Report - www.3tem.cloud/

Report Overview

Visited public
2024-12-12 09:39:34
Tags
URL
www.3tem.cloud/
Finishing URL
www.3tem.cloud/login.php
IP / ASN
172.67.177.50
#13335 CLOUDFLARENET
Title
3tem.cloud/login.php

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.3tem.cloud	unknown	2022-06-24	2023-08-11	2024-10-25	4.5 kB	1.6 MB	104.21.59.119
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2024-12-11	437 B	1.9 kB	142.250.74.106
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2024-12-11	1.0 kB	39 kB	216.58.207.227

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-12-11	medium	www.3tem.cloud/	Generic/Spear Phishing
2024-12-11	medium	www.3tem.cloud/	Generic/Spear Phishing
2024-12-11	medium	www.3tem.cloud/	Generic/Spear Phishing
2024-12-11	medium	www.3tem.cloud/	Generic/Spear Phishing
2024-12-11	medium	www.3tem.cloud/	Generic/Spear Phishing
2024-12-11	medium	www.3tem.cloud/	Generic/Spear Phishing
2024-12-11	medium	www.3tem.cloud/	Generic/Spear Phishing
2024-12-11	medium	www.3tem.cloud/	Generic/Spear Phishing
2024-12-11	medium	www.3tem.cloud/	Generic/Spear Phishing

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (5)

	URL	Size	First Seen	Last Seen
	www.3tem.cloud/login.php	0 B	0001-01-01 00:00	2024-12-26 10:21
Pretty URL www.3tem.cloud/login.php IP 104.21.59.119 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2024-12-26 10:21 Times Seen3626315 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.3tem.cloud/acme/js/jquery-1.10.2.min.js	93 kB	2023-03-07 01:16	2024-12-26 04:41
Pretty URL www.3tem.cloud/acme/js/jquery-1.10.2.min.js IP 104.21.59.119 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:16 Last Seen2024-12-26 04:41 Times Seen515 Hash 841dc30647f93349b7d8ef61deebe411 e0f962936599a6cd266f004b9d04b29d46811483 c3a7b608ebfa8d1dfe658bc119e6236a6aaf878a779e7c560aa11dd30881a56a Loading...

	www.3tem.cloud/login.php	0 B	0001-01-01 00:00	2024-12-26 10:21
Pretty URL www.3tem.cloud/login.php IP 104.21.59.119 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2024-12-26 10:21 Times Seen3626315 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.3tem.cloud/require/CRUD_JS.min.js	3.5 MB	2024-12-12 09:39	2024-12-12 09:39
Pretty URL www.3tem.cloud/require/CRUD_JS.min.js IP 104.21.59.119 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-12 09:39 Last Seen2024-12-12 09:39 Times Seen1 Hash 5ed85cb79e94403d907611929dd94ed3 fd6dc5195d2ce50ba52d9b86ce3322f2b2bbd6c4 667b87009a143ef36300e31c1c0703dbca2199cc88d460733f40a69265d5cea6 Loading...

		Size	First Seen	Last Seen
	#1 Write - b284b457c8ddab7f2d5f5b5964d2e584	41 B	2023-03-07 01:03	2024-12-21 14:10
Pretty Observations First Seen2023-03-07 01:03 Last Seen2024-12-21 14:10 Times Seen145 Hash b284b457c8ddab7f2d5f5b5964d2e584 a0ae59abcc6beed9e77b9edcc471e2297a4e1edf 3811862b7a09be8d60b0f14bdeed14a6ace4da84575ba657d89df6f2a6139179 Loading...

HTTP Transactions (12)

URL IP Response Size

fonts.googleapis.com/css?family=Roboto:400,500,300

142.250.74.106

200 OK

1.2 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:400,500,300
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.3tem.cloud/login.php
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
FingerprintD4:A3:E0:67:E1:FB:D8:0C:7B:58:AE:DA:81:4F:CA:47:9A:07:6E:5B
ValidityMon, 04 Nov 2024 08:38:51 GMT - Mon, 27 Jan 2025 08:38:50 GMT

File type
gzip compressed data, max compression
Size
1.2 kB (1197 bytes)
Hash
bdc4283ed43dd10e7e6926fecd6167cd
6f368cda541c77baa511302d1da18c144b15b298
fc5abe278bf87248f665173a97c92cd559db377a44da74e7c472e42c3c58bdc8

HTTP Headers

GET /css?family=Roboto:400,500,300 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.3tem.cloud/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 12 Dec 2024 09:39:08 GMT
date: Thu, 12 Dec 2024 09:39:08 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

216.58.207.227

200 OK

18 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://www.3tem.cloud/login.php
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint5E:64:A9:4C:59:5A:8F:EC:57:D9:7F:C4:7E:70:AC:88:F2:67:F1:79
ValidityMon, 04 Nov 2024 08:38:50 GMT - Mon, 27 Jan 2025 08:38:49 GMT

File type
Web Open Font Format (Version 2), TrueType, length 18492, version 1.0
Size
18 kB (18492 bytes)
Hash
7fda4c62c1bdeae7a08e6fd438104bac
b1f626e78f5f6d7be993303a49eb81f0fa4ce57c
4dbd328e347e890a801d51f9a5f8d38a3efd51ec34c0aa22cc83d0a95d6d9d71

HTTP Headers

GET /s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.3tem.cloud
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18492
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 06 Dec 2024 19:05:43 GMT
expires: Sat, 06 Dec 2025 19:05:43 GMT
cache-control: public, max-age=31536000
age: 484405
last-modified: Thu, 01 Aug 2024 20:41:19 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

18 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://www.3tem.cloud/login.php
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint5E:64:A9:4C:59:5A:8F:EC:57:D9:7F:C4:7E:70:AC:88:F2:67:F1:79
ValidityMon, 04 Nov 2024 08:38:50 GMT - Mon, 27 Jan 2025 08:38:49 GMT

File type
Web Open Font Format (Version 2), TrueType, length 18536, version 1.0
Size
18 kB (18536 bytes)
Hash
8eff0b8045fd1959e117f85654ae7770
227fee13ceb7c410b5c0bb8000258b6643cb6255
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

HTTP Headers

GET /s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.3tem.cloud
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18536
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 06 Dec 2024 19:08:18 GMT
expires: Sat, 06 Dec 2025 19:08:18 GMT
cache-control: public, max-age=31536000
age: 484250
last-modified: Thu, 01 Aug 2024 20:41:24 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.3tem.cloud/design/images/favicon.png

104.21.59.119

200 OK

15 kB

URL GET HTTP/3
www.3tem.cloud/design/images/favicon.png
IP
104.21.59.119:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.3tem.cloud/login.php
Certificate
IssuerGoogle Trust Services
Subject3tem.cloud
FingerprintFA:4D:91:EF:74:8E:C7:DE:78:5E:24:52:26:A1:DF:BA:06:BA:F5:40
ValidityThu, 28 Nov 2024 18:18:00 GMT - Wed, 26 Feb 2025 18:17:59 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Size
15 kB (15278 bytes)
Hash
a0f26b42728cbae20fbe1c4a81920d9c
078411b7c3b7ea13505f9c5de039c83c6260409d
f74900aeabfa8de7915af3dc19eb230a6106080ee7f2f8130e772fda9fd51e7c

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /design/images/favicon.png HTTP/1.1
Host: www.3tem.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.3tem.cloud/login.php
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=5cca3b77881ae205ded383923492e8e5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 12 Dec 2024 09:39:09 GMT
content-type: image/png
content-length: 15278
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
last-modified: Thu, 21 Oct 2021 07:16:39 GMT
etag: "180e56-3bae-5ced7acfb63c0"
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4g%2BFXuRgsoirzFw%2FAoweXU32cNV6cOGEG%2FcEFEmDToDyqRN8Elt4PMQpMdCpc78r2t0oc67IqfMkFGrr1%2BOSTYAE7aQJ1BQiKhokgpNwC2tCljbU8AlbhO%2FCxIFHyOoQgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f0cbedcff4b56ab-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2132&min_rtt=1099&rtt_var=890&sent=872&recv=32&lost=0&retrans=0&sent_bytes=1021873&recv_bytes=3956&delivery_rate=9952677&cwnd=362400&unsent_bytes=0&cid=ec9fd26e6c608f62&ts=1583&x=1", cfExtPri, cfHdrFlush;dur=0

www.3tem.cloud/acme/js/jquery-1.10.2.min.js

104.21.59.119

200 OK

54 kB

URL GET HTTP/3
www.3tem.cloud/acme/js/jquery-1.10.2.min.js
IP
104.21.59.119:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.3tem.cloud/login.php
Certificate
IssuerGoogle Trust Services
Subject3tem.cloud
FingerprintFA:4D:91:EF:74:8E:C7:DE:78:5E:24:52:26:A1:DF:BA:06:BA:F5:40
ValidityThu, 28 Nov 2024 18:18:00 GMT - Wed, 26 Feb 2025 18:17:59 GMT

File type
JavaScript source, ASCII text, with very long lines (32072)
Size
54 kB (54505 bytes)
Hash
841dc30647f93349b7d8ef61deebe411
e0f962936599a6cd266f004b9d04b29d46811483
c3a7b608ebfa8d1dfe658bc119e6236a6aaf878a779e7c560aa11dd30881a56a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /acme/js/jquery-1.10.2.min.js HTTP/1.1
Host: www.3tem.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.3tem.cloud/login.php
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=5cca3b77881ae205ded383923492e8e5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 12 Dec 2024 09:39:08 GMT
content-type: application/javascript
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
last-modified: Wed, 01 Sep 2021 15:27:18 GMT
etag: W/"1602a4-16bb2-5caf0b39e2180-br"
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ynoSmzj1ZwhnJaJn4XgvJmuMBUiUiqRGf8thWXCaDHBvjxcg69o0QheGm6Wst197JaQqsZSr2oQDeW6seudCex7EWofH3oRScyldN5TNlF4E%2B3HSEfSX8gzWIfH%2FfWwvUw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f0cbed69fd856ab-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3837&min_rtt=1949&rtt_var=2237&sent=26&recv=15&lost=0&retrans=0&sent_bytes=14794&recv_bytes=2615&delivery_rate=19936&cwnd=12000&unsent_bytes=0&cid=ec9fd26e6c608f62&ts=584&x=1", cfExtPri, cfHdrFlush;dur=0

www.3tem.cloud/require/CRUD_JS.min.js

104.21.59.119

200 OK

833 kB

URL GET HTTP/3
www.3tem.cloud/require/CRUD_JS.min.js
IP
104.21.59.119:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.3tem.cloud/login.php
Certificate
IssuerGoogle Trust Services
Subject3tem.cloud
FingerprintFA:4D:91:EF:74:8E:C7:DE:78:5E:24:52:26:A1:DF:BA:06:BA:F5:40
ValidityThu, 28 Nov 2024 18:18:00 GMT - Wed, 26 Feb 2025 18:17:59 GMT

File type
JavaScript source, ASCII text, with very long lines (32008)
Size
833 kB (832928 bytes)
Hash
385a53eaeabc1bc25c1b1d39f59f9264
675723e3b27293c4837cf2f2b8cdd45bb72bab95
e3765d00b938e5681b75f738880c6a32b2801fdaca7785e85ebc1aff01904dac

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /require/CRUD_JS.min.js HTTP/1.1
Host: www.3tem.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.3tem.cloud/login.php
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=5cca3b77881ae205ded383923492e8e5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 12 Dec 2024 09:39:08 GMT
content-type: application/javascript
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
last-modified: Mon, 07 Oct 2024 09:29:20 GMT
etag: W/"160470-34ac21-623dfa7ce2ed6-br"
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3lVuuhS9fp%2B2o%2F2OLWZSGqzmYrORJ6mxut4r6JpXvM7PxB2R1BY2t41BTdLOL9LiAZts5FvXtfE2T48WBA6euzYZAxquV6Fm%2FJuLD2CknHF7AMs9NGg%2BEZs3XroOzZRzqg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f0cbed69fdc56ab-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2676&min_rtt=1267&rtt_var=1875&sent=139&recv=20&lost=0&retrans=0&sent_bytes=148696&recv_bytes=2837&delivery_rate=20920469&cwnd=96000&unsent_bytes=0&cid=ec9fd26e6c608f62&ts=702&x=1", cfExtPri, cfHdrFlush;dur=0

www.3tem.cloud/autocomplete/css/jquery-ui.css

104.21.59.119

200 OK

13 kB

URL GET HTTP/3
www.3tem.cloud/autocomplete/css/jquery-ui.css
IP
104.21.59.119:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.3tem.cloud/login.php
Certificate
IssuerGoogle Trust Services
Subject3tem.cloud
FingerprintFA:4D:91:EF:74:8E:C7:DE:78:5E:24:52:26:A1:DF:BA:06:BA:F5:40
ValidityThu, 28 Nov 2024 18:18:00 GMT - Wed, 26 Feb 2025 18:17:59 GMT

File type
ASCII text, with very long lines (339)
Size
13 kB (12864 bytes)
Hash
5b1e0a8cd40e9e8778223f971801f705
0df4bbc807057a5ec94624b28222e463e552e5e0
5b45be553a356de9d5e5a1e2dac99438958f4612c6072341ade38bd9f3c44e08

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /autocomplete/css/jquery-ui.css HTTP/1.1
Host: www.3tem.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.3tem.cloud/login.php
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=5cca3b77881ae205ded383923492e8e5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 12 Dec 2024 09:39:08 GMT
content-type: text/css
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
last-modified: Wed, 01 Sep 2021 15:27:02 GMT
etag: W/"180fd9-7e0a-5caf0b2a9fd80-br"
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4ipD607YfQj66KmeX%2BAoLmYCKJ%2BVpvykPID19dPJJVHQrajPs6d8E3Ga6dBm5pKoxaRBthkV87P6wx3Eqle06eoWmFO%2FL0DHR6xXvjsSFQ9vK2w1HgMa%2F0UJpZ4RB4XpSg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f0cbed69fdf56ab-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4107&min_rtt=1972&rtt_var=2264&sent=20&recv=14&lost=0&retrans=0&sent_bytes=7775&recv_bytes=2571&delivery_rate=301077&cwnd=12000&unsent_bytes=0&cid=ec9fd26e6c608f62&ts=571&x=1", cfExtPri, cfHdrFlush;dur=0

www.3tem.cloud/require/CRUD_CSS.min.css?a=1

104.21.59.119

200 OK

546 kB

URL GET HTTP/3
www.3tem.cloud/require/CRUD_CSS.min.css?a=1
IP
104.21.59.119:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.3tem.cloud/login.php
Certificate
IssuerGoogle Trust Services
Subject3tem.cloud
FingerprintFA:4D:91:EF:74:8E:C7:DE:78:5E:24:52:26:A1:DF:BA:06:BA:F5:40
ValidityThu, 28 Nov 2024 18:18:00 GMT - Wed, 26 Feb 2025 18:17:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
546 kB (546222 bytes)
Hash
b6082aa2e185a86d1f96b538f2dfa861
c35918b58f5904b84236d4f6ead91a11c62cda66
12421d9fbc4ce77d396593b61fa327fa72d55d604a8615e59d3becaefa4a9ac7

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /require/CRUD_CSS.min.css?a=1 HTTP/1.1
Host: www.3tem.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.3tem.cloud/login.php
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=5cca3b77881ae205ded383923492e8e5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 12 Dec 2024 09:39:08 GMT
content-type: text/css
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
last-modified: Mon, 07 Oct 2024 09:29:20 GMT
etag: W/"16044e-855ae-623dfa7ce51fe-br"
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0Zk0Ft9LtxaFDLKZO6mLAQn8K52drfLbX1mDCD%2FAdcFn1J0MpxSa8k9aaYopgVBnNcZwPooV1v2cLAIWt9Wqb9W%2FHormgTS2quKNVBXl3CwbTamyBBHprGQ3uqPH4HnS7g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f0cbed69fd256ab-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3286&min_rtt=1309&rtt_var=2226&sent=56&recv=17&lost=0&retrans=0&sent_bytes=50176&recv_bytes=2702&delivery_rate=17852561&cwnd=24000&unsent_bytes=0&cid=ec9fd26e6c608f62&ts=650&x=1", cfExtPri, cfHdrFlush;dur=0

www.3tem.cloud/acme/img/glyphicons_halflings.svg

104.21.59.119

200 OK

68 kB

URL GET HTTP/3
www.3tem.cloud/acme/img/glyphicons_halflings.svg
IP
104.21.59.119:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.3tem.cloud/login.php
Certificate
IssuerGoogle Trust Services
Subject3tem.cloud
FingerprintFA:4D:91:EF:74:8E:C7:DE:78:5E:24:52:26:A1:DF:BA:06:BA:F5:40
ValidityThu, 28 Nov 2024 18:18:00 GMT - Wed, 26 Feb 2025 18:17:59 GMT

File type
SVG Scalable Vector Graphics image
Size
68 kB (68324 bytes)
Hash
e1a68245300ff10a4bde3baf4041023b
425765aea0d881e1aad2c605d1ddee56daf52bbf
24533e5104f530e2077fb697bc939b5afc1647f2b7d2b4643a9332f499c8acd1

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /acme/img/glyphicons_halflings.svg HTTP/1.1
Host: www.3tem.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.3tem.cloud/require/CRUD_CSS.min.css?a=1
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=5cca3b77881ae205ded383923492e8e5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 12 Dec 2024 09:39:08 GMT
content-type: image/svg+xml
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
last-modified: Wed, 01 Sep 2021 15:27:19 GMT
etag: W/"1603a5-10ae4-5caf0b3ad63c0-br"
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6RzyKOwo%2BB2SzIY2K4SJ0lyBlpVxk0aF%2Bdk1BQSOXdefPvbfR6mYjTS7rQBHCO%2BtGTV4IYg4%2FFJ%2BCNMNXOUmlxns3FcTb4dvHldAlNJFVOjP4XZ%2FeUVsUdpTHGQMCQwn5g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f0cbed94aba56ab-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2212&min_rtt=1099&rtt_var=973&sent=853&recv=30&lost=0&retrans=0&sent_bytes=1000337&recv_bytes=3590&delivery_rate=4092066&cwnd=362400&unsent_bytes=0&cid=ec9fd26e6c608f62&ts=1033&x=1", cfExtPri, cfHdrFlush;dur=0

www.3tem.cloud/

104.21.59.119

302 Found

8.4 kB

URL User Request GET HTTP/2
www.3tem.cloud/
IP
104.21.59.119:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subject3tem.cloud
FingerprintFA:4D:91:EF:74:8E:C7:DE:78:5E:24:52:26:A1:DF:BA:06:BA:F5:40
ValidityThu, 28 Nov 2024 18:18:00 GMT - Wed, 26 Feb 2025 18:17:59 GMT

File type

Size
8.4 kB (8390 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET / HTTP/1.1
Host: www.3tem.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Thu, 12 Dec 2024 09:39:07 GMT
content-type: text/html; charset=UTF-8
location: https://www.3tem.cloud/login.php
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
set-cookie: PHPSESSID=5cca3b77881ae205ded383923492e8e5; path=/
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oQ50KM4fSxk6birwjbUGcaAi6R3EWZ%2Bh%2BE0XXK7YBO71gApDdgcnsg7hlbxRu3J%2BxYuKZrpPAF3%2BwBJFC6BM5NhZj1teKLaEi5diqFUUh2JuF6cEp1CbZ0cJL1SfK0PJGw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f0cbed318bf7128-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=5875&min_rtt=443&rtt_var=10858&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3192&recv_bytes=1117&delivery_rate=7006451&cwnd=254&unsent_bytes=0&cid=b9c884d97ea8d4da&ts=203&x=0"
X-Firefox-Spdy: h2

www.3tem.cloud/login.php

104.21.59.119

200 OK

8.4 kB

URL User Request GET HTTP/2
www.3tem.cloud/login.php
IP
104.21.59.119:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subject3tem.cloud
FingerprintFA:4D:91:EF:74:8E:C7:DE:78:5E:24:52:26:A1:DF:BA:06:BA:F5:40
ValidityThu, 28 Nov 2024 18:18:00 GMT - Wed, 26 Feb 2025 18:17:59 GMT

File type
JavaScript source, ASCII text, with very long lines (9396), with no line terminators
Size
8.4 kB (8390 bytes)
Hash
de857b6c5dcdcc273e027319da26d400
f2eedcda5a4355027ad8738861e1653be1db4612
1a00dae8fd3709eb6e9f66d380c3d1585ab5cc07f6f6d3bd6222ae90e5fe75a5

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /login.php HTTP/1.1
Host: www.3tem.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=5cca3b77881ae205ded383923492e8e5
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 12 Dec 2024 09:39:07 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f1%2Fx3QGEOSBnGdXl6hpMqAmuIxa1keQxNknvWrsWt0f9Yhmb8F5aL6ddnuZMfhxxy%2F8Wlv%2BK9GCcqSi0bo0DPkvSB9Iy9s3yJpzBmUMUJzj9sQdWH0kimpZyCvEGDQoWyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f0cbed459f27128-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=4618&min_rtt=443&rtt_var=8287&sent=10&recv=14&lost=0&retrans=0&sent_bytes=4097&recv_bytes=1224&delivery_rate=7006451&cwnd=256&unsent_bytes=0&cid=b9c884d97ea8d4da&ts=285&x=0"
X-Firefox-Spdy: h2

www.3tem.cloud/require/custom/css.css

104.21.59.119

200 OK

9.8 kB

URL GET HTTP/3
www.3tem.cloud/require/custom/css.css
IP
104.21.59.119:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.3tem.cloud/login.php
Certificate
IssuerGoogle Trust Services
Subject3tem.cloud
FingerprintFA:4D:91:EF:74:8E:C7:DE:78:5E:24:52:26:A1:DF:BA:06:BA:F5:40
ValidityThu, 28 Nov 2024 18:18:00 GMT - Wed, 26 Feb 2025 18:17:59 GMT

File type
ASCII text, with very long lines (10344), with no line terminators
Size
9.8 kB (9824 bytes)
Hash
8af22da41f3249df299fa778fe4bc5eb
2d5c547c4eef517d6e6bea27abcfc5d62a7b2962
4a9a931cccc6f7f3dae4c60ffd0cd590327e9afb0ff2bbe785bf5b1c0455be00

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /require/custom/css.css HTTP/1.1
Host: www.3tem.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.3tem.cloud/login.php
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=5cca3b77881ae205ded383923492e8e5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 12 Dec 2024 09:39:08 GMT
content-type: text/css
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
last-modified: Wed, 08 May 2024 08:08:26 GMT
etag: W/"16044c-2660-617ecce973280-br"
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nERwSvz8XJEOCsDu%2F2BdjmNow5EMdnMiqm9%2BThTdU4NAoOOJBhBT39HHdknC2by%2FTgIevN%2BfPmJHwzOk2SmBK5zybGWhgEdgYlXrTsur1yLl10HnzFBh2van5Xo1wSex5A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f0cbed69fee56ab-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4107&min_rtt=1972&rtt_var=2264&sent=17&recv=14&lost=0&retrans=0&sent_bytes=4277&recv_bytes=2571&delivery_rate=301077&cwnd=12000&unsent_bytes=0&cid=ec9fd26e6c608f62&ts=570&x=1", cfExtPri, cfHdrFlush;dur=0

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (12)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers