Report - wo-rkestlessky80da.q2hhzc5jb29ucw.workers.dev/

Report Overview

Submitted URL
wo-rkestlessky80da.q2hhzc5jb29ucw.workers.dev/
IP
188.114.96.1
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-26 15:47:57
Access
public
Website Title
Onedrive Shared Folder
Final URL
pub-9bae049ea9344f538b82bc4ac296541f.r2.dev/index.html
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
10

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
office365.gorecreeklc.com	unknown	2024-01-22	2024-01-22	2024-03-04	551 B	0 B	0.0.0.0
stackpath.bootstrapcdn.com	2467	2012-05-25	2018-06-15	2024-04-26	540 B	161 kB	104.18.11.207
pub-9bae049ea9344f538b82bc4ac296541f.r2.dev	unknown	2022-08-23	2024-01-25	2024-03-22	1.7 kB	592 kB	104.18.2.35
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20	2024-04-26	5.0 kB	738 kB	104.17.3.184
code.jquery.com	634	2005-12-10	2012-05-21	2024-04-26	437 B	33 kB	151.101.130.137
www.microsoft.com	302	1991-05-02	2012-05-21	2024-04-25	455 B	1.5 kB	23.38.201.156

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-26	medium	pub-9bae049ea9344f538b82bc4ac296541f.r2.dev/index.html	Outlook

PhishTank

Scan Date	Severity	Indicator	Alert
2024-03-04	medium	pub-9bae049ea9344f538b82bc4ac296541f.r2.dev/index.html	Microsoft

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-26	medium	pub-9bae049ea9344f538b82bc4ac296541f.r2.dev	Sinkholed
2024-04-26	medium	pub-9bae049ea9344f538b82bc4ac296541f.r2.dev	Sinkholed
2024-04-26	medium	pub-9bae049ea9344f538b82bc4ac296541f.r2.dev	Sinkholed

ThreatFox

No alerts detected

JavaScript (51)

	URL	Size	First Seen	Last Seen
	unknown	37 B	2023-04-11	2024-05-07
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:31:25 Last Seen2024-05-07 09:02:36 Times Seen234578 Hash 29d0c84b9d1d8da446a6062c6a840ad9 6d6b3a6065667c7c50d92f3889c85ed65a9ad784 3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/npuj1/0x4AAAAAAAQmFDnNz2oDMg8i/light/normal	3.8 kB	2024-04-26	2024-04-26
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/npuj1/0x4AAAAAAAQmFDnNz2oDMg8i/light/normal IP 104.17.3.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-26 17:47:58 Last Seen2024-04-26 17:47:58 Times Seen1 Hash 20613bdfdbc51658c1e78391a141fc3c 811a5391ec46ca0079a98233926f59fedd27ba70 30571f46e647cd8c04d669008f2cb5081f221ca6635ddf8126f1d0ea2fdc0244 Loading...

	challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback	42 kB	2024-04-18	2024-04-29
Pretty URL challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback IP 104.17.3.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 21:08:49 Last Seen2024-04-29 16:17:51 Times Seen2594 Hash f94a2211ce789a95a7c67e8c660d63e8 f1fc19b6bcb96d0a905bf3192aaff0885ff9f36f 926dc3302f99ec05e4206e965ddeb7250f5910a8c38e82c7beafb724bbaaf37b Loading...

	pub-9bae049ea9344f538b82bc4ac296541f.r2.dev/index.html	0 B	2023-03-07	2024-05-07
Pretty URL pub-9bae049ea9344f538b82bc4ac296541f.r2.dev/index.html IP 104.18.2.35 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-07 09:05:35 Times Seen37398444 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	unknown	79 B	2023-04-11	2024-05-07
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:38:58 Last Seen2024-05-07 08:52:09 Times Seen125569 Hash aa049e2749b8531cb8f233c2f64fc2b2 b611a5a62c1813ae5b4763378b3a4a565556530a e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2 Loading...

	unknown	168 kB	2024-01-28	2024-04-26
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-28 05:36:07 Last Seen2024-04-26 17:47:59 Times Seen9 Hash f1f48e4d8b47ada31dec3a190a7e49d3 9205c93a2457287f6e7e71c802ed75915f6e1e47 39c145a7bb5fb1b9a59a58ef5f38ad864d3370cdd67f413beab19043eb34982e Loading...

	code.jquery.com/jquery-3.6.0.min.js	90 kB	2023-03-07	2024-05-07
Pretty URL code.jquery.com/jquery-3.6.0.min.js IP 151.101.130.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-05-07 09:02:37 Times Seen267165 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87a7b63baa67568e	434 kB	2024-04-26	2024-04-26
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87a7b63baa67568e IP 104.17.3.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 17:04:33 Last Seen2024-04-26 17:47:59 Times Seen3 Hash 18e9e16afe595ff9347e49242b3a1c67 3c432aedbc710abb4651c91024649697d598821b e6108293a672d29092c600ef53a1c935b5a940b7341377efbe534178566bb761 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 43c81e43a6e7d9140033055ff3e04983	62 B	2024-04-18	2024-04-29
Pretty Observations First Seen2024-04-18 21:08:51 Last Seen2024-04-29 16:17:50 Times Seen2736 Hash 43c81e43a6e7d9140033055ff3e04983 b0eca03913678cb38c488c7c79cc4f9d2755ea17 3f7ef931c657c4333a401c40e8b0b8d1ff3b164542af45e14242314c0ec39f34 Loading...

	#2 Eval - 5d729b5d49ebedd8008c2ad6aa0d4e11	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 17:47:58 Last Seen2024-04-26 17:47:58 Times Seen1 Hash 5d729b5d49ebedd8008c2ad6aa0d4e11 b460b99940d9740d3d7d626fa930606dc4e0e551 577641ed3af8bfb29693223680fbb01c97e0c33941e7789fc9944e631376c6f2 Loading...

	#3 Eval - 179d32889e9df97158a231d51d71e686	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 17:47:58 Last Seen2024-04-26 17:47:58 Times Seen1 Hash 179d32889e9df97158a231d51d71e686 3a56832e636aee8044ffcd3f741ac56e518c0d67 ea7fbfef3c8f9312d413702e4d66b78da1a95c9b49ccc6df4dbd2d20a676aed3 Loading...

	#4 Eval - 4e5d5b4e76e211b33095318e36023ceb	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 17:47:58 Last Seen2024-04-26 17:47:58 Times Seen1 Hash 4e5d5b4e76e211b33095318e36023ceb 19755d403b8e3d9d07862f9572c7afd7eaea6f9f e52f0c9097816f894bd098da221e99d791d58c0403515abb400215199377a4eb Loading...

	#5 Eval - 9da313e3f56506863642028235b6c28a	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 17:47:58 Last Seen2024-04-26 17:47:58 Times Seen1 Hash 9da313e3f56506863642028235b6c28a 61a3a2528385d8345c69f3a9a6eabe5624d1b4bb 81cc835323d50d5c5a9653e2c7a17fd7c587f5489b4098eccfdb85d965cd642b Loading...

	#6 Eval - 4a7670c49b88f7b255268e66367486e1	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 17:47:58 Last Seen2024-04-26 17:47:58 Times Seen1 Hash 4a7670c49b88f7b255268e66367486e1 1756a1bef3283babdacfa62abae82edc424ed246 30abd683b72c0357902074aee470d2d9b444732773c84d00cb4bfc81f60681f6 Loading...

	#7 Eval - 746463a3333d968632153766a7283deb	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 17:47:58 Last Seen2024-04-26 17:47:58 Times Seen1 Hash 746463a3333d968632153766a7283deb 772bf8110ce6e9ba19f95daec966bdab574fee73 5e56a052b6ea88e80c7b127a2fa3ff6965fcc1b156588297b40512c8b537381a Loading...

	#8 Eval - bc2937f8af5b2cf168828bc30c972da9	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 17:47:58 Last Seen2024-04-26 17:47:58 Times Seen1 Hash bc2937f8af5b2cf168828bc30c972da9 c702e1548e916241e47fac69ab6327c4d4fdf5c3 857c096aa56315a60acb28eb0b8c75f324e9a4e92628cabf937ce6caec10a40f Loading...

	#9 Eval - 7f253c0b24ab6f8d8558e67c86704e1e	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 17:47:58 Last Seen2024-04-26 17:47:58 Times Seen1 Hash 7f253c0b24ab6f8d8558e67c86704e1e 086f43672a8436c53a086f0e13ad6c0b988b5b8c f2606647665f7eba865e06aa22072f873a203de299a30b486797c3570582310b Loading...

	#10 Eval - 61254813173518cab8fc397dd25454d8	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 17:47:58 Last Seen2024-04-26 17:47:58 Times Seen1 Hash 61254813173518cab8fc397dd25454d8 8e125775c850e298bd55625274c8201b14d47ae8 4af04508388decbab7818c03920202220fdc914d4f7a31557126f3b7eb8b033b Loading...

	#11 Eval - 9c0de4080bf859e92241178032734e16	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 17:47:58 Last Seen2024-04-26 17:47:58 Times Seen1 Hash 9c0de4080bf859e92241178032734e16 22c7ef52722fe9ec64f475e6ed3de4a30d263b5d 26c5dc698035b9c560d1a9c220197bc50e16f3005a063c2d5388e8cf7cb921cd Loading...

	#12 Eval - 4c6da5a78066837d83444bbaeb6385c4	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 17:47:58 Last Seen2024-04-26 17:47:58 Times Seen1 Hash 4c6da5a78066837d83444bbaeb6385c4 25b498f04969fe52f7b26caf6c5780c2ffab14fb fd49e2bfbcece16110243cff9e4e2d61fb7c76a38f54ea7d6433307b3fd1ffe3 Loading...

	#13 Eval - 5e98e69ab5d0642494808a6bd2f31b9d	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 17:47:58 Last Seen2024-04-26 17:47:58 Times Seen1 Hash 5e98e69ab5d0642494808a6bd2f31b9d b2cc8980a7b28519bbd32cb8f49a6e324492e56f 01e49e3e93f4deceeb3071e2e594347d1b62be040f14f67ee60762d97eb859d4 Loading...

	#14 Eval - 24de5642be3003be1d5bd88346de129d	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 17:47:58 Last Seen2024-04-26 17:47:58 Times Seen1 Hash 24de5642be3003be1d5bd88346de129d bf45ac064b95225a41cb7a8b993d4ef490b5ff4a 86d3b264cd806356ccf279cf4f35081934b4da70faeacb1a1567a7a391956022 Loading...

	#15 Eval - 408301494720875c2678e17bfdb1d8d8	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 17:47:58 Last Seen2024-04-26 17:47:58 Times Seen1 Hash 408301494720875c2678e17bfdb1d8d8 15473c4af6f306d5fed9ba0dc0b45dbcaba87787 4b21832ba53c9c7912486650e977ab36274b3cb5feaa3bfba2ccd3e065564487 Loading...

	#16 Eval - b119d8e832af5d3b9044fd37287f6bdc	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 17:47:58 Last Seen2024-04-26 17:47:58 Times Seen1 Hash b119d8e832af5d3b9044fd37287f6bdc 4c9d85e11ddf609183db3905c936b1cb841f3b69 84a2be5060cc740c21f86ce5c33bcc30babd9033bbeba29e6a16083b1cb09d0c Loading...

	#17 Eval - cfb60358120f7e109a50ed1f7a71b4ea	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 17:47:58 Last Seen2024-04-26 17:47:58 Times Seen1 Hash cfb60358120f7e109a50ed1f7a71b4ea 5836f24de4f1dc9c81d8a76fd388408528eab5ed 53e0b743c031be6edc6665e79ff1ade8212d06aa4603d932f8cd9f72f39ee41e Loading...

	#18 Eval - 121e09716d7498a88cb43bbd397771fe	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 17:47:58 Last Seen2024-04-26 17:47:58 Times Seen1 Hash 121e09716d7498a88cb43bbd397771fe 09900bdc2dc09a604ff3e42bfce302fb7c62ee00 e6e251b90f88a4d33965c36cc57d201cf06345445394d352a9fbfd7a045f6456 Loading...

	#19 Eval - af4dc0f215827085e9f674fcf958267f	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 17:47:58 Last Seen2024-04-26 17:47:58 Times Seen1 Hash af4dc0f215827085e9f674fcf958267f a7ed46a0f85664d3561e180ef2cfdb38c0285d43 9e90bd58a12a111aabac158438fda445f4ddb3544e86158552cabb771d05a6a1 Loading...

	#20 Eval - 986e2cac38102e478edcf13c54787822	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 17:47:58 Last Seen2024-04-26 17:47:58 Times Seen1 Hash 986e2cac38102e478edcf13c54787822 3f32133a38e21f075e44ef7013f2aa62c9fd681f 2cfdbb12137ff31eb1c7ef95a373bb00209356a6b2c30892d52a5120d10ec846 Loading...

	#21 Eval - 9dea966bd200c9f8e40eba9827495668	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 17:47:58 Last Seen2024-04-26 17:47:58 Times Seen1 Hash 9dea966bd200c9f8e40eba9827495668 f3bb1fed9d962d5bbe667e222a4010131886029c 89e8d310c317f519d37852ec94fd2b310d4a81363fa41fee9ae0ab09da079371 Loading...

	#22 Eval - f7b61c5300b0def581dbe2e3176d9262	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 17:47:58 Last Seen2024-04-26 17:47:58 Times Seen1 Hash f7b61c5300b0def581dbe2e3176d9262 1a5ddfebbaab0247e389fe2f2e3c34b80e742e68 56e7a076efecb5ebf839d56258af1cf07798d1c8b1d4ea173bf46bbd396ab09e Loading...

	#23 Eval - c2795073d278c9c7aefb4c7784d85925	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 17:47:59 Last Seen2024-04-26 17:47:59 Times Seen1 Hash c2795073d278c9c7aefb4c7784d85925 d4dd2d873714193a94abe43347f1d25d7197fbc0 671c8a89f711fedc5cc62adb889c9c277b7b94a8cec2872325147b8c37b902df Loading...

	#24 Eval - 7b2a8ebbadda2d3f5304078a2c08edc8	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 17:47:59 Last Seen2024-04-26 17:47:59 Times Seen1 Hash 7b2a8ebbadda2d3f5304078a2c08edc8 bd9d7f82fa376de125a82c26e9970027f87e6993 bd2cefe9a448341d1d39c5c345a7dcd300a9dc8d87820a36603feb2b5a9c1b95 Loading...

	#25 Eval - 86f210398337c1aa7d7983349768f51d	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 17:47:59 Last Seen2024-04-26 17:47:59 Times Seen1 Hash 86f210398337c1aa7d7983349768f51d 7009e28b8bb49bd79a13bae1af9c735bd398de93 db999689869e5e33a73d82af607d55aaa9a7d3a5739fbd3d3b4bf82c9b504219 Loading...

	#26 Eval - 9e925e9341b490bfd3b4c4ca3b0c1ef2	4 B	2023-03-07	2024-05-07
Pretty Observations First Seen2023-03-07 01:03:43 Last Seen2024-05-07 08:52:09 Times Seen351604 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	#27 Eval - a1f21917f6386da6b0ed28aacfa0a298	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 17:47:59 Last Seen2024-04-26 17:47:59 Times Seen1 Hash a1f21917f6386da6b0ed28aacfa0a298 d14e9244fa065ceb9c0c2e8aac563ed6d5845e5b 7c8e5135898343df45e72f3f73ec280e397e552f17ebfeabbdffaac88bb951c7 Loading...

	#28 Eval - 5a18e7ed50fcbf4eb0476b9741c0368e	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 17:47:59 Last Seen2024-04-26 17:47:59 Times Seen1 Hash 5a18e7ed50fcbf4eb0476b9741c0368e c170a4acb4f4d89d3da565db2909097216bf607e abf62f49c9c630300b8ef3ad7c363eea54273298e21c3c871dbfbd1de39e8b54 Loading...

	#29 Eval - b214007b787d2fb7bfb4341a815b1f0a	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 17:47:59 Last Seen2024-04-26 17:47:59 Times Seen1 Hash b214007b787d2fb7bfb4341a815b1f0a ecd78d4dd90e6a22d9ae12c48f86c26dd81350f0 68f79a8cdb1717e91f16d1c0702a1b429af5b7f127d62f2e3cb5cd9c412df215 Loading...

	#30 Eval - 9ec529bfa99201f7c7394c547a3d6833	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 17:47:59 Last Seen2024-04-26 17:47:59 Times Seen1 Hash 9ec529bfa99201f7c7394c547a3d6833 64673ceb103993e15b6960faaff44e0f884b8b0e 969b0a4bd6ee297ef9584bfc2dee0a0ded118899669564b2e87f9b97022c1ca6 Loading...

	#31 Eval - 53631461514ca4b9108dbebe4780e944	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 17:47:59 Last Seen2024-04-26 17:47:59 Times Seen1 Hash 53631461514ca4b9108dbebe4780e944 06d2dd003dd9a92878b52d19c4a6e11c84600b06 e3597afa9e7f2e339e6f31e1d7c1b58736eeb6ee796392f63f0ea4374cd43516 Loading...

	#32 Eval - 9e22848b6eea85437c766594d80451ee	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 17:47:59 Last Seen2024-04-26 17:47:59 Times Seen1 Hash 9e22848b6eea85437c766594d80451ee 9bb5aec822a1709f22c28e309751a4ef0cefa8f6 9f0159e7c453e9039d89dc57a72910b31a8ec916686f29d04ef95f261be369de Loading...

	#33 Eval - 17e104026d76295461d1dafe31c13717	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 17:47:59 Last Seen2024-04-26 17:47:59 Times Seen1 Hash 17e104026d76295461d1dafe31c13717 bcecd6aa73d9502ead80fab03923464fe0a4eb8b 1b4b45b8a82f1e3fca0f9e8234009129caa46b88d827246bfea1b90a29dc68ca Loading...

	#34 Eval - b4047d251f9f9d365edfa1f30f73ff1a	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 17:47:59 Last Seen2024-04-26 17:47:59 Times Seen1 Hash b4047d251f9f9d365edfa1f30f73ff1a 68dc3fce9c5bb24e7cb30622cfbc3116b54ed749 5b26bdfe60098f3153114493e0276c239363216197abc38703a76804b500ce71 Loading...

	#35 Eval - 250116f2bc06fba282e1147c6248791b	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 17:47:59 Last Seen2024-04-26 17:47:59 Times Seen1 Hash 250116f2bc06fba282e1147c6248791b b4f2a946a5687cfc40601ad9de8ad8f2c29e3b7b 2441e45dbcde81c35cf09679f1d630ba845a08bea69b3e70218ce63caaf14df0 Loading...

	#36 Eval - 760888ba7a770203bbff0599e9fdacc4	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 17:47:59 Last Seen2024-04-26 17:47:59 Times Seen1 Hash 760888ba7a770203bbff0599e9fdacc4 f64e3fb4abd16c13836660a62cac6494096be027 1b0fda56a47fa3cb3ab2cec445f8d12b5ac96bc3dc779f900ccc5a980d64e9d9 Loading...

	#37 Eval - b4eda70fbf734f85e67aa5a8787e9157	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 17:47:59 Last Seen2024-04-26 17:47:59 Times Seen1 Hash b4eda70fbf734f85e67aa5a8787e9157 8e3659a21b940c52330443a4d0a8d83f23eec602 af593f6c0593743a7ba05b2059acea5f2a7766f98ea8ce9ac2407935ce87d852 Loading...

	#38 Eval - 8ee6020d3677135573f224d37bc5ab88	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 17:47:59 Last Seen2024-04-26 17:47:59 Times Seen1 Hash 8ee6020d3677135573f224d37bc5ab88 dd385800c2eb1ce0fcce9bad2bc2774dec6418b1 cd5e6f8d0b9213029346ffc20b2d1ad189fb1188f536326d1a2cfa5bd0744ad0 Loading...

	#39 Eval - b5a3b1fbf10a4c13f9691d5040bc1346	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 17:47:59 Last Seen2024-04-26 17:47:59 Times Seen1 Hash b5a3b1fbf10a4c13f9691d5040bc1346 8dacafbf8cba6cf93bcbdb0f8295f0fed22b4875 1e59829d0b2ea2ab0a14f7df0cc078957168f283b0676fd260c1e1301d7aea05 Loading...

	#40 Eval - 156dc60bd574930d8e8fbc8a77919021	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 17:47:59 Last Seen2024-04-26 17:47:59 Times Seen1 Hash 156dc60bd574930d8e8fbc8a77919021 035bf15d2c1e64c347413c9bed04e3b2d7ad0200 245ab8c2d08a6ac5817c3cea8fde4051058407f4bcdb06f148fd15066c62debe Loading...

	#41 Eval - 45354c559683fb5884e54b01a6ed0452	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 17:47:59 Last Seen2024-04-26 17:47:59 Times Seen1 Hash 45354c559683fb5884e54b01a6ed0452 55e2afa75735b65a5f5ce8d662cbd109902143ed 2d542b3266520446a327e1c94925285c28754cdecbee68ea11138c0c3923e40e Loading...

	#42 Eval - e71fe569663a8a93cda7af87c498fce5	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 17:47:59 Last Seen2024-04-26 17:47:59 Times Seen1 Hash e71fe569663a8a93cda7af87c498fce5 b0ce07cfa0bfa62fcd2472a75589ecf31c296d09 9d56b87ae7ba8ea97d3ff981fb7e35e408a5412784396881b125cacab9910850 Loading...

	#43 Eval - 592f140effa82e7867516f1c91c8f079	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 17:47:59 Last Seen2024-04-26 17:47:59 Times Seen1 Hash 592f140effa82e7867516f1c91c8f079 1fa3af73ee0e32ff849cc29aa026a4c649e2734f d9278479ddfe0a2cd2953316aeea7d216635be58d46c5988f9fc7574885c101d Loading...

HTTP Transactions (15)

URL IP Response Size

pub-9bae049ea9344f538b82bc4ac296541f.r2.dev/index.html

104.18.2.35

200 OK

4.2 kB

URL User Request GET HTTP/1.1
pub-9bae049ea9344f538b82bc4ac296541f.r2.dev/index.html
IP
104.18.2.35:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint48:74:F0:98:E0:A1:57:3E:86:18:BF:B3:DC:C9:7A:5B:53:50:FE:E0
ValidityFri, 05 Apr 2024 15:25:24 GMT - Thu, 04 Jul 2024 15:25:23 GMT

File type
HTML document, ASCII text, with CR line terminators
Size
4.2 kB (4210 bytes)
Hash
3c217392124d57ff3e17858a46896645
88ebfd71add4fde8d773777473d8a3ab01a18889
58eb159676c02f7b3c3e905e3933e195cb07b8315a5611405f363e1ca2ccb926

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Outlook
PhishTank	phishing	Microsoft
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index.html HTTP/1.1
Host: pub-9bae049ea9344f538b82bc4ac296541f.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wo-rkestlessky80da.q2hhzc5jb29ucw.workers.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 15:47:31 GMT
Content-Type: text/html
Content-Length: 4210
Connection: keep-alive
Accept-Ranges: bytes
ETag: "3c217392124d57ff3e17858a46896645"
Last-Modified: Thu, 25 Jan 2024 12:13:56 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87a7b638ed5256c1-OSL

challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback

104.17.3.184

302 Found

0 B

URL GET HTTP/2
challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-9bae049ea9344f538b82bc4ac296541f.r2.dev/index.html
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-9bae049ea9344f538b82bc4ac296541f.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 26 Apr 2024 15:47:31 GMT
content-length: 0
cache-control: max-age=300, public
location: /turnstile/v0/b/471dc2adc340/api.js?onload=onloadTurnstileCallback
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a7b63aad4a1c12-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.6.0.min.js

151.101.130.137

200 OK

33 kB

URL GET HTTP/2
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.130.137:443
ASN
#54113 FASTLY

Requested by
https://pub-9bae049ea9344f538b82bc4ac296541f.r2.dev/index.html
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
33 kB (32745 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-9bae049ea9344f538b82bc4ac296541f.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: "28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Fri, 26 Apr 2024 15:47:31 GMT
age: 2632
x-served-by: cache-lga21931-LGA, cache-hel1410024-HEL
x-cache: HIT, HIT
x-cache-hits: 52, 2479
x-timer: S1714146452.650510,VS0,VE0
vary: Accept-Encoding
content-length: 32745
X-Firefox-Spdy: h2

pub-9bae049ea9344f538b82bc4ac296541f.r2.dev/images/background-photo.jpg

104.18.2.35

200 OK

419 kB

URL GET HTTP/1.1
pub-9bae049ea9344f538b82bc4ac296541f.r2.dev/images/background-photo.jpg
IP
104.18.2.35:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-9bae049ea9344f538b82bc4ac296541f.r2.dev/index.html
Certificate
IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint48:74:F0:98:E0:A1:57:3E:86:18:BF:B3:DC:C9:7A:5B:53:50:FE:E0
ValidityFri, 05 Apr 2024 15:25:24 GMT - Thu, 04 Jul 2024 15:25:23 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=3615, bps=158, PhotometricInterpretation=RGB, orientation=upper-left, width=5498], progressive, precision 8, 5498x2795, components 3
Size
419 kB (418708 bytes)
Hash
7d29bf8af863d6360b2eb2940651fd18
c6b55916725f4e89697d697b06f6ce5c6b16af2c
b3792023a89cbea3cfe7b5b68ac9333b24c63ac7b6a892cf4a55dccec3fcd13d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/background-photo.jpg HTTP/1.1
Host: pub-9bae049ea9344f538b82bc4ac296541f.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-9bae049ea9344f538b82bc4ac296541f.r2.dev/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 15:47:31 GMT
Content-Type: image/jpeg
Content-Length: 418708
Connection: keep-alive
Accept-Ranges: bytes
ETag: "7d29bf8af863d6360b2eb2940651fd18"
Last-Modified: Thu, 25 Jan 2024 10:14:39 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87a7b63b88bf56c1-OSL

challenges.cloudflare.com/turnstile/v0/b/471dc2adc340/api.js?onload=onloadTurnstileCallback

104.17.3.184

200 OK

14 kB

URL GET HTTP/2
challenges.cloudflare.com/turnstile/v0/b/471dc2adc340/api.js?onload=onloadTurnstileCallback
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-9bae049ea9344f538b82bc4ac296541f.r2.dev/index.html
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (42414)
Size
14 kB (14329 bytes)
Hash
f94a2211ce789a95a7c67e8c660d63e8
f1fc19b6bcb96d0a905bf3192aaff0885ff9f36f
926dc3302f99ec05e4206e965ddeb7250f5910a8c38e82c7beafb724bbaaf37b

HTTP Headers

GET /turnstile/v0/b/471dc2adc340/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pub-9bae049ea9344f538b82bc4ac296541f.r2.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 26 Apr 2024 15:47:31 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a7b63abd571c12-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.microsoft.com/favicon.ico?v2

23.38.201.156

540 B

URL GET
www.microsoft.com/favicon.ico?v2
IP
23.38.201.156:0
ASN
#16625 AKAMAI-AS

Requested by
https://pub-9bae049ea9344f538b82bc4ac296541f.r2.dev/index.html
Certificate
IssuerMicrosoft Corporation
Subjectwww.microsoft.com
FingerprintE1:57:9B:A5:51:25:CE:C3:A7:8E:39:F5:5C:F8:1D:A8:BF:A9:4F:88
ValidityThu, 14 Sep 2023 17:24:20 GMT - Sun, 08 Sep 2024 17:24:20 GMT

File type
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Size
540 B (540 bytes)
Hash
12e3dac858061d088023b2bd48e2fa96
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

HTTP Headers

GET /favicon.ico?v2 HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-9bae049ea9344f538b82bc4ac296541f.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/x-icon
accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
etag: "1DA64E997EE8600"
last-modified: Wed, 21 Feb 2024 17:15:40 GMT
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
x-frame-options: SAMEORIGIN
x-sitemuse-origin: Azure
x-azure-ref: 20240426T003155Z-r1b85b66488q788fsn4hkfzedg00000001h000000000u939
vary: Accept-Encoding
content-encoding: gzip
cache-control: public, max-age=31464
expires: Sat, 27 Apr 2024 00:31:55 GMT
date: Fri, 26 Apr 2024 15:47:31 GMT
content-length: 540
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCV9d6a54c4.0
ms-cv-esi: CASMicrosoftCV9d6a54c4.0
x-rtag: RT
X-Firefox-Spdy: h2

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/87a7b63baa67568e/1714146452233/2DAevFIqzNNEwb6

104.17.3.184

200 OK

61 B

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/87a7b63baa67568e/1714146452233/2DAevFIqzNNEwb6
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/npuj1/0x4AAAAAAAQmFDnNz2oDMg8i/light/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
PNG image data, 27 x 62, 8-bit/color RGB, non-interlaced
Size
61 B (61 bytes)
Hash
2aaa87a2802e7dba3a9b1fd53014b9cc
823a31a7eefde2e4a4da128c340a7cd43b6f4cce
011f58bb5b3f0fa740934afe3f849d5c419f0001161638a86508017510ba332c

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/i/87a7b63baa67568e/1714146452233/2DAevFIqzNNEwb6 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/npuj1/0x4AAAAAAAQmFDnNz2oDMg8i/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 15:47:32 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 87a7b641ca49568e-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/npuj1/0x4AAAAAAAQmFDnNz2oDMg8i/light/normal

104.17.3.184

200 OK

114 kB

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/npuj1/0x4AAAAAAAQmFDnNz2oDMg8i/light/normal
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-9bae049ea9344f538b82bc4ac296541f.r2.dev/index.html
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (41702)
Size
114 kB (113631 bytes)
Hash
03b6424e970e53a26e549234e93da7e4
6453e4af552824e0dc7f3c68e0610a697b215215
cfbd3af40deb02e0a3f26242d345e88b4263f5f13acad30653fd653c09989ee5

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/npuj1/0x4AAAAAAAQmFDnNz2oDMg8i/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-9bae049ea9344f538b82bc4ac296541f.r2.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 15:47:31 GMT
content-type: text/html; charset=UTF-8
cross-origin-opener-policy: same-origin
origin-agent-cluster: ?1
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
cross-origin-embedder-policy: require-corp
document-policy: js-profiling
vary: accept-encoding
server: cloudflare
cf-ray: 87a7b63baa67568e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/87a7b63baa67568e/1714146452239/423cd1e9e82d5c12fac365f5795afdc722ffd39f8e840a0c883be38109dc85ed/vH1IPPfA5E0LEiw

104.17.3.184

401 Unauthorized

1 B

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/87a7b63baa67568e/1714146452239/423cd1e9e82d5c12fac365f5795afdc722ffd39f8e840a0c883be38109dc85ed/vH1IPPfA5E0LEiw
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/npuj1/0x4AAAAAAAQmFDnNz2oDMg8i/light/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
ff44570aca8241914870afbc310cdb85
58668e7669fd564d99db5d581fcdb6a5618440b5
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/pat/87a7b63baa67568e/1714146452239/423cd1e9e82d5c12fac365f5795afdc722ffd39f8e840a0c883be38109dc85ed/vH1IPPfA5E0LEiw HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/npuj1/0x4AAAAAAAQmFDnNz2oDMg8i/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 401 Unauthorized
date: Fri, 26 Apr 2024 15:47:33 GMT
content-type: text/plain; charset=UTF-8
content-length: 1
www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gQjzR6egtXBL6w2X1eVr9xyL_05-OhAoMiDvjgQnche0AGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEApc5PUXcXSrXwpeNe3kT6EaAJPDsPBMfFZc7M608yW3JV6YSHiGBLoFiLtNHD3Yj8UsOtWbQeFa2uvS_dYz5MBsoSW4-RbOY-WCB2aGEB-eoRbXl4lJRl0UNGi00lNBgNTil_mTTSNV3ssSkmSY8kwM-5GqBNfJ2kmJPKo02MWiXn1pwc4YXbeATUrYDRvvXUXYZrgaarjDyvHFhnYpD3mqr5qOj_TS_1SCUZ0HIp8ywDX06Xc59cKjzFHEUzD3gWutoK4apMxNt9bWWxcH3D_UL1a1llCxh-knMwTxgvRXS-XHap_ymO2zCuAPNgo1SDCTl4lTQZbVX7VvpDZwMaiQIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tIEI80enoLVwS-sNl9Xla_cci_9OfjoQKDIg744EJ3IXtABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEA1FEYykHcK8H9rb_u0aFz3CmWgYloQw4YhedoEOAjJ0vy2Axa4f9UG9Dzs4uXS34_h8l6MDo2nRCvLI9lvebilMnTjCn-6D77bewqYxJKUFZW1z2jBIdu03TrETczfEg7kxgKtJE9NXGDjYJcF_iMgzgNA0PEAVM89tUYXXlFy4cUAGlqU2mPpIEOxm5ARsXC-zlLK60fkJ4cOsZRkZa6EExdhmgdwQ0fEJuSOHrBO_-zJn4hUP8q9g4yqkxW2UrfJgD07F4HaHGBEiei06sGDvH2NEPvswEl5dTGxutNrxlU7W24iYhNa2nhjlc53nNb0mKtszv-czVE9UhXyJ7-RQIDAQAB", max-age=20
server: cloudflare
cf-ray: 87a7b647097e568e-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1587092036:1714141784:6E6CAYXNB4VyLgCjJ7SpAOj8ELMZSNNJXO5FyZ7EYJI/87a7b63baa67568e/46096ac4bfdee05

104.17.3.184

200 OK

171 kB

URL POST HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1587092036:1714141784:6E6CAYXNB4VyLgCjJ7SpAOj8ELMZSNNJXO5FyZ7EYJI/87a7b63baa67568e/46096ac4bfdee05
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/npuj1/0x4AAAAAAAQmFDnNz2oDMg8i/light/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (3580), with no line terminators
Size
171 kB (171166 bytes)
Hash
2799f43b0674ca07e2ae4dd28af651c3
90e000f2e95e40c7fc0cf2a670f4815d5d16bc18
3d5bc87ee9f25b7bfd9b0e886696360143a1e64af845ca1c0706cb453c683caf

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1587092036:1714141784:6E6CAYXNB4VyLgCjJ7SpAOj8ELMZSNNJXO5FyZ7EYJI/87a7b63baa67568e/46096ac4bfdee05 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/npuj1/0x4AAAAAAAQmFDnNz2oDMg8i/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 46096ac4bfdee05
Content-Length: 25828
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 15:47:33 GMT
content-type: text/html; charset=UTF-8
cf-chl-out: YmuinIo/EjkKEuQ+Y+PnwZarUvkAWchPyLsRufyDk8NltvcKzB66/P08rMf8ib+qnpAuv7TTNDnJhxF8NyXhJ7OtrouI87OodVGTEjk9gthsOZB5v/DB2nksSkX+IKEH$54M9OYhLLTLCLd2S8vgzhQ==
cf-chl-out-s: 0SkFDG5as3xQkTJVI73gogef1l/tSBAshW6MwKyDYZGs21HnQlCis21H6LM4BgsZ/7YIfVm2u8/h4dElUCi8bEHxtZ4mYOf9msqks75q68f2wNs3KwWtL0rUDNq++iLeN9ucTw3E76aOZRaWVUQ0HCLJZZ7STRgdmDr3iIn3xYEs03O4ieNFrAw5jEw75txe$Z85ZWlCmihhNSUYGMNpxJQ==
vary: accept-encoding
server: cloudflare
cf-ray: 87a7b6481b12568e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87a7b63baa67568e

104.17.3.184

200 OK

434 kB

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87a7b63baa67568e
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/npuj1/0x4AAAAAAAQmFDnNz2oDMg8i/light/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
434 kB (433588 bytes)
Hash
18e9e16afe595ff9347e49242b3a1c67
3c432aedbc710abb4651c91024649697d598821b
e6108293a672d29092c600ef53a1c935b5a940b7341377efbe534178566bb761

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87a7b63baa67568e HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/npuj1/0x4AAAAAAAQmFDnNz2oDMg8i/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 15:47:31 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
server: cloudflare
cf-ray: 87a7b63c6b5c568e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

pub-9bae049ea9344f538b82bc4ac296541f.r2.dev/dMainFunc.js?_=1714146451727

104.18.2.35

200 OK

168 kB

URL GET HTTP/1.1
pub-9bae049ea9344f538b82bc4ac296541f.r2.dev/dMainFunc.js?_=1714146451727
IP
104.18.2.35:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-9bae049ea9344f538b82bc4ac296541f.r2.dev/index.html
Certificate
IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint48:74:F0:98:E0:A1:57:3E:86:18:BF:B3:DC:C9:7A:5B:53:50:FE:E0
ValidityFri, 05 Apr 2024 15:25:24 GMT - Thu, 04 Jul 2024 15:25:23 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
168 kB (167740 bytes)
Hash
f1f48e4d8b47ada31dec3a190a7e49d3
9205c93a2457287f6e7e71c802ed75915f6e1e47
39c145a7bb5fb1b9a59a58ef5f38ad864d3370cdd67f413beab19043eb34982e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dMainFunc.js?_=1714146451727 HTTP/1.1
Host: pub-9bae049ea9344f538b82bc4ac296541f.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://pub-9bae049ea9344f538b82bc4ac296541f.r2.dev/index.html
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 15:47:33 GMT
Content-Type: text/javascript
Content-Length: 167740
Connection: keep-alive
Accept-Ranges: bytes
ETag: "f1f48e4d8b47ada31dec3a190a7e49d3"
Last-Modified: Thu, 25 Jan 2024 10:50:57 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87a7b648ac9d56c1-OSL

office365.gorecreeklc.com/?gs=JxQT

0.0.0.0

0 B

URL GET
office365.gorecreeklc.com/?gs=JxQT
IP
0.0.0.0:0
ASN
#0

Requested by
https://pub-9bae049ea9344f538b82bc4ac296541f.r2.dev/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?gs=JxQT HTTP/1.1
Host: office365.gorecreeklc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-9bae049ea9344f538b82bc4ac296541f.r2.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D

104.17.3.184

200 OK

61 B

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/npuj1/0x4AAAAAAAQmFDnNz2oDMg8i/light/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Size
61 B (61 bytes)
Hash
9246cca8fc3c00f50035f28e9f6b7f7d
3aa538440f70873b574f40cd793060f53ec17a5d
c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/npuj1/0x4AAAAAAAQmFDnNz2oDMg8i/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 15:47:31 GMT
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 87a7b63c6b5a568e-OSL
alt-svc: h3=":443"; ma=86400

stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css

104.18.11.207

200 OK

160 kB

URL GET HTTP/2
stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css
IP
104.18.11.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-9bae049ea9344f538b82bc4ac296541f.r2.dev/index.html
Certificate
IssuerGoogle Trust Services LLC
Subjectbootstrapcdn.com
Fingerprint57:B4:25:B9:9C:88:A1:A3:3D:F7:31:74:02:E4:D1:E0:0A:F5:11:63
ValidityWed, 27 Mar 2024 00:22:09 GMT - Tue, 25 Jun 2024 00:22:08 GMT

File type
ASCII text, with very long lines (65326)
Size
160 kB (160302 bytes)
Hash
816af0eddd3b4822c2756227c7e7b7ee
c470239d4c7db36d56dc3a74a080c62218c6edc4
5b0fbe5b7ad705f6a937c4998ad02f73d8f0d976fe231b74aef0ec996990c93a

HTTP Headers

GET /bootstrap/4.5.2/css/bootstrap.min.css HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://pub-9bae049ea9344f538b82bc4ac296541f.r2.dev
DNT: 1
Connection: keep-alive
Referer: https://pub-9bae049ea9344f538b82bc4ac296541f.r2.dev/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 15:47:31 GMT
content-type: text/css; charset=utf-8
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=31919000
content-encoding: br
etag: W/"816af0eddd3b4822c2756227c7e7b7ee"
last-modified: Mon, 25 Jan 2021 22:04:11 GMT
cdn-cachedat: 03/18/2024 12:45:42
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 865
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 5dd3262fdaa969e919037723771e54d2
cdn-cache: HIT
cf-cache-status: HIT
age: 12
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 87a7b63aafb956cb-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (51)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations