Report - lewisaire.com/hold.htm

Report Overview

Submitted URL
lewisaire.com/hold.htm
IP
172.67.219.119
ASN
#13335 CLOUDFLARENET
Submitted
2023-06-03 23:52:26
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r.mradx.net	17878	2013-01-22	2014-02-23	2023-06-03	424 B	1.1 kB	95.163.52.80
img.imgsmail.ru	30315	2008-11-20	2012-06-25	2023-06-03	871 B	1.6 kB	217.69.139.102
lewisaire.com	unknown	2022-10-19	2015-11-15	2023-06-03	4.0 kB	3.1 MB	172.67.219.119

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-06-03	medium	lewisaire.com/hold.htm

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (8)

	URL	Size	First Seen	Last Seen
	lewisaire.com/hold_files/saved_resource.htm	0 B	2023-03-07	2024-04-25
Pretty URL lewisaire.com/hold_files/saved_resource.htm IP 172.67.219.119 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-25 00:34:42 Times Seen37051301 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	lewisaire.com/hold.htm	344 B	2023-03-12	2024-02-20
Pretty URL lewisaire.com/hold.htm IP 172.67.219.119 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 07:10:18 Last Seen2024-02-20 16:03:31 Times Seen221 Hash 6ad8f0f3fa39b44e7f09394c09ab1eb0 a94caad76ebfa81eaf1a218d2880b2b1b8429138 2d9ed133178db82f5f0be28c2848450c40cd068b3f0dba3fea366612d970c3a1 Loading...

	img.imgsmail.ru/ph/0.58.21/external.min.js	221 kB	2023-03-12	2024-02-20
Pretty URL img.imgsmail.ru/ph/0.58.21/external.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 07:10:18 Last Seen2024-02-20 16:03:31 Times Seen380 Hash b08ca88f191a5693db927c04d6b4e6c6 408e2215ed823fc5d8c5a045118d380523c08b74 622941c58a58f88b5a82675fc1f4be15c0b232030cbef896a060af6f89c0078c Loading...

	lewisaire.com/hold_files/jquery.js	86 kB	2023-03-07	2024-04-24
Pretty URL lewisaire.com/hold_files/jquery.js IP 172.67.219.119 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:01 Last Seen2024-04-24 19:21:49 Times Seen5797 Hash 6fc159d00dc3cea4153c038739683f93 5d7e5bbfa540f0e53bd599e4305e1a4e815b5dd1 8a102873a33f24f7eb22221e6b23c4f718e29f85168ecc769a35bfaed9b12cce Loading...

	lewisaire.com/hold.htm	107 B	2023-03-12	2024-02-20
Pretty URL lewisaire.com/hold.htm IP 172.67.219.119 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 07:10:18 Last Seen2024-02-20 16:03:31 Times Seen221 Hash 3ab08a5765f880673577e8a7246f3d4a 22c39735843c4426c115d96bbfce63839e553019 edec656b6da8120a3981c27f32b0c065be58d80ab0c681786d12b787d15b476a Loading...

	lewisaire.com/hold.htm	1.4 kB	2023-04-10	2024-02-20
Pretty URL lewisaire.com/hold.htm IP 172.67.219.119 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-10 08:51:01 Last Seen2024-02-20 16:03:31 Times Seen194 Hash 5e6dac7ba03e541c3145b27982ff6fac e2802a39037d0a7971988d4ae2c134cf1fcd1522 f6a59586113595256f901c512fdbcaf4182b7dc5b7f61c03d4f89cb44273431c Loading...

	lewisaire.com/hold.htm	2.4 kB	2023-04-10	2024-02-20
Pretty URL lewisaire.com/hold.htm IP 172.67.219.119 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-10 08:51:01 Last Seen2024-02-20 16:03:31 Times Seen205 Hash da9b194b44dc8123f59a361825eb08a7 ff557439c0451c9f09f9ff76728050df443f1ff6 45d0553876739231d015171f6549de7b95844815f737d2117e16e5e79a46db00 Loading...

	lewisaire.com/hold.htm	232 B	2023-03-12	2024-02-20
Pretty URL lewisaire.com/hold.htm IP 172.67.219.119 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 07:10:18 Last Seen2024-02-20 16:03:31 Times Seen220 Hash de0beb4a550bfba26e15b9dbfce2b0ec 7f7be405e98821fd80d3ec78e454cbd60c43ce43 55ea7c6f81303af3566f78f18cbf5ee39dbf43d188d04775bfb7910fc4b60a40 Loading...

HTTP Transactions (12)

URL IP Response Size

r.mradx.net/img/70/65C1D5.svg

95.163.52.80

200 OK

711 B

URL GET HTTP/1.1
r.mradx.net/img/70/65C1D5.svg
IP
95.163.52.80:443
ASN
#47764 Mail.Ru LLC

Requested by
https://lewisaire.com/hold.htm
Certificate
IssuerGlobalSign nv-sa
Subject*.mradx.net
Fingerprint38:D6:C5:0B:2A:4C:E9:B0:EC:D4:29:0C:45:9B:1F:CE:96:79:CD:7E
ValidityThu, 14 Jul 2022 08:28:17 GMT - Tue, 15 Aug 2023 08:28:16 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1652)
Size
711 B (711 bytes)
Hash
42d52d96e38976aecd82bf5c7649b552
7065c1d593b14ec77d89a404e5de51b99422e42e
e80d001d44a491091e48a85aac180af5c6aa585f606ecc0ef812ff82cfa1c4ed

HTTP Headers

GET /img/70/65C1D5.svg HTTP/1.1
Host: r.mradx.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lewisaire.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Jun 2023 23:52:10 GMT
Content-Type: image/svg+xml
Last-Modified: Tue, 07 Aug 2018 15:44:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"5b69be60-6b9"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Encoding: gzip

img.imgsmail.ru/ph/0.58.21/authForm/icons.png

217.69.139.102

200 OK

696 B

URL GET HTTP/2
img.imgsmail.ru/ph/0.58.21/authForm/icons.png
IP
217.69.139.102:443
ASN
#47764 Mail.Ru LLC

Requested by
https://lewisaire.com/hold.htm
Certificate
IssuerGlobalSign nv-sa
Subject*.imgsmail.ru
FingerprintD0:BD:83:05:95:38:BD:59:C6:34:E4:E5:48:AC:CB:EB:6D:7E:E3:35
ValidityTue, 14 Feb 2023 12:27:51 GMT - Sun, 17 Mar 2024 12:27:50 GMT

File type
PNG image data, 20 x 88, 8-bit/color RGBA, non-interlaced\012- data
Size
696 B (696 bytes)
Hash
60afb2bbc42a2c65d4ee3cba25cb4351
297aa6087a0a7117407bfde6b95d42799dcfc247
24982aae0d85f39fc1ae4456e837394cf6f11a8f6de9f78729eddc922b8aa0ad

HTTP Headers

GET /ph/0.58.21/authForm/icons.png HTTP/1.1
Host: img.imgsmail.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lewisaire.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 03 Jun 2023 23:52:11 GMT
content-type: image/png
content-length: 696
last-modified: Sat, 18 Feb 2017 20:41:19 GMT
etag: "58a8b16f-2b8"
timing-allow-origin: *
x-content-type-options: nosniff
vary: Origin
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

img.imgsmail.ru/p/popup/close.v2.png

217.69.139.102

200 OK

196 B

URL GET HTTP/2
img.imgsmail.ru/p/popup/close.v2.png
IP
217.69.139.102:443
ASN
#47764 Mail.Ru LLC

Requested by
https://lewisaire.com/hold.htm
Certificate
IssuerGlobalSign nv-sa
Subject*.imgsmail.ru
FingerprintD0:BD:83:05:95:38:BD:59:C6:34:E4:E5:48:AC:CB:EB:6D:7E:E3:35
ValidityTue, 14 Feb 2023 12:27:51 GMT - Sun, 17 Mar 2024 12:27:50 GMT

File type
PNG image data, 8 x 17, 8-bit colormap, non-interlaced\012- data
Size
196 B (196 bytes)
Hash
8c85668aa704d71507bb47f54db3710c
193b714c55e12f4ac578a5df5cca639ab3c58a60
1d18375dcac07f3b45e1895c8c332781951a06f835c14dc916e03d55d565268a

HTTP Headers

GET /p/popup/close.v2.png HTTP/1.1
Host: img.imgsmail.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lewisaire.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 03 Jun 2023 23:52:11 GMT
content-type: image/png
content-length: 196
last-modified: Sat, 18 Feb 2017 20:41:24 GMT
etag: "58a8b174-c4"
timing-allow-origin: *
x-content-type-options: nosniff
expires: Sat, 10 Jun 2023 23:52:11 GMT
cache-control: max-age=604800
accept-ranges: bytes
X-Firefox-Spdy: h2

lewisaire.com/favicon.ico

172.67.219.119

200 OK

17 kB

URL GET HTTP/3
lewisaire.com/favicon.ico
IP
172.67.219.119:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lewisaire.com/hold.htm
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:B8:A4:7B:AC:7A:A7:4F:6D:A6:6C:02:F9:BC:C3:FF:6B:A1:FA:5E
ValidityWed, 22 Feb 2023 00:00:00 GMT - Wed, 21 Feb 2024 23:59:59 GMT

File type
MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel\012- data
Size
17 kB (16958 bytes)
Hash
f8b110d87f0c7ea8c1d151846dbe8849
8b567892539bc84cfc881982be1068f945c67c5a
fdb649f13bacfa21b47ec7481b775379e58137a52a5532f00678f8efbd70fbbb

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: lewisaire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lewisaire.com/hold.htm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 03 Jun 2023 23:52:12 GMT
content-type: image/x-icon
last-modified: Tue, 30 May 2023 07:09:44 GMT
etag: W/"6475a138-423e"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=udhj2YybRIF7G1jOzjgUefwbGosGppSBSGqFvf4ZE%2FvBGe8LkdjI9eS%2FNR1Lf8jD8RquVUr%2Biuzqq31iD4rZSckcxcgisZM6%2Fz2DuXdvGNXfkyonPcXFrn69Z%2FXezKzZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d1bd92e6e7bb4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

lewisaire.com/hold_files/external.js

172.67.219.119

200 OK

221 kB

URL GET HTTP/3
lewisaire.com/hold_files/external.js
IP
172.67.219.119:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lewisaire.com/hold.htm
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:B8:A4:7B:AC:7A:A7:4F:6D:A6:6C:02:F9:BC:C3:FF:6B:A1:FA:5E
ValidityWed, 22 Feb 2023 00:00:00 GMT - Wed, 21 Feb 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1452), with CRLF line terminators
Size
221 kB (221162 bytes)
Hash
b08ca88f191a5693db927c04d6b4e6c6
408e2215ed823fc5d8c5a045118d380523c08b74
622941c58a58f88b5a82675fc1f4be15c0b232030cbef896a060af6f89c0078c

HTTP Headers

GET /hold_files/external.js HTTP/1.1
Host: lewisaire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lewisaire.com/hold.htm
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 03 Jun 2023 23:52:10 GMT
content-type: application/javascript
last-modified: Tue, 30 May 2023 07:09:44 GMT
vary: Accept-Encoding
etag: W/"6475a138-35fea"
expires: Sun, 04 Jun 2023 11:52:10 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gqvLClpFWPLQSU1uctlejY0uXwN9W2KWPPL500U%2FpMDY1YrIaXMcFGMaqE%2ByiElNHqZrwzQzo8StQoL1TKJBQLhfmcYJ%2FDku%2FYCh%2FUvjNeAjCJ3f8ZR3emqxcRhlmDAF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d1bd9221cdab4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

lewisaire.com/hold_files/mapi.htm

172.67.219.119

200 OK

225 B

URL GET HTTP/3
lewisaire.com/hold_files/mapi.htm
IP
172.67.219.119:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lewisaire.com/hold.htm
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:B8:A4:7B:AC:7A:A7:4F:6D:A6:6C:02:F9:BC:C3:FF:6B:A1:FA:5E
ValidityWed, 22 Feb 2023 00:00:00 GMT - Wed, 21 Feb 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Size
225 B (225 bytes)
Hash
026e580556683b84fc1b25546793e320
034635ca72d64e1fe1e4f40e31eef6a8bae2c541
6ac538616208d91019b69d89ce6e2508b90369a8a8b6c0e172185308b1c37cca

HTTP Headers

GET /hold_files/mapi.htm HTTP/1.1
Host: lewisaire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lewisaire.com/hold.htm
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 03 Jun 2023 23:52:10 GMT
content-type: text/html
last-modified: Tue, 30 May 2023 07:09:44 GMT
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IXYl0axFeRD2fRwssPvj3I3hcRcJsSvB%2FaIXUexNY%2FA3TZTSiQNdYSnNjSebCZrd66vWedtLIBQd6rUE3dH5%2FTPqGJ10rfSVv%2FECHaGiXw57Eyl3g4Z2MNrd3EbO7MGA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d1bd9221cddb4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

lewisaire.com/hold_files/%2520%2520%2520-.htm

172.67.219.119

200 OK

263 B

URL GET HTTP/3
lewisaire.com/hold_files/%2520%2520%2520-.htm
IP
172.67.219.119:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lewisaire.com/hold.htm
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:B8:A4:7B:AC:7A:A7:4F:6D:A6:6C:02:F9:BC:C3:FF:6B:A1:FA:5E
ValidityWed, 22 Feb 2023 00:00:00 GMT - Wed, 21 Feb 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with no line terminators
Size
263 B (263 bytes)
Hash
566ac834459e10b79d937bbc58b39fe6
d9b11012cdfc39e1bd65b2f40affc37fe47ac807
d1af1b54c90017d05dd03a8dae8a7eaa67d288c290e94cf9f30b560aa2165352

HTTP Headers

GET /hold_files/%2520%2520%2520-.htm HTTP/1.1
Host: lewisaire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lewisaire.com/hold.htm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 03 Jun 2023 23:52:10 GMT
content-type: text/html
last-modified: Tue, 30 May 2023 07:09:44 GMT
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sSWSug0%2B%2FEzXMGL9xcLm0wxxFkyoRpSk%2FmCymSq6IxQ6JqURUVl81IV8zFAGyKvyyLc%2FkymrUPqfALZpTMxRYntTgOoOFeI%2Bf1EA96gkJS3UxEGV1FPVjEW3awiDHgMK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d1bd9245e8ab4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

lewisaire.com/hold_files/main.css

172.67.219.119

200 OK

2.1 MB

URL GET HTTP/3
lewisaire.com/hold_files/main.css
IP
172.67.219.119:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lewisaire.com/hold.htm
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:B8:A4:7B:AC:7A:A7:4F:6D:A6:6C:02:F9:BC:C3:FF:6B:A1:FA:5E
ValidityWed, 22 Feb 2023 00:00:00 GMT - Wed, 21 Feb 2024 23:59:59 GMT

File type

Size
2.1 MB (2062237 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /hold_files/main.css HTTP/1.1
Host: lewisaire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lewisaire.com/hold.htm
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 03 Jun 2023 23:52:10 GMT
content-type: text/css
last-modified: Tue, 30 May 2023 07:09:44 GMT
vary: Accept-Encoding
etag: W/"6475a138-1f779d"
expires: Sun, 04 Jun 2023 11:52:10 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g%2BEseIsHMq%2ByLmpvk3whKRU0ffLNv%2BARjlWCvmn6AN2JmyghxmEgPGD6vgA0UO1wil2jlHLZcOByyMW2jkcSQOOYFhxlu0TzMqyIBhiPeF9dfPKXbFF%2FhTlY4ZyCdpYZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d1bd9245e8eb4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

lewisaire.com/hold.htm

172.67.219.119

200 OK

689 kB

URL User Request GET HTTP/2
lewisaire.com/hold.htm
IP
172.67.219.119:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:B8:A4:7B:AC:7A:A7:4F:6D:A6:6C:02:F9:BC:C3:FF:6B:A1:FA:5E
ValidityWed, 22 Feb 2023 00:00:00 GMT - Wed, 21 Feb 2024 23:59:59 GMT

File type

Size
689 kB (689370 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Mail.Ru Group

HTTP Headers

GET /hold.htm HTTP/1.1
Host: lewisaire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 03 Jun 2023 23:52:08 GMT
content-type: text/html
last-modified: Tue, 30 May 2023 07:09:44 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F1bTDLaoj2MsKDiJeiEMDDd%2BxWpnVWvzqPgaCj0fYzpzuSFPpu9P%2BMz%2BhbAo60SPAUk4iEAqkjZqK9TBo2bLBmQYhUv1uATa25ahGnAXYoF8crU0mgMrNCtsxk%2BmROZS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d1bd9159ff7b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

lewisaire.com/hold_files/jquery.js

172.67.219.119

200 OK

86 kB

URL GET HTTP/3
lewisaire.com/hold_files/jquery.js
IP
172.67.219.119:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lewisaire.com/hold.htm
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:B8:A4:7B:AC:7A:A7:4F:6D:A6:6C:02:F9:BC:C3:FF:6B:A1:FA:5E
ValidityWed, 22 Feb 2023 00:00:00 GMT - Wed, 21 Feb 2024 23:59:59 GMT

File type
ASCII text, with very long lines (32069)
Size
86 kB (85589 bytes)
Hash
6fc159d00dc3cea4153c038739683f93
5d7e5bbfa540f0e53bd599e4305e1a4e815b5dd1
8a102873a33f24f7eb22221e6b23c4f718e29f85168ecc769a35bfaed9b12cce

HTTP Headers

GET /hold_files/jquery.js HTTP/1.1
Host: lewisaire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lewisaire.com/hold.htm
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 03 Jun 2023 23:52:10 GMT
content-type: application/javascript
last-modified: Tue, 30 May 2023 07:09:44 GMT
vary: Accept-Encoding
etag: W/"6475a138-14e55"
expires: Sun, 04 Jun 2023 11:52:10 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w6GyXd3CclwA8O4qjWJckNo3OEZ%2FtmbjIOoEmCktpOyGYs9Rr%2FhC9Mzo0cwrS64JEDJD6%2FLtiQ1DtoleXIsbZRxAcM%2BwWtM4MjGbotmY6uJKHXaCpzlX8h%2BsW4X9JX%2Fb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d1bd9221ce0b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

lewisaire.com/hold_files/portal-menu__logo.svg

172.67.219.119

200 OK

4.0 kB

URL GET HTTP/3
lewisaire.com/hold_files/portal-menu__logo.svg
IP
172.67.219.119:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lewisaire.com/hold.htm
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:B8:A4:7B:AC:7A:A7:4F:6D:A6:6C:02:F9:BC:C3:FF:6B:A1:FA:5E
ValidityWed, 22 Feb 2023 00:00:00 GMT - Wed, 21 Feb 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- SVG XML document\012- XML document text\012- exported SGML document, ASCII text, with very long lines (4099), with no line terminators
Size
4.0 kB (4013 bytes)
Hash
d97186fc76ea8684aec506956228d7bf
1f7d051800a4101db42e37d8628b91f17ec6f994
33f7ccaf1f4bf473f02b692d51418ff60c9bd6fb3c8381e5ce77cee696539c97

HTTP Headers

GET /hold_files/portal-menu__logo.svg HTTP/1.1
Host: lewisaire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lewisaire.com/hold.htm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 03 Jun 2023 23:52:10 GMT
content-type: image/svg+xml
last-modified: Tue, 30 May 2023 07:09:44 GMT
etag: W/"6475a138-fad"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6nPIxNAZ7WlJeMOnBX9MfxCQ7Rg2jftkzoxSpbv6g6BR%2B%2BM4I2rGObNfswgd4fSSF5JOkbqRHrXQRTg%2FXB8E6WBm%2FmieHJsR7HI%2BZV%2FrRWcMVoJypg%2Fy4buawfyhmDiK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d1bd9245e86b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

lewisaire.com/hold_files/saved_resource.htm

172.67.219.119

200 OK

635 B

URL GET HTTP/3
lewisaire.com/hold_files/saved_resource.htm
IP
172.67.219.119:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lewisaire.com/hold.htm
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:B8:A4:7B:AC:7A:A7:4F:6D:A6:6C:02:F9:BC:C3:FF:6B:A1:FA:5E
ValidityWed, 22 Feb 2023 00:00:00 GMT - Wed, 21 Feb 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (643), with no line terminators
Size
635 B (635 bytes)
Hash
5843363ae522f4aeae2ee283f4c70588
9bf8c5dfed252c43dbb171d3c2c538912b783546
e3b69e113ae8922dd1dfd0b5640da5cd6898de95b4610da8762f3d4b5137256f

HTTP Headers

GET /hold_files/saved_resource.htm HTTP/1.1
Host: lewisaire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lewisaire.com/hold.htm
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 03 Jun 2023 23:52:10 GMT
content-type: text/html
last-modified: Tue, 30 May 2023 07:09:44 GMT
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LVsezHsLj4Ex7HoIxMWC4D%2BHyGVSFxx4Yr2PZre%2FN6it4R12AAAKnG0h6i6FkdntStCb4cE0%2F%2BXCFwEI5s%2FGQvDozw0RItar0YYmhn84Wg1MR3Nr%2FopN%2B5ujOIpxU%2BMr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d1bd9295a8cb4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML