Report - ldzengenharia.com.br/Brit/auth/protechservicesga/MKDKL7A3TAW7MOL7YT1KNO/c2pvbmVzQHByb3RlY2hzZXJ2aWNlc2dhLmNvbQ==

Report Overview

Submitted URL
ldzengenharia.com.br/Brit/auth/protechservicesga/MKDKL7A3TAW7MOL7YT1KNO/c2pvbmVzQHByb3RlY2hzZXJ2aWNlc2dhLmNvbQ==
IP
162.241.63.76
ASN
#19871 NETWORK-SOLUTIONS-HOSTING
Submitted
2024-03-28 21:24:14
Access
public
Website Title
aODaIMccAv
Final URL
hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Tags
microsoft phishing
urlquery detections
Phishing - Microsoft

Detections

urlquery
22
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ipapi.co	195030	2016-04-19	2017-01-31	2024-03-27	438 B	1.5 kB	172.67.69.226
www.google.com	7	1997-09-15	2015-05-10	2024-03-23	410 B	1.3 kB	216.58.211.4
cdn.socket.io	62068	2010-04-18	2015-03-23	2024-03-27	415 B	46 kB	143.204.55.70
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20	2024-03-28	1.9 kB	458 kB	104.17.3.184
httpbin.org	352975	2011-06-12	2013-07-23	2024-03-28	466 B	277 B	52.201.199.27
hxzgo.neyndish.com	unknown	unknown	No data	No data	39 kB	720 kB	104.21.31.149
www.gstatic.com	unknown	2008-02-11	2016-07-26	2024-03-28	488 B	509 kB	142.250.74.35
ldzengenharia.com.br	unknown	2020-08-20	2020-08-20	2024-03-28	566 B	229 B	162.241.63.76
code.jquery.com	634	2005-12-10	2012-05-21	2024-03-28	838 B	63 kB	151.101.130.137

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (31)

	URL	Size	First Seen	Last Seen
	cdn.socket.io/4.6.0/socket.io.min.js	46 kB	2023-04-05	2024-04-27
Pretty URL cdn.socket.io/4.6.0/socket.io.min.js IP 143.204.55.70 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 03:09:50 Last Seen2024-04-27 07:55:25 Times Seen71108 Hash 80f5b8c6a9eeac15de93e5a112036a06 f7174635137d37581b11937fc90e9cb325077bce 0401de33701f1cad16ecf952899d23990b6437d0a5b7335524edf6bdfb932542 Loading...

	hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG	60 kB	2024-03-28	2024-03-28
Pretty URL hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG IP 104.21.31.149 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-28 22:24:21 Last Seen2024-03-28 22:24:21 Times Seen1 Hash f2d9ac48a085045c1643b8c9ff3022ca d2734b3131934a154c1294e6123cb900213f2ca3 59b9109593736e3bc11157932f592344c731090c1242d7e575cd2c9502ab7be2 Loading...

	www.gstatic.com/recaptcha/releases/Hq4JZivTyQ7GP8Kt571Tzodj/recaptcha__en.js	508 kB	2024-03-21	2024-03-29
Pretty URL www.gstatic.com/recaptcha/releases/Hq4JZivTyQ7GP8Kt571Tzodj/recaptcha__en.js IP 142.250.74.35 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-21 13:29:41 Last Seen2024-03-29 06:54:27 Times Seen2362 Hash 6afd58bec95bc166d3c68166f86e9e67 9523c602a5d5610332785397cd26d3b9e18873ab 9368f8ab141b9545a2b9e279abe8fef65a60091050ebeab9b63dd4c1bd0d38e1 Loading...

	hxzgo.neyndish.com/563v3sxKQecMpkVCpieC7Agh3KjuK3D90YluXq67104	110 kB	2024-03-28	2024-04-03
Pretty URL hxzgo.neyndish.com/563v3sxKQecMpkVCpieC7Agh3KjuK3D90YluXq67104 IP 104.21.31.149 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-28 14:39:49 Last Seen2024-04-03 02:18:24 Times Seen49 Hash 78a5500114640d663460bcbb33e694eb c72b1b93c8bc2ddbd77ba3c042a8ed415b6b8e26 e97fe9db7ca567da1f9f5a3b87b669146addf1983392c32fda68c4d667a3ca22 Loading...

	code.jquery.com/jquery-3.6.0.min.js	90 kB	2023-03-07	2024-04-27
Pretty URL code.jquery.com/jquery-3.6.0.min.js IP 151.101.130.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-04-27 21:26:41 Times Seen262540 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	www.google.com/recaptcha/api.js	850 B	2024-03-21	2024-03-29
Pretty URL www.google.com/recaptcha/api.js IP 216.58.211.4 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-21 13:29:41 Last Seen2024-03-29 01:24:06 Times Seen560 Hash 02a73498d65c5eea50e63eec60b7b222 0dc726fe6d3e321900c51e654ec42bdb7c088106 a1c0de921a0d084726eb054afb55598ce1957bbf667d92d06675ba5ee99b2d21 Loading...

	unknown	9.5 kB	2024-03-28	2024-03-28
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-28 22:24:21 Last Seen2024-03-28 22:24:21 Times Seen1 Hash 6266b0ea111644103f43558852e706ab 173c3d763dd467ace3f3839ed7027a4ff57226a1 2352fbd6a8e38321802e1e316dd46a6b255b735f6b59d825578fd3f33edc4a23 Loading...

		Size	First Seen	Last Seen
	#1 Eval - db053e0ec84a2d5e2c2aabbe626fd688	165 B	2024-03-22	2024-04-04
Pretty Observations First Seen2024-03-22 10:38:02 Last Seen2024-04-04 15:20:10 Times Seen413 Hash db053e0ec84a2d5e2c2aabbe626fd688 a4981a02400b0582b8fbcb7520913ad26da5a2bc efcbfe5540a9f6f735f5e48e75fe356fce202bb35fefcfaacc48ba20732956c5 Loading...

	#2 Eval - 973e1198bc26517c8e59edde34f1c681	549 B	2024-03-28	2024-03-28
Pretty Observations First Seen2024-03-28 22:24:21 Last Seen2024-03-28 22:24:21 Times Seen1 Hash 973e1198bc26517c8e59edde34f1c681 115a78907f685839f04798ecd2383b78b16beb0e 3ed755747f6e226f530e94a73d0360e82f02649174bb5b7d8794d6495a8bd015 Loading...

	#3 Eval - 461907b053f6dcdb3d38df27b88d8245	28 B	2024-03-28	2024-03-28
Pretty Observations First Seen2024-03-28 22:24:21 Last Seen2024-03-28 22:24:21 Times Seen1 Hash 461907b053f6dcdb3d38df27b88d8245 714694b27df20af3322f32272ef3ca8c465f6745 126fdb0e6db638d7115bf4756e060162a2681b52dbfebc9fd92b2bb306de589f Loading...

	#4 Eval - ef88661f63307660f0efcbeecf039e71	28 B	2024-03-28	2024-03-28
Pretty Observations First Seen2024-03-28 22:24:21 Last Seen2024-03-28 22:24:21 Times Seen1 Hash ef88661f63307660f0efcbeecf039e71 f3a0ea4607929dc535a87d8933d30106dfbe01e4 8c3db91c0a13c89f82c21c751960c723c19b09ef1cfaf17fc7e237372b81822c Loading...

	#5 Eval - fa15bcb57dcacc51e13eaf3c9b0d4840	28 B	2024-03-28	2024-03-28
Pretty Observations First Seen2024-03-28 22:24:21 Last Seen2024-03-28 22:24:21 Times Seen1 Hash fa15bcb57dcacc51e13eaf3c9b0d4840 8bb26dca9d8558b94340ca5d599057d8a71d80e3 233d9326674971375bf5dc6d2ad4a7834b0461d738e174e814b828bab0b746f6 Loading...

	#6 Eval - e7ca3e14c52d2239b0e947a3e39b4184	28 B	2024-03-28	2024-03-28
Pretty Observations First Seen2024-03-28 22:24:21 Last Seen2024-03-28 22:24:21 Times Seen1 Hash e7ca3e14c52d2239b0e947a3e39b4184 93d801230b975d33db536d3000d5abedc3d4b04d 997a0a9ef996fd7444101978611070e442076af22198d6b7f8742a7ff5a1f975 Loading...

	#7 Eval - eabc88fa47472602f784c5df0af7eefc	1.0 kB	2024-03-28	2024-03-28
Pretty Observations First Seen2024-03-28 22:24:21 Last Seen2024-03-28 23:06:45 Times Seen2 Hash eabc88fa47472602f784c5df0af7eefc 60a6a6be148749f47cd9f1c53d5b4cb8d43de220 cf31c914893bd54318a04930ff2f3919de1b438b7051c124214c1e5c283e6963 Loading...

	#8 Eval - 190ef4edaf4aba9ce6829ea860b2cb65	61 B	2024-03-22	2024-04-04
Pretty Observations First Seen2024-03-22 10:35:33 Last Seen2024-04-04 15:56:11 Times Seen1815 Hash 190ef4edaf4aba9ce6829ea860b2cb65 84010fdde06dc04427d11aafdf4ba6495e14eff8 0334ef3ce9e77db17376ce3e320fe96b901743f1baa1096cc4066922ac672f8c Loading...

	#9 Eval - f27398c2460311d6163a66fdd75fa9b0	28 B	2024-03-28	2024-03-28
Pretty Observations First Seen2024-03-28 22:24:21 Last Seen2024-03-28 22:24:21 Times Seen1 Hash f27398c2460311d6163a66fdd75fa9b0 ab9e60acc0f29233c6544b980e727f975d438f56 d143877a5f18eb3773a426d5dd8d645da1fb68a58aff22b2ac75d137762da3f3 Loading...

	#10 Eval - 91c1be4672ee057d2c92820e51873561	28 B	2024-03-28	2024-03-28
Pretty Observations First Seen2024-03-28 22:24:21 Last Seen2024-03-28 22:24:21 Times Seen1 Hash 91c1be4672ee057d2c92820e51873561 26b34a12e188fe845f54bd1d3cabe3471b138a3a d9c4339bfc752879d36b0066487ea10b45e50d997c0a261d8fe794c608d260f6 Loading...

	#11 Eval - 9e925e9341b490bfd3b4c4ca3b0c1ef2	4 B	2023-03-07	2024-04-27
Pretty Observations First Seen2023-03-07 01:03:43 Last Seen2024-04-27 21:30:20 Times Seen350228 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	#12 Eval - c79962ffafb887e816df81d5f3206d4b	28 B	2024-03-28	2024-03-28
Pretty Observations First Seen2024-03-28 22:24:21 Last Seen2024-03-28 22:24:21 Times Seen1 Hash c79962ffafb887e816df81d5f3206d4b 05445344ad17a96d69ed276b5aad370a8b63862f 534725568c5f1b7becc6befe255d83f708168e2c48e01b3321267a06e7a07138 Loading...

	#13 Eval - 8986fcdb0c5c183d995422308bde4b09	28 B	2024-03-28	2024-03-28
Pretty Observations First Seen2024-03-28 22:24:21 Last Seen2024-03-28 22:24:21 Times Seen1 Hash 8986fcdb0c5c183d995422308bde4b09 c947108c18c5e197f2dfe6b3f1c3fd88c830b856 2faeb1048675f28e38aad74837c7f8e2366bd6c8193ee66a0c4db6c4be66e4d6 Loading...

	#14 Eval - 61d4e1c172e1d9284a774b058065ad82	28 B	2024-03-28	2024-03-28
Pretty Observations First Seen2024-03-28 22:24:21 Last Seen2024-03-28 22:24:21 Times Seen1 Hash 61d4e1c172e1d9284a774b058065ad82 57201de0db73e4276f22da5f3e84bb518bb1f34a 37f9b7de0985a7ada01c41b80143de2426dec398e67a3118780b78ecd37efdcd Loading...

	#15 Eval - dea2552927186759cd3a0c361eb25960	28 B	2024-03-28	2024-03-28
Pretty Observations First Seen2024-03-28 22:24:21 Last Seen2024-03-28 22:24:21 Times Seen1 Hash dea2552927186759cd3a0c361eb25960 18591da8d7c538b0a38af0b229180ee74618c8b4 f7b5ed54259867cb33d7cac42193752dd36771b81334c7b3fbb9c9670e036f7b Loading...

	#16 Eval - a20432337b92def56ca74f1b85fa6759	28 B	2024-03-28	2024-03-28
Pretty Observations First Seen2024-03-28 22:24:21 Last Seen2024-03-28 22:24:21 Times Seen1 Hash a20432337b92def56ca74f1b85fa6759 0c5db38fa24e26b50f03b52199670aaf59234916 ac1b618293df53416ba58e32a3575e2cbd8dc57cf849fe47be20c9cf0e8aa8f5 Loading...

	#17 Eval - 2aa77a38a06eec4b7b5e051af94e7e1f	28 B	2024-03-28	2024-03-28
Pretty Observations First Seen2024-03-28 22:24:21 Last Seen2024-03-28 22:24:21 Times Seen1 Hash 2aa77a38a06eec4b7b5e051af94e7e1f d11f9daddc8b2c254f419e4a469dbcaf69316429 58416b169eaf4e42d7e97fe3242b7ceb563dd2ade102fab1ca8cafdba3729321 Loading...

	#18 Eval - 8cd66e53e6791dddf8eadf0208c780a2	28 B	2024-03-28	2024-03-28
Pretty Observations First Seen2024-03-28 22:24:21 Last Seen2024-03-28 22:24:21 Times Seen1 Hash 8cd66e53e6791dddf8eadf0208c780a2 5d1fbb62b67f8dbce72dc907c1e5dca942b51f78 3a5f461f5aca1eb87c301f882a6116facf46535babe14fed942d88d9d1a5be42 Loading...

	#19 Eval - c60b075b681047621aea4fcd32d911eb	28 B	2024-03-28	2024-03-28
Pretty Observations First Seen2024-03-28 22:24:21 Last Seen2024-03-28 22:24:21 Times Seen1 Hash c60b075b681047621aea4fcd32d911eb a30e4673dff33c85bfbe54ed661cdabf23ff50ee a2d1278918eb991b11121314529781530cab12409171b7e30c59af20351c1b58 Loading...

	#20 Eval - a8683e22e568437f24e0a50fcae342a0	28 B	2024-03-28	2024-03-28
Pretty Observations First Seen2024-03-28 22:24:21 Last Seen2024-03-28 22:24:21 Times Seen1 Hash a8683e22e568437f24e0a50fcae342a0 04a041409e5778a9aa7f50c87ce390cbde6550d2 7e8c6ed09a981508a67c67ea797a7c5656b7b5f3f3f047bab2572c8bcc463f91 Loading...

	#21 Eval - af08789709fc831cf2e5a8b7e5b52870	28 B	2024-03-28	2024-03-28
Pretty Observations First Seen2024-03-28 22:24:21 Last Seen2024-03-28 22:24:22 Times Seen1 Hash af08789709fc831cf2e5a8b7e5b52870 d8b683285af420d327561d4cddafdda94de4d594 ba751a37c8e29bc76ed45d5190f2f75f232786be9d7f0b2bb8ae7e36e33faf87 Loading...

		Size	First Seen	Last Seen
	#1 Write - 06ac578b1c282d47ea070064c5de34a3	4.4 kB	2024-03-28	2024-03-28
Pretty Observations First Seen2024-03-28 22:24:22 Last Seen2024-03-28 22:24:22 Times Seen1 Hash 06ac578b1c282d47ea070064c5de34a3 3fe1e4503a0bc9557c76a96b2bbf92ff6a097445 5b3c1503b8ff1bdfb6598f2fd19b560d498551ac2965d08152853c116c9a4ed4 Loading...

	#2 Write - 0386ce37edeb13b3bdde9044f621208c	1.0 kB	2024-03-28	2024-03-28
Pretty Observations First Seen2024-03-28 22:24:22 Last Seen2024-03-28 22:24:22 Times Seen1 Hash 0386ce37edeb13b3bdde9044f621208c c8ae6a13ca69851a344b7e30b18a301f43a76295 fc2a4449bfcbca44c78083182ee64480eb7a287f877da3d5214bee9e20dded67 Loading...

	#3 Write - c0158a3e7f8b81ab0bd4daebd7c169fc	44 kB	2024-03-28	2024-03-28
Pretty Observations First Seen2024-03-28 22:24:22 Last Seen2024-03-28 22:24:22 Times Seen1 Hash c0158a3e7f8b81ab0bd4daebd7c169fc 3d8970e3a84235a9a6561ef979a980eae6b9fed0 d5080f0b997d76ac35f0d42c98dc7cb57df25779f53942db44b22d2bfa7b463b Loading...

HTTP Transactions (40)

URL IP Response Size

ldzengenharia.com.br/Brit/auth/protechservicesga/MKDKL7A3TAW7MOL7YT1KNO/c2pvbmVzQHByb3RlY2hzZXJ2aWNlc2dhLmNvbQ==

162.241.63.76

0 B

URL
ldzengenharia.com.br/Brit/auth/protechservicesga/MKDKL7A3TAW7MOL7YT1KNO/c2pvbmVzQHByb3RlY2hzZXJ2aWNlc2dhLmNvbQ==
IP
162.241.63.76:0
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /Brit/auth/protechservicesga/MKDKL7A3TAW7MOL7YT1KNO/c2pvbmVzQHByb3RlY2hzZXJ2aWNlc2dhLmNvbQ== HTTP/1.1
Host: ldzengenharia.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
refresh: 0;url=https://HXzGo.neyndish.com/uYsu0oU/#Esjones@protechservicesga.com
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 28 Mar 2024 21:23:48 GMT
server: Apache
X-Firefox-Spdy: h2

challenges.cloudflare.com/turnstile/v0/api.js?render=explicit

104.17.3.184

0 B

URL
challenges.cloudflare.com/turnstile/v0/api.js?render=explicit
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /turnstile/v0/api.js?render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hxzgo.neyndish.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Thu, 28 Mar 2024 21:23:49 GMT
content-length: 0
location: /turnstile/v0/g/dc6b543c1346/api.js?render=explicit
cross-origin-resource-policy: cross-origin
cache-control: max-age=300, public
access-control-allow-origin: *
vary: Accept-Encoding
server: cloudflare
cf-ray: 86baaefa0ea51c02-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.6.0.min.js

151.101.130.137

200 OK

31 kB

URL GET HTTP/2
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.130.137:443
ASN
#54113 FASTLY

Requested by
https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
31 kB (30875 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hxzgo.neyndish.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 28 Mar 2024 21:23:49 GMT
age: 4118648
x-served-by: cache-lga21931-LGA, cache-hel1410029-HEL
x-cache: HIT, HIT
x-cache-hits: 22, 424676
x-timer: S1711661029.476262,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

hxzgo.neyndish.com/favicon.ico

104.21.31.149

404 Not Found

13 kB

URL GET HTTP/3
hxzgo.neyndish.com/favicon.ico
IP
104.21.31.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Certificate
IssuerGoogle Trust Services LLC
Subjectneyndish.com
FingerprintB5:4C:D0:A1:03:D1:B3:96:27:1B:50:81:3D:AB:98:90:07:73:0D:9F
ValidityMon, 25 Mar 2024 15:18:55 GMT - Sun, 23 Jun 2024 15:18:54 GMT

File type
data
Size
13 kB (12890 bytes)
Hash
87059a5abfb7d1c84734735e35061116
3e9c81156ca9d5e5855c47e78f46de03edeb2169
150f87d89bb981b71a12e611767e438fb6b23f09d51677bc18f96d2d0bdc5f0b

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: hxzgo.neyndish.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hxzgo.neyndish.com/uYsu0oU/
Cookie: XSRF-TOKEN=eyJpdiI6IlIyZHFud3J2ZURHYkl3SkFhN2tHckE9PSIsInZhbHVlIjoiejNwdFdLdUNUazV6MlJ0VEJPQ1lSZlZ6SG9DeU5xeDFPQVoveHVyRDIyZnZXUjVGTDBoNHM4a1A3N3ZtdW92Yllubm1ab1Z4ZU93VmpPS0l2YUg5QmZlbXZUOEZrMWYrV3JsT3ZIVml0aVBDd29sN2lQcysvZ0VFZTZ3Vml6d1kiLCJtYWMiOiJjYWQ3YjM0MWQ4MGU2NDNjNmVmNTA4OTJkMzFkOTU2MDliYTk0NDRjNzJiN2I1ODMyZjhhMmFmODE3ZDA4MGZkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlNoWHpHdW9XVWU3bUhmT2pNMTRmeXc9PSIsInZhbHVlIjoiNis3ZlhNeEZESlZQbXhpZWd0SG5xQjczMDl1cHFNMXNpZWdYaUFKZUFKSTFoRVpKUDA5UDBnek5KVW5KZUpybFlNcDIzMFRSS2hEcHNHaVN4aE1Ha2JRU3VaV1laTVhpbUJTTHFSUis3citncW8rcjYzam1hRHd6OGZrVkFtOWsiLCJtYWMiOiI5MDA4YjFlYjk0ZmQxOTM2Njc5MWFkMmNmN2IwOWY3ODk1NTM1MGFkM2Y5NmJhMThkYzJiYjdhYWQxMjdkN2ZmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
date: Thu, 28 Mar 2024 21:23:49 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=14400
age: 2601
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MxdQXYZvlfwbA87K%2Bbb4vD3q0ttzNnc2oMP1QqkB52P5S62Kd2G1IARtUFqrLCYZ5glazre%2BFbTeGdbi0Vvb2nfBJC6O256SnefKOpQ2Pen1PjCVi0WEnEVXICc6Kg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
server: cloudflare
cf-ray: 86baaefb2da556c0-OSL
content-encoding: br

hxzgo.neyndish.com/uYsu0oU/

104.21.31.149

7.3 kB

URL
hxzgo.neyndish.com/uYsu0oU/
IP
104.21.31.149:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectneyndish.com
FingerprintB5:4C:D0:A1:03:D1:B3:96:27:1B:50:81:3D:AB:98:90:07:73:0D:9F
ValidityMon, 25 Mar 2024 15:18:55 GMT - Sun, 23 Jun 2024 15:18:54 GMT

File type
HTML document, ASCII text, with very long lines (1445), with CRLF line terminators
Size
7.3 kB (7275 bytes)
Hash
a7dd95d25e2dbd6120595ea1d10f948f
ce8ef98a267f55c5bae75cd4c5c466ea4693a43c
f2e47370a697aa91f1e137fc29cee65015e0545dc51e1f683414462b6b7558dd

HTTP Headers

GET /uYsu0oU/ HTTP/1.1
Host: hxzgo.neyndish.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlpDN3R5QjExcDMyeG12LzM3dGVYZGc9PSIsInZhbHVlIjoiUEdlZVBlSXJGTnpPVXdkRE02bllHNEkycndpL3dJUWV3dGZGYnl3TWpJTTJoQzdub3RmeHVMNXhQNFJ5QUMxSzg5ZGNDUHUzeXp0L0xOUzl1L1NwNkFmWXg2QkdLOE5sWUlNcUdFbm11TDh4ZkUxc2daeGlhWXR2MXU5SlBkdUQiLCJtYWMiOiI4NTQxZjY2ZDI5OTk0ZDVhMDZiYzI0OGMwOGNmODkxNDgwOGY1ZDg1YzUyZGUzNGQzMjM4Yjc1NjM2MTE0YTMyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkV2TTVOcytqYUluYmM0TTlFejhNYWc9PSIsInZhbHVlIjoicU0xVnlZb2VoRFFyN2xEalR2ZVJId0RQRFVkaVBrbm1oai9hR3ozZVBla2RmbmxoN0R3Q1oyUUQrY293ajlnK0IwMUZ6Yk5UeDlER0ZMckJUNTBjNGlJUXpnM0VyRTJweGU4a1RuUEU1dWVHQUFZaWlERHJZT1FWSjVvQk9kQWUiLCJtYWMiOiI4MjY1M2NhZDI4ODk0NjI5MWNmY2JmNjFmNTM2MTAwNWI1NWE5NjMyNDEyM2UyOTJmZWJkZGY3MTQxYTkyMGFhIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 28 Mar 2024 21:23:58 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S5UKomJBKe1%2BU7fSg59JJ9PR5vjLgalp3vb%2BnRTG6uqV8dWCOnW60Zu5nqa8Ospx1ocauSynnhRvcZmYwz5t1jUE1rKs6NVVf%2BwILuCdmdse6gtf5cRwFyEe9zwlDw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6IjVBeHFSN1p4STJLZmd0RTA3MnVENWc9PSIsInZhbHVlIjoiMEw1aVdzU1BMSkJIZkVTRWd1SW16QTYrY2x4eCt4NFRCN1YxRlhDQzlwYWtmSFpUWmNTekF5RmUrYnc2YzR4UUdmalRMcldlc3lxTWVRcnEyNW5yVFdZdU13amczR3Qwc1EvOVJKVXpzVnFBN091MWt6RUxXSE90MVhndjVnSFciLCJtYWMiOiJiMGIxNDk2ZmE1MDZmNDNhNzU2NzUxMjRlZTlkNzZkOWFmYjI4OGU4NDE5ZDEwYzcxYzEyZGQwOTg0MDU3MjY2IiwidGFnIjoiIn0%3D; expires=Thu, 28-Mar-2024 23:23:58 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IlM2OXhlbTlmWTcyM2l2NVorRWVCcUE9PSIsInZhbHVlIjoiRHo3dEp1SW93RlFUU2Fad1JhRE9JSjkyeWVLWHBMaW9SRUtaS2lOTUJNM01sMGRJbVVhTDIxNHFUUzliWlhwMzFWTmJJbDVab1FTM2Z5T09qSUpXekZsWlJsUGZCb2h2ZUJqbXRuVDQ4VWZjNU1uSTJEU1lBS1JLQUE5Nko4LzEiLCJtYWMiOiI2N2FjMDQ1YTJhMGU0YjM1NzkxYmY0Yjg2ZjVhZDQ2OGY3YmEzOTZjM2IxYjNlYmViNzUwNmNiZjY0NDNjYWYyIiwidGFnIjoiIn0%3D; expires=Thu, 28-Mar-2024 23:23:58 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
server: cloudflare
cf-ray: 86baaf321fa156c0-OSL
content-encoding: br

code.jquery.com/jquery-3.6.0.min.js

151.101.130.137

200 OK

31 kB

URL GET HTTP/2
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.130.137:443
ASN
#54113 FASTLY

Requested by
https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
31 kB (30875 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hxzgo.neyndish.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 28 Mar 2024 21:24:00 GMT
age: 4118659
x-served-by: cache-lga21931-LGA, cache-hel1410029-HEL
x-cache: HIT, HIT
x-cache-hits: 22, 424687
x-timer: S1711661040.314990,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

hxzgo.neyndish.com/qrEhX52kx453p8HL4Gw36vTOXoZghWjeIVKkRrpl6bduOpiB44067131

104.21.31.149

200 OK

727 B

URL GET HTTP/3
hxzgo.neyndish.com/qrEhX52kx453p8HL4Gw36vTOXoZghWjeIVKkRrpl6bduOpiB44067131
IP
104.21.31.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Certificate
IssuerGoogle Trust Services LLC
Subjectneyndish.com
FingerprintB5:4C:D0:A1:03:D1:B3:96:27:1B:50:81:3D:AB:98:90:07:73:0D:9F
ValidityMon, 25 Mar 2024 15:18:55 GMT - Sun, 23 Jun 2024 15:18:54 GMT

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Size
727 B (727 bytes)
Hash
839cb0f55c3d2d5c2f740bda95cb2878
93f6fa3a2da8b7184d4b5c5f2065872793370c2e
40ecb8832f6a9a8aaa0cc6e1287e867a4fca38433d091d86c6cab1f28fbab652

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /qrEhX52kx453p8HL4Gw36vTOXoZghWjeIVKkRrpl6bduOpiB44067131 HTTP/1.1
Host: hxzgo.neyndish.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Cookie: XSRF-TOKEN=eyJpdiI6IkxGQnlkYmE0TjVKU1l6MEFZOEQ4enc9PSIsInZhbHVlIjoiQnZVUGRHMjQ0a2g4dG0vYzVXWWJqVWxzcWVDS2JJQXJ2VjJpSjZibkthSUVzK2lpejErOXhVYUV3VmVjM1REeEE4Snh0U2RrTzlwaWE3b3BXZDMvdWY2bWV6RkUzK3B0U3BhQTJobVhqTlEzOGh0VFNLUXozdVVNM2tQOStHanEiLCJtYWMiOiIyZGQwN2JlOWM4NmNhZjk0OTY4NDkzZDhiY2U3OThmYmZiOGRlNmM3YTI0MGIwNjFhOWFmMzA4NTlmZDA4ZGNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlFNblpYbDlJZHBkNFpESFFrUW0zL1E9PSIsInZhbHVlIjoiaEVoQzR3N1VSZStPbXU5RG5idmhsVm55YlU2VDRSZVJzQzV2UGZEaWwvS3dCK3JZR3V1NW96NGxqQjJ2RXg0MWhpbTFpZ3J5Y1I5RloyYWlkYVBvaC9yZSt5WmRYNWJXM2llKzgrTGlVZm9ZVWkzNjFZUkxPNTVvYkhGV2JsdGEiLCJtYWMiOiJmN2ZjNWQ3ZTJmYWI5ZjQzNGU0MWQ2OGRkOGRkMGUyYzc1MjJjM2JjNmM4YmVhNmEzZmI0OTljOTIzNWIyNjk2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 28 Mar 2024 21:24:00 GMT
content-type: image/png
content-length: 727
content-disposition: inline; filename="qrEhX52kx453p8HL4Gw36vTOXoZghWjeIVKkRrpl6bduOpiB44067131"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2srSwVsbtgSy%2FkJVdaXz57IdbSW9kXR7rM0fqhahfNn1IgdEDuNxv2Y9vQM%2BVHkOww0hmZuXFlSpSgZmNl5BD7jQqnRmdKWz6zqMzCvhXql6zkbircCzfJgPfiJzpw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server: cloudflare
cf-ray: 86baaf3e1cfe56c0-OSL

hxzgo.neyndish.com/78q9aip2sJQx45uiTjjUrJuv59

104.21.31.149

200 OK

29 kB

URL GET HTTP/3
hxzgo.neyndish.com/78q9aip2sJQx45uiTjjUrJuv59
IP
104.21.31.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Certificate
IssuerGoogle Trust Services LLC
Subjectneyndish.com
FingerprintB5:4C:D0:A1:03:D1:B3:96:27:1B:50:81:3D:AB:98:90:07:73:0D:9F
ValidityMon, 25 Mar 2024 15:18:55 GMT - Sun, 23 Jun 2024 15:18:54 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28584, version 1.66
Size
29 kB (28584 bytes)
Hash
17081510f3a6f2f619ec8c6f244523c7
87f34b2a1532c50f2a424c345d03fe028db35635
2c7292014e2ef00374aeb63691d9f23159a010455784ee0b274ba7db2bcca956

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /78q9aip2sJQx45uiTjjUrJuv59 HTTP/1.1
Host: hxzgo.neyndish.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkxGQnlkYmE0TjVKU1l6MEFZOEQ4enc9PSIsInZhbHVlIjoiQnZVUGRHMjQ0a2g4dG0vYzVXWWJqVWxzcWVDS2JJQXJ2VjJpSjZibkthSUVzK2lpejErOXhVYUV3VmVjM1REeEE4Snh0U2RrTzlwaWE3b3BXZDMvdWY2bWV6RkUzK3B0U3BhQTJobVhqTlEzOGh0VFNLUXozdVVNM2tQOStHanEiLCJtYWMiOiIyZGQwN2JlOWM4NmNhZjk0OTY4NDkzZDhiY2U3OThmYmZiOGRlNmM3YTI0MGIwNjFhOWFmMzA4NTlmZDA4ZGNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlFNblpYbDlJZHBkNFpESFFrUW0zL1E9PSIsInZhbHVlIjoiaEVoQzR3N1VSZStPbXU5RG5idmhsVm55YlU2VDRSZVJzQzV2UGZEaWwvS3dCK3JZR3V1NW96NGxqQjJ2RXg0MWhpbTFpZ3J5Y1I5RloyYWlkYVBvaC9yZSt5WmRYNWJXM2llKzgrTGlVZm9ZVWkzNjFZUkxPNTVvYkhGV2JsdGEiLCJtYWMiOiJmN2ZjNWQ3ZTJmYWI5ZjQzNGU0MWQ2OGRkOGRkMGUyYzc1MjJjM2JjNmM4YmVhNmEzZmI0OTljOTIzNWIyNjk2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 28 Mar 2024 21:24:00 GMT
content-type: font/woff2
content-length: 28584
content-disposition: inline; filename="78q9aip2sJQx45uiTjjUrJuv59"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jCT22w%2FSiNhcO0kiUDdeY3%2Bvsu8gbPxAIgOWqev0gvb9E%2FUJJhPx4mtOMbgSuaYMFyYmCijVB8ut1%2F4CXBbUDkfjsuWPYs5Rf6LyHaJvnmMDus5QqORKGIFAuR3cdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server: cloudflare
cf-ray: 86baaf3e0cf356c0-OSL

hxzgo.neyndish.com/12TiQmdvU4wiZ4cq56kpFZqr50

104.21.31.149

200 OK

36 kB

URL GET HTTP/3
hxzgo.neyndish.com/12TiQmdvU4wiZ4cq56kpFZqr50
IP
104.21.31.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Certificate
IssuerGoogle Trust Services LLC
Subjectneyndish.com
FingerprintB5:4C:D0:A1:03:D1:B3:96:27:1B:50:81:3D:AB:98:90:07:73:0D:9F
ValidityMon, 25 Mar 2024 15:18:55 GMT - Sun, 23 Jun 2024 15:18:54 GMT

File type
Web Open Font Format, TrueType, length 35970, version 1.0
Size
36 kB (35970 bytes)
Hash
496b7bbde91c7dc7cf9bbabbb3921da8
2bd3c406a715ab52dad84c803c55bf4a6e66a924
ae40a04f95df12b0c364f26ab691dc0c391d394a28bcdb4aeacfaca325d0a798

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /12TiQmdvU4wiZ4cq56kpFZqr50 HTTP/1.1
Host: hxzgo.neyndish.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkxGQnlkYmE0TjVKU1l6MEFZOEQ4enc9PSIsInZhbHVlIjoiQnZVUGRHMjQ0a2g4dG0vYzVXWWJqVWxzcWVDS2JJQXJ2VjJpSjZibkthSUVzK2lpejErOXhVYUV3VmVjM1REeEE4Snh0U2RrTzlwaWE3b3BXZDMvdWY2bWV6RkUzK3B0U3BhQTJobVhqTlEzOGh0VFNLUXozdVVNM2tQOStHanEiLCJtYWMiOiIyZGQwN2JlOWM4NmNhZjk0OTY4NDkzZDhiY2U3OThmYmZiOGRlNmM3YTI0MGIwNjFhOWFmMzA4NTlmZDA4ZGNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlFNblpYbDlJZHBkNFpESFFrUW0zL1E9PSIsInZhbHVlIjoiaEVoQzR3N1VSZStPbXU5RG5idmhsVm55YlU2VDRSZVJzQzV2UGZEaWwvS3dCK3JZR3V1NW96NGxqQjJ2RXg0MWhpbTFpZ3J5Y1I5RloyYWlkYVBvaC9yZSt5WmRYNWJXM2llKzgrTGlVZm9ZVWkzNjFZUkxPNTVvYkhGV2JsdGEiLCJtYWMiOiJmN2ZjNWQ3ZTJmYWI5ZjQzNGU0MWQ2OGRkOGRkMGUyYzc1MjJjM2JjNmM4YmVhNmEzZmI0OTljOTIzNWIyNjk2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 28 Mar 2024 21:24:00 GMT
content-type: font/woff
content-length: 35970
content-disposition: inline; filename="12TiQmdvU4wiZ4cq56kpFZqr50"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kKzyC1aZ5S1hzGr3fjFdCj8Ow39Asg8grlXkMZKzy49nm6RVF6Kwkw7uIBa4Yu1d30JEaz04PjyNUDRNYFXET63so2Ppv0UxNHM3sIrv04Q5uIiEzt6OpPBwxqm1gA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server: cloudflare
cf-ray: 86baaf3e0cf256c0-OSL

hxzgo.neyndish.com/pqdq1sXG9osjefu70MWC34u3Buv34

104.21.31.149

200 OK

28 kB

URL GET HTTP/3
hxzgo.neyndish.com/pqdq1sXG9osjefu70MWC34u3Buv34
IP
104.21.31.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Certificate
IssuerGoogle Trust Services LLC
Subjectneyndish.com
FingerprintB5:4C:D0:A1:03:D1:B3:96:27:1B:50:81:3D:AB:98:90:07:73:0D:9F
ValidityMon, 25 Mar 2024 15:18:55 GMT - Sun, 23 Jun 2024 15:18:54 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28000, version 1.66
Size
28 kB (28000 bytes)
Hash
a4bca6c95fed0d0c5cc46cf07710dcec
73b56e33b82b42921db8702a33efd0f2b2ec9794
5a51d246af54d903f67f07f2bd820ce77736f8d08c5f1602db07469d96dbf77f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /pqdq1sXG9osjefu70MWC34u3Buv34 HTTP/1.1
Host: hxzgo.neyndish.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkxGQnlkYmE0TjVKU1l6MEFZOEQ4enc9PSIsInZhbHVlIjoiQnZVUGRHMjQ0a2g4dG0vYzVXWWJqVWxzcWVDS2JJQXJ2VjJpSjZibkthSUVzK2lpejErOXhVYUV3VmVjM1REeEE4Snh0U2RrTzlwaWE3b3BXZDMvdWY2bWV6RkUzK3B0U3BhQTJobVhqTlEzOGh0VFNLUXozdVVNM2tQOStHanEiLCJtYWMiOiIyZGQwN2JlOWM4NmNhZjk0OTY4NDkzZDhiY2U3OThmYmZiOGRlNmM3YTI0MGIwNjFhOWFmMzA4NTlmZDA4ZGNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlFNblpYbDlJZHBkNFpESFFrUW0zL1E9PSIsInZhbHVlIjoiaEVoQzR3N1VSZStPbXU5RG5idmhsVm55YlU2VDRSZVJzQzV2UGZEaWwvS3dCK3JZR3V1NW96NGxqQjJ2RXg0MWhpbTFpZ3J5Y1I5RloyYWlkYVBvaC9yZSt5WmRYNWJXM2llKzgrTGlVZm9ZVWkzNjFZUkxPNTVvYkhGV2JsdGEiLCJtYWMiOiJmN2ZjNWQ3ZTJmYWI5ZjQzNGU0MWQ2OGRkOGRkMGUyYzc1MjJjM2JjNmM4YmVhNmEzZmI0OTljOTIzNWIyNjk2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 28 Mar 2024 21:24:00 GMT
content-type: font/woff2
content-length: 28000
content-disposition: inline; filename="pqdq1sXG9osjefu70MWC34u3Buv34"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rcMP8G5z%2BnqheJ482SdVG5NL9y8ceKbMBiBeX8mPoxHkT%2BZWWhhNsYR9xv06zqUKGfVSHQW7NpaZVdws7lH1RDXK%2BvDQwPIL99ReaeUdQaJBMIixSmW4EnHOjDMTVg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server: cloudflare
cf-ray: 86baaf3dfce656c0-OSL

hxzgo.neyndish.com/uYsu0oU/?xEsjones@protechservicesga.com

104.21.31.149

302 Found

27 kB

URL User Request GET HTTP/3
hxzgo.neyndish.com/uYsu0oU/?xEsjones@protechservicesga.com
IP
104.21.31.149:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectneyndish.com
FingerprintB5:4C:D0:A1:03:D1:B3:96:27:1B:50:81:3D:AB:98:90:07:73:0D:9F
ValidityMon, 25 Mar 2024 15:18:55 GMT - Sun, 23 Jun 2024 15:18:54 GMT

File type
data
Size
27 kB (27196 bytes)
Hash
a3915b91d1c941803374222c4d5c0fe4
9697403e2ed8c541e30c69a17c2d2426340a83a4
b9ab6300bceb1e1e1f7352a3b88bd3327346f2aac246fb227a94222be7a41781

HTTP Headers

GET /uYsu0oU/?xEsjones@protechservicesga.com HTTP/1.1
Host: hxzgo.neyndish.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hxzgo.neyndish.com/uYsu0oU/
Cookie: XSRF-TOKEN=eyJpdiI6IjVBeHFSN1p4STJLZmd0RTA3MnVENWc9PSIsInZhbHVlIjoiMEw1aVdzU1BMSkJIZkVTRWd1SW16QTYrY2x4eCt4NFRCN1YxRlhDQzlwYWtmSFpUWmNTekF5RmUrYnc2YzR4UUdmalRMcldlc3lxTWVRcnEyNW5yVFdZdU13amczR3Qwc1EvOVJKVXpzVnFBN091MWt6RUxXSE90MVhndjVnSFciLCJtYWMiOiJiMGIxNDk2ZmE1MDZmNDNhNzU2NzUxMjRlZTlkNzZkOWFmYjI4OGU4NDE5ZDEwYzcxYzEyZGQwOTg0MDU3MjY2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlM2OXhlbTlmWTcyM2l2NVorRWVCcUE9PSIsInZhbHVlIjoiRHo3dEp1SW93RlFUU2Fad1JhRE9JSjkyeWVLWHBMaW9SRUtaS2lOTUJNM01sMGRJbVVhTDIxNHFUUzliWlhwMzFWTmJJbDVab1FTM2Z5T09qSUpXekZsWlJsUGZCb2h2ZUJqbXRuVDQ4VWZjNU1uSTJEU1lBS1JLQUE5Nko4LzEiLCJtYWMiOiI2N2FjMDQ1YTJhMGU0YjM1NzkxYmY0Yjg2ZjVhZDQ2OGY3YmEzOTZjM2IxYjNlYmViNzUwNmNiZjY0NDNjYWYyIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Thu, 28 Mar 2024 21:23:59 GMT
content-type: text/html; charset=UTF-8
location: https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
cache-control: no-cache, private
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OuZCM1dmiigMG7patpP99AOrfEL0K8W7%2B3AOxWUz2j3TuESdFDvaUQsRboMgYU3lPzT%2Fv9JmjO2twDCbTwXpDWVvO5FUl2gOndODPSgZp7lEgpjW5Huxw%2B%2FkyGxrhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6IlU3RVFpUncwTG1EZHhPQm14Ujh0K3c9PSIsInZhbHVlIjoiQjdRUWM4amQvcG1zTXdEbnZISzd3bFJlM1JTOWFtMy9Ib3hBU3Z3ZlQwRFIzY0x1STN1U0ptZkRrSUl5S1BEakV3TUV1S0xhUmZPaVBNUmlzbml1MzNwZTY4elFxNXpiRXZkRXdGQXByQWppMW1hemNGT2JnRW82TlpuTzVmQXciLCJtYWMiOiI4ZTgxODMxOTIyMDdiNDU5NzVjMmRiYjc0ODFlMzg0ZDBhNDMyMzY2N2RmZDYwYzk2ZmI1NzJkMWYzMWM4YjE0IiwidGFnIjoiIn0%3D; expires=Thu, 28-Mar-2024 23:23:59 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IlVIbzZIUkxZdlFFMU1KczE0dDg4Mnc9PSIsInZhbHVlIjoiSUhqT2tzSStESXNXU3crODNOTEtpMDIzeG9PY3hhV3VWTDdjQlY1K092MFlIdzI0WC9Eek9FcitydHoyL3R3TC90QmNiTUtxcENJTTdtbit4Vkt6cGdKNDliNVVhMEZVNVRFRVhwT2h2b296RGNmdHJnY1BkUVZXSVdSRXBFU3YiLCJtYWMiOiJiNzhlMWJiOGIxYzM3MzcxZDY0NDZjNTRhMTYyZDRiZTVmYTY1ODQ4NjI3YzMyZTJmZmZiOGU5NGVjMWZlNTg1IiwidGFnIjoiIn0%3D; expires=Thu, 28-Mar-2024 23:23:59 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
server: cloudflare
cf-ray: 86baaf35bc4e56c0-OSL

hxzgo.neyndish.com/web8socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket

104.21.31.149

0 B

URL
hxzgo.neyndish.com/web8socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket
IP
104.21.31.149:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectneyndish.com
FingerprintB5:4C:D0:A1:03:D1:B3:96:27:1B:50:81:3D:AB:98:90:07:73:0D:9F
ValidityMon, 25 Mar 2024 15:18:55 GMT - Sun, 23 Jun 2024 15:18:54 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /web8socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket HTTP/1.1
Host: hxzgo.neyndish.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://hxzgo.neyndish.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: fI0VYMl7rBNA7nc0aNBS8w==
DNT: 1
Connection: keep-alive, Upgrade
Cookie: XSRF-TOKEN=eyJpdiI6IkxGQnlkYmE0TjVKU1l6MEFZOEQ4enc9PSIsInZhbHVlIjoiQnZVUGRHMjQ0a2g4dG0vYzVXWWJqVWxzcWVDS2JJQXJ2VjJpSjZibkthSUVzK2lpejErOXhVYUV3VmVjM1REeEE4Snh0U2RrTzlwaWE3b3BXZDMvdWY2bWV6RkUzK3B0U3BhQTJobVhqTlEzOGh0VFNLUXozdVVNM2tQOStHanEiLCJtYWMiOiIyZGQwN2JlOWM4NmNhZjk0OTY4NDkzZDhiY2U3OThmYmZiOGRlNmM3YTI0MGIwNjFhOWFmMzA4NTlmZDA4ZGNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlFNblpYbDlJZHBkNFpESFFrUW0zL1E9PSIsInZhbHVlIjoiaEVoQzR3N1VSZStPbXU5RG5idmhsVm55YlU2VDRSZVJzQzV2UGZEaWwvS3dCK3JZR3V1NW96NGxqQjJ2RXg0MWhpbTFpZ3J5Y1I5RloyYWlkYVBvaC9yZSt5WmRYNWJXM2llKzgrTGlVZm9ZVWkzNjFZUkxPNTVvYkhGV2JsdGEiLCJtYWMiOiJmN2ZjNWQ3ZTJmYWI5ZjQzNGU0MWQ2OGRkOGRkMGUyYzc1MjJjM2JjNmM4YmVhNmEzZmI0OTljOTIzNWIyNjk2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Date: Thu, 28 Mar 2024 21:24:01 GMT
Connection: upgrade
Sec-WebSocket-Accept: AM3SVtavnfgchmgZ0tBTcAKPxho=
Upgrade: websocket
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mDifXeNVjqqWiNn%2Bn6Y%2BkI%2FjQv3Kl7xAv1SoRgZP6eGHvOHV0e3SZYA9hyGLnwephNAmu1eU%2BbcirVh%2Bj0vRGI3fUliKSK1NLYGOtanT%2Bi0yVW1EnqZm8hdxeK64PBbPcdr2dlo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 86baaf3f5c8c56a8-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/664191484:1711656948:-JHJODklbriLiz7OA-XIQqNCB_cob_VP1Aqi5QmwpjU/86baaefafe9eb503/e1baa07e3e9f1c3

104.17.3.184

88 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/664191484:1711656948:-JHJODklbriLiz7OA-XIQqNCB_cob_VP1Aqi5QmwpjU/86baaefafe9eb503/e1baa07e3e9f1c3
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (22600), with no line terminators
Size
88 kB (87721 bytes)
Hash
e47ff824477df93c9a26dcd42f5aba17
72e97b0ab0f4c0743f496de911c4cf6652655011
1fa3fdc8ecaf003767af6937c195e01191c49fe6ccbbae528cda84620340cb5d

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/664191484:1711656948:-JHJODklbriLiz7OA-XIQqNCB_cob_VP1Aqi5QmwpjU/86baaefafe9eb503/e1baa07e3e9f1c3 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/jyrft/0x4AAAAAAAVsch-9zO5KwW7-/auto/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: e1baa07e3e9f1c3
Content-Length: 26096
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 28 Mar 2024 21:23:51 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: /1aICoPQie+FhYb5TF0pwTAhP/O0DAP6c8D7kbSD+jvvGOKK1xzOMwhP3v4Tm5hi$EDSlNlKJQk9xLOk0TdeD6w==
server: cloudflare
cf-ray: 86baaf051fc0b503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

hxzgo.neyndish.com/opTeG7zW9x1uhV1mAb4hbv8ufWgFmkEF5R0JP7I7EtqFU9XstZ023xPtplDobx9liBF6dh2bZBb3Occd232

104.21.31.149

200 OK

30 kB

URL GET HTTP/3
hxzgo.neyndish.com/opTeG7zW9x1uhV1mAb4hbv8ufWgFmkEF5R0JP7I7EtqFU9XstZ023xPtplDobx9liBF6dh2bZBb3Occd232
IP
104.21.31.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Certificate
IssuerGoogle Trust Services LLC
Subjectneyndish.com
FingerprintB5:4C:D0:A1:03:D1:B3:96:27:1B:50:81:3D:AB:98:90:07:73:0D:9F
ValidityMon, 25 Mar 2024 15:18:55 GMT - Sun, 23 Jun 2024 15:18:54 GMT

File type
PNG image data, 506 x 303, 8-bit/color RGBA, non-interlaced
Size
30 kB (29796 bytes)
Hash
210433a8774859368f3a7b86d125a2a7
408bacddc39f12cad285579c102fe4a629862d88
9c6addfc339ce1c1d262290ab4cc2de8d38d4b54b11a8e85afd44fbb0acc2561

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /opTeG7zW9x1uhV1mAb4hbv8ufWgFmkEF5R0JP7I7EtqFU9XstZ023xPtplDobx9liBF6dh2bZBb3Occd232 HTTP/1.1
Host: hxzgo.neyndish.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Cookie: XSRF-TOKEN=eyJpdiI6IkxGQnlkYmE0TjVKU1l6MEFZOEQ4enc9PSIsInZhbHVlIjoiQnZVUGRHMjQ0a2g4dG0vYzVXWWJqVWxzcWVDS2JJQXJ2VjJpSjZibkthSUVzK2lpejErOXhVYUV3VmVjM1REeEE4Snh0U2RrTzlwaWE3b3BXZDMvdWY2bWV6RkUzK3B0U3BhQTJobVhqTlEzOGh0VFNLUXozdVVNM2tQOStHanEiLCJtYWMiOiIyZGQwN2JlOWM4NmNhZjk0OTY4NDkzZDhiY2U3OThmYmZiOGRlNmM3YTI0MGIwNjFhOWFmMzA4NTlmZDA4ZGNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlFNblpYbDlJZHBkNFpESFFrUW0zL1E9PSIsInZhbHVlIjoiaEVoQzR3N1VSZStPbXU5RG5idmhsVm55YlU2VDRSZVJzQzV2UGZEaWwvS3dCK3JZR3V1NW96NGxqQjJ2RXg0MWhpbTFpZ3J5Y1I5RloyYWlkYVBvaC9yZSt5WmRYNWJXM2llKzgrTGlVZm9ZVWkzNjFZUkxPNTVvYkhGV2JsdGEiLCJtYWMiOiJmN2ZjNWQ3ZTJmYWI5ZjQzNGU0MWQ2OGRkOGRkMGUyYzc1MjJjM2JjNmM4YmVhNmEzZmI0OTljOTIzNWIyNjk2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 28 Mar 2024 21:24:01 GMT
content-type: image/png
content-length: 29796
content-disposition: inline; filename="opTeG7zW9x1uhV1mAb4hbv8ufWgFmkEF5R0JP7I7EtqFU9XstZ023xPtplDobx9liBF6dh2bZBb3Occd232"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lr0eUxJhKHHuGLV4gFumwbxBW2Wk60uo2CzCEplZCv83cblb1FysMXWAbJapdegMCOUX8e3pDITS84K1YbkOuPnD%2F55swH4TpX0ex5Hd4lhjUkXryGHrheWirHh0OA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server: cloudflare
cf-ray: 86baaf3e3d1656c0-OSL

hxzgo.neyndish.com/5647eu7qcdd3vxJ8920

104.21.31.149

200 OK

6.9 kB

URL GET HTTP/3
hxzgo.neyndish.com/5647eu7qcdd3vxJ8920
IP
104.21.31.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Certificate
IssuerGoogle Trust Services LLC
Subjectneyndish.com
FingerprintB5:4C:D0:A1:03:D1:B3:96:27:1B:50:81:3D:AB:98:90:07:73:0D:9F
ValidityMon, 25 Mar 2024 15:18:55 GMT - Sun, 23 Jun 2024 15:18:54 GMT

File type
ASCII text, with very long lines (23398), with no line terminators
Size
6.9 kB (6912 bytes)
Hash
c1c51d30d5e7094136f2d828349e520f
10ae8971ad7a8798bc9732707fe4896b57541557
0c55057782e3b346c2b819574bfa916852bc8ac5bb4e01d56e8fbffc22043c98

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /5647eu7qcdd3vxJ8920 HTTP/1.1
Host: hxzgo.neyndish.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Cookie: XSRF-TOKEN=eyJpdiI6IkxGQnlkYmE0TjVKU1l6MEFZOEQ4enc9PSIsInZhbHVlIjoiQnZVUGRHMjQ0a2g4dG0vYzVXWWJqVWxzcWVDS2JJQXJ2VjJpSjZibkthSUVzK2lpejErOXhVYUV3VmVjM1REeEE4Snh0U2RrTzlwaWE3b3BXZDMvdWY2bWV6RkUzK3B0U3BhQTJobVhqTlEzOGh0VFNLUXozdVVNM2tQOStHanEiLCJtYWMiOiIyZGQwN2JlOWM4NmNhZjk0OTY4NDkzZDhiY2U3OThmYmZiOGRlNmM3YTI0MGIwNjFhOWFmMzA4NTlmZDA4ZGNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlFNblpYbDlJZHBkNFpESFFrUW0zL1E9PSIsInZhbHVlIjoiaEVoQzR3N1VSZStPbXU5RG5idmhsVm55YlU2VDRSZVJzQzV2UGZEaWwvS3dCK3JZR3V1NW96NGxqQjJ2RXg0MWhpbTFpZ3J5Y1I5RloyYWlkYVBvaC9yZSt5WmRYNWJXM2llKzgrTGlVZm9ZVWkzNjFZUkxPNTVvYkhGV2JsdGEiLCJtYWMiOiJmN2ZjNWQ3ZTJmYWI5ZjQzNGU0MWQ2OGRkOGRkMGUyYzc1MjJjM2JjNmM4YmVhNmEzZmI0OTljOTIzNWIyNjk2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 28 Mar 2024 21:24:00 GMT
content-type: text/css;charset=UTF-8
content-disposition: inline; filename="5647eu7qcdd3vxJ8920"
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VuELqR2TEp%2BsomkCG2VnJSMcfXCxxGF%2FhrRITU%2BEFzf%2Fu62EMwFZIu1IRA2wmeXjnBmVQN46UeDZyaONfXEEHdTuNnKrTd28YQ1m8EVdRgBKQ%2F8lpXSVRka4bSoe2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server: cloudflare
cf-ray: 86baaf3dfce256c0-OSL
content-encoding: br

hxzgo.neyndish.com/efO5a7bjLdr96v78T3JkyvPmn96

104.21.31.149

200 OK

93 kB

URL GET HTTP/3
hxzgo.neyndish.com/efO5a7bjLdr96v78T3JkyvPmn96
IP
104.21.31.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Certificate
IssuerGoogle Trust Services LLC
Subjectneyndish.com
FingerprintB5:4C:D0:A1:03:D1:B3:96:27:1B:50:81:3D:AB:98:90:07:73:0D:9F
ValidityMon, 25 Mar 2024 15:18:55 GMT - Sun, 23 Jun 2024 15:18:54 GMT

File type
Web Open Font Format (Version 2), TrueType, length 93276, version 1.0
Size
93 kB (93276 bytes)
Hash
bcd7983ea5aa57c55f6758b4977983cb
ef3a009e205229e07fb0ec8569e669b11c378ef1
6528a0bf9a836a53dfd8536e1786ba6831c9d1faa74967126fddf5b2081b858c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /efO5a7bjLdr96v78T3JkyvPmn96 HTTP/1.1
Host: hxzgo.neyndish.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkxGQnlkYmE0TjVKU1l6MEFZOEQ4enc9PSIsInZhbHVlIjoiQnZVUGRHMjQ0a2g4dG0vYzVXWWJqVWxzcWVDS2JJQXJ2VjJpSjZibkthSUVzK2lpejErOXhVYUV3VmVjM1REeEE4Snh0U2RrTzlwaWE3b3BXZDMvdWY2bWV6RkUzK3B0U3BhQTJobVhqTlEzOGh0VFNLUXozdVVNM2tQOStHanEiLCJtYWMiOiIyZGQwN2JlOWM4NmNhZjk0OTY4NDkzZDhiY2U3OThmYmZiOGRlNmM3YTI0MGIwNjFhOWFmMzA4NTlmZDA4ZGNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlFNblpYbDlJZHBkNFpESFFrUW0zL1E9PSIsInZhbHVlIjoiaEVoQzR3N1VSZStPbXU5RG5idmhsVm55YlU2VDRSZVJzQzV2UGZEaWwvS3dCK3JZR3V1NW96NGxqQjJ2RXg0MWhpbTFpZ3J5Y1I5RloyYWlkYVBvaC9yZSt5WmRYNWJXM2llKzgrTGlVZm9ZVWkzNjFZUkxPNTVvYkhGV2JsdGEiLCJtYWMiOiJmN2ZjNWQ3ZTJmYWI5ZjQzNGU0MWQ2OGRkOGRkMGUyYzc1MjJjM2JjNmM4YmVhNmEzZmI0OTljOTIzNWIyNjk2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 28 Mar 2024 21:24:01 GMT
content-type: font/woff2
content-length: 93276
content-disposition: inline; filename="efO5a7bjLdr96v78T3JkyvPmn96"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1lkJ3BCLlZRkHUIoCceIz1ga8GXLFS5PRJYmo0N1rlzypZ2xUIYhr8TDcShujLfL7ax4i5DJdB7PdYvdpGxj5wVFneXxvqayckVdvbJiOBj4Ee8E79mwK1QjOTCvNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server: cloudflare
cf-ray: 86baaf3e1cfc56c0-OSL

hxzgo.neyndish.com/ghP7weh9X0dIQnDqGnEQlRf5xrQjJWtmn5dPolmZSAS3Ds7XsEFRApDXajTnYY6k12210

104.21.31.149

200 OK

50 kB

URL GET HTTP/3
hxzgo.neyndish.com/ghP7weh9X0dIQnDqGnEQlRf5xrQjJWtmn5dPolmZSAS3Ds7XsEFRApDXajTnYY6k12210
IP
104.21.31.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Certificate
IssuerGoogle Trust Services LLC
Subjectneyndish.com
FingerprintB5:4C:D0:A1:03:D1:B3:96:27:1B:50:81:3D:AB:98:90:07:73:0D:9F
ValidityMon, 25 Mar 2024 15:18:55 GMT - Sun, 23 Jun 2024 15:18:54 GMT

File type
PNG image data, 2160 x 443, 8-bit/color RGBA, non-interlaced
Size
50 kB (49602 bytes)
Hash
db783743cd246ff4d77f4a3694285989
b9466716904457641b7831868b47162d8d378d41
5913b1ec0fc58ab2bec576804b9e9b566a584ea3d21a1bf74a7b40051a447fdc

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /ghP7weh9X0dIQnDqGnEQlRf5xrQjJWtmn5dPolmZSAS3Ds7XsEFRApDXajTnYY6k12210 HTTP/1.1
Host: hxzgo.neyndish.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Cookie: XSRF-TOKEN=eyJpdiI6IkxGQnlkYmE0TjVKU1l6MEFZOEQ4enc9PSIsInZhbHVlIjoiQnZVUGRHMjQ0a2g4dG0vYzVXWWJqVWxzcWVDS2JJQXJ2VjJpSjZibkthSUVzK2lpejErOXhVYUV3VmVjM1REeEE4Snh0U2RrTzlwaWE3b3BXZDMvdWY2bWV6RkUzK3B0U3BhQTJobVhqTlEzOGh0VFNLUXozdVVNM2tQOStHanEiLCJtYWMiOiIyZGQwN2JlOWM4NmNhZjk0OTY4NDkzZDhiY2U3OThmYmZiOGRlNmM3YTI0MGIwNjFhOWFmMzA4NTlmZDA4ZGNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlFNblpYbDlJZHBkNFpESFFrUW0zL1E9PSIsInZhbHVlIjoiaEVoQzR3N1VSZStPbXU5RG5idmhsVm55YlU2VDRSZVJzQzV2UGZEaWwvS3dCK3JZR3V1NW96NGxqQjJ2RXg0MWhpbTFpZ3J5Y1I5RloyYWlkYVBvaC9yZSt5WmRYNWJXM2llKzgrTGlVZm9ZVWkzNjFZUkxPNTVvYkhGV2JsdGEiLCJtYWMiOiJmN2ZjNWQ3ZTJmYWI5ZjQzNGU0MWQ2OGRkOGRkMGUyYzc1MjJjM2JjNmM4YmVhNmEzZmI0OTljOTIzNWIyNjk2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 28 Mar 2024 21:24:01 GMT
content-type: image/png
content-length: 49602
content-disposition: inline; filename="ghP7weh9X0dIQnDqGnEQlRf5xrQjJWtmn5dPolmZSAS3Ds7XsEFRApDXajTnYY6k12210"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FrWV%2FZvhNJJflrrtJGfSo%2BEnsfGjghvopz26VegwMwNq91gL7PFrHMM6%2BmAB0kiaPQVconGVm%2FL%2Fj5s9RoRdORMEBiOHFrK2FsF0ZfrwwrtNJdbugDDdqKfnN6lXig%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server: cloudflare
cf-ray: 86baaf3e3d1456c0-OSL

hxzgo.neyndish.com/89pIsj6CcZlBQupeRL67cdZlxRc7NGW5ab80

104.21.31.149

200 OK

44 kB

URL GET HTTP/3
hxzgo.neyndish.com/89pIsj6CcZlBQupeRL67cdZlxRc7NGW5ab80
IP
104.21.31.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Certificate
IssuerGoogle Trust Services LLC
Subjectneyndish.com
FingerprintB5:4C:D0:A1:03:D1:B3:96:27:1B:50:81:3D:AB:98:90:07:73:0D:9F
ValidityMon, 25 Mar 2024 15:18:55 GMT - Sun, 23 Jun 2024 15:18:54 GMT

File type
Web Open Font Format (Version 2), TrueType, length 43596, version 1.0
Size
44 kB (43596 bytes)
Hash
2a05e9e5572abc320b2b7ea38a70dcc1
d5fa2a856d5632c2469e42436159375117ef3c35
3efcb941aaddaf4aea08dab3fb97d3e904aa1b83264e64b4d5bda53bc7c798ec

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /89pIsj6CcZlBQupeRL67cdZlxRc7NGW5ab80 HTTP/1.1
Host: hxzgo.neyndish.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkxGQnlkYmE0TjVKU1l6MEFZOEQ4enc9PSIsInZhbHVlIjoiQnZVUGRHMjQ0a2g4dG0vYzVXWWJqVWxzcWVDS2JJQXJ2VjJpSjZibkthSUVzK2lpejErOXhVYUV3VmVjM1REeEE4Snh0U2RrTzlwaWE3b3BXZDMvdWY2bWV6RkUzK3B0U3BhQTJobVhqTlEzOGh0VFNLUXozdVVNM2tQOStHanEiLCJtYWMiOiIyZGQwN2JlOWM4NmNhZjk0OTY4NDkzZDhiY2U3OThmYmZiOGRlNmM3YTI0MGIwNjFhOWFmMzA4NTlmZDA4ZGNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlFNblpYbDlJZHBkNFpESFFrUW0zL1E9PSIsInZhbHVlIjoiaEVoQzR3N1VSZStPbXU5RG5idmhsVm55YlU2VDRSZVJzQzV2UGZEaWwvS3dCK3JZR3V1NW96NGxqQjJ2RXg0MWhpbTFpZ3J5Y1I5RloyYWlkYVBvaC9yZSt5WmRYNWJXM2llKzgrTGlVZm9ZVWkzNjFZUkxPNTVvYkhGV2JsdGEiLCJtYWMiOiJmN2ZjNWQ3ZTJmYWI5ZjQzNGU0MWQ2OGRkOGRkMGUyYzc1MjJjM2JjNmM4YmVhNmEzZmI0OTljOTIzNWIyNjk2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 28 Mar 2024 21:24:01 GMT
content-type: font/woff2
content-length: 43596
content-disposition: inline; filename="89pIsj6CcZlBQupeRL67cdZlxRc7NGW5ab80"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uxpC9rIBZ%2F6e%2F7AfmTT0LKYqdS7O4fco9%2FT4%2BYcr7yv7pcAUJP%2BGjb8nmO5DZw4L%2BJBZqc9kgMR8qCChbOfksCRvbQeGl%2BmqhcS8bpIttoxonNEWeO2FLawYJLIeig%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server: cloudflare
cf-ray: 86baaf3e1cfb56c0-OSL

hxzgo.neyndish.com/452yJ0NbpTeXV5abXeVpQevw61

104.21.31.149

200 OK

37 kB

URL GET HTTP/3
hxzgo.neyndish.com/452yJ0NbpTeXV5abXeVpQevw61
IP
104.21.31.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Certificate
IssuerGoogle Trust Services LLC
Subjectneyndish.com
FingerprintB5:4C:D0:A1:03:D1:B3:96:27:1B:50:81:3D:AB:98:90:07:73:0D:9F
ValidityMon, 25 Mar 2024 15:18:55 GMT - Sun, 23 Jun 2024 15:18:54 GMT

File type
Web Open Font Format, TrueType, length 36696, version 1.0
Size
37 kB (36696 bytes)
Hash
a69e9ab8afdd7486ec0749c551051ff2
c34e6aa327b536fb48d1fe03577a47c7ee2231b8
fd78a1913db912221b8ead1e62fad47d1ff0a9fa6cd88d3b128a721ad91d2faf

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /452yJ0NbpTeXV5abXeVpQevw61 HTTP/1.1
Host: hxzgo.neyndish.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkxGQnlkYmE0TjVKU1l6MEFZOEQ4enc9PSIsInZhbHVlIjoiQnZVUGRHMjQ0a2g4dG0vYzVXWWJqVWxzcWVDS2JJQXJ2VjJpSjZibkthSUVzK2lpejErOXhVYUV3VmVjM1REeEE4Snh0U2RrTzlwaWE3b3BXZDMvdWY2bWV6RkUzK3B0U3BhQTJobVhqTlEzOGh0VFNLUXozdVVNM2tQOStHanEiLCJtYWMiOiIyZGQwN2JlOWM4NmNhZjk0OTY4NDkzZDhiY2U3OThmYmZiOGRlNmM3YTI0MGIwNjFhOWFmMzA4NTlmZDA4ZGNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlFNblpYbDlJZHBkNFpESFFrUW0zL1E9PSIsInZhbHVlIjoiaEVoQzR3N1VSZStPbXU5RG5idmhsVm55YlU2VDRSZVJzQzV2UGZEaWwvS3dCK3JZR3V1NW96NGxqQjJ2RXg0MWhpbTFpZ3J5Y1I5RloyYWlkYVBvaC9yZSt5WmRYNWJXM2llKzgrTGlVZm9ZVWkzNjFZUkxPNTVvYkhGV2JsdGEiLCJtYWMiOiJmN2ZjNWQ3ZTJmYWI5ZjQzNGU0MWQ2OGRkOGRkMGUyYzc1MjJjM2JjNmM4YmVhNmEzZmI0OTljOTIzNWIyNjk2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 28 Mar 2024 21:24:01 GMT
content-type: font/woff
content-length: 36696
content-disposition: inline; filename="452yJ0NbpTeXV5abXeVpQevw61"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZD35aZ5%2FaU4H7B5yb%2B46ccPxbtqizuqV49kHhLzlu0ZwAAZBmWyCRRIcAXQ2K%2FhZbjbTPl3thHbZSwZz3G7mCRVE%2B72PHgWYiMKWBpptTVgtn70LZXPLKTObi95bKw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server: cloudflare
cf-ray: 86baaf3e1cfa56c0-OSL

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/jyrft/0x4AAAAAAAVsch-9zO5KwW7-/auto/normal

104.17.3.184

369 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/jyrft/0x4AAAAAAAVsch-9zO5KwW7-/auto/normal
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (41919)
Size
369 kB (368699 bytes)
Hash
a9f10187faba06d281055d1dd3a07300
e3cb40762178572e715617250679eabd44453a9b
aec1579035100bb7f16791c17d9fd57d547dd82aafe94ea45fb0e3a600507659

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/jyrft/0x4AAAAAAAVsch-9zO5KwW7-/auto/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hxzgo.neyndish.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 28 Mar 2024 21:23:49 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
document-policy: js-profiling
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare
cf-ray: 86baaefafe9eb503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

httpbin.org/ip

52.201.199.27

200 OK

31 B

URL GET HTTP/2
httpbin.org/ip
IP
52.201.199.27:443
ASN
#14618 AMAZON-AES

Requested by
https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Certificate
IssuerAmazon
Subjecthttpbin.org
Fingerprint14:0C:C7:A8:EC:FA:7F:9C:9D:D2:B8:7E:C9:B8:93:3A:A1:11:F6:01
ValidityThu, 21 Sep 2023 00:00:00 GMT - Fri, 18 Oct 2024 23:59:59 GMT

File type
JSON text data
Size
31 B (31 bytes)
Hash
421fbb31f37428f936586985bd35b7ef
df617524b5cf0200e58b7ed3ce98c102fb952ca4
f0c09e029405dd8f7f6574163ea5018413c7e621b7a69e6fb2ee223efdc32ddf

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /ip HTTP/1.1
Host: httpbin.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hxzgo.neyndish.com
DNT: 1
Connection: keep-alive
Referer: https://hxzgo.neyndish.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 28 Mar 2024 21:24:03 GMT
content-type: application/json
content-length: 31
server: gunicorn/19.9.0
access-control-allow-origin: https://hxzgo.neyndish.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2

hxzgo.neyndish.com/kilMOFHzsxVrsIYyNytBdbZMPaW5MCSzdb9TyIT3fkLZFgkti

104.21.31.149

200 OK

1 B

URL POST HTTP/3
hxzgo.neyndish.com/kilMOFHzsxVrsIYyNytBdbZMPaW5MCSzdb9TyIT3fkLZFgkti
IP
104.21.31.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Certificate
IssuerGoogle Trust Services LLC
Subjectneyndish.com
FingerprintB5:4C:D0:A1:03:D1:B3:96:27:1B:50:81:3D:AB:98:90:07:73:0D:9F
ValidityMon, 25 Mar 2024 15:18:55 GMT - Sun, 23 Jun 2024 15:18:54 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

POST /kilMOFHzsxVrsIYyNytBdbZMPaW5MCSzdb9TyIT3fkLZFgkti HTTP/1.1
Host: hxzgo.neyndish.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 165
Origin: https://hxzgo.neyndish.com
DNT: 1
Connection: keep-alive
Referer: https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Cookie: XSRF-TOKEN=eyJpdiI6InIzRnRjRnZ6MnVRc2k3eGJ0SzNZWlE9PSIsInZhbHVlIjoiK1l4MHluNmU5S05qbkoyZ1ZTMDkzbk1ZYi9KL0cyMklBMHU4MkZ6aFo4cE1ST0xPZGxNZk9hN1A1aXA5bWp1UnZVOTNPMEhwemt1Tmdmb2JPS0ZIU21KYVl5NmdoQmJUbFN6Vm53K0EwZnprdmNDMnhXY01NZUVnNURyUlU1bU4iLCJtYWMiOiIwNGQ2ZDNhYmExYWY4MGU1ZDM3OTJjYWU2ZDgwMzA1MDEyZDU1ZWM5NDg2ZTA4ZDQyOTdlOWIxMjhkMjkzZTA5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ilg4K09tcmI2aitkNVdKQ1NBMEZKNWc9PSIsInZhbHVlIjoiYjNWV29POXdBdmhZRkh6OFdiZXJtSjZSTzM4amFVdmRNVkJaWDBnYjBCQjRTYS9WcWlUb2ZFMEozMHNYYm93ZGNZSmpzVjhYdTdMYmx1VVBwUDNFdklJaDBPWTdQa2pueEdqOHdOYm9CeFFCOHU2VWJlVVdnUUM5VUZWQ0lPc3IiLCJtYWMiOiI2NmE5N2I4ZjQyZDI0NmJiMjIxMThiNTY2OTQyMGUzODQyMTkxNWI5OTBlMGIxMWQ0MmYzOTI2MWY3MTE3ZTAxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 28 Mar 2024 21:24:07 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xCYk3OCV99ufNbcaKV6YW4HPymEWAzjdxnmjAKgFxY%2BG2byTzZUyPGEYgE8oAORpYehp6QgUjzkZqNlvtlFR2hvAuTJE%2BIj2LtqdADRwoSFPrcWDg6twTUEd4MREhg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6IktxYU9ISkdZS2NFZlJHRUdYbld1U2c9PSIsInZhbHVlIjoid2lncStFdGFJK0FONWFReUQveDRIck9XUy83aGV1eU9tWGpCLzVMTWRObUM5VjNabUUxdVh6S2Z2VU1FSCt6RExvdTN2djFKNG1rRDZrdExpa2hSUmRscmRqT3ZlUU1Md1lsbk56QVJlTlVRbk5QZjh6bGJWZ3ZoOHRVeFJQV1IiLCJtYWMiOiIxMzY4ODhkNzJlNmIxMmVjNDA1NzY3ODI4ZWI0ZTkzZjg5YmExNmNjNWVjZjYzMzBjZGI1MDJlYTIyODQ0MDAxIiwidGFnIjoiIn0%3D; expires=Thu, 28-Mar-2024 23:24:07 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6ImswRjN5L1hBa2h0d1E5bjk5VllCRUE9PSIsInZhbHVlIjoiNENGdHNTYlVDc2cyZjJjVGVaVG5SUSs2SXh0cWpkUGJUUjNPcEpab0cwVU13emg0bmRYd3lwMGFlbW9HSzc4UmJsRVY1OTNMelhNVThVNkMxTzFnSTVXZWpBWU00NEZqL3ZLM250Q2Jkb0FmVWpIaWFGZVlUSEhOQWtpcko2SnEiLCJtYWMiOiI5NTQ0NjU5ZjU1MWI5ZTU1YTYyN2MyZDlkYjY2NWE1MTQ4YjA4MjZkNDE1NjI2YTNmNzg5YTk3MWQzZGEwYTIxIiwidGFnIjoiIn0%3D; expires=Thu, 28-Mar-2024 23:24:07 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
server: cloudflare
cf-ray: 86baaf69fc4c56c0-OSL
content-encoding: br

hxzgo.neyndish.com/mn0Re7sdel4MppZQSZThNVopPmvHqu1JGxedDZIdt1klxjYkfidUTFU0OrU3Fke2BUouv220

104.21.31.149

200 OK

1.9 kB

URL GET HTTP/3
hxzgo.neyndish.com/mn0Re7sdel4MppZQSZThNVopPmvHqu1JGxedDZIdt1klxjYkfidUTFU0OrU3Fke2BUouv220
IP
104.21.31.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Certificate
IssuerGoogle Trust Services LLC
Subjectneyndish.com
FingerprintB5:4C:D0:A1:03:D1:B3:96:27:1B:50:81:3D:AB:98:90:07:73:0D:9F
ValidityMon, 25 Mar 2024 15:18:55 GMT - Sun, 23 Jun 2024 15:18:54 GMT

File type
SVG Scalable Vector Graphics image
Size
1.9 kB (1864 bytes)
Hash
4b5c228b4faba433d06ec569ed855b2d
a7d3882b93e332460e7c59510a6a811ef011983f
eb19d76cd1fad39abf0f2778991883a5cf9ff560117ce8f7c64124e71471b4ed

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /mn0Re7sdel4MppZQSZThNVopPmvHqu1JGxedDZIdt1klxjYkfidUTFU0OrU3Fke2BUouv220 HTTP/1.1
Host: hxzgo.neyndish.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Cookie: XSRF-TOKEN=eyJpdiI6IkxGQnlkYmE0TjVKU1l6MEFZOEQ4enc9PSIsInZhbHVlIjoiQnZVUGRHMjQ0a2g4dG0vYzVXWWJqVWxzcWVDS2JJQXJ2VjJpSjZibkthSUVzK2lpejErOXhVYUV3VmVjM1REeEE4Snh0U2RrTzlwaWE3b3BXZDMvdWY2bWV6RkUzK3B0U3BhQTJobVhqTlEzOGh0VFNLUXozdVVNM2tQOStHanEiLCJtYWMiOiIyZGQwN2JlOWM4NmNhZjk0OTY4NDkzZDhiY2U3OThmYmZiOGRlNmM3YTI0MGIwNjFhOWFmMzA4NTlmZDA4ZGNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlFNblpYbDlJZHBkNFpESFFrUW0zL1E9PSIsInZhbHVlIjoiaEVoQzR3N1VSZStPbXU5RG5idmhsVm55YlU2VDRSZVJzQzV2UGZEaWwvS3dCK3JZR3V1NW96NGxqQjJ2RXg0MWhpbTFpZ3J5Y1I5RloyYWlkYVBvaC9yZSt5WmRYNWJXM2llKzgrTGlVZm9ZVWkzNjFZUkxPNTVvYkhGV2JsdGEiLCJtYWMiOiJmN2ZjNWQ3ZTJmYWI5ZjQzNGU0MWQ2OGRkOGRkMGUyYzc1MjJjM2JjNmM4YmVhNmEzZmI0OTljOTIzNWIyNjk2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 28 Mar 2024 21:24:01 GMT
content-type: image/svg+xml
content-disposition: inline; filename="mn0Re7sdel4MppZQSZThNVopPmvHqu1JGxedDZIdt1klxjYkfidUTFU0OrU3Fke2BUouv220"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pObEWPMTyj6%2BIDaip%2BvswibiC8retdBVkhYxTKPv9AaJ5aS%2BpyKfAqctEKv100ftB8i288W8t12acHsF%2FkjwIZx8Thg5K9hzUEsxqFq3o72WU6qCowek9zCc8GwQ9g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server: cloudflare
cf-ray: 86baaf42191356c0-OSL
content-encoding: br

www.gstatic.com/recaptcha/releases/Hq4JZivTyQ7GP8Kt571Tzodj/recaptcha__en.js

142.250.74.35

200 OK

508 kB

URL GET HTTP/2
www.gstatic.com/recaptcha/releases/Hq4JZivTyQ7GP8Kt571Tzodj/recaptcha__en.js
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF3:56:10:42:A8:3C:BF:F5:89:9C:4C:C0:F8:E3:DC:C4:1C:E9:34:9E
ValidityMon, 26 Feb 2024 08:18:21 GMT - Mon, 20 May 2024 08:18:20 GMT

File type
JavaScript source, ASCII text, with very long lines (730)
Size
508 kB (507756 bytes)
Hash
6afd58bec95bc166d3c68166f86e9e67
9523c602a5d5610332785397cd26d3b9e18873ab
9368f8ab141b9545a2b9e279abe8fef65a60091050ebeab9b63dd4c1bd0d38e1

HTTP Headers

GET /recaptcha/releases/Hq4JZivTyQ7GP8Kt571Tzodj/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hxzgo.neyndish.com
DNT: 1
Connection: keep-alive
Referer: https://hxzgo.neyndish.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 202152
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 28 Mar 2024 17:28:02 GMT
expires: Fri, 28 Mar 2025 17:28:02 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 19 Mar 2024 18:14:50 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 14159
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

hxzgo.neyndish.com/web8socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket

104.21.31.149

101 Switching Protocols

0 B

URL GET HTTP/1.1
hxzgo.neyndish.com/web8socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket
IP
104.21.31.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Certificate
IssuerGoogle Trust Services LLC
Subjectneyndish.com
FingerprintB5:4C:D0:A1:03:D1:B3:96:27:1B:50:81:3D:AB:98:90:07:73:0D:9F
ValidityMon, 25 Mar 2024 15:18:55 GMT - Sun, 23 Jun 2024 15:18:54 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /web8socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket HTTP/1.1
Host: hxzgo.neyndish.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://hxzgo.neyndish.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: fI0VYMl7rBNA7nc0aNBS8w==
DNT: 1
Connection: keep-alive, Upgrade
Cookie: XSRF-TOKEN=eyJpdiI6IkxGQnlkYmE0TjVKU1l6MEFZOEQ4enc9PSIsInZhbHVlIjoiQnZVUGRHMjQ0a2g4dG0vYzVXWWJqVWxzcWVDS2JJQXJ2VjJpSjZibkthSUVzK2lpejErOXhVYUV3VmVjM1REeEE4Snh0U2RrTzlwaWE3b3BXZDMvdWY2bWV6RkUzK3B0U3BhQTJobVhqTlEzOGh0VFNLUXozdVVNM2tQOStHanEiLCJtYWMiOiIyZGQwN2JlOWM4NmNhZjk0OTY4NDkzZDhiY2U3OThmYmZiOGRlNmM3YTI0MGIwNjFhOWFmMzA4NTlmZDA4ZGNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlFNblpYbDlJZHBkNFpESFFrUW0zL1E9PSIsInZhbHVlIjoiaEVoQzR3N1VSZStPbXU5RG5idmhsVm55YlU2VDRSZVJzQzV2UGZEaWwvS3dCK3JZR3V1NW96NGxqQjJ2RXg0MWhpbTFpZ3J5Y1I5RloyYWlkYVBvaC9yZSt5WmRYNWJXM2llKzgrTGlVZm9ZVWkzNjFZUkxPNTVvYkhGV2JsdGEiLCJtYWMiOiJmN2ZjNWQ3ZTJmYWI5ZjQzNGU0MWQ2OGRkOGRkMGUyYzc1MjJjM2JjNmM4YmVhNmEzZmI0OTljOTIzNWIyNjk2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Date: Thu, 28 Mar 2024 21:24:01 GMT
Connection: upgrade
Sec-WebSocket-Accept: AM3SVtavnfgchmgZ0tBTcAKPxho=
Upgrade: websocket
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mDifXeNVjqqWiNn%2Bn6Y%2BkI%2FjQv3Kl7xAv1SoRgZP6eGHvOHV0e3SZYA9hyGLnwephNAmu1eU%2BbcirVh%2Bj0vRGI3fUliKSK1NLYGOtanT%2Bi0yVW1EnqZm8hdxeK64PBbPcdr2dlo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 86baaf3f5c8c56a8-OSL
alt-svc: h3=":443"; ma=86400

hxzgo.neyndish.com/563v3sxKQecMpkVCpieC7Agh3KjuK3D90YluXq67104

104.21.31.149

200 OK

110 kB

URL GET HTTP/3
hxzgo.neyndish.com/563v3sxKQecMpkVCpieC7Agh3KjuK3D90YluXq67104
IP
104.21.31.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Certificate
IssuerGoogle Trust Services LLC
Subjectneyndish.com
FingerprintB5:4C:D0:A1:03:D1:B3:96:27:1B:50:81:3D:AB:98:90:07:73:0D:9F
ValidityMon, 25 Mar 2024 15:18:55 GMT - Sun, 23 Jun 2024 15:18:54 GMT

File type

Size
110 kB (109964 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /563v3sxKQecMpkVCpieC7Agh3KjuK3D90YluXq67104 HTTP/1.1
Host: hxzgo.neyndish.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Cookie: XSRF-TOKEN=eyJpdiI6IkxGQnlkYmE0TjVKU1l6MEFZOEQ4enc9PSIsInZhbHVlIjoiQnZVUGRHMjQ0a2g4dG0vYzVXWWJqVWxzcWVDS2JJQXJ2VjJpSjZibkthSUVzK2lpejErOXhVYUV3VmVjM1REeEE4Snh0U2RrTzlwaWE3b3BXZDMvdWY2bWV6RkUzK3B0U3BhQTJobVhqTlEzOGh0VFNLUXozdVVNM2tQOStHanEiLCJtYWMiOiIyZGQwN2JlOWM4NmNhZjk0OTY4NDkzZDhiY2U3OThmYmZiOGRlNmM3YTI0MGIwNjFhOWFmMzA4NTlmZDA4ZGNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlFNblpYbDlJZHBkNFpESFFrUW0zL1E9PSIsInZhbHVlIjoiaEVoQzR3N1VSZStPbXU5RG5idmhsVm55YlU2VDRSZVJzQzV2UGZEaWwvS3dCK3JZR3V1NW96NGxqQjJ2RXg0MWhpbTFpZ3J5Y1I5RloyYWlkYVBvaC9yZSt5WmRYNWJXM2llKzgrTGlVZm9ZVWkzNjFZUkxPNTVvYkhGV2JsdGEiLCJtYWMiOiJmN2ZjNWQ3ZTJmYWI5ZjQzNGU0MWQ2OGRkOGRkMGUyYzc1MjJjM2JjNmM4YmVhNmEzZmI0OTljOTIzNWIyNjk2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 28 Mar 2024 21:24:00 GMT
content-type: application/javascript
content-disposition: inline; filename="563v3sxKQecMpkVCpieC7Agh3KjuK3D90YluXq67104"
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q%2F%2BNJ7J%2FZ1QCyUdYZqIcd1b%2Fkqmju%2F%2Bws5AIFtshazHhXo96fAXW%2B1yf7kgpUPqMirD7vW4it1b%2F3xXZVxV2jv4vdlRo6m%2FbB8EvLR0ki%2FEX4N0pkw%2FDFis89tal1w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server: cloudflare
cf-ray: 86baaf3e3d1c56c0-OSL
content-encoding: br

ipapi.co/91.90.42.154/json/

172.67.69.226

200 OK

742 B

URL GET HTTP/2
ipapi.co/91.90.42.154/json/
IP
172.67.69.226:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Certificate
IssuerLet's Encrypt
Subjectipapi.co
FingerprintF4:65:F9:9B:26:CD:26:53:C7:F0:24:4D:F3:3B:E2:8E:8F:8F:60:D7
ValiditySat, 09 Mar 2024 17:29:09 GMT - Fri, 07 Jun 2024 17:29:08 GMT

File type
ASCII text, with very long lines (868), with no line terminators
Size
742 B (742 bytes)
Hash
b0f15dce162c5908225c370af069f23e
6dd28693c13de5fa6e5064491e27100654c8dc63
94d4545e91c9ecd9c1bc0360939683773bb02ed3b79b92072444ddb12925eb57

HTTP Headers

GET /91.90.42.154/json/ HTTP/1.1
Host: ipapi.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hxzgo.neyndish.com/
Origin: https://hxzgo.neyndish.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 28 Mar 2024 21:24:03 GMT
content-type: application/json
allow: GET, OPTIONS, OPTIONS, HEAD, POST
x-frame-options: DENY
vary: Host, origin
access-control-allow-origin: https://hxzgo.neyndish.com
x-content-type-options: nosniff
referrer-policy: same-origin
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yVm2o5F7f472TJBQKM6B7dTHjbzmtZBOTtLpXujHNjlQmQTxFAfgeG3%2B%2FT6abjfrm3idf3dhV%2FmNmcZ34aAHgLWAsAiItWfmSQ2gHy%2BPkQWdSIr3ry79ZmV3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 86baaf510d67b50b-OSL
content-encoding: br
X-Firefox-Spdy: h2

hxzgo.neyndish.com/yzxkcM3R4q1ekBAxD5woZr4sx1fYbm8xrDWmneyAskTxzEZ8xWISqclXPVhkab180

104.21.31.149

200 OK

2.9 kB

URL GET HTTP/3
hxzgo.neyndish.com/yzxkcM3R4q1ekBAxD5woZr4sx1fYbm8xrDWmneyAskTxzEZ8xWISqclXPVhkab180
IP
104.21.31.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Certificate
IssuerGoogle Trust Services LLC
Subjectneyndish.com
FingerprintB5:4C:D0:A1:03:D1:B3:96:27:1B:50:81:3D:AB:98:90:07:73:0D:9F
ValidityMon, 25 Mar 2024 15:18:55 GMT - Sun, 23 Jun 2024 15:18:54 GMT

File type
SVG Scalable Vector Graphics image
Size
2.9 kB (2905 bytes)
Hash
e924de0d471df54b6280f3dc8b187cb8
857f03226070b502a9e06b4249710ec10be4c9e9
24ce135a31ce83ac3d62471fcc0e1a82ce6f1533c993ee59ca4e110d5f2fae33

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /yzxkcM3R4q1ekBAxD5woZr4sx1fYbm8xrDWmneyAskTxzEZ8xWISqclXPVhkab180 HTTP/1.1
Host: hxzgo.neyndish.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Cookie: XSRF-TOKEN=eyJpdiI6IkxGQnlkYmE0TjVKU1l6MEFZOEQ4enc9PSIsInZhbHVlIjoiQnZVUGRHMjQ0a2g4dG0vYzVXWWJqVWxzcWVDS2JJQXJ2VjJpSjZibkthSUVzK2lpejErOXhVYUV3VmVjM1REeEE4Snh0U2RrTzlwaWE3b3BXZDMvdWY2bWV6RkUzK3B0U3BhQTJobVhqTlEzOGh0VFNLUXozdVVNM2tQOStHanEiLCJtYWMiOiIyZGQwN2JlOWM4NmNhZjk0OTY4NDkzZDhiY2U3OThmYmZiOGRlNmM3YTI0MGIwNjFhOWFmMzA4NTlmZDA4ZGNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlFNblpYbDlJZHBkNFpESFFrUW0zL1E9PSIsInZhbHVlIjoiaEVoQzR3N1VSZStPbXU5RG5idmhsVm55YlU2VDRSZVJzQzV2UGZEaWwvS3dCK3JZR3V1NW96NGxqQjJ2RXg0MWhpbTFpZ3J5Y1I5RloyYWlkYVBvaC9yZSt5WmRYNWJXM2llKzgrTGlVZm9ZVWkzNjFZUkxPNTVvYkhGV2JsdGEiLCJtYWMiOiJmN2ZjNWQ3ZTJmYWI5ZjQzNGU0MWQ2OGRkOGRkMGUyYzc1MjJjM2JjNmM4YmVhNmEzZmI0OTljOTIzNWIyNjk2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 28 Mar 2024 21:24:00 GMT
content-type: image/svg+xml
content-disposition: inline; filename="yzxkcM3R4q1ekBAxD5woZr4sx1fYbm8xrDWmneyAskTxzEZ8xWISqclXPVhkab180"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G8IVXLsNgNbiGFT60Y6v5%2FBL8TRBaeP6xB3bpiAmzHqx5FPe87XukOqkDyJ%2FSjHiP8OdS8IDoaRfchnj8ykOZ1C%2BclYTW1kuCMfepvmUuMACb%2BU0Xr%2BjKA%2B%2FV9iJZg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server: cloudflare
cf-ray: 86baaf3e2d0b56c0-OSL
content-encoding: br

hxzgo.neyndish.com/uvWw9nl7xps0Swm3iD7C2H7PwBWlby43tDogP32EvNG67fO96YzOM0oVr7UzUGtECp2HyJhzpgN4pgh256

104.21.31.149

200 OK

71 kB

URL GET HTTP/3
hxzgo.neyndish.com/uvWw9nl7xps0Swm3iD7C2H7PwBWlby43tDogP32EvNG67fO96YzOM0oVr7UzUGtECp2HyJhzpgN4pgh256
IP
104.21.31.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Certificate
IssuerGoogle Trust Services LLC
Subjectneyndish.com
FingerprintB5:4C:D0:A1:03:D1:B3:96:27:1B:50:81:3D:AB:98:90:07:73:0D:9F
ValidityMon, 25 Mar 2024 15:18:55 GMT - Sun, 23 Jun 2024 15:18:54 GMT

File type
PNG image data, 2446 x 899, 8-bit/color RGBA, non-interlaced
Size
71 kB (70712 bytes)
Hash
f70ff06d19498d80b130ec78176fd3ff
9d8a3b74c5164ff7ae2c7930b6d7b14707b404fc
df6dbab5251e56b405e48aaf57d3cd4188f073ffba71131fa6cd26e6742923ae

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /uvWw9nl7xps0Swm3iD7C2H7PwBWlby43tDogP32EvNG67fO96YzOM0oVr7UzUGtECp2HyJhzpgN4pgh256 HTTP/1.1
Host: hxzgo.neyndish.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Cookie: XSRF-TOKEN=eyJpdiI6IkxGQnlkYmE0TjVKU1l6MEFZOEQ4enc9PSIsInZhbHVlIjoiQnZVUGRHMjQ0a2g4dG0vYzVXWWJqVWxzcWVDS2JJQXJ2VjJpSjZibkthSUVzK2lpejErOXhVYUV3VmVjM1REeEE4Snh0U2RrTzlwaWE3b3BXZDMvdWY2bWV6RkUzK3B0U3BhQTJobVhqTlEzOGh0VFNLUXozdVVNM2tQOStHanEiLCJtYWMiOiIyZGQwN2JlOWM4NmNhZjk0OTY4NDkzZDhiY2U3OThmYmZiOGRlNmM3YTI0MGIwNjFhOWFmMzA4NTlmZDA4ZGNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlFNblpYbDlJZHBkNFpESFFrUW0zL1E9PSIsInZhbHVlIjoiaEVoQzR3N1VSZStPbXU5RG5idmhsVm55YlU2VDRSZVJzQzV2UGZEaWwvS3dCK3JZR3V1NW96NGxqQjJ2RXg0MWhpbTFpZ3J5Y1I5RloyYWlkYVBvaC9yZSt5WmRYNWJXM2llKzgrTGlVZm9ZVWkzNjFZUkxPNTVvYkhGV2JsdGEiLCJtYWMiOiJmN2ZjNWQ3ZTJmYWI5ZjQzNGU0MWQ2OGRkOGRkMGUyYzc1MjJjM2JjNmM4YmVhNmEzZmI0OTljOTIzNWIyNjk2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 28 Mar 2024 21:24:00 GMT
content-type: image/png
content-length: 70712
content-disposition: inline; filename="uvWw9nl7xps0Swm3iD7C2H7PwBWlby43tDogP32EvNG67fO96YzOM0oVr7UzUGtECp2HyJhzpgN4pgh256"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CqD67gevytTUMAT3CRkuw45wXBiUCy5mVtsPs7Ol3EBo4q%2BL0M4XXh5zSm4Qun1sdw48H%2BnJjGklIyf%2FgLfD1hB%2Bv5n%2FRoeuBAgM4h2v2kPGx3zOrswetmiaU%2BIfRg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server: cloudflare
cf-ray: 86baaf3e3d1a56c0-OSL

hxzgo.neyndish.com/kilMOFHzsxVrsIYyNytBdbZMPaW5MCSzdb9TyIT3fkLZFgkti

104.21.31.149

200 OK

73 B

URL POST HTTP/3
hxzgo.neyndish.com/kilMOFHzsxVrsIYyNytBdbZMPaW5MCSzdb9TyIT3fkLZFgkti
IP
104.21.31.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Certificate
IssuerGoogle Trust Services LLC
Subjectneyndish.com
FingerprintB5:4C:D0:A1:03:D1:B3:96:27:1B:50:81:3D:AB:98:90:07:73:0D:9F
ValidityMon, 25 Mar 2024 15:18:55 GMT - Sun, 23 Jun 2024 15:18:54 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
73 B (73 bytes)
Hash
14436268a39858c55467e8d70a5458e1
d51ce7b68f1856daf5da8be6e773b0e181825c74
88c8472d2dab3cc4f29794f73d50e184d5568541a34bc0982f56b8c0cbf59606

HTTP Headers

POST /kilMOFHzsxVrsIYyNytBdbZMPaW5MCSzdb9TyIT3fkLZFgkti HTTP/1.1
Host: hxzgo.neyndish.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 33
Origin: https://hxzgo.neyndish.com
DNT: 1
Connection: keep-alive
Referer: https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Cookie: XSRF-TOKEN=eyJpdiI6IkxGQnlkYmE0TjVKU1l6MEFZOEQ4enc9PSIsInZhbHVlIjoiQnZVUGRHMjQ0a2g4dG0vYzVXWWJqVWxzcWVDS2JJQXJ2VjJpSjZibkthSUVzK2lpejErOXhVYUV3VmVjM1REeEE4Snh0U2RrTzlwaWE3b3BXZDMvdWY2bWV6RkUzK3B0U3BhQTJobVhqTlEzOGh0VFNLUXozdVVNM2tQOStHanEiLCJtYWMiOiIyZGQwN2JlOWM4NmNhZjk0OTY4NDkzZDhiY2U3OThmYmZiOGRlNmM3YTI0MGIwNjFhOWFmMzA4NTlmZDA4ZGNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlFNblpYbDlJZHBkNFpESFFrUW0zL1E9PSIsInZhbHVlIjoiaEVoQzR3N1VSZStPbXU5RG5idmhsVm55YlU2VDRSZVJzQzV2UGZEaWwvS3dCK3JZR3V1NW96NGxqQjJ2RXg0MWhpbTFpZ3J5Y1I5RloyYWlkYVBvaC9yZSt5WmRYNWJXM2llKzgrTGlVZm9ZVWkzNjFZUkxPNTVvYkhGV2JsdGEiLCJtYWMiOiJmN2ZjNWQ3ZTJmYWI5ZjQzNGU0MWQ2OGRkOGRkMGUyYzc1MjJjM2JjNmM4YmVhNmEzZmI0OTljOTIzNWIyNjk2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 28 Mar 2024 21:24:01 GMT
content-type: application/json
cache-control: no-cache, private
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YwJKJ%2BqO8Hrx8OUonznQfRiYBpogZ%2FocSIByopFuYGYDbFHXXAsIC6rP7xTUiYBP5DFbuYNj1SnHDZ4g2hhIqr0e2HNJyi834JewkLWke1KfMZOJzi%2BZEjcdhHLqyw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6IjVONGZqbExieWhSNHVQRjZuSGpwdWc9PSIsInZhbHVlIjoienZSQ2cwQVhIWEtGc2VMbFJ1UGNQMGZHVFJGa0hZcnorQi95QzNOZWFsYWFmMVBneW1FSTFsRTlaS2E3MUFTaHZtYjR4YjhjZkJEdVhqVXJIS2xzcGEzYURicmFSTzg1Q0h5eWV0U1gwamp6aFZVNzN2YTBZL1VuOCtqVjExNDYiLCJtYWMiOiI3MzBiZTkwMDQ3ZTlmMzhlM2U5YTY0MDNkNWNkODEzY2Y0YmU2MzUxNzkyOTFhMTFlN2JlY2I0NDE2YTk0ZjM5IiwidGFnIjoiIn0%3D; expires=Thu, 28-Mar-2024 23:24:00 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IjRJcy9HL2ZCL3pEaGMwek9CVm1sVHc9PSIsInZhbHVlIjoiMWIwWmgrSEpSY0krNTJreStDL1VvY2ozcTlvQ1pwUWc2U3ZyM2UzRlBINEJKSlZ5ZkdYejNJc2xxTkhwdkxORmk3Qm5QOUd0bmVTMHJvRUIxV0ZoQitsclRaemNaL2NLVC8rWWpmdUhZajNPMFV0RXJZdlY0TkpDU2VjeEdOMFYiLCJtYWMiOiI0ZGM2ZjllM2IxOGY1NGYzNGZjNjZhMDI4YWMyMDE4MGI2MTc5NzNiYzM4NTk1ZGMwZDdjMDgxNTc3ZTAyYzUwIiwidGFnIjoiIn0%3D; expires=Thu, 28-Mar-2024 23:24:00 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
server: cloudflare
cf-ray: 86baaf3f2df356c0-OSL
content-encoding: br

hxzgo.neyndish.com/kilMOFHzsxVrsIYyNytBdbZMPaW5MCSzdb9TyIT3fkLZFgkti

104.21.31.149

200 OK

20 B

URL POST HTTP/3
hxzgo.neyndish.com/kilMOFHzsxVrsIYyNytBdbZMPaW5MCSzdb9TyIT3fkLZFgkti
IP
104.21.31.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Certificate
IssuerGoogle Trust Services LLC
Subjectneyndish.com
FingerprintB5:4C:D0:A1:03:D1:B3:96:27:1B:50:81:3D:AB:98:90:07:73:0D:9F
ValidityMon, 25 Mar 2024 15:18:55 GMT - Sun, 23 Jun 2024 15:18:54 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
20 B (20 bytes)
Hash
0b35866f4a3aa4d34ce5dda2d14c2cd8
d2b80911f09c3106fdf0df9920f983945d644083
493851374626d927bfe1c7d084fa977a0e636c03f163fda258ab6b638edc2f0d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

POST /kilMOFHzsxVrsIYyNytBdbZMPaW5MCSzdb9TyIT3fkLZFgkti HTTP/1.1
Host: hxzgo.neyndish.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 33
Origin: https://hxzgo.neyndish.com
DNT: 1
Connection: keep-alive
Referer: https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Cookie: XSRF-TOKEN=eyJpdiI6IjVONGZqbExieWhSNHVQRjZuSGpwdWc9PSIsInZhbHVlIjoienZSQ2cwQVhIWEtGc2VMbFJ1UGNQMGZHVFJGa0hZcnorQi95QzNOZWFsYWFmMVBneW1FSTFsRTlaS2E3MUFTaHZtYjR4YjhjZkJEdVhqVXJIS2xzcGEzYURicmFSTzg1Q0h5eWV0U1gwamp6aFZVNzN2YTBZL1VuOCtqVjExNDYiLCJtYWMiOiI3MzBiZTkwMDQ3ZTlmMzhlM2U5YTY0MDNkNWNkODEzY2Y0YmU2MzUxNzkyOTFhMTFlN2JlY2I0NDE2YTk0ZjM5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRJcy9HL2ZCL3pEaGMwek9CVm1sVHc9PSIsInZhbHVlIjoiMWIwWmgrSEpSY0krNTJreStDL1VvY2ozcTlvQ1pwUWc2U3ZyM2UzRlBINEJKSlZ5ZkdYejNJc2xxTkhwdkxORmk3Qm5QOUd0bmVTMHJvRUIxV0ZoQitsclRaemNaL2NLVC8rWWpmdUhZajNPMFV0RXJZdlY0TkpDU2VjeEdOMFYiLCJtYWMiOiI0ZGM2ZjllM2IxOGY1NGYzNGZjNjZhMDI4YWMyMDE4MGI2MTc5NzNiYzM4NTk1ZGMwZDdjMDgxNTc3ZTAyYzUwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 28 Mar 2024 21:24:03 GMT
content-type: application/json
cache-control: no-cache, private
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=veyRAQZR74UnqU2dICCn2%2FOX%2B%2BeeJOZYCZdx659ExuxTNALzCXGLmRUsSIZ5nK1AlBf6J5HwIn5ijRebiN%2Bgb%2B1r8cQNXr71FA%2Bganr9yu%2FvyP9idwZwJmEdAmFgeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6InIzRnRjRnZ6MnVRc2k3eGJ0SzNZWlE9PSIsInZhbHVlIjoiK1l4MHluNmU5S05qbkoyZ1ZTMDkzbk1ZYi9KL0cyMklBMHU4MkZ6aFo4cE1ST0xPZGxNZk9hN1A1aXA5bWp1UnZVOTNPMEhwemt1Tmdmb2JPS0ZIU21KYVl5NmdoQmJUbFN6Vm53K0EwZnprdmNDMnhXY01NZUVnNURyUlU1bU4iLCJtYWMiOiIwNGQ2ZDNhYmExYWY4MGU1ZDM3OTJjYWU2ZDgwMzA1MDEyZDU1ZWM5NDg2ZTA4ZDQyOTdlOWIxMjhkMjkzZTA5IiwidGFnIjoiIn0%3D; expires=Thu, 28-Mar-2024 23:24:02 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6Ilg4K09tcmI2aitkNVdKQ1NBMEZKNWc9PSIsInZhbHVlIjoiYjNWV29POXdBdmhZRkh6OFdiZXJtSjZSTzM4amFVdmRNVkJaWDBnYjBCQjRTYS9WcWlUb2ZFMEozMHNYYm93ZGNZSmpzVjhYdTdMYmx1VVBwUDNFdklJaDBPWTdQa2pueEdqOHdOYm9CeFFCOHU2VWJlVVdnUUM5VUZWQ0lPc3IiLCJtYWMiOiI2NmE5N2I4ZjQyZDI0NmJiMjIxMThiNTY2OTQyMGUzODQyMTkxNWI5OTBlMGIxMWQ0MmYzOTI2MWY3MTE3ZTAxIiwidGFnIjoiIn0%3D; expires=Thu, 28-Mar-2024 23:24:02 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
server: cloudflare
cf-ray: 86baaf4bba0556c0-OSL
content-encoding: br

hxzgo.neyndish.com/klu8ahdoI8oB7HEu9d3WHun9fGs9rYXlit6uFOygvMpdew89hlBzklKzC7EOcDKtkm3Axd2r7RhzgGTrP7qab227

104.21.31.149

200 OK

1.4 kB

URL GET HTTP/3
hxzgo.neyndish.com/klu8ahdoI8oB7HEu9d3WHun9fGs9rYXlit6uFOygvMpdew89hlBzklKzC7EOcDKtkm3Axd2r7RhzgGTrP7qab227
IP
104.21.31.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Certificate
IssuerGoogle Trust Services LLC
Subjectneyndish.com
FingerprintB5:4C:D0:A1:03:D1:B3:96:27:1B:50:81:3D:AB:98:90:07:73:0D:9F
ValidityMon, 25 Mar 2024 15:18:55 GMT - Sun, 23 Jun 2024 15:18:54 GMT

File type
PNG image data, 108 x 24, 8-bit/color RGBA, non-interlaced
Size
1.4 kB (1400 bytes)
Hash
333ee830e5ab72c41dd9126a27b4d878
12d8d66ebb3076f3d6069e133c3212f97c8774e1
8702292cbc365e9f0488143e2b309b85efe09c61fd2e0a2e21c53735a309313c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /klu8ahdoI8oB7HEu9d3WHun9fGs9rYXlit6uFOygvMpdew89hlBzklKzC7EOcDKtkm3Axd2r7RhzgGTrP7qab227 HTTP/1.1
Host: hxzgo.neyndish.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Cookie: XSRF-TOKEN=eyJpdiI6IkxGQnlkYmE0TjVKU1l6MEFZOEQ4enc9PSIsInZhbHVlIjoiQnZVUGRHMjQ0a2g4dG0vYzVXWWJqVWxzcWVDS2JJQXJ2VjJpSjZibkthSUVzK2lpejErOXhVYUV3VmVjM1REeEE4Snh0U2RrTzlwaWE3b3BXZDMvdWY2bWV6RkUzK3B0U3BhQTJobVhqTlEzOGh0VFNLUXozdVVNM2tQOStHanEiLCJtYWMiOiIyZGQwN2JlOWM4NmNhZjk0OTY4NDkzZDhiY2U3OThmYmZiOGRlNmM3YTI0MGIwNjFhOWFmMzA4NTlmZDA4ZGNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlFNblpYbDlJZHBkNFpESFFrUW0zL1E9PSIsInZhbHVlIjoiaEVoQzR3N1VSZStPbXU5RG5idmhsVm55YlU2VDRSZVJzQzV2UGZEaWwvS3dCK3JZR3V1NW96NGxqQjJ2RXg0MWhpbTFpZ3J5Y1I5RloyYWlkYVBvaC9yZSt5WmRYNWJXM2llKzgrTGlVZm9ZVWkzNjFZUkxPNTVvYkhGV2JsdGEiLCJtYWMiOiJmN2ZjNWQ3ZTJmYWI5ZjQzNGU0MWQ2OGRkOGRkMGUyYzc1MjJjM2JjNmM4YmVhNmEzZmI0OTljOTIzNWIyNjk2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 28 Mar 2024 21:24:01 GMT
content-type: image/png
content-length: 1400
content-disposition: inline; filename="klu8ahdoI8oB7HEu9d3WHun9fGs9rYXlit6uFOygvMpdew89hlBzklKzC7EOcDKtkm3Axd2r7RhzgGTrP7qab227"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i2%2BRDGkk4L2hGFExgUZXToeCDpYQjcjWbCZ6qTwUEH81i%2BB%2FKCO3fXKD48SYUDJM3sdq1nb%2BOXt3meqmFr3g211RT2NjDdNMEVikehmeA6%2FzckfWM7DO3P4BamxAvA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server: cloudflare
cf-ray: 86baaf42191656c0-OSL

hxzgo.neyndish.com/ijNZcplVwF8xskh6RSuUe32uL94oN2LeyzOCTQst2g6BdK7Zv88222A5k56163

104.21.31.149

200 OK

7.4 kB

URL GET HTTP/3
hxzgo.neyndish.com/ijNZcplVwF8xskh6RSuUe32uL94oN2LeyzOCTQst2g6BdK7Zv88222A5k56163
IP
104.21.31.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Certificate
IssuerGoogle Trust Services LLC
Subjectneyndish.com
FingerprintB5:4C:D0:A1:03:D1:B3:96:27:1B:50:81:3D:AB:98:90:07:73:0D:9F
ValidityMon, 25 Mar 2024 15:18:55 GMT - Sun, 23 Jun 2024 15:18:54 GMT

File type
SVG Scalable Vector Graphics image
Size
7.4 kB (7390 bytes)
Hash
bca9b46fee32162356ba5b4783e614dc
cc09ee862df9bf86e545f9dfdf2fbd4facfa71f5
fb48e7087def752683bc9a9fe4035acf2419cebbe8b17a16e5c81699a06f6fec

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /ijNZcplVwF8xskh6RSuUe32uL94oN2LeyzOCTQst2g6BdK7Zv88222A5k56163 HTTP/1.1
Host: hxzgo.neyndish.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Cookie: XSRF-TOKEN=eyJpdiI6IkxGQnlkYmE0TjVKU1l6MEFZOEQ4enc9PSIsInZhbHVlIjoiQnZVUGRHMjQ0a2g4dG0vYzVXWWJqVWxzcWVDS2JJQXJ2VjJpSjZibkthSUVzK2lpejErOXhVYUV3VmVjM1REeEE4Snh0U2RrTzlwaWE3b3BXZDMvdWY2bWV6RkUzK3B0U3BhQTJobVhqTlEzOGh0VFNLUXozdVVNM2tQOStHanEiLCJtYWMiOiIyZGQwN2JlOWM4NmNhZjk0OTY4NDkzZDhiY2U3OThmYmZiOGRlNmM3YTI0MGIwNjFhOWFmMzA4NTlmZDA4ZGNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlFNblpYbDlJZHBkNFpESFFrUW0zL1E9PSIsInZhbHVlIjoiaEVoQzR3N1VSZStPbXU5RG5idmhsVm55YlU2VDRSZVJzQzV2UGZEaWwvS3dCK3JZR3V1NW96NGxqQjJ2RXg0MWhpbTFpZ3J5Y1I5RloyYWlkYVBvaC9yZSt5WmRYNWJXM2llKzgrTGlVZm9ZVWkzNjFZUkxPNTVvYkhGV2JsdGEiLCJtYWMiOiJmN2ZjNWQ3ZTJmYWI5ZjQzNGU0MWQ2OGRkOGRkMGUyYzc1MjJjM2JjNmM4YmVhNmEzZmI0OTljOTIzNWIyNjk2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 28 Mar 2024 21:24:00 GMT
content-type: image/svg+xml
content-disposition: inline; filename="ijNZcplVwF8xskh6RSuUe32uL94oN2LeyzOCTQst2g6BdK7Zv88222A5k56163"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BGT%2FlSp2mrZTehTHGjkLvKCEDcqF7VZsuGp2GST94NCzoyZcWEZoynJzpz4Yt2qZEn5k3SeoBMnSU0ck5g1WrnNERK4Vv2SKMLOh1Iy3oGkMr5V2EWTHJdQeOG7IXw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server: cloudflare
cf-ray: 86baaf3e2d0956c0-OSL
content-encoding: br

www.google.com/recaptcha/api.js

216.58.211.4

200 OK

850 B

URL GET HTTP/2
www.google.com/recaptcha/api.js
IP
216.58.211.4:443
ASN
#15169 GOOGLE

Requested by
https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
Fingerprint32:A3:19:7A:6B:D5:C7:5E:CA:7C:C8:08:79:14:56:FD:FC:3E:06:F0
ValidityMon, 26 Feb 2024 08:18:59 GMT - Mon, 20 May 2024 08:18:58 GMT

File type
JavaScript source, ASCII text, with very long lines (850), with no line terminators
Size
850 B (850 bytes)
Hash
02a73498d65c5eea50e63eec60b7b222
0dc726fe6d3e321900c51e654ec42bdb7c088106
a1c0de921a0d084726eb054afb55598ce1957bbf667d92d06675ba5ee99b2d21

HTTP Headers

GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hxzgo.neyndish.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Thu, 28 Mar 2024 21:24:00 GMT
date: Thu, 28 Mar 2024 21:24:00 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

hxzgo.neyndish.com/mnr2E44xYNL3viE0kRMEYGij5Br6I9l7zIllUE1zVhpx21D78150

104.21.31.149

200 OK

270 B

URL GET HTTP/3
hxzgo.neyndish.com/mnr2E44xYNL3viE0kRMEYGij5Br6I9l7zIllUE1zVhpx21D78150
IP
104.21.31.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Certificate
IssuerGoogle Trust Services LLC
Subjectneyndish.com
FingerprintB5:4C:D0:A1:03:D1:B3:96:27:1B:50:81:3D:AB:98:90:07:73:0D:9F
ValidityMon, 25 Mar 2024 15:18:55 GMT - Sun, 23 Jun 2024 15:18:54 GMT

File type
SVG Scalable Vector Graphics image
Size
270 B (270 bytes)
Hash
0c09c5ea7c28d6feb4d124957dde0a0d
1b9efde2d8f0e2a3d9d5315117e597c2d622fc5e
b3c39d2c15327b7ae68940502a2d7bf457fe521e075e6e671d0340edc58bcb3a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /mnr2E44xYNL3viE0kRMEYGij5Br6I9l7zIllUE1zVhpx21D78150 HTTP/1.1
Host: hxzgo.neyndish.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Cookie: XSRF-TOKEN=eyJpdiI6IkxGQnlkYmE0TjVKU1l6MEFZOEQ4enc9PSIsInZhbHVlIjoiQnZVUGRHMjQ0a2g4dG0vYzVXWWJqVWxzcWVDS2JJQXJ2VjJpSjZibkthSUVzK2lpejErOXhVYUV3VmVjM1REeEE4Snh0U2RrTzlwaWE3b3BXZDMvdWY2bWV6RkUzK3B0U3BhQTJobVhqTlEzOGh0VFNLUXozdVVNM2tQOStHanEiLCJtYWMiOiIyZGQwN2JlOWM4NmNhZjk0OTY4NDkzZDhiY2U3OThmYmZiOGRlNmM3YTI0MGIwNjFhOWFmMzA4NTlmZDA4ZGNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlFNblpYbDlJZHBkNFpESFFrUW0zL1E9PSIsInZhbHVlIjoiaEVoQzR3N1VSZStPbXU5RG5idmhsVm55YlU2VDRSZVJzQzV2UGZEaWwvS3dCK3JZR3V1NW96NGxqQjJ2RXg0MWhpbTFpZ3J5Y1I5RloyYWlkYVBvaC9yZSt5WmRYNWJXM2llKzgrTGlVZm9ZVWkzNjFZUkxPNTVvYkhGV2JsdGEiLCJtYWMiOiJmN2ZjNWQ3ZTJmYWI5ZjQzNGU0MWQ2OGRkOGRkMGUyYzc1MjJjM2JjNmM4YmVhNmEzZmI0OTljOTIzNWIyNjk2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 28 Mar 2024 21:24:01 GMT
content-type: image/svg+xml
content-disposition: inline; filename="mnr2E44xYNL3viE0kRMEYGij5Br6I9l7zIllUE1zVhpx21D78150"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S%2FttM%2BV69IrcnCFPN2860PjWNjcXxRJ83xXJBQzBRtCQ0WkoZQapSg0xNDwgXssz3vKRmQxSTWFvjsOKfmqH8Wh0grqd8aohZLbTNvBsJUuitSYDdmZpInHsWPwE%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server: cloudflare
cf-ray: 86baaf3e1d0456c0-OSL
content-encoding: br

hxzgo.neyndish.com/opFKkFEFbKzwhOlQ7mO2IoqrmYTOtmJih117ghg223GzsuNy61w5PmhnW9lezM5cPcd196

104.21.31.149

200 OK

268 B

URL GET HTTP/3
hxzgo.neyndish.com/opFKkFEFbKzwhOlQ7mO2IoqrmYTOtmJih117ghg223GzsuNy61w5PmhnW9lezM5cPcd196
IP
104.21.31.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Certificate
IssuerGoogle Trust Services LLC
Subjectneyndish.com
FingerprintB5:4C:D0:A1:03:D1:B3:96:27:1B:50:81:3D:AB:98:90:07:73:0D:9F
ValidityMon, 25 Mar 2024 15:18:55 GMT - Sun, 23 Jun 2024 15:18:54 GMT

File type
SVG Scalable Vector Graphics image
Size
268 B (268 bytes)
Hash
1318aafc1fb9ded0c623e5b9a557e6df
0917cdd7633cd1642b02b2b785416ec7e5106dcc
d86660a84daa211b121ec9fe0df83d6b945f61b888384391eabc7d6b4e941dc4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /opFKkFEFbKzwhOlQ7mO2IoqrmYTOtmJih117ghg223GzsuNy61w5PmhnW9lezM5cPcd196 HTTP/1.1
Host: hxzgo.neyndish.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Cookie: XSRF-TOKEN=eyJpdiI6IkxGQnlkYmE0TjVKU1l6MEFZOEQ4enc9PSIsInZhbHVlIjoiQnZVUGRHMjQ0a2g4dG0vYzVXWWJqVWxzcWVDS2JJQXJ2VjJpSjZibkthSUVzK2lpejErOXhVYUV3VmVjM1REeEE4Snh0U2RrTzlwaWE3b3BXZDMvdWY2bWV6RkUzK3B0U3BhQTJobVhqTlEzOGh0VFNLUXozdVVNM2tQOStHanEiLCJtYWMiOiIyZGQwN2JlOWM4NmNhZjk0OTY4NDkzZDhiY2U3OThmYmZiOGRlNmM3YTI0MGIwNjFhOWFmMzA4NTlmZDA4ZGNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlFNblpYbDlJZHBkNFpESFFrUW0zL1E9PSIsInZhbHVlIjoiaEVoQzR3N1VSZStPbXU5RG5idmhsVm55YlU2VDRSZVJzQzV2UGZEaWwvS3dCK3JZR3V1NW96NGxqQjJ2RXg0MWhpbTFpZ3J5Y1I5RloyYWlkYVBvaC9yZSt5WmRYNWJXM2llKzgrTGlVZm9ZVWkzNjFZUkxPNTVvYkhGV2JsdGEiLCJtYWMiOiJmN2ZjNWQ3ZTJmYWI5ZjQzNGU0MWQ2OGRkOGRkMGUyYzc1MjJjM2JjNmM4YmVhNmEzZmI0OTljOTIzNWIyNjk2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 28 Mar 2024 21:24:00 GMT
content-type: image/svg+xml
content-disposition: inline; filename="opFKkFEFbKzwhOlQ7mO2IoqrmYTOtmJih117ghg223GzsuNy61w5PmhnW9lezM5cPcd196"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OMVet0sEUj5cxI6mY9acLHB8B4xmRDra4hGM8kX1VjO1Q4yqwtviWe9CaUQqqlgTZZ8Mo6cNoKg96CU5t1Ap6VtZ7O5xwgxNkn0ssaH%2BHdP%2FDpg7l3wLLINo9MxvHw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server: cloudflare
cf-ray: 86baaf3e2d0c56c0-OSL
content-encoding: br

hxzgo.neyndish.com/wxpaRswHWHbEyHFjN5RZuFRop9zjJksXvWyGUYHo34130

104.21.31.149

200 OK

231 B

URL GET HTTP/3
hxzgo.neyndish.com/wxpaRswHWHbEyHFjN5RZuFRop9zjJksXvWyGUYHo34130
IP
104.21.31.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Certificate
IssuerGoogle Trust Services LLC
Subjectneyndish.com
FingerprintB5:4C:D0:A1:03:D1:B3:96:27:1B:50:81:3D:AB:98:90:07:73:0D:9F
ValidityMon, 25 Mar 2024 15:18:55 GMT - Sun, 23 Jun 2024 15:18:54 GMT

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
Size
231 B (231 bytes)
Hash
547988bac5584b4608466d761e16f370
c11bb71049702528402a31027f200184910a7e23
70e32b2db3f079bb0295a85a0db15ed9e5926294dd947938d6cfa595f5ab18b4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /wxpaRswHWHbEyHFjN5RZuFRop9zjJksXvWyGUYHo34130 HTTP/1.1
Host: hxzgo.neyndish.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Cookie: XSRF-TOKEN=eyJpdiI6IkxGQnlkYmE0TjVKU1l6MEFZOEQ4enc9PSIsInZhbHVlIjoiQnZVUGRHMjQ0a2g4dG0vYzVXWWJqVWxzcWVDS2JJQXJ2VjJpSjZibkthSUVzK2lpejErOXhVYUV3VmVjM1REeEE4Snh0U2RrTzlwaWE3b3BXZDMvdWY2bWV6RkUzK3B0U3BhQTJobVhqTlEzOGh0VFNLUXozdVVNM2tQOStHanEiLCJtYWMiOiIyZGQwN2JlOWM4NmNhZjk0OTY4NDkzZDhiY2U3OThmYmZiOGRlNmM3YTI0MGIwNjFhOWFmMzA4NTlmZDA4ZGNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlFNblpYbDlJZHBkNFpESFFrUW0zL1E9PSIsInZhbHVlIjoiaEVoQzR3N1VSZStPbXU5RG5idmhsVm55YlU2VDRSZVJzQzV2UGZEaWwvS3dCK3JZR3V1NW96NGxqQjJ2RXg0MWhpbTFpZ3J5Y1I5RloyYWlkYVBvaC9yZSt5WmRYNWJXM2llKzgrTGlVZm9ZVWkzNjFZUkxPNTVvYkhGV2JsdGEiLCJtYWMiOiJmN2ZjNWQ3ZTJmYWI5ZjQzNGU0MWQ2OGRkOGRkMGUyYzc1MjJjM2JjNmM4YmVhNmEzZmI0OTljOTIzNWIyNjk2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 28 Mar 2024 21:24:01 GMT
content-type: image/png
content-length: 231
content-disposition: inline; filename="wxpaRswHWHbEyHFjN5RZuFRop9zjJksXvWyGUYHo34130"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4TifKq3Y%2FX0nJ7W%2FyFSIZwiJZc4vAtzXvZDbeZa2Wjy4dbOVI2EawotLwkkBYMhX453N2lMr4Utj7jj%2BTsK3%2FPNn1K5BSKApDZlWrOB8amg%2BTi6emhMSPETPlasOXA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server: cloudflare
cf-ray: 86baaf3e1cfd56c0-OSL

hxzgo.neyndish.com/abAuBZ4ckSpqoef30

104.21.31.149

200 OK

38 kB

URL GET HTTP/3
hxzgo.neyndish.com/abAuBZ4ckSpqoef30
IP
104.21.31.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Certificate
IssuerGoogle Trust Services LLC
Subjectneyndish.com
FingerprintB5:4C:D0:A1:03:D1:B3:96:27:1B:50:81:3D:AB:98:90:07:73:0D:9F
ValidityMon, 25 Mar 2024 15:18:55 GMT - Sun, 23 Jun 2024 15:18:54 GMT

File type
ASCII text, with very long lines (1437), with CRLF line terminators
Size
38 kB (38221 bytes)
Hash
fbe2fcf4596b299453c91b7231ba7427
743291ee60a551e043529afdc9e3fbe72d70e776
2de22b4cdedcbeb9cd5f63ea7a0df8f77d0ef9086d200b052bfa9ee949deed40

HTTP Headers

GET /abAuBZ4ckSpqoef30 HTTP/1.1
Host: hxzgo.neyndish.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Cookie: XSRF-TOKEN=eyJpdiI6IkxGQnlkYmE0TjVKU1l6MEFZOEQ4enc9PSIsInZhbHVlIjoiQnZVUGRHMjQ0a2g4dG0vYzVXWWJqVWxzcWVDS2JJQXJ2VjJpSjZibkthSUVzK2lpejErOXhVYUV3VmVjM1REeEE4Snh0U2RrTzlwaWE3b3BXZDMvdWY2bWV6RkUzK3B0U3BhQTJobVhqTlEzOGh0VFNLUXozdVVNM2tQOStHanEiLCJtYWMiOiIyZGQwN2JlOWM4NmNhZjk0OTY4NDkzZDhiY2U3OThmYmZiOGRlNmM3YTI0MGIwNjFhOWFmMzA4NTlmZDA4ZGNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlFNblpYbDlJZHBkNFpESFFrUW0zL1E9PSIsInZhbHVlIjoiaEVoQzR3N1VSZStPbXU5RG5idmhsVm55YlU2VDRSZVJzQzV2UGZEaWwvS3dCK3JZR3V1NW96NGxqQjJ2RXg0MWhpbTFpZ3J5Y1I5RloyYWlkYVBvaC9yZSt5WmRYNWJXM2llKzgrTGlVZm9ZVWkzNjFZUkxPNTVvYkhGV2JsdGEiLCJtYWMiOiJmN2ZjNWQ3ZTJmYWI5ZjQzNGU0MWQ2OGRkOGRkMGUyYzc1MjJjM2JjNmM4YmVhNmEzZmI0OTljOTIzNWIyNjk2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 28 Mar 2024 21:24:00 GMT
content-type: text/css;charset=UTF-8
content-disposition: inline; filename="abAuBZ4ckSpqoef30"
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4k3RitxihJpcqz0jX0nEnipBzUGO29YyeP2hYglRXcldNdsH%2F%2F0wSNNMfpu1S6JEdO4zNeLP4fZVc70Iy%2BGMS%2FUlL4Xn2L02Q8fmMN3Nbw2t9bh0YTubD%2Bq3IzEiow%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server: cloudflare
cf-ray: 86baaf3dfce456c0-OSL
content-encoding: br

hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG

104.21.31.149

200 OK

60 kB

URL User Request GET HTTP/3
hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
IP
104.21.31.149:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectneyndish.com
FingerprintB5:4C:D0:A1:03:D1:B3:96:27:1B:50:81:3D:AB:98:90:07:73:0D:9F
ValidityMon, 25 Mar 2024 15:18:55 GMT - Sun, 23 Jun 2024 15:18:54 GMT

File type
HTML document, ASCII text, with very long lines (59153), with CRLF line terminators
Size
60 kB (59520 bytes)
Hash
ae855c1798d6ca526686e9109e372124
c3a2559d21d7587b3c5c3dfcd2556b86d1b93517
673fc96ad27b2f5f0d4ad24d676fcf06940f2a5e1ba7981a4df9723da87a0c34

HTTP Headers

GET /vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG HTTP/1.1
Host: hxzgo.neyndish.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hxzgo.neyndish.com/uYsu0oU/
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlU3RVFpUncwTG1EZHhPQm14Ujh0K3c9PSIsInZhbHVlIjoiQjdRUWM4amQvcG1zTXdEbnZISzd3bFJlM1JTOWFtMy9Ib3hBU3Z3ZlQwRFIzY0x1STN1U0ptZkRrSUl5S1BEakV3TUV1S0xhUmZPaVBNUmlzbml1MzNwZTY4elFxNXpiRXZkRXdGQXByQWppMW1hemNGT2JnRW82TlpuTzVmQXciLCJtYWMiOiI4ZTgxODMxOTIyMDdiNDU5NzVjMmRiYjc0ODFlMzg0ZDBhNDMyMzY2N2RmZDYwYzk2ZmI1NzJkMWYzMWM4YjE0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlVIbzZIUkxZdlFFMU1KczE0dDg4Mnc9PSIsInZhbHVlIjoiSUhqT2tzSStESXNXU3crODNOTEtpMDIzeG9PY3hhV3VWTDdjQlY1K092MFlIdzI0WC9Eek9FcitydHoyL3R3TC90QmNiTUtxcENJTTdtbit4Vkt6cGdKNDliNVVhMEZVNVRFRVhwT2h2b296RGNmdHJnY1BkUVZXSVdSRXBFU3YiLCJtYWMiOiJiNzhlMWJiOGIxYzM3MzcxZDY0NDZjNTRhMTYyZDRiZTVmYTY1ODQ4NjI3YzMyZTJmZmZiOGU5NGVjMWZlNTg1IiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 28 Mar 2024 21:24:00 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sD1fkCjodjD%2Bn%2FFF9yiKDlofmHP9e84qg88PTIvAxMfSdTHDKmj7V4mmfC2xsB7lKD43OTRYBlzo5r%2BLYNelZImVUX8JUJ9kfd5Z8fe8gM%2F9n%2F%2FukIRK8lnNB3kptQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6IkxGQnlkYmE0TjVKU1l6MEFZOEQ4enc9PSIsInZhbHVlIjoiQnZVUGRHMjQ0a2g4dG0vYzVXWWJqVWxzcWVDS2JJQXJ2VjJpSjZibkthSUVzK2lpejErOXhVYUV3VmVjM1REeEE4Snh0U2RrTzlwaWE3b3BXZDMvdWY2bWV6RkUzK3B0U3BhQTJobVhqTlEzOGh0VFNLUXozdVVNM2tQOStHanEiLCJtYWMiOiIyZGQwN2JlOWM4NmNhZjk0OTY4NDkzZDhiY2U3OThmYmZiOGRlNmM3YTI0MGIwNjFhOWFmMzA4NTlmZDA4ZGNjIiwidGFnIjoiIn0%3D; expires=Thu, 28-Mar-2024 23:23:59 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IlFNblpYbDlJZHBkNFpESFFrUW0zL1E9PSIsInZhbHVlIjoiaEVoQzR3N1VSZStPbXU5RG5idmhsVm55YlU2VDRSZVJzQzV2UGZEaWwvS3dCK3JZR3V1NW96NGxqQjJ2RXg0MWhpbTFpZ3J5Y1I5RloyYWlkYVBvaC9yZSt5WmRYNWJXM2llKzgrTGlVZm9ZVWkzNjFZUkxPNTVvYkhGV2JsdGEiLCJtYWMiOiJmN2ZjNWQ3ZTJmYWI5ZjQzNGU0MWQ2OGRkOGRkMGUyYzc1MjJjM2JjNmM4YmVhNmEzZmI0OTljOTIzNWIyNjk2IiwidGFnIjoiIn0%3D; expires=Thu, 28-Mar-2024 23:23:59 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
server: cloudflare
cf-ray: 86baaf38af8556c0-OSL
content-encoding: br

cdn.socket.io/4.6.0/socket.io.min.js

143.204.55.70

200 OK

46 kB

URL GET HTTP/2
cdn.socket.io/4.6.0/socket.io.min.js
IP
143.204.55.70:443
ASN
#16509 AMAZON-02

Requested by
https://hxzgo.neyndish.com/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB?599886080864051rzOFfrbHWBGDAKDOHEOCCYODYWGXCMCAKCKAHCDFWEUSFOYWKREHIXG
Certificate
IssuerAmazon
Subjectcdn.socket.io
FingerprintBB:7D:4E:26:70:F6:06:2A:12:E9:92:A8:F1:9F:CD:82:0B:BF:48:ED
ValiditySun, 22 Oct 2023 00:00:00 GMT - Sun, 17 Nov 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (45667)
Size
46 kB (45806 bytes)
Hash
80f5b8c6a9eeac15de93e5a112036a06
f7174635137d37581b11937fc90e9cb325077bce
0401de33701f1cad16ecf952899d23990b6437d0a5b7335524edf6bdfb932542

HTTP Headers

GET /4.6.0/socket.io.min.js HTTP/1.1
Host: cdn.socket.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hxzgo.neyndish.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
content-disposition: inline; filename="socket.io.min.js"
content-encoding: gzip
date: Mon, 15 Jan 2024 16:33:26 GMT
etag: W/"80f5b8c6a9eeac15de93e5a112036a06"
server: Vercel
strict-transport-security: max-age=63072000
x-vercel-cache: HIT
x-vercel-id: fra1::gsg9m-1705336406533-adf1f7d78a76
x-cache: Hit from cloudfront
via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 0e13Xsx6ZxAuqMPsynesuopEQVce7fAhdUM9gEM_Ozt2idtbJLDonw==
age: 6324634
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (31)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash