Report - negociosverdes.org/css/admine/fhbhb/sf_rand_string_lowercase6/bW1lZGluYUB0YXNtYW4tZ2VvLmNvbQ==

Report Overview

URL

negociosverdes.org/css/admine/fhbhb/sf_rand_string_lowercase6/bW1lZGluYUB0YXNtYW4tZ2VvLmNvbQ==
IP

198.59.144.130

ASN

#36024 AS-TIERP-36024
Submitted

2023-06-10T13:54:25Z

Access

public
Tags

phishing microsoft outlook
urlquery detections

Phishing - Microsoft Outlook

Detections

urlquery

3
Network Intrusion Detection

0
Threat Detection Systems

0

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
negociosverdes.org (1)	unknown	2017-03-14 11:46:07	2023-06-10 07:24:09	550	411	198.59.144.130
nxdbku.cyttek.ru (5)	unknown	2023-06-05 11:30:20	2023-06-10 07:24:10	2824	191356	188.114.97.1
challenges.cloudflare.com (7)	unknown	2021-10-20 07:02:03	2023-06-10 10:23:53	4521	415015	104.18.7.185

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

HTTP Transactions (13)

URL IP Response Size

negociosverdes.org/css/admine/fhbhb/sf_rand_string_lowercase6/bW1lZGluYUB0YXNtYW4tZ2VvLmNvbQ==

198.59.144.130

200 OK

URL User Request GET HTTP/2

negociosverdes.org/css/admine/fhbhb/sf_rand_string_lowercase6/bW1lZGluYUB0YXNtYW4tZ2VvLmNvbQ==
IP

198.59.144.130:443
ASN

#36024 AS-TIERP-36024

Certificate

IssuerLet's Encrypt

Subjectnegociosverdes.org

FingerprintD7:30:7B:88:41:CE:6E:AB:90:08:8B:CC:E9:0A:22:7D:7E:27:45:AB

ValiditySun, 04 Jun 2023 02:06:11 GMT - Sat, 02 Sep 2023 02:06:10 GMT

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

                                        GET /css/admine/fhbhb/sf_rand_string_lowercase6/bW1lZGluYUB0YXNtYW4tZ2VvLmNvbQ== HTTP/1.1
Host: negociosverdes.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
x-powered-by: PHP/7.4.33
refresh: 0;url=https://nxdbku.cyttek.ru/Mmmedina@tasman-geo.com
strict-transport-security: max-age=31536000
x-xss-protection: 1
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
referrer-policy: no-referrer-when-downgrade
content-length: 0
content-type: text/html; charset=UTF-8
date: Sat, 10 Jun 2023 13:54:07 GMT
server: Apache
X-Firefox-Spdy: h2

nxdbku.cyttek.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7d521ac1a9c90b3d

188.114.97.1

200 OK

URL GET HTTP/3

nxdbku.cyttek.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7d521ac1a9c90b3d
IP

188.114.97.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://nxdbku.cyttek.ru/Mmmedina@tasman-geo.com
Certificate

IssuerLet's Encrypt

Subjectcyttek.ru

FingerprintFA:85:04:1B:BD:CA:E3:02:45:6A:AD:C7:E6:DC:EB:4B:CA:A6:5A:91

ValidityTue, 30 May 2023 14:28:15 GMT - Mon, 28 Aug 2023 14:28:14 GMT

Magic

GIF image data, version 89a, 1 x 1\012- data

Size

42
Hash

d89746888da2d9510b64a9f031eaecd5

d5fceb6532643d0d84ffe09c40c481ecdf59e15a

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

                                        GET /cdn-cgi/images/trace/managed/js/transparent.gif?ray=7d521ac1a9c90b3d HTTP/1.1
Host: nxdbku.cyttek.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nxdbku.cyttek.ru/Mmmedina@tasman-geo.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Sat, 10 Jun 2023 13:54:08 GMT
content-type: image/gif
content-length: 42
last-modified: Tue, 06 Jun 2023 11:54:00 GMT
etag: "647f1e58-2a"
server: cloudflare
cf-ray: 7d521ac2abf6b50c-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Sat, 10 Jun 2023 15:54:08 GMT
cache-control: max-age=7200, public
accept-ranges: bytes

nxdbku.cyttek.ru/cdn-cgi/challenge-platform/h/b/flow/ov1/1460891808:1686403411:n3G5ZUeu0Uqtx3KHbXQJGN054dJDjJKi8gnzNgHTxjY/7d521ac1a9c90b3d/028df2b85e275c9

188.114.97.1

200 OK

7712

URL POST HTTP/3

nxdbku.cyttek.ru/cdn-cgi/challenge-platform/h/b/flow/ov1/1460891808:1686403411:n3G5ZUeu0Uqtx3KHbXQJGN054dJDjJKi8gnzNgHTxjY/7d521ac1a9c90b3d/028df2b85e275c9
IP

188.114.97.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://nxdbku.cyttek.ru/Mmmedina@tasman-geo.com
Certificate

IssuerLet's Encrypt

Subjectcyttek.ru

FingerprintFA:85:04:1B:BD:CA:E3:02:45:6A:AD:C7:E6:DC:EB:4B:CA:A6:5A:91

ValidityTue, 30 May 2023 14:28:15 GMT - Mon, 28 Aug 2023 14:28:14 GMT

Magic

ASCII text, with very long lines (7712), with no line terminators

Size

7712
Hash

ebe29bf7448f0c242c7f58eb6651fa16

0d2521dfd5733ad85d61a640003ad7e455566b10

e325f4c260666d5f3efc8cc7474cd270d7a147e98dd370b8c8d842d022d7a6c9

HTTP Headers

                                        POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1460891808:1686403411:n3G5ZUeu0Uqtx3KHbXQJGN054dJDjJKi8gnzNgHTxjY/7d521ac1a9c90b3d/028df2b85e275c9 HTTP/1.1
Host: nxdbku.cyttek.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nxdbku.cyttek.ru/Mmmedina@tasman-geo.com
Content-type: application/x-www-form-urlencoded
CF-Challenge: 028df2b85e275c9
Content-Length: 1789
Origin: https://nxdbku.cyttek.ru
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Sat, 10 Jun 2023 13:54:11 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: jv8M4KjkXO9mCw7GT0J3KRw5Flf92RlOUP0FWWxJM9ntPt0X1+emTTwatYgs6+hS$wKv0JzQW7cYAskTp0VpZNQ==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jSYHH3EI7mAzOKVq4Ci5SgcDr1iqUwd2I56U19PFEAssFdGcbGlzA7Vts93NBIW87iC%2FxlLAYdYUQRc%2B7Kn9F8jNeBO55obstrma9WWx%2BI4FtAEK31ZTGM14WePPldA4uE%2FK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d521ad3495cb50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nxdbku.cyttek.ru/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7d521ac1a9c90b3d

188.114.97.1

200 OK

164429

URL GET HTTP/3

nxdbku.cyttek.ru/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7d521ac1a9c90b3d
IP

188.114.97.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://nxdbku.cyttek.ru/Mmmedina@tasman-geo.com
Certificate

IssuerLet's Encrypt

Subjectcyttek.ru

FingerprintFA:85:04:1B:BD:CA:E3:02:45:6A:AD:C7:E6:DC:EB:4B:CA:A6:5A:91

ValidityTue, 30 May 2023 14:28:15 GMT - Mon, 28 Aug 2023 14:28:14 GMT

Magic

ASCII text, with very long lines (65536), with no line terminators

Size

164429
Hash

d5c56d3659b1387c38288a3510550598

7c8e7403189b25c2c77982d665b2228fa7f34ded

65dffa0976dd4fd1ef721e13fcedb62a96734834cd43bb58464e6eeb461e4849

HTTP Headers

                                        GET /cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7d521ac1a9c90b3d HTTP/1.1
Host: nxdbku.cyttek.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nxdbku.cyttek.ru/Mmmedina@tasman-geo.com?__cf_chl_rt_tk=CVPKU5J9D.RnnvgHpCpxHWqFmfsw0xy3MwFiJVs4xwE-1686405248-0-gaNycGzNDVA
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Sat, 10 Jun 2023 13:54:10 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, must-revalidate
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2oN9o2%2Bb1c0ajZkHJxJdej6UzJl%2F0sTZeJrE9G5ez%2BzoeepofnRQvkCR6REcRCP5VUlf3TSvdR%2Fy4yEV0Bh%2F1kUp6oS%2Bv9PlOTSIs39IiB55Y43YHJSwFsB%2BrM%2BaRKIsiohr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d521ac2bbfdb50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nxdbku.cyttek.ru/favicon.ico

188.114.97.1

403 Forbidden

7108

URL GET HTTP/3

nxdbku.cyttek.ru/favicon.ico
IP

188.114.97.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://nxdbku.cyttek.ru/Mmmedina@tasman-geo.com
Certificate

IssuerLet's Encrypt

Subjectcyttek.ru

FingerprintFA:85:04:1B:BD:CA:E3:02:45:6A:AD:C7:E6:DC:EB:4B:CA:A6:5A:91

ValidityTue, 30 May 2023 14:28:15 GMT - Mon, 28 Aug 2023 14:28:14 GMT

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7277), with no line terminators

Size

7108
Hash

4f183fbab82f1593d9d209a4857c600d

c9afcef8f9dc9530549303215a0c76d6fbe0d31f

ef895d48b9b00927c437a378708aef214a58cd56149c80c3b958bfbef038ff1c

HTTP Headers

                                        GET /favicon.ico HTTP/1.1
Host: nxdbku.cyttek.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nxdbku.cyttek.ru/Mmmedina@tasman-geo.com?__cf_chl_rt_tk=CVPKU5J9D.RnnvgHpCpxHWqFmfsw0xy3MwFiJVs4xwE-1686405248-0-gaNycGzNDVA
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 403 Forbidden
date: Sat, 10 Jun 2023 13:54:08 GMT
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6NJKJq5hFwp6gN7%2FdY1CobZpsHupDO72tsuuDzMhX3aJkhTd3jNSNqw%2BIR1I4cuuM%2BHE7WPM9OXMhp239n5OaDt1Hh53512QOmVfplUsYI4d4o1sA4pvB8jwncXX8QNmo%2FOT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d521ac37cd3b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6wd79/0x4AAAAAAADnPIDROrmt1Wwj/light/normal

104.18.7.185

200 OK

24162

URL GET HTTP/3

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6wd79/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
IP

104.18.7.185:443
ASN

#13335 CLOUDFLARENET

Requested by

https://nxdbku.cyttek.ru/Mmmedina@tasman-geo.com
Certificate

IssuerCloudflare, Inc.

Subjectchallenges.cloudflare.com

Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5

ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (10899)

Size

24162
Hash

76dc363c6356c1f095fc7b6c6d76e81d

64aca4303694a4dda95745a1e82e157337941cd0

0ce44a5bc31f10dcbcf4653536b31f8d6e1c01fca5f32f3ded98436b24abc785

HTTP Headers

                                        GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6wd79/0x4AAAAAAADnPIDROrmt1Wwj/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Sat, 10 Jun 2023 13:54:11 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=0, must-revalidate
content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self'
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
document-policy: js-profiling
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare
cf-ray: 7d521ad3bed91c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1124835040:1686403485:a0VIQ4lYpKSNmuERVS7vqCuFxV77ekltuQzVI6M4EPc/7d521ad3bed91c16/8a4312716965cd4

104.18.7.185

200 OK

177208

URL POST HTTP/3

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1124835040:1686403485:a0VIQ4lYpKSNmuERVS7vqCuFxV77ekltuQzVI6M4EPc/7d521ad3bed91c16/8a4312716965cd4
IP

104.18.7.185:443
ASN

#13335 CLOUDFLARENET

Requested by

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6wd79/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Certificate

IssuerCloudflare, Inc.

Subjectchallenges.cloudflare.com

Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5

ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (65536), with no line terminators

Size

177208
Hash

a577608db8c1a7a7896769ce8f0dbfa9

1202e5cfd5b648b56462e9c7414fdde49f357479

677218e9bcae3707d38a61da6ce4662b2d17033eb08b13578dfa38b9ed706b09

HTTP Headers

                                        POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1124835040:1686403485:a0VIQ4lYpKSNmuERVS7vqCuFxV77ekltuQzVI6M4EPc/7d521ad3bed91c16/8a4312716965cd4 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6wd79/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 8a4312716965cd4
Content-Length: 2978
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Sat, 10 Jun 2023 13:54:11 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: G8JcCS6dc7zVMbwZ1N21bHDtLedf03LhlDmm+YW1W5umj6S61CJuRnMXmxoxVMgqPx4lEAViaqGHY1aoeEq6D/HggbMC7n6Ttmpsyrc+A7hkEj0fOLOS7mCkfNsvALeo9jGmHhn+qsHidXTky0oknVtj7CrIrWQrsg5ZGGOvEsPUjUOyBtiBLtcgpu8Yvxit1zvJqa2bhQGpodFUf54PvL5nIjBP1TXywJozhFU8xW7s7m4gmWXuPiOIUUq+67mu5fXZi2omEbiexcugj/19/M+NJRFUSeCFRTF9Z1BgguRnqT4BWxS0tpTqMQBlg++wkD8YBdvIYKjpKZJLrpV9Mua9GKy6SLPZv0p9onAOX6nN92+yKcJG6NBc+d3xCLUq4rFDK/RU55i/rzKuEtvb+AmJuE+P/buPNjsfHpOvw24=$6dXA3Lm5S95XuY/har1x6A==
server: cloudflare
cf-ray: 7d521ad598861c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1124835040:1686403485:a0VIQ4lYpKSNmuERVS7vqCuFxV77ekltuQzVI6M4EPc/7d521ad3bed91c16/8a4312716965cd4

104.18.7.185

200 OK

13280

URL POST HTTP/3

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1124835040:1686403485:a0VIQ4lYpKSNmuERVS7vqCuFxV77ekltuQzVI6M4EPc/7d521ad3bed91c16/8a4312716965cd4
IP

104.18.7.185:443
ASN

#13335 CLOUDFLARENET

Requested by

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6wd79/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Certificate

IssuerCloudflare, Inc.

Subjectchallenges.cloudflare.com

Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5

ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (13280), with no line terminators

Size

13280
Hash

2cc245735cef796312f86bd6b37d21fb

d7850ac838d6f7b02da8d5ca820d0458957a93aa

39bc4c2d16ed4fb761f57ab7202dec0fcdc35febe822b54fa2734827ca4adf80

HTTP Headers

                                        POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1124835040:1686403485:a0VIQ4lYpKSNmuERVS7vqCuFxV77ekltuQzVI6M4EPc/7d521ad3bed91c16/8a4312716965cd4 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6wd79/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 8a4312716965cd4
Content-Length: 29426
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Sat, 10 Jun 2023 13:54:13 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: 3UhrYpxe50QzSZdtZSGr0mAG9QdF1n4SvN1Y16fmnlKKnQCFXkQ8V5dArn/BK4nm$FwrzljXQ3jDJ6Bx2BxNjXg==
server: cloudflare
cf-ray: 7d521ae27b791c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nxdbku.cyttek.ru/Mmmedina@tasman-geo.com

188.114.97.1

403 Forbidden

8099

URL User Request GET HTTP/2

nxdbku.cyttek.ru/Mmmedina@tasman-geo.com
IP

188.114.97.1:443
ASN

#13335 CLOUDFLARENET

Certificate

IssuerLet's Encrypt

Subjectcyttek.ru

FingerprintFA:85:04:1B:BD:CA:E3:02:45:6A:AD:C7:E6:DC:EB:4B:CA:A6:5A:91

ValidityTue, 30 May 2023 14:28:15 GMT - Mon, 28 Aug 2023 14:28:14 GMT

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (8268), with no line terminators

Size

8099
Hash

749c6187112f0d4779ab57e9b0a35a54

2b3dc9b0ed26451b8afdfac39e7b210d75a8f592

dc942ef79d71c37d9083523b3104838176e6be9a94246386e6695df5a4eaac1f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

                                        GET /Mmmedina@tasman-geo.com HTTP/1.1
Host: nxdbku.cyttek.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 403 Forbidden
date: Sat, 10 Jun 2023 13:54:08 GMT
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lAf95towglF8YAQeDZxGMMRf%2FTGLBM9kGXAPRykngyykVaSAxxpCAemezE4DQeQs2%2BUsZ%2Fgga9XVEEFjb0hyHoS%2FbcesC87tqJUnxn2wLSmC5j5iloTz84eHA076PZ5OG36w"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d521ac1a9c90b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

challenges.cloudflare.com/turnstile/v0/b/5da7637f/api.js?onload=_cf_chl_turnstile_l&render=explicit

104.18.7.185

200 OK

19128

URL GET HTTP/2

challenges.cloudflare.com/turnstile/v0/b/5da7637f/api.js?onload=_cf_chl_turnstile_l&render=explicit
IP

104.18.7.185:443
ASN

#13335 CLOUDFLARENET

Requested by

https://nxdbku.cyttek.ru/Mmmedina@tasman-geo.com
Certificate

IssuerCloudflare, Inc.

Subjectchallenges.cloudflare.com

Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5

ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (19127)

Size

19128
Hash

47d9ed8b2fddb896e78dbbb2d7e76c90

8a69d2673bb54f4491c241a1d7efa686e6e9a817

2760f96d3b7629100aee1cb3ec7c47a3b6f0dee1152c339dc91a6fd67cb87887

HTTP Headers

                                        GET /turnstile/v0/b/5da7637f/api.js?onload=_cf_chl_turnstile_l&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nxdbku.cyttek.ru
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
date: Sat, 10 Jun 2023 13:54:11 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d521ad2ba9db500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=7d521ad3bed91c16

104.18.7.185

200 OK

177868

URL GET HTTP/3

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=7d521ad3bed91c16
IP

104.18.7.185:443
ASN

#13335 CLOUDFLARENET

Requested by

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6wd79/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Certificate

IssuerCloudflare, Inc.

Subjectchallenges.cloudflare.com

Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5

ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (65536), with no line terminators

Size

177868
Hash

b00f986299e866c9bd1835f7b0c5b2ca

af4f48404903c9b34c4c61a4b6a9cdd7fecec5c5

79034324b9c7d8c48db0c5526f007dc0555c6f0925b653c9070f4fdfcdc4b5d7

HTTP Headers

                                        GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=7d521ad3bed91c16 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6wd79/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Sat, 10 Jun 2023 13:54:11 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, must-revalidate
server: cloudflare
cf-ray: 7d521ad41f231c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/7d521ad3bed91c16/1686405251464/8423f0a61f85f51d9796abedcba5a59d5d63bc8618652c3b778eadd97601dcb2/f3m8NrWviKrO0L3

104.18.7.185

401 Unauthorized

URL GET HTTP/3

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/7d521ad3bed91c16/1686405251464/8423f0a61f85f51d9796abedcba5a59d5d63bc8618652c3b778eadd97601dcb2/f3m8NrWviKrO0L3
IP

104.18.7.185:443
ASN

#13335 CLOUDFLARENET

Requested by

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6wd79/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Certificate

IssuerCloudflare, Inc.

Subjectchallenges.cloudflare.com

Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5

ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT

Magic

very short file (no magic)

Size

1
Hash

ff44570aca8241914870afbc310cdb85

58668e7669fd564d99db5d581fcdb6a5618440b5

6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5

HTTP Headers

                                        GET /cdn-cgi/challenge-platform/h/b/pat/7d521ad3bed91c16/1686405251464/8423f0a61f85f51d9796abedcba5a59d5d63bc8618652c3b778eadd97601dcb2/f3m8NrWviKrO0L3 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6wd79/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 401 Unauthorized
date: Sat, 10 Jun 2023 13:54:13 GMT
content-type: text/plain; charset=UTF-8
www-authenticate: PrivateToken challenge=AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20ghCPwph-F9R2Xlqvty6WlnV1jvIYYZSw7d46t2XYB3LIAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=, token-key=MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAojBPEhHbcKehbsRgb6MQwTLnz6FfOWY3U7htx8zvI-_YjK6t2DJdiGR2PgLAZTWqUHvv7eW53jhfv6u2qjbB0GhscHTQPn82jBzC5A9LjI7Y6_IOaPVsbnKqPWxPTNAND0HPMBt1t_vRUWrh142sUJwPDLdW4nQ04c-fuBJFSbNk1hDr8_t-WuQKb52Kf7pyde3Nvk_e6oJs_Ebm1EZ_XYcove1AKMrM5Mf0rIsbI8gZRw1qcUtHJZN12i5le0Ocw6qj2gfeojfbTcmwDgUscUtJTnFKFGTMiRrV2rc2F_oAwbqOCH6BSKzO54OWUwWXFfQ8upcvrBhu6JWg-MBRBwIDAQAB, max-age=20
server: cloudflare
cf-ray: 7d521ae059431c16-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/img/7d521ad3bed91c16/1686405251465/CiMkiKWBCQdp09J

104.18.7.185

200 OK

URL GET HTTP/3

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/img/7d521ad3bed91c16/1686405251465/CiMkiKWBCQdp09J
IP

104.18.7.185:443
ASN

#13335 CLOUDFLARENET

Requested by

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6wd79/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Certificate

IssuerCloudflare, Inc.

Subjectchallenges.cloudflare.com

Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5

ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT

Magic

PNG image data, 65 x 40, 8-bit/color RGB, non-interlaced\012- data

Size

61
Hash

f26aa6499616eef9c1835437830ab1aa

15832d796f87a4029cd457b02bd3882e50bc4fcf

92f424f37b9a233bf39cf69b6bcfe46f027627ee9c579627d84193332d9e65f2

HTTP Headers

                                        GET /cdn-cgi/challenge-platform/h/b/img/7d521ad3bed91c16/1686405251465/CiMkiKWBCQdp09J HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6wd79/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Sat, 10 Jun 2023 13:54:13 GMT
content-type: image/png
server: cloudflare
cf-ray: 7d521ae11a251c16-OSL
alt-svc: h3=":443"; ma=86400

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (14)

#1 JS:Script (size: 0)

#2 JS:Script (size: 26)

#3 JS:Script (size: 626)

#4 JS:Script (size: 8)

#5 JS:Script (size: 164429)

#6 JS:Script (size: 19128)

#7 JS:Script (size: 177868)

#8 JS:Script (size: 2146)

#1 JS:Eval (size: 2252)

#2 JS:Eval (size: 13)

#3 JS:Eval (size: 4)

#4 JS:Eval (size: 15)

#5 JS:Eval (size: 50)

#1 JS:Write (size: 3575)

HTTP Transactions (13)

URL User Request GET HTTP/2

IP

ASN

Certificate

Magic

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

Magic

Size

Hash

HTTP Headers

URL POST HTTP/3

IP

ASN

Requested by

Certificate

Magic

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

Magic

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate