Report - pta-palangkaraya.go.id/email/verification/sf_rand_string

Report Overview

Submitted URL
pta-palangkaraya.go.id/email/verification/sf_rand_string_lowercase6/c3BpbmVAY3JzZC5vcmc=
IP
103.139.175.15
ASN
#0
Submitted
2023-05-30 12:56:56
Access
public
Website Title
Final URL
Tags
phishing microsoft outlook
urlquery detections
Phishing - Microsoft Outlook

Detections

urlquery
3
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
pta-palangkaraya.go.id	unknown	2013-03-06	2015-03-15	2023-05-30	544 B	420 B	103.139.175.15
bebgwrcinz6447038be816b.thejaq.ru	unknown	2023-05-08	2023-05-22	2023-05-29	3.8 kB	193 kB	188.114.96.1
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20	2023-05-29	4.5 kB	336 kB	104.18.6.185

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (12)

	URL	Size	First Seen	Last Seen
	unknown	26 B	2023-04-11	2024-04-18
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:13:06 Last Seen2024-04-18 15:00:42 Times Seen115730 Hash 1c862db5f2555377c2dc1e62ed7b3981 c29e6dc25c08a70995127ec13ded6f80d9a36174 27d373a6961f797edf69a80f7f24877ef85c2fc4f9f770b2540b1bf5e66823ac Loading...

	challenges.cloudflare.com/turnstile/v0/b/938e2b5c/api.js?onload=_cf_chl_turnstile_l&render=explicit	16 kB	2023-05-23	2023-06-01
Pretty URL challenges.cloudflare.com/turnstile/v0/b/938e2b5c/api.js?onload=_cf_chl_turnstile_l&render=explicit IP 104.18.6.185 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-23 23:18:23 Last Seen2023-06-01 19:08:00 Times Seen1459 Hash 2a1262ba5cd32899831d483322a28dd7 3805876db8773ed5820043e1f39b0b6c049f61b2 2e1e45b1d429b2d703676139932fe97b7ffc7986e6d0221653a7404e4c3032f0 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/840ss/0x4AAAAAAADnPIDROrmt1Wwj/light/normal	2.1 kB	2023-05-30	2023-05-30
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/840ss/0x4AAAAAAADnPIDROrmt1Wwj/light/normal IP 104.18.6.185 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-30 14:56:56 Last Seen2023-05-30 14:56:56 Times Seen1 Hash f6c1e757aae6120a05f6fb0ac6713eeb e24b176b89da197c64b840ec5ec5fe6d5368f704 dd568363f79a17a3c7901b0cb8d03b649a4ef344173ce744ce88dcdadfc2a464 Loading...

	unknown	626 B	2023-04-19	2023-09-04
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-19 17:10:16 Last Seen2023-09-04 14:53:39 Times Seen4089 Hash 965d195078b6e2b66051d3ab5418dd70 e4589c5ee84bedf04d0ae10b25e4927ddfc7e6d0 99cf2ba13c494c699abf3062b1422e3e7b4fd1342e642d8a249afd52fa682b18 Loading...

	bebgwrcinz6447038be816b.thejaq.ru/Mspine@crsd.org	0 B	2023-03-07	2024-04-18
Pretty URL bebgwrcinz6447038be816b.thejaq.ru/Mspine@crsd.org IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-18 15:27:25 Times Seen36944668 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	bebgwrcinz6447038be816b.thejaq.ru/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7cf723703b470b39	155 kB	2023-05-30	2023-05-30
Pretty URL bebgwrcinz6447038be816b.thejaq.ru/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7cf723703b470b39 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-30 14:56:56 Last Seen2023-05-30 14:56:56 Times Seen2 Hash 1050c55efeb0d1072e32d148182232c9 acbf7f75df8bb78cb7e5bca2e3fa13348a0f8e37 3847cbca9364eca51cd0aa57b20c0b5676359ea352136a5de0a336d3c91c9330 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=7cf7237368c5fab8	162 kB	2023-05-30	2023-05-30
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=7cf7237368c5fab8 IP 104.18.6.185 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-30 14:56:56 Last Seen2023-05-30 14:56:57 Times Seen2 Hash 4b285b219d4fd12d8c43df56f31109d4 a78d58ea481b9754a664b0667a0e83635c1b98b8 e7d9e897099e5c74eaed1dfbc20f98c53ce9d49d029f92ec1ffbfe483f174774 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 9e925e9341b490bfd3b4c4ca3b0c1ef2	4 B	2023-03-07	2024-04-18
Pretty Observations First Seen2023-03-07 01:03:43 Last Seen2024-04-18 15:21:33 Times Seen347525 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	#2 Eval - c0f4cae155686e2327f7c94f885ef098	2.2 kB	2023-05-30	2023-05-30
Pretty Observations First Seen2023-05-30 14:24:07 Last Seen2023-05-30 14:56:56 Times Seen2 Hash c0f4cae155686e2327f7c94f885ef098 5f5c11809ebe28253195290c22b353578acfdf58 d6af6907a32baec15d528708f54fa49469b12307b4c0bf7ea5ec69f05207b6e4 Loading...

	#3 Eval - 30eb418b0299ea1f1a667ff39b4169c9	539 B	2023-05-30	2023-05-30
Pretty Observations First Seen2023-05-30 14:56:56 Last Seen2023-05-30 14:56:56 Times Seen1 Hash 30eb418b0299ea1f1a667ff39b4169c9 54d85b9f7747b74dfd967f85e687b371c2a03e35 f4fd3a9939f11859cad4e22b2e6f958179e3a555e2eb79c6e7cab974ac1f776d Loading...

	#4 Eval - 57358048a30a3fd30203eacc658f5e5f	1.1 kB	2023-05-30	2023-05-30
Pretty Observations First Seen2023-05-30 14:56:56 Last Seen2023-05-30 14:56:56 Times Seen1 Hash 57358048a30a3fd30203eacc658f5e5f 58148e5e5d9d67e36da30b2651a21035178642cc 78a539d55c35ea6faf7497c423a35374a4a8dd4cfcdc7dbfd43416199a002cd9 Loading...

		Size	First Seen	Last Seen
	#1 Write - 467d82ac802ebf5b672ecdb8e02505e6	3.6 kB	2023-03-07	2023-07-11
Pretty Observations First Seen2023-03-07 01:02:24 Last Seen2023-07-11 15:29:01 Times Seen16478 Hash 467d82ac802ebf5b672ecdb8e02505e6 b3df725dd3285fd4618d65c08e83b8f08c8e4798 36d48aeb87174dbf8b0ea333d2042d9e198797bd33c3f849597981eacd619515 Loading...

HTTP Transactions (15)

URL IP Response Size

pta-palangkaraya.go.id/email/verification/sf_rand_string_lowercase6/c3BpbmVAY3JzZC5vcmc=

103.139.175.15

200 OK

0 B

URL User Request GET HTTP/2
pta-palangkaraya.go.id/email/verification/sf_rand_string_lowercase6/c3BpbmVAY3JzZC5vcmc=
IP
103.139.175.15:443
ASN
#0

Certificate
IssuerLet's Encrypt
Subjectwebmail.pta-palangkaraya.go.id
FingerprintCC:F5:D4:2C:28:99:B5:E7:07:95:CD:15:D0:4D:F8:7C:D3:96:1F:F8
ValidityWed, 24 May 2023 01:43:10 GMT - Tue, 22 Aug 2023 01:43:09 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /email/verification/sf_rand_string_lowercase6/c3BpbmVAY3JzZC5vcmc= HTTP/1.1
Host: pta-palangkaraya.go.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
refresh: 0;url=https://bebgwrcinz6447038be816b.thejaq.ru/Mspine@crsd.org
content-type: text/html; charset=UTF-8
content-length: 0
date: Tue, 30 May 2023 12:56:36 GMT
server: LiteSpeed
vary: User-Agent
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

bebgwrcinz6447038be816b.thejaq.ru/cdn-cgi/styles/challenges.css

188.114.96.1

200 OK

2.7 kB

URL GET HTTP/3
bebgwrcinz6447038be816b.thejaq.ru/cdn-cgi/styles/challenges.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bebgwrcinz6447038be816b.thejaq.ru/Mspine@crsd.org
Certificate
IssuerGoogle Trust Services LLC
Subjectthejaq.ru
Fingerprint4A:94:88:8A:22:C0:C5:97:8A:8A:92:81:44:7D:28:E5:8D:03:7E:5D
ValidityThu, 18 May 2023 08:29:58 GMT - Wed, 16 Aug 2023 08:29:57 GMT

File type
gzip compressed data, from Unix\012- data
Size
2.7 kB (2666 bytes)
Hash
9816e313faf220ea079ca8d18a8adcbd
e6e12142b69fa0de2595aaf68d6fa46dca8c98b4
a24a05de7d3fe5e71f73eb37ce9f566d60b6398226e7dbc13b917bbc25fa0ba9

HTTP Headers

GET /cdn-cgi/styles/challenges.css HTTP/1.1
Host: bebgwrcinz6447038be816b.thejaq.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bebgwrcinz6447038be816b.thejaq.ru/Mspine@crsd.org
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 30 May 2023 12:56:39 GMT
content-type: text/css
last-modified: Thu, 25 May 2023 08:39:03 GMT
etag: W/"646f1ea7-19c8"
server: cloudflare
cf-ray: 7cf7237199f5b500-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Tue, 30 May 2023 14:56:39 GMT
cache-control: max-age=7200, public
content-encoding: gzip

challenges.cloudflare.com/turnstile/v0/b/938e2b5c/api.js?onload=_cf_chl_turnstile_l&render=explicit

104.18.6.185

200 OK

16 kB

URL GET HTTP/2
challenges.cloudflare.com/turnstile/v0/b/938e2b5c/api.js?onload=_cf_chl_turnstile_l&render=explicit
IP
104.18.6.185:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bebgwrcinz6447038be816b.thejaq.ru/Mspine@crsd.org
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT

File type
ASCII text, with very long lines (15748)
Size
16 kB (15749 bytes)
Hash
2a1262ba5cd32899831d483322a28dd7
3805876db8773ed5820043e1f39b0b6c049f61b2
2e1e45b1d429b2d703676139932fe97b7ffc7986e6d0221653a7404e4c3032f0

HTTP Headers

GET /turnstile/v0/b/938e2b5c/api.js?onload=_cf_chl_turnstile_l&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bebgwrcinz6447038be816b.thejaq.ru
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 30 May 2023 12:56:40 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cf72372883bb51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

bebgwrcinz6447038be816b.thejaq.ru/cdn-cgi/challenge-platform/h/b/flow/ov1/803010435:1685448469:N7DCL8DXpecU3L2oXYApGknRhydXGNQTqlgc_pF3Pho/7cf723703b470b39/c51e9cf514c38e2

188.114.96.1

200 OK

7.4 kB

URL POST HTTP/3
bebgwrcinz6447038be816b.thejaq.ru/cdn-cgi/challenge-platform/h/b/flow/ov1/803010435:1685448469:N7DCL8DXpecU3L2oXYApGknRhydXGNQTqlgc_pF3Pho/7cf723703b470b39/c51e9cf514c38e2
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bebgwrcinz6447038be816b.thejaq.ru/Mspine@crsd.org
Certificate
IssuerGoogle Trust Services LLC
Subjectthejaq.ru
Fingerprint4A:94:88:8A:22:C0:C5:97:8A:8A:92:81:44:7D:28:E5:8D:03:7E:5D
ValidityThu, 18 May 2023 08:29:58 GMT - Wed, 16 Aug 2023 08:29:57 GMT

File type
ASCII text, with very long lines (7400), with no line terminators
Size
7.4 kB (7400 bytes)
Hash
f4662dd876f0bb811bbbbaf38f30b12e
b980cf59018bca207e8b6090dc754b3e3e640215
51c766468af9e56f7bd3a17c4bdab9617d07d4f2b7f6501af4aa6a634c5459f5

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/803010435:1685448469:N7DCL8DXpecU3L2oXYApGknRhydXGNQTqlgc_pF3Pho/7cf723703b470b39/c51e9cf514c38e2 HTTP/1.1
Host: bebgwrcinz6447038be816b.thejaq.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bebgwrcinz6447038be816b.thejaq.ru/Mspine@crsd.org
Content-type: application/x-www-form-urlencoded
CF-Challenge: c51e9cf514c38e2
Content-Length: 1818
Origin: https://bebgwrcinz6447038be816b.thejaq.ru
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 30 May 2023 12:56:40 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: 5kwMc0ziTmc8qGXu6YgUXsSKsh2yD488ViaKpaoB7ol1mKVqR8sYO3i+Qg+BEpjX$DFi3o2ABZlzlHJJFsrZUsQ==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bVAEpwx19yExGI3h5v66PHrYIhBAdcoU0x0Zp6td%2BYSSvpmBBHgTQDnVdbqZfcoCFves6W5v6dSB7wcEeZq%2Bbp%2BCN9PdukaCIp33Ug%2Bw3wK2Z2mXo42mcvKpsmJSxReOMTMYZJdCy79Zyuw2lX5%2FWK43B%2F0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cf723731bbeb500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/img/7cf7237368c5fab8/1685451400598/TsJpa29LU4tIZEi

104.18.6.185

200 OK

61 B

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/img/7cf7237368c5fab8/1685451400598/TsJpa29LU4tIZEi
IP
104.18.6.185:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/840ss/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT

File type
PNG image data, 46 x 45, 8-bit/color RGB, non-interlaced\012- data
Size
61 B (61 bytes)
Hash
b7b89375437bab325a12df7aa96fc237
e4b497c043e2d732c40d405139d80b9bdf09589d
d57687deb7fd7164360348a6f1581b4eac2526e309be3572f3f2e5b14c8348b4

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/img/7cf7237368c5fab8/1685451400598/TsJpa29LU4tIZEi HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/840ss/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 30 May 2023 12:56:41 GMT
content-type: image/png
server: cloudflare
cf-ray: 7cf7237ccaa8fab8-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/113171649:1685448566:AWodPxm3hr0RuqVC2sQG6SndOxUjrYZ7u1UaNPEXlxI/7cf7237368c5fab8/c67bf9ff86c5dd8

104.18.6.185

200 OK

13 kB

URL POST HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/113171649:1685448566:AWodPxm3hr0RuqVC2sQG6SndOxUjrYZ7u1UaNPEXlxI/7cf7237368c5fab8/c67bf9ff86c5dd8
IP
104.18.6.185:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/840ss/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT

File type
ASCII text, with very long lines (13264), with no line terminators
Size
13 kB (13264 bytes)
Hash
5e0e776cc7f545b6cc46a334d3f4d84d
fc57fb99a9c2d5e930e25ac36c00dc7fe4c3ba08
0d103452c6a0682c568f758cf14027a4c31762533e99d13f47dd303777aa6f54

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/113171649:1685448566:AWodPxm3hr0RuqVC2sQG6SndOxUjrYZ7u1UaNPEXlxI/7cf7237368c5fab8/c67bf9ff86c5dd8 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/840ss/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: c67bf9ff86c5dd8
Content-Length: 19158
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 30 May 2023 12:56:41 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: U+7QdzdAN9VZwVg2EqwyHWI+06UCvF/BX7kSI9pz9BhuMCYbeAtUXM+i7eeEe55R$PZjtdCEukGCzwDqPuzc+cw==
server: cloudflare
cf-ray: 7cf7237d9b62fab8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bebgwrcinz6447038be816b.thejaq.ru/favicon.ico

188.114.96.1

403 Forbidden

7.0 kB

URL GET HTTP/3
bebgwrcinz6447038be816b.thejaq.ru/favicon.ico
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bebgwrcinz6447038be816b.thejaq.ru/Mspine@crsd.org
Certificate
IssuerGoogle Trust Services LLC
Subjectthejaq.ru
Fingerprint4A:94:88:8A:22:C0:C5:97:8A:8A:92:81:44:7D:28:E5:8D:03:7E:5D
ValidityThu, 18 May 2023 08:29:58 GMT - Wed, 16 Aug 2023 08:29:57 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7199), with no line terminators
Size
7.0 kB (7047 bytes)
Hash
58d36e0010b91b74b38806d872a3ddc5
ff5ed0f0c8112622e050e978a1515088072723cf
3277f5359441b67e2c67a2d548d227aa8ec77f80b62b65508988ff41ebac156d

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: bebgwrcinz6447038be816b.thejaq.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bebgwrcinz6447038be816b.thejaq.ru/Mspine@crsd.org
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 403 Forbidden
date: Tue, 30 May 2023 12:56:40 GMT
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wUw7dZvahqh%2BNgNPp6QnI76sdRN96cQ84xBhJVDdwLS3zkBOm%2F8nx7%2BQNB%2BRjWr8im%2FCA21y5Q%2BngfyqO84lMQQngco%2Fm9NjWCj4zuz3dJ224UZ7xBt71JUkKUjnh82I%2FRHzlqaNoylTi%2BxikH4ayX3nLlQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cf723720a7ab500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bebgwrcinz6447038be816b.thejaq.ru/favicon.ico

188.114.96.1

403 Forbidden

7.0 kB

URL GET HTTP/3
bebgwrcinz6447038be816b.thejaq.ru/favicon.ico
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bebgwrcinz6447038be816b.thejaq.ru/Mspine@crsd.org
Certificate
IssuerGoogle Trust Services LLC
Subjectthejaq.ru
Fingerprint4A:94:88:8A:22:C0:C5:97:8A:8A:92:81:44:7D:28:E5:8D:03:7E:5D
ValidityThu, 18 May 2023 08:29:58 GMT - Wed, 16 Aug 2023 08:29:57 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7199), with no line terminators
Size
7.0 kB (7047 bytes)
Hash
4c37a6bac9c333abb7d215e6f8b08ef9
f4601137723edfdb68d51469be11c0e34433d48d
9cbbc961833a7e93f143a3cc3f7ae7517e10b60433c29ff963bac568db83b490

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: bebgwrcinz6447038be816b.thejaq.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bebgwrcinz6447038be816b.thejaq.ru/Mspine@crsd.org
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 403 Forbidden
date: Tue, 30 May 2023 12:56:40 GMT
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LiH7yUZOv2v5xN%2FMcWgzdiYV%2F5tnjSClHXGErGC%2Bg0eqrC%2FWlb67iR30V%2BJLBmaVtvD4g%2BdUplaDDy6Z3%2Bj7033exCZDQUHuXHtmDc%2BJVaGVSYrigJa81uzmC4LZDmJcskRXiaydDLiLYlsCbfmKB8B7Cns%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cf723726ae0b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/840ss/0x4AAAAAAADnPIDROrmt1Wwj/light/normal

104.18.6.185

200 OK

24 kB

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/840ss/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
IP
104.18.6.185:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bebgwrcinz6447038be816b.thejaq.ru/Mspine@crsd.org
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (10899)
Size
24 kB (24085 bytes)
Hash
82bfa27aa1af0db9fa237ef7375dc8f8
f4eecb0bef79f09ac5145a0fe8be6deb88664c85
3a67d4a52679ce8e6956585ec7edaab422a3aa7874dc9627f3a517dbcab0a52f

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/840ss/0x4AAAAAAADnPIDROrmt1Wwj/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 30 May 2023 12:56:40 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=0, must-revalidate
content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self'
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
document-policy: js-profiling
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare
cf-ray: 7cf7237368c5fab8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/7cf7237368c5fab8/1685451400594/3ee3538735b6fd65b10f3260fc4e807fc098d774f5967fc7753f983f4cab5c42/lteLcxlThKZSKqB

104.18.6.185

401 Unauthorized

1 B

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/7cf7237368c5fab8/1685451400594/3ee3538735b6fd65b10f3260fc4e807fc098d774f5967fc7753f983f4cab5c42/lteLcxlThKZSKqB
IP
104.18.6.185:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/840ss/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
ff44570aca8241914870afbc310cdb85
58668e7669fd564d99db5d581fcdb6a5618440b5
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/pat/7cf7237368c5fab8/1685451400594/3ee3538735b6fd65b10f3260fc4e807fc098d774f5967fc7753f983f4cab5c42/lteLcxlThKZSKqB HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/840ss/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 401 Unauthorized
date: Tue, 30 May 2023 12:56:41 GMT
content-type: text/plain; charset=UTF-8
www-authenticate: PrivateToken challenge=AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gPuNThzW2_WWxDzJg_E6Af8CY13T1ln_HdT-YP0yrXEIAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=, token-key=MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEArTdvs2-VOeG1gRYSu6le9W8rphJ9hC05duH2SoyJxZcID7eB4pDegSJtNqv3OQbpK4Q95bHTqsH89BCAXLJI-Vt7ySrpRthX6rEPu-Vj7WesutfG-4HKj1HyDTGqAY6a7ewvPAO1MgMa2r1_gzOPEXZzJhEKT6UdIT2kff2r_Ykjw0jlNmXk5cDvIskrZ85GVfUW-rn9g1PLXw9OFhNDD6DD2EiFfNdypws_NYvMuOAHcmAxJlEJcf3CR8kfcZax5XW2G8thhT80V0huiKzfxYVtQL5b4HVbTcNvo9O7UCIklef8agJz95n7nyDUn68MLaxbYGJ0kAASzeN5eEb55QIDAQAB, max-age=20
server: cloudflare
cf-ray: 7cf723795f5bfab8-OSL
alt-svc: h3=":443"; ma=86400

bebgwrcinz6447038be816b.thejaq.ru/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7cf723703b470b39

188.114.96.1

200 OK

155 kB

URL GET HTTP/3
bebgwrcinz6447038be816b.thejaq.ru/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7cf723703b470b39
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bebgwrcinz6447038be816b.thejaq.ru/Mspine@crsd.org
Certificate
IssuerGoogle Trust Services LLC
Subjectthejaq.ru
Fingerprint4A:94:88:8A:22:C0:C5:97:8A:8A:92:81:44:7D:28:E5:8D:03:7E:5D
ValidityThu, 18 May 2023 08:29:58 GMT - Wed, 16 Aug 2023 08:29:57 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
155 kB (155392 bytes)
Hash
1050c55efeb0d1072e32d148182232c9
acbf7f75df8bb78cb7e5bca2e3fa13348a0f8e37
3847cbca9364eca51cd0aa57b20c0b5676359ea352136a5de0a336d3c91c9330

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7cf723703b470b39 HTTP/1.1
Host: bebgwrcinz6447038be816b.thejaq.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bebgwrcinz6447038be816b.thejaq.ru/Mspine@crsd.org?__cf_chl_rt_tk=E3TUif.pAk4pPoKnYB0zQYMVT6aaHAAqtKiUXfnMrig-1685451399-0-gaNycGzNDWU
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 30 May 2023 12:56:39 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, must-revalidate
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k6PFGnHF6PT%2F1wYkOo7d9ylv3QCYi8W4E88LNirC7hk3%2BAvVJ%2BM8v%2B4Ha%2BWtnS2F3tKCSTqrsxrXEkZtPVgcaKePkR2JrOBOyq44i4DYzhijgQZHH02Ishb0IZhGTnIDkVgpwoRE23HpGbRO9sd%2FSyPN9DE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cf72371da30b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bebgwrcinz6447038be816b.thejaq.ru/Mspine@crsd.org

188.114.96.1

403 Forbidden

8.1 kB

URL User Request GET HTTP/2
bebgwrcinz6447038be816b.thejaq.ru/Mspine@crsd.org
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectthejaq.ru
Fingerprint4A:94:88:8A:22:C0:C5:97:8A:8A:92:81:44:7D:28:E5:8D:03:7E:5D
ValidityThu, 18 May 2023 08:29:58 GMT - Wed, 16 Aug 2023 08:29:57 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (8217), with no line terminators
Size
8.1 kB (8065 bytes)
Hash
a5d674c1edfa7f80eefda0b3ca98d36f
12dd312d3d19121a3e0d845e206436eac285c489
d6999e0adf4b823334f80eff8a0cd47252782cfeae584abb3901691719aa4576

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /Mspine@crsd.org HTTP/1.1
Host: bebgwrcinz6447038be816b.thejaq.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Tue, 30 May 2023 12:56:39 GMT
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pNKj4wzHbRz98hSC4YhFXLQoMhkOgftPmnAkcsNimNBY%2F06Lw0zb692qeAHEoO3iqLvPm1ZBf1CYzdWif5Z9LOFOyUf40pjpR%2BaMSHXFx53aaXvEOPX2Axi9ZKQfvuPnsfsYbwPE1f%2B403nUZyPNLHFCE%2F8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cf723703b470b39-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=7cf7237368c5fab8

104.18.6.185

200 OK

162 kB

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=7cf7237368c5fab8
IP
104.18.6.185:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/840ss/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
162 kB (162457 bytes)
Hash
4b285b219d4fd12d8c43df56f31109d4
a78d58ea481b9754a664b0667a0e83635c1b98b8
e7d9e897099e5c74eaed1dfbc20f98c53ce9d49d029f92ec1ffbfe483f174774

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=7cf7237368c5fab8 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/840ss/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 30 May 2023 12:56:40 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, must-revalidate
server: cloudflare
cf-ray: 7cf72374297efab8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/113171649:1685448566:AWodPxm3hr0RuqVC2sQG6SndOxUjrYZ7u1UaNPEXlxI/7cf7237368c5fab8/c67bf9ff86c5dd8

104.18.6.185

200 OK

117 kB

URL POST HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/113171649:1685448566:AWodPxm3hr0RuqVC2sQG6SndOxUjrYZ7u1UaNPEXlxI/7cf7237368c5fab8/c67bf9ff86c5dd8
IP
104.18.6.185:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/840ss/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
117 kB (116908 bytes)
Hash
acc3f1bda806105f040ab9b9fa7ce0c1
893717ca5074aa2c25fa2aa81f450cba1521f9bb
017c4a0192f00220190a95a87c770056593df9002d53f27b006fdb1e3d688d8a

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/113171649:1685448566:AWodPxm3hr0RuqVC2sQG6SndOxUjrYZ7u1UaNPEXlxI/7cf7237368c5fab8/c67bf9ff86c5dd8 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/840ss/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: c67bf9ff86c5dd8
Content-Length: 2774
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 30 May 2023 12:56:40 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: QKlFZtC4kiwNBOEjQewlVMTZe4isBoyYNJS0LX62+M/cwEuvKLi0rajuP2snnzw/t4BlatzHLWDrmrWPChkBN/bc3nFXDLCMmvU/8wLJAPwVIOY3SGpCPpXmVPBVTl3JL2VelPIYn9HwhF4hrVE/BoahLzX/xhiGqaY4k5VBx5SRMKRU6gKdRPhR7rzwHCCdXwXTsJhjoDcZGUADFhEKnYBF784iO1f0ogaSKUI/O/AhAGIz4h07Lyb9mz25ixbv3yZv5IoVqTHHdG5Z248wjBLJawGj0FdBu3ipmni3nnYaON1ZtRIk9lbFJPuqoZvxUZMj+zdynFxpcwX0miFvXGSZaXEM6cTSZ0ulM+VnwFi/yHzrYbkkp1HvMRC29HR+5Cuk9UXBtQcpiWm6KkbiVEoXCbJS+1NvWCGVO01LNQtNFJAtTe3s4grOMdBDV/rD9VuHzq98QER53BZAURU5DA==$ASExGRbUvSJOGTz1v4YrAg==
server: cloudflare
cf-ray: 7cf723759b93fab8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bebgwrcinz6447038be816b.thejaq.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7cf723703b470b39

188.114.96.1

200 OK

42 B

URL GET HTTP/3
bebgwrcinz6447038be816b.thejaq.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7cf723703b470b39
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bebgwrcinz6447038be816b.thejaq.ru/Mspine@crsd.org
Certificate
IssuerGoogle Trust Services LLC
Subjectthejaq.ru
Fingerprint4A:94:88:8A:22:C0:C5:97:8A:8A:92:81:44:7D:28:E5:8D:03:7E:5D
ValidityThu, 18 May 2023 08:29:58 GMT - Wed, 16 Aug 2023 08:29:57 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /cdn-cgi/images/trace/managed/js/transparent.gif?ray=7cf723703b470b39 HTTP/1.1
Host: bebgwrcinz6447038be816b.thejaq.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bebgwrcinz6447038be816b.thejaq.ru/Mspine@crsd.org
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 30 May 2023 12:56:39 GMT
content-type: image/gif
content-length: 42
last-modified: Thu, 25 May 2023 08:39:03 GMT
etag: "646f1ea7-2a"
server: cloudflare
cf-ray: 7cf72371ca18b500-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Tue, 30 May 2023 14:56:39 GMT
cache-control: max-age=7200, public
accept-ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (12)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (15)