| challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback |  104.18.94.41 | 302 Found | 0 B |
URL challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback IP104.18.94.41:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://x0ru.saunceptilt.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Sat, 01 Feb 2025 01:47:05 GMT
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public
cross-origin-resource-policy: cross-origin
location: /turnstile/v0/b/6682e961b853/api.js
vary: Accept-Encoding
server: cloudflare
cf-ray: 90ae45824f3456c4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js | 104.17.24.14 | 200 OK | 14 kB |
URL GET HTTP/3cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js IP104.17.24.14:443
Requested byhttps://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG CertificateIssuerGoogle Trust Services Subjectcdnjs.cloudflare.com Fingerprint00:0E:39:59:53:CF:68:07:90:75:EB:68:26:B9:04:22:44:7D:9A:32 ValidityFri, 24 Jan 2025 09:16:22 GMT - Thu, 24 Apr 2025 10:16:21 GMT
File typeJavaScript source, ASCII text, with very long lines (48316), with no line terminators Hash2ca03ad87885ab983541092b87adb299 1a17f60bf776a8c468a185c1e8e985c41a50dc27 8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://x0ru.saunceptilt.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 01 Feb 2025 01:47:05 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
cf-ray: 90ae45825dfeb517-OSL
server: cloudflare
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 807327
expires: Thu, 22 Jan 2026 01:47:05 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1CuBTIJ1xrF%2FuZtqQXlFfhBH7dcIZC2uwXVx3KVKpeKkfD6eDosLCR5%2Fz%2FoMUBwea1KXpA1jdsZbThUR4bIBVqjti38%2FOKt5jalM1OOPPZqoZ%2B0zjGd2gzZ7Ep%2FdF7Kt3RY3q0JX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| code.jquery.com/jquery-3.6.0.min.js |  151.101.2.137 | 200 OK | 31 kB |
URL GET HTTP/2code.jquery.com/jquery-3.6.0.min.js IP151.101.2.137:443
Requested byhttps://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG CertificateIssuerSectigo Limited Subject*.jquery.com FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5 ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65447) Hash8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://x0ru.saunceptilt.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sat, 01 Feb 2025 01:47:05 GMT
age: 3859764
x-served-by: cache-lga21931-LGA, cache-hel1410027-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 1270233
x-timer: S1738374426.994274,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2
|
|
| developers.cloudflare.com/favicon.png | 104.16.4.189 | 200 OK | 937 B |
URL developers.cloudflare.com/favicon.png IP104.16.4.189:0
File typePNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced Hashfc3b7bbe7970f47579127561139060e2 3f7c5783fe1f4404cb16304a5a274778ea3abd25 85e6223afdbd5badf2c79bcfbaa6fe686acaa781eca52c196647ffabb3be2ffe
GET /favicon.png HTTP/1.1
Host: developers.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://x0ru.saunceptilt.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 01 Feb 2025 01:47:06 GMT
content-type: image/png
content-length: 937
cache-control: public, max-age=0, must-revalidate
etag: "6be7ff94b6151f8cfbf08b53a17e2ac1"
set-cookie: __cf_bm=JuGAgCE9X2QNJmKiNdtLSBKJFTGFYssW0A8P30.hFes-1738374426-1.0.1.1-31qCAri5LrrmCkp21qdV56V2mNNwVfxrtQGI_t6Zd9Q5y3zMaemm0La1a3sZ8n0uPd1MWTsjAGkOLAMmtffkyg; path=/; expires=Sat, 01-Feb-25 02:17:06 GMT; domain=.developers.cloudflare.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
access-control-allow-origin: *
server: cloudflare
cf-ray: 90ae45841c58568d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| x0ru.saunceptilt.ru/oPWxJk/ | 172.67.163.225 | 200 OK | 23 kB |
URL x0ru.saunceptilt.ru/oPWxJk/ IP172.67.163.225:0
File typeHTML document, ASCII text, with very long lines (11593), with CRLF line terminators Hash80400901382826bec090333e7266e9f8 5293f6f7f4c1a388a5b30bf7a019ca8f353a1168 1f539178ffdc17020e26e4463b4f2041bee3bffa39796a7b3a333e1172b2d83b
GET /oPWxJk/ HTTP/1.1
Host: x0ru.saunceptilt.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImNaR0tkbkRmeWxMTWtxejNXWmI1TXc9PSIsInZhbHVlIjoiYjFyaUMxYW83MGl6dStnNERIS1FPNFZnTzZ1bHBSZDZPaGNCV2NjLzlIdFRHY1VwNmRKN3Q5dEdXbFVydGFYY1JQUHpGZ09STFgrWXR0ZHdHQW9KbXFabnVIQ0pEYnZvZXVIU0ZTNmp2WVh2S1ladkg4dWxOazl5NXhmbFQydWwiLCJtYWMiOiJiMjYxNTk0NzQyZWU4NTZiYWVlMzI5Mjg2YWYwODJhNjcxYTQ0ODllZWU3MjM0ZGFjZjk4NjcyNjA5ZDUxZjY5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFzOFVVbHdtaGdiMjZDaUxBdW5qSmc9PSIsInZhbHVlIjoiU2xlRHdpUXVPVUxaeWdTNmYzQ0hIaTA1SXRscXJhS2MzYm56dXlaZDB6cmVER2kzYmJBMnhkMFdmcDdBWGZzSDFNcGs0cnpSVGtnZTdSYzFRMmpPSzBBSVpGUm9SU285bGJzK2p1NExwQ2JBMkVrZEhObmJ0Q3JVN1NJZ2t5U3oiLCJtYWMiOiIxZDFjZTViZjU2Y2RlMzM4ZTcxYzZmMjZkOWI1MjdmYTg2MDBlN2UyMmRjY2FhMjNkZWQ4NGE5ODFlNGZmMzY5IiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 01 Feb 2025 01:47:12 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VMH5WlgI3IL6%2FL4aQZKWv717z8fgyVQHDNlQGqnNeVnSlvtrI6vkqBQd3Q0fhM2jxY4cGou2J51%2BrWnzgeopZ61lLzzwLUuO%2B8eltYgPeW5YdfSn6y6ojW3JHMDbGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6IkljWmY2TzgxQmEwTmxrUnU3cVBjZmc9PSIsInZhbHVlIjoiRzYvUElyNTlYajVXSG1NVEMrK1EwbHo2VmdIdm1sdCtBZ1liN1R1OGlmbE1kd1NkaFBSUmhsOWtIOEFCOUxwdjB1a1JpS0RnaFpXSDNQdVVQZ2hvc3JUOVU4ajVqSjNlWW81YmRxY1ozMi9hMndXYWNzMFl1SWE0K0QyQThrOG4iLCJtYWMiOiIwMGYzYjVkZDNlNzI4NjgyZTA0MGU3NWJjZTZjYTk3NTBiNzM1YzFjODNiMzI3MmU1M2E3YjEzMjM4YjM5NThjIiwidGFnIjoiIn0%3D; expires=Sat, 01-Feb-2025 03:47:12 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6InZCbDA2NHBOc0RKYWVmemZGSUhUYVE9PSIsInZhbHVlIjoiampRRkhwVlhhR3ZmSlJ0MEs4ODR4M1ozdENDZEJTd2NDWWVZaUpiNXUvb082N3ZGWTZub2JWOHFLbTVGakhYTUdnT1NwK05VbXpuS3k3ajQ0UHNOTmhjbEJwZTFvUkJZcGZWa1BJMUIyWkxvSDNoL3BwVDF0c2FBL2htb3U1K0MiLCJtYWMiOiI3ZTQ2NGRkZTU1YjJjZjFiOTU0MzFkYWEyM2I1NjExYTgyNjIwYjFiN2YwMDc5OWMzOWExODY0ZmY1YzhkZDM2IiwidGFnIjoiIn0%3D; expires=Sat, 01-Feb-2025 03:47:12 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
priority: u=1,i=?0
server: cloudflare
cf-ray: 90ae45aa68ad5693-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=5088&min_rtt=4768&rtt_var=1900&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2152&delivery_rate=460320&cwnd=251&unsent_bytes=0&cid=6e23d21045cda9f2&ts=111&x=0", cfL4;desc="?proto=QUIC&rtt=6150&min_rtt=1699&rtt_var=5691&sent=18&recv=11&lost=0&retrans=0&sent_bytes=5851&recv_bytes=3795&delivery_rate=237&cwnd=12000&unsent_bytes=0&cid=f7752c96d938e888&ts=7104&x=1", cfExtPri, cfHdrFlush;dur=0
|
|
| code.jquery.com/jquery-3.6.0.min.js | 151.101.2.137 | 200 OK | 31 kB |
URL GET HTTP/2code.jquery.com/jquery-3.6.0.min.js IP151.101.2.137:443
Requested byhttps://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG CertificateIssuerSectigo Limited Subject*.jquery.com FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5 ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65447) Hash8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://x0ru.saunceptilt.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sat, 01 Feb 2025 01:47:12 GMT
age: 3859771
x-served-by: cache-lga21931-LGA, cache-hel1410027-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 1270234
x-timer: S1738374433.604125,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2
|
|
| x0ru.saunceptilt.ru/zc7gYKKoiv52MNEM0qYuh5VM25tkr04w8dHaFLtg1xzfgew | 172.67.163.225 | 200 OK | 92 kB |
URL x0ru.saunceptilt.ru/zc7gYKKoiv52MNEM0qYuh5VM25tkr04w8dHaFLtg1xzfgew IP172.67.163.225:0
Hash68a9bc048c792f1e35019853a5910739 2d60cbd6d537f698486537ac321279f04b855ab0 0f8055386706b3c59dfbf495526e60d751f06bdc13b305d6dfce341e006d0b6e
POST /zc7gYKKoiv52MNEM0qYuh5VM25tkr04w8dHaFLtg1xzfgew HTTP/1.1
Host: x0ru.saunceptilt.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 6
Origin: https://x0ru.saunceptilt.ru
DNT: 1
Connection: keep-alive
Referer: https://x0ru.saunceptilt.ru/oPWxJk/
Cookie: XSRF-TOKEN=eyJpdiI6IkljWmY2TzgxQmEwTmxrUnU3cVBjZmc9PSIsInZhbHVlIjoiRzYvUElyNTlYajVXSG1NVEMrK1EwbHo2VmdIdm1sdCtBZ1liN1R1OGlmbE1kd1NkaFBSUmhsOWtIOEFCOUxwdjB1a1JpS0RnaFpXSDNQdVVQZ2hvc3JUOVU4ajVqSjNlWW81YmRxY1ozMi9hMndXYWNzMFl1SWE0K0QyQThrOG4iLCJtYWMiOiIwMGYzYjVkZDNlNzI4NjgyZTA0MGU3NWJjZTZjYTk3NTBiNzM1YzFjODNiMzI3MmU1M2E3YjEzMjM4YjM5NThjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InZCbDA2NHBOc0RKYWVmemZGSUhUYVE9PSIsInZhbHVlIjoiampRRkhwVlhhR3ZmSlJ0MEs4ODR4M1ozdENDZEJTd2NDWWVZaUpiNXUvb082N3ZGWTZub2JWOHFLbTVGakhYTUdnT1NwK05VbXpuS3k3ajQ0UHNOTmhjbEJwZTFvUkJZcGZWa1BJMUIyWkxvSDNoL3BwVDF0c2FBL2htb3U1K0MiLCJtYWMiOiI3ZTQ2NGRkZTU1YjJjZjFiOTU0MzFkYWEyM2I1NjExYTgyNjIwYjFiN2YwMDc5OWMzOWExODY0ZmY1YzhkZDM2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 01 Feb 2025 01:47:12 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9aGqumaHleSixUrBefTNGmLatDdq2S5EeqnLFCEdqbkRlu3T58qHnYr%2FCYajizztQHFC9VVLr8d4UmeJzwceJCkhRAYv2eG8VfRaNysrEd7SARZ8pH8pwTbEImeq1A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6IkMzSE5VMzR4NWVFQ0F6WnEyalNzM0E9PSIsInZhbHVlIjoidzNuSFZiRUFxaFN6WkpjRStzNmVLa05ncXkrUXd0ZVpWSTdXdmZ5b1FkOHN0eS92K0w3bGlUK3BxZzlqZnJjL3pKUCtiOElDby9DRHBqYVQvM21obFBKaFVMdk95TlVWVHByY3hDVVhxc3hEZ000OWFwUDY5clNFZTlsMlJpb2oiLCJtYWMiOiIyMjgxOWQwM2JiNmVkODIwNmIzYWZjMWY2ZTEyNjNlMTJjMGFmNTFmZTkxZWNiZDczYzc2Y2ZjMjYwODI3MGE1IiwidGFnIjoiIn0%3D; expires=Sat, 01-Feb-2025 03:47:12 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6ImFudnRuMm85ZStKODlROVZldElGOVE9PSIsInZhbHVlIjoiQXVpNjN5blczWUlpVFB5bVVmOG9GeGp2OUZERnhyT0RlTlVxakZmVGRNVDBRSlhMYzZDNDlTdER1UkVNUGVYUCtpOGRqM25XOHdUWDZjSUFuRjYwV2F0RkVhU1hRZHVVUzJqSlpmQzVsZTVwSGFHVlFWems3UnpYVG5iR2IwOWoiLCJtYWMiOiJjZjRhNzhhNjM0YmMyNWFiNTliM2FjNTJkODNhMzlmZWNlMWRlN2M3YTczYTcyMjQ3ZWY0Yzg5OWNjNjM0ZWFhIiwidGFnIjoiIn0%3D; expires=Sat, 01-Feb-2025 03:47:12 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
priority: u=3,i=?0
server: cloudflare
cf-ray: 90ae45ac49b45693-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=4169&min_rtt=4142&rtt_var=1572&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2824&recv_bytes=2260&delivery_rate=687590&cwnd=251&unsent_bytes=0&cid=ecb57c478265ff41&ts=101&x=0", cfL4;desc="?proto=QUIC&rtt=5604&min_rtt=1699&rtt_var=4275&sent=31&recv=15&lost=0&retrans=0&sent_bytes=17850&recv_bytes=5728&delivery_rate=5920&cwnd=12000&unsent_bytes=0&cid=f7752c96d938e888&ts=7396&x=1", cfExtPri, cfHdrFlush;dur=0
|
|
| cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js | 104.17.24.14 | 200 OK | 14 kB |
URL GET HTTP/3cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js IP104.17.24.14:443
Requested byhttps://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG CertificateIssuerGoogle Trust Services Subjectcdnjs.cloudflare.com Fingerprint00:0E:39:59:53:CF:68:07:90:75:EB:68:26:B9:04:22:44:7D:9A:32 ValidityFri, 24 Jan 2025 09:16:22 GMT - Thu, 24 Apr 2025 10:16:21 GMT
File typeJavaScript source, ASCII text, with very long lines (48316), with no line terminators Hash2ca03ad87885ab983541092b87adb299 1a17f60bf776a8c468a185c1e8e985c41a50dc27 8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://x0ru.saunceptilt.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 01 Feb 2025 01:47:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 807335
expires: Thu, 22 Jan 2026 01:47:13 GMT
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NWMPDnqEQqluyZVCchWE8n9RLBsYmlzTkv7DfNE39YWi0fkxiWJhYoZUTeFPK8bFvnD0ACDGq4dnZVFuw79ZptcYcbKgAJGhasdr%2BgG%2FTRi4vUqHX5%2FilYH3nF069YVIBlHZH4We"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 90ae45b0587456c1-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 | 143.204.55.3 | 200 OK | 11 kB |
URL GET HTTP/2ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 IP143.204.55.3:443
Requested byhttps://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG CertificateIssuerDigiCert Inc Subject*.oktacdn.com Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5 ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT
File typePNG image data, 420 x 94, 8-bit/color RGBA, non-interlaced Hash12bdacc832185d0367ecc23fd24c86ce 4422f316eb4d8c8d160312bb695fd1d944cbff12 877ae491d9aac5c6ef82a8430f9f652ace8a0dbc7294bd112aad49bd593769d0
GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://x0ru.saunceptilt.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 10796
server: nginx
last-modified: Tue, 23 Feb 2021 04:20:08 GMT
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
accept-ranges: bytes
date: Wed, 29 Jan 2025 00:59:17 GMT
expires: Thu, 29 Jan 2026 00:59:17 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: "12bdacc832185d0367ecc23fd24c86ce"
x-cache: Hit from cloudfront
via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: f6S-umMWH3cgzG00XcRdJLk6Ww0ZZowua0pmZh18r8xPmuJjQDP74g==
age: 262076
X-Firefox-Spdy: h2
|
|
| x0ru.saunceptilt.ru/GDSherpa-bold.woff2 | 172.67.163.225 | 200 OK | 28 kB |
URL GET HTTP/3x0ru.saunceptilt.ru/GDSherpa-bold.woff2 IP172.67.163.225:443
Requested byhttps://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG CertificateIssuerGoogle Trust Services Subjectsaunceptilt.ru FingerprintE0:3F:9D:60:CF:FB:C0:D2:A9:AA:47:C0:2F:CA:6A:42:DA:55:7A:45 ValidityThu, 16 Jan 2025 12:36:08 GMT - Wed, 16 Apr 2025 13:34:27 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 28000, version 1.66 Hasha4bca6c95fed0d0c5cc46cf07710dcec 73b56e33b82b42921db8702a33efd0f2b2ec9794 5a51d246af54d903f67f07f2bd820ce77736f8d08c5f1602db07469d96dbf77f
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft |
GET /GDSherpa-bold.woff2 HTTP/1.1
Host: x0ru.saunceptilt.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlZzSHlqaENvSGx5MU5FY2ZzM3dpUnc9PSIsInZhbHVlIjoiYjZMcitId1VnbE1pcTdEeWgxYzU1S21GQ2tFaVZuUjhDZDdIT2xTSU1qdEtHNzZWSlRJNTNZYkxrdUtDVzg0am1nQ3EySXhBdUdFdCtoR0lGRS9GZUpQVHBVSHBOSjFZNkNvY3ByOHZTeEZManFJNXd3QUl2RExyWUlzNkptYTMiLCJtYWMiOiI1YmUxYzNmMzdkZTZjNDRjMTkxZTI1YTE0OWI0MGFiNjdlNzUwYjY2MGQ2NWFlOWU0MjJlYTVlZWViN2U1MmMzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IitCb0tMYUpzc0duYWZxbXlwb3gzdEE9PSIsInZhbHVlIjoicGpUbTRKeUhqUW45ZUIvMnJjaWZ3U3dNbnpJQ3dzNVM4V0kxTSsvMVRvRzhuSmIyWTcxVGFYd1NFUXkwL01telgvNjFsU3FXZEZpRGVTdmNPcC94TFdwMGE5TlpOM3lCUUp1VlA1ODl1S3JYeVpYMDZCamxMRXhLZncwN0U0TEgiLCJtYWMiOiI5YTg1MWNhZDljNjBjNTU4ZGVjNjk3Zjk3ZTEyZTRhODU2YmJkMjk5OTRhZDRhMjMxMmU5NjMzMzcxODg2YzYyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 01 Feb 2025 01:47:13 GMT
content-type: font/woff2
content-length: 28000
content-disposition: inline; filename="GDSherpa-bold.woff2"
cache-control: max-age=14400
last-modified: Fri, 31 Jan 2025 23:55:44 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IREPJ0PJWi0sxVDJmXrpxjV7Mdliox2Q2h2xxuzJN1He9Plqq46ILgNGlEpXZ6vVFYb8vei%2FLnsKZQq31W20jDKcRHmd7aLCL014ZZJFX9tQgxm0yr6aPFle8%2BJrSA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: MISS
accept-ranges: bytes
priority: u=3,i=?0
server: cloudflare
cf-ray: 90ae45b06b8a5693-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=4975&min_rtt=4957&rtt_var=1430&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2172&delivery_rate=558431&cwnd=251&unsent_bytes=0&cid=efb2ee66e4e5fc65&ts=23&x=0", cfL4;desc="?proto=QUIC&rtt=2000&min_rtt=706&rtt_var=1252&sent=110&recv=49&lost=0&retrans=0&sent_bytes=84591&recv_bytes=24270&delivery_rate=650789&cwnd=24000&unsent_bytes=0&cid=f7752c96d938e888&ts=8055&x=1", cfExtPri, cfHdrFlush;dur=0
|
|
| x0ru.saunceptilt.ru/GDSherpa-regular.woff2 | 172.67.163.225 | 200 OK | 29 kB |
URL GET HTTP/3x0ru.saunceptilt.ru/GDSherpa-regular.woff2 IP172.67.163.225:443
Requested byhttps://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG CertificateIssuerGoogle Trust Services Subjectsaunceptilt.ru FingerprintE0:3F:9D:60:CF:FB:C0:D2:A9:AA:47:C0:2F:CA:6A:42:DA:55:7A:45 ValidityThu, 16 Jan 2025 12:36:08 GMT - Wed, 16 Apr 2025 13:34:27 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 28584, version 1.66 Hash17081510f3a6f2f619ec8c6f244523c7 87f34b2a1532c50f2a424c345d03fe028db35635 2c7292014e2ef00374aeb63691d9f23159a010455784ee0b274ba7db2bcca956
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft |
GET /GDSherpa-regular.woff2 HTTP/1.1
Host: x0ru.saunceptilt.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlZzSHlqaENvSGx5MU5FY2ZzM3dpUnc9PSIsInZhbHVlIjoiYjZMcitId1VnbE1pcTdEeWgxYzU1S21GQ2tFaVZuUjhDZDdIT2xTSU1qdEtHNzZWSlRJNTNZYkxrdUtDVzg0am1nQ3EySXhBdUdFdCtoR0lGRS9GZUpQVHBVSHBOSjFZNkNvY3ByOHZTeEZManFJNXd3QUl2RExyWUlzNkptYTMiLCJtYWMiOiI1YmUxYzNmMzdkZTZjNDRjMTkxZTI1YTE0OWI0MGFiNjdlNzUwYjY2MGQ2NWFlOWU0MjJlYTVlZWViN2U1MmMzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IitCb0tMYUpzc0duYWZxbXlwb3gzdEE9PSIsInZhbHVlIjoicGpUbTRKeUhqUW45ZUIvMnJjaWZ3U3dNbnpJQ3dzNVM4V0kxTSsvMVRvRzhuSmIyWTcxVGFYd1NFUXkwL01telgvNjFsU3FXZEZpRGVTdmNPcC94TFdwMGE5TlpOM3lCUUp1VlA1ODl1S3JYeVpYMDZCamxMRXhLZncwN0U0TEgiLCJtYWMiOiI5YTg1MWNhZDljNjBjNTU4ZGVjNjk3Zjk3ZTEyZTRhODU2YmJkMjk5OTRhZDRhMjMxMmU5NjMzMzcxODg2YzYyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 01 Feb 2025 01:47:13 GMT
content-type: font/woff2
content-length: 28584
content-disposition: inline; filename="GDSherpa-regular.woff2"
cache-control: max-age=14400
last-modified: Fri, 31 Jan 2025 23:55:44 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=td%2Fr1CcjCLD%2BTwJUfIbl2ZTGcJeJIDqJDzJp6V%2FMMqjGPMAMw3pDJyrxM1Eny4XA32gyPdR0p1%2FfOSVWRcF8C1v9aWCldULh32ziG5jxtSyX0H4jMb5F9SUNKqupzA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: MISS
accept-ranges: bytes
priority: u=3,i=?0
server: cloudflare
cf-ray: 90ae45b07b8e5693-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=5132&min_rtt=5098&rtt_var=1502&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2174&delivery_rate=531740&cwnd=176&unsent_bytes=0&cid=d26aad1ed2b5d91f&ts=20&x=0", cfL4;desc="?proto=QUIC&rtt=1809&min_rtt=706&rtt_var=1054&sent=135&recv=51&lost=0&retrans=0&sent_bytes=114148&recv_bytes=24362&delivery_rate=3391057&cwnd=48000&unsent_bytes=0&cid=f7752c96d938e888&ts=8060&x=1", cfExtPri, cfHdrFlush;dur=0
|
|
| x0ru.saunceptilt.ru/GDSherpa-bold.woff | 172.67.163.225 | 200 OK | 36 kB |
URL GET HTTP/3x0ru.saunceptilt.ru/GDSherpa-bold.woff IP172.67.163.225:443
Requested byhttps://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG CertificateIssuerGoogle Trust Services Subjectsaunceptilt.ru FingerprintE0:3F:9D:60:CF:FB:C0:D2:A9:AA:47:C0:2F:CA:6A:42:DA:55:7A:45 ValidityThu, 16 Jan 2025 12:36:08 GMT - Wed, 16 Apr 2025 13:34:27 GMT
File typeWeb Open Font Format, TrueType, length 35970, version 1.0 Hash496b7bbde91c7dc7cf9bbabbb3921da8 2bd3c406a715ab52dad84c803c55bf4a6e66a924 ae40a04f95df12b0c364f26ab691dc0c391d394a28bcdb4aeacfaca325d0a798
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft |
GET /GDSherpa-bold.woff HTTP/1.1
Host: x0ru.saunceptilt.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlZzSHlqaENvSGx5MU5FY2ZzM3dpUnc9PSIsInZhbHVlIjoiYjZMcitId1VnbE1pcTdEeWgxYzU1S21GQ2tFaVZuUjhDZDdIT2xTSU1qdEtHNzZWSlRJNTNZYkxrdUtDVzg0am1nQ3EySXhBdUdFdCtoR0lGRS9GZUpQVHBVSHBOSjFZNkNvY3ByOHZTeEZManFJNXd3QUl2RExyWUlzNkptYTMiLCJtYWMiOiI1YmUxYzNmMzdkZTZjNDRjMTkxZTI1YTE0OWI0MGFiNjdlNzUwYjY2MGQ2NWFlOWU0MjJlYTVlZWViN2U1MmMzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IitCb0tMYUpzc0duYWZxbXlwb3gzdEE9PSIsInZhbHVlIjoicGpUbTRKeUhqUW45ZUIvMnJjaWZ3U3dNbnpJQ3dzNVM4V0kxTSsvMVRvRzhuSmIyWTcxVGFYd1NFUXkwL01telgvNjFsU3FXZEZpRGVTdmNPcC94TFdwMGE5TlpOM3lCUUp1VlA1ODl1S3JYeVpYMDZCamxMRXhLZncwN0U0TEgiLCJtYWMiOiI5YTg1MWNhZDljNjBjNTU4ZGVjNjk3Zjk3ZTEyZTRhODU2YmJkMjk5OTRhZDRhMjMxMmU5NjMzMzcxODg2YzYyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 01 Feb 2025 01:47:13 GMT
content-type: font/woff
content-length: 35970
content-disposition: inline; filename="GDSherpa-bold.woff"
cache-control: max-age=14400
last-modified: Fri, 31 Jan 2025 23:55:44 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nLaCT0zvLRrpq4bcuYI0hi5O2dnfShb%2FU1n2Td8wf054w9qIOevLwKUub7rdeKs2wG046P1%2Bdxb%2BZMfZexFXp9Kh1%2FkIGxHjt4MPb9s9dc9lMfMTCMkQaCKnYuTkYw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: MISS
accept-ranges: bytes
priority: u=3,i=?0
server: cloudflare
cf-ray: 90ae45b06b8b5693-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=5073&min_rtt=4967&rtt_var=1461&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2169&delivery_rate=557556&cwnd=236&unsent_bytes=0&cid=bede6da15f4c2c7e&ts=31&x=0", cfL4;desc="?proto=QUIC&rtt=1809&min_rtt=706&rtt_var=1054&sent=161&recv=51&lost=0&retrans=0&sent_bytes=144322&recv_bytes=24362&delivery_rate=3391057&cwnd=48000&unsent_bytes=0&cid=f7752c96d938e888&ts=8062&x=1", cfExtPri, cfHdrFlush;dur=0
|
|
| x0ru.saunceptilt.ru/GDSherpa-regular.woff | 172.67.163.225 | 200 OK | 37 kB |
URL GET HTTP/3x0ru.saunceptilt.ru/GDSherpa-regular.woff IP172.67.163.225:443
Requested byhttps://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG CertificateIssuerGoogle Trust Services Subjectsaunceptilt.ru FingerprintE0:3F:9D:60:CF:FB:C0:D2:A9:AA:47:C0:2F:CA:6A:42:DA:55:7A:45 ValidityThu, 16 Jan 2025 12:36:08 GMT - Wed, 16 Apr 2025 13:34:27 GMT
File typeWeb Open Font Format, TrueType, length 36696, version 1.0 Hasha69e9ab8afdd7486ec0749c551051ff2 c34e6aa327b536fb48d1fe03577a47c7ee2231b8 fd78a1913db912221b8ead1e62fad47d1ff0a9fa6cd88d3b128a721ad91d2faf
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft |
GET /GDSherpa-regular.woff HTTP/1.1
Host: x0ru.saunceptilt.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlZzSHlqaENvSGx5MU5FY2ZzM3dpUnc9PSIsInZhbHVlIjoiYjZMcitId1VnbE1pcTdEeWgxYzU1S21GQ2tFaVZuUjhDZDdIT2xTSU1qdEtHNzZWSlRJNTNZYkxrdUtDVzg0am1nQ3EySXhBdUdFdCtoR0lGRS9GZUpQVHBVSHBOSjFZNkNvY3ByOHZTeEZManFJNXd3QUl2RExyWUlzNkptYTMiLCJtYWMiOiI1YmUxYzNmMzdkZTZjNDRjMTkxZTI1YTE0OWI0MGFiNjdlNzUwYjY2MGQ2NWFlOWU0MjJlYTVlZWViN2U1MmMzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IitCb0tMYUpzc0duYWZxbXlwb3gzdEE9PSIsInZhbHVlIjoicGpUbTRKeUhqUW45ZUIvMnJjaWZ3U3dNbnpJQ3dzNVM4V0kxTSsvMVRvRzhuSmIyWTcxVGFYd1NFUXkwL01telgvNjFsU3FXZEZpRGVTdmNPcC94TFdwMGE5TlpOM3lCUUp1VlA1ODl1S3JYeVpYMDZCamxMRXhLZncwN0U0TEgiLCJtYWMiOiI5YTg1MWNhZDljNjBjNTU4ZGVjNjk3Zjk3ZTEyZTRhODU2YmJkMjk5OTRhZDRhMjMxMmU5NjMzMzcxODg2YzYyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 01 Feb 2025 01:47:13 GMT
content-type: font/woff
content-length: 36696
content-disposition: inline; filename="GDSherpa-regular.woff"
cache-control: max-age=14400
last-modified: Fri, 31 Jan 2025 23:55:44 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=at07OJTFEIwo1zUoxltFt6fsU4HJZzZhOwmAmivu1EKG6w2Rh0NdpA1pCN%2FVIrmIFxYqBLVxonh2l1C1a5b%2BAiK7EpFavGY5U3pmbgEkWBa8SDBZTaiBmqtcBLkH%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: MISS
accept-ranges: bytes
priority: u=3,i=?0
server: cloudflare
cf-ray: 90ae45b07b905693-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=4338&min_rtt=4297&rtt_var=1285&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2173&delivery_rate=626071&cwnd=233&unsent_bytes=0&cid=b9ac174ec194f3e6&ts=28&x=0", cfL4;desc="?proto=QUIC&rtt=1964&min_rtt=706&rtt_var=1128&sent=193&recv=53&lost=0&retrans=0&sent_bytes=182058&recv_bytes=24453&delivery_rate=9828601&cwnd=78000&unsent_bytes=0&cid=f7752c96d938e888&ts=8067&x=1", cfExtPri, cfHdrFlush;dur=0
|
|
| x0ru.saunceptilt.ru/wxwMG8QD5zctVFNoc9jr5gOCFIftstDTi7MPO4SQvoS3I12129 | 172.67.163.225 | 200 OK | 644 B |
URL GET HTTP/3x0ru.saunceptilt.ru/wxwMG8QD5zctVFNoc9jr5gOCFIftstDTi7MPO4SQvoS3I12129 IP172.67.163.225:443
Requested byhttps://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG CertificateIssuerGoogle Trust Services Subjectsaunceptilt.ru FingerprintE0:3F:9D:60:CF:FB:C0:D2:A9:AA:47:C0:2F:CA:6A:42:DA:55:7A:45 ValidityThu, 16 Jan 2025 12:36:08 GMT - Wed, 16 Apr 2025 13:34:27 GMT
File typeRIFF (little-endian) data, Web/P image Hash541b83c2195088043337e4353b6fd60d f09630596b6713217984785a64f6ea83e91b49c5 2658b8874f0d2a12e8726df78ac8954324c3bbe4695e66bdef89195fde64322f
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft |
GET /wxwMG8QD5zctVFNoc9jr5gOCFIftstDTi7MPO4SQvoS3I12129 HTTP/1.1
Host: x0ru.saunceptilt.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG
Cookie: XSRF-TOKEN=eyJpdiI6IlZzSHlqaENvSGx5MU5FY2ZzM3dpUnc9PSIsInZhbHVlIjoiYjZMcitId1VnbE1pcTdEeWgxYzU1S21GQ2tFaVZuUjhDZDdIT2xTSU1qdEtHNzZWSlRJNTNZYkxrdUtDVzg0am1nQ3EySXhBdUdFdCtoR0lGRS9GZUpQVHBVSHBOSjFZNkNvY3ByOHZTeEZManFJNXd3QUl2RExyWUlzNkptYTMiLCJtYWMiOiI1YmUxYzNmMzdkZTZjNDRjMTkxZTI1YTE0OWI0MGFiNjdlNzUwYjY2MGQ2NWFlOWU0MjJlYTVlZWViN2U1MmMzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IitCb0tMYUpzc0duYWZxbXlwb3gzdEE9PSIsInZhbHVlIjoicGpUbTRKeUhqUW45ZUIvMnJjaWZ3U3dNbnpJQ3dzNVM4V0kxTSsvMVRvRzhuSmIyWTcxVGFYd1NFUXkwL01telgvNjFsU3FXZEZpRGVTdmNPcC94TFdwMGE5TlpOM3lCUUp1VlA1ODl1S3JYeVpYMDZCamxMRXhLZncwN0U0TEgiLCJtYWMiOiI5YTg1MWNhZDljNjBjNTU4ZGVjNjk3Zjk3ZTEyZTRhODU2YmJkMjk5OTRhZDRhMjMxMmU5NjMzMzcxODg2YzYyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 01 Feb 2025 01:47:13 GMT
content-type: image/webp
content-length: 644
content-disposition: inline; filename="wxwMG8QD5zctVFNoc9jr5gOCFIftstDTi7MPO4SQvoS3I12129"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fBBNi85LSmyrFzXH1jlPvjXAFUy6HC79qHQdca7tuQRhgEUZcdc6MadcJlUw%2B%2BlEn2sgrz33dOo63hEffpOQLDiTtqJGATfJGAvGBUexBpdGWjcPmWjbclAzKW7cVA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
priority: u=4,i=?0
server: cloudflare
cf-ray: 90ae45b07b935693-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=4087&min_rtt=4065&rtt_var=1186&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2179&delivery_rate=675682&cwnd=219&unsent_bytes=0&cid=314df576332702b4&ts=95&x=0", cfL4;desc="?proto=QUIC&rtt=2180&min_rtt=706&rtt_var=1404&sent=226&recv=55&lost=0&retrans=0&sent_bytes=220547&recv_bytes=24545&delivery_rate=4753744&cwnd=78000&unsent_bytes=0&cid=f7752c96d938e888&ts=8090&x=1", cfExtPri, cfHdrFlush;dur=0
|
|
| x0ru.saunceptilt.ru/opwPceXhDLizD2qOqTgblgqS203xC81q4efheJUkNuvreei45135 | 172.67.163.225 | 200 OK | 892 B |
URL GET HTTP/3x0ru.saunceptilt.ru/opwPceXhDLizD2qOqTgblgqS203xC81q4efheJUkNuvreei45135 IP172.67.163.225:443
Requested byhttps://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG CertificateIssuerGoogle Trust Services Subjectsaunceptilt.ru FingerprintE0:3F:9D:60:CF:FB:C0:D2:A9:AA:47:C0:2F:CA:6A:42:DA:55:7A:45 ValidityThu, 16 Jan 2025 12:36:08 GMT - Wed, 16 Apr 2025 13:34:27 GMT
File typeRIFF (little-endian) data, Web/P image Hash41d62ca205d54a78e4298367482b4e2b 839aae21ed8ecfc238fdc68b93ccb27431cd5393 20a4a780db0bcc047015a0d8037eb4eb58b3e5cb338673799c030a3e1b626b40
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft |
GET /opwPceXhDLizD2qOqTgblgqS203xC81q4efheJUkNuvreei45135 HTTP/1.1
Host: x0ru.saunceptilt.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG
Cookie: XSRF-TOKEN=eyJpdiI6IlZzSHlqaENvSGx5MU5FY2ZzM3dpUnc9PSIsInZhbHVlIjoiYjZMcitId1VnbE1pcTdEeWgxYzU1S21GQ2tFaVZuUjhDZDdIT2xTSU1qdEtHNzZWSlRJNTNZYkxrdUtDVzg0am1nQ3EySXhBdUdFdCtoR0lGRS9GZUpQVHBVSHBOSjFZNkNvY3ByOHZTeEZManFJNXd3QUl2RExyWUlzNkptYTMiLCJtYWMiOiI1YmUxYzNmMzdkZTZjNDRjMTkxZTI1YTE0OWI0MGFiNjdlNzUwYjY2MGQ2NWFlOWU0MjJlYTVlZWViN2U1MmMzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IitCb0tMYUpzc0duYWZxbXlwb3gzdEE9PSIsInZhbHVlIjoicGpUbTRKeUhqUW45ZUIvMnJjaWZ3U3dNbnpJQ3dzNVM4V0kxTSsvMVRvRzhuSmIyWTcxVGFYd1NFUXkwL01telgvNjFsU3FXZEZpRGVTdmNPcC94TFdwMGE5TlpOM3lCUUp1VlA1ODl1S3JYeVpYMDZCamxMRXhLZncwN0U0TEgiLCJtYWMiOiI5YTg1MWNhZDljNjBjNTU4ZGVjNjk3Zjk3ZTEyZTRhODU2YmJkMjk5OTRhZDRhMjMxMmU5NjMzMzcxODg2YzYyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 01 Feb 2025 01:47:13 GMT
content-type: image/webp
content-length: 892
content-disposition: inline; filename="opwPceXhDLizD2qOqTgblgqS203xC81q4efheJUkNuvreei45135"
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oZfhGcfgCN0RnKPT1PnrlafMS98%2F4lS%2FXe1LI6NXhdgKpn6FpcmRaXiulm6Mbc7hzXdP5KGwXxlEW%2Bdi49%2Fd%2FttOKJj5eM7uoTm4qfg%2BJoTk9NhaKqL0p14pKrkOM3isO5iuD2WW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90ae45b07b945693-OSL
server-timing: cfL4;desc="?proto=QUIC&rtt=2017&min_rtt=706&rtt_var=1379&sent=228&recv=56&lost=0&retrans=0&sent_bytes=222076&recv_bytes=24590&delivery_rate=1182988&cwnd=78000&unsent_bytes=0&cid=f7752c96d938e888&ts=8093&x=1", cfExtPri, cfHdrFlush;dur=0
|
|
| x0ru.saunceptilt.ru/GDSherpa-vf2.woff2 | 172.67.163.225 | 200 OK | 93 kB |
URL GET HTTP/3x0ru.saunceptilt.ru/GDSherpa-vf2.woff2 IP172.67.163.225:443
Requested byhttps://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG CertificateIssuerGoogle Trust Services Subjectsaunceptilt.ru FingerprintE0:3F:9D:60:CF:FB:C0:D2:A9:AA:47:C0:2F:CA:6A:42:DA:55:7A:45 ValidityThu, 16 Jan 2025 12:36:08 GMT - Wed, 16 Apr 2025 13:34:27 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 93276, version 1.0 Hashbcd7983ea5aa57c55f6758b4977983cb ef3a009e205229e07fb0ec8569e669b11c378ef1 6528a0bf9a836a53dfd8536e1786ba6831c9d1faa74967126fddf5b2081b858c
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft |
GET /GDSherpa-vf2.woff2 HTTP/1.1
Host: x0ru.saunceptilt.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlZzSHlqaENvSGx5MU5FY2ZzM3dpUnc9PSIsInZhbHVlIjoiYjZMcitId1VnbE1pcTdEeWgxYzU1S21GQ2tFaVZuUjhDZDdIT2xTSU1qdEtHNzZWSlRJNTNZYkxrdUtDVzg0am1nQ3EySXhBdUdFdCtoR0lGRS9GZUpQVHBVSHBOSjFZNkNvY3ByOHZTeEZManFJNXd3QUl2RExyWUlzNkptYTMiLCJtYWMiOiI1YmUxYzNmMzdkZTZjNDRjMTkxZTI1YTE0OWI0MGFiNjdlNzUwYjY2MGQ2NWFlOWU0MjJlYTVlZWViN2U1MmMzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IitCb0tMYUpzc0duYWZxbXlwb3gzdEE9PSIsInZhbHVlIjoicGpUbTRKeUhqUW45ZUIvMnJjaWZ3U3dNbnpJQ3dzNVM4V0kxTSsvMVRvRzhuSmIyWTcxVGFYd1NFUXkwL01telgvNjFsU3FXZEZpRGVTdmNPcC94TFdwMGE5TlpOM3lCUUp1VlA1ODl1S3JYeVpYMDZCamxMRXhLZncwN0U0TEgiLCJtYWMiOiI5YTg1MWNhZDljNjBjNTU4ZGVjNjk3Zjk3ZTEyZTRhODU2YmJkMjk5OTRhZDRhMjMxMmU5NjMzMzcxODg2YzYyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 01 Feb 2025 01:47:13 GMT
content-type: font/woff2
content-length: 93276
content-disposition: inline; filename="GDSherpa-vf2.woff2"
cache-control: max-age=14400
last-modified: Fri, 31 Jan 2025 23:55:44 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=asPB6FLd1%2B9rTGEEBehDuhtasYrZKz6it5KRShIcjzQpy0StK6%2FvEMktyHTVzYBoVU7S6uivQUMtVsDg8zIASqtp8P29z5lsfZhmEbWjtbKRBYv8D4tGtbujqN6Jwg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: MISS
accept-ranges: bytes
priority: u=3,i=?0
server: cloudflare
cf-ray: 90ae45b07b925693-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=4669&min_rtt=4640&rtt_var=1363&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2171&delivery_rate=585887&cwnd=251&unsent_bytes=0&cid=7017af427d07dc32&ts=18&x=0", cfL4;desc="?proto=QUIC&rtt=1474&min_rtt=706&rtt_var=943&sent=242&recv=61&lost=0&retrans=0&sent_bytes=236947&recv_bytes=24815&delivery_rate=1542791&cwnd=78000&unsent_bytes=0&cid=f7752c96d938e888&ts=8108&x=1", cfExtPri, cfHdrFlush;dur=0
|
|
| x0ru.saunceptilt.ru/GDSherpa-vf.woff2 | 172.67.163.225 | 200 OK | 44 kB |
URL GET HTTP/3x0ru.saunceptilt.ru/GDSherpa-vf.woff2 IP172.67.163.225:443
Requested byhttps://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG CertificateIssuerGoogle Trust Services Subjectsaunceptilt.ru FingerprintE0:3F:9D:60:CF:FB:C0:D2:A9:AA:47:C0:2F:CA:6A:42:DA:55:7A:45 ValidityThu, 16 Jan 2025 12:36:08 GMT - Wed, 16 Apr 2025 13:34:27 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 43596, version 1.0 Hash2a05e9e5572abc320b2b7ea38a70dcc1 d5fa2a856d5632c2469e42436159375117ef3c35 3efcb941aaddaf4aea08dab3fb97d3e904aa1b83264e64b4d5bda53bc7c798ec
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft |
GET /GDSherpa-vf.woff2 HTTP/1.1
Host: x0ru.saunceptilt.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlZzSHlqaENvSGx5MU5FY2ZzM3dpUnc9PSIsInZhbHVlIjoiYjZMcitId1VnbE1pcTdEeWgxYzU1S21GQ2tFaVZuUjhDZDdIT2xTSU1qdEtHNzZWSlRJNTNZYkxrdUtDVzg0am1nQ3EySXhBdUdFdCtoR0lGRS9GZUpQVHBVSHBOSjFZNkNvY3ByOHZTeEZManFJNXd3QUl2RExyWUlzNkptYTMiLCJtYWMiOiI1YmUxYzNmMzdkZTZjNDRjMTkxZTI1YTE0OWI0MGFiNjdlNzUwYjY2MGQ2NWFlOWU0MjJlYTVlZWViN2U1MmMzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IitCb0tMYUpzc0duYWZxbXlwb3gzdEE9PSIsInZhbHVlIjoicGpUbTRKeUhqUW45ZUIvMnJjaWZ3U3dNbnpJQ3dzNVM4V0kxTSsvMVRvRzhuSmIyWTcxVGFYd1NFUXkwL01telgvNjFsU3FXZEZpRGVTdmNPcC94TFdwMGE5TlpOM3lCUUp1VlA1ODl1S3JYeVpYMDZCamxMRXhLZncwN0U0TEgiLCJtYWMiOiI5YTg1MWNhZDljNjBjNTU4ZGVjNjk3Zjk3ZTEyZTRhODU2YmJkMjk5OTRhZDRhMjMxMmU5NjMzMzcxODg2YzYyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 01 Feb 2025 01:47:13 GMT
content-type: font/woff2
content-length: 43596
content-disposition: inline; filename="GDSherpa-vf.woff2"
cache-control: max-age=14400
last-modified: Fri, 31 Jan 2025 23:55:44 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TfQ73Tmwr9hhdH67TFOCUJ5v0TjmhKgqq3hWObPK6m%2Byt2H0iFm0FaVmzmFxzJhQw4rahb4RCjc8C14gF4J%2BYOf1WUOptbEBUfhDJ6yp9uAc5MjJYCwBYUZ1uPRMHg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: MISS
accept-ranges: bytes
priority: u=3,i=?0
server: cloudflare
cf-ray: 90ae45b07b915693-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=4946&min_rtt=4914&rtt_var=1444&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2169&delivery_rate=554841&cwnd=234&unsent_bytes=0&cid=d2fcab4e5083c236&ts=20&x=0", cfL4;desc="?proto=QUIC&rtt=1496&min_rtt=706&rtt_var=752&sent=323&recv=62&lost=0&retrans=0&sent_bytes=333414&recv_bytes=24861&delivery_rate=26542249&cwnd=156000&unsent_bytes=0&cid=f7752c96d938e888&ts=8112&x=1", cfExtPri, cfHdrFlush;dur=0
|
|
| x0ru.saunceptilt.ru/uv0YiUuZr7fK69ESjXiUZtfAgVx67RhDJGuS9sXItM7muVgAEFCb1mg7QGJNJPS6gh252 | 172.67.163.225 | 200 OK | 18 kB |
URL GET HTTP/3x0ru.saunceptilt.ru/uv0YiUuZr7fK69ESjXiUZtfAgVx67RhDJGuS9sXItM7muVgAEFCb1mg7QGJNJPS6gh252 IP172.67.163.225:443
Requested byhttps://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG CertificateIssuerGoogle Trust Services Subjectsaunceptilt.ru FingerprintE0:3F:9D:60:CF:FB:C0:D2:A9:AA:47:C0:2F:CA:6A:42:DA:55:7A:45 ValidityThu, 16 Jan 2025 12:36:08 GMT - Wed, 16 Apr 2025 13:34:27 GMT
File typeRIFF (little-endian) data, Web/P image Hash4b52ecdc33382c9dca874f551990e704 8f3bf8e41cd4cdddb17836b261e73f827b84341b cce050cc3b150c0b370751021bb15018ee2b64ac369e230fe3b571a9b00d4342
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft |
GET /uv0YiUuZr7fK69ESjXiUZtfAgVx67RhDJGuS9sXItM7muVgAEFCb1mg7QGJNJPS6gh252 HTTP/1.1
Host: x0ru.saunceptilt.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG
Cookie: XSRF-TOKEN=eyJpdiI6IlZzSHlqaENvSGx5MU5FY2ZzM3dpUnc9PSIsInZhbHVlIjoiYjZMcitId1VnbE1pcTdEeWgxYzU1S21GQ2tFaVZuUjhDZDdIT2xTSU1qdEtHNzZWSlRJNTNZYkxrdUtDVzg0am1nQ3EySXhBdUdFdCtoR0lGRS9GZUpQVHBVSHBOSjFZNkNvY3ByOHZTeEZManFJNXd3QUl2RExyWUlzNkptYTMiLCJtYWMiOiI1YmUxYzNmMzdkZTZjNDRjMTkxZTI1YTE0OWI0MGFiNjdlNzUwYjY2MGQ2NWFlOWU0MjJlYTVlZWViN2U1MmMzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IitCb0tMYUpzc0duYWZxbXlwb3gzdEE9PSIsInZhbHVlIjoicGpUbTRKeUhqUW45ZUIvMnJjaWZ3U3dNbnpJQ3dzNVM4V0kxTSsvMVRvRzhuSmIyWTcxVGFYd1NFUXkwL01telgvNjFsU3FXZEZpRGVTdmNPcC94TFdwMGE5TlpOM3lCUUp1VlA1ODl1S3JYeVpYMDZCamxMRXhLZncwN0U0TEgiLCJtYWMiOiI5YTg1MWNhZDljNjBjNTU4ZGVjNjk3Zjk3ZTEyZTRhODU2YmJkMjk5OTRhZDRhMjMxMmU5NjMzMzcxODg2YzYyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 01 Feb 2025 01:47:13 GMT
content-type: image/webp
content-length: 17842
content-disposition: inline; filename="uv0YiUuZr7fK69ESjXiUZtfAgVx67RhDJGuS9sXItM7muVgAEFCb1mg7QGJNJPS6gh252"
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p%2Fz5Hld3Dw90bX3rNs6E4Kpgf97hF90dOoR2VAyFpwUEwkkKJ%2F%2BnOBlIYt2Yu6DeSxH6ejrdWqQpfTf3%2FQQpTgAjyQFsB0LCBBUrP%2Byo%2BXK4ajVsUnm4m9Gk%2BzbjUWacRyR0rORd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90ae45b0bbb25693-OSL
server-timing: cfL4;desc="?proto=QUIC&rtt=1427&min_rtt=706&rtt_var=701&sent=365&recv=63&lost=0&retrans=0&sent_bytes=383321&recv_bytes=24907&delivery_rate=6827214&cwnd=156000&unsent_bytes=0&cid=f7752c96d938e888&ts=8122&x=1", cfExtPri, cfHdrFlush;dur=0
|
|
| github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js |  140.82.121.3 | 302 Found | 0 B |
URL GET HTTP/2github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js IP140.82.121.3:443
Requested byhttps://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG CertificateIssuerSectigo Limited Subjectgithub.com FingerprintE7:03:5B:CC:1C:18:77:1F:79:2F:90:86:6B:6C:1D:F8:DF:AA:BD:C0 ValidityThu, 07 Mar 2024 00:00:00 GMT - Fri, 07 Mar 2025 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fent/randexp.js/releases/download/v0.4.3/randexp.min.js HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://x0ru.saunceptilt.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: GitHub.com
date: Sat, 01 Feb 2025 01:47:10 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250201%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250201T014710Z&X-Amz-Expires=300&X-Amz-Signature=5cd496eba6cae79d30c57a82b62476f1c3dcb8edc70405740ce6987b69cd0bde&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: E908:28813E:2332859:2474878:679D7D21
X-Firefox-Spdy: h2
|
|
| x0ru.saunceptilt.ru/ijBHSNpUNJzietcwGJ2MFFp0LXwTZFkwCwgrWiR9mxyWha9rAXMo0UHyEYP8UKgef203 | 172.67.163.225 | 200 OK | 25 kB |
URL GET HTTP/3x0ru.saunceptilt.ru/ijBHSNpUNJzietcwGJ2MFFp0LXwTZFkwCwgrWiR9mxyWha9rAXMo0UHyEYP8UKgef203 IP172.67.163.225:443
Requested byhttps://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG CertificateIssuerGoogle Trust Services Subjectsaunceptilt.ru FingerprintE0:3F:9D:60:CF:FB:C0:D2:A9:AA:47:C0:2F:CA:6A:42:DA:55:7A:45 ValidityThu, 16 Jan 2025 12:36:08 GMT - Wed, 16 Apr 2025 13:34:27 GMT
File typeRIFF (little-endian) data, Web/P image Hashf9a795e2270664a7a169c73b6d84a575 0fbb60ab27ab88c064eb347d0722c8ed4cf5e8b8 d00203b2eea6e418c31baafa949ada5349a9f9b7e99fa003aec7406822693740
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft |
GET /ijBHSNpUNJzietcwGJ2MFFp0LXwTZFkwCwgrWiR9mxyWha9rAXMo0UHyEYP8UKgef203 HTTP/1.1
Host: x0ru.saunceptilt.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG
Cookie: XSRF-TOKEN=eyJpdiI6IlZzSHlqaENvSGx5MU5FY2ZzM3dpUnc9PSIsInZhbHVlIjoiYjZMcitId1VnbE1pcTdEeWgxYzU1S21GQ2tFaVZuUjhDZDdIT2xTSU1qdEtHNzZWSlRJNTNZYkxrdUtDVzg0am1nQ3EySXhBdUdFdCtoR0lGRS9GZUpQVHBVSHBOSjFZNkNvY3ByOHZTeEZManFJNXd3QUl2RExyWUlzNkptYTMiLCJtYWMiOiI1YmUxYzNmMzdkZTZjNDRjMTkxZTI1YTE0OWI0MGFiNjdlNzUwYjY2MGQ2NWFlOWU0MjJlYTVlZWViN2U1MmMzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IitCb0tMYUpzc0duYWZxbXlwb3gzdEE9PSIsInZhbHVlIjoicGpUbTRKeUhqUW45ZUIvMnJjaWZ3U3dNbnpJQ3dzNVM4V0kxTSsvMVRvRzhuSmIyWTcxVGFYd1NFUXkwL01telgvNjFsU3FXZEZpRGVTdmNPcC94TFdwMGE5TlpOM3lCUUp1VlA1ODl1S3JYeVpYMDZCamxMRXhLZncwN0U0TEgiLCJtYWMiOiI5YTg1MWNhZDljNjBjNTU4ZGVjNjk3Zjk3ZTEyZTRhODU2YmJkMjk5OTRhZDRhMjMxMmU5NjMzMzcxODg2YzYyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 01 Feb 2025 01:47:13 GMT
content-type: image/webp
content-length: 25216
content-disposition: inline; filename="ijBHSNpUNJzietcwGJ2MFFp0LXwTZFkwCwgrWiR9mxyWha9rAXMo0UHyEYP8UKgef203"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8kql4WG5%2BgUh0BJZu1yBXdiDYlOGw5%2F4K9xl%2B74VrR2Z00jcVXDGKDMYN7sZZ4%2FoxiILLBOvsoieXcgN4EiJS%2FNS2CL3rLCi8PyEFpok9VpR47ny%2BRwM6fGsoRItaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
priority: u=4,i=?0
server: cloudflare
cf-ray: 90ae45b0abab5693-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=6367&min_rtt=6347&rtt_var=1824&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2824&recv_bytes=2197&delivery_rate=439167&cwnd=244&unsent_bytes=0&cid=41ede9c9d6fcf569&ts=90&x=0", cfL4;desc="?proto=QUIC&rtt=1544&min_rtt=706&rtt_var=760&sent=375&recv=64&lost=0&retrans=0&sent_bytes=395068&recv_bytes=24953&delivery_rate=24885855&cwnd=156000&unsent_bytes=0&cid=f7752c96d938e888&ts=8132&x=1", cfExtPri, cfHdrFlush;dur=0
|
|
| x0ru.saunceptilt.ru/qrtbV9p8idIj2MpS1Gsq0D9zYCoJyom012whryhlgwoYFNLPQnM3ux7nwW46VlUu0icyNcd240 | 172.67.163.225 | 200 OK | 9.6 kB |
URL GET HTTP/3x0ru.saunceptilt.ru/qrtbV9p8idIj2MpS1Gsq0D9zYCoJyom012whryhlgwoYFNLPQnM3ux7nwW46VlUu0icyNcd240 IP172.67.163.225:443
Requested byhttps://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG CertificateIssuerGoogle Trust Services Subjectsaunceptilt.ru FingerprintE0:3F:9D:60:CF:FB:C0:D2:A9:AA:47:C0:2F:CA:6A:42:DA:55:7A:45 ValidityThu, 16 Jan 2025 12:36:08 GMT - Wed, 16 Apr 2025 13:34:27 GMT
File typeRIFF (little-endian) data, Web/P image Hash4946eb373b18d178c93d473489673bb6 16477acb73b63ca251d37401249e7e4515febd24 666bc574c9f3fb28a8ac626fa8105c187c2a313736494a06bd5a937473673c92
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft |
GET /qrtbV9p8idIj2MpS1Gsq0D9zYCoJyom012whryhlgwoYFNLPQnM3ux7nwW46VlUu0icyNcd240 HTTP/1.1
Host: x0ru.saunceptilt.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG
Cookie: XSRF-TOKEN=eyJpdiI6IlZzSHlqaENvSGx5MU5FY2ZzM3dpUnc9PSIsInZhbHVlIjoiYjZMcitId1VnbE1pcTdEeWgxYzU1S21GQ2tFaVZuUjhDZDdIT2xTSU1qdEtHNzZWSlRJNTNZYkxrdUtDVzg0am1nQ3EySXhBdUdFdCtoR0lGRS9GZUpQVHBVSHBOSjFZNkNvY3ByOHZTeEZManFJNXd3QUl2RExyWUlzNkptYTMiLCJtYWMiOiI1YmUxYzNmMzdkZTZjNDRjMTkxZTI1YTE0OWI0MGFiNjdlNzUwYjY2MGQ2NWFlOWU0MjJlYTVlZWViN2U1MmMzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IitCb0tMYUpzc0duYWZxbXlwb3gzdEE9PSIsInZhbHVlIjoicGpUbTRKeUhqUW45ZUIvMnJjaWZ3U3dNbnpJQ3dzNVM4V0kxTSsvMVRvRzhuSmIyWTcxVGFYd1NFUXkwL01telgvNjFsU3FXZEZpRGVTdmNPcC94TFdwMGE5TlpOM3lCUUp1VlA1ODl1S3JYeVpYMDZCamxMRXhLZncwN0U0TEgiLCJtYWMiOiI5YTg1MWNhZDljNjBjNTU4ZGVjNjk3Zjk3ZTEyZTRhODU2YmJkMjk5OTRhZDRhMjMxMmU5NjMzMzcxODg2YzYyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 01 Feb 2025 01:47:13 GMT
content-type: image/webp
content-length: 9648
content-disposition: inline; filename="qrtbV9p8idIj2MpS1Gsq0D9zYCoJyom012whryhlgwoYFNLPQnM3ux7nwW46VlUu0icyNcd240"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hHJtYr4Klf3FHivTF70a9FZ3YwG%2BUUAHLASC1ujPrKEMcPt%2FepgssnbaYVeSZILExNYxIIWiBt56ylcHcMYsPR9MKeGzXcDrHdIe%2Bc0Iz0qxLijnMLUCrctPpIuUyg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
priority: u=4,i=?0
server: cloudflare
cf-ray: 90ae45b0abad5693-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=5062&min_rtt=4414&rtt_var=1766&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2203&delivery_rate=622922&cwnd=248&unsent_bytes=0&cid=ab97c0c913bee11b&ts=153&x=0", cfL4;desc="?proto=QUIC&rtt=2311&min_rtt=706&rtt_var=1819&sent=426&recv=73&lost=0&retrans=0&sent_bytes=441923&recv_bytes=25363&delivery_rate=2078859&cwnd=156000&unsent_bytes=0&cid=f7752c96d938e888&ts=8186&x=1", cfExtPri, cfHdrFlush;dur=0
|
|
| objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250201%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250201T014710Z&X-Amz-Expires=300&X-Amz-Signature=5cd496eba6cae79d30c57a82b62476f1c3dcb8edc70405740ce6987b69cd0bde&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream | 185.199.111.133 | 200 OK | 10 kB |
URL GET HTTP/2objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250201%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250201T014710Z&X-Amz-Expires=300&X-Amz-Signature=5cd496eba6cae79d30c57a82b62476f1c3dcb8edc70405740ce6987b69cd0bde&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream IP185.199.111.133:443
Requested byhttps://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG CertificateIssuerDigiCert Inc Subject*.github.io Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28 ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (10017) Hash6c20a2be8ba900bc0a7118893a2b1072 ff7766fde1f33882c6e1c481ceed6f6588ea764c b1c42acd0288c435e95e00332476781532ed002cac6f3dcee9110ced30b31500
GET /github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250201%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250201T014710Z&X-Amz-Expires=300&X-Amz-Signature=5cd496eba6cae79d30c57a82b62476f1c3dcb8edc70405740ce6987b69cd0bde&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream HTTP/1.1
Host: objects.githubusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://x0ru.saunceptilt.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/octet-stream
last-modified: Tue, 07 Dec 2021 16:38:45 GMT
etag: "0x8D9B9A009499A1E"
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d91f6eaf-e01e-0032-2f18-13e122000000
x-ms-version: 2023-11-03
x-ms-creation-time: Tue, 17 Aug 2021 14:57:31 GMT
x-ms-blob-content-md5: bCCivoupALwKcRiJOisQcg==
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
content-disposition: attachment; filename=randexp.min.js
x-ms-server-encrypted: true
via: 1.1 varnish, 1.1 varnish
fastly-restarts: 1
accept-ranges: bytes
date: Sat, 01 Feb 2025 01:47:14 GMT
age: 2486
x-served-by: cache-iad-kiad7000045-IAD, cache-hel1410031-HEL
x-cache: HIT, HIT
x-cache-hits: 11369, 2
x-timer: S1738374434.777179,VS0,VE0
content-length: 10245
X-Firefox-Spdy: h2
|
|
| x0ru.saunceptilt.ru/favicon.ico | 172.67.163.225 | 404 Not Found | 20 kB |
URL GET HTTP/3x0ru.saunceptilt.ru/favicon.ico IP172.67.163.225:443
Requested byhttps://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG CertificateIssuerGoogle Trust Services Subjectsaunceptilt.ru FingerprintE0:3F:9D:60:CF:FB:C0:D2:A9:AA:47:C0:2F:CA:6A:42:DA:55:7A:45 ValidityThu, 16 Jan 2025 12:36:08 GMT - Wed, 16 Apr 2025 13:34:27 GMT
Hash015e288fd2408f1c80d9fa840d9711ab 3e67d7da3169221adc0935882533fc05fbb97ba7 0be8649d80ce91bc0df45a23ee5abb6f4295bfd4f914c7eb9a4e24cac8d77454
GET /favicon.ico HTTP/1.1
Host: x0ru.saunceptilt.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://x0ru.saunceptilt.ru/oPWxJk/
Cookie: XSRF-TOKEN=eyJpdiI6IkljWmY2TzgxQmEwTmxrUnU3cVBjZmc9PSIsInZhbHVlIjoiRzYvUElyNTlYajVXSG1NVEMrK1EwbHo2VmdIdm1sdCtBZ1liN1R1OGlmbE1kd1NkaFBSUmhsOWtIOEFCOUxwdjB1a1JpS0RnaFpXSDNQdVVQZ2hvc3JUOVU4ajVqSjNlWW81YmRxY1ozMi9hMndXYWNzMFl1SWE0K0QyQThrOG4iLCJtYWMiOiIwMGYzYjVkZDNlNzI4NjgyZTA0MGU3NWJjZTZjYTk3NTBiNzM1YzFjODNiMzI3MmU1M2E3YjEzMjM4YjM5NThjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InZCbDA2NHBOc0RKYWVmemZGSUhUYVE9PSIsInZhbHVlIjoiampRRkhwVlhhR3ZmSlJ0MEs4ODR4M1ozdENDZEJTd2NDWWVZaUpiNXUvb082N3ZGWTZub2JWOHFLbTVGakhYTUdnT1NwK05VbXpuS3k3ajQ0UHNOTmhjbEJwZTFvUkJZcGZWa1BJMUIyWkxvSDNoL3BwVDF0c2FBL2htb3U1K0MiLCJtYWMiOiI3ZTQ2NGRkZTU1YjJjZjFiOTU0MzFkYWEyM2I1NjExYTgyNjIwYjFiN2YwMDc5OWMzOWExODY0ZmY1YzhkZDM2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 404 Not Found
date: Sat, 01 Feb 2025 01:47:12 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=14400
age: 351
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=egEQQEvr2%2F0KBOlcQlobgJoCyqKQxAp440geFia4Cxf4CB0b5UEhlus0vPvnmTxhEYhrEjHi6RaJ%2BCWuuRq%2BYyTwijTz8OFOn11USFHKTS4fbonkQcYoreJ6nXt9kA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
priority: u=6,i=?0
server: cloudflare
cf-ray: 90ae45acf9ec5693-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=5803&min_rtt=5763&rtt_var=1694&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2104&delivery_rate=476174&cwnd=221&unsent_bytes=0&cid=a78d17333fc1472e&ts=25&x=0", cfL4;desc="?proto=QUIC&rtt=6114&min_rtt=1699&rtt_var=4340&sent=30&recv=14&lost=0&retrans=0&sent_bytes=17011&recv_bytes=5684&delivery_rate=60138&cwnd=12000&unsent_bytes=0&cid=f7752c96d938e888&ts=7348&x=1", cfExtPri, cfHdrFlush;dur=0
|
|
| x0ru.saunceptilt.ru/lnKYeDhjgCQeYZseV0sF9SPfWmo | 172.67.163.225 | 200 OK | 1.3 kB |
URL x0ru.saunceptilt.ru/lnKYeDhjgCQeYZseV0sF9SPfWmo IP172.67.163.225:0
Hash5820854f62a6eb3d38ba7ba0d1b3ea75 639df0b84fe699b4a290a713fd6b9a94bd4deb95 912d0c07da7bdb22cdae025b96da26d01523aaab7362edb28544e3949deb369d
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft |
POST /lnKYeDhjgCQeYZseV0sF9SPfWmo HTTP/1.1
Host: x0ru.saunceptilt.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://x0ru.saunceptilt.ru/oPWxJk/
Content-Type: multipart/form-data; boundary=---------------------------9264999629465073432846052727
Content-Length: 909
Origin: https://x0ru.saunceptilt.ru
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IitmVVlQMVFtcHZxUmJvVm1NNE1jb1E9PSIsInZhbHVlIjoidVBua3BiVFc4SHVkUjZ3cEp5VjlheWFzdm1TT1liNFd1SjRBcVF5NzdqS3JpdDZTZDRkakVzdGV1ZkwzaEZBdkY5ZkFyUmwyVWdkQStOSnhRS2YxVXZ5ay8wSUc3WE5FRHlaREFpNi9mRlg2ek5VUW40c0paU3o2QTN0Z09Ld1ciLCJtYWMiOiIxZTgzZmU3MzU3ZjkyNmJmNjQwMDg4ZGZiNjUxODU0OTk0NGZiNjk1NmNjOTU0MmQ5NmQ1MzY1YzJiMGQ4MTZkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlpybjZ2a2VsV0kxdnJ6YTFabmFucUE9PSIsInZhbHVlIjoiYjM2NmVsUFE2WFZxY0xheFVPMlJpYmlMeTFvR1pYdkpsanFSV0JrdjVNWUJrU25sWElDdlFaNExxbGRDNDU3N2ozRzdJQ2V3NlJYbHkwR25oTEk3UDQ4aVg4S1hXOURkQ2xCeTBYMHJLT1M1MzhKYnB2N0YrZDBXUmJUNTBBQWoiLCJtYWMiOiIwNjA0YzU5NDNjOGNhYmU0NzkxZDQ0OTY4ZmJkODNhNDE1M2Q1ZDUwNTNkMDM1MmEyOGZmMDNlZDg5MmJhNGE2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 01 Feb 2025 01:47:12 GMT
content-type: application/json
cache-control: no-cache, private
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=13rUZxdePWRGi8QJH9Twb%2FFkbChEOeH2AA69zy2ICw96dwhhhEVXFQyJXCPb684c%2FJA1lKrqQh7lSBhFqkNxEgd5GlLZsMNSsG8Gf5cD86j8skCtAoAMKKtlk5pR1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6ImNaR0tkbkRmeWxMTWtxejNXWmI1TXc9PSIsInZhbHVlIjoiYjFyaUMxYW83MGl6dStnNERIS1FPNFZnTzZ1bHBSZDZPaGNCV2NjLzlIdFRHY1VwNmRKN3Q5dEdXbFVydGFYY1JQUHpGZ09STFgrWXR0ZHdHQW9KbXFabnVIQ0pEYnZvZXVIU0ZTNmp2WVh2S1ladkg4dWxOazl5NXhmbFQydWwiLCJtYWMiOiJiMjYxNTk0NzQyZWU4NTZiYWVlMzI5Mjg2YWYwODJhNjcxYTQ0ODllZWU3MjM0ZGFjZjk4NjcyNjA5ZDUxZjY5IiwidGFnIjoiIn0%3D; expires=Sat, 01-Feb-2025 03:47:12 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IjFzOFVVbHdtaGdiMjZDaUxBdW5qSmc9PSIsInZhbHVlIjoiU2xlRHdpUXVPVUxaeWdTNmYzQ0hIaTA1SXRscXJhS2MzYm56dXlaZDB6cmVER2kzYmJBMnhkMFdmcDdBWGZzSDFNcGs0cnpSVGtnZTdSYzFRMmpPSzBBSVpGUm9SU285bGJzK2p1NExwQ2JBMkVrZEhObmJ0Q3JVN1NJZ2t5U3oiLCJtYWMiOiIxZDFjZTViZjU2Y2RlMzM4ZTcxYzZmMjZkOWI1MjdmYTg2MDBlN2UyMmRjY2FhMjNkZWQ4NGE5ODFlNGZmMzY5IiwidGFnIjoiIn0%3D; expires=Sat, 01-Feb-2025 03:47:12 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
vary: accept-encoding
priority: u=4,i=?0
server: cloudflare
cf-ray: 90ae45a8e8115693-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=5266&min_rtt=5217&rtt_var=1557&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2823&recv_bytes=3163&delivery_rate=519234&cwnd=251&unsent_bytes=0&cid=df60a30d29449c2a&ts=92&x=0", cfL4;desc="?proto=QUIC&rtt=4217&min_rtt=1699&rtt_var=2436&sent=14&recv=9&lost=0&retrans=0&sent_bytes=4187&recv_bytes=2843&delivery_rate=346657&cwnd=12000&unsent_bytes=0&cid=f7752c96d938e888&ts=6884&x=1", cfExtPri, cfHdrFlush;dur=0
|
|
| x0ru.saunceptilt.ru/klOBAXKkM7zxA0PBXtuGSU6IpHSSzXjjkyJZcdNfRjNwpgHUKsNeFPOpTVPLe578167 | 172.67.163.225 | 200 OK | 10 kB |
URL GET HTTP/3x0ru.saunceptilt.ru/klOBAXKkM7zxA0PBXtuGSU6IpHSSzXjjkyJZcdNfRjNwpgHUKsNeFPOpTVPLe578167 IP172.67.163.225:443
Requested byhttps://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG CertificateIssuerGoogle Trust Services Subjectsaunceptilt.ru FingerprintE0:3F:9D:60:CF:FB:C0:D2:A9:AA:47:C0:2F:CA:6A:42:DA:55:7A:45 ValidityThu, 16 Jan 2025 12:36:08 GMT - Wed, 16 Apr 2025 13:34:27 GMT
File typeSVG Scalable Vector Graphics image Hashb59c16ca9bf156438a8a96d45e33db64 4e51b7d3477414b220f688adabd76d3ae6472ee3 a7ee799dd5b6f6dbb70b043b766362a6724e71458f9839306c995f06b218c2f8
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft |
GET /klOBAXKkM7zxA0PBXtuGSU6IpHSSzXjjkyJZcdNfRjNwpgHUKsNeFPOpTVPLe578167 HTTP/1.1
Host: x0ru.saunceptilt.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG
Cookie: XSRF-TOKEN=eyJpdiI6IlZzSHlqaENvSGx5MU5FY2ZzM3dpUnc9PSIsInZhbHVlIjoiYjZMcitId1VnbE1pcTdEeWgxYzU1S21GQ2tFaVZuUjhDZDdIT2xTSU1qdEtHNzZWSlRJNTNZYkxrdUtDVzg0am1nQ3EySXhBdUdFdCtoR0lGRS9GZUpQVHBVSHBOSjFZNkNvY3ByOHZTeEZManFJNXd3QUl2RExyWUlzNkptYTMiLCJtYWMiOiI1YmUxYzNmMzdkZTZjNDRjMTkxZTI1YTE0OWI0MGFiNjdlNzUwYjY2MGQ2NWFlOWU0MjJlYTVlZWViN2U1MmMzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IitCb0tMYUpzc0duYWZxbXlwb3gzdEE9PSIsInZhbHVlIjoicGpUbTRKeUhqUW45ZUIvMnJjaWZ3U3dNbnpJQ3dzNVM4V0kxTSsvMVRvRzhuSmIyWTcxVGFYd1NFUXkwL01telgvNjFsU3FXZEZpRGVTdmNPcC94TFdwMGE5TlpOM3lCUUp1VlA1ODl1S3JYeVpYMDZCamxMRXhLZncwN0U0TEgiLCJtYWMiOiI5YTg1MWNhZDljNjBjNTU4ZGVjNjk3Zjk3ZTEyZTRhODU2YmJkMjk5OTRhZDRhMjMxMmU5NjMzMzcxODg2YzYyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 01 Feb 2025 01:47:13 GMT
content-type: image/svg+xml
content-disposition: inline; filename="klOBAXKkM7zxA0PBXtuGSU6IpHSSzXjjkyJZcdNfRjNwpgHUKsNeFPOpTVPLe578167"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tcqOf045Nap1EFIRx8BO1DJVT7tzpol6T0VgR7iwJxvUJFfQaT4VqEzBur2wVAqOyJeq%2BFI%2Fff5Yk4kTX78l30K8NnsDlKAc3qFPlOdIgoJc6NpJO9g0%2FxxcXZD8pQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
vary: accept-encoding
priority: u=4,i=?0
server: cloudflare
cf-ray: 90ae45b08ba25693-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=5740&min_rtt=5716&rtt_var=1653&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2196&delivery_rate=484353&cwnd=252&unsent_bytes=0&cid=ead9dd93a5ba045f&ts=96&x=0", cfL4;desc="?proto=QUIC&rtt=1496&min_rtt=706&rtt_var=752&sent=333&recv=62&lost=0&retrans=0&sent_bytes=345414&recv_bytes=24861&delivery_rate=26542249&cwnd=156000&unsent_bytes=0&cid=f7752c96d938e888&ts=8113&x=1", cfExtPri, cfHdrFlush;dur=0
|
|
| x0ru.saunceptilt.ru/klzIJWu0UNP9rvAixUKyy8EnlS8JZy1ZZ9pijCjD6suEIEuIh00EW28BrhIuVwx220 | 172.67.163.225 | 200 OK | 5.2 kB |
URL GET HTTP/3x0ru.saunceptilt.ru/klzIJWu0UNP9rvAixUKyy8EnlS8JZy1ZZ9pijCjD6suEIEuIh00EW28BrhIuVwx220 IP172.67.163.225:443
Requested byhttps://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG CertificateIssuerGoogle Trust Services Subjectsaunceptilt.ru FingerprintE0:3F:9D:60:CF:FB:C0:D2:A9:AA:47:C0:2F:CA:6A:42:DA:55:7A:45 ValidityThu, 16 Jan 2025 12:36:08 GMT - Wed, 16 Apr 2025 13:34:27 GMT
File typeSVG Scalable Vector Graphics image Hashbc3d32a696895f78c19df6c717586a5d 9191cb156a30a3ed79c44c0a16c95159e8ff689d 0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft |
GET /klzIJWu0UNP9rvAixUKyy8EnlS8JZy1ZZ9pijCjD6suEIEuIh00EW28BrhIuVwx220 HTTP/1.1
Host: x0ru.saunceptilt.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG
Cookie: XSRF-TOKEN=eyJpdiI6IlZzSHlqaENvSGx5MU5FY2ZzM3dpUnc9PSIsInZhbHVlIjoiYjZMcitId1VnbE1pcTdEeWgxYzU1S21GQ2tFaVZuUjhDZDdIT2xTSU1qdEtHNzZWSlRJNTNZYkxrdUtDVzg0am1nQ3EySXhBdUdFdCtoR0lGRS9GZUpQVHBVSHBOSjFZNkNvY3ByOHZTeEZManFJNXd3QUl2RExyWUlzNkptYTMiLCJtYWMiOiI1YmUxYzNmMzdkZTZjNDRjMTkxZTI1YTE0OWI0MGFiNjdlNzUwYjY2MGQ2NWFlOWU0MjJlYTVlZWViN2U1MmMzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IitCb0tMYUpzc0duYWZxbXlwb3gzdEE9PSIsInZhbHVlIjoicGpUbTRKeUhqUW45ZUIvMnJjaWZ3U3dNbnpJQ3dzNVM4V0kxTSsvMVRvRzhuSmIyWTcxVGFYd1NFUXkwL01telgvNjFsU3FXZEZpRGVTdmNPcC94TFdwMGE5TlpOM3lCUUp1VlA1ODl1S3JYeVpYMDZCamxMRXhLZncwN0U0TEgiLCJtYWMiOiI5YTg1MWNhZDljNjBjNTU4ZGVjNjk3Zjk3ZTEyZTRhODU2YmJkMjk5OTRhZDRhMjMxMmU5NjMzMzcxODg2YzYyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 01 Feb 2025 01:47:14 GMT
content-type: image/svg+xml
content-disposition: inline; filename="klzIJWu0UNP9rvAixUKyy8EnlS8JZy1ZZ9pijCjD6suEIEuIh00EW28BrhIuVwx220"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B55QJmtGt31yCD7%2FFHwmAQbYmWiIbRIrtr08YlIh2trIF9jW85geqhfJOqFfcG6%2Fr62cQvwIC5ytF3BcrtGGj1E1IyviwkxkeGQ713rXJV5upkPxtPUQR%2BFyREOJTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
vary: accept-encoding
priority: u=4,i=?0
server: cloudflare
cf-ray: 90ae45b7af845693-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=5597&min_rtt=5585&rtt_var=2118&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2195&delivery_rate=501231&cwnd=249&unsent_bytes=0&cid=7b69e61f31eae363&ts=106&x=0", cfL4;desc="?proto=QUIC&rtt=1851&min_rtt=609&rtt_var=1170&sent=463&recv=84&lost=0&retrans=0&sent_bytes=477367&recv_bytes=28679&delivery_rate=1118030&cwnd=156000&unsent_bytes=0&cid=f7752c96d938e888&ts=9216&x=1", cfExtPri, cfHdrFlush;dur=0
|
|
| location.services.mozilla.com/v1/country?key=no-mozilla-api-key | 35.190.72.216 | 200 OK | 45 B |
URL location.services.mozilla.com/v1/country?key=no-mozilla-api-key IP35.190.72.216:0
Hash6aaea1b4e41c32104faa9a0ffb941938 396890ef2e1e114cb792d7cafdec0342b5a35b78 adaecf23a14a64db5915718f88d4e7679741121d8546937adc0fed553791246c
GET /v1/country?key=no-mozilla-api-key HTTP/1.1
Host: location.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 01 Feb 2025 01:47:33 GMT
content-type: application/json
content-length: 45
cache-control: max-age=0, no-cache, no-store, must-revalidate
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| x0ru.saunceptilt.ru/wxZImvnm2SChewKWVXHclHh5R0Qff8i2CXrs4QMq73Acwfl5Rso0uJOW90180 | 172.67.163.225 | 200 OK | 2.9 kB |
URL GET HTTP/3x0ru.saunceptilt.ru/wxZImvnm2SChewKWVXHclHh5R0Qff8i2CXrs4QMq73Acwfl5Rso0uJOW90180 IP172.67.163.225:443
Requested byhttps://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG CertificateIssuerGoogle Trust Services Subjectsaunceptilt.ru FingerprintE0:3F:9D:60:CF:FB:C0:D2:A9:AA:47:C0:2F:CA:6A:42:DA:55:7A:45 ValidityThu, 16 Jan 2025 12:36:08 GMT - Wed, 16 Apr 2025 13:34:27 GMT
File typeSVG Scalable Vector Graphics image Hashe924de0d471df54b6280f3dc8b187cb8 857f03226070b502a9e06b4249710ec10be4c9e9 24ce135a31ce83ac3d62471fcc0e1a82ce6f1533c993ee59ca4e110d5f2fae33
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft |
GET /wxZImvnm2SChewKWVXHclHh5R0Qff8i2CXrs4QMq73Acwfl5Rso0uJOW90180 HTTP/1.1
Host: x0ru.saunceptilt.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG
Cookie: XSRF-TOKEN=eyJpdiI6IlZzSHlqaENvSGx5MU5FY2ZzM3dpUnc9PSIsInZhbHVlIjoiYjZMcitId1VnbE1pcTdEeWgxYzU1S21GQ2tFaVZuUjhDZDdIT2xTSU1qdEtHNzZWSlRJNTNZYkxrdUtDVzg0am1nQ3EySXhBdUdFdCtoR0lGRS9GZUpQVHBVSHBOSjFZNkNvY3ByOHZTeEZManFJNXd3QUl2RExyWUlzNkptYTMiLCJtYWMiOiI1YmUxYzNmMzdkZTZjNDRjMTkxZTI1YTE0OWI0MGFiNjdlNzUwYjY2MGQ2NWFlOWU0MjJlYTVlZWViN2U1MmMzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IitCb0tMYUpzc0duYWZxbXlwb3gzdEE9PSIsInZhbHVlIjoicGpUbTRKeUhqUW45ZUIvMnJjaWZ3U3dNbnpJQ3dzNVM4V0kxTSsvMVRvRzhuSmIyWTcxVGFYd1NFUXkwL01telgvNjFsU3FXZEZpRGVTdmNPcC94TFdwMGE5TlpOM3lCUUp1VlA1ODl1S3JYeVpYMDZCamxMRXhLZncwN0U0TEgiLCJtYWMiOiI5YTg1MWNhZDljNjBjNTU4ZGVjNjk3Zjk3ZTEyZTRhODU2YmJkMjk5OTRhZDRhMjMxMmU5NjMzMzcxODg2YzYyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 01 Feb 2025 01:47:13 GMT
content-type: image/svg+xml
content-disposition: inline; filename="wxZImvnm2SChewKWVXHclHh5R0Qff8i2CXrs4QMq73Acwfl5Rso0uJOW90180"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cg24qRTwyh00S0dIJUDWlK%2BS6GNgeYeNoD7%2BjYYtDj35wPOb0fzzL3%2Bsbvm3UeKlkC1Isi5iD%2BoNDVF2Q6OU9JRc372H8q6rskrAzKZj5PP8H%2F3h6BElObS1C6wKRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
vary: accept-encoding
priority: u=4,i=?0
server: cloudflare
cf-ray: 90ae45b08ba65693-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=4333&min_rtt=4329&rtt_var=1633&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2824&recv_bytes=2190&delivery_rate=652014&cwnd=247&unsent_bytes=0&cid=41d07e24e5ba9681&ts=94&x=0", cfL4;desc="?proto=QUIC&rtt=1545&min_rtt=706&rtt_var=1067&sent=240&recv=60&lost=0&retrans=0&sent_bytes=234886&recv_bytes=24770&delivery_rate=3594238&cwnd=78000&unsent_bytes=0&cid=f7752c96d938e888&ts=8104&x=1", cfExtPri, cfHdrFlush;dur=0
|
|
| x0ru.saunceptilt.ru/rsVtG1mtVyOLFvvtpxGGPidkkijIgZr2V5lJmJUEd4IsAbrcd200 | 172.67.163.225 | 200 OK | 268 B |
URL GET HTTP/3x0ru.saunceptilt.ru/rsVtG1mtVyOLFvvtpxGGPidkkijIgZr2V5lJmJUEd4IsAbrcd200 IP172.67.163.225:443
Requested byhttps://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG CertificateIssuerGoogle Trust Services Subjectsaunceptilt.ru FingerprintE0:3F:9D:60:CF:FB:C0:D2:A9:AA:47:C0:2F:CA:6A:42:DA:55:7A:45 ValidityThu, 16 Jan 2025 12:36:08 GMT - Wed, 16 Apr 2025 13:34:27 GMT
File typeSVG Scalable Vector Graphics image Hash1318aafc1fb9ded0c623e5b9a557e6df 0917cdd7633cd1642b02b2b785416ec7e5106dcc d86660a84daa211b121ec9fe0df83d6b945f61b888384391eabc7d6b4e941dc4
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft |
GET /rsVtG1mtVyOLFvvtpxGGPidkkijIgZr2V5lJmJUEd4IsAbrcd200 HTTP/1.1
Host: x0ru.saunceptilt.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG
Cookie: XSRF-TOKEN=eyJpdiI6IlZzSHlqaENvSGx5MU5FY2ZzM3dpUnc9PSIsInZhbHVlIjoiYjZMcitId1VnbE1pcTdEeWgxYzU1S21GQ2tFaVZuUjhDZDdIT2xTSU1qdEtHNzZWSlRJNTNZYkxrdUtDVzg0am1nQ3EySXhBdUdFdCtoR0lGRS9GZUpQVHBVSHBOSjFZNkNvY3ByOHZTeEZManFJNXd3QUl2RExyWUlzNkptYTMiLCJtYWMiOiI1YmUxYzNmMzdkZTZjNDRjMTkxZTI1YTE0OWI0MGFiNjdlNzUwYjY2MGQ2NWFlOWU0MjJlYTVlZWViN2U1MmMzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IitCb0tMYUpzc0duYWZxbXlwb3gzdEE9PSIsInZhbHVlIjoicGpUbTRKeUhqUW45ZUIvMnJjaWZ3U3dNbnpJQ3dzNVM4V0kxTSsvMVRvRzhuSmIyWTcxVGFYd1NFUXkwL01telgvNjFsU3FXZEZpRGVTdmNPcC94TFdwMGE5TlpOM3lCUUp1VlA1ODl1S3JYeVpYMDZCamxMRXhLZncwN0U0TEgiLCJtYWMiOiI5YTg1MWNhZDljNjBjNTU4ZGVjNjk3Zjk3ZTEyZTRhODU2YmJkMjk5OTRhZDRhMjMxMmU5NjMzMzcxODg2YzYyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 01 Feb 2025 01:47:13 GMT
content-type: image/svg+xml
content-disposition: inline; filename="rsVtG1mtVyOLFvvtpxGGPidkkijIgZr2V5lJmJUEd4IsAbrcd200"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oVJoeTA90wuXsw%2FjUociAZSn8K21klTbQ%2FZSU5nb%2FPevcx56OQlsQOdgVlUX4EZfJScHaN0QA4xMVNtS5gr%2FuqMz8GxPfoxTmIq26RA7w%2BI%2Bv7ydVsUTumNcJC8%2BwA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
vary: accept-encoding
priority: u=4,i=?0
server: cloudflare
cf-ray: 90ae45b09ba75693-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=5363&min_rtt=5101&rtt_var=2438&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2181&delivery_rate=395390&cwnd=226&unsent_bytes=0&cid=7a05bcb35cd2e2de&ts=100&x=0", cfL4;desc="?proto=QUIC&rtt=1427&min_rtt=706&rtt_var=701&sent=364&recv=63&lost=0&retrans=0&sent_bytes=382261&recv_bytes=24907&delivery_rate=6827214&cwnd=156000&unsent_bytes=0&cid=f7752c96d938e888&ts=8118&x=1", cfExtPri, cfHdrFlush;dur=0
|
|
| x0ru.saunceptilt.ru/122X28ufiP2xyuhRT9R6720 | 172.67.163.225 | 200 OK | 24 kB |
URL GET HTTP/3x0ru.saunceptilt.ru/122X28ufiP2xyuhRT9R6720 IP172.67.163.225:443
Requested byhttps://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG CertificateIssuerGoogle Trust Services Subjectsaunceptilt.ru FingerprintE0:3F:9D:60:CF:FB:C0:D2:A9:AA:47:C0:2F:CA:6A:42:DA:55:7A:45 ValidityThu, 16 Jan 2025 12:36:08 GMT - Wed, 16 Apr 2025 13:34:27 GMT
File typeASCII text, with very long lines (23854), with no line terminators Hash8025ea2266871f7af97c89d4b43dc4a6 b80f1279a6438e2325d0ece6642ba34cebd9b4d8 bad46ff2d915998c6f922bfca9b0f01b805f3b548cf038da1bf6643fe371385e
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft |
GET /122X28ufiP2xyuhRT9R6720 HTTP/1.1
Host: x0ru.saunceptilt.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG
Cookie: XSRF-TOKEN=eyJpdiI6IlZzSHlqaENvSGx5MU5FY2ZzM3dpUnc9PSIsInZhbHVlIjoiYjZMcitId1VnbE1pcTdEeWgxYzU1S21GQ2tFaVZuUjhDZDdIT2xTSU1qdEtHNzZWSlRJNTNZYkxrdUtDVzg0am1nQ3EySXhBdUdFdCtoR0lGRS9GZUpQVHBVSHBOSjFZNkNvY3ByOHZTeEZManFJNXd3QUl2RExyWUlzNkptYTMiLCJtYWMiOiI1YmUxYzNmMzdkZTZjNDRjMTkxZTI1YTE0OWI0MGFiNjdlNzUwYjY2MGQ2NWFlOWU0MjJlYTVlZWViN2U1MmMzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IitCb0tMYUpzc0duYWZxbXlwb3gzdEE9PSIsInZhbHVlIjoicGpUbTRKeUhqUW45ZUIvMnJjaWZ3U3dNbnpJQ3dzNVM4V0kxTSsvMVRvRzhuSmIyWTcxVGFYd1NFUXkwL01telgvNjFsU3FXZEZpRGVTdmNPcC94TFdwMGE5TlpOM3lCUUp1VlA1ODl1S3JYeVpYMDZCamxMRXhLZncwN0U0TEgiLCJtYWMiOiI5YTg1MWNhZDljNjBjNTU4ZGVjNjk3Zjk3ZTEyZTRhODU2YmJkMjk5OTRhZDRhMjMxMmU5NjMzMzcxODg2YzYyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 01 Feb 2025 01:47:13 GMT
content-type: text/css;charset=UTF-8
content-disposition: inline; filename="122X28ufiP2xyuhRT9R6720"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=113NbYDRZTHbkbaxmzf%2BDzCN7o3Llx%2FCOWitYmpfA1thge7XhPXjemBTkuTGT7fN39XlRNWfEKWMV53NYYmOaOl64Lv9Aa%2FUFuwx95IUe9RDXNDatRNClsnUeKK87Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
vary: accept-encoding
priority: u=2,i=?0
server: cloudflare
cf-ray: 90ae45b05b875693-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=4417&min_rtt=4375&rtt_var=1267&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2824&recv_bytes=2145&delivery_rate=635288&cwnd=244&unsent_bytes=0&cid=ed257133283ea0e3&ts=148&x=0", cfL4;desc="?proto=QUIC&rtt=1873&min_rtt=706&rtt_var=1323&sent=230&recv=57&lost=0&retrans=0&sent_bytes=223702&recv_bytes=24635&delivery_rate=1289034&cwnd=78000&unsent_bytes=0&cid=f7752c96d938e888&ts=8096&x=1", cfExtPri, cfHdrFlush;dur=0
|
|
| x0ru.saunceptilt.ru/34SdtrgyiaoodM7k75901SklpqWxfvESmmuz89110 | 172.67.163.225 | 200 OK | 137 kB |
URL GET HTTP/3x0ru.saunceptilt.ru/34SdtrgyiaoodM7k75901SklpqWxfvESmmuz89110 IP172.67.163.225:443
Requested byhttps://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG CertificateIssuerGoogle Trust Services Subjectsaunceptilt.ru FingerprintE0:3F:9D:60:CF:FB:C0:D2:A9:AA:47:C0:2F:CA:6A:42:DA:55:7A:45 ValidityThu, 16 Jan 2025 12:36:08 GMT - Wed, 16 Apr 2025 13:34:27 GMT
Size137 kB (136817 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /34SdtrgyiaoodM7k75901SklpqWxfvESmmuz89110 HTTP/1.1
Host: x0ru.saunceptilt.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG
Cookie: XSRF-TOKEN=eyJpdiI6IlZzSHlqaENvSGx5MU5FY2ZzM3dpUnc9PSIsInZhbHVlIjoiYjZMcitId1VnbE1pcTdEeWgxYzU1S21GQ2tFaVZuUjhDZDdIT2xTSU1qdEtHNzZWSlRJNTNZYkxrdUtDVzg0am1nQ3EySXhBdUdFdCtoR0lGRS9GZUpQVHBVSHBOSjFZNkNvY3ByOHZTeEZManFJNXd3QUl2RExyWUlzNkptYTMiLCJtYWMiOiI1YmUxYzNmMzdkZTZjNDRjMTkxZTI1YTE0OWI0MGFiNjdlNzUwYjY2MGQ2NWFlOWU0MjJlYTVlZWViN2U1MmMzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IitCb0tMYUpzc0duYWZxbXlwb3gzdEE9PSIsInZhbHVlIjoicGpUbTRKeUhqUW45ZUIvMnJjaWZ3U3dNbnpJQ3dzNVM4V0kxTSsvMVRvRzhuSmIyWTcxVGFYd1NFUXkwL01telgvNjFsU3FXZEZpRGVTdmNPcC94TFdwMGE5TlpOM3lCUUp1VlA1ODl1S3JYeVpYMDZCamxMRXhLZncwN0U0TEgiLCJtYWMiOiI5YTg1MWNhZDljNjBjNTU4ZGVjNjk3Zjk3ZTEyZTRhODU2YmJkMjk5OTRhZDRhMjMxMmU5NjMzMzcxODg2YzYyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 01 Feb 2025 01:47:13 GMT
content-type: application/javascript
content-disposition: inline; filename="34SdtrgyiaoodM7k75901SklpqWxfvESmmuz89110"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xcVDpM5I9sFG6AXDbwXAw2N69ETSXvXWnq%2F0%2FHonf4BQjIoFYgXZxCiNPUkOPDxmJfwld9e0iQaXdOvBjy1pcE0PI%2FTq8hPOvLZdPKyh6tHlmPI3dDVUfXx%2BLbUowg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
vary: accept-encoding
priority: u=3,i=?0
server: cloudflare
cf-ray: 90ae45b0bbb55693-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=5860&min_rtt=5540&rtt_var=1792&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2134&delivery_rate=500703&cwnd=251&unsent_bytes=0&cid=ace414fbe01755e3&ts=95&x=0", cfL4;desc="?proto=QUIC&rtt=1544&min_rtt=706&rtt_var=760&sent=384&recv=64&lost=0&retrans=0&sent_bytes=404955&recv_bytes=24953&delivery_rate=24885855&cwnd=156000&unsent_bytes=0&cid=f7752c96d938e888&ts=8133&x=1", cfExtPri, cfHdrFlush;dur=0
|
|
| x0ru.saunceptilt.ru/mnrRvji2464xzOvZwzF01Q72g1Mhijl2ePc6mqKLWMWYfXYw78150 | 172.67.163.225 | 200 OK | 270 B |
URL GET HTTP/3x0ru.saunceptilt.ru/mnrRvji2464xzOvZwzF01Q72g1Mhijl2ePc6mqKLWMWYfXYw78150 IP172.67.163.225:443
Requested byhttps://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG CertificateIssuerGoogle Trust Services Subjectsaunceptilt.ru FingerprintE0:3F:9D:60:CF:FB:C0:D2:A9:AA:47:C0:2F:CA:6A:42:DA:55:7A:45 ValidityThu, 16 Jan 2025 12:36:08 GMT - Wed, 16 Apr 2025 13:34:27 GMT
File typeSVG Scalable Vector Graphics image Hash0c09c5ea7c28d6feb4d124957dde0a0d 1b9efde2d8f0e2a3d9d5315117e597c2d622fc5e b3c39d2c15327b7ae68940502a2d7bf457fe521e075e6e671d0340edc58bcb3a
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft |
GET /mnrRvji2464xzOvZwzF01Q72g1Mhijl2ePc6mqKLWMWYfXYw78150 HTTP/1.1
Host: x0ru.saunceptilt.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG
Cookie: XSRF-TOKEN=eyJpdiI6IlZzSHlqaENvSGx5MU5FY2ZzM3dpUnc9PSIsInZhbHVlIjoiYjZMcitId1VnbE1pcTdEeWgxYzU1S21GQ2tFaVZuUjhDZDdIT2xTSU1qdEtHNzZWSlRJNTNZYkxrdUtDVzg0am1nQ3EySXhBdUdFdCtoR0lGRS9GZUpQVHBVSHBOSjFZNkNvY3ByOHZTeEZManFJNXd3QUl2RExyWUlzNkptYTMiLCJtYWMiOiI1YmUxYzNmMzdkZTZjNDRjMTkxZTI1YTE0OWI0MGFiNjdlNzUwYjY2MGQ2NWFlOWU0MjJlYTVlZWViN2U1MmMzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IitCb0tMYUpzc0duYWZxbXlwb3gzdEE9PSIsInZhbHVlIjoicGpUbTRKeUhqUW45ZUIvMnJjaWZ3U3dNbnpJQ3dzNVM4V0kxTSsvMVRvRzhuSmIyWTcxVGFYd1NFUXkwL01telgvNjFsU3FXZEZpRGVTdmNPcC94TFdwMGE5TlpOM3lCUUp1VlA1ODl1S3JYeVpYMDZCamxMRXhLZncwN0U0TEgiLCJtYWMiOiI5YTg1MWNhZDljNjBjNTU4ZGVjNjk3Zjk3ZTEyZTRhODU2YmJkMjk5OTRhZDRhMjMxMmU5NjMzMzcxODg2YzYyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 01 Feb 2025 01:47:13 GMT
content-type: image/svg+xml
content-disposition: inline; filename="mnrRvji2464xzOvZwzF01Q72g1Mhijl2ePc6mqKLWMWYfXYw78150"
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400
vary: accept-encoding
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AQBxSarhH0IkhlDLL8UWVzThzezaDUROX%2BV9jedYb1niIDuHN9EjAJF5UlhrapiIHZEgsgcixcpH1FCFWlOMSwJTzpJ73uLIcFgUKtTzBipspkbV7P%2FT5DvU7v9MzyzwqtVMGxva"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90ae45b08b9f5693-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=QUIC&rtt=2720&min_rtt=706&rtt_var=2509&sent=395&recv=68&lost=0&retrans=0&sent_bytes=414582&recv_bytes=25136&delivery_rate=219445&cwnd=156000&unsent_bytes=0&cid=f7752c96d938e888&ts=8164&x=1", cfExtPri, cfHdrFlush;dur=0
|
|
| x0ru.saunceptilt.ru/xyx2e4GepqDXUxcd23 | 172.67.163.225 | 200 OK | 36 kB |
URL GET HTTP/3x0ru.saunceptilt.ru/xyx2e4GepqDXUxcd23 IP172.67.163.225:443
Requested byhttps://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG CertificateIssuerGoogle Trust Services Subjectsaunceptilt.ru FingerprintE0:3F:9D:60:CF:FB:C0:D2:A9:AA:47:C0:2F:CA:6A:42:DA:55:7A:45 ValidityThu, 16 Jan 2025 12:36:08 GMT - Wed, 16 Apr 2025 13:34:27 GMT
File typeASCII text, with CRLF line terminators Hash38501e3fbbbd89b56aa5ba35de1a32fe d9b31981b6f834e8480ba28fbc1cff1be772f589 a1ca6b381cb01968851c98512c6e7f6c5309a49f7a16b864813135cbff82a85b
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft |
GET /xyx2e4GepqDXUxcd23 HTTP/1.1
Host: x0ru.saunceptilt.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG
Cookie: XSRF-TOKEN=eyJpdiI6IlZzSHlqaENvSGx5MU5FY2ZzM3dpUnc9PSIsInZhbHVlIjoiYjZMcitId1VnbE1pcTdEeWgxYzU1S21GQ2tFaVZuUjhDZDdIT2xTSU1qdEtHNzZWSlRJNTNZYkxrdUtDVzg0am1nQ3EySXhBdUdFdCtoR0lGRS9GZUpQVHBVSHBOSjFZNkNvY3ByOHZTeEZManFJNXd3QUl2RExyWUlzNkptYTMiLCJtYWMiOiI1YmUxYzNmMzdkZTZjNDRjMTkxZTI1YTE0OWI0MGFiNjdlNzUwYjY2MGQ2NWFlOWU0MjJlYTVlZWViN2U1MmMzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IitCb0tMYUpzc0duYWZxbXlwb3gzdEE9PSIsInZhbHVlIjoicGpUbTRKeUhqUW45ZUIvMnJjaWZ3U3dNbnpJQ3dzNVM4V0kxTSsvMVRvRzhuSmIyWTcxVGFYd1NFUXkwL01telgvNjFsU3FXZEZpRGVTdmNPcC94TFdwMGE5TlpOM3lCUUp1VlA1ODl1S3JYeVpYMDZCamxMRXhLZncwN0U0TEgiLCJtYWMiOiI5YTg1MWNhZDljNjBjNTU4ZGVjNjk3Zjk3ZTEyZTRhODU2YmJkMjk5OTRhZDRhMjMxMmU5NjMzMzcxODg2YzYyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 01 Feb 2025 01:47:13 GMT
content-type: text/css;charset=UTF-8
content-disposition: inline; filename="xyx2e4GepqDXUxcd23"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nhcw3GPMsFpdxhQQ6MtHgDhJDXJPNekuhEnHuYD0z5Sfo0xQDJmda6bLjQyRUYNfvT2u%2FCPFoFTd9dHdMvtHyXnALgn%2FJwmMw96F7ibsBJf96Gy6rcTCz1m5naPTzA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
vary: accept-encoding
priority: u=2,i=?0
server: cloudflare
cf-ray: 90ae45b06b895693-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=4992&min_rtt=4894&rtt_var=1550&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2824&recv_bytes=2140&delivery_rate=530947&cwnd=188&unsent_bytes=0&cid=592560eca7639364&ts=105&x=0", cfL4;desc="?proto=QUIC&rtt=1873&min_rtt=706&rtt_var=1323&sent=234&recv=57&lost=0&retrans=0&sent_bytes=228326&recv_bytes=24635&delivery_rate=1289034&cwnd=78000&unsent_bytes=0&cid=f7752c96d938e888&ts=8097&x=1", cfExtPri, cfHdrFlush;dur=0
|
|
| ok4static.oktacdn.com/assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2 | 143.204.55.3 | 200 OK | 20 kB |
URL GET HTTP/2ok4static.oktacdn.com/assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2 IP143.204.55.3:443
Requested byhttps://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG CertificateIssuerDigiCert Inc Subject*.oktacdn.com Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5 ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 20416, version 2.197 Hashd99a7377dabb55772ca9f986b0a04b57 2b5fcd8431953c44e410d0489899e74f6d2cfecc affdba1620552b12a1a8a04467136aeb408c03fa337d20e9c38374d682d4d149
GET /assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2 HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://x0ru.saunceptilt.ru
DNT: 1
Connection: keep-alive
Referer: https://ok4static.oktacdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/font-woff2
content-length: 20416
date: Mon, 27 Jan 2025 07:42:18 GMT
server: nginx
last-modified: Tue, 07 Nov 2023 18:56:28 GMT
etag: "d99a7377dabb55772ca9f986b0a04b57"
x-amz-meta-sha1sum: 2b5fcd8431953c44e410d0489899e74f6d2cfecc
expires: Tue, 27 Jan 2026 07:42:18 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: IZq8wU-CCcNPqpwy4e8F2mDboCu_SWyjTl6Cg-Lsx-k09A0dbQhdog==
age: 410696
X-Firefox-Spdy: h2
|
|
| x0ru.saunceptilt.ru/klOq0IetkuWlrtwBlXfolvJEewJ4nar89sRdyPVXxptaktR3yVzaab227 | 172.67.163.225 | 200 OK | 1.3 kB |
URL GET HTTP/3x0ru.saunceptilt.ru/klOq0IetkuWlrtwBlXfolvJEewJ4nar89sRdyPVXxptaktR3yVzaab227 IP172.67.163.225:443
Requested byhttps://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG CertificateIssuerGoogle Trust Services Subjectsaunceptilt.ru FingerprintE0:3F:9D:60:CF:FB:C0:D2:A9:AA:47:C0:2F:CA:6A:42:DA:55:7A:45 ValidityThu, 16 Jan 2025 12:36:08 GMT - Wed, 16 Apr 2025 13:34:27 GMT
File typeRIFF (little-endian) data, Web/P image Hash32ca2081553e969f9fdd4374134521ad 7b09924c4c3d8b6e41fe38363e342da098be4173 216fc342a469aa6a005b2eacc24622095e5282d3e9f1ae99ce54c27b92ec3587
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft |
GET /klOq0IetkuWlrtwBlXfolvJEewJ4nar89sRdyPVXxptaktR3yVzaab227 HTTP/1.1
Host: x0ru.saunceptilt.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG
Cookie: XSRF-TOKEN=eyJpdiI6IlZzSHlqaENvSGx5MU5FY2ZzM3dpUnc9PSIsInZhbHVlIjoiYjZMcitId1VnbE1pcTdEeWgxYzU1S21GQ2tFaVZuUjhDZDdIT2xTSU1qdEtHNzZWSlRJNTNZYkxrdUtDVzg0am1nQ3EySXhBdUdFdCtoR0lGRS9GZUpQVHBVSHBOSjFZNkNvY3ByOHZTeEZManFJNXd3QUl2RExyWUlzNkptYTMiLCJtYWMiOiI1YmUxYzNmMzdkZTZjNDRjMTkxZTI1YTE0OWI0MGFiNjdlNzUwYjY2MGQ2NWFlOWU0MjJlYTVlZWViN2U1MmMzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IitCb0tMYUpzc0duYWZxbXlwb3gzdEE9PSIsInZhbHVlIjoicGpUbTRKeUhqUW45ZUIvMnJjaWZ3U3dNbnpJQ3dzNVM4V0kxTSsvMVRvRzhuSmIyWTcxVGFYd1NFUXkwL01telgvNjFsU3FXZEZpRGVTdmNPcC94TFdwMGE5TlpOM3lCUUp1VlA1ODl1S3JYeVpYMDZCamxMRXhLZncwN0U0TEgiLCJtYWMiOiI5YTg1MWNhZDljNjBjNTU4ZGVjNjk3Zjk3ZTEyZTRhODU2YmJkMjk5OTRhZDRhMjMxMmU5NjMzMzcxODg2YzYyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 01 Feb 2025 01:47:14 GMT
content-type: image/webp
content-length: 1298
content-disposition: inline; filename="klOq0IetkuWlrtwBlXfolvJEewJ4nar89sRdyPVXxptaktR3yVzaab227"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SnfVzQ%2FmSJ2PSWATFl1ZBI7SioCwHs03oDCTL5kESCnc%2FTPpF9bD3vG4kGhVBLByQhqy9tT4%2B98IBK%2F8UBCufTT1T%2ByLoU1Pepmlni5EWqSgyc61QQK8Y6fajnn1fw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
priority: u=4,i=?0
server: cloudflare
cf-ray: 90ae45b7bf885693-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=4355&min_rtt=4343&rtt_var=1246&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2186&delivery_rate=642599&cwnd=229&unsent_bytes=0&cid=a53c1e51efea68a2&ts=93&x=0", cfL4;desc="?proto=QUIC&rtt=1924&min_rtt=609&rtt_var=1365&sent=461&recv=83&lost=0&retrans=0&sent_bytes=475172&recv_bytes=28633&delivery_rate=27397&cwnd=156000&unsent_bytes=0&cid=f7752c96d938e888&ts=9208&x=1", cfExtPri, cfHdrFlush;dur=0
|
|
| x0ru.saunceptilt.ru/tdjXXsK6UHY13vEvfc0gBMpy0bvmYMRYrXBfbi32 | 172.67.163.225 | 200 OK | 6.9 kB |
URL POST HTTP/3x0ru.saunceptilt.ru/tdjXXsK6UHY13vEvfc0gBMpy0bvmYMRYrXBfbi32 IP172.67.163.225:443
Requested byhttps://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG CertificateIssuerGoogle Trust Services Subjectsaunceptilt.ru FingerprintE0:3F:9D:60:CF:FB:C0:D2:A9:AA:47:C0:2F:CA:6A:42:DA:55:7A:45 ValidityThu, 16 Jan 2025 12:36:08 GMT - Wed, 16 Apr 2025 13:34:27 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (6929), with no line terminators Hash0b07ab28e570c3807977fb2e34ba8f44 4918ebdd4b95cacf9bf1f7759b2401927ec6b2a5 c92cc642dc9a3625a2e1fd42db6b28be85b057baef6b6576bdc5f422af1c2963
POST /tdjXXsK6UHY13vEvfc0gBMpy0bvmYMRYrXBfbi32 HTTP/1.1
Host: x0ru.saunceptilt.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 53
Origin: https://x0ru.saunceptilt.ru
DNT: 1
Connection: keep-alive
Referer: https://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG
Cookie: XSRF-TOKEN=eyJpdiI6IlZzSHlqaENvSGx5MU5FY2ZzM3dpUnc9PSIsInZhbHVlIjoiYjZMcitId1VnbE1pcTdEeWgxYzU1S21GQ2tFaVZuUjhDZDdIT2xTSU1qdEtHNzZWSlRJNTNZYkxrdUtDVzg0am1nQ3EySXhBdUdFdCtoR0lGRS9GZUpQVHBVSHBOSjFZNkNvY3ByOHZTeEZManFJNXd3QUl2RExyWUlzNkptYTMiLCJtYWMiOiI1YmUxYzNmMzdkZTZjNDRjMTkxZTI1YTE0OWI0MGFiNjdlNzUwYjY2MGQ2NWFlOWU0MjJlYTVlZWViN2U1MmMzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IitCb0tMYUpzc0duYWZxbXlwb3gzdEE9PSIsInZhbHVlIjoicGpUbTRKeUhqUW45ZUIvMnJjaWZ3U3dNbnpJQ3dzNVM4V0kxTSsvMVRvRzhuSmIyWTcxVGFYd1NFUXkwL01telgvNjFsU3FXZEZpRGVTdmNPcC94TFdwMGE5TlpOM3lCUUp1VlA1ODl1S3JYeVpYMDZCamxMRXhLZncwN0U0TEgiLCJtYWMiOiI5YTg1MWNhZDljNjBjNTU4ZGVjNjk3Zjk3ZTEyZTRhODU2YmJkMjk5OTRhZDRhMjMxMmU5NjMzMzcxODg2YzYyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 01 Feb 2025 01:47:14 GMT
content-type: application/json
cache-control: no-cache, private
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JYWZcKkCAQaKdIYMKJHL0vlOKz1w9nYg%2F9TuErU7TZrau4b2dX0sh6DeVeIjG%2Bt0TRQfUysmmqXQ9sEldAo29ad6dk1jayvgN%2Bn%2BBk8dnDHkEDBkEudbEwBpUgtVKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6IndleWFydFZsT0tqcUtxaHZaYnBoM3c9PSIsInZhbHVlIjoidlVad24wUU9oT2x5YTlNdXh2b2JQNkxCMFZVUm91czBZYUlBNmhsUEhBOXJPdEI1ZWVzRDh2ZjJJNE9OT0VrSmNEYng4WGRYeDMyZEl1OWdqZi9US3BDcHhlNlBkLzRITzJBVjhJRkdDdGwxQ0xjUlhscEFVMDFPZXhxOUlzUFIiLCJtYWMiOiJmODllYmZiOTM3YzAxYjc5M2JjMWU4ODFkN2JlYWUyYjE4MWJiNWNjOTFhYzRiMzVjZWJlMThjMDgyNThhYTY4IiwidGFnIjoiIn0%3D; expires=Sat, 01-Feb-2025 03:47:14 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IjlSK1ZvTVNKSWI5L0tPQXptNWErZmc9PSIsInZhbHVlIjoia3pqK0tPYUVtUm4yWk9lRG53WWxqMktOSFpkOXZvKzUvelZMVnk3ZjBjVnB6Z1JUblE5WGNyYlZnUDNOQlJrSUNkRlF6MDdSMDNDSnU3bVBNTnBuay94YUxXcUJFdGtZaEVlS1QwRis4eTBuMWt4Vy9PemtDSHVCWFcxOWlGRGgiLCJtYWMiOiIzNGQ3YTQyYzY4ZjdhN2YwNmQzMmFkZWM5NWI3NDhmMmVkOGQwZTg2ZTU3NTAzNTU4NjdiMTJiZjY5MWZjNzU3IiwidGFnIjoiIn0%3D; expires=Sat, 01-Feb-2025 03:47:14 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
vary: accept-encoding
priority: u=3,i=?0
server: cloudflare
cf-ray: 90ae45b79f7a5693-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=4639&min_rtt=4630&rtt_var=1754&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2338&delivery_rate=605442&cwnd=249&unsent_bytes=0&cid=d945756524ce6629&ts=95&x=0", cfL4;desc="?proto=QUIC&rtt=2161&min_rtt=609&rtt_var=1722&sent=456&recv=81&lost=0&retrans=0&sent_bytes=470892&recv_bytes=28542&delivery_rate=5848411&cwnd=156000&unsent_bytes=0&cid=f7752c96d938e888&ts=9188&x=1", cfExtPri, cfHdrFlush;dur=0
|
|
| ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css | 143.204.55.3 | 200 OK | 223 kB |
URL GET HTTP/2ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css IP143.204.55.3:443
Requested byhttps://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG CertificateIssuerDigiCert Inc Subject*.oktacdn.com Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5 ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT
Size223 kB (222931 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://x0ru.saunceptilt.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css
server: nginx
last-modified: Tue, 14 May 2024 21:48:24 GMT
x-amz-meta-sha1sum: 7b5499b46660a0348cc2b22cae927dcc3fda8b20
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
date: Wed, 29 Jan 2025 17:13:28 GMT
expires: Thu, 29 Jan 2026 17:13:28 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: W/"0329c939fca7c78756b94fbcd95e322b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 2KaIvIqVvHw3frqjguHln-N1kgnENteLOfqs7D3Pvn6tlp54k0I0sA==
age: 203625
X-Firefox-Spdy: h2
|
|
| ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css | 143.204.55.3 | 200 OK | 10 kB |
URL GET HTTP/2ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css IP143.204.55.3:443
Requested byhttps://x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG CertificateIssuerDigiCert Inc Subject*.oktacdn.com Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5 ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT
File typeASCII text, with very long lines (10450) Hashe0d37a504604ef874bad26435d62011f 4301f0d2b729ae22adece657d79eccaa25f429b1 c39ff65e2a102e644eb0bf2e31d2bad3d18f7afb25b3b9ba7a4d46263a711179
GET /assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://x0ru.saunceptilt.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css
server: nginx
last-modified: Thu, 14 Mar 2024 00:03:58 GMT
x-amz-meta-sha1sum: 4301f0d2b729ae22adece657d79eccaa25f429b1
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
date: Fri, 31 Jan 2025 02:19:39 GMT
expires: Sat, 31 Jan 2026 02:19:39 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: W/"e0d37a504604ef874bad26435d62011f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 8uLX1ULFIQLAgAGKLyv0yR40hjfc1x9viJuqBUn45VaCvbGQR4N8eg==
age: 84454
X-Firefox-Spdy: h2
|
|
| x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG | 172.67.163.225 | 200 OK | 143 kB |
URL User Request GET HTTP/3x0ru.saunceptilt.ru/MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG IP172.67.163.225:443
CertificateIssuerGoogle Trust Services Subjectsaunceptilt.ru FingerprintE0:3F:9D:60:CF:FB:C0:D2:A9:AA:47:C0:2F:CA:6A:42:DA:55:7A:45 ValidityThu, 16 Jan 2025 12:36:08 GMT - Wed, 16 Apr 2025 13:34:27 GMT
File typeHTML document, ASCII text, with very long lines (52489), with CRLF line terminators Size143 kB (142676 bytes) Hashd9c2ffbb2dc31b526772dbd44019a534 eda7e766bb4220604051a1bfcdb54f987a2855c8 ddc4f2262f4fd1db582a5cc5359aaadc28c4725f7fcb81a6453275278df1dd2a
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - Anti-debugging code |
GET /MVQALNPGQUDDGJF29IOPR9S5YVTL?ASOZZSMERWOLROG HTTP/1.1
Host: x0ru.saunceptilt.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://x0ru.saunceptilt.ru/oPWxJk/
Cookie: XSRF-TOKEN=eyJpdiI6IkMzSE5VMzR4NWVFQ0F6WnEyalNzM0E9PSIsInZhbHVlIjoidzNuSFZiRUFxaFN6WkpjRStzNmVLa05ncXkrUXd0ZVpWSTdXdmZ5b1FkOHN0eS92K0w3bGlUK3BxZzlqZnJjL3pKUCtiOElDby9DRHBqYVQvM21obFBKaFVMdk95TlVWVHByY3hDVVhxc3hEZ000OWFwUDY5clNFZTlsMlJpb2oiLCJtYWMiOiIyMjgxOWQwM2JiNmVkODIwNmIzYWZjMWY2ZTEyNjNlMTJjMGFmNTFmZTkxZWNiZDczYzc2Y2ZjMjYwODI3MGE1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImFudnRuMm85ZStKODlROVZldElGOVE9PSIsInZhbHVlIjoiQXVpNjN5blczWUlpVFB5bVVmOG9GeGp2OUZERnhyT0RlTlVxakZmVGRNVDBRSlhMYzZDNDlTdER1UkVNUGVYUCtpOGRqM25XOHdUWDZjSUFuRjYwV2F0RkVhU1hRZHVVUzJqSlpmQzVsZTVwSGFHVlFWems3UnpYVG5iR2IwOWoiLCJtYWMiOiJjZjRhNzhhNjM0YmMyNWFiNTliM2FjNTJkODNhMzlmZWNlMWRlN2M3YTczYTcyMjQ3ZWY0Yzg5OWNjNjM0ZWFhIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 01 Feb 2025 01:47:13 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SYsHjvYuod%2B2IS1KbDJNsv7zegV6w0Xy0vlSEbJsBDjDb0rMTTp2Fv654dLyxiNMt4fRICu85yCGamRXWZWF4%2BpIF7wuhiaNj1EeSUKnuUVwuM7yoYFLOXvx8uFACw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6IlZzSHlqaENvSGx5MU5FY2ZzM3dpUnc9PSIsInZhbHVlIjoiYjZMcitId1VnbE1pcTdEeWgxYzU1S21GQ2tFaVZuUjhDZDdIT2xTSU1qdEtHNzZWSlRJNTNZYkxrdUtDVzg0am1nQ3EySXhBdUdFdCtoR0lGRS9GZUpQVHBVSHBOSjFZNkNvY3ByOHZTeEZManFJNXd3QUl2RExyWUlzNkptYTMiLCJtYWMiOiI1YmUxYzNmMzdkZTZjNDRjMTkxZTI1YTE0OWI0MGFiNjdlNzUwYjY2MGQ2NWFlOWU0MjJlYTVlZWViN2U1MmMzIiwidGFnIjoiIn0%3D; expires=Sat, 01-Feb-2025 03:47:13 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IitCb0tMYUpzc0duYWZxbXlwb3gzdEE9PSIsInZhbHVlIjoicGpUbTRKeUhqUW45ZUIvMnJjaWZ3U3dNbnpJQ3dzNVM4V0kxTSsvMVRvRzhuSmIyWTcxVGFYd1NFUXkwL01telgvNjFsU3FXZEZpRGVTdmNPcC94TFdwMGE5TlpOM3lCUUp1VlA1ODl1S3JYeVpYMDZCamxMRXhLZncwN0U0TEgiLCJtYWMiOiI5YTg1MWNhZDljNjBjNTU4ZGVjNjk3Zjk3ZTEyZTRhODU2YmJkMjk5OTRhZDRhMjMxMmU5NjMzMzcxODg2YzYyIiwidGFnIjoiIn0%3D; expires=Sat, 01-Feb-2025 03:47:13 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
priority: u=1,i=?0
server: cloudflare
cf-ray: 90ae45ae2a645693-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=6167&min_rtt=6143&rtt_var=1755&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2824&recv_bytes=2230&delivery_rate=456703&cwnd=251&unsent_bytes=0&cid=df03229a7fb34b76&ts=124&x=0", cfL4;desc="?proto=QUIC&rtt=5120&min_rtt=1699&rtt_var=4174&sent=35&recv=17&lost=0&retrans=0&sent_bytes=19684&recv_bytes=6731&delivery_rate=1043059&cwnd=12000&unsent_bytes=0&cid=f7752c96d938e888&ts=7717&x=1", cfExtPri, cfHdrFlush;dur=0
|
|