Report - alawaelafrica.com/.ojnew/tmp/YXZhbmJ1cmVuQHBvaW50c29mbGlnaHQub3Jn

Report Overview

Submitted URL
alawaelafrica.com/.ojnew/tmp/YXZhbmJ1cmVuQHBvaW50c29mbGlnaHQub3Jn
IP
65.108.234.151
ASN
#24940 Hetzner Online GmbH
Submitted
2023-06-05 06:53:08
Access
public
Website Title
Final URL
Tags
phishing microsoft outlook
urlquery detections
Phishing - Microsoft Outlook

Detections

urlquery
2
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
alawaelafrica.com	unknown	2023-02-28	2023-05-26	2023-05-30	521 B	394 B	65.108.234.151
0gpilhhtlb646b2a32a499c.ocupac.ru	unknown	2023-05-08	2023-05-26	2023-06-02	2.6 kB	78 kB	104.21.88.100
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20	2023-06-04	3.9 kB	279 kB	104.18.6.185

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator
2023-06-05	medium	ocupac.ru
2023-06-05	medium	ocupac.ru
2023-06-05	medium	ocupac.ru
2023-06-05	medium	ocupac.ru

ThreatFox

No alerts detected

JavaScript (10)

	URL	Size	First Seen	Last Seen
	challenges.cloudflare.com/turnstile/v0/g/68662470/api.js?onload=_cf_chl_turnstile_l&render=explicit	19 kB	2023-06-01	2023-06-07
Pretty URL challenges.cloudflare.com/turnstile/v0/g/68662470/api.js?onload=_cf_chl_turnstile_l&render=explicit IP 104.18.6.185 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-01 18:32:57 Last Seen2023-06-07 17:22:42 Times Seen576 Hash 21a964474a4841c3e62893476cfec550 af06eb1e31d451fe557b7581e707cd88a3107491 fb479d9c5db685793fd57b4cacb188d2aa9ab40d660d54e1cf35d0f54b390c12 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/12o3f/0x4AAAAAAADnPIDROrmt1Wwj/light/normal	2.1 kB	2023-06-05	2023-06-05
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/12o3f/0x4AAAAAAADnPIDROrmt1Wwj/light/normal IP 104.18.6.185 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-05 08:53:09 Last Seen2023-06-05 08:53:09 Times Seen1 Hash 65520530412e5ef03ecfb3cb299912b6 f6707a6ec07e656b438ca33a0719cd89e5f18c0c 0075c7dc7468f3bbc4eba1afdcc92ce466044f063dcbf274a003ed17ba1a7c6c Loading...

	0gpilhhtlb646b2a32a499c.ocupac.ru/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=7d267ec18c1dfab8	172 kB	2023-06-05	2023-06-05
Pretty URL 0gpilhhtlb646b2a32a499c.ocupac.ru/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=7d267ec18c1dfab8 IP 172.67.176.78 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-05 08:53:09 Last Seen2023-06-05 08:53:09 Times Seen2 Hash ea734716a04db456b1ed766e214adcc1 33282534f12fa0236383ea3e32a62e2e187c69fb e9608d3fe3bf2da80a1396be44770a45a842e488bb7bfcca83f09923723fd805 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7d267ec48ca1b51b	172 kB	2023-06-05	2023-06-05
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7d267ec48ca1b51b IP 104.18.6.185 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-05 08:53:09 Last Seen2023-06-05 08:53:09 Times Seen2 Hash cbccbf507bea895bbab1087ec30bc955 975510cc7c2ddc9cfe51a0a67438eba3d1be2947 fdbc64bf09dce67e948660ccb3bf4cbaa58c403e10d1a210b12ec0020d23a556 Loading...

	unknown	626 B	2023-04-19	2023-09-04
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-19 17:10:16 Last Seen2023-09-04 14:53:39 Times Seen4089 Hash 965d195078b6e2b66051d3ab5418dd70 e4589c5ee84bedf04d0ae10b25e4927ddfc7e6d0 99cf2ba13c494c699abf3062b1422e3e7b4fd1342e642d8a249afd52fa682b18 Loading...

	unknown	26 B	2023-04-11	2024-04-25
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:13:06 Last Seen2024-04-25 13:42:33 Times Seen115881 Hash 1c862db5f2555377c2dc1e62ed7b3981 c29e6dc25c08a70995127ec13ded6f80d9a36174 27d373a6961f797edf69a80f7f24877ef85c2fc4f9f770b2540b1bf5e66823ac Loading...

	0gpilhhtlb646b2a32a499c.ocupac.ru/Mavanburen@pointsoflight.org	0 B	2023-03-07	2024-04-25
Pretty URL 0gpilhhtlb646b2a32a499c.ocupac.ru/Mavanburen@pointsoflight.org IP 104.21.88.100 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-25 14:49:20 Times Seen37064292 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 9e925e9341b490bfd3b4c4ca3b0c1ef2	4 B	2023-03-07	2024-04-25
Pretty Observations First Seen2023-03-07 01:03:43 Last Seen2024-04-25 14:30:27 Times Seen349544 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	#2 Eval - 074f6df274aeaac99298fea73e07a0b0	1.0 kB	2023-06-05	2023-06-05
Pretty Observations First Seen2023-06-05 08:53:09 Last Seen2023-06-05 08:53:09 Times Seen1 Hash 074f6df274aeaac99298fea73e07a0b0 92344bca0d2973c234459127d4014a39ea1e2ff4 9a0ff9107507448946b2a48cac2a71223c9dde5f49338ae61c3ec58e0df3b8fc Loading...

	#3 Eval - e931c994afa60ba25cfdc9ebd36a699d	2.3 kB	2023-06-05	2023-06-05
Pretty Observations First Seen2023-06-05 08:53:09 Last Seen2023-06-05 08:53:09 Times Seen1 Hash e931c994afa60ba25cfdc9ebd36a699d 017d4b1a01690367f99ec1ea3b80a34e536866cd aa28672816977e718ec7a974a03816df2674e6a4a43204c8b5d787df746a96ba Loading...

HTTP Transactions (12)

URL IP Response Size

alawaelafrica.com/.ojnew/tmp/YXZhbmJ1cmVuQHBvaW50c29mbGlnaHQub3Jn

65.108.234.151

302 Found

115 B

URL User Request GET HTTP/1.1
alawaelafrica.com/.ojnew/tmp/YXZhbmJ1cmVuQHBvaW50c29mbGlnaHQub3Jn
IP
65.108.234.151:443
ASN
#24940 Hetzner Online GmbH

Certificate
IssuerLet's Encrypt
Subject*.alawaelafrica.com
Fingerprint0C:96:6B:AB:EF:3F:05:6B:41:01:84:52:29:4C:B1:C2:93:64:EB:89
ValidityThu, 18 May 2023 17:04:53 GMT - Wed, 16 Aug 2023 17:04:52 GMT

File type
ASCII text, with no line terminators
Size
115 B (115 bytes)
Hash
9540b63e6c1da3d9654dbb824092efd6
21757e22168e8b23588ad67c04298b30de9f4352
22eb7aa9738047933e0b6ad5b0b09090689ed83c3663f35703b00bed13fb833e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /.ojnew/tmp/YXZhbmJ1cmVuQHBvaW50c29mbGlnaHQub3Jn HTTP/1.1
Host: alawaelafrica.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Mon, 05 Jun 2023 06:52:50 GMT
Server: Apache
Location: https://0gpilhhtlb646b2a32a499c.ocupac.ru/Mavanburen@pointsoflight.org
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

0gpilhhtlb646b2a32a499c.ocupac.ru/Mavanburen@pointsoflight.org

104.21.88.100

403 Forbidden

3.6 kB

URL User Request GET HTTP/2
0gpilhhtlb646b2a32a499c.ocupac.ru/Mavanburen@pointsoflight.org
IP
104.21.88.100:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectocupac.ru
Fingerprint55:23:8F:A1:07:E8:A6:35:20:AA:B3:68:A6:24:AE:D8:92:FD:5C:0C
ValidityWed, 10 May 2023 04:25:15 GMT - Tue, 08 Aug 2023 04:25:14 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1790), with CRLF, LF line terminators
Size
3.6 kB (3647 bytes)
Hash
65904afa6171edbe707d141cba464b9b
0d94860e24ca1fd05552b4189dae7717f7715f26
55d4be4976babde8afb96f0cc3d7c478dacf4cd8a0177df4662a9b0c3ccad44b

HTTP Headers

GET /Mavanburen@pointsoflight.org HTTP/1.1
Host: 0gpilhhtlb646b2a32a499c.ocupac.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Mon, 05 Jun 2023 06:52:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O%2BPULbBJKMSyEVWNxjOdKnSXZ8f1kI3mEBmeuT1a7KiFsHApPbYJ9mk0lExvvs0dZxsIV%2B8CNMjsL710H5eJJzP1AxjH41tV5trYPIs814nnqZ3OKpK9yrM8FkJZ3POFMOuwvhUjxgoNPZ3GPWi1D8Z4YA8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d267ec18c1dfab8-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

0gpilhhtlb646b2a32a499c.ocupac.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7d267ec18c1dfab8

172.67.176.78

200 OK

42 B

URL GET HTTP/1.1
0gpilhhtlb646b2a32a499c.ocupac.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7d267ec18c1dfab8
IP
172.67.176.78:80
ASN
#13335 CLOUDFLARENET

Requested by
http://0gpilhhtlb646b2a32a499c.ocupac.ru/Mavanburen@pointsoflight.org

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /cdn-cgi/images/trace/managed/js/transparent.gif?ray=7d267ec18c1dfab8 HTTP/1.1
Host: 0gpilhhtlb646b2a32a499c.ocupac.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://0gpilhhtlb646b2a32a499c.ocupac.ru/Mavanburen@pointsoflight.org
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 05 Jun 2023 06:52:50 GMT
Content-Type: image/gif
Content-Length: 42
Connection: keep-alive
Last-Modified: Tue, 30 May 2023 15:20:42 GMT
ETag: "6476144a-2a"
Server: cloudflare
CF-RAY: 7d267ec29da60b55-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Mon, 05 Jun 2023 08:52:50 GMT
Cache-Control: max-age=7200, public
Accept-Ranges: bytes

0gpilhhtlb646b2a32a499c.ocupac.ru/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=7d267ec18c1dfab8

172.67.176.78

200 OK

59 kB

URL GET HTTP/1.1
0gpilhhtlb646b2a32a499c.ocupac.ru/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=7d267ec18c1dfab8
IP
172.67.176.78:80
ASN
#13335 CLOUDFLARENET

Requested by
http://0gpilhhtlb646b2a32a499c.ocupac.ru/Mavanburen@pointsoflight.org

File type
ASCII text, with very long lines (65536), with no line terminators
Size
59 kB (58932 bytes)
Hash
ea734716a04db456b1ed766e214adcc1
33282534f12fa0236383ea3e32a62e2e187c69fb
e9608d3fe3bf2da80a1396be44770a45a842e488bb7bfcca83f09923723fd805

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=7d267ec18c1dfab8 HTTP/1.1
Host: 0gpilhhtlb646b2a32a499c.ocupac.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://0gpilhhtlb646b2a32a499c.ocupac.ru/Mavanburen@pointsoflight.org?__cf_chl_rt_tk=ghNXug5jKK6q7pIc1gf1exftzhFYT3MdNHufgdG5EbA-1685947970-0-gaNycGzNBtA
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 05 Jun 2023 06:52:50 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: max-age=0, must-revalidate
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uOCcmAwuoHqRvjaSLvcOvNqbTnLyR4ZleWpVB9dRXANs69HUT2LuDfUJH7MawngdXQtMrabOckcacCMH8KYPKF6mW0avj1huWA%2BvRGs8E4KXtLjzjYGUFv3AZX2fE8RgBK1%2BsMlKpFsnqR99Y0%2BJLlHC20E%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7d267ec29c34b50c-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

0gpilhhtlb646b2a32a499c.ocupac.ru/favicon.ico

172.67.176.78

403 Forbidden

3.7 kB

URL GET HTTP/1.1
0gpilhhtlb646b2a32a499c.ocupac.ru/favicon.ico
IP
172.67.176.78:80
ASN
#13335 CLOUDFLARENET

Requested by
http://0gpilhhtlb646b2a32a499c.ocupac.ru/Mavanburen@pointsoflight.org

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1833), with CRLF, LF line terminators
Size
3.7 kB (3655 bytes)
Hash
0293f936f7b5616034525fa9f10cca02
903512df435648ca46c9c7c25f5dde8af815a6f7
cde5911bea41d2cecc9e2167a709159b954825b90700c42147cc3b85efe400fb

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 0gpilhhtlb646b2a32a499c.ocupac.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://0gpilhhtlb646b2a32a499c.ocupac.ru/Mavanburen@pointsoflight.org?__cf_chl_rt_tk=ghNXug5jKK6q7pIc1gf1exftzhFYT3MdNHufgdG5EbA-1685947970-0-gaNycGzNBtA
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Mon, 05 Jun 2023 06:52:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s%2FCr4kHLC20ojs1%2Ff4y7dk6lXfVR845U1v5URBROVtq5aXXZHF9S1lu4Od4bNSe8JYwdn4%2F1u2KZVJhTwaqIXMLYMb3wxqYLc3fMU3KJgUuITuoSOA%2BkJG5XMam57GrsEawtLZd7d62skn5aWOlXGwT9SpI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d267ec2cc5eb50c-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

challenges.cloudflare.com/turnstile/v0/g/68662470/api.js?onload=_cf_chl_turnstile_l&render=explicit

104.18.6.185

200 OK

12 kB

URL GET HTTP/2
challenges.cloudflare.com/turnstile/v0/g/68662470/api.js?onload=_cf_chl_turnstile_l&render=explicit
IP
104.18.6.185:443
ASN
#13335 CLOUDFLARENET

Requested by
http://0gpilhhtlb646b2a32a499c.ocupac.ru/Mavanburen@pointsoflight.org
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT

File type
ASCII text, with very long lines (19175)
Size
12 kB (12284 bytes)
Hash
21a964474a4841c3e62893476cfec550
af06eb1e31d451fe557b7581e707cd88a3107491
fb479d9c5db685793fd57b4cacb188d2aa9ab40d660d54e1cf35d0f54b390c12

HTTP Headers

GET /turnstile/v0/g/68662470/api.js?onload=_cf_chl_turnstile_l&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://0gpilhhtlb646b2a32a499c.ocupac.ru
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 05 Jun 2023 06:52:51 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d267ec38d43b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

0gpilhhtlb646b2a32a499c.ocupac.ru/cdn-cgi/challenge-platform/h/g/flow/ov1/1935437789:1685945398:YO5cWvQZ8zDy-MEaccFCuZFoE_BZBgpQtzOXPkddCBA/7d267ec18c1dfab8/c0a666d281249e7

172.67.176.78

200 OK

7.4 kB

URL POST HTTP/1.1
0gpilhhtlb646b2a32a499c.ocupac.ru/cdn-cgi/challenge-platform/h/g/flow/ov1/1935437789:1685945398:YO5cWvQZ8zDy-MEaccFCuZFoE_BZBgpQtzOXPkddCBA/7d267ec18c1dfab8/c0a666d281249e7
IP
172.67.176.78:80
ASN
#13335 CLOUDFLARENET

Requested by
http://0gpilhhtlb646b2a32a499c.ocupac.ru/Mavanburen@pointsoflight.org

File type
ASCII text, with very long lines (7416), with no line terminators
Size
7.4 kB (7416 bytes)
Hash
bafd2ad184f6145012e86f7c568e525c
27ab3a4f89167fd1e2ff81f8b3ccbab3d7fe1f36
842bb73d5d757d3f11b2acc8fb973d3dae3af6aa78ff318cb4ca4b055f1f9c92

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1935437789:1685945398:YO5cWvQZ8zDy-MEaccFCuZFoE_BZBgpQtzOXPkddCBA/7d267ec18c1dfab8/c0a666d281249e7 HTTP/1.1
Host: 0gpilhhtlb646b2a32a499c.ocupac.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://0gpilhhtlb646b2a32a499c.ocupac.ru/Mavanburen@pointsoflight.org
Content-type: application/x-www-form-urlencoded
CF-Challenge: c0a666d281249e7
Content-Length: 1826
Origin: http://0gpilhhtlb646b2a32a499c.ocupac.ru
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 05 Jun 2023 06:52:51 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: b8RIrG9S9JTfBwJPOX0kXd+s4ltbmz3sshxTYHff63qS74tkt/RDuODPSQQrj1wd$j2s1IbE+Onz4AlgHAdl+tw==
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zZp3SrFZeaCQ6Pt53aZoXPVYCqTe4GSwb%2BmxvdyBXX6m40Gd5ZJrujq7%2BTXHHim%2F1JACgEacGJH%2Fol5JNVcC%2Feg2z6fK0%2FzCPpw9B7z3Qdk4qMt2T29%2FbJGWGtkkHnKaBxrS6qm3NFZzNdq319gkkV6HKXc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7d267ec40f9c0b55-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/12o3f/0x4AAAAAAADnPIDROrmt1Wwj/light/normal

104.18.6.185

200 OK

24 kB

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/12o3f/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
IP
104.18.6.185:443
ASN
#13335 CLOUDFLARENET

Requested by
http://0gpilhhtlb646b2a32a499c.ocupac.ru/Mavanburen@pointsoflight.org
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (10899)
Size
24 kB (24085 bytes)
Hash
f54567a6090ad94dce3b85176213f4f1
afa77fa51f64774113aba9e1c4515cae38cfb3cb
9b9e4847e9f2689bc69c7741e6c31b30ea56f7554ae5703b90db0b481322a0ad

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/12o3f/0x4AAAAAAADnPIDROrmt1Wwj/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 06:52:51 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=0, must-revalidate
content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self'
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
document-policy: js-profiling
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare
cf-ray: 7d267ec48ca1b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7d267ec48ca1b51b

104.18.6.185

200 OK

172 kB

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7d267ec48ca1b51b
IP
104.18.6.185:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/12o3f/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
172 kB (172057 bytes)
Hash
cbccbf507bea895bbab1087ec30bc955
975510cc7c2ddc9cfe51a0a67438eba3d1be2947
fdbc64bf09dce67e948660ccb3bf4cbaa58c403e10d1a210b12ec0020d23a556

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7d267ec48ca1b51b HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/12o3f/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 06:52:51 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, must-revalidate
server: cloudflare
cf-ray: 7d267ec4fd0cb51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/img/7d267ec48ca1b51b/1685947971558/eEwrsTS6yhVePCg

104.18.6.185

200 OK

61 B

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/img/7d267ec48ca1b51b/1685947971558/eEwrsTS6yhVePCg
IP
104.18.6.185:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/12o3f/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT

File type
PNG image data, 36 x 71, 8-bit/color RGB, non-interlaced\012- data
Size
61 B (61 bytes)
Hash
97c4a17ce0f880ee9f57344d700403aa
9052c546b24ccacd8dd9d203739e4b62bef7d71b
259efd95b3d346c94efca543bd902d8fef5b9580302a10b8eb5213a347706dc0

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/img/7d267ec48ca1b51b/1685947971558/eEwrsTS6yhVePCg HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/12o3f/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 06:52:51 GMT
content-type: image/png
server: cloudflare
cf-ray: 7d267ec8a9a9b51b-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1144101922:1685945382:SFhjAUlcHA_Iv6SaFzNatLJqofYRU17AQDyaxl1DTJQ/7d267ec48ca1b51b/089bfd3be27d3c8

104.18.6.185

200 OK

54 kB

URL POST HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1144101922:1685945382:SFhjAUlcHA_Iv6SaFzNatLJqofYRU17AQDyaxl1DTJQ/7d267ec48ca1b51b/089bfd3be27d3c8
IP
104.18.6.185:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/12o3f/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT

File type
ASCII text, with very long lines (54440), with no line terminators
Size
54 kB (54440 bytes)
Hash
89e929db3db6bab296654a27a8f55deb
2dc891cdb97216c5d1253dcb2fac52c5aab5c547
871a850e18a3c6a550355c27912f22b0f350b6f69ff6c951028257b18f46d4f4

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1144101922:1685945382:SFhjAUlcHA_Iv6SaFzNatLJqofYRU17AQDyaxl1DTJQ/7d267ec48ca1b51b/089bfd3be27d3c8 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/12o3f/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 089bfd3be27d3c8
Content-Length: 2788
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 06:52:51 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: RXMMRBwMid/zkvEyv7y9lgUOxLwaR7vK66LCmNw1ejb01pEUf2kKGUjYwU7LJ5AiMYoN556ZujjaC9P1xI9GfPL3BvPCd35zkzroVHakB3QMDM6zdws2G274arH7w1cAAQbnNwUjGGnxlZouNmY7iojnvmr47vjuwcEveSroUo/H0qYWdGTO6YzXGorn6iQf01eo6CNAUsSiH3pLJ3GSR614sL72p6VrwQy+fdHWbP8v0oxvJwgZCkUaduB5OYS+KHyvB5msziQQk3FukYfDHpm8agrekNgVlfeob/xyGJKWPteOY24e7LKDOtnslT4USMRjN2MpoaRf0FuBuGvr8PZQFSo6mKp1dsVKqbPpaWk=$EuQor9OPUKS7R+0R5J8tuA==
server: cloudflare
cf-ray: 7d267ec62e81b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1144101922:1685945382:SFhjAUlcHA_Iv6SaFzNatLJqofYRU17AQDyaxl1DTJQ/7d267ec48ca1b51b/089bfd3be27d3c8

104.18.6.185

200 OK

13 kB

URL POST HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1144101922:1685945382:SFhjAUlcHA_Iv6SaFzNatLJqofYRU17AQDyaxl1DTJQ/7d267ec48ca1b51b/089bfd3be27d3c8
IP
104.18.6.185:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/12o3f/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT

File type
ASCII text, with very long lines (13232), with no line terminators
Size
13 kB (13232 bytes)
Hash
f81624a4ce35cc330587a1a36d51177a
bdeef4d763e57463ffc846eaa67fa86754af7ce5
c6b0163af349fb066d7301f20fced6066aaa9bc0ea8949e61a321d4238e1211d

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1144101922:1685945382:SFhjAUlcHA_Iv6SaFzNatLJqofYRU17AQDyaxl1DTJQ/7d267ec48ca1b51b/089bfd3be27d3c8 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/12o3f/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 089bfd3be27d3c8
Content-Length: 21175
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 06:52:54 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: QV5LjjMApAyBuKwHyVy19gHtqh2ThLKPdnpp3SQXvjVWFViVS5LcM+MxgbYLFAHP$kj/yJftQZJpbZSG9u5gvKg==
server: cloudflare
cf-ray: 7d267ed5b9ddb51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (10)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (12)

URL User Request GET HTTP/1.1

IP

ASN

Certificate