18:21:44 GMT - Tue, 22 Aug 2023 18:21:43 GMT

Magic

ASCII text, with very long lines (50758)

Size

51039
Hash

67176c242e1bdc20603c878dee836df3

27a71b00383d61ef3c489326b3564d698fc1227c

56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

Detections

Analyzer	Verdict	Alert
fortinet	Spam

HTTP Headers

                                        GET /boot/21c8909dc708f21178919587c52accee64742a3ae7a28 HTTP/1.1
Host: nrezf.creaap.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nrezf.creaap.com/beebb091955c06fa68b3eb8afc0bae5164742a3ad9435PASbeebb091955c06fa68b3eb8afc0bae5164742a3ad944c
Cookie: cf_clearance=2miM3qfGU9w.7KcKduAy38XeuUCBiyWMUlzrSEcs87w-1685334584-0-160; PHPSESSID=f056bb6728efeea722f3d62af0063fd8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 04:29:47 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Mon, 05 Jun 2023 04:29:47 GMT
last-modified: Wed, 24 May 2023 22:45:34 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z3kZ3%2Fr8Ji0DekN6KU%2F2KJZe1BsywOPCo8z%2FtO1i26IOUVvenh9q6Y7TXb0FSveiE37bBu50WyOEjo7oeSOxzXQITXWIjz5oFzaEsjQfuoFM3fDBJE2458yIzsapUflqqdXh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cebff918ca2b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nrezf.creaap.com/jm/21c8909dc708f21178919587c52accee64742a3ae7a2a

188.114.97.1

200 OK

7309

URL GET HTTP/3

nrezf.creaap.com/jm/21c8909dc708f21178919587c52accee64742a3ae7a2a
IP

188.114.97.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://nrezf.creaap.com/beebb091955c06fa68b3eb8afc0bae5164742a3ad9435PASbeebb091955c06fa68b3eb8afc0bae5164742a3ad944c
Certificate

IssuerGoogle Trust Services LLC

Subjectcreaap.com

FingerprintE1:22:08:A3:DF:A6:FE:A2:46:AD:B5:A7:78:F0:C3:BF:10:FE:BE:61

ValidityWed, 24 May 2023 18:21:44 GMT - Tue, 22 Aug 2023 18:21:43 GMT

Magic

ASCII text, with very long lines (7344), with no line terminators

Size

7309
Hash

f335e180c66cfa35ea3152a33884ec67

0b99d4d6d595e23b8c864f9c39d16813f886e850

7e317dfd820ab1a6759f565d267e82ecb5bd797b6fe89be4858f0174b709c324

Detections

Analyzer	Verdict	Alert
fortinet	Spam

HTTP Headers

                                        GET /jm/21c8909dc708f21178919587c52accee64742a3ae7a2a HTTP/1.1
Host: nrezf.creaap.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nrezf.creaap.com/beebb091955c06fa68b3eb8afc0bae5164742a3ad9435PASbeebb091955c06fa68b3eb8afc0bae5164742a3ad944c
Cookie: cf_clearance=2miM3qfGU9w.7KcKduAy38XeuUCBiyWMUlzrSEcs87w-1685334584-0-160; PHPSESSID=f056bb6728efeea722f3d62af0063fd8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 04:29:47 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Mon, 05 Jun 2023 04:29:47 GMT
last-modified: Wed, 24 May 2023 22:45:34 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VB7HqYlMjO5LFHTupAD6dpVAGKRteswSVVtXDfi9Ev6ip2sHC4CnXhuSsENfs6ozwoNa9oWd0u6X6zIsL7xQ%2FtUlGQz%2F9NGXrHml1kgWVQCRl3hRDmuX2eNXPWEkLGVdpgSO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cebff918ca3b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

unpkg.com/axios/dist/axios.min.js

104.16.122.175

302 Found

31842

URL GET HTTP/2

unpkg.com/axios/dist/axios.min.js
IP

104.16.122.175:443
ASN

#13335 CLOUDFLARENET

Requested by

https://nrezf.creaap.com/beebb091955c06fa68b3eb8afc0bae5164742a3ad9435PASbeebb091955c06fa68b3eb8afc0bae5164742a3ad944c
Certificate

IssuerCloudflare, Inc.

Subjectsni.cloudflaressl.com

FingerprintF7:B6:41:CA:15:FD:D1:0C:27:39:55:5D:C5:CE:3F:1C:A6:BB:9D:6F

ValidityTue, 02 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT

Magic

Size

31842
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /axios/dist/axios.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nrezf.creaap.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 302 Found
date: Mon, 29 May 2023 04:29:47 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /axios@1.4.0/dist/axios.min.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01H1JW5ETHS5AG3AGEGWEFKZJ4-arn
cf-cache-status: HIT
age: 147
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7cebff91bce9b51d-OSL
X-Firefox-Spdy: h2

nrezf.creaap.com/Mdef@ecco.com

188.114.97.1

403 Forbidden

7558

URL User Request GET HTTP/2

nrezf.creaap.com/Mdef@ecco.com
IP

188.114.97.1:443
ASN

#13335 CLOUDFLARENET

Certificate

IssuerGoogle Trust Services LLC

Subjectcreaap.com

FingerprintE1:22:08:A3:DF:A6:FE:A2:46:AD:B5:A7:78:F0:C3:BF:10:FE:BE:61

ValidityWed, 24 May 2023 18:21:44 GMT - Tue, 22 Aug 2023 18:21:43 GMT

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7726), with no line terminators

Size

7558
Hash

28b3a22256d952507a53405d765a6367

c0874802765d3d278cbe6e69b4aebc39903d1963

6cf664f6b3d58af000c3b9f453f9bdecf30a4f9b28c98e699193262e75e85731

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook
fortinet	Spam

HTTP Headers

                                        GET /Mdef@ecco.com HTTP/1.1
Host: nrezf.creaap.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 403 Forbidden
date: Mon, 29 May 2023 04:29:44 GMT
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GTfDITVFhMiCk%2BJ3QRkkIw9qPIiFZNl7C2EoEKEPQvZpHfskxHcrxrJvST1N2qNLgeenzJWUDOn0KDc2scSv%2FO44LWrnBAQLunSAzTpfUKihZl0D718oxauMSkWeZdnnTIHV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cebff803832b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

#1 JS:Script (size: 34)

#2 JS:Script (size: 85578)

#3 JS:Script (size: 51039)

#4 JS:Script (size: 7309)

#5 JS:Script (size: 79)

#6 JS:Script (size: 37)

#1 JS:Eval (size: 4)

#2 JS:Eval (size: 1019)

#3 JS:Eval (size: 71)

HTTP Transactions (10)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

Magic

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

Magic

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

Magic

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

Magic

Size

Hash

HTTP Headers

URL User Request POST HTTP/3

IP

ASN

Certificate

Magic

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/3