IP185.204.0.195:0 ASN#204997 First Server Limited
File typeHTML document, Unicode text, UTF-8 text, with CRLF line terminators Hash2408a8aee7e307efa371dcf66bcaed56 f0631199736b8767b71bb26b4f3e62fbbeb37b0c ed39688e221c8072c92125c4f4d53e57a0087001c7267b4ac54cd80042765bba
Analyzer | Verdict | Alert | OpenPhish | phishing | Facebook, Inc. | Quad9 DNS | malicious | Sinkholed |
GET /jung HTTP/1.1
Host: waurl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 17:04:25 GMT
content-type: text/html; charset=UTF-8
content-length: 758
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6InRVdVpwK2ZvQmRCd3hRZFpYdlwvM0V3PT0iLCJ2YWx1ZSI6Iit4S3NFMkhLZ0dPWEQ0QzhSMnRIdjdVUStlYlJnVGZuV0s2RUQ2NTE4cXVRWmtrazgxS2J0dVIyRmRNd0Q3M3ciLCJtYWMiOiJmYzYxMmM0NTZhMThmMzQ5MDgxN2EwZmNkNjg5YWI2ZGY2NDAxNmE5NzM5MjgzMDMxMjgxOTQ1ZGY4ZDc4ZTc3In0%3D; expires=Thu, 25-Apr-2024 19:04:25 GMT; Max-Age=7200; path=/
waurlru_session=eyJpdiI6Im1BaFg1Yzh0WFJ6dVVIXC84bFl5dlZBPT0iLCJ2YWx1ZSI6InJ0OEVBUFh0Z0FzSnVXXC9cL1NPODhZRUFFcTR6d1d2aUlkODRSZll4MXBFbmd3NFwvTFR0YzJ2SzV4M01IN3hvYm8iLCJtYWMiOiI4MDE2Y2U3MTBlNTExMDQ1YmE1OTMwNzMwMDQ5M2VjMmQ2YzM4MWY2N2E5OGRiZjZkMGExNTZlZjI5ZGM5NWViIn0%3D; expires=Thu, 25-Apr-2024 19:04:25 GMT; Max-Age=7200; path=/; httponly
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
|
| www.googletagmanager.com/gtag/js?id=G-57T48FZGTZ | 142.250.74.72 | | 93 kB |
URL www.googletagmanager.com/gtag/js?id=G-57T48FZGTZ IP142.250.74.72:0
File typeJavaScript source, ASCII text, with very long lines (3034) Hashef64f25917cd73b414ab94e7b57b2580 f41f0d996f078106a59fa704b9ab6379f69261c0 e8cf4821a8e2e7378b427d6b990dc47b34a43a75aa083081deb70866bbbf1670
GET /gtag/js?id=G-57T48FZGTZ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://waurl.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 25 Apr 2024 17:04:25 GMT
expires: Thu, 25 Apr 2024 17:04:25 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 92853
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
IP185.204.0.195:0 ASN#204997 First Server Limited
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: waurl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://waurl.ru/jung
Cookie: XSRF-TOKEN=eyJpdiI6InRVdVpwK2ZvQmRCd3hRZFpYdlwvM0V3PT0iLCJ2YWx1ZSI6Iit4S3NFMkhLZ0dPWEQ0QzhSMnRIdjdVUStlYlJnVGZuV0s2RUQ2NTE4cXVRWmtrazgxS2J0dVIyRmRNd0Q3M3ciLCJtYWMiOiJmYzYxMmM0NTZhMThmMzQ5MDgxN2EwZmNkNjg5YWI2ZGY2NDAxNmE5NzM5MjgzMDMxMjgxOTQ1ZGY4ZDc4ZTc3In0%3D; waurlru_session=eyJpdiI6Im1BaFg1Yzh0WFJ6dVVIXC84bFl5dlZBPT0iLCJ2YWx1ZSI6InJ0OEVBUFh0Z0FzSnVXXC9cL1NPODhZRUFFcTR6d1d2aUlkODRSZll4MXBFbmd3NFwvTFR0YzJ2SzV4M01IN3hvYm8iLCJtYWMiOiI4MDE2Y2U3MTBlNTExMDQ1YmE1OTMwNzMwMDQ5M2VjMmQ2YzM4MWY2N2E5OGRiZjZkMGExNTZlZjI5ZGM5NWViIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 17:04:25 GMT
content-type: image/x-icon
content-length: 0
last-modified: Wed, 06 Feb 2019 17:54:35 GMT
etag: "5c5b1f5b-0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
| unbouncepages.com/543645645yhuuhuh/ | 104.18.34.21 | | 47 B |
URL User Request GET unbouncepages.com/543645645yhuuhuh/ IP104.18.34.21:0
File typeASCII text, with no line terminators Hashf9ae9006943e3a67b95ca4c6c733b6d4 9f9e7a7e2602d29e4df8c38df6277ab37fb1b079 cd8b79123a843eee64985a23257e2fab80ef2c4c08427b688ea979671fc1c457
Analyzer | Verdict | Alert | OpenPhish | phishing | Facebook, Inc. |
GET /543645645yhuuhuh/ HTTP/1.1
Host: unbouncepages.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Thu, 25 Apr 2024 17:04:28 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 47
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Set-Cookie: __cf_bm=RXS4CNc63oyV.BpFwA2SjZQ7YkTEnxfEss5kB5zOCH8-1714064668-1.0.1.1-r.A5HrkiPTn8K4ULpKC1gqjUAsn5grgnFEuUofIUyqWyM.uivV2cPhzvBhaGfKSFjD.vAFePDFv2AgtavSreYg; path=/; expires=Thu, 25-Apr-24 17:34:28 GMT; domain=.unbouncepages.com; HttpOnly; SameSite=None
Server: cloudflare
CF-RAY: 879fe9944abfb512-OSL
|
| unbouncepages.com/favicon.ico | 104.18.34.21 | 404 Not Found | 47 B |
URL GET HTTP/1.1unbouncepages.com/favicon.ico IP104.18.34.21:80
Requested byhttp://unbouncepages.com/543645645yhuuhuh/
File typeASCII text, with no line terminators Hashf9ae9006943e3a67b95ca4c6c733b6d4 9f9e7a7e2602d29e4df8c38df6277ab37fb1b079 cd8b79123a843eee64985a23257e2fab80ef2c4c08427b688ea979671fc1c457
GET /favicon.ico HTTP/1.1
Host: unbouncepages.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://unbouncepages.com/543645645yhuuhuh/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Thu, 25 Apr 2024 17:04:29 GMT
Content-Type: text/html
Content-Length: 47
Connection: keep-alive
Set-Cookie: __cf_bm=4UKAyIjmQmaJL6KoG2RbtU.drAj8qJ5WcAbwhwHAesE-1714064669-1.0.1.1-2717AEc0ORO.g4IQ3bSafeSBIVuMOG5KWfSutTUXBnCz5NW7G8k4eVYTOuAYnvvarGuGoehL4HGE_BUwd.wxLw; path=/; expires=Thu, 25-Apr-24 17:34:29 GMT; domain=.unbouncepages.com; HttpOnly; SameSite=None
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 879fe9959be0b512-OSL
|