Report - ospcrews.sa.com/verify/project/sf_rand_string

Report Overview

URL

ospcrews.sa.com/verify/project/sf_rand_string_lowercase6/YmxvaG1hbm5Ac2NnYy5vcmc=
IP

162.241.71.248

ASN

#46606 UNIFIEDLAYER-AS-1
Submitted

2023-05-29T00:03:43Z

Access

public
Tags

phishing microsoft outlook
urlquery detections

Phishing - Microsoft Outlook

Detections

urlquery

4
Network Intrusion Detection

0
Threat Detection Systems

7

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
cpxxuy.calasavacj.com (7)	unknown	2023-05-19 19:55:50	2023-05-28 12:00:33	4642	172252	188.114.96.1
unpkg.com (2)	11693	2016-01-08 00:26:01	2023-05-28 05:11:47	840	64801	104.16.123.175
ospcrews.sa.com (1)	unknown	2022-11-22 11:04:41	2023-05-28 11:57:57	537	259	162.241.71.248

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator
2023-05-29	medium	cpxxuy.calasavacj.com/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7cea796c9998b524
2023-05-29	medium	cpxxuy.calasavacj.com/Mblohmann@scgc.org
2023-05-29	medium	cpxxuy.calasavacj.com/beebb091955c06fa68b3eb8afc0bae516473ebd458f82PASbeebb091955c06fa68b3eb8afc0bae516473ebd458f83
2023-05-29	medium	cpxxuy.calasavacj.com/boot/99317462c830641e063c0fadf7df654f6473ebd465f52
2023-05-29	medium	cpxxuy.calasavacj.com/Mblohmann@scgc.org
2023-05-29	medium	cpxxuy.calasavacj.com/jq/99317462c830641e063c0fadf7df654f6473ebd465f4f
2023-05-29	medium	cpxxuy.calasavacj.com/jm/99317462c830641e063c0fadf7df654f6473ebd465f77

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

HTTP Transactions (10)

URL IP Response Size

ospcrews.sa.com/verify/project/sf_rand_string_lowercase6/YmxvaG1hbm5Ac2NnYy5vcmc=

162.241.71.248

200 OK

URL User Request GET HTTP/1.1

ospcrews.sa.com/verify/project/sf_rand_string_lowercase6/YmxvaG1hbm5Ac2NnYy5vcmc=
IP

162.241.71.248:443
ASN

#46606 UNIFIEDLAYER-AS-1

Certificate

IssuerLet's Encrypt

Subjectospcrews.sa.com

FingerprintC1:FB:E1:3B:30:EC:94:D8:D9:F9:A0:B5:8E:1B:9F:98:8D:11:20:AA

ValidityWed, 24 May 2023 05:56:20 GMT - Tue, 22 Aug 2023 05:56:19 GMT

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

                                        GET /verify/project/sf_rand_string_lowercase6/YmxvaG1hbm5Ac2NnYy5vcmc= HTTP/1.1
Host: ospcrews.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Mon, 29 May 2023 00:03:25 GMT
Server: Apache
refresh: 0;url=https://cpxxuy.calasavacj.com/Mblohmann@scgc.org
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

cpxxuy.calasavacj.com/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7cea796c9998b524

188.114.96.1

URL

cpxxuy.calasavacj.com/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7cea796c9998b524
IP

188.114.96.1:0
ASN

#13335 CLOUDFLARENET

Magic

GIF image data, version 89a, 1 x 1\012- data

Size

42
Hash

d89746888da2d9510b64a9f031eaecd5

d5fceb6532643d0d84ffe09c40c481ecdf59e15a

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /cdn-cgi/images/trace/managed/js/transparent.gif?ray=7cea796c9998b524 HTTP/1.1
Host: cpxxuy.calasavacj.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cpxxuy.calasavacj.com/Mblohmann@scgc.org
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 00:03:27 GMT
content-type: image/gif
content-length: 42
last-modified: Thu, 25 May 2023 08:39:03 GMT
etag: "646f1ea7-2a"
server: cloudflare
cf-ray: 7cea796dee851bfa-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Mon, 29 May 2023 02:03:27 GMT
cache-control: max-age=7200, public
accept-ranges: bytes

unpkg.com/axios@1.4.0/dist/axios.min.js

104.16.123.175

200 OK

31842

URL GET HTTP/2

unpkg.com/axios@1.4.0/dist/axios.min.js
IP

104.16.123.175:443
ASN

#13335 CLOUDFLARENET

Requested by

https://cpxxuy.calasavacj.com/beebb091955c06fa68b3eb8afc0bae516473ebd458f82PASbeebb091955c06fa68b3eb8afc0bae516473ebd458f83
Certificate

IssuerCloudflare, Inc.

Subjectsni.cloudflaressl.com

FingerprintF7:B6:41:CA:15:FD:D1:0C:27:39:55:5D:C5:CE:3F:1C:A6:BB:9D:6F

ValidityTue, 02 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT

Magic

ASCII text, with very long lines (31803)

Size

31842
Hash

6470a918ba1fd4b8d0882df0269ddb82

97814fdab64aa7d1b30f082f9eb272d4b1ce18a2

fd4ce12a87594281afcee9c73a40fe7acc282bcc9e764fbb3afa1481a96a091e

HTTP Headers

                                        GET /axios@1.4.0/dist/axios.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cpxxuy.calasavacj.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
date: Mon, 29 May 2023 00:03:32 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"7c62-l4FP2rZKp9GzDwgvnrJy1LHOGKI"
via: 1.1 fly.io
fly-request-id: 01GZP8TZEXW4PFCT61FHX2WRTS-fra
cf-cache-status: HIT
age: 2017704
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7cea79921c9e0b41-OSL
content-encoding: br
X-Firefox-Spdy: h2

cpxxuy.calasavacj.com/Mblohmann@scgc.org

188.114.96.1

302 Found

7351

URL User Request POST HTTP/3

cpxxuy.calasavacj.com/Mblohmann@scgc.org
IP

188.114.96.1:443
ASN

#13335 CLOUDFLARENET

Certificate

IssuerLet's Encrypt

Subjectcalasavacj.com

Fingerprint1E:85:E1:07:C9:3A:7C:1D:81:CB:13:91:E0:4F:E1:06:F2:84:24:0D

ValidityThu, 18 May 2023 06:32:53 GMT - Wed, 16 Aug 2023 06:32:52 GMT

Magic

Size

7351
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook
fortinet	Phishing

HTTP Headers

                                        POST /Mblohmann@scgc.org HTTP/1.1
Host: cpxxuy.calasavacj.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cpxxuy.calasavacj.com/Mblohmann@scgc.org?__cf_chl_tk=D1akfAs0dgMRno8VHHUDWEWTscL_Krh1qawEdvYb42Y-1685318606-0-gaNycGzNDTs
Content-Type: application/x-www-form-urlencoded
Content-Length: 3553
Origin: https://cpxxuy.calasavacj.com
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 302 Found
date: Mon, 29 May 2023 00:03:32 GMT
content-type: text/html; charset=UTF-8
location: ./beebb091955c06fa68b3eb8afc0bae516473ebd458f82PASbeebb091955c06fa68b3eb8afc0bae516473ebd458f83
set-cookie: cf_clearance=CXAGaLmhQjLagonUfSI4eBKgznPpHIG9sI89gPIZPBo-1685318606-0-160; path=/; expires=Tue, 28-May-24 00:03:29 GMT; domain=.calasavacj.com; HttpOnly; Secure; SameSite=None
PHPSESSID=e6f2d72c639451e061b7bac9c0334fe6; path=/; secure
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3zVupjs4wVGRLqsUnB1dGPpkABlBcG6hxif5fPwg9ebytat4gvBkV4sJIxdPxWXkIMLOBicB14lAx9QiXk1EPpFkslIpLaIXifSG2wDIy4GD%2BP9F2xcj1wCaAECmuNTnByK5l3YiUUc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cea797f78291bfa-OSL
alt-svc: h3=":443"; ma=86400

cpxxuy.calasavacj.com/beebb091955c06fa68b3eb8afc0bae516473ebd458f82PASbeebb091955c06fa68b3eb8afc0bae516473ebd458f83

188.114.96.1

200 OK

7351

URL User Request GET HTTP/3

cpxxuy.calasavacj.com/beebb091955c06fa68b3eb8afc0bae516473ebd458f82PASbeebb091955c06fa68b3eb8afc0bae516473ebd458f83
IP

188.114.96.1:443
ASN

#13335 CLOUDFLARENET

Certificate

IssuerLet's Encrypt

Subjectcalasavacj.com

Fingerprint1E:85:E1:07:C9:3A:7C:1D:81:CB:13:91:E0:4F:E1:06:F2:84:24:0D

ValidityThu, 18 May 2023 06:32:53 GMT - Wed, 16 Aug 2023 06:32:52 GMT

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7407), with no line terminators

Size

7351
Hash

1a4bb2700c162d8a571ecd7c82328a78

b587974d39d38ea1b2c61a045debec7a4aa65946

ca46394c504a451849a5dd3484ad8e2cc2bdb96414a4dea1d439318709c6128c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /beebb091955c06fa68b3eb8afc0bae516473ebd458f82PASbeebb091955c06fa68b3eb8afc0bae516473ebd458f83 HTTP/1.1
Host: cpxxuy.calasavacj.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cpxxuy.calasavacj.com/Mblohmann@scgc.org?__cf_chl_tk=D1akfAs0dgMRno8VHHUDWEWTscL_Krh1qawEdvYb42Y-1685318606-0-gaNycGzNDTs
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=CXAGaLmhQjLagonUfSI4eBKgznPpHIG9sI89gPIZPBo-1685318606-0-160; PHPSESSID=e6f2d72c639451e061b7bac9c0334fe6
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 00:03:32 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e%2BqWOvlGOOL10NYjpvDvarBMUl59oMdnlCubR8F84mDMbUxglm0L9WCYqGVwV3WdTMrh8iVI6OqEw7wGqw2ixsErSqFGAr2YHAe13314qowHeYxeMYtT7wIx%2B0cQcMM%2BVknRRLR%2FOSg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cea7990f96a1bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cpxxuy.calasavacj.com/boot/99317462c830641e063c0fadf7df654f6473ebd465f52

188.114.96.1

200 OK

51039

URL GET HTTP/3

cpxxuy.calasavacj.com/boot/99317462c830641e063c0fadf7df654f6473ebd465f52
IP

188.114.96.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://cpxxuy.calasavacj.com/beebb091955c06fa68b3eb8afc0bae516473ebd458f82PASbeebb091955c06fa68b3eb8afc0bae516473ebd458f83
Certificate

IssuerLet's Encrypt

Subjectcalasavacj.com

Fingerprint1E:85:E1:07:C9:3A:7C:1D:81:CB:13:91:E0:4F:E1:06:F2:84:24:0D

ValidityThu, 18 May 2023 06:32:53 GMT - Wed, 16 Aug 2023 06:32:52 GMT

Magic

ASCII text, with very long lines (50758)

Size

51039
Hash

67176c242e1bdc20603c878dee836df3

27a71b00383d61ef3c489326b3564d698fc1227c

56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /boot/99317462c830641e063c0fadf7df654f6473ebd465f52 HTTP/1.1
Host: cpxxuy.calasavacj.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cpxxuy.calasavacj.com/beebb091955c06fa68b3eb8afc0bae516473ebd458f82PASbeebb091955c06fa68b3eb8afc0bae516473ebd458f83
Cookie: cf_clearance=CXAGaLmhQjLagonUfSI4eBKgznPpHIG9sI89gPIZPBo-1685318606-0-160; PHPSESSID=e6f2d72c639451e061b7bac9c0334fe6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 00:03:33 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Mon, 05 Jun 2023 00:03:33 GMT
last-modified: Mon, 22 May 2023 10:06:03 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hoG5DoUhNSfNmfJq7a4iO%2BmcCmB4elML8m%2F8uIp%2F893BqefUAz9R5Bn70DFfVk5iW9cAD%2FNH%2FWkbSUDPNJE4TVroghPHYndO5x1uK0AtX%2BA8eBzQBYcvVdWfxzBcOtzJKcCjJcngYbs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cea7991e9cd1bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

unpkg.com/axios/dist/axios.min.js

104.16.123.175

302 Found

31842

URL GET HTTP/2

unpkg.com/axios/dist/axios.min.js
IP

104.16.123.175:443
ASN

#13335 CLOUDFLARENET

Requested by

https://cpxxuy.calasavacj.com/beebb091955c06fa68b3eb8afc0bae516473ebd458f82PASbeebb091955c06fa68b3eb8afc0bae516473ebd458f83
Certificate

IssuerCloudflare, Inc.

Subjectsni.cloudflaressl.com

FingerprintF7:B6:41:CA:15:FD:D1:0C:27:39:55:5D:C5:CE:3F:1C:A6:BB:9D:6F

ValidityTue, 02 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT

Magic

Size

31842
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /axios/dist/axios.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cpxxuy.calasavacj.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 302 Found
date: Mon, 29 May 2023 00:03:32 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /axios@1.4.0/dist/axios.min.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01H1JCJ1N10KE4DJDQ6AK88XXA-arn
cf-cache-status: HIT
age: 536
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7cea79920c910b41-OSL
X-Firefox-Spdy: h2

cpxxuy.calasavacj.com/Mblohmann@scgc.org

188.114.96.1

403 Forbidden

8016

URL User Request GET HTTP/2

cpxxuy.calasavacj.com/Mblohmann@scgc.org
IP

188.114.96.1:443
ASN

#13335 CLOUDFLARENET

Certificate

IssuerLet's Encrypt

Subjectcalasavacj.com

Fingerprint1E:85:E1:07:C9:3A:7C:1D:81:CB:13:91:E0:4F:E1:06:F2:84:24:0D

ValidityThu, 18 May 2023 06:32:53 GMT - Wed, 16 Aug 2023 06:32:52 GMT

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (8184), with no line terminators

Size

8016
Hash

2415e9b18a25a9c6bcc88bc2188fd0de

93c6364aa4423be3d203e93ca65fa1f12d91f40e

9eb3b8735c998386ff516dd6f077ffc0c477888fecf1ab0d90e53b1b0674fdbe

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook
fortinet	Phishing

HTTP Headers

                                        GET /Mblohmann@scgc.org HTTP/1.1
Host: cpxxuy.calasavacj.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 403 Forbidden
date: Mon, 29 May 2023 00:03:26 GMT
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bbbeo7Adaoi7ojeRqysTbCEr6svQP3OxCa4IOX9C4ASfVsb9v45rv80BASSFYNu6Rm5U4kOnl7X06DFo8M0K%2FGaUjgVHGsHWdRL0OG%2BHf8OYfdoARrVtyHNQcGP%2BA5S01YMasakD%2FzA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cea796c9998b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cpxxuy.calasavacj.com/jq/99317462c830641e063c0fadf7df654f6473ebd465f4f

188.114.96.1

200 OK

85578

URL GET HTTP/3

cpxxuy.calasavacj.com/jq/99317462c830641e063c0fadf7df654f6473ebd465f4f
IP

188.114.96.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://cpxxuy.calasavacj.com/beebb091955c06fa68b3eb8afc0bae516473ebd458f82PASbeebb091955c06fa68b3eb8afc0bae516473ebd458f83
Certificate

IssuerLet's Encrypt

Subjectcalasavacj.com

Fingerprint1E:85:E1:07:C9:3A:7C:1D:81:CB:13:91:E0:4F:E1:06:F2:84:24:0D

ValidityThu, 18 May 2023 06:32:53 GMT - Wed, 16 Aug 2023 06:32:52 GMT

Magic

ASCII text, with very long lines (32065)

Size

85578
Hash

2f6b11a7e914718e0290410e85366fe9

69bb69e25ca7d5ef0935317584e6153f3fd9a88c

05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /jq/99317462c830641e063c0fadf7df654f6473ebd465f4f HTTP/1.1
Host: cpxxuy.calasavacj.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cpxxuy.calasavacj.com/beebb091955c06fa68b3eb8afc0bae516473ebd458f82PASbeebb091955c06fa68b3eb8afc0bae516473ebd458f83
Cookie: cf_clearance=CXAGaLmhQjLagonUfSI4eBKgznPpHIG9sI89gPIZPBo-1685318606-0-160; PHPSESSID=e6f2d72c639451e061b7bac9c0334fe6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 00:03:32 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Mon, 05 Jun 2023 00:03:32 GMT
last-modified: Mon, 22 May 2023 10:06:03 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pSffG6ADJzi8xy8Rze2YTTlfH2zRvVZtejL%2BFQexEU6jjmixPiJQLe0k4jFsAjWoSddDtZsQapOCivjbScvkqfFk2DQ8ahTaj4tY2ipsAZtmUxiXzYdnvc2yHJk91BqUG7nASXLOxIw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cea7991e9cb1bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cpxxuy.calasavacj.com/jm/99317462c830641e063c0fadf7df654f6473ebd465f77

188.114.96.1

200 OK

7309

URL GET HTTP/3

cpxxuy.calasavacj.com/jm/99317462c830641e063c0fadf7df654f6473ebd465f77
IP

188.114.96.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://cpxxuy.calasavacj.com/beebb091955c06fa68b3eb8afc0bae516473ebd458f82PASbeebb091955c06fa68b3eb8afc0bae516473ebd458f83
Certificate

IssuerLet's Encrypt

Subjectcalasavacj.com

Fingerprint1E:85:E1:07:C9:3A:7C:1D:81:CB:13:91:E0:4F:E1:06:F2:84:24:0D

ValidityThu, 18 May 2023 06:32:53 GMT - Wed, 16 Aug 2023 06:32:52 GMT

Magic

ASCII text, with very long lines (7344), with no line terminators

Size

7309
Hash

f335e180c66cfa35ea3152a33884ec67

0b99d4d6d595e23b8c864f9c39d16813f886e850

7e317dfd820ab1a6759f565d267e82ecb5bd797b6fe89be4858f0174b709c324

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /jm/99317462c830641e063c0fadf7df654f6473ebd465f77 HTTP/1.1
Host: cpxxuy.calasavacj.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cpxxuy.calasavacj.com/beebb091955c06fa68b3eb8afc0bae516473ebd458f82PASbeebb091955c06fa68b3eb8afc0bae516473ebd458f83
Cookie: cf_clearance=CXAGaLmhQjLagonUfSI4eBKgznPpHIG9sI89gPIZPBo-1685318606-0-160; PHPSESSID=e6f2d72c639451e061b7bac9c0334fe6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 00:03:33 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Mon, 05 Jun 2023 00:03:33 GMT
last-modified: Mon, 22 May 2023 10:06:03 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rXdMMEkfnXVpUtv%2F62bWs0vFD%2BqmUmihTWjWVrN7alWzXImRyfPsDZEjGHif9AS5X2P2%2B9xhxkrODKMP4xp33JZXSRk4FmhsJEspnGEFlcaFerdkrrBxdyBgaarryMsEGlsAwgAsxhU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cea7991e9cf1bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (10)

#1 JS:Script (size: 34)

#2 JS:Script (size: 51039)

#3 JS:Script (size: 7309)

#4 JS:Script (size: 79)

#5 JS:Script (size: 37)

#6 JS:Script (size: 85578)

#1 JS:Eval (size: 13)

#2 JS:Eval (size: 2328)

#3 JS:Eval (size: 4)

#4 JS:Eval (size: 515)

HTTP Transactions (10)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

Magic

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

Magic

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

Magic

Size

Hash

HTTP Headers

URL User Request POST HTTP/3

IP

ASN

Certificate

Magic

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/3

IP

ASN

Certificate

Magic

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3