Report - ospcrews.sa.com/verify/project/sf_rand_string_lowercase6/YmFyYmFyYS5iZW5uZXR0QG5tc3Mub3Jn

Report Overview

URL

ospcrews.sa.com/verify/project/sf_rand_string_lowercase6/YmFyYmFyYS5iZW5uZXR0QG5tc3Mub3Jn
IP

162.241.71.248

ASN

#46606 UNIFIEDLAYER-AS-1
Submitted

2023-05-29T00:17:02Z

Access

public
Tags

phishing microsoft outlook
urlquery detections

Phishing - Microsoft Outlook

Detections

urlquery

4
Network Intrusion Detection

0
Threat Detection Systems

7

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
ospcrews.sa.com (1)	unknown	2022-11-22 11:04:41	2023-05-28 14:07:59	545	266	162.241.71.248
cpxxuy.calasavacj.com (7)	unknown	2023-05-19 19:55:50	2023-05-28 14:08:00	4677	172346	172.67.158.215
unpkg.com (2)	11693	2016-01-08 00:26:01	2023-05-28 05:11:47	840	64801	104.16.125.175

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator
2023-05-29	medium	cpxxuy.calasavacj.com/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7cea8cf20a62b521
2023-05-29	medium	cpxxuy.calasavacj.com/jq/b11bcbfcabe29ebffadb5fd8092141206473eef4b6fcc
2023-05-29	medium	cpxxuy.calasavacj.com/beebb091955c06fa68b3eb8afc0bae516473eef4aa027PASbeebb091955c06fa68b3eb8afc0bae516473eef4aa028
2023-05-29	medium	cpxxuy.calasavacj.com/jm/b11bcbfcabe29ebffadb5fd8092141206473eef4b6fd4
2023-05-29	medium	cpxxuy.calasavacj.com/Mbarbara.bennett@nmss.org
2023-05-29	medium	cpxxuy.calasavacj.com/Mbarbara.bennett@nmss.org
2023-05-29	medium	cpxxuy.calasavacj.com/boot/b11bcbfcabe29ebffadb5fd8092141206473eef4b6fcf

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

HTTP Transactions (10)

URL IP Response Size

ospcrews.sa.com/verify/project/sf_rand_string_lowercase6/YmFyYmFyYS5iZW5uZXR0QG5tc3Mub3Jn

162.241.71.248

200 OK

URL User Request GET HTTP/1.1

ospcrews.sa.com/verify/project/sf_rand_string_lowercase6/YmFyYmFyYS5iZW5uZXR0QG5tc3Mub3Jn
IP

162.241.71.248:443
ASN

#46606 UNIFIEDLAYER-AS-1

Certificate

IssuerLet's Encrypt

Subjectospcrews.sa.com

FingerprintC1:FB:E1:3B:30:EC:94:D8:D9:F9:A0:B5:8E:1B:9F:98:8D:11:20:AA

ValidityWed, 24 May 2023 05:56:20 GMT - Tue, 22 Aug 2023 05:56:19 GMT

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

                                        GET /verify/project/sf_rand_string_lowercase6/YmFyYmFyYS5iZW5uZXR0QG5tc3Mub3Jn HTTP/1.1
Host: ospcrews.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Mon, 29 May 2023 00:16:44 GMT
Server: Apache
refresh: 0;url=https://cpxxuy.calasavacj.com/Mbarbara.bennett@nmss.org
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

cpxxuy.calasavacj.com/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7cea8cf20a62b521

172.67.158.215

URL

cpxxuy.calasavacj.com/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7cea8cf20a62b521
IP

172.67.158.215:0
ASN

#13335 CLOUDFLARENET

Magic

GIF image data, version 89a, 1 x 1\012- data

Size

42
Hash

d89746888da2d9510b64a9f031eaecd5

d5fceb6532643d0d84ffe09c40c481ecdf59e15a

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /cdn-cgi/images/trace/managed/js/transparent.gif?ray=7cea8cf20a62b521 HTTP/1.1
Host: cpxxuy.calasavacj.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cpxxuy.calasavacj.com/Mbarbara.bennett@nmss.org
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 00:16:46 GMT
content-type: image/gif
content-length: 42
last-modified: Thu, 25 May 2023 08:39:03 GMT
etag: "646f1ea7-2a"
server: cloudflare
cf-ray: 7cea8cf34fc4b4fa-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Mon, 29 May 2023 02:16:46 GMT
cache-control: max-age=7200, public
accept-ranges: bytes

cpxxuy.calasavacj.com/jq/b11bcbfcabe29ebffadb5fd8092141206473eef4b6fcc

172.67.158.215

200 OK

85578

URL GET HTTP/3

cpxxuy.calasavacj.com/jq/b11bcbfcabe29ebffadb5fd8092141206473eef4b6fcc
IP

172.67.158.215:443
ASN

#13335 CLOUDFLARENET

Requested by

https://cpxxuy.calasavacj.com/beebb091955c06fa68b3eb8afc0bae516473eef4aa027PASbeebb091955c06fa68b3eb8afc0bae516473eef4aa028
Certificate

IssuerLet's Encrypt

Subjectcalasavacj.com

Fingerprint1E:85:E1:07:C9:3A:7C:1D:81:CB:13:91:E0:4F:E1:06:F2:84:24:0D

ValidityThu, 18 May 2023 06:32:53 GMT - Wed, 16 Aug 2023 06:32:52 GMT

Magic

ASCII text, with very long lines (32065)

Size

85578
Hash

2f6b11a7e914718e0290410e85366fe9

69bb69e25ca7d5ef0935317584e6153f3fd9a88c

05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /jq/b11bcbfcabe29ebffadb5fd8092141206473eef4b6fcc HTTP/1.1
Host: cpxxuy.calasavacj.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cpxxuy.calasavacj.com/beebb091955c06fa68b3eb8afc0bae516473eef4aa027PASbeebb091955c06fa68b3eb8afc0bae516473eef4aa028
Cookie: cf_clearance=wKrgzzTQja8LIH5AFhn8sQVVrkdofsAJvP.HXjxawyI-1685319406-0-160; PHPSESSID=b6d964272fa7b4da0850143de38c7ce2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 00:16:53 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Mon, 05 Jun 2023 00:16:52 GMT
last-modified: Mon, 22 May 2023 10:06:03 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BpEGFw4RtpsgL9BbwyYqwhcB4ss7qcK0Ac9KOdjZQKX1DRizfkNTuy%2FR6aRkdFd2TkLZ%2FqCNbZ96AbDcJ%2FJWf9Mq%2FmvGeAMIFiX4O8pdxa8f9wCm0SwNEkjyZ7%2FzCTQiEfhYXgXwbCA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cea8d1c79c1b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cpxxuy.calasavacj.com/beebb091955c06fa68b3eb8afc0bae516473eef4aa027PASbeebb091955c06fa68b3eb8afc0bae516473eef4aa028

172.67.158.215

200 OK

7351

URL User Request GET HTTP/3

cpxxuy.calasavacj.com/beebb091955c06fa68b3eb8afc0bae516473eef4aa027PASbeebb091955c06fa68b3eb8afc0bae516473eef4aa028
IP

172.67.158.215:443
ASN

#13335 CLOUDFLARENET

Certificate

IssuerLet's Encrypt

Subjectcalasavacj.com

Fingerprint1E:85:E1:07:C9:3A:7C:1D:81:CB:13:91:E0:4F:E1:06:F2:84:24:0D

ValidityThu, 18 May 2023 06:32:53 GMT - Wed, 16 Aug 2023 06:32:52 GMT

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7407), with no line terminators

Size

7351
Hash

c250dc9db4e0cf9f6bc208a33699fe6d

21d780309f4c1fcc0153ca08ccc346cbc8b8e94a

9afc0f7ea8c43ef904556568f37af3584ad668804f962ac59bc431e3837ea3b3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /beebb091955c06fa68b3eb8afc0bae516473eef4aa027PASbeebb091955c06fa68b3eb8afc0bae516473eef4aa028 HTTP/1.1
Host: cpxxuy.calasavacj.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cpxxuy.calasavacj.com/Mbarbara.bennett@nmss.org?__cf_chl_tk=JmnlcE27bevpT0KgufnKFLina5KWjwsxSB2IoeEx6Kg-1685319406-0-gaNycGzNDWU
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=wKrgzzTQja8LIH5AFhn8sQVVrkdofsAJvP.HXjxawyI-1685319406-0-160; PHPSESSID=b6d964272fa7b4da0850143de38c7ce2
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 00:16:53 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QeVmrpHIqell4TjoRtgmrrvssYH2eHSBSKWrPefH%2B3Tb%2FJ7hcIKnSwsD7H53pHBrTVCdzi4CsgmfF0OPgYI%2F0WLYY5CCCCij7Xtn0Gd27iJIWn3%2F%2BXFMJ%2FYSqLmUIucl%2BypUbB5EHTg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cea8d1b2901b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cpxxuy.calasavacj.com/jm/b11bcbfcabe29ebffadb5fd8092141206473eef4b6fd4

172.67.158.215

200 OK

7309

URL GET HTTP/3

cpxxuy.calasavacj.com/jm/b11bcbfcabe29ebffadb5fd8092141206473eef4b6fd4
IP

172.67.158.215:443
ASN

#13335 CLOUDFLARENET

Requested by

https://cpxxuy.calasavacj.com/beebb091955c06fa68b3eb8afc0bae516473eef4aa027PASbeebb091955c06fa68b3eb8afc0bae516473eef4aa028
Certificate

IssuerLet's Encrypt

Subjectcalasavacj.com

Fingerprint1E:85:E1:07:C9:3A:7C:1D:81:CB:13:91:E0:4F:E1:06:F2:84:24:0D

ValidityThu, 18 May 2023 06:32:53 GMT - Wed, 16 Aug 2023 06:32:52 GMT

Magic

ASCII text, with very long lines (7344), with no line terminators

Size

7309
Hash

f335e180c66cfa35ea3152a33884ec67

0b99d4d6d595e23b8c864f9c39d16813f886e850

7e317dfd820ab1a6759f565d267e82ecb5bd797b6fe89be4858f0174b709c324

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /jm/b11bcbfcabe29ebffadb5fd8092141206473eef4b6fd4 HTTP/1.1
Host: cpxxuy.calasavacj.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cpxxuy.calasavacj.com/beebb091955c06fa68b3eb8afc0bae516473eef4aa027PASbeebb091955c06fa68b3eb8afc0bae516473eef4aa028
Cookie: cf_clearance=wKrgzzTQja8LIH5AFhn8sQVVrkdofsAJvP.HXjxawyI-1685319406-0-160; PHPSESSID=b6d964272fa7b4da0850143de38c7ce2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 00:16:54 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Mon, 05 Jun 2023 00:16:54 GMT
last-modified: Mon, 22 May 2023 10:06:03 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WwXtsND9Wwhy1IzfhUvwhXRlWznkiwHwqwMHA2R6kUxS23LEcpRW9e5LHgV7QpCAPHksHwVyUMaaRoYwN9dAIzRUnUt7F%2Bt0c9F3ovSfXui%2FruwzLlhoOW0fbvMtrentkG5vgCFvsDQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cea8d1c79c4b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

unpkg.com/axios@1.4.0/dist/axios.min.js

104.16.125.175

200 OK

31842

URL GET HTTP/2

unpkg.com/axios@1.4.0/dist/axios.min.js
IP

104.16.125.175:443
ASN

#13335 CLOUDFLARENET

Requested by

https://cpxxuy.calasavacj.com/beebb091955c06fa68b3eb8afc0bae516473eef4aa027PASbeebb091955c06fa68b3eb8afc0bae516473eef4aa028
Certificate

IssuerCloudflare, Inc.

Subjectsni.cloudflaressl.com

FingerprintF7:B6:41:CA:15:FD:D1:0C:27:39:55:5D:C5:CE:3F:1C:A6:BB:9D:6F

ValidityTue, 02 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT

Magic

ASCII text, with very long lines (31803)

Size

31842
Hash

6470a918ba1fd4b8d0882df0269ddb82

97814fdab64aa7d1b30f082f9eb272d4b1ce18a2

fd4ce12a87594281afcee9c73a40fe7acc282bcc9e764fbb3afa1481a96a091e

HTTP Headers

                                        GET /axios@1.4.0/dist/axios.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cpxxuy.calasavacj.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
date: Mon, 29 May 2023 00:16:53 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"7c62-l4FP2rZKp9GzDwgvnrJy1LHOGKI"
via: 1.1 fly.io
fly-request-id: 01GZP8TZEXW4PFCT61FHX2WRTS-fra
cf-cache-status: HIT
age: 2018505
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7cea8d1cc8100afe-OSL
content-encoding: br
X-Firefox-Spdy: h2

cpxxuy.calasavacj.com/Mbarbara.bennett@nmss.org

172.67.158.215

403 Forbidden

8092

URL User Request GET HTTP/2

cpxxuy.calasavacj.com/Mbarbara.bennett@nmss.org
IP

172.67.158.215:443
ASN

#13335 CLOUDFLARENET

Certificate

IssuerLet's Encrypt

Subjectcalasavacj.com

Fingerprint1E:85:E1:07:C9:3A:7C:1D:81:CB:13:91:E0:4F:E1:06:F2:84:24:0D

ValidityThu, 18 May 2023 06:32:53 GMT - Wed, 16 Aug 2023 06:32:52 GMT

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (8260), with no line terminators

Size

8092
Hash

12eb2d4d8641ea4ffde1389ecd806047

44296a3aad6cbb56f373ea35e8a5caecae2b6568

910710b5a8de8e6ee34c3b2be17fad36fc6a625e4af7a4ec703dad81d5602d0d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook
fortinet	Phishing

HTTP Headers

                                        GET /Mbarbara.bennett@nmss.org HTTP/1.1
Host: cpxxuy.calasavacj.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 403 Forbidden
date: Mon, 29 May 2023 00:16:46 GMT
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VVNVoqdrnWzz6BSeOEcZ2Tql%2Bexm6PL3GUg9y3P1K6UnV%2BzCneHjVJaTdvY1WWSg9EPyzXYqdvimBH6eYLsiAp1iAPQ%2FILWNE92aE8b8pfhU7b59%2BUnmaHtRyZIZST0eqCADXTVVFPA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cea8cf20a62b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

unpkg.com/axios/dist/axios.min.js

104.16.125.175

302 Found

31842

URL GET HTTP/2

unpkg.com/axios/dist/axios.min.js
IP

104.16.125.175:443
ASN

#13335 CLOUDFLARENET

Requested by

https://cpxxuy.calasavacj.com/beebb091955c06fa68b3eb8afc0bae516473eef4aa027PASbeebb091955c06fa68b3eb8afc0bae516473eef4aa028
Certificate

IssuerCloudflare, Inc.

Subjectsni.cloudflaressl.com

FingerprintF7:B6:41:CA:15:FD:D1:0C:27:39:55:5D:C5:CE:3F:1C:A6:BB:9D:6F

ValidityTue, 02 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT

Magic

Size

31842
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /axios/dist/axios.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cpxxuy.calasavacj.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 302 Found
date: Mon, 29 May 2023 00:16:53 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /axios@1.4.0/dist/axios.min.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01H1JDPW8WV8HZ0NJ3GBPT959W-fra
cf-cache-status: HIT
age: 131
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7cea8d1ca80b0afe-OSL
X-Firefox-Spdy: h2

cpxxuy.calasavacj.com/Mbarbara.bennett@nmss.org

172.67.158.215

302 Found

7351

URL User Request POST HTTP/3

cpxxuy.calasavacj.com/Mbarbara.bennett@nmss.org
IP

172.67.158.215:443
ASN

#13335 CLOUDFLARENET

Certificate

IssuerLet's Encrypt

Subjectcalasavacj.com

Fingerprint1E:85:E1:07:C9:3A:7C:1D:81:CB:13:91:E0:4F:E1:06:F2:84:24:0D

ValidityThu, 18 May 2023 06:32:53 GMT - Wed, 16 Aug 2023 06:32:52 GMT

Magic

Size

7351
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook
fortinet	Phishing

HTTP Headers

                                        POST /Mbarbara.bennett@nmss.org HTTP/1.1
Host: cpxxuy.calasavacj.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cpxxuy.calasavacj.com/Mbarbara.bennett@nmss.org?__cf_chl_tk=JmnlcE27bevpT0KgufnKFLina5KWjwsxSB2IoeEx6Kg-1685319406-0-gaNycGzNDWU
Content-Type: application/x-www-form-urlencoded
Content-Length: 3595
Origin: https://cpxxuy.calasavacj.com
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 302 Found
date: Mon, 29 May 2023 00:16:52 GMT
content-type: text/html; charset=UTF-8
location: ./beebb091955c06fa68b3eb8afc0bae516473eef4aa027PASbeebb091955c06fa68b3eb8afc0bae516473eef4aa028
set-cookie: cf_clearance=wKrgzzTQja8LIH5AFhn8sQVVrkdofsAJvP.HXjxawyI-1685319406-0-160; path=/; expires=Tue, 28-May-24 00:16:51 GMT; domain=.calasavacj.com; HttpOnly; Secure; SameSite=None
PHPSESSID=b6d964272fa7b4da0850143de38c7ce2; path=/; secure
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vwWBbOaTldHYppMPaGN5Xe3ThyGIy4CygA%2FfPrXqvH9en96V21xBWyVJcBGLV8alA33lcJLhGFazzxKtezVyW%2F5Wsz8qiQlDqusNW75c%2FbzpS6TcioD6Hbm3z6d8PreXEhNAn1hTk%2FY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cea8d0faa60b4fa-OSL
alt-svc: h3=":443"; ma=86400

cpxxuy.calasavacj.com/boot/b11bcbfcabe29ebffadb5fd8092141206473eef4b6fcf

172.67.158.215

200 OK

51039

URL GET HTTP/3

cpxxuy.calasavacj.com/boot/b11bcbfcabe29ebffadb5fd8092141206473eef4b6fcf
IP

172.67.158.215:443
ASN

#13335 CLOUDFLARENET

Requested by

https://cpxxuy.calasavacj.com/beebb091955c06fa68b3eb8afc0bae516473eef4aa027PASbeebb091955c06fa68b3eb8afc0bae516473eef4aa028
Certificate

IssuerLet's Encrypt

Subjectcalasavacj.com

Fingerprint1E:85:E1:07:C9:3A:7C:1D:81:CB:13:91:E0:4F:E1:06:F2:84:24:0D

ValidityThu, 18 May 2023 06:32:53 GMT - Wed, 16 Aug 2023 06:32:52 GMT

Magic

ASCII text, with very long lines (50758)

Size

51039
Hash

67176c242e1bdc20603c878dee836df3

27a71b00383d61ef3c489326b3564d698fc1227c

56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /boot/b11bcbfcabe29ebffadb5fd8092141206473eef4b6fcf HTTP/1.1
Host: cpxxuy.calasavacj.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cpxxuy.calasavacj.com/beebb091955c06fa68b3eb8afc0bae516473eef4aa027PASbeebb091955c06fa68b3eb8afc0bae516473eef4aa028
Cookie: cf_clearance=wKrgzzTQja8LIH5AFhn8sQVVrkdofsAJvP.HXjxawyI-1685319406-0-160; PHPSESSID=b6d964272fa7b4da0850143de38c7ce2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 00:16:53 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Mon, 05 Jun 2023 00:16:53 GMT
last-modified: Mon, 22 May 2023 10:06:03 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lBfgnzmsG3rHpyblO5kVW8MZKXrjlgjseRsnyvHxVU4ZSX3A%2BrBeoY1x3doIw%2BJCfm6HQHci%2BqWOV3tpu5cKZfMFUpp8u4s92%2B8fMICzvdwoVP0QWevJjfqV%2F3YzkyRU9jEeUM18LYg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cea8d1c79c2b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (10)

#1 JS:Script (size: 85578)

#2 JS:Script (size: 51039)

#3 JS:Script (size: 79)

#4 JS:Script (size: 34)

#5 JS:Script (size: 37)

#6 JS:Script (size: 7309)

#1 JS:Eval (size: 4)

#2 JS:Eval (size: 768915)

#3 JS:Eval (size: 1080)

#4 JS:Eval (size: 2241)

HTTP Transactions (10)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

Magic

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

Magic

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

Magic

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/3

IP

ASN

Certificate

Magic

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

Magic

Size

Hash

Detections