Report - pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/auth.html

Report Overview

Visitedpublic

2024-07-24 09:24:58

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-23 18:12:04	2.3 kB	6.2 kB	23.36.77.32
pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev	unknown	unknown	No data	No data	995 B	142 kB	104.18.3.35
code.jquery.com	634	2005-12-10	2012-05-21 19:28:02	2024-07-23 18:37:12	437 B	31 kB	151.101.194.137
aadcdn.msftauth.net	1455	2018-10-25	2018-11-19 11:50:32	2024-07-23 18:13:05	1.1 kB	3.7 kB	152.199.21.175
aadcdn.msauth.net	1421	2018-10-25	2018-11-19 11:50:03	2024-07-23 18:14:08	1.0 kB	2.5 kB	13.107.246.53
forstmannleff.com	unknown	2023-05-13	2023-07-11 19:30:57	2024-03-14 07:17:32	494 B	0 B	0.0.0.0

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-07-23	medium	pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/auth.html	Office365

PhishTank

Scan Date	Severity	Indicator	Alert
2024-06-08	medium	pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/auth.html	Other

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-07-24	medium	forstmannleff.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (3)

	URL	From	Size	First Seen	Last Seen
	code.jquery.com/jquery-3.1.1.min.js	ScriptElement	87 kB	2023-03-07	2025-08-02
URL code.jquery.com/jquery-3.1.1.min.js IP / ASN 151.101.194.137 #54113 FASTLY Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-02 Times Seen 119811 Size 87 kB (86709 bytes) MD5 e071abda8fe61194711cfc2ab99fe104 SHA1 f647a6d37dc4ca055ced3cf64bbc1f490070acba SHA256 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf Format Code Loading...

	pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/auth.html	ScriptElement	2.9 kB	2024-06-24	2024-08-19
URL pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/auth.html IP / ASN 104.18.3.35 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2024-06-24 Last Seen 2024-08-19 Times Seen 4 Size 2.9 kB (2898 bytes) MD5 4daecef7089ef904ad9dd0dba254db18 SHA1 c7ad9c593e699d0451ee94da83aa89f2afe7e317 SHA256 ed8332e6b78a7acaa8003e24fd6f73fdffa7111c2b44fb12c49f39c6276a9dd8 Format Code Loading...

	pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/auth.html	ScriptElement	217 B	2023-03-07	2025-08-01
URL pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/auth.html IP / ASN 104.18.3.35 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2023-03-07 Last Seen 2025-08-01 Times Seen 2614 Size 217 B (217 bytes) MD5 398d45527ac0f5c79f262839f98ec3f1 SHA1 960b8b802581eead9fa02ff4483a85d2b7cf939a SHA256 76da592798ee5b41a444eebf66d08d461bc826db30df367fd21c85862ca82db0 Format Code Loading...

HTTP Transactions (15)

URL IP Response Size

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-23

Last Seen2024-08-19

Times Seen3554

Size504 B (504 bytes)

MD51a3151e6a7926a025c9127a47e72768f

SHA1522b2faf56d95d71b65bec8872d69b2ba18f7ed0

SHA256594db80a906d294cde663e68eeb0bf0a03dec7ee05f778e56f0730242ada26ed

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "594DB80A906D294CDE663E68EEB0BF0A03DEC7EE05F778E56F0730242ADA26ED"
Last-Modified: Tue, 23 Jul 2024 08:21:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8241
Expires: Wed, 24 Jul 2024 11:41:53 GMT
Date: Wed, 24 Jul 2024 09:24:32 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-23

Last Seen2024-08-19

Times Seen10871

Size504 B (504 bytes)

MD5924327fa04d108458b0225e7ebe4183b

SHA193e78c953751bfdf53094ddb3cce58550d953bbf

SHA2568b733a635618582dda467895c8500629631e4e1b57fa0a2005ed094ca7eae3cf

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8B733A635618582DDA467895C8500629631E4E1B57FA0A2005ED094CA7EAE3CF"
Last-Modified: Tue, 23 Jul 2024 07:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7260
Expires: Wed, 24 Jul 2024 11:25:32 GMT
Date: Wed, 24 Jul 2024 09:24:32 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-23

Last Seen2024-08-19

Times Seen14853

Size504 B (504 bytes)

MD5712b83dd93b25c422e76a0874e40d710

SHA1f87414bc899d7af9bd1b60a5b8c616b43b7cad00

SHA256a1aa4fb80b41b76f8c2f837eef8495b3029d8012bfe126002ed0c161546c697f

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "A1AA4FB80B41B76F8C2F837EEF8495B3029D8012BFE126002ED0C161546C697F"
Last-Modified: Tue, 23 Jul 2024 08:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7660
Expires: Wed, 24 Jul 2024 11:32:13 GMT
Date: Wed, 24 Jul 2024 09:24:33 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-23

Last Seen2024-08-19

Times Seen8436

Size504 B (504 bytes)

MD5c8259c463773b8bacd8cb5c66f9b285c

SHA16afbbe02b1e4e3f8e1ec64085c1697a6532522da

SHA256ec10833b9fb7c5780eb8fc408e29234895f7170cafc513a4ae80fe27d515e04d

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "EC10833B9FB7C5780EB8FC408E29234895F7170CAFC513A4AE80FE27D515E04D"
Last-Modified: Tue, 23 Jul 2024 08:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2615
Expires: Wed, 24 Jul 2024 10:08:08 GMT
Date: Wed, 24 Jul 2024 09:24:33 GMT
Connection: keep-alive

GET pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/auth.html

104.18.3.35

200 OK

114 kB

URL

pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/auth.html

IP / ASN

104.18.3.35

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (65131), with CRLF line terminators

First Seen2024-06-24

Last Seen2024-08-19

Times Seen4

Size114 kB (114260 bytes)

MD577fc4441b795575209772acb8d7619a7

SHA1f0b1d22c59ca179e67284936500c16d63851a24a

SHA256b8c882e9b99067942eadf2ccc5ea3d769f37de1f3f744176baba576bdeeab74b

Certificate Info

IssuerLet's Encrypt

Subject*.r2.dev

Fingerprint00:AA:40:3F:3E:AE:B0:85:C2:A1:9B:9E:8B:A4:F4:21:D4:DE:DD:AC

ValidityMon, 03 Jun 2024 14:44:39 GMT - Sun, 01 Sep 2024 14:44:38 GMT

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Office365
PhishTank	phishing	Other

HTTP Headers

GET /auth.html HTTP/1.1
Host: pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 24 Jul 2024 09:24:34 GMT
Content-Type: text/html
Content-Length: 114260
Connection: keep-alive
Accept-Ranges: bytes
ETag: "77fc4441b795575209772acb8d7619a7"
Last-Modified: Thu, 14 Mar 2024 17:34:08 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8a82db9df8290b41-OSL

GET code.jquery.com/jquery-3.1.1.min.js

151.101.194.137

200 OK

30 kB

URL

code.jquery.com/jquery-3.1.1.min.js

IP / ASN

151.101.194.137

#54113 FASTLY

Requested byhttps://pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/auth.html

Resource Info

File typeJavaScript source, ASCII text, with very long lines (32030)

First Seen2023-03-07

Last Seen2025-08-02

Times Seen119811

Size30 kB (30070 bytes)

MD5e071abda8fe61194711cfc2ab99fe104

SHA1f647a6d37dc4ca055ced3cf64bbc1f490070acba

SHA25685556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

Certificate Info

IssuerSectigo Limited

Subject*.jquery.com

FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5

ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT

HTTP Headers

GET /jquery-3.1.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-152b5"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 24 Jul 2024 09:24:34 GMT
age: 5542717
x-served-by: cache-lga21947-LGA, cache-hel1410029-HEL
x-cache: HIT, HIT
x-cache-hits: 118, 106502
x-timer: S1721813074.409265,VS0,VE0
vary: Accept-Encoding
content-length: 30070
X-Firefox-Spdy: h2

GET aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg

152.199.21.175

200 OK

1.4 kB

URL

aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg

IP / ASN

152.199.21.175

#15133 EDGECAST

Requested byhttps://pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/auth.html

Resource Info

File typeSVG Scalable Vector Graphics image

First Seen2023-04-06

Last Seen2025-08-02

Times Seen79847

Size1.4 kB (1435 bytes)

MD5ee5c8d9fb6248c938fd0dc19370e90bd

SHA1d01a22720918b781338b5bbf9202b241a5f99ee4

SHA25604d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msftauth.net

FingerprintB1:17:F7:9C:C3:3B:5F:54:73:D7:58:28:5F:C7:CE:E9:AC:39:CD:8F

ValiditySat, 25 May 2024 00:00:00 GMT - Sun, 25 May 2025 23:59:59 GMT

HTTP Headers

GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1
Host: aadcdn.msftauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 10293447
cache-control: public, max-age=31536000
content-md5: nzaLxFgP7ZB3dfMcaybWzw==
content-type: image/svg+xml
date: Wed, 24 Jul 2024 09:24:34 GMT
etag: 0x8D79A1B9F5E121A
last-modified: Thu, 16 Jan 2020 00:32:52 GMT
server: ECAcc (ska/F76D)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: a1e45449-701e-0068-210c-804015000000
x-ms-version: 2009-09-19
content-length: 1435
X-Firefox-Spdy: h2

GET aadcdn.msauth.net/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg

13.107.246.53

200 OK

621 B

URL

aadcdn.msauth.net/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg

IP / ASN

13.107.246.53

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byhttps://pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/auth.html

Resource Info

File typeSVG Scalable Vector Graphics image

First Seen2023-04-14

Last Seen2025-08-02

Times Seen45847

Size621 B (621 bytes)

MD54e48046ce74f4b89d45037c90576bfac

SHA14a41b3b51ed787f7b33294202da72220c7cd2c32

SHA2568e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msauth.net

Fingerprint6A:6B:06:6C:38:1D:81:38:3D:3B:76:61:6D:C7:02:CD:B4:A1:F5:AD

ValidityTue, 30 Apr 2024 00:00:00 GMT - Wed, 30 Apr 2025 23:59:59 GMT

HTTP Headers

GET /shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Jul 2024 09:24:34 GMT
content-type: image/svg+xml
content-length: 621
cache-control: public, max-age=31536000
content-encoding: gzip
last-modified: Tue, 10 Nov 2020 03:41:24 GMT
etag: 0x8D8852A7FA6B761
x-ms-request-id: b128438e-501e-0076-3100-dd491e000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20240724T092434Z-r16f8dd6b4bw5wqkub4hzyyw1w00000000mg000000007ysn
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET aadcdn.msauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg

13.107.246.53

200 OK

276 B

URL

aadcdn.msauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg

IP / ASN

13.107.246.53

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byhttps://pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/auth.html

Resource Info

File typeSVG Scalable Vector Graphics image

First Seen2023-04-19

Last Seen2025-08-02

Times Seen16679

Size276 B (276 bytes)

MD5a9cc2824ef3517b6c4160dcf8ff7d410

SHA18db9aebad84ca6e4225bfdd2458ff3821cc4f064

SHA25634f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msauth.net

Fingerprint6A:6B:06:6C:38:1D:81:38:3D:3B:76:61:6D:C7:02:CD:B4:A1:F5:AD

ValidityTue, 30 Apr 2024 00:00:00 GMT - Wed, 30 Apr 2025 23:59:59 GMT

HTTP Headers

GET /shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Jul 2024 09:24:34 GMT
content-type: image/svg+xml
content-length: 276
cache-control: public, max-age=31536000
content-encoding: gzip
last-modified: Fri, 17 Jan 2020 19:28:34 GMT
etag: 0x8D79B8371B97A82
x-ms-request-id: 16be76cc-501e-0003-1c94-dd9898000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20240724T092434Z-r16f8dd6b4bw5wqkub4hzyyw1w00000000mg000000007ysp
x-fd-int-roxy-purgeid: 0
x-cache-info: L1_T2
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg

152.199.21.175

200 OK

673 B

URL

aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg

IP / ASN

152.199.21.175

#15133 EDGECAST

Requested byhttps://pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/auth.html

Resource Info

File typeSVG Scalable Vector Graphics image

First Seen2023-04-12

Last Seen2025-08-02

Times Seen84798

Size673 B (673 bytes)

MD5bc3d32a696895f78c19df6c717586a5d

SHA19191cb156a30a3ed79c44c0a16c95159e8ff689d

SHA2560e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msftauth.net

FingerprintB1:17:F7:9C:C3:3B:5F:54:73:D7:58:28:5F:C7:CE:E9:AC:39:CD:8F

ValiditySat, 25 May 2024 00:00:00 GMT - Sun, 25 May 2025 23:59:59 GMT

HTTP Headers

GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1
Host: aadcdn.msftauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 10479083
cache-control: public, max-age=31536000
content-md5: DhdidjYrlCeaRJJRG/y9mA==
content-type: image/svg+xml
date: Wed, 24 Jul 2024 09:24:34 GMT
etag: 0x8D7B007297AE131
last-modified: Wed, 12 Feb 2020 22:01:50 GMT
server: ECAcc (ska/F732)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 52d23733-f01e-004c-3a5c-7e7d2e000000
x-ms-version: 2009-09-19
content-length: 673
X-Firefox-Spdy: h2

GET pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/favicon.ico

104.18.3.35

404 Not Found

27 kB

URL

pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/favicon.ico

IP / ASN

104.18.3.35

#13335 CLOUDFLARENET

Requested byhttps://pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/auth.html

Resource Info

File typeHTML document, ASCII text, with very long lines (611)

First Seen2024-07-03

Last Seen2025-08-02

Times Seen17804

Size27 kB (27150 bytes)

MD546dd133ee00dc1bae5e4eeba7b88432f

SHA18af86a4ac91ce48c062216fb94a6e1d57618a19b

SHA2569eb52ee46c7ab5ea4ca0982415da99fded1b7d7354f75e50847bdae6cb44eb66

Certificate Info

IssuerLet's Encrypt

Subject*.r2.dev

Fingerprint00:AA:40:3F:3E:AE:B0:85:C2:A1:9B:9E:8B:A4:F4:21:D4:DE:DD:AC

ValidityMon, 03 Jun 2024 14:44:39 GMT - Sun, 01 Sep 2024 14:44:38 GMT

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/auth.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Wed, 24 Jul 2024 09:24:34 GMT
Content-Type: text/html
Content-Length: 27150
Connection: keep-alive
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8a82dba55d080b41-OSL

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-23

Last Seen2024-08-19

Times Seen12455

Size504 B (504 bytes)

MD540fddf2c68d16c233d33b4aa3346d094

SHA1742a80db38073ddbb885bcf49596bbe4233a4855

SHA25618ea2ffdf504aaa8501d4a6de9d56b8811c442cd1d36e4be4d4ef96599d56ce0

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "18EA2FFDF504AAA8501D4A6DE9D56B8811C442CD1D36E4BE4D4EF96599D56CE0"
Last-Modified: Tue, 23 Jul 2024 07:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9560
Expires: Wed, 24 Jul 2024 12:03:55 GMT
Date: Wed, 24 Jul 2024 09:24:35 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-23

Last Seen2024-08-19

Times Seen12455

Size504 B (504 bytes)

MD540fddf2c68d16c233d33b4aa3346d094

SHA1742a80db38073ddbb885bcf49596bbe4233a4855

SHA25618ea2ffdf504aaa8501d4a6de9d56b8811c442cd1d36e4be4d4ef96599d56ce0

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "18EA2FFDF504AAA8501D4A6DE9D56B8811C442CD1D36E4BE4D4EF96599D56CE0"
Last-Modified: Tue, 23 Jul 2024 07:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9560
Expires: Wed, 24 Jul 2024 12:03:55 GMT
Date: Wed, 24 Jul 2024 09:24:35 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-23

Last Seen2024-08-19

Times Seen12455

Size504 B (504 bytes)

MD540fddf2c68d16c233d33b4aa3346d094

SHA1742a80db38073ddbb885bcf49596bbe4233a4855

SHA25618ea2ffdf504aaa8501d4a6de9d56b8811c442cd1d36e4be4d4ef96599d56ce0

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "18EA2FFDF504AAA8501D4A6DE9D56B8811C442CD1D36E4BE4D4EF96599D56CE0"
Last-Modified: Tue, 23 Jul 2024 07:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9560
Expires: Wed, 24 Jul 2024 12:03:55 GMT
Date: Wed, 24 Jul 2024 09:24:35 GMT
Connection: keep-alive

GET forstmannleff.com/chng/prv.php.id

0.0.0.0

0 B

URL

forstmannleff.com/chng/prv.php.id

IP / ASN

0.0.0.0

Requested byhttps://pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/auth.html

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5607309

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /chng/prv.php.id HTTP/1.1
Host: forstmannleff.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev
DNT: 1
Connection: keep-alive
Referer: https://pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache