Report - ae4.usdollarz.sa.com/ardaghgroup.com/bWljaGFlbC5zd2luZGVsbEBhcmRhZ2hncm91cC5jb20=

Report Overview

URL

ae4.usdollarz.sa.com/ardaghgroup.com/bWljaGFlbC5zd2luZGVsbEBhcmRhZ2hncm91cC5jb20=
IP

172.111.230.78

ASN

#9009 M247 Ltd
Submitted

2023-05-29T09:50:55Z

Access

public
Tags

phishing microsoft outlook
urlquery detections

Phishing - Microsoft Outlook

Detections

urlquery

4
Network Intrusion Detection

0
Threat Detection Systems

7

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
unpkg.com (2)	11693	2016-01-08 00:26:01	2023-05-28 05:11:47	830	64801	104.16.125.175
ae4.usdollarz.sa.com (1)	unknown	2023-05-29 11:32:45	2023-05-29 11:32:45	537	269	172.111.230.78
umitw.fobidaa.ru (7)	unknown	2023-05-15 02:02:53	2023-05-28 09:50:59	4647	171832	104.21.37.66

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator
2023-05-29	medium	umitw.fobidaa.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7cedd592fe68b512
2023-05-29	medium	umitw.fobidaa.ru/Mmichael.swindell@ardaghgroup.com
2023-05-29	medium	umitw.fobidaa.ru/beebb091955c06fa68b3eb8afc0bae5164747571700ccPASbeebb091955c06fa68b3eb8afc0bae5164747571700ce
2023-05-29	medium	umitw.fobidaa.ru/boot/5f66ba46fa7afb6f39206cd31cf362e1647475717cab8
2023-05-29	medium	umitw.fobidaa.ru/Mmichael.swindell@ardaghgroup.com
2023-05-29	medium	umitw.fobidaa.ru/jm/5f66ba46fa7afb6f39206cd31cf362e1647475717cab9
2023-05-29	medium	umitw.fobidaa.ru/jq/5f66ba46fa7afb6f39206cd31cf362e1647475717cab5

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (8)

HTTP Transactions (10)

URL IP Response Size

ae4.usdollarz.sa.com/ardaghgroup.com/bWljaGFlbC5zd2luZGVsbEBhcmRhZ2hncm91cC5jb20=

172.111.230.78

200 OK

URL User Request GET HTTP/1.1

ae4.usdollarz.sa.com/ardaghgroup.com/bWljaGFlbC5zd2luZGVsbEBhcmRhZ2hncm91cC5jb20=
IP

172.111.230.78:443
ASN

#9009 M247 Ltd

Certificate

IssuerLet's Encrypt

Subjectusdollarz.sa.com

FingerprintFD:6B:EC:3E:4E:FC:BA:93:17:2E:2B:BF:86:9D:71:A7:F0:AD:F9:25

ValidityTue, 23 May 2023 07:12:34 GMT - Mon, 21 Aug 2023 07:12:33 GMT

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

                                        GET /ardaghgroup.com/bWljaGFlbC5zd2luZGVsbEBhcmRhZ2hncm91cC5jb20= HTTP/1.1
Host: ae4.usdollarz.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Mon, 29 May 2023 09:50:38 GMT
Server: Apache
refresh: 0;url=https://umitw.fobidaa.ru/Mmichael.swindell@ardaghgroup.com
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

umitw.fobidaa.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7cedd592fe68b512

104.21.37.66

URL

umitw.fobidaa.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7cedd592fe68b512
IP

104.21.37.66:0
ASN

#13335 CLOUDFLARENET

Magic

GIF image data, version 89a, 1 x 1\012- data

Size

42
Hash

d89746888da2d9510b64a9f031eaecd5

d5fceb6532643d0d84ffe09c40c481ecdf59e15a

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /cdn-cgi/images/trace/managed/js/transparent.gif?ray=7cedd592fe68b512 HTTP/1.1
Host: umitw.fobidaa.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://umitw.fobidaa.ru/Mmichael.swindell@ardaghgroup.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 09:50:38 GMT
content-type: image/gif
content-length: 42
last-modified: Thu, 25 May 2023 08:39:03 GMT
etag: "646f1ea7-2a"
server: cloudflare
cf-ray: 7cedd593c829b50f-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Mon, 29 May 2023 11:50:38 GMT
cache-control: max-age=7200, public
accept-ranges: bytes

umitw.fobidaa.ru/Mmichael.swindell@ardaghgroup.com

104.21.37.66

302 Found

7351

URL User Request POST HTTP/3

umitw.fobidaa.ru/Mmichael.swindell@ardaghgroup.com
IP

104.21.37.66:443
ASN

#13335 CLOUDFLARENET

Certificate

IssuerGoogle Trust Services LLC

Subjectfobidaa.ru

FingerprintC2:53:23:06:36:8E:B0:58:3A:5F:EE:09:24:43:38:AA:ED:E9:F6:D2

ValiditySun, 14 May 2023 10:27:52 GMT - Sat, 12 Aug 2023 10:27:51 GMT

Magic

Size

7351
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook
fortinet	Phishing

HTTP Headers

                                        POST /Mmichael.swindell@ardaghgroup.com HTTP/1.1
Host: umitw.fobidaa.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://umitw.fobidaa.ru/Mmichael.swindell@ardaghgroup.com?__cf_chl_tk=a_41bqooTrKRCfZ9xbiFbILfTMK76Y8aImXLBt1jydg-1685353838-0-gaNycGzNDXs
Content-Type: application/x-www-form-urlencoded
Content-Length: 3617
Origin: https://umitw.fobidaa.ru
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 302 Found
date: Mon, 29 May 2023 09:50:41 GMT
content-type: text/html; charset=UTF-8
location: ./beebb091955c06fa68b3eb8afc0bae5164747571700ccPASbeebb091955c06fa68b3eb8afc0bae5164747571700ce
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: cf_clearance=lKsumAgCjw8eotonYWO7CckdMZBpY_1N99Zh0wS_Dls-1685353838-0-160; path=/; expires=Tue, 28-May-24 09:50:41 GMT; domain=.fobidaa.ru; HttpOnly; Secure; SameSite=None
PHPSESSID=63826e006e0c60ab823f6760d12ba607; path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gniwQtnFT%2B8QEfV0PiF4Qw9DeiUzLmGe11teB7kXwJX5rBs%2B41%2BXwhRis%2BFCC6fcqXp%2BxtjjXjrYPuqrdYfym84XaW5%2FUgd3NWgKOdleOHbUewggu0w5OGMwEvD5IkNyGy%2Bq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cedd5a30df7b50f-OSL
alt-svc: h3=":443"; ma=86400

umitw.fobidaa.ru/beebb091955c06fa68b3eb8afc0bae5164747571700ccPASbeebb091955c06fa68b3eb8afc0bae5164747571700ce

104.21.37.66

200 OK

7351

URL User Request GET HTTP/3

umitw.fobidaa.ru/beebb091955c06fa68b3eb8afc0bae5164747571700ccPASbeebb091955c06fa68b3eb8afc0bae5164747571700ce
IP

104.21.37.66:443
ASN

#13335 CLOUDFLARENET

Certificate

IssuerGoogle Trust Services LLC

Subjectfobidaa.ru

FingerprintC2:53:23:06:36:8E:B0:58:3A:5F:EE:09:24:43:38:AA:ED:E9:F6:D2

ValiditySun, 14 May 2023 10:27:52 GMT - Sat, 12 Aug 2023 10:27:51 GMT

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7407), with no line terminators

Size

7351
Hash

b5e78bdff4983f69d09fc4a92842cc09

c63e8ee308dcc8366c7d43a34ec00919a2fb4bdf

95510a1f80d7c5d3ea014c2889df430c4e6b85fea54a29c33c35911f8740284c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /beebb091955c06fa68b3eb8afc0bae5164747571700ccPASbeebb091955c06fa68b3eb8afc0bae5164747571700ce HTTP/1.1
Host: umitw.fobidaa.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://umitw.fobidaa.ru/Mmichael.swindell@ardaghgroup.com?__cf_chl_tk=a_41bqooTrKRCfZ9xbiFbILfTMK76Y8aImXLBt1jydg-1685353838-0-gaNycGzNDXs
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=lKsumAgCjw8eotonYWO7CckdMZBpY_1N99Zh0wS_Dls-1685353838-0-160; PHPSESSID=63826e006e0c60ab823f6760d12ba607
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 09:50:41 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FgMvQEMmAwsS7WQGoL91U38VjuF32xBRP%2BNjyvrcsQATCoptm9B55b6mHb4uHurwc%2F%2FymCkJUokWXdkx1iaaiv%2FZMj9m14TcJEdqnAxgPs9jE6OOxslPM2xVKIdtiW4bTku6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cedd5a54941b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

umitw.fobidaa.ru/boot/5f66ba46fa7afb6f39206cd31cf362e1647475717cab8

104.21.37.66

200 OK

51039

URL GET HTTP/3

umitw.fobidaa.ru/boot/5f66ba46fa7afb6f39206cd31cf362e1647475717cab8
IP

104.21.37.66:443
ASN

#13335 CLOUDFLARENET

Requested by

https://umitw.fobidaa.ru/beebb091955c06fa68b3eb8afc0bae5164747571700ccPASbeebb091955c06fa68b3eb8afc0bae5164747571700ce
Certificate

IssuerGoogle Trust Services LLC

Subjectfobidaa.ru

FingerprintC2:53:23:06:36:8E:B0:58:3A:5F:EE:09:24:43:38:AA:ED:E9:F6:D2

ValiditySun, 14 May 2023 10:27:52 GMT - Sat, 12 Aug 2023 10:27:51 GMT

Magic

ASCII text, with very long lines (50758)

Size

51039
Hash

67176c242e1bdc20603c878dee836df3

27a71b00383d61ef3c489326b3564d698fc1227c

56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /boot/5f66ba46fa7afb6f39206cd31cf362e1647475717cab8 HTTP/1.1
Host: umitw.fobidaa.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://umitw.fobidaa.ru/beebb091955c06fa68b3eb8afc0bae5164747571700ccPASbeebb091955c06fa68b3eb8afc0bae5164747571700ce
Cookie: cf_clearance=lKsumAgCjw8eotonYWO7CckdMZBpY_1N99Zh0wS_Dls-1685353838-0-160; PHPSESSID=63826e006e0c60ab823f6760d12ba607
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 09:50:42 GMT
content-type: application/javascript
last-modified: Mon, 22 May 2023 04:42:06 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ELRhyJNBMLYUSymtBb4e92DmPMr6kcJ%2B%2BKw5aVCpI3IYy1rMgSq7wwUTTPQy5Ju%2BjJ%2FDCXVwSxo8MugM50Vb1kHKVf2NsjsGwvfH7hv1WygkxOxqSt3gFvoaXQrjQ%2FcaT8vQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cedd5a60a63b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

umitw.fobidaa.ru/Mmichael.swindell@ardaghgroup.com

104.21.37.66

403 Forbidden

8137

URL User Request GET HTTP/2

umitw.fobidaa.ru/Mmichael.swindell@ardaghgroup.com
IP

104.21.37.66:443
ASN

#13335 CLOUDFLARENET

Certificate

IssuerGoogle Trust Services LLC

Subjectfobidaa.ru

FingerprintC2:53:23:06:36:8E:B0:58:3A:5F:EE:09:24:43:38:AA:ED:E9:F6:D2

ValiditySun, 14 May 2023 10:27:52 GMT - Sat, 12 Aug 2023 10:27:51 GMT

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (8305), with no line terminators

Size

8137
Hash

dec9bae3e160ae68736ebf323b51cb84

1b497f0031f79b35bdbe06a4e5d2d39239badb7d

fddaed159c03abad900b8134c0d44abb051d372b95d8bb5438d24a1ca8b5f9fe

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook
fortinet	Phishing

HTTP Headers

                                        GET /Mmichael.swindell@ardaghgroup.com HTTP/1.1
Host: umitw.fobidaa.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 403 Forbidden
date: Mon, 29 May 2023 09:50:38 GMT
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oTeCHEtPfguVwAIoA%2Fd6D87uQyvjCYwJpDzcvGUKrp6JwzfC5kvot1Lbvxt6E%2Fhf6btO4DE0nSO9Y4obKAilsZjYRLGDF6%2BVixCpoBUBBKtK0PzN1OZjVtzonxO3IeAPhbni"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cedd592fe68b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

umitw.fobidaa.ru/jm/5f66ba46fa7afb6f39206cd31cf362e1647475717cab9

104.21.37.66

200 OK

7309

URL GET HTTP/3

umitw.fobidaa.ru/jm/5f66ba46fa7afb6f39206cd31cf362e1647475717cab9
IP

104.21.37.66:443
ASN

#13335 CLOUDFLARENET

Requested by

https://umitw.fobidaa.ru/beebb091955c06fa68b3eb8afc0bae5164747571700ccPASbeebb091955c06fa68b3eb8afc0bae5164747571700ce
Certificate

IssuerGoogle Trust Services LLC

Subjectfobidaa.ru

FingerprintC2:53:23:06:36:8E:B0:58:3A:5F:EE:09:24:43:38:AA:ED:E9:F6:D2

ValiditySun, 14 May 2023 10:27:52 GMT - Sat, 12 Aug 2023 10:27:51 GMT

Magic

ASCII text, with very long lines (7344), with no line terminators

Size

7309
Hash

f335e180c66cfa35ea3152a33884ec67

0b99d4d6d595e23b8c864f9c39d16813f886e850

7e317dfd820ab1a6759f565d267e82ecb5bd797b6fe89be4858f0174b709c324

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /jm/5f66ba46fa7afb6f39206cd31cf362e1647475717cab9 HTTP/1.1
Host: umitw.fobidaa.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://umitw.fobidaa.ru/beebb091955c06fa68b3eb8afc0bae5164747571700ccPASbeebb091955c06fa68b3eb8afc0bae5164747571700ce
Cookie: cf_clearance=lKsumAgCjw8eotonYWO7CckdMZBpY_1N99Zh0wS_Dls-1685353838-0-160; PHPSESSID=63826e006e0c60ab823f6760d12ba607
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 09:50:41 GMT
content-type: application/javascript
last-modified: Mon, 22 May 2023 04:42:06 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=no7dNNyYmioW1BEk2p7euslspyhxsym6TWzOxN1Bl5KRIyhWoduSiyLQzpL%2FZol%2Bjgam0ViCVQHzagvXQ%2Fd%2FUu4tsM8hZEWy8Znv9ZIqMAAacePZ2dQW4uL3XxHecPOziQ%2FL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cedd5a60a66b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

umitw.fobidaa.ru/jq/5f66ba46fa7afb6f39206cd31cf362e1647475717cab5

104.21.37.66

200 OK

85578

URL GET HTTP/3

umitw.fobidaa.ru/jq/5f66ba46fa7afb6f39206cd31cf362e1647475717cab5
IP

104.21.37.66:443
ASN

#13335 CLOUDFLARENET

Requested by

https://umitw.fobidaa.ru/beebb091955c06fa68b3eb8afc0bae5164747571700ccPASbeebb091955c06fa68b3eb8afc0bae5164747571700ce
Certificate

IssuerGoogle Trust Services LLC

Subjectfobidaa.ru

FingerprintC2:53:23:06:36:8E:B0:58:3A:5F:EE:09:24:43:38:AA:ED:E9:F6:D2

ValiditySun, 14 May 2023 10:27:52 GMT - Sat, 12 Aug 2023 10:27:51 GMT

Magic

ASCII text, with very long lines (32065)

Size

85578
Hash

2f6b11a7e914718e0290410e85366fe9

69bb69e25ca7d5ef0935317584e6153f3fd9a88c

05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /jq/5f66ba46fa7afb6f39206cd31cf362e1647475717cab5 HTTP/1.1
Host: umitw.fobidaa.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://umitw.fobidaa.ru/beebb091955c06fa68b3eb8afc0bae5164747571700ccPASbeebb091955c06fa68b3eb8afc0bae5164747571700ce
Cookie: cf_clearance=lKsumAgCjw8eotonYWO7CckdMZBpY_1N99Zh0wS_Dls-1685353838-0-160; PHPSESSID=63826e006e0c60ab823f6760d12ba607
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 09:50:41 GMT
content-type: application/javascript
last-modified: Mon, 22 May 2023 04:42:06 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ehIyvhO6%2BrTUCmv7ES6%2FZDPRz0A6o4tS%2FdIzi7yssbzTnme%2FRhPyaOEvDKlFKTp4iXuu94xBBnvYNCl4g0%2BCSg0uBFFlHGjdWbxobfzDsUDQOU0i%2Fq5RCrt%2Be5YNkC0saKbO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cedd5a5fa4cb50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

unpkg.com/axios/dist/axios.min.js

104.16.125.175

302 Found

31842

URL GET HTTP/2

unpkg.com/axios/dist/axios.min.js
IP

104.16.125.175:443
ASN

#13335 CLOUDFLARENET

Requested by

https://umitw.fobidaa.ru/beebb091955c06fa68b3eb8afc0bae5164747571700ccPASbeebb091955c06fa68b3eb8afc0bae5164747571700ce
Certificate

IssuerCloudflare, Inc.

Subjectsni.cloudflaressl.com

FingerprintF7:B6:41:CA:15:FD:D1:0C:27:39:55:5D:C5:CE:3F:1C:A6:BB:9D:6F

ValidityTue, 02 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT

Magic

Size

31842
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /axios/dist/axios.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://umitw.fobidaa.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 302 Found
date: Mon, 29 May 2023 09:50:41 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /axios@1.4.0/dist/axios.min.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01H1KEHKGFR0DFV9G56AT8PTY6-arn
cf-cache-status: HIT
age: 128
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7cedd5a62dceb4ee-OSL
X-Firefox-Spdy: h2

unpkg.com/axios@1.4.0/dist/axios.min.js

104.16.125.175

200 OK

31842

URL GET HTTP/2

unpkg.com/axios@1.4.0/dist/axios.min.js
IP

104.16.125.175:443
ASN

#13335 CLOUDFLARENET

Requested by

https://umitw.fobidaa.ru/beebb091955c06fa68b3eb8afc0bae5164747571700ccPASbeebb091955c06fa68b3eb8afc0bae5164747571700ce
Certificate

IssuerCloudflare, Inc.

Subjectsni.cloudflaressl.com

FingerprintF7:B6:41:CA:15:FD:D1:0C:27:39:55:5D:C5:CE:3F:1C:A6:BB:9D:6F

ValidityTue, 02 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT

Magic

ASCII text, with very long lines (31803)

Size

31842
Hash

6470a918ba1fd4b8d0882df0269ddb82

97814fdab64aa7d1b30f082f9eb272d4b1ce18a2

fd4ce12a87594281afcee9c73a40fe7acc282bcc9e764fbb3afa1481a96a091e

HTTP Headers

                                        GET /axios@1.4.0/dist/axios.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://umitw.fobidaa.ru/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
date: Mon, 29 May 2023 09:50:41 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"7c62-l4FP2rZKp9GzDwgvnrJy1LHOGKI"
via: 1.1 fly.io
fly-request-id: 01GZP8TZEXW4PFCT61FHX2WRTS-fra
cf-cache-status: HIT
age: 2052933
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7cedd5a64deeb4ee-OSL
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

#1 JS:Script (size: 79)

#2 JS:Script (size: 34)

#3 JS:Script (size: 7309)

#4 JS:Script (size: 37)

#5 JS:Script (size: 85578)

#6 JS:Script (size: 51039)

#1 JS:Eval (size: 4)

#2 JS:Eval (size: 1012)

HTTP Transactions (10)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

Magic

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

Magic

Size

Hash

Detections

HTTP Headers

URL User Request POST HTTP/3

IP

ASN

Certificate

Magic

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/3

IP

ASN

Certificate

Magic

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

Magic

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP