Report - wealthsciences.com.au/privacy/txscan.html

Report Overview

Visited public
2025-01-31 10:38:22
Tags
phishing microsoft outlook suspicious
URL
wealthsciences.com.au/privacy/txscan.html
Finishing URL
25ru.gratzeware.ru/7axa6RvO/#QTerry@gmail.com
IP / ASN
192.185.96.105
#19871 NETWORK-SOLUTIONS-HOSTING
Title
Phishing - Microsoft Outlook
Suspicious - Anti-debugging code

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
qolgx.ntonteral.ru	unknown	unknown	No data	No data	450 B	275 B	104.21.96.1
developers.cloudflare.com	592034	2009-02-17	2012-09-07	2025-01-28	449 B	1.7 kB	104.16.2.189
cdn-icons-png.flaticon.com	79607	2013-05-10	2021-09-02	2025-01-24	472 B	18 kB	23.36.76.201
cdnjs.cloudflare.com	235	2009-02-17	2012-05-23	2025-01-29	452 B	15 kB	104.17.25.14
code.jquery.com	634	2005-12-10	2012-05-21	2025-01-29	424 B	32 kB	151.101.194.137
meta-q.cdn.bubble.io	unknown	2008-01-05	2023-10-29	2025-01-29	485 B	23 kB	104.17.124.183
25ru.gratzeware.ru	unknown	2025-01-05	2025-01-31	2025-01-31	2.4 kB	501 kB	172.67.159.137
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20	2025-01-29	930 B	66 kB	104.18.95.41
wealthsciences.com.au	unknown	unknown	2025-01-31	2025-01-31	507 B	4.3 kB	192.185.96.105
images.ctfassets.net	4623	2017-03-28	2017-09-20	2025-01-30	554 B	12 kB	54.240.174.51
i.pinimg.com	689	2010-05-29	2015-10-15	2025-01-25	568 B	123 kB	151.101.64.84

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (8)

	URL	From	Size	First Seen	Last Seen
	unknown	ScriptElement	1.6 kB	2025-01-31	2025-01-31
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-31 10:38 Last Seen2025-01-31 10:38 Times Seen1 Hash 82bc7a27ef8bd0cafdb35ee5d1d11dda 95387a04a37db852b7b509e1263e476385043f72 56677f0f1ae5ce1b0dd58e9c6b8733260d0719e072a6ecb1f04f1c748c1dbbbc Loading...

	code.jquery.com/jquery-3.6.0.min.js	ScriptElement	90 kB	2023-03-07	2025-04-25
Pretty URL code.jquery.com/jquery-3.6.0.min.js IP 151.101.194.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-04-25 03:08 Times Seen200634 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js	ScriptElement	48 kB	2023-03-07	2025-04-25
Pretty URL cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31 Last Seen2025-04-25 02:49 Times Seen89691 Hash 2ca03ad87885ab983541092b87adb299 1a17f60bf776a8c468a185c1e8e985c41a50dc27 8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762 Loading...

	25ru.gratzeware.ru/7axa6RvO/#QTerry@gmail.com	ScriptElement	469 kB	2025-01-31	2025-01-31
Pretty URL 25ru.gratzeware.ru/7axa6RvO/#QTerry@gmail.com IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-01-31 10:38 Last Seen2025-01-31 10:38 Times Seen1 Hash 677f2d69c2ac51e4e16ade821a9f5ed4 bf057c5da06ef670bca57fbd62356d81b2079df4 0e47e10584b512fd2ebb47170e9e7ae5dc1bf15567f3bb083b902389db10a704 Loading...

	challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback	ScriptElement	48 kB	2025-01-30	2025-02-04
Pretty URL challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback IP 104.18.95.41 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-30 15:28 Last Seen2025-02-04 20:02 Times Seen2583 Hash ec49b36b4df75f725a1bbabe33c02200 3a8e012c4afbfdd60dc5fb7787bec1019c2e7693 acc0f6a3825a97a4cd1b5b959e258a01ef4f21c2c55124f9bab349e0f83e3b7a Loading...

	unknown	ScriptElement	150 kB	2025-01-31	2025-01-31
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-31 10:38 Last Seen2025-01-31 10:38 Times Seen1 Hash c09bf372b6a3d1a298ec94e69f3d7169 13234d38f9700aec87704914ad2aadd1d8748c8f 9893ea85cbb6bd15c34c886628d128131577573ecb764a1ef5766a0bcb59305b Loading...

		Size	First Seen	Last Seen
	#1 Eval - 9f8b3572ad688e970c60b80d3d3a8edd	6.4 kB	2025-01-31 10:38	2025-01-31 10:38
Pretty Observations First Seen2025-01-31 10:38 Last Seen2025-01-31 10:38 Times Seen1 Hash 9f8b3572ad688e970c60b80d3d3a8edd 8e3805ede008aafb986ad419c25763af7d4c2821 b7535cd85af7733b2c91743cd54d4ccaedc236636a5eb929ed662794e10cdf86 Loading...

		Size	First Seen	Last Seen
	#1 Write - a101dc1959633c1dd3fd3f3eccc0353c	128 kB	2025-01-31 10:38	2025-01-31 10:38
Pretty Observations First Seen2025-01-31 10:38 Last Seen2025-01-31 10:38 Times Seen1 Hash a101dc1959633c1dd3fd3f3eccc0353c 50daa9b56bd03a14b9c55ce9dd52e878501f48d8 5bc2583dd85f369e3abce069b2ec0de363a244bd35748e8e06ad514ac27d7b1b Loading...

HTTP Transactions (14)

URL IP Response Size

wealthsciences.com.au/privacy/txscan.html

192.185.96.105

200 OK

4.0 kB

URL
wealthsciences.com.au/privacy/txscan.html
IP
192.185.96.105:0
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

File type
HTML document, ASCII text, with very long lines (1362), with CRLF line terminators
Size
4.0 kB (4020 bytes)
Hash
acfed247d601c2e8bd3192d54ac079c4
5c670e0f57902305a622d0ec6a41bbe55c5cd6db
15c2df7419c01d92532aa4aaf6f9e270a516cc7a364bbbdd71a2539a93a2f1cb

HTTP Headers

GET /privacy/txscan.html HTTP/1.1
Host: wealthsciences.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Fri, 31 Jan 2025 09:32:27 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4020
content-type: text/html
date: Fri, 31 Jan 2025 10:37:57 GMT
server: Apache
X-Firefox-Spdy: h2

images.ctfassets.net/3fcisxc3a6xz/docusign_logo_black_text_on_white_0.png/90872cd475f92acafc7c490c93976e40/ds-logo-on-white.png

54.240.174.51

200 OK

12 kB

URL
images.ctfassets.net/3fcisxc3a6xz/docusign_logo_black_text_on_white_0.png/90872cd475f92acafc7c490c93976e40/ds-logo-on-white.png
IP
54.240.174.51:0
ASN
#16509 AMAZON-02

File type
PNG image data, 1107 x 391, 8-bit/color RGBA, non-interlaced
Size
12 kB (11460 bytes)
Hash
a74f925f8c71704166ffa3433e9b96d5
e621c220c2f75d184dd3202ce6df1e586bdc3aa5
326b79b9d1123740137a2eadd44ed4db857d8a7928f095a385fa1593526471bf

HTTP Headers

GET /3fcisxc3a6xz/docusign_logo_black_text_on_white_0.png/90872cd475f92acafc7c490c93976e40/ds-logo-on-white.png HTTP/1.1
Host: images.ctfassets.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wealthsciences.com.au/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/png
content-length: 11460
last-modified: Mon, 10 Jun 2024 21:10:48 GMT
server: Contentful Images API
access-control-allow-origin: *
date: Fri, 31 Jan 2025 09:38:19 GMT
cache-control: max-age=31536000
etag: "a74f925f8c71704166ffa3433e9b96d5"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: uYkgGWQEiyQ9caD4s15_RVY07bDnStCzBJ-SSyh9dbMZr26-x3hVsw==
age: 12747
X-Firefox-Spdy: h2

cdn-icons-png.flaticon.com/512/847/847969.png

23.36.76.201

200 OK

18 kB

URL
cdn-icons-png.flaticon.com/512/847/847969.png
IP
23.36.76.201:0
ASN
#20940 Akamai International B.V.

File type
PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
Size
18 kB (17531 bytes)
Hash
5405d77c51fb46a0cbf26cb96fe4da4d
32454dfa1af07952738c877992eff9d975c36b94
a0f8ce7a5d5970e38741bae9bab7008ce3667987b8f0cf07a902dd9a25f9d0cb

HTTP Headers

GET /512/847/847969.png HTTP/1.1
Host: cdn-icons-png.flaticon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wealthsciences.com.au/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 14 Oct 2021 22:11:26 GMT
etag: "5405d77c51fb46a0cbf26cb96fe4da4d"
x-goog-generation: 1634249486697380
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 17531
x-amz-meta-goog-reserved-file-mtime: 1525850581
x-amz-meta-x-goog-reserved-source-generation: 1627252422068116
content-type: image/png
x-amz-checksum-crc32c: B8eOgw==
accept-ranges: bytes
content-length: 17531
expires: Fri, 31 Jan 2025 10:37:58 GMT
date: Fri, 31 Jan 2025 10:37:58 GMT
vary: Accept-Encoding
access-control-allow-origin: *
pragma: public
cache-control: public, max-age=31536000
x-default-rule: YES
X-Firefox-Spdy: h2

i.pinimg.com/736x/d1/3e/64/d13e649549d58b162cf918118d9ed562.jpg

151.101.64.84

200 OK

123 kB

URL
i.pinimg.com/736x/d1/3e/64/d13e649549d58b162cf918118d9ed562.jpg
IP
151.101.64.84:0
ASN
#54113 FASTLY

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, progressive, precision 8, 736x952, components 3
Size
123 kB (122606 bytes)
Hash
ef69419ac82f56c51b3b39522de73409
182cb9b22144612eba18a794299406664b12b079
ccc0c3de24aab14c53555020b0d9c2e352e2b4bd5ce14d6f0120e00390e0ec64

HTTP Headers

GET /736x/d1/3e/64/d13e649549d58b162cf918118d9ed562.jpg HTTP/1.1
Host: i.pinimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wealthsciences.com.au/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
etag: "ef69419ac82f56c51b3b39522de73409"
content-type: image/jpeg
cache-control: max-age=31536000, immutable
accept-ranges: bytes
vary: Origin
x-cdn: fastly
alt-svc: h3=":443";ma=604800
date: Fri, 31 Jan 2025 10:37:58 GMT
content-length: 122606
X-Firefox-Spdy: h2

meta-q.cdn.bubble.io/f1718227932057x822365466237625200/DOCU-60cafc67.png

104.17.124.183

200 OK

23 kB

URL
meta-q.cdn.bubble.io/f1718227932057x822365466237625200/DOCU-60cafc67.png
IP
104.17.124.183:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 1547 x 1549, 8-bit/color RGBA, non-interlaced
Size
23 kB (22658 bytes)
Hash
46806c0a76d512c9f288cfc281014a25
415f8375fcd54b42ce1eaf595246176129a10623
6e94e824fa297ec921f1c19ac18d1fc91a51699af955925b4514a40b6ccf2599

HTTP Headers

GET /f1718227932057x822365466237625200/DOCU-60cafc67.png HTTP/1.1
Host: meta-q.cdn.bubble.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wealthsciences.com.au/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 31 Jan 2025 10:37:58 GMT
content-type: image/png
content-length: 22658
cf-bgj: imgq:100,h2pri
cf-polished: origSize=33006
last-modified: Wed, 12 Jun 2024 21:32:13 GMT
cache-control: public,max-age=86400
etag: "282ba85a1c65bfadc21a004e2a4a9ad5"
x-amz-id-2: ceXUydcp6EAs/OZblvKkETJpNdWi0JeGYg9lQidHUJLcNiC1OGrUQzjPkrOaNNvxFsuqsOXZTSU=
x-amz-meta-app-version: live
x-amz-meta-appname: meta
x-amz-request-id: PYXAYR22FQQDKA78
x-amz-server-side-encryption: AES256
x-amz-version-id: VJwr9ehspq7Y4Hruul9084tFCPC0kb1W
cf-cache-status: HIT
age: 50199
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 90a911c839c556cc-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

104.17.25.14

200 OK

14 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://25ru.gratzeware.ru/7axa6RvO/#QTerry@gmail.com
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint00:0E:39:59:53:CF:68:07:90:75:EB:68:26:B9:04:22:44:7D:9A:32
ValidityFri, 24 Jan 2025 09:16:22 GMT - Thu, 24 Apr 2025 10:16:21 GMT

File type
JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Size
14 kB (13972 bytes)
Hash
2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762

HTTP Headers

GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://25ru.gratzeware.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 31 Jan 2025 10:38:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 752794
expires: Wed, 21 Jan 2026 10:38:12 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UWPHYCbjxjU37iFrdKZGwdtByNSSNKQPSl91nQDy98ahQas1BRtU5RSoLZmd4AfyuXoS9gEPFch1dhYAhzSR5RcrKurd4HRPQdU7DKfyf8XCu66WOrypcLZzud%2BLejGs1V8rjm0x"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 90a912208961b4fd-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

25ru.gratzeware.ru/7axa6RvO/

172.67.159.137

200 OK

28 kB

URL
25ru.gratzeware.ru/7axa6RvO/
IP
172.67.159.137:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (65388)
Size
28 kB (28487 bytes)
Hash
8f14dcdc453c6164d4044c37795fdc2d
7b31d7aa7baf7f375555c79678680af132957cca
a16e65898b329be623bd7bb8e769cb125df79bdfbde1415d4d2b271f6634fa3d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /7axa6RvO/ HTTP/1.1
Host: 25ru.gratzeware.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wealthsciences.com.au/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 31 Jan 2025 10:38:12 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r77apN0T7MawBQ847jKxDxeLEXQcc%2BhgZQtkaOvyTjO7gf%2F8hJfeGGMoYkyvQd57UEnpKedOwz0vLJtQ%2Fh%2BJgIlwzjf%2Ba4qjWb4lba%2BXgAlc8N3NeMMChDvZBZwhsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6IjVnUWNDVlhyZ2RlbzdtMG1oY0xkSVE9PSIsInZhbHVlIjoiVzBwY3VIMHpSS1BSSjhtWVNvQUpZYXh3Y0xtMXM4NTBYYXNyMzRuZlFGemZickhJMzF3L3pHYTM5UDAyTk11UDdJVGU2WkEvOFUxMEZMajlOWG9pNFNOdzNweWhCTFZyc01wZ2RSNmxTYSs3OEJ1UG1RYURGa1R5M0dEQzEvYVciLCJtYWMiOiJlODEwOGJjNzFkNWZmZWYzNDQ0MmM3MDUzMDhiNDA1NWQ0ODcyMWU0NmU0MmIzMjRjZDM5YTcyODUxMjBiMjRhIiwidGFnIjoiIn0%3D; expires=Fri, 31-Jan-2025 12:38:11 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6Ilo3cVpBWFdtSmhTb01FcHgvcDJ1N3c9PSIsInZhbHVlIjoibXdub2VPMmNlM3V5L2grUmthTWVPbGQraStvbktGYzFVZXZuUE1ibVBpQnhnN1FxMWZCVnFUWVNoMlg4cTRSTmtDS2ttNmsxdVBaWkIxdzFMbGp3QnEwemlQNXNoNkFQZG1TQUVxYzlTVGpSOFE2ZXpaM3lvY0ZBZG0rR2lpRmciLCJtYWMiOiI0MjE1OTViNTMxM2ViYzEyNTQxM2Q3MjgwYWZhM2MxNWZjNGI2MWEzMzY3MjZmZDExYTRmODU0NWM1OGViYmU2IiwidGFnIjoiIn0%3D; expires=Fri, 31-Jan-2025 12:38:11 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
server: cloudflare
cf-ray: 90a912187a7eb51d-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=73054&min_rtt=73051&rtt_var=27401&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2823&recv_bytes=1461&delivery_rate=38970&cwnd=47&unsent_bytes=0&cid=20c2602bcc98f2ea&ts=329&x=0", cfL4;desc="?proto=TCP&rtt=5670&min_rtt=512&rtt_var=10148&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3279&recv_bytes=1303&delivery_rate=6016620&cwnd=254&unsent_bytes=0&cid=9c77c1e1b3f6c5d0&ts=911&x=0"
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.6.0.min.js

151.101.194.137

200 OK

31 kB

URL GET HTTP/2
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.194.137:443
ASN
#54113 FASTLY

Requested by
https://25ru.gratzeware.ru/7axa6RvO/#QTerry@gmail.com
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
31 kB (30875 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://25ru.gratzeware.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Fri, 31 Jan 2025 10:38:12 GMT
age: 3805230
x-served-by: cache-lga21931-LGA, cache-hel1410031-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 1251503
x-timer: S1738319893.580999,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

challenges.cloudflare.com/turnstile/v0/b/6682e961b853/api.js

104.18.95.41

200 OK

17 kB

URL GET HTTP/3
challenges.cloudflare.com/turnstile/v0/b/6682e961b853/api.js
IP
104.18.95.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://25ru.gratzeware.ru/7axa6RvO/#QTerry@gmail.com
Certificate
IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintEF:AE:47:10:51:72:52:24:8B:84:F7:18:BC:91:3D:8F:CC:64:29:8D
ValidityWed, 01 Jan 2025 16:48:17 GMT - Tue, 01 Apr 2025 17:48:13 GMT

File type
JavaScript source, ASCII text, with very long lines (48121)
Size
17 kB (17116 bytes)
Hash
ec49b36b4df75f725a1bbabe33c02200
3a8e012c4afbfdd60dc5fb7787bec1019c2e7693
acc0f6a3825a97a4cd1b5b959e258a01ef4f21c2c55124f9bab349e0f83e3b7a

HTTP Headers

GET /turnstile/v0/b/6682e961b853/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://25ru.gratzeware.ru/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 31 Jan 2025 10:38:12 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Thu, 30 Jan 2025 10:28:27 GMT
cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
priority: u=2,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 90a912211ab8b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback

104.18.95.41

302 Found

48 kB

URL GET HTTP/2
challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
IP
104.18.95.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://25ru.gratzeware.ru/7axa6RvO/#QTerry@gmail.com
Certificate
IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintEF:AE:47:10:51:72:52:24:8B:84:F7:18:BC:91:3D:8F:CC:64:29:8D
ValidityWed, 01 Jan 2025 16:48:17 GMT - Tue, 01 Apr 2025 17:48:13 GMT

File type

Size
48 kB (48122 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://25ru.gratzeware.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 31 Jan 2025 10:38:12 GMT
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public
cross-origin-resource-policy: cross-origin
location: /turnstile/v0/b/6682e961b853/api.js
vary: Accept-Encoding
server: cloudflare
cf-ray: 90a912208f620b51-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

qolgx.ntonteral.ru/qh1jfsi8

104.21.96.1

200 OK

1 B

URL GET HTTP/2
qolgx.ntonteral.ru/qh1jfsi8
IP
104.21.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://25ru.gratzeware.ru/7axa6RvO/#QTerry@gmail.com
Certificate
IssuerGoogle Trust Services
Subjectntonteral.ru
Fingerprint12:8D:E6:8A:B7:26:7A:7D:6A:18:D0:40:2D:9A:C2:36:44:90:FD:CD
ValidityThu, 16 Jan 2025 06:29:04 GMT - Wed, 16 Apr 2025 07:26:45 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
cfcd208495d565ef66e7dff9f98764da
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

HTTP Headers

GET /qh1jfsi8 HTTP/1.1
Host: qolgx.ntonteral.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://25ru.gratzeware.ru/
Origin: https://25ru.gratzeware.ru
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 31 Jan 2025 10:38:18 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
access-control-allow-origin: *
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 90a91244ddd4b4ed-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

developers.cloudflare.com/favicon.png

104.16.2.189

200 OK

937 B

URL GET HTTP/2
developers.cloudflare.com/favicon.png
IP
104.16.2.189:443
ASN
#13335 CLOUDFLARENET

Requested by
https://25ru.gratzeware.ru/7axa6RvO/#QTerry@gmail.com
Certificate
IssuerGoogle Trust Services
Subjectdevelopers.cloudflare.com
FingerprintE9:3A:C0:6A:2E:64:DE:1B:4E:08:08:AE:18:4B:FF:46:61:C4:C0:78
ValidityTue, 14 Jan 2025 19:23:19 GMT - Mon, 14 Apr 2025 20:23:12 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Size
937 B (937 bytes)
Hash
fc3b7bbe7970f47579127561139060e2
3f7c5783fe1f4404cb16304a5a274778ea3abd25
85e6223afdbd5badf2c79bcfbaa6fe686acaa781eca52c196647ffabb3be2ffe

HTTP Headers

GET /favicon.png HTTP/1.1
Host: developers.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://25ru.gratzeware.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 31 Jan 2025 10:38:12 GMT
content-type: image/png
content-length: 937
cache-control: public, max-age=0, must-revalidate
etag: "6be7ff94b6151f8cfbf08b53a17e2ac1"
set-cookie: __cf_bm=WPwHLLEvGtyzPKilZ_qUnZVG5Yburl3GA4jSMyHpZzY-1738319892-1.0.1.1-iTMNURyYlF0SD7d9DRMCvQ9CqPRdtuNm14ZryxHt.CwX.fGOY2rht0.DJMQmEkMYYbWcZsiqXadYzVPWwe_gRg; path=/; expires=Fri, 31-Jan-25 11:08:12 GMT; domain=.developers.cloudflare.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
access-control-allow-origin: *
server: cloudflare
cf-ray: 90a912221fae56ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

25ru.gratzeware.ru/7axa6RvO/

172.67.159.137

200 OK

469 kB

URL User Request GET HTTP/2
25ru.gratzeware.ru/7axa6RvO/
IP
172.67.159.137:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectgratzeware.ru
Fingerprint1F:C6:0A:0C:6D:8A:2A:D4:99:6A:0D:AA:D3:CD:6D:B8:42:E4:BB:F6
ValiditySun, 05 Jan 2025 20:29:26 GMT - Sat, 05 Apr 2025 21:21:48 GMT

File type
HTML document, ASCII text, with very long lines (65388)
Size
469 kB (468886 bytes)
Hash
8f14dcdc453c6164d4044c37795fdc2d
7b31d7aa7baf7f375555c79678680af132957cca
a16e65898b329be623bd7bb8e769cb125df79bdfbde1415d4d2b271f6634fa3d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /7axa6RvO/ HTTP/1.1
Host: 25ru.gratzeware.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wealthsciences.com.au/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 31 Jan 2025 10:38:12 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r77apN0T7MawBQ847jKxDxeLEXQcc%2BhgZQtkaOvyTjO7gf%2F8hJfeGGMoYkyvQd57UEnpKedOwz0vLJtQ%2Fh%2BJgIlwzjf%2Ba4qjWb4lba%2BXgAlc8N3NeMMChDvZBZwhsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6IjVnUWNDVlhyZ2RlbzdtMG1oY0xkSVE9PSIsInZhbHVlIjoiVzBwY3VIMHpSS1BSSjhtWVNvQUpZYXh3Y0xtMXM4NTBYYXNyMzRuZlFGemZickhJMzF3L3pHYTM5UDAyTk11UDdJVGU2WkEvOFUxMEZMajlOWG9pNFNOdzNweWhCTFZyc01wZ2RSNmxTYSs3OEJ1UG1RYURGa1R5M0dEQzEvYVciLCJtYWMiOiJlODEwOGJjNzFkNWZmZWYzNDQ0MmM3MDUzMDhiNDA1NWQ0ODcyMWU0NmU0MmIzMjRjZDM5YTcyODUxMjBiMjRhIiwidGFnIjoiIn0%3D; expires=Fri, 31-Jan-2025 12:38:11 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6Ilo3cVpBWFdtSmhTb01FcHgvcDJ1N3c9PSIsInZhbHVlIjoibXdub2VPMmNlM3V5L2grUmthTWVPbGQraStvbktGYzFVZXZuUE1ibVBpQnhnN1FxMWZCVnFUWVNoMlg4cTRSTmtDS2ttNmsxdVBaWkIxdzFMbGp3QnEwemlQNXNoNkFQZG1TQUVxYzlTVGpSOFE2ZXpaM3lvY0ZBZG0rR2lpRmciLCJtYWMiOiI0MjE1OTViNTMxM2ViYzEyNTQxM2Q3MjgwYWZhM2MxNWZjNGI2MWEzMzY3MjZmZDExYTRmODU0NWM1OGViYmU2IiwidGFnIjoiIn0%3D; expires=Fri, 31-Jan-2025 12:38:11 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
server: cloudflare
cf-ray: 90a912187a7eb51d-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=73054&min_rtt=73051&rtt_var=27401&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2823&recv_bytes=1461&delivery_rate=38970&cwnd=47&unsent_bytes=0&cid=20c2602bcc98f2ea&ts=329&x=0", cfL4;desc="?proto=TCP&rtt=5670&min_rtt=512&rtt_var=10148&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3279&recv_bytes=1303&delivery_rate=6016620&cwnd=254&unsent_bytes=0&cid=9c77c1e1b3f6c5d0&ts=911&x=0"
X-Firefox-Spdy: h2

25ru.gratzeware.ru/recfubR84gexl2lNhU5OQGlpJfjf

0.0.0.0

0 B

URL POST
25ru.gratzeware.ru/recfubR84gexl2lNhU5OQGlpJfjf
IP
0.0.0.0:0
ASN
#0

Requested by
https://25ru.gratzeware.ru/7axa6RvO/#QTerry@gmail.com

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /recfubR84gexl2lNhU5OQGlpJfjf HTTP/1.1
Host: 25ru.gratzeware.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://25ru.gratzeware.ru/7axa6RvO/
Content-Type: multipart/form-data; boundary=---------------------------3188483232234774743708815411
Content-Length: 939
Origin: https://25ru.gratzeware.ru
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IjVnUWNDVlhyZ2RlbzdtMG1oY0xkSVE9PSIsInZhbHVlIjoiVzBwY3VIMHpSS1BSSjhtWVNvQUpZYXh3Y0xtMXM4NTBYYXNyMzRuZlFGemZickhJMzF3L3pHYTM5UDAyTk11UDdJVGU2WkEvOFUxMEZMajlOWG9pNFNOdzNweWhCTFZyc01wZ2RSNmxTYSs3OEJ1UG1RYURGa1R5M0dEQzEvYVciLCJtYWMiOiJlODEwOGJjNzFkNWZmZWYzNDQ0MmM3MDUzMDhiNDA1NWQ0ODcyMWU0NmU0MmIzMjRjZDM5YTcyODUxMjBiMjRhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ilo3cVpBWFdtSmhTb01FcHgvcDJ1N3c9PSIsInZhbHVlIjoibXdub2VPMmNlM3V5L2grUmthTWVPbGQraStvbktGYzFVZXZuUE1ibVBpQnhnN1FxMWZCVnFUWVNoMlg4cTRSTmtDS2ttNmsxdVBaWkIxdzFMbGp3QnEwemlQNXNoNkFQZG1TQUVxYzlTVGpSOFE2ZXpaM3lvY0ZBZG0rR2lpRmciLCJtYWMiOiI0MjE1OTViNTMxM2ViYzEyNTQxM2Q3MjgwYWZhM2MxNWZjNGI2MWEzMzY3MjZmZDExYTRmODU0NWM1OGViYmU2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (8)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (14)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash