Report - marcuswinshowllcpay4dportal.pages.dev/

Report Overview

Visited public
2023-11-30 13:37:40
Tags
URL
marcuswinshowllcpay4dportal.pages.dev/
Finishing URL
marcuswinshowllcpay4dportal.pages.dev/
IP / ASN
172.66.46.239
#13335 CLOUDFLARENET
Title
Sign in to Outlook

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
marcuswinshowllcpay4dportal.pages.dev	unknown	unknown	No data	No data	4.1 kB	359 kB	172.66.45.17
userstatics.com	unknown	2020-11-05	2020-11-06 00:01:51	2023-11-28 05:23:56	495 B	839 B	0.0.0.0

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-11-30	medium	marcuswinshowllcpay4dportal.pages.dev/	Outlook
2023-11-30	medium	marcuswinshowllcpay4dportal.pages.dev/	Outlook
2023-11-30	medium	marcuswinshowllcpay4dportal.pages.dev/	Outlook
2023-11-30	medium	marcuswinshowllcpay4dportal.pages.dev/	Outlook
2023-11-30	medium	marcuswinshowllcpay4dportal.pages.dev/	Outlook
2023-11-30	medium	marcuswinshowllcpay4dportal.pages.dev/	Outlook
2023-11-30	medium	marcuswinshowllcpay4dportal.pages.dev/	Outlook
2023-11-30	medium	marcuswinshowllcpay4dportal.pages.dev/	Outlook

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	marcuswinshowllcpay4dportal.pages.dev/js/jquery-3.1.1.min.js	ScriptElement	87 kB	2023-11-30	2024-08-20
Pretty URL marcuswinshowllcpay4dportal.pages.dev/js/jquery-3.1.1.min.js IP 172.66.45.17 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-30 14:37 Last Seen2024-08-20 17:20 Times Seen21 Hash 739c3988a47d0a804e285941f8906e14 723c31593daa66d3040405400aa737c57a3a6f1c b73391e74cbece5c12b809114e8ce90285812ef73d533ffa3401d7d716ae0eaa Loading...

	marcuswinshowllcpay4dportal.pages.dev/	ScriptElement	2.8 kB	2023-11-30	2024-08-20
Pretty URL marcuswinshowllcpay4dportal.pages.dev/ IP 172.66.45.17 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-30 14:37 Last Seen2024-08-20 17:20 Times Seen20 Hash 64a8124de2771f24cf4a531b095ee633 b514d55d03047016d1cdfa9a8f57231db97162b5 9437b006942f6e1849d6cede54b7f19f9cf727d5dcb56f758cfb03877048df1e Loading...

	marcuswinshowllcpay4dportal.pages.dev/	ScriptElement	217 B	2023-03-07	2025-05-08
Pretty URL marcuswinshowllcpay4dportal.pages.dev/ IP 172.66.45.17 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:18 Last Seen2025-05-08 17:56 Times Seen2575 Hash 398d45527ac0f5c79f262839f98ec3f1 960b8b802581eead9fa02ff4483a85d2b7cf939a 76da592798ee5b41a444eebf66d08d461bc826db30df367fd21c85862ca82db0 Loading...

	userstatics.com/get/script.js?referrer=https://marcuswinshowllcpay4dportal.pages.dev/	ScriptElement	133 B	2023-11-04	2025-05-10
Pretty URL userstatics.com/get/script.js?referrer=https://marcuswinshowllcpay4dportal.pages.dev/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-04 00:48 Last Seen2025-05-10 21:45 Times Seen3830 Hash fea7fbf2c619fd4b7716fcaa64070c6c f192732937981a26f526b7c1293a2ae13bc59a22 df9690fea031319de38a437cb6d393026c4aae70642ed394c4254ed64f035b26 Loading...

HTTP Transactions (9)

URL IP Response Size

marcuswinshowllcpay4dportal.pages.dev/images/49_6ffe0a92d779c878835b40171ffc2e13.jpg

172.66.45.17

200 OK

18 kB

URL GET HTTP/3
marcuswinshowllcpay4dportal.pages.dev/images/49_6ffe0a92d779c878835b40171ffc2e13.jpg
IP
172.66.45.17:443
ASN
#13335 CLOUDFLARENET

Requested by
https://marcuswinshowllcpay4dportal.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectmarcuswinshowllcpay4dportal.pages.dev
FingerprintAE:15:C5:6D:69:02:DB:C1:5D:26:7A:6A:83:87:F9:C5:DC:C9:2C:88
ValidityThu, 30 Nov 2023 02:19:25 GMT - Wed, 28 Feb 2024 02:19:24 GMT

File type
JPEG image data, baseline, precision 8, 1920x1080, components 3\012- data
Size
18 kB (17453 bytes)
Hash
7916a894ebde7d29c2cc29b267f1299f
78345ca08f9e2c3c2cc9b318950791b349211296
d8f5ab3e00202fd3b45be1acd95d677b137064001e171bc79b06826d98f1e1d3

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Outlook

HTTP Headers

GET /images/49_6ffe0a92d779c878835b40171ffc2e13.jpg HTTP/1.1
Host: marcuswinshowllcpay4dportal.pages.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://marcuswinshowllcpay4dportal.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: PHPREFS=full
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 30 Nov 2023 13:37:24 GMT
content-type: image/jpeg
content-length: 17453
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "dd1e8965e19715d050ff4fccd72fa3e3"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fMrp7COsb2pu1N8jbr6zdiLgnDcsdGX4j6z%2Fw9qwr468xdSbenNKsPX2vZoNAXvEng1U09JoitkizaSX8yLPvUQqkMWy08BUs2qEngQfpu%2BlocCtB7XJUGOAuWJPKp1ESMKoifSq5%2FWBNSfx1noEfgamPZzS6CqD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e37c1c9a88568d-OSL
alt-svc: h3=":443"; ma=86400

marcuswinshowllcpay4dportal.pages.dev/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico

172.66.45.17

200 OK

17 kB

URL GET HTTP/3
marcuswinshowllcpay4dportal.pages.dev/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
IP
172.66.45.17:443
ASN
#13335 CLOUDFLARENET

Requested by
https://marcuswinshowllcpay4dportal.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectmarcuswinshowllcpay4dportal.pages.dev
FingerprintAE:15:C5:6D:69:02:DB:C1:5D:26:7A:6A:83:87:F9:C5:DC:C9:2C:88
ValidityThu, 30 Nov 2023 02:19:25 GMT - Wed, 28 Feb 2024 02:19:24 GMT

File type
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors\012- data
Size
17 kB (17174 bytes)
Hash
12e3dac858061d088023b2bd48e2fa96
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Outlook

HTTP Headers

GET /images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1
Host: marcuswinshowllcpay4dportal.pages.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://marcuswinshowllcpay4dportal.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: PHPREFS=full
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 30 Nov 2023 13:37:24 GMT
content-type: image/x-icon
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"b52ae8d8fe9d158bb668e6c4d9c14505"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EJg9jCUyscDQbpEaMNoglRxV1%2F%2BM3IegrjmCmsqf2MCvL6%2BB7r5weWjGI%2BzCxdm7GPHDjPw0ViUf9ZkSJtDLqtJ4QbzD2XFkIp3Ruyp2jzIkCKVV3PRHGDUXv1E8FEo3GeX07P%2FoefGED0UpbANdpXd9DuBsi2FP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e37c1debda568d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

userstatics.com/get/script.js?referrer=https://marcuswinshowllcpay4dportal.pages.dev/

0.0.0.0

0 B

URL GET
userstatics.com/get/script.js?referrer=https://marcuswinshowllcpay4dportal.pages.dev/
IP
0.0.0.0:0
ASN
#0

Requested by
https://marcuswinshowllcpay4dportal.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectuserstatics.com
FingerprintE9:1B:42:AA:7D:5C:95:3F:D8:57:73:1E:03:24:49:0B:45:8E:2A:E9
ValidityTue, 03 Oct 2023 06:07:05 GMT - Mon, 01 Jan 2024 06:07:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /get/script.js?referrer=https://marcuswinshowllcpay4dportal.pages.dev/ HTTP/1.1
Host: userstatics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://marcuswinshowllcpay4dportal.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 30 Nov 2023 13:37:25 GMT
content-type: text/html; charset=utf-8
x-powered-by: PHP/8.2.1
access-control-allow-origin: https://marcuswinshowllcpay4dportal.pages.dev
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JK1sM1usd4T1TNimdqGtqub0TJ1QckRZXlQB0WteW%2B19qTJ864jUdqDN%2B8z8rNCKVXFvmNhS36ASi%2Bhwy02%2Fckq%2FlPP8s6Hcq6qJ4NvhXB2YvRvW%2FidryXPP1IXjj30fFRE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e37c231c6a568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

marcuswinshowllcpay4dportal.pages.dev/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg

172.66.45.17

200 OK

513 B

URL GET HTTP/3
marcuswinshowllcpay4dportal.pages.dev/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
IP
172.66.45.17:443
ASN
#13335 CLOUDFLARENET

Requested by
https://marcuswinshowllcpay4dportal.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectmarcuswinshowllcpay4dportal.pages.dev
FingerprintAE:15:C5:6D:69:02:DB:C1:5D:26:7A:6A:83:87:F9:C5:DC:C9:2C:88
ValidityThu, 30 Nov 2023 02:19:25 GMT - Wed, 28 Feb 2024 02:19:24 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (529), with no line terminators
Size
513 B (513 bytes)
Hash
adc405f5fd089662209870ca5d2106f7
3a8b776df84bf251afc6ddd802cc5bbeddfb0e36
e7bacc97751689afaae192e103fe9851664365c57c7d783560860ad456db7e49

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Outlook

HTTP Headers

GET /images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1
Host: marcuswinshowllcpay4dportal.pages.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://marcuswinshowllcpay4dportal.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 30 Nov 2023 13:37:23 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"c82adc30a8a632fafbe128b726ff2959"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bR4wrDa2FEHD4DOoKSM0%2FjIgZAx%2FPuod61DOjTSi70djjPq1vyB84niG%2FfGfhNQdgOAMlhK8WM6W1pl6RfpqAI153cduijfYA23HIv72%2FeI6cByF3a8C7Dv5kVuDRWDfCIVovIqVer1u%2FPIiCTnupApmh0Kgvbaz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e37c192eaf568d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

marcuswinshowllcpay4dportal.pages.dev/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg

172.66.45.17

200 OK

1.6 kB

URL GET HTTP/3
marcuswinshowllcpay4dportal.pages.dev/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg
IP
172.66.45.17:443
ASN
#13335 CLOUDFLARENET

Requested by
https://marcuswinshowllcpay4dportal.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectmarcuswinshowllcpay4dportal.pages.dev
FingerprintAE:15:C5:6D:69:02:DB:C1:5D:26:7A:6A:83:87:F9:C5:DC:C9:2C:88
ValidityThu, 30 Nov 2023 02:19:25 GMT - Wed, 28 Feb 2024 02:19:24 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (1610), with no line terminators
Size
1.6 kB (1592 bytes)
Hash
5f537bdaf0abffdf68cd724aecbff862
8e7374588d8d6e040d895c8f9544a03a2607624a
95c3344a39214720e9ae58b0e03ae17b01bb476ae76e90eb32b5f85b1f3e6e8c

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Outlook

HTTP Headers

GET /images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1
Host: marcuswinshowllcpay4dportal.pages.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://marcuswinshowllcpay4dportal.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 30 Nov 2023 13:37:23 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"421ef279514aa4528dde495826e04bfd"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bc5KKwQN7XYuRRkjEIz46LXU0RRwRgxoOXGJT12YjuRH%2FvyZcuNvWitnrMlte5t4OKtVqWe2opIWRnbOmfgUJgV2DG7kyRdE7SJrr%2BHs%2Fveswv144PDcRg05Umq7ABOlNRlh1V%2BOSmURXRW%2BAYpXRmREShi86cKn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e37c192eb2568d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

marcuswinshowllcpay4dportal.pages.dev/

172.66.45.17

200 OK

113 kB

URL GET HTTP/3
marcuswinshowllcpay4dportal.pages.dev/
IP
172.66.45.17:443
ASN
#13335 CLOUDFLARENET

Requested by
https://marcuswinshowllcpay4dportal.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectmarcuswinshowllcpay4dportal.pages.dev
FingerprintAE:15:C5:6D:69:02:DB:C1:5D:26:7A:6A:83:87:F9:C5:DC:C9:2C:88
ValidityThu, 30 Nov 2023 02:19:25 GMT - Wed, 28 Feb 2024 02:19:24 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65180)
Size
113 kB (112732 bytes)
Hash
0d3766c193c74a111097a8bcde85716e
c61beeab4f4b7170883a65f3090f532f39ab8758
a03d25e086674656db2fb23fccde708d898744495639a90492d940e1ce0ac26e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Outlook

HTTP Headers

GET / HTTP/1.1
Host: marcuswinshowllcpay4dportal.pages.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://marcuswinshowllcpay4dportal.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: PHPREFS=full
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 30 Nov 2023 13:37:24 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"74f38cad60ef93fc750fc3dbbbe73f3a"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fr8WBktkIjM4vnjIbPSAaHDnavo0FLxNuYmIqLb90J0IOcquQcR2cZb%2FTX9nZtPunqr5dliydC6LSMXp7RmI%2B3Sh2TEgur%2FREPDB7dg6Wmn195IWqXLtPql0QFVReqUh6hjb5jqP3712NAIyR0bnVpRMieiJI2ZO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e37c1d0b07568d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

marcuswinshowllcpay4dportal.pages.dev/

172.66.45.17

200 OK

113 kB

URL User Request GET HTTP/2
marcuswinshowllcpay4dportal.pages.dev/
IP
172.66.45.17:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectmarcuswinshowllcpay4dportal.pages.dev
FingerprintAE:15:C5:6D:69:02:DB:C1:5D:26:7A:6A:83:87:F9:C5:DC:C9:2C:88
ValidityThu, 30 Nov 2023 02:19:25 GMT - Wed, 28 Feb 2024 02:19:24 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65180)
Size
113 kB (112732 bytes)
Hash
0d3766c193c74a111097a8bcde85716e
c61beeab4f4b7170883a65f3090f532f39ab8758
a03d25e086674656db2fb23fccde708d898744495639a90492d940e1ce0ac26e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Outlook

HTTP Headers

GET / HTTP/1.1
Host: marcuswinshowllcpay4dportal.pages.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 30 Nov 2023 13:37:23 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"74f38cad60ef93fc750fc3dbbbe73f3a"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v%2FtAjtDhTGcr15xe6wi%2F8OhxfX0EquZPqnVSpkE%2BestVR7qkr8JincJXigCzxlkRKCjl%2BEt2N%2BNT1LmR9ZJdGyYyn27JU%2BHLwBVJqYJEs%2FJHyNd%2BWR8l6VdmwnCJV3AnZHVBQlPGOb0KSIZjVa%2F9r9FiE5%2FKujyQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e37c16eb200b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

marcuswinshowllcpay4dportal.pages.dev/js/jquery-3.1.1.min.js

172.66.45.17

200 OK

87 kB

URL GET HTTP/3
marcuswinshowllcpay4dportal.pages.dev/js/jquery-3.1.1.min.js
IP
172.66.45.17:443
ASN
#13335 CLOUDFLARENET

Requested by
https://marcuswinshowllcpay4dportal.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectmarcuswinshowllcpay4dportal.pages.dev
FingerprintAE:15:C5:6D:69:02:DB:C1:5D:26:7A:6A:83:87:F9:C5:DC:C9:2C:88
ValidityThu, 30 Nov 2023 02:19:25 GMT - Wed, 28 Feb 2024 02:19:24 GMT

File type
ASCII text, with very long lines (32480)
Size
87 kB (87171 bytes)
Hash
739c3988a47d0a804e285941f8906e14
723c31593daa66d3040405400aa737c57a3a6f1c
b73391e74cbece5c12b809114e8ce90285812ef73d533ffa3401d7d716ae0eaa

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Outlook

HTTP Headers

GET /js/jquery-3.1.1.min.js HTTP/1.1
Host: marcuswinshowllcpay4dportal.pages.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://marcuswinshowllcpay4dportal.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 30 Nov 2023 13:37:23 GMT
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"41732f0508db8d0b64006feea5be1dba"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AYOQW8y8o3RSEkNpFv5%2FKEw6hQhzGsX96rFMnRDLlXpRyOYM8AySQsDk2d%2FzJviAJKPM5fS7cvYGAe6hyoPDcH3R5KbiunEyIr2zpqHSm2pOcfzdmf3u%2BJbWULB10fOZpBrLpiscSY1wRVZQwjjAP%2Bn8CtqeEJ%2F2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e37c192ea6568d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

marcuswinshowllcpay4dportal.pages.dev/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg

172.66.45.17

200 OK

3.7 kB

URL GET HTTP/3
marcuswinshowllcpay4dportal.pages.dev/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
IP
172.66.45.17:443
ASN
#13335 CLOUDFLARENET

Requested by
https://marcuswinshowllcpay4dportal.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectmarcuswinshowllcpay4dportal.pages.dev
FingerprintAE:15:C5:6D:69:02:DB:C1:5D:26:7A:6A:83:87:F9:C5:DC:C9:2C:88
ValidityThu, 30 Nov 2023 02:19:25 GMT - Wed, 28 Feb 2024 02:19:24 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (3695), with no line terminators
Size
3.7 kB (3651 bytes)
Hash
d633a913e6f3b1f45774b9874dfc85e0
5ba1344048578062c93cfddfdf8458477eaca476
c1fbfbd9a81fc4d9c9539a65bdfb4c6738926b8d4681b0346706196413e92714

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Outlook

HTTP Headers

GET /images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1
Host: marcuswinshowllcpay4dportal.pages.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://marcuswinshowllcpay4dportal.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 30 Nov 2023 13:37:23 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"b4d7a556445aa167d4959571a81c93db"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KcBm%2BXMqqKlN6arE70t3kHX9CO1gZCl%2FnWG35efQ%2Fy6HoT03JicMsx2tiHkm89KlI%2B1hLhpRd38rAPPw48%2FXwuyPXMkRZKCpm5a3ZgrSrgtd8XCwXPS1KLx8r%2BWyDoFPf5p3HzS1Iv7XIKWm5DSMJouyHXIIl7%2Bf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e37c192ead568d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (9)

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections