Report - ethnicvilla.shop/bootstrap/irlfic/bWFuYXNhLmJuQG1pbmR0cmVlLmNvbQ==

Report Overview

Visited public
2023-09-27 09:04:22
Tags
phishing microsoft outlook
URL
ethnicvilla.shop/bootstrap/irlfic/bWFuYXNhLmJuQG1pbmR0cmVlLmNvbQ==
Finishing URL
q6r7s8t9u0v1.ed4jsf9.ru/cgi-sys/suspendedpage.cgi#manasa.bn@mindtree.com
IP / ASN
162.0.215.155
#22612 NAMECHEAP-NET
Title
Account Suspended
Phishing - Microsoft Outlook

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
q6r7s8t9u0v1.ed4jsf9.ru	unknown	2023-09-07	2023-09-22 18:23:23	2023-09-25 19:14:50	3.5 kB	52 kB	188.114.96.1
ocsp.sectigo.com	487	2018-08-16	2019-11-29 12:50:24	2023-09-26 21:38:32	330 B	963 B	104.18.14.101
ethnicvilla.shop	unknown	2023-05-25	2023-06-14 12:46:53	2023-09-25 18:22:24	522 B	497 B	162.0.215.155
use.fontawesome.com	942	2012-10-18	2017-01-30 05:43:25	2023-09-26 18:13:04	980 B	75 kB	172.64.103.11

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (3)

	URL	From	Size	First Seen	Last Seen
	q6r7s8t9u0v1.ed4jsf9.ru/cgi-sys/suspendedpage.cgi#manasa.bn@mindtree.com	ScriptElement	1.1 kB	2024-08-21	2024-08-21
Pretty URL q6r7s8t9u0v1.ed4jsf9.ru/cgi-sys/suspendedpage.cgi#manasa.bn@mindtree.com IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-21 05:41 Last Seen2024-08-21 05:41 Times Seen1 Hash cb90725dddc994dae540e792683bc9bd f761392a166712fd2240c5360d0b0e90410c38d9 f740014aae8df7af12909aa5ec6337f342eb3e60761e4cde2dd8f65cc1c7644f Loading...

	unknown	ScriptElement	247 B	2024-08-21	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-21 05:41 Last Seen2024-08-21 05:41 Times Seen1 Hash e5ee273236dd578ddc8c332bc45e542f 3ade35d1456992b849adb728a5ecfd786dc300b4 a76306a1acd9e3e375c2d4cb28c67ebfb2b04d9c1d8858d826090ca3ac1d6b12 Loading...

	q6r7s8t9u0v1.ed4jsf9.ru/cdn-cgi/challenge-platform/scripts/jsd/main.js	ScriptElement	7.2 kB	2023-09-27	2023-09-27
Pretty URL q6r7s8t9u0v1.ed4jsf9.ru/cdn-cgi/challenge-platform/scripts/jsd/main.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-27 11:04 Last Seen2023-09-27 11:04 Times Seen1 Hash eca4474b30975c92a57d26e0225ddcf5 4f4b097ec2b838829ba278c134aeeb697ef74209 574e1f2bbd9b2ce18140439ff33717b25816d2992ed0efb130c9a187aafda3a8 Loading...

HTTP Transactions (11)

URL IP Response Size

ocsp.sectigo.com/

104.18.14.101

471 B

URL
ocsp.sectigo.com/
IP
104.18.14.101:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
bbea769a6412d2b774a146ed1330f09b
3935f849ec5aef3a28d0cc50b1b77a6d76daf3fc
e5e0b9d4bccbd417c4810d05e483b9b2b56a55136304a315d4f6a657128574e9

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 27 Sep 2023 09:04:04 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 27 Sep 2023 02:53:02 GMT
Expires: Wed, 04 Oct 2023 02:53:01 GMT
Etag: "3935f849ec5aef3a28d0cc50b1b77a6d76daf3fc"
Cache-Control: max-age=581936,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 80d293bdac6956bf-OSL

ethnicvilla.shop/bootstrap/irlfic/bWFuYXNhLmJuQG1pbmR0cmVlLmNvbQ==

162.0.215.155

0 B

URL
ethnicvilla.shop/bootstrap/irlfic/bWFuYXNhLmJuQG1pbmR0cmVlLmNvbQ==
IP
162.0.215.155:0
ASN
#22612 NAMECHEAP-NET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /bootstrap/irlfic/bWFuYXNhLmJuQG1pbmR0cmVlLmNvbQ== HTTP/1.1
Host: ethnicvilla.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-powered-by: PHP/8.0.30
refresh: 0;url=https://q6r7s8t9u0v1.ed4jsf9.ru/789c#manasa.bn@mindtree.com
content-type: text/html; charset=UTF-8
content-length: 0
date: Wed, 27 Sep 2023 09:04:04 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v5.0.6/webfonts/fa-solid-900.woff2

172.64.103.11

200 OK

39 kB

URL GET HTTP/2
use.fontawesome.com/releases/v5.0.6/webfonts/fa-solid-900.woff2
IP
172.64.103.11:443
ASN
#13335 CLOUDFLARENET

Requested by
https://q6r7s8t9u0v1.ed4jsf9.ru/cgi-sys/suspendedpage.cgi#manasa.bn@mindtree.com
Certificate
IssuerGoogle Trust Services LLC
Subjectuse.fontawesome.com
Fingerprint23:04:2D:9B:C5:BA:9D:AA:AC:6A:FD:14:B0:96:18:D6:EB:A5:B3:65
ValidityFri, 01 Sep 2023 05:27:58 GMT - Thu, 30 Nov 2023 05:27:57 GMT

File type
Web Open Font Format (Version 2), TrueType, length 38784, version 1.0\012- data
Size
39 kB (38784 bytes)
Hash
f9b85c9463af7103b9b24bbbf09a06ed
d28d7222bcbeb8ea701a771e85f7efe006e62fb1
62554277d07b20c6bfae7c6267b3198b4846f604a37d4085bf9f54c392210b56

HTTP Headers

GET /releases/v5.0.6/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://q6r7s8t9u0v1.ed4jsf9.ru
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 27 Sep 2023 09:04:06 GMT
content-type: application/font-woff2
content-length: 38784
x-amz-id-2: JJiMynVXJF/z2lh61nPj200hCHpqFQJaTO97Namr8jWu3EBNZfO+TYddn6mJSzt5YagdIHa+7Ek=
x-amz-request-id: HFPDAFJN8REY7BHG
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:27:50 GMT
etag: "f9b85c9463af7103b9b24bbbf09a06ed"
cache-control: max-age=31556926
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YSchUeyP46pg0O%2FxRM74jf5GzQwZnxNXudpwDOqxijvM2Ks%2B0Hg1FWuv948XCMAhNQDKsIfUnP3osiiRzxEIQZ%2FnD29VOR8ulUVEpDb79KTf5Nk8l0R3USBDcttiSpVNnedwT96r"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80d293c65c83d178-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

q6r7s8t9u0v1.ed4jsf9.ru/789c

188.114.96.1

302 Found

8.7 kB

URL User Request GET HTTP/2
q6r7s8t9u0v1.ed4jsf9.ru/789c
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subject*.ed4jsf9.ru
Fingerprint6D:95:1B:DD:2C:CE:B6:A4:0D:1A:65:97:85:79:C8:5A:14:C5:0F:91
ValidityThu, 07 Sep 2023 14:27:09 GMT - Wed, 06 Dec 2023 14:27:08 GMT

File type

Size
8.7 kB (8688 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /789c HTTP/1.1
Host: q6r7s8t9u0v1.ed4jsf9.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Wed, 27 Sep 2023 09:04:05 GMT
content-type: text/html
location: https://q6r7s8t9u0v1.ed4jsf9.ru/cgi-sys/suspendedpage.cgi
cache-control: no-cache, no-store, must-revalidate, max-age=0
vary: User-Agent
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GA1MHKVaH1nW%2BYnYBzYtgm1mWEr7qaN3Z5SJpO3m8qmEAMAZwun8pqOD%2Bj441KeaTdwOMfA%2FNgUGiPBm2J10QWQj9FXapBo8ubBNwFuIah%2BSxk%2FDSNdS5bx%2FnUl6jZSabNQf7qXCupB%2BbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80d293c10d830b3d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v5.0.6/css/all.css

172.64.103.11

200 OK

35 kB

URL GET HTTP/2
use.fontawesome.com/releases/v5.0.6/css/all.css
IP
172.64.103.11:443
ASN
#13335 CLOUDFLARENET

Requested by
https://q6r7s8t9u0v1.ed4jsf9.ru/cgi-sys/suspendedpage.cgi#manasa.bn@mindtree.com
Certificate
IssuerGoogle Trust Services LLC
Subjectuse.fontawesome.com
Fingerprint23:04:2D:9B:C5:BA:9D:AA:AC:6A:FD:14:B0:96:18:D6:EB:A5:B3:65
ValidityFri, 01 Sep 2023 05:27:58 GMT - Thu, 30 Nov 2023 05:27:57 GMT

File type
ASCII text, with very long lines (34556)
Size
35 kB (34734 bytes)
Hash
42eaa52604673b64d6b356c2fd7f87e3
6b59cb703b2d4a7a2691f13008062b46a6bc7fdb
ed0f122470c4d13d86bbabdc38046d743d0228204a56d786d2e17bd83fd358ce

HTTP Headers

GET /releases/v5.0.6/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://q6r7s8t9u0v1.ed4jsf9.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 27 Sep 2023 09:04:05 GMT
content-type: text/css
x-amz-id-2: q/xH5udX80eSxjoXE52vyfZh1u+Ea2kfIHF7FcC0WnOao3zX5CEGuRQvCak7nd1Zl1jtJbiCAGRcNfKPhaxBNibyTuhZvsswJUI9Hisn1e8=
x-amz-request-id: KKT9AHTW94S37WPH
last-modified: Wed, 30 Jun 2021 15:27:49 GMT
etag: W/"42eaa52604673b64d6b356c2fd7f87e3"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 401382
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cJeKRZVEl44PHr%2BIi9TumEgAXkEnt8iMBfw47PQtGcUHGhRcbXVOnx8I5Lc%2F8R1lYgM9IE1Nly7cR%2FKwPSUjQ2M3MBn178yYRFL05eRLUf2wDqf%2B%2Fk0%2BICuOvPLtHsdGuv2UtMqA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80d293c52f9123fb-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

q6r7s8t9u0v1.ed4jsf9.ru/cdn-cgi/challenge-platform/h/g/scripts/jsd/dffb14d6/main.js

188.114.96.1

200 OK

7.2 kB

URL GET HTTP/3
q6r7s8t9u0v1.ed4jsf9.ru/cdn-cgi/challenge-platform/h/g/scripts/jsd/dffb14d6/main.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://q6r7s8t9u0v1.ed4jsf9.ru/cgi-sys/suspendedpage.cgi#manasa.bn@mindtree.com
Certificate
IssuerGoogle Trust Services LLC
Subject*.ed4jsf9.ru
Fingerprint6D:95:1B:DD:2C:CE:B6:A4:0D:1A:65:97:85:79:C8:5A:14:C5:0F:91
ValidityThu, 07 Sep 2023 14:27:09 GMT - Wed, 06 Dec 2023 14:27:08 GMT

File type
ASCII text, with very long lines (7232), with no line terminators
Size
7.2 kB (7232 bytes)
Hash
eca4474b30975c92a57d26e0225ddcf5
4f4b097ec2b838829ba278c134aeeb697ef74209
574e1f2bbd9b2ce18140439ff33717b25816d2992ed0efb130c9a187aafda3a8

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/dffb14d6/main.js HTTP/1.1
Host: q6r7s8t9u0v1.ed4jsf9.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 27 Sep 2023 09:04:06 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-content-type-options: nosniff
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TaxZhIqplsP2OaNwDHO3IxaJpuj%2BVQfxufYDJPbuDa8HN52kE%2Bor8oQVr0PAm61graDLkItySA9JzoKUBHDcxFRJsIOx%2B%2BIFLQ5qc30tstlRDpSGdRaRsRY5TXOXOZEdwHebMzRGXDGCmg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80d293c71d4856b9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

q6r7s8t9u0v1.ed4jsf9.ru/cgi-sys/suspendedpage.cgi

188.114.96.1

200 OK

8.7 kB

URL User Request GET HTTP/2
q6r7s8t9u0v1.ed4jsf9.ru/cgi-sys/suspendedpage.cgi
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subject*.ed4jsf9.ru
Fingerprint6D:95:1B:DD:2C:CE:B6:A4:0D:1A:65:97:85:79:C8:5A:14:C5:0F:91
ValidityThu, 07 Sep 2023 14:27:09 GMT - Wed, 06 Dec 2023 14:27:08 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (8860), with no line terminators
Size
8.7 kB (8688 bytes)
Hash
c14666ea321bea4fce48c34a57db155d
73521547594f27b648dae35226b4f2d33a5b7a7f
f513d60531cabee58ec7ad420698272638bbe83d8183191c5ccbef25e16d3b4c

HTTP Headers

GET /cgi-sys/suspendedpage.cgi HTTP/1.1
Host: q6r7s8t9u0v1.ed4jsf9.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 27 Sep 2023 09:04:05 GMT
content-type: text/html
vary: Accept-Encoding,User-Agent,User-Agent
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uxfc7ZMJN01HC%2BTpQ3okPVehNd50gBNmE0UyiU15bue4tgcnY%2BpLhD7ObJSgGobErc5HcKX9AIrA%2FYrjNmbncQyRtmcSKiFgT1Of8OyyL0YMgJQbiZNQr9sGnUP1swccrBBBsRIw8yVEaw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80d293c18dc70b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

q6r7s8t9u0v1.ed4jsf9.ru/cdn-cgi/challenge-platform/scripts/jsd/main.js

188.114.96.1

302 Found

7.2 kB

URL GET HTTP/3
q6r7s8t9u0v1.ed4jsf9.ru/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://q6r7s8t9u0v1.ed4jsf9.ru/cgi-sys/suspendedpage.cgi#manasa.bn@mindtree.com
Certificate
IssuerGoogle Trust Services LLC
Subject*.ed4jsf9.ru
Fingerprint6D:95:1B:DD:2C:CE:B6:A4:0D:1A:65:97:85:79:C8:5A:14:C5:0F:91
ValidityThu, 07 Sep 2023 14:27:09 GMT - Wed, 06 Dec 2023 14:27:08 GMT

File type

Size
7.2 kB (7232 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: q6r7s8t9u0v1.ed4jsf9.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 302 Found
date: Wed, 27 Sep 2023 09:04:06 GMT
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/dffb14d6/main.js
access-control-allow-origin: *
cache-control: max-age=300, public
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=300%2BMSimuvkCvB6OhGFDG8C0v%2F7WkOm0DlIZMftS66p6SuTFi%2Fu3YzSQwrJiyovUpyot5h%2BqB%2FduMS6iCLyQ1u5DQ76I8QpPPIlmdagVst6i67HtKPiG8Y%2BThXWltGobR9FLAaD082E4Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80d293c67ce256b9-OSL
alt-svc: h3=":443"; ma=86400

q6r7s8t9u0v1.ed4jsf9.ru/favicon.ico

188.114.96.1

302 Found

7.6 kB

URL GET HTTP/3
q6r7s8t9u0v1.ed4jsf9.ru/favicon.ico
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://q6r7s8t9u0v1.ed4jsf9.ru/cgi-sys/suspendedpage.cgi#manasa.bn@mindtree.com
Certificate
IssuerGoogle Trust Services LLC
Subject*.ed4jsf9.ru
Fingerprint6D:95:1B:DD:2C:CE:B6:A4:0D:1A:65:97:85:79:C8:5A:14:C5:0F:91
ValidityThu, 07 Sep 2023 14:27:09 GMT - Wed, 06 Dec 2023 14:27:08 GMT

File type

Size
7.6 kB (7597 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: q6r7s8t9u0v1.ed4jsf9.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://q6r7s8t9u0v1.ed4jsf9.ru/cgi-sys/suspendedpage.cgi
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 302 Found
date: Wed, 27 Sep 2023 09:04:06 GMT
content-type: text/html
location: https://q6r7s8t9u0v1.ed4jsf9.ru/cgi-sys/suspendedpage.cgi
cache-control: no-cache, no-store, must-revalidate, max-age=0
vary: User-Agent, Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9AEHarH7%2FgOgm0EQDoi7fglnHqZVGGeb9syrYdTrI5UriB78ftfKLaWVTBhogINERzV7gCdneUE43h%2Fbj3NcmAG37M2mR%2FPZLuzbog873y2gRQIbGpv4%2F5jR97FDUpLj%2BDdQ%2Ff%2BxOq6rBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80d293c71d4556b9-OSL
alt-svc: h3=":443"; ma=86400

q6r7s8t9u0v1.ed4jsf9.ru/cdn-cgi/challenge-platform/h/g/jsd/r/80d293c18dc70b3d

188.114.96.1

200 OK

0 B

URL POST HTTP/3
q6r7s8t9u0v1.ed4jsf9.ru/cdn-cgi/challenge-platform/h/g/jsd/r/80d293c18dc70b3d
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://q6r7s8t9u0v1.ed4jsf9.ru/cgi-sys/suspendedpage.cgi#manasa.bn@mindtree.com
Certificate
IssuerGoogle Trust Services LLC
Subject*.ed4jsf9.ru
Fingerprint6D:95:1B:DD:2C:CE:B6:A4:0D:1A:65:97:85:79:C8:5A:14:C5:0F:91
ValidityThu, 07 Sep 2023 14:27:09 GMT - Wed, 06 Dec 2023 14:27:08 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/jsd/r/80d293c18dc70b3d HTTP/1.1
Host: q6r7s8t9u0v1.ed4jsf9.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12288
Origin: https://q6r7s8t9u0v1.ed4jsf9.ru
DNT: 1
Connection: keep-alive
Referer: https://q6r7s8t9u0v1.ed4jsf9.ru/cgi-sys/suspendedpage.cgi
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 27 Sep 2023 09:04:06 GMT
content-type: text/plain; charset=UTF-8
set-cookie: cf_clearance=Wmuc.69EI532YUALyZKN7j58vR_UTBm8RFAkMPMbeyQ-1695805446-0-1-69b0ef05.6b0d8b6b.438cce4a-0.2.1695805446; path=/; expires=Thu, 26-Sep-24 09:04:06 GMT; domain=.ed4jsf9.ru; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rYzE2%2F1vct0b1nHCURUxDZa90QYo%2BbK110uI6ITYOxifpU8EA%2B4M68EUUF0eEzU%2F36M53SyjqXFbHYsVBnI8SuaFywxJI19bRrqB3ROri5I2xkGNK2tCPDf2lz4j5A3pr2nMRWPYh8oD8A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80d293c88ed356b9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

q6r7s8t9u0v1.ed4jsf9.ru/cgi-sys/suspendedpage.cgi

188.114.96.1

200 OK

7.6 kB

URL GET HTTP/3
q6r7s8t9u0v1.ed4jsf9.ru/cgi-sys/suspendedpage.cgi
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://q6r7s8t9u0v1.ed4jsf9.ru/cgi-sys/suspendedpage.cgi#manasa.bn@mindtree.com
Certificate
IssuerGoogle Trust Services LLC
Subject*.ed4jsf9.ru
Fingerprint6D:95:1B:DD:2C:CE:B6:A4:0D:1A:65:97:85:79:C8:5A:14:C5:0F:91
ValidityThu, 07 Sep 2023 14:27:09 GMT - Wed, 06 Dec 2023 14:27:08 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7767), with no line terminators
Size
7.6 kB (7597 bytes)
Hash
7c3d95565615047a6565f9f3cc5e25b2
4625d3cd5310b63c63174d30c913ce28f15b6fd3
821bd200681f86fe693da49067365bdf93adab4e92fcd9121b2487d5b44d6868

HTTP Headers

GET /cgi-sys/suspendedpage.cgi HTTP/1.1
Host: q6r7s8t9u0v1.ed4jsf9.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://q6r7s8t9u0v1.ed4jsf9.ru/cgi-sys/suspendedpage.cgi
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=Wmuc.69EI532YUALyZKN7j58vR_UTBm8RFAkMPMbeyQ-1695805446-0-1-69b0ef05.6b0d8b6b.438cce4a-0.2.1695805446
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 27 Sep 2023 09:04:06 GMT
content-type: text/html
vary: Accept-Encoding,User-Agent
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UkHnllyp%2FCm2fpsefj8FJzlOekBVlPgaeCmvXLw5%2BG%2BdMrRsOmuqb3i%2BZ17u2kNNv%2Fm89jZ6yWv%2BBJC0rj6FokjXOM2wfUk%2FQ1nxrgJufRBsQpFeLtshx9WZcWtRM2tvKYFMx3inUOwE1A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80d293c8ef1456b9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (11)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type