Report - link.edgepilot.com/s/0b848d09/kMj1IlqpoUGVh6yffdc6hw?u=https://buckscountypublicadjuster.net/i/bG1vbnRhbGJhbm9AY3Jvc3NyaXZlcmJhbmsuY29t

Report Overview

Visited public
2024-07-02 13:59:10
Tags
microsoft phishing outlook
Submit Tags
URL
link.edgepilot.com/s/0b848d09/kMj1IlqpoUGVh6yffdc6hw?u=https://buckscountypublicadjuster.net/i/bG1vbnRhbGJhbm9AY3Jvc3NyaXZlcmJhbmsuY29t
Finishing URL
cooked-short-lunge.glitch.me/#lmontalbano@crossriverbank.com
IP / ASN
199.30.234.133
#13380 ASN-CUST
Title
Outlook Web App
Phishing - Microsoft
Phishing - Generic phishing
Phishing - Microsoft Outlook

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-01 18:12:04	2.0 kB	5.3 kB	95.100.155.75
link.edgepilot.com	52195	2009-01-22	2020-08-20 19:28:50	2024-05-07 13:33:48	2.4 kB	5.5 kB	199.30.234.133
code.jquery.com	634	2005-12-10	2012-05-21 19:28:02	2024-07-02 07:18:54	445 B	31 kB	151.101.66.137
buckscountypublicadjuster.net	unknown	unknown	No data	No data	564 B	328 B	104.247.77.61
cooked-short-lunge.glitch.me	unknown	unknown	No data	No data	2.2 kB	817 kB	3.209.36.135
wafsd.com	unknown	2023-09-07	2023-11-29 16:10:01	2024-04-17 23:18:22	1.4 kB	119 kB	195.35.33.215

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-07-02 13:58:47	medium	Client IP	3.209.36.135	ET HUNTING Suspicious Glitch Hosted TLS SNI Request - Possible Phishing Landing
2024-07-02 13:58:47	low	Client IP	3.209.36.135	ET INFO Observed Online Application Hosting Domain (glitch .me in TLS SNI)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (9)

	URL	From	Size	First Seen	Last Seen
	cooked-short-lunge.glitch.me/#lmontalbano@crossriverbank.com	ScriptElement	404 kB	2024-07-02	2024-08-19
Pretty URL cooked-short-lunge.glitch.me/#lmontalbano@crossriverbank.com IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-07-02 15:47 Last Seen2024-08-19 18:21 Times Seen51 Hash 7cb5484985e6ae85d07c926eb52fe09e 31930c03be3c817ed98fc56ee0bfa87b492dd909 1ec28f564a4098f6bd0ff57d91c6e2a83885721aa78e03e0827147a1718fa772 Loading...

	unknown	ScriptElement	1.8 kB	2024-01-19	2025-01-08
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-19 15:54 Last Seen2025-01-08 17:06 Times Seen91 Hash 7cb5bad3ea88ffc675606a076f1f1161 f349cbcf63836a55435bf4fc853912b2dc6d4cb6 98aeff545d29fb93be0c5274ba8443dfae892564d2bcd0b83b792da33d3a5b75 Loading...

	unknown	ScriptElement	179 B	2024-01-19	2025-01-08
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-19 15:54 Last Seen2025-01-08 17:06 Times Seen91 Hash b10d5f358d8599d84e3de0574747804e 8afab108e0ece90968549ff805d1a4048db211c3 c51b81148d87a9477bffd19158fabed6043ff792da3311cd5776cdf3056cd6cc Loading...

	unknown	ScriptElement	4.7 kB	2024-07-02	2024-08-19
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-07-02 15:47 Last Seen2024-08-19 18:21 Times Seen51 Hash 705dfc0e09fd79f9e3412d9512686d57 e163183ef06eca80fc9a886f0af9bc9f0b8512ea 705fc9353f425bc7ec08daf755d294f79c830eccae274eca72b573cba2ca9a05 Loading...

	unknown	ScriptElement	10 kB	2024-01-19	2025-01-08
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-19 15:54 Last Seen2025-01-08 17:06 Times Seen91 Hash 6a0534354def4ad8da43f21c87f9b467 be6c84d7dd3f30b397906a297a4fe8ba0d736aaa b37d8e6ac49794bd75757434de38934eb31e64a21c594bf24261cfa39e8963b6 Loading...

	unknown	ScriptElement	1.7 kB	2024-01-19	2025-01-08
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-19 15:54 Last Seen2025-01-08 17:06 Times Seen91 Hash ae0b69a20642340e8ed2e60e4b900b9c f78d8c41c23285594b86540167cf2ae2b568954d 976adf5b493e997df460c3718d02f74e92afe0e82fe5cd9f106041aea09d8975 Loading...

	unknown	ScriptElement	31 B	2024-01-19	2025-01-08
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-19 15:54 Last Seen2025-01-08 17:06 Times Seen91 Hash 52ba7c53b3c5e52f398f0791cdfc3511 d187447120b2bab0ab044d2f7108ed522b88faf9 a2b38019e4d84386273c2153e17401713a00b444da7b2fc023c2562d6a21d14e Loading...

	unknown	ScriptElement	144 B	2024-01-19	2025-01-08
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-19 15:54 Last Seen2025-01-08 17:06 Times Seen91 Hash b86c20af41168e6b2499bd3c1e122815 ec425411da56479948db1c69e068e31f5f4c833f 33540a1ee0e497f0cf635e6ca4c1c7e49df15396a1f1b3181acaa3765f680508 Loading...

		Size	First Seen	Last Seen
	#1 Write - fedfd6fcb838d4a9803055c29801421c	54 kB	2024-07-02 15:47	2024-08-19 18:21
Pretty Observations First Seen2024-07-02 15:47 Last Seen2024-08-19 18:21 Times Seen50 Hash fedfd6fcb838d4a9803055c29801421c 66ed0d4e79fe9910347962c0308f8cef603c8e74 1ffaabae2890f971599ea9481be238026fa635a84044ad5ad34a4867bf7e567f Loading...

HTTP Transactions (19)

URL IP Response Size

r10.o.lencr.org/

95.100.155.75

504 B

URL
r10.o.lencr.org/
IP
95.100.155.75:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
b8ee6ca153df6819132dd5d8a6ba5c76
0ed0f0f631777272bd71ba23719e71695c9d95e1
bdca7ce7bb6febd6a6afb56a828cf4422c1a8971524484e8128cafad8e6b3367

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "BDCA7CE7BB6FEBD6A6AFB56A828CF4422C1A8971524484E8128CAFAD8E6B3367"
Last-Modified: Tue, 02 Jul 2024 11:47:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20341
Expires: Tue, 02 Jul 2024 19:37:45 GMT
Date: Tue, 02 Jul 2024 13:58:44 GMT
Connection: keep-alive

link.edgepilot.com/s/0b848d09/kMj1IlqpoUGVh6yffdc6hw?u=https://buckscountypublicadjuster.net/i/bG1vbnRhbGJhbm9AY3Jvc3NyaXZlcmJhbmsuY29t

199.30.234.133

2.5 kB

URL
link.edgepilot.com/s/0b848d09/kMj1IlqpoUGVh6yffdc6hw?u=https://buckscountypublicadjuster.net/i/bG1vbnRhbGJhbm9AY3Jvc3NyaXZlcmJhbmsuY29t
IP
199.30.234.133:0
ASN
#13380 ASN-CUST

File type
HTML document, ASCII text
Size
2.5 kB (2533 bytes)
Hash
be9dac1aa4d8116ee2475a577e7b217a
14af1c5a54b14c332363652a65b93d4221ca3697
0ed5e78420fc012e441b2003e2f84bf023eb9a8639a38aaed96bb50da527349c

HTTP Headers

GET /s/0b848d09/kMj1IlqpoUGVh6yffdc6hw?u=https://buckscountypublicadjuster.net/i/bG1vbnRhbGJhbm9AY3Jvc3NyaXZlcmJhbmsuY29t HTTP/1.1
Host: link.edgepilot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 02 Jul 2024 13:58:45 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2533
Connection: keep-alive
Cache-Control: no-cache

code.jquery.com/jquery-3.2.1.min.js

151.101.66.137

30 kB

URL
code.jquery.com/jquery-3.2.1.min.js
IP
151.101.66.137:0
ASN
#54113 FASTLY

File type
JavaScript source, ASCII text, with very long lines (32058)
Size
30 kB (30125 bytes)
Hash
c9f5aeeca3ad37bf2aa006139b935f0a
1055018c28ab41087ef9ccefe411606893dabea2
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

HTTP Headers

GET /jquery-3.2.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://link.edgepilot.com
DNT: 1
Connection: keep-alive
Referer: https://link.edgepilot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15283"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 02 Jul 2024 13:58:45 GMT
age: 14477291
x-served-by: cache-lga21971-LGA, cache-hel1410029-HEL
x-cache: HIT, HIT
x-cache-hits: 29, 10635
x-timer: S1719928726.543220,VS0,VE0
vary: Accept-Encoding
content-length: 30125
X-Firefox-Spdy: h2

link.edgepilot.com/css/app.css?v=1

199.30.234.133

819 B

URL
link.edgepilot.com/css/app.css?v=1
IP
199.30.234.133:0
ASN
#13380 ASN-CUST

File type
ASCII text
Size
819 B (819 bytes)
Hash
959f46f67438369c413f903156848bd0
0daf348389da6ce4dcc2cbe71e0589c26f6bbdab
8c52987fbc48500c2a81bd52f81d44324e31e7ecadbebd111a02f912be232cfd

HTTP Headers

GET /css/app.css?v=1 HTTP/1.1
Host: link.edgepilot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://link.edgepilot.com/s/0b848d09/kMj1IlqpoUGVh6yffdc6hw?u=https://buckscountypublicadjuster.net/i/bG1vbnRhbGJhbm9AY3Jvc3NyaXZlcmJhbmsuY29t
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 02 Jul 2024 13:58:45 GMT
Content-Type: text/css
Content-Length: 819
Last-Modified: Wed, 01 Mar 2023 20:35:57 GMT
Connection: keep-alive
ETag: "63ffb72d-333"
Cache-Control: max-age
Accept-Ranges: bytes

link.edgepilot.com/favicon.ico

199.30.234.133

1.3 kB

URL
link.edgepilot.com/favicon.ico
IP
199.30.234.133:0
ASN
#13380 ASN-CUST

File type
HTML document, ASCII text
Size
1.3 kB (1310 bytes)
Hash
5fd6c81e2d45bd71ef47570f15eb622a
474672baf3bf959b770a21ed2ad0fd6c3eac424c
c0f777284d7d75a641591d10d3cd99457f19f816fb3c6e2e6ab295f3eda52e99

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: link.edgepilot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://link.edgepilot.com/s/0b848d09/kMj1IlqpoUGVh6yffdc6hw?u=https://buckscountypublicadjuster.net/i/bG1vbnRhbGJhbm9AY3Jvc3NyaXZlcmJhbmsuY29t
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 02 Jul 2024 13:58:45 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1310
Connection: keep-alive
Cache-Control: no-cache

r10.o.lencr.org/

95.100.155.75

504 B

URL
r10.o.lencr.org/
IP
95.100.155.75:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
c4b71305103f33b56dd398fb1f3fa9fe
6237cf96ced2a5d69a73769180ae8250221727ea
4120fbb0536a3608210c487750025bea2ff87804924732c527207e00add13a34

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "4120FBB0536A3608210C487750025BEA2FF87804924732C527207E00ADD13A34"
Last-Modified: Sun, 30 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10566
Expires: Tue, 02 Jul 2024 16:54:52 GMT
Date: Tue, 02 Jul 2024 13:58:46 GMT
Connection: keep-alive

r10.o.lencr.org/

95.100.155.75

504 B

URL
r10.o.lencr.org/
IP
95.100.155.75:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
c4b71305103f33b56dd398fb1f3fa9fe
6237cf96ced2a5d69a73769180ae8250221727ea
4120fbb0536a3608210c487750025bea2ff87804924732c527207e00add13a34

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "4120FBB0536A3608210C487750025BEA2FF87804924732C527207E00ADD13A34"
Last-Modified: Sun, 30 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10566
Expires: Tue, 02 Jul 2024 16:54:52 GMT
Date: Tue, 02 Jul 2024 13:58:46 GMT
Connection: keep-alive

r10.o.lencr.org/

95.100.155.75

504 B

URL
r10.o.lencr.org/
IP
95.100.155.75:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
c4b71305103f33b56dd398fb1f3fa9fe
6237cf96ced2a5d69a73769180ae8250221727ea
4120fbb0536a3608210c487750025bea2ff87804924732c527207e00add13a34

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "4120FBB0536A3608210C487750025BEA2FF87804924732C527207E00ADD13A34"
Last-Modified: Sun, 30 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10566
Expires: Tue, 02 Jul 2024 16:54:52 GMT
Date: Tue, 02 Jul 2024 13:58:46 GMT
Connection: keep-alive

r10.o.lencr.org/

95.100.155.75

504 B

URL
r10.o.lencr.org/
IP
95.100.155.75:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
c4b71305103f33b56dd398fb1f3fa9fe
6237cf96ced2a5d69a73769180ae8250221727ea
4120fbb0536a3608210c487750025bea2ff87804924732c527207e00add13a34

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "4120FBB0536A3608210C487750025BEA2FF87804924732C527207E00ADD13A34"
Last-Modified: Sun, 30 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10566
Expires: Tue, 02 Jul 2024 16:54:52 GMT
Date: Tue, 02 Jul 2024 13:58:46 GMT
Connection: keep-alive

r10.o.lencr.org/

95.100.155.75

504 B

URL
r10.o.lencr.org/
IP
95.100.155.75:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
c4b71305103f33b56dd398fb1f3fa9fe
6237cf96ced2a5d69a73769180ae8250221727ea
4120fbb0536a3608210c487750025bea2ff87804924732c527207e00add13a34

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "4120FBB0536A3608210C487750025BEA2FF87804924732C527207E00ADD13A34"
Last-Modified: Sun, 30 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10566
Expires: Tue, 02 Jul 2024 16:54:52 GMT
Date: Tue, 02 Jul 2024 13:58:46 GMT
Connection: keep-alive

link.edgepilot.com/filter

199.30.234.133

0 B

URL
link.edgepilot.com/filter
IP
199.30.234.133:0
ASN
#13380 ASN-CUST

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /filter HTTP/1.1
Host: link.edgepilot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 290
Origin: https://link.edgepilot.com
DNT: 1
Connection: keep-alive
Referer: https://link.edgepilot.com/s/0b848d09/kMj1IlqpoUGVh6yffdc6hw?u=https://buckscountypublicadjuster.net/i/bG1vbnRhbGJhbm9AY3Jvc3NyaXZlcmJhbmsuY29t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Tue, 02 Jul 2024 13:58:46 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://buckscountypublicadjuster.net/i/bG1vbnRhbGJhbm9AY3Jvc3NyaXZlcmJhbmsuY29t
Cache-Control: no-cache

buckscountypublicadjuster.net/i/bG1vbnRhbGJhbm9AY3Jvc3NyaXZlcmJhbmsuY29t

104.247.77.61

134 B

URL
buckscountypublicadjuster.net/i/bG1vbnRhbGJhbm9AY3Jvc3NyaXZlcmJhbmsuY29t
IP
104.247.77.61:0
ASN
#54641 IMH-IAD

File type
HTML document, ASCII text
Size
134 B (134 bytes)
Hash
4593268963fc83c68fa3442c31d357db
e8886c9917bbb0b6894074daf93cfdd65c856554
f8c65340e5649e3de78967c81050b2239c8aa4a18fd6b708751ea219861bf970

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /i/bG1vbnRhbGJhbm9AY3Jvc3NyaXZlcmJhbmsuY29t HTTP/1.1
Host: buckscountypublicadjuster.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://link.edgepilot.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 02 Jul 2024 13:58:47 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

cooked-short-lunge.glitch.me/

3.209.36.135

404 kB

URL
cooked-short-lunge.glitch.me/
IP
3.209.36.135:0
ASN
#14618 AMAZON-AES

File type
JavaScript source, ASCII text, with very long lines (65500)
Size
404 kB (404341 bytes)
Hash
58451d32a7ab03f48c1dad0e20173a17
f8a313866946e323e1654205c3dd419da32b35d7
da441409aa4e0777fbc22605e65971a52a61c060beb192c2198943622bae0313

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET / HTTP/1.1
Host: cooked-short-lunge.glitch.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://buckscountypublicadjuster.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 02 Jul 2024 13:58:48 GMT
content-type: text/html; charset=utf-8
content-length: 404341
x-amz-id-2: TCiGNOK8ZTQjy6jWrbgX/R3Tjf8bEGdwR9cZXD9Ar0/BywZ5UTJGsyQ3NjNRiewtJtp2mbpTzORo/wx/L7sL/wAnnkz+p2Ce
x-amz-request-id: K75N3YCE399TKD60
last-modified: Tue, 02 Jul 2024 12:35:32 GMT
etag: "58451d32a7ab03f48c1dad0e20173a17"
x-amz-server-side-encryption: AES256
cache-control: no-cache
x-amz-version-id: Ie40ef2MWpc5R1JqaH2sR89teA6u.LBQ
accept-ranges: bytes
server: AmazonS3
X-Firefox-Spdy: h2

GET cooked-short-lunge.glitch.me/owa/auth/15.0.1497/themes/resources/segoeui-semilight.ttf

3.209.36.135

404 Not Found

3.7 kB

URL GET HTTP/2
cooked-short-lunge.glitch.me/owa/auth/15.0.1497/themes/resources/segoeui-semilight.ttf
IP
3.209.36.135:443
ASN
#14618 AMAZON-AES

Requested by
https://cooked-short-lunge.glitch.me/#lmontalbano@crossriverbank.com
Certificate
IssuerAmazon
Subjectglitch.com
Fingerprint57:4F:13:8A:33:42:32:7C:F7:C9:C5:1F:DF:C1:35:65:F0:E9:70:EE
ValidityMon, 04 Dec 2023 00:00:00 GMT - Wed, 01 Jan 2025 23:59:59 GMT

File type
HTML document, ASCII text
Size
3.7 kB (3674 bytes)
Hash
ce0366d3c0ef2d5187efc621c5e7fb00
83f60d035e88968d24178360639a8ad6cc08dc26
2784f6ffefbd5fcae302d112e1629907deed1e36f9c2050ea6d7038eec3f649c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /owa/auth/15.0.1497/themes/resources/segoeui-semilight.ttf HTTP/1.1
Host: cooked-short-lunge.glitch.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cooked-short-lunge.glitch.me/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
date: Tue, 02 Jul 2024 13:58:48 GMT
content-length: 3674
cache-control: max-age=0
X-Firefox-Spdy: h2

GET cooked-short-lunge.glitch.me/owa/auth/15.0.1497/themes/resources/segoeui-regular.ttf

3.209.36.135

404 Not Found

3.7 kB

URL GET HTTP/2
cooked-short-lunge.glitch.me/owa/auth/15.0.1497/themes/resources/segoeui-regular.ttf
IP
3.209.36.135:443
ASN
#14618 AMAZON-AES

Requested by
https://cooked-short-lunge.glitch.me/#lmontalbano@crossriverbank.com
Certificate
IssuerAmazon
Subjectglitch.com
Fingerprint57:4F:13:8A:33:42:32:7C:F7:C9:C5:1F:DF:C1:35:65:F0:E9:70:EE
ValidityMon, 04 Dec 2023 00:00:00 GMT - Wed, 01 Jan 2025 23:59:59 GMT

File type
HTML document, ASCII text
Size
3.7 kB (3674 bytes)
Hash
ce0366d3c0ef2d5187efc621c5e7fb00
83f60d035e88968d24178360639a8ad6cc08dc26
2784f6ffefbd5fcae302d112e1629907deed1e36f9c2050ea6d7038eec3f649c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /owa/auth/15.0.1497/themes/resources/segoeui-regular.ttf HTTP/1.1
Host: cooked-short-lunge.glitch.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cooked-short-lunge.glitch.me/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
date: Tue, 02 Jul 2024 13:58:48 GMT
content-length: 3674
cache-control: max-age=0
X-Firefox-Spdy: h2

GET wafsd.com/new/arsm/media/download-logo.png

195.35.33.215

200 OK

7.7 kB

URL GET HTTP/2
wafsd.com/new/arsm/media/download-logo.png
IP
195.35.33.215:443
ASN
#47583 Hostinger International Limited

Requested by
https://cooked-short-lunge.glitch.me/#lmontalbano@crossriverbank.com
Certificate
IssuerLet's Encrypt
Subjectwafsd.com
FingerprintB9:EC:1B:FD:8B:D8:A1:3A:D7:77:CE:15:EC:C2:FB:0F:D3:E1:41:72
ValiditySun, 16 Jun 2024 19:19:08 GMT - Sat, 14 Sep 2024 19:19:07 GMT

File type
PNG image data, 300 x 76, 8-bit/color RGBA, non-interlaced
Size
7.7 kB (7746 bytes)
Hash
8f66b06c5aedba6a75ce7f9a49619c4a
cef70286faa37d152c3b2af9a60f8340534f1f3d
a7c14ee84d81a536a4cd54e3a144f388f2174a4a5c409ae118ea49f0da6b4aa6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /new/arsm/media/download-logo.png HTTP/1.1
Host: wafsd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cooked-short-lunge.glitch.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 09 Jul 2024 13:58:49 GMT
content-type: image/png
last-modified: Fri, 05 Jan 2024 15:01:56 GMT
etag: "1e42-659819e4-9612b5e74948e7b0;;;"
accept-ranges: bytes
content-length: 7746
date: Tue, 02 Jul 2024 13:58:49 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

GET wafsd.com/new/arsm/media/download.gif

195.35.33.215

200 OK

108 kB

URL GET HTTP/2
wafsd.com/new/arsm/media/download.gif
IP
195.35.33.215:443
ASN
#47583 Hostinger International Limited

Requested by
https://cooked-short-lunge.glitch.me/#lmontalbano@crossriverbank.com
Certificate
IssuerLet's Encrypt
Subjectwafsd.com
FingerprintB9:EC:1B:FD:8B:D8:A1:3A:D7:77:CE:15:EC:C2:FB:0F:D3:E1:41:72
ValiditySun, 16 Jun 2024 19:19:08 GMT - Sat, 14 Sep 2024 19:19:07 GMT

File type
GIF image data, version 89a, 362 x 362
Size
108 kB (108283 bytes)
Hash
be0d9fd5a1c00a70c7cc41abd73709ff
62394a9d43bbffaaa117c0baca9e10d41c397097
2b491e2211f7003c16a9132d78a95753e0315bf30b1977518d65e3a76dccec20

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /new/arsm/media/download.gif HTTP/1.1
Host: wafsd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cooked-short-lunge.glitch.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 09 Jul 2024 13:58:49 GMT
content-type: image/gif
last-modified: Fri, 05 Jan 2024 15:01:56 GMT
etag: "1a6fb-659819e4-8867427b42dc9c;;;"
accept-ranges: bytes
content-length: 108283
date: Tue, 02 Jul 2024 13:58:49 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2

GET wafsd.com/new/arsm/media/favicon.ico

195.35.33.215

1.3 kB

URL GET
wafsd.com/new/arsm/media/favicon.ico
IP
195.35.33.215:0
ASN
#47583 Hostinger International Limited

Requested by
https://cooked-short-lunge.glitch.me/#lmontalbano@crossriverbank.com
Certificate
IssuerLet's Encrypt
Subjectwafsd.com
FingerprintB9:EC:1B:FD:8B:D8:A1:3A:D7:77:CE:15:EC:C2:FB:0F:D3:E1:41:72
ValiditySun, 16 Jun 2024 19:19:08 GMT - Sat, 14 Sep 2024 19:19:07 GMT

File type
MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
Size
1.3 kB (1346 bytes)
Hash
759fade9033aa298629e4b000dcd6dde
34a1adf5c7326d7bde5b5735471b5d81e611c189
cf0808a61ec571e0c4975663903b288009d55502ac0445d9948983b339a5cf6e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /new/arsm/media/favicon.ico HTTP/1.1
Host: wafsd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cooked-short-lunge.glitch.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 09 Jul 2024 13:58:49 GMT
content-type: image/x-icon
last-modified: Fri, 05 Jan 2024 15:01:56 GMT
etag: "1ece-659819e4-4ab91640bc30ae0c;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1346
date: Tue, 02 Jul 2024 13:58:49 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2

GET cooked-short-lunge.glitch.me/

3.209.36.135

200 OK

404 kB

URL User Request GET HTTP/2
cooked-short-lunge.glitch.me/
IP
3.209.36.135:443
ASN
#14618 AMAZON-AES

Certificate
IssuerAmazon
Subjectglitch.com
Fingerprint57:4F:13:8A:33:42:32:7C:F7:C9:C5:1F:DF:C1:35:65:F0:E9:70:EE
ValidityMon, 04 Dec 2023 00:00:00 GMT - Wed, 01 Jan 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65500)
Size
404 kB (404341 bytes)
Hash
58451d32a7ab03f48c1dad0e20173a17
f8a313866946e323e1654205c3dd419da32b35d7
da441409aa4e0777fbc22605e65971a52a61c060beb192c2198943622bae0313

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET / HTTP/1.1
Host: cooked-short-lunge.glitch.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://buckscountypublicadjuster.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 02 Jul 2024 13:58:48 GMT
content-type: text/html; charset=utf-8
content-length: 404341
x-amz-id-2: TCiGNOK8ZTQjy6jWrbgX/R3Tjf8bEGdwR9cZXD9Ar0/BywZ5UTJGsyQ3NjNRiewtJtp2mbpTzORo/wx/L7sL/wAnnkz+p2Ce
x-amz-request-id: K75N3YCE399TKD60
last-modified: Tue, 02 Jul 2024 12:35:32 GMT
etag: "58451d32a7ab03f48c1dad0e20173a17"
x-amz-server-side-encryption: AES256
cache-control: no-cache
x-amz-version-id: Ie40ef2MWpc5R1JqaH2sR89teA6u.LBQ
accept-ranges: bytes
server: AmazonS3
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (19)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL