Report - qsiapi.assistcard.com/landing/es/lp_es_v2.aspx?requestCode=89a510c9-92c8-4570-96fe-ffe4ef4d645d&nps=2&redirect=https://www.lsginconline.com/.well-known/acme-challenge/whoernetrrahhj/hilahnasarahlily/wpfile/97215/Eric%20Brettner/ZXJpYy5icmV0dG5lckBteW1hcmluaGVhbHRoLm9yZw==

Report Overview

Visited public
2023-11-29 15:37:47
Tags
phishing microsoft outlook
URL
qsiapi.assistcard.com/landing/es/lp_es_v2.aspx?requestCode=89a510c9-92c8-4570-96fe-ffe4ef4d645d&nps=2&redirect=https://www.lsginconline.com/.well-known/acme-challenge/whoernetrrahhj/hilahnasarahlily/wpfile/97215/Eric%20Brettner/ZXJpYy5icmV0dG5lckBteW1hcmluaGVhbHRoLm9yZw==
Finishing URL
about:neterror?e=dnsNotFound&u=https%3A//flu67r7.rdaj8.ru/EUWst83%23eric.brettner%40mymarinhealth.org&c=UTF-8&d=We%20can%E2%80%99t%20connect%20to%20the%20server%20at%20flu67r7.rdaj8.ru.
IP / ASN
200.61.211.109
#7303 Telecom Argentina S.A.
Title
Server Not Found
Phishing - Microsoft Outlook

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
qsiapi.assistcard.com	unknown	2007-10-25	2023-09-02 14:26:39	2023-11-29 08:28:28	4.5 kB	909 kB	200.61.211.109
necolas.github.io	106080	2013-03-08	2013-04-11 11:42:29	2023-11-23 21:06:34	457 B	2.4 kB	185.199.109.153
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-11-29 07:17:12	1.1 kB	33 kB	216.58.207.227
www.lsginconline.com	unknown	2009-01-06	2020-11-16 07:09:52	2023-11-24 15:06:43	660 B	335 B	199.204.248.133
flu67r7.rdaj8.ru	unknown	2023-10-11	2023-10-17 21:09:12	2023-11-27 18:29:37	492 B	0 B	0.0.0.0
status.geotrust.com	3662	1999-04-04	2017-12-01 09:55:31	2023-11-29 05:09:08	343 B	642 B	192.229.221.95

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (12)

URL IP Response Size

status.geotrust.com/

192.229.221.95

471 B

URL
status.geotrust.com/
IP
192.229.221.95:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
97c87062f9e0a919b92bf76a53b06c0d
7b983ce205e1385f6bd62f64c5048fd8c2e15524
c0a8b1215306bfaeeeea639d525247a1b0e1378e412413728a7a276c9a8e2cbf

HTTP Headers

POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: max-age=7200
Content-Type: application/ocsp-response
Date: Wed, 29 Nov 2023 15:37:30 GMT
Server: ECAcc (amb/6AD6)
Content-Length: 471

qsiapi.assistcard.com/landing/es/lp_es_v2.aspx?requestCode=89a510c9-92c8-4570-96fe-ffe4ef4d645d&nps=2&redirect=https://www.lsginconline.com/.well-known/acme-challenge/whoernetrrahhj/hilahnasarahlily/wpfile/97215/Eric%20Brettner/ZXJpYy5icmV0dG5lckBteW1hcmluaGVhbHRoLm9yZw==

200.61.211.109

15 kB

URL
qsiapi.assistcard.com/landing/es/lp_es_v2.aspx?requestCode=89a510c9-92c8-4570-96fe-ffe4ef4d645d&nps=2&redirect=https://www.lsginconline.com/.well-known/acme-challenge/whoernetrrahhj/hilahnasarahlily/wpfile/97215/Eric%20Brettner/ZXJpYy5icmV0dG5lckBteW1hcmluaGVhbHRoLm9yZw==
IP
200.61.211.109:0
ASN
#7303 Telecom Argentina S.A.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1648), with CRLF, LF line terminators
Size
15 kB (15222 bytes)
Hash
5758f3a974a1fa39b5d096966ad6c04f
3fbc5bc412b3b40e25337ae6ebd31a014025d8de
649567020c35fb5e1cc205be78aac991ce0d1d31e235e538e2f015070f7cd715

HTTP Headers

GET /landing/es/lp_es_v2.aspx?requestCode=89a510c9-92c8-4570-96fe-ffe4ef4d645d&nps=2&redirect=https://www.lsginconline.com/.well-known/acme-challenge/whoernetrrahhj/hilahnasarahlily/wpfile/97215/Eric%20Brettner/ZXJpYy5icmV0dG5lckBteW1hcmluaGVhbHRoLm9yZw== HTTP/1.1
Host: qsiapi.assistcard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Wed, 29 Nov 2023 15:37:30 GMT
Content-Length: 15222
Set-Cookie: ASP.NET_SessionId=shmg0lnhy1owrrtajpe3k0yq; path=/; HttpOnly; SameSite=Lax
f5avraaaaaaaaaaaaaaaa_session_=EJKPDIEIDNAEKFDAIHGNNMNMPFENNHINGMEOKMBKOFPHAPMCGPCHICBIJHAJHHFANLKDPFDCPKBJPBLKKKOAGGAGGFFPFOAHGANANOKLEJDEIPPHLJJELKMFCNPJFEJL; HttpOnly; secure;
f5_cspm=1234;;

necolas.github.io/normalize.css/8.0.0/normalize.css

185.199.109.153

1.7 kB

URL
necolas.github.io/normalize.css/8.0.0/normalize.css
IP
185.199.109.153:0
ASN
#54113 FASTLY

File type
ASCII text
Size
1.7 kB (1712 bytes)
Hash
fda27b856c2e3cada6e0f6bfeccc2067
734a72e6c28d4a3a870404fb4abf72723c754296
ec602d0d0efdc1310e8e104a7fbd2e0501bb039cb26fef2b8a0bb4edab575836

HTTP Headers

GET /normalize.css/8.0.0/normalize.css HTTP/1.1
Host: necolas.github.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qsiapi.assistcard.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: GitHub.com
content-type: text/css; charset=utf-8
permissions-policy: interest-cohort=()
last-modified: Mon, 05 Nov 2018 02:35:30 GMT
access-control-allow-origin: *
etag: W/"5bdfac72-17a4"
expires: Sat, 25 Nov 2023 02:23:23 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: MISS
x-github-request-id: 5C6A:5D45:21A680F:222A798:65615842
accept-ranges: bytes
date: Wed, 29 Nov 2023 15:37:30 GMT
via: 1.1 varnish
age: 598
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1701272251.777489,VS0,VE1
vary: Accept-Encoding
x-fastly-request-id: 4984763f82b7cf467184adb67fab4cb99574dec3
content-length: 1712
X-Firefox-Spdy: h2

qsiapi.assistcard.com/css/animate.css

200.61.211.109

78 kB

URL
qsiapi.assistcard.com/css/animate.css
IP
200.61.211.109:0
ASN
#7303 Telecom Argentina S.A.

File type
ASCII text, with CRLF line terminators
Size
78 kB (78544 bytes)
Hash
e8f760ef9145795c4352cac3a8936207
1cd47b8a375bad6cbcdb166cf3a20c8f9315022e
77831dbe6b4cbe88beb576be1363a995c51d66b699e133cf56b23827378af670

HTTP Headers

GET /css/animate.css HTTP/1.1
Host: qsiapi.assistcard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qsiapi.assistcard.com/landing/es/lp_es_v2.aspx?requestCode=89a510c9-92c8-4570-96fe-ffe4ef4d645d&nps=2&redirect=https://www.lsginconline.com/.well-known/acme-challenge/whoernetrrahhj/hilahnasarahlily/wpfile/97215/Eric%20Brettner/ZXJpYy5icmV0dG5lckBteW1hcmluaGVhbHRoLm9yZw==
Cookie: ASP.NET_SessionId=shmg0lnhy1owrrtajpe3k0yq
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Last-Modified: Tue, 12 Nov 2019 20:22:11 GMT
Accept-Ranges: bytes
ETag: "351e9bdd9699d51:0"
Date: Wed, 29 Nov 2023 15:37:30 GMT
Content-Length: 78544
Set-Cookie: f5avraaaaaaaaaaaaaaaa_session_=OCHBHBACHOENIMIPMILLKBCMNHOIEDLHJPKPMNFBNKFAPPHANPFPNBBKHEMHHCHLOBODLBGCPKHCADAKFBEACLBAGFPBNBJGIBPEPEFMOKMNKDJCEFACGCMOGIFOLNCC; HttpOnly; secure;

qsiapi.assistcard.com/js/jquery-3.1.1.min.js

200.61.211.109

87 kB

URL
qsiapi.assistcard.com/js/jquery-3.1.1.min.js
IP
200.61.211.109:0
ASN
#7303 Telecom Argentina S.A.

File type
ASCII text, with very long lines (32030), with CRLF line terminators
Size
87 kB (86713 bytes)
Hash
5b5a269bd363e0886c17d855c2aab241
042dd055cd289215835a58507c9531f808e1648a
1cf30e59d21d4ae560af7143f5913efcc8222bcaa4fcc7508eb802b5faa9e94e

HTTP Headers

GET /js/jquery-3.1.1.min.js HTTP/1.1
Host: qsiapi.assistcard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qsiapi.assistcard.com/landing/es/lp_es_v2.aspx?requestCode=89a510c9-92c8-4570-96fe-ffe4ef4d645d&nps=2&redirect=https://www.lsginconline.com/.well-known/acme-challenge/whoernetrrahhj/hilahnasarahlily/wpfile/97215/Eric%20Brettner/ZXJpYy5icmV0dG5lckBteW1hcmluaGVhbHRoLm9yZw==
Cookie: ASP.NET_SessionId=shmg0lnhy1owrrtajpe3k0yq
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript
Last-Modified: Tue, 12 Nov 2019 20:22:11 GMT
Accept-Ranges: bytes
ETag: "27cca1dd9699d51:0"
Date: Wed, 29 Nov 2023 15:37:32 GMT
Content-Length: 86713
Set-Cookie: f5avraaaaaaaaaaaaaaaa_session_=BIPNJNGLOIEMEJBNLDCPODBAJGJLOFMJHLNBFKGPFOIGLFOPHDBKNDCBKIFFCMJGLFCDLCMJAKBKNMLEALNAODOIHFCBDFHDCJDHEJGJIPPDEOAFEDPBHBDBKIGNFAIP; HttpOnly; secure;

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

16 kB

URL
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://qsiapi.assistcard.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 Nov 2023 04:53:27 GMT
expires: Fri, 22 Nov 2024 04:53:27 GMT
cache-control: public, max-age=31536000
age: 557045
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

16 kB

URL
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://qsiapi.assistcard.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 Nov 2023 04:57:34 GMT
expires: Fri, 22 Nov 2024 04:57:34 GMT
cache-control: public, max-age=31536000
age: 556798
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

qsiapi.assistcard.com/img/logo.png

200.61.211.109

4.4 kB

URL
qsiapi.assistcard.com/img/logo.png
IP
200.61.211.109:0
ASN
#7303 Telecom Argentina S.A.

File type
PNG image data, 270 x 22, 8-bit/color RGBA, non-interlaced\012- data
Size
4.4 kB (4407 bytes)
Hash
b47c51bb5ac86bd5d189efaffd422e31
d627f699618540c02e063c0f3db16eff0de85af7
10d20c2a6c60821ae723aa911d842356e65e02c0cc49fd5060ae8a448eb5d2ff

HTTP Headers

GET /img/logo.png HTTP/1.1
Host: qsiapi.assistcard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qsiapi.assistcard.com/landing/es/lp_es_v2.aspx?requestCode=89a510c9-92c8-4570-96fe-ffe4ef4d645d&nps=2&redirect=https://www.lsginconline.com/.well-known/acme-challenge/whoernetrrahhj/hilahnasarahlily/wpfile/97215/Eric%20Brettner/ZXJpYy5icmV0dG5lckBteW1hcmluaGVhbHRoLm9yZw==
Cookie: ASP.NET_SessionId=shmg0lnhy1owrrtajpe3k0yq
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Tue, 12 Nov 2019 20:22:11 GMT
Accept-Ranges: bytes
ETag: "b335a1dd9699d51:0"
Date: Wed, 29 Nov 2023 15:37:32 GMT
Content-Length: 4407
Set-Cookie: f5avraaaaaaaaaaaaaaaa_session_=JDHEHHKPGLBNCIHPAIBBCCHJLGCOOLOGLJMFKNEGCOPKALBDLLLLCCDDNABNHMCEEEMDABIGBKDKJAJJIHEAKALFHFCCHHNCFKBPHGGJEFDEAFAGOHAAKDEHEGFLDHKK; HttpOnly; secure;

qsiapi.assistcard.com/favicon.ico

200.61.211.109

1.2 kB

URL
qsiapi.assistcard.com/favicon.ico
IP
200.61.211.109:0
ASN
#7303 Telecom Argentina S.A.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
1.2 kB (1245 bytes)
Hash
5343c1a8b203c162a3bf3870d9f50fd4
04b5b886c20d88b57eea6d8ff882624a4ac1e51d
dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: qsiapi.assistcard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qsiapi.assistcard.com/landing/es/lp_es_v2.aspx?requestCode=89a510c9-92c8-4570-96fe-ffe4ef4d645d&nps=2&redirect=https://www.lsginconline.com/.well-known/acme-challenge/whoernetrrahhj/hilahnasarahlily/wpfile/97215/Eric%20Brettner/ZXJpYy5icmV0dG5lckBteW1hcmluaGVhbHRoLm9yZw==
Cookie: ASP.NET_SessionId=shmg0lnhy1owrrtajpe3k0yq
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Content-Type: text/html
Date: Wed, 29 Nov 2023 15:37:33 GMT
Content-Length: 1245
Set-Cookie: f5avraaaaaaaaaaaaaaaa_session_=BHKNEMOCPEBNCJNPNBEFFECFGNDGCIECGNCDNIGJJELGAMJKFLFAFKJCJDJHLKIFEKGDBFJABKKOMANPPIIANJCEHFMOAKNFIMNFFDOOIKFIGOGDLADBLNDEANMLIEMI; HttpOnly; secure;

qsiapi.assistcard.com/img/bg-login.jpg

200.61.211.109

721 kB

URL
qsiapi.assistcard.com/img/bg-login.jpg
IP
200.61.211.109:0
ASN
#7303 Telecom Argentina S.A.

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 1440x602, components 3\012- data
Size
721 kB (720855 bytes)
Hash
5a59dafe59a9cff34fc109f474d07df2
1f91cd6b353f30c2adb39a6bd36d2a7ec1a98c16
ff4c3563a4809222804fd314fd00c04358c50a3f84c39a7479166d19707a4a61

HTTP Headers

GET /img/bg-login.jpg HTTP/1.1
Host: qsiapi.assistcard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qsiapi.assistcard.com/landing/es/lp_es_v2.aspx?requestCode=89a510c9-92c8-4570-96fe-ffe4ef4d645d&nps=2&redirect=https://www.lsginconline.com/.well-known/acme-challenge/whoernetrrahhj/hilahnasarahlily/wpfile/97215/Eric%20Brettner/ZXJpYy5icmV0dG5lckBteW1hcmluaGVhbHRoLm9yZw==
Cookie: ASP.NET_SessionId=shmg0lnhy1owrrtajpe3k0yq
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Tue, 12 Nov 2019 20:22:11 GMT
Accept-Ranges: bytes
ETag: "95c69cdd9699d51:0"
Date: Wed, 29 Nov 2023 15:37:32 GMT
Content-Length: 720855
Set-Cookie: f5avraaaaaaaaaaaaaaaa_session_=MMFMHGPGNNJFIBBJLOOKMHMAIKFNJMNOLLGFFDJKNCKAKCNFHNFIFNPHOGPGPAFBBNKDLBGIBKJDIEIJCPKAHOKAHFLECPGFKFBPJLKGNEGHHDGLIGMNDLFCBFIBFODM; HttpOnly; secure;

www.lsginconline.com/.well-known/acme-challenge/whoernetrrahhj/hilahnasarahlily/wpfile/97215/Eric%20Brettner/ZXJpYy5icmV0dG5lckBteW1hcmluaGVhbHRoLm9yZw==

199.204.248.133

0 B

URL
www.lsginconline.com/.well-known/acme-challenge/whoernetrrahhj/hilahnasarahlily/wpfile/97215/Eric%20Brettner/ZXJpYy5icmV0dG5lckBteW1hcmluaGVhbHRoLm9yZw==
IP
199.204.248.133:0
ASN
#11989 WEBINT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /.well-known/acme-challenge/whoernetrrahhj/hilahnasarahlily/wpfile/97215/Eric%20Brettner/ZXJpYy5icmV0dG5lckBteW1hcmluaGVhbHRoLm9yZw== HTTP/1.1
Host: www.lsginconline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qsiapi.assistcard.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 29 Nov 2023 15:37:05 GMT
Server: Apache/2.4.51 (cPanel) OpenSSL/1.1.1l mod_bwlimited/1.4
X-Powered-By: PHP/5.5.38
refresh: 0;url=https://flu67r7.rdaj8.ru/EUWst83#eric.brettner@mymarinhealth.org
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html

flu67r7.rdaj8.ru/EUWst83

0.0.0.0

0 B

URL User Request GET
flu67r7.rdaj8.ru/EUWst83
IP
0.0.0.0:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /EUWst83 HTTP/1.1
Host: flu67r7.rdaj8.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (12)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN