Report - dg.erovetemone.ru/vQMe4c/

Report Overview

Visited public
2025-01-29 18:33:02
Tags
microsoft phishing outlook suspicious
URL
dg.erovetemone.ru/vQMe4c/
Finishing URL
dg.erovetemone.ru/vQMe4c/
IP / ASN
104.21.48.1
#13335 CLOUDFLARENET
Title
secure profile access portal
Phishing - Microsoft
Phishing - Generic phishing
Phishing - Microsoft Outlook
Suspicious - Anti-debugging code

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
code.jquery.com	634	2005-12-10	2012-05-21	2025-01-29	860 B	63 kB	151.101.194.137
developers.cloudflare.com	592034	2009-02-17	2012-09-07	2025-01-28	446 B	1.7 kB	104.16.6.189
ok4static.oktacdn.com	16592	2014-11-11	2018-06-15	2025-01-28	4.4 kB	310 kB	143.204.55.87
github.com	1423	2007-10-09	2016-07-13	2025-01-29	454 B	4.3 kB	140.82.121.3
objects.githubusercontent.com	134060	2014-02-06	2021-11-01	2025-01-29	889 B	11 kB	185.199.109.133
dg.erovetemone.ru	unknown	2025-01-22	2025-01-29	2025-01-29	31 kB	889 kB	104.21.112.1
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20	2025-01-29	464 B	406 B	104.18.94.41
cdnjs.cloudflare.com	235	2009-02-17	2012-05-23	2025-01-29	916 B	30 kB	104.17.24.14

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (17)

	URL	From	Size	First Seen	Last Seen
	unknown	ScriptElement	1.6 kB	2025-01-29	2025-01-29
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-29 18:33 Last Seen2025-01-29 18:33 Times Seen1 Hash 3e663336ef086a84972d01befdb6fd20 633e0bfce6ecf89679ca06b16e3700da5810c36e 891340f17004ebc121747541db6ec9af7036648ea079556e8af256c855ee8c73 Loading...

	unknown	ScriptElement	9.5 kB	2025-01-29	2025-01-29
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-29 18:33 Last Seen2025-01-29 18:33 Times Seen1 Hash 0b05a25b2cf1ec4333ff1e88f46c59ed a86fd5acf3e2e621ae2d037d8e4bd375ed3adcf2 4bb4f732986220428e4824f08f3a8755decb62daeb36eeafd516a5e541d35dba Loading...

	github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js	ScriptElement	10 kB	2024-05-30	2025-05-08
Pretty URL github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js IP 140.82.121.3 ASN #36459 GITHUB Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-30 22:56 Last Seen2025-05-08 23:46 Times Seen18400 Hash 6c20a2be8ba900bc0a7118893a2b1072 ff7766fde1f33882c6e1c481ceed6f6588ea764c b1c42acd0288c435e95e00332476781532ed002cac6f3dcee9110ced30b31500 Loading...

	unknown	ScriptElement	132 kB	2025-01-29	2025-01-29
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-29 18:33 Last Seen2025-01-29 18:33 Times Seen1 Hash fc5a4d13e45391aa80973e1312a3d03d 199768ac32a89620903764c1f92ab53847fb3beb 38344de4f47c7f76b6495a3b5b15eca07fc5122537fd6763c36f9f8351cf6eb7 Loading...

	cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js	ScriptElement	48 kB	2023-03-07	2025-05-09
Pretty URL cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31 Last Seen2025-05-09 03:30 Times Seen92689 Hash 2ca03ad87885ab983541092b87adb299 1a17f60bf776a8c468a185c1e8e985c41a50dc27 8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762 Loading...

	dg.erovetemone.ru/34uep8acSB4vcCINfPzwxNgh058mTafNDrNFeY89110	ScriptElement	137 kB	2025-01-27	2025-02-05
Pretty URL dg.erovetemone.ru/34uep8acSB4vcCINfPzwxNgh058mTafNDrNFeY89110 IP 104.21.112.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-27 23:50 Last Seen2025-02-05 01:24 Times Seen2855 Hash 378be0bda52e0dc309ba19e0e8dc3af0 88de4b6325b9af80fcf458097f05ae8a10f6df0a 0eb68b87fd0c31cf0110c8688f47f26699bdc1483c3034a983396a3b4548324c Loading...

	code.jquery.com/jquery-3.6.0.min.js	ScriptElement	90 kB	2023-03-07	2025-05-09
Pretty URL code.jquery.com/jquery-3.6.0.min.js IP 151.101.194.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 04:11 Times Seen205592 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	unknown	ScriptElement	2.0 kB	2025-01-29	2025-01-29
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-29 18:33 Last Seen2025-01-29 18:33 Times Seen1 Hash 1e57ac930122d85edc7d46c93f1b8244 5a3a01966efc281bc153ba6a8916e15e7395b3d1 2f82140a58da32786451c847b35342e4131331a423eecc1c761f0a5ffd3aac59 Loading...

	unknown	ScriptElement	2.2 kB	2025-01-29	2025-01-29
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-29 18:33 Last Seen2025-01-29 18:33 Times Seen1 Hash 3dfadfcef6964a71ff877114b1a416cb 928991dbf648b9277cfe1f48688a4733bffb6fde d96fa59c8f1d108ab23f548b1b68ecc5a342c5f1b4b5dc8918e4300ff17b8420 Loading...

	unknown	ScriptElement	657 B	2025-01-28	2025-02-10
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-28 00:11 Last Seen2025-02-10 23:28 Times Seen1234 Hash 4011334b54154b7612833b79826659f6 7f440a8910d6a88bedc28b4732ed27c892eccbd8 7c18ca60c578f23e5561a9bf22f584ef04a745b7c4f341dcfdc9715da3368d36 Loading...

	dg.erovetemone.ru/vQMe4c/	ScriptElement	20 kB	2025-01-29	2025-01-29
Pretty URL dg.erovetemone.ru/vQMe4c/ IP 104.21.112.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-01-29 18:33 Last Seen2025-01-29 18:33 Times Seen1 Hash b839bd418a244733f26bc93e421a5356 45f012343dd2aecd7b23d65a909f9ab6fbe11d6f 28a6bc14b8dfeab8eec205896271214823fcf5eba7586193e4f0f3164803957f Loading...

	unknown	ScriptElement	14 kB	2025-01-29	2025-01-29
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-29 18:33 Last Seen2025-01-29 18:33 Times Seen1 Hash 398ef3bdd3ec701ef2c02ce720cfbbeb 9b2079eb38c6d9753ec34dfc28300e29ccf921dc 684d068d1b135d56716c3ffdbb685f6e3b90982f5bbda137b21c471381042c9f Loading...

		Size	First Seen	Last Seen
	#1 Eval - e15a713c4104c47e1bb4239579d03e4e	8.9 kB	2025-01-29 18:33	2025-01-29 18:33
Pretty Observations First Seen2025-01-29 18:33 Last Seen2025-01-29 18:33 Times Seen1 Hash e15a713c4104c47e1bb4239579d03e4e 1461fb41bde9459d486ba7b12671c556eca322d9 5bcc928f931b50329170737674ffab6a27ce2a7c562aa3e5580a64870d8035fb Loading...

		Size	First Seen	Last Seen
	#1 Write - a6c663653050626bfd4b34132a909230	171 kB	2025-01-29 18:33	2025-01-29 18:33
Pretty Observations First Seen2025-01-29 18:33 Last Seen2025-01-29 18:33 Times Seen1 Hash a6c663653050626bfd4b34132a909230 788ffe0d49b71bf66a6d2190a8d37bead1438556 9d1f8b8e0e0c53b72cb497887a96042d0dc0fc8d5a7f6d935dcadeb19bde753b Loading...

	#2 Write - 9875e03e35931a449d4c562288622589	11 kB	2025-01-29 18:33	2025-01-29 18:33
Pretty Observations First Seen2025-01-29 18:33 Last Seen2025-01-29 18:33 Times Seen1 Hash 9875e03e35931a449d4c562288622589 05892dc48b6d486b15e0870f3ef3542f66f5cd11 9b378261dd6811650f97f565fae6d3a8a7955ae4225ad7ea8b7954a483a632a1 Loading...

	#3 Write - 563a324e805e144dabd48d55f5c1caa3	143 kB	2025-01-29 18:33	2025-01-29 18:33
Pretty Observations First Seen2025-01-29 18:33 Last Seen2025-01-29 18:33 Times Seen1 Hash 563a324e805e144dabd48d55f5c1caa3 ce05ba834752ca205e5bba7e49c26095508fb645 50464985e711c2f48d5964b19c207f72d63cfa316b7de5b59956aae33e018237 Loading...

	#4 Write - 2dd4b55d7ea7db653f81f9831fd5ca19	98 kB	2025-01-29 18:33	2025-01-29 18:33
Pretty Observations First Seen2025-01-29 18:33 Last Seen2025-01-29 18:33 Times Seen1 Hash 2dd4b55d7ea7db653f81f9831fd5ca19 303637fd35ad98e85964cf3f88af21eb1ec698f4 e15e0890f4c86c1833416bfdb2d7a492677312836244d4d20a2c46c9f1a721fe Loading...

HTTP Transactions (42)

URL IP Response Size

dg.erovetemone.ru/vQMe4c/

104.21.112.1

200 OK

67 kB

URL User Request GET HTTP/3
dg.erovetemone.ru/vQMe4c/
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjecterovetemone.ru
Fingerprint87:BC:93:DB:10:A6:A5:36:C7:AF:66:4B:D1:AD:40:65:6F:34:AF:27
ValidityThu, 23 Jan 2025 04:33:05 GMT - Wed, 23 Apr 2025 05:30:16 GMT

File type
HTML document, ASCII text, with very long lines (65451)
Size
67 kB (67048 bytes)
Hash
a405393a3c72a88481a337768a2127d4
51c03b725a187b36fa76fad5d120841e37c5f4b2
27883fe27e186cd225bf5f463200d284523cf1183edb6c1de13023f9dc78b005

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /vQMe4c/ HTTP/1.1
Host: dg.erovetemone.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 29 Jan 2025 18:32:31 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=85krGbjlV8EF4%2Boq%2FOTfmYEHMOLQlS025h0oeddNhriJMzhpkSApO1NFB5yFeCpueAttMx3j%2F8pfkGaodFaPGtsfYmmxyo%2Bjs8Nj%2FUkaqwMIsKqQ%2BgrwbL%2BR1tlE5mYOIGTugg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6IndMazJSTEU0VzBKdnhrcEt6NzI3a2c9PSIsInZhbHVlIjoiSUZrTGZqeCtXcmV6UzRQZzJXOUZDeDRNRFBxbXpaZDNUdGRCdnlBVGYwalhucnNyR1pVZXlIR2tvNXhZdEx3RSt6ajQxVjlBejF0a1RRSjZzQ0VyRXpsNFNzMlViV01ja0huckZDdjVOcldSTmVEWEl5N0xld09rRzgxZW5nZnkiLCJtYWMiOiI2ZmY5ODU4ZjAzNGMyZjQ0NDIwMWVlNjM2MmI4ZDEyOWI3ZTY0MTAzZWEzNGUwNmFhZWIyOGVhNjgzODcyYTI3IiwidGFnIjoiIn0%3D; expires=Wed, 29-Jan-2025 20:32:31 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6InJ2REVYeG5SZTM3RjhEVVRCcFRJekE9PSIsInZhbHVlIjoiYTFLbVNvYkx3NXpvREUrejVUc21RRGJFWFdieXlNUzNBR1pFUnErMjNteUFja3ZnR1gzcWxCUnh3dWlGTHYweEVUOHlsM2d1TmdnekpTVnk4YTEyMzVuWUFWY0xuNnpjU2RNUHpNLzJxTWRITFk3TXBuT1BkQ2tRUVJ4QWJ6elUiLCJtYWMiOiJhOGUzNWYyZTBlNjBkYjMzMTQzNDNhYzA4ZWM4MTY1MDk1ODQ4ZmJkZWVlODc2YTMyYjRmZGZlZDJkMmY2NzIzIiwidGFnIjoiIn0%3D; expires=Wed, 29-Jan-2025 20:32:31 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
server: cloudflare
cf-ray: 909b4e26ca4c56ab-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=12035&min_rtt=12027&rtt_var=4526&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2822&recv_bytes=1407&delivery_rate=235527&cwnd=187&unsent_bytes=0&cid=18d40d34a31c697a&ts=330&x=0", cfL4;desc="?proto=TCP&rtt=5821&min_rtt=461&rtt_var=10702&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3282&recv_bytes=1262&delivery_rate=6135593&cwnd=254&unsent_bytes=0&cid=6bc993535523175b&ts=762&x=0"
X-Firefox-Spdy: h2

challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback

104.18.94.41

302 Found

0 B

URL
challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
IP
104.18.94.41:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dg.erovetemone.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Wed, 29 Jan 2025 18:32:31 GMT
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public
cross-origin-resource-policy: cross-origin
location: /turnstile/v0/g/dc9b2fe37153/api.js
vary: Accept-Encoding
server: cloudflare
cf-ray: 909b4e2f280eb523-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

104.17.24.14

200 OK

14 kB

URL GET HTTP/3
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dg.erovetemone.ru/vQMe4c/
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint00:0E:39:59:53:CF:68:07:90:75:EB:68:26:B9:04:22:44:7D:9A:32
ValidityFri, 24 Jan 2025 09:16:22 GMT - Thu, 24 Apr 2025 10:16:21 GMT

File type
JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Size
14 kB (13972 bytes)
Hash
2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762

HTTP Headers

GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dg.erovetemone.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 29 Jan 2025 18:32:31 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 608453
expires: Mon, 19 Jan 2026 18:32:31 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IN%2FgjGK3yG4Vl%2F6Vb59V3hyqeihFdnivfiBfVynSCo1MXdvM7XeB9AdWlcTsPDFWG%2FvAiQto0bzcBjTzbgdIT5e2%2Ba7Ui7B4PuLTJXQ8QX5hKT0ygbnMChDYAgm5q0qK3C3NmMQM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 909b4e2f2f9d5693-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.6.0.min.js

151.101.194.137

200 OK

31 kB

URL GET HTTP/2
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.194.137:443
ASN
#54113 FASTLY

Requested by
https://dg.erovetemone.ru/vQMe4c/
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
31 kB (30875 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dg.erovetemone.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 29 Jan 2025 18:32:31 GMT
age: 1929086
x-served-by: cache-lga21931-LGA, cache-hel1410026-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 89477
x-timer: S1738175552.922350,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

developers.cloudflare.com/favicon.png

104.16.6.189

200 OK

937 B

URL
developers.cloudflare.com/favicon.png
IP
104.16.6.189:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Size
937 B (937 bytes)
Hash
fc3b7bbe7970f47579127561139060e2
3f7c5783fe1f4404cb16304a5a274778ea3abd25
85e6223afdbd5badf2c79bcfbaa6fe686acaa781eca52c196647ffabb3be2ffe

HTTP Headers

GET /favicon.png HTTP/1.1
Host: developers.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dg.erovetemone.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 29 Jan 2025 18:32:32 GMT
content-type: image/png
content-length: 937
cache-control: public, max-age=0, must-revalidate
etag: "6be7ff94b6151f8cfbf08b53a17e2ac1"
set-cookie: __cf_bm=74A2563M1Y0irG_Q5wjsxFLEhNsQ56p2Y8mPZsWEstI-1738175552-1.0.1.1-g9iEqSWdfW9Aci.NPxKD02QA00pvp9ysimyreQBXsFSwVg7unjm_LEsWiBqwgnOEDrMTZxL.VOZ6QM80g0eghA; path=/; expires=Wed, 29-Jan-25 19:02:32 GMT; domain=.developers.cloudflare.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
access-control-allow-origin: *
server: cloudflare
cf-ray: 909b4e312b3c56ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.6.0.min.js

151.101.194.137

200 OK

31 kB

URL GET HTTP/2
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.194.137:443
ASN
#54113 FASTLY

Requested by
https://dg.erovetemone.ru/vQMe4c/
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
31 kB (30875 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dg.erovetemone.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 29 Jan 2025 18:32:43 GMT
age: 1929097
x-served-by: cache-lga21931-LGA, cache-hel1410026-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 89486
x-timer: S1738175563.462402,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

104.17.24.14

200 OK

14 kB

URL GET HTTP/3
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dg.erovetemone.ru/vQMe4c/
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint00:0E:39:59:53:CF:68:07:90:75:EB:68:26:B9:04:22:44:7D:9A:32
ValidityFri, 24 Jan 2025 09:16:22 GMT - Thu, 24 Apr 2025 10:16:21 GMT

File type
JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Size
14 kB (13972 bytes)
Hash
2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762

HTTP Headers

GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dg.erovetemone.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 29 Jan 2025 18:32:43 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 608465
expires: Mon, 19 Jan 2026 18:32:43 GMT
accept-ranges: bytes
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ah94ipDTfIFBGHsnfmgRDpYfEZM93r8GDU915v2n4pTpyknfoNAEVmh%2Fu%2BlqyBDhJwRcWXCxk4sVX4fjoeDeXdQHU71pz8UVelQlp5biH2bognMojwtWeepfJAs4HZ%2F9tcH6zfFE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 909b4e7799e21bfe-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

dg.erovetemone.ru/favicon.ico

104.21.112.1

404 Not Found

31 kB

URL GET HTTP/3
dg.erovetemone.ru/favicon.ico
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dg.erovetemone.ru/vQMe4c/
Certificate
IssuerGoogle Trust Services
Subjecterovetemone.ru
Fingerprint87:BC:93:DB:10:A6:A5:36:C7:AF:66:4B:D1:AD:40:65:6F:34:AF:27
ValidityThu, 23 Jan 2025 04:33:05 GMT - Wed, 23 Apr 2025 05:30:16 GMT

File type
data
Size
31 kB (30878 bytes)
Hash
6e91fb3b5fb1269e98a4a1f1c597eaf6
81fbd8f550ca53b28c2a4241e2968b0ed7579068
482456e7ae1776a9eef640c0e5a46f874c1c5d05fdcf94660c6776897e5d24e4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: dg.erovetemone.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dg.erovetemone.ru/vQMe4c/
Cookie: XSRF-TOKEN=eyJpdiI6InFpTkZSQ0tRd2dxdm40MnR0M2phRGc9PSIsInZhbHVlIjoibnl2cmFHcFJmakZtd2FDWVF3NVp6SEtTNDVyaDlvQkx3KzNIQWNLZlRac3VnVTdWTmNtamY3RGUwaXpqdDR0ZFZVeDZERnd4NU9vZE1XMkp2cTZ5TkovT1lORi9wOTR0bXoyaEx3Q2lLRUxOazgycWxKS1ZpR0E5QjVsL0UxTWYiLCJtYWMiOiI5MjAxYzRiNTY5MGQ3ZGI5NGI5OWVhMmY4MmNkYmExM2RhZGUxZjE3NDFiNTc1YjVlZjExMTFiOWNmNjk4YTliIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Imgza0tyOFBaVjlSNzV2b0Z4US8xWnc9PSIsInZhbHVlIjoiSGhZY1JNS0U2TzYyNFlXbzVudVJLSXR0TEZRTUdqQldDYjVESDVrM3lMNFY5VERNd0s5RlZtWlIwSjVwMHlHTXE5MEI4ZUNybGkrNVVQTzFkcldVY0VIY1VIdDAxRnpFL3BkcmVNMmNEdGk2R3U0NlhPUGxlUXJnUm8reHE1cGoiLCJtYWMiOiI5YzhmMTdmMzBmYjAyOTQ5ODA4OGY2OGQ1NDkwMmIyZjVjNzQwYzIwNzk3YjkzZTc4YmJhNGNmNjM3MjQ2NTBmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
date: Wed, 29 Jan 2025 18:32:44 GMT
content-type: text/html; charset=UTF-8
cf-ray: 909b4e78cbdfb51d-OSL
server: cloudflare
cache-control: max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vqdah7Ok%2BdhhUfFgag%2F5bCCgsyAmHtFo1x0k%2BdN8zjIBUh%2FHKvwP92y7%2BXoGR6Xfe%2FfrLffeCl3hw96sIJbfCRU1vLuuDCnxo0nef1F5vxz39XkKeKSBu1jMCPr22DzvfPqhcA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1160&min_rtt=1160&rtt_var=436&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2108&delivery_rate=2440445&cwnd=246&unsent_bytes=0&cid=445d8d66293b312b&ts=523&x=0"
cf-cache-status: MISS
content-encoding: br

dg.erovetemone.ru/vQMe4c/

104.21.112.1

200 OK

85 kB

URL User Request GET HTTP/3
dg.erovetemone.ru/vQMe4c/
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjecterovetemone.ru
Fingerprint87:BC:93:DB:10:A6:A5:36:C7:AF:66:4B:D1:AD:40:65:6F:34:AF:27
ValidityThu, 23 Jan 2025 04:33:05 GMT - Wed, 23 Apr 2025 05:30:16 GMT

File type
HTML document, ASCII text, with very long lines (15045), with CRLF line terminators
Size
85 kB (84949 bytes)
Hash
6c9672c977bb2d31bb0312b2a11bc2aa
dd2838d29d099be8dafc473e98c45080daf13682
50f178f9b0133c6b0a0010fb30cb0015406e683731255ca0af6f62f1541fa191

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /vQMe4c/ HTTP/1.1
Host: dg.erovetemone.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImhJMEFxNFVHQzlnWEZtVlZsUVQ0cWc9PSIsInZhbHVlIjoiYnlMa1dBdVBVU204c0gyZlRaclVteCtCQlBIdzkxMlVieFR0VkZuSit4bVo4ZkxtbFdBY0tFQ3BIQ0xWUk5BMXNnQ1RMT1hsUjhKbUV5ckRsbGErb0NuUFhjcWRHMEhZQmFZMlJLWEJ5VGU2YkNwcTFNQ1MwRFJwUGVpT0F0dWEiLCJtYWMiOiJiMWJiNjJiYTBjYTY3YWFkMjg5MzA5NDM1MGE1MjllNTI3OGI0ZTVhNDFkYmJiOGI5MjQ5ZmQ1OWMyMjA4NTk0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Inp3T2tNUGZnNlhKa1p1amFTd2pENWc9PSIsInZhbHVlIjoiMnptWUw1djlya1orbERjQ2xkY3JNdi8wcXo5QnplYlV0WjJzaktaUUszeUdaZFlzWnA4UDU1QmNUTmVvUVNIeC9xU0h6b0V0cUtkWi8wbkU1dGFzUzhBZVN5cVppS0s5STQ3UUNVbjYvRzZjNm1xaDFiTjlPRU9wNklRSURzdzAiLCJtYWMiOiI2ZjhjYTRmOWNkYmRlM2I0NzU1MmRmMjMzYzBhMmNlOTE2MGRhYzgyOTEzNDRhZGVhMzQ5ZTk1ZDUyZDRkODcyIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 29 Jan 2025 18:32:43 GMT
content-type: text/html; charset=UTF-8
cf-ray: 909b4e723bbab51d-OSL
server: cloudflare
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F%2FpC4cBxZcFq48lp65eqXMiMqbhuqSZ9xAUloQvVsRQrhTl2DeHm6Z5ujmcXOLtVij3yjPYLaMSmj3qVV3nlDbE3lM5Y%2Bk%2BtdHXrXTkzgzwaa62DD%2FPFJU59tPiFWS7G1HOqgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=11289&min_rtt=11223&rtt_var=4256&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2159&delivery_rate=253764&cwnd=187&unsent_bytes=0&cid=1d12686c7ec99870&ts=462&x=0"
set-cookie: XSRF-TOKEN=eyJpdiI6InFpTkZSQ0tRd2dxdm40MnR0M2phRGc9PSIsInZhbHVlIjoibnl2cmFHcFJmakZtd2FDWVF3NVp6SEtTNDVyaDlvQkx3KzNIQWNLZlRac3VnVTdWTmNtamY3RGUwaXpqdDR0ZFZVeDZERnd4NU9vZE1XMkp2cTZ5TkovT1lORi9wOTR0bXoyaEx3Q2lLRUxOazgycWxKS1ZpR0E5QjVsL0UxTWYiLCJtYWMiOiI5MjAxYzRiNTY5MGQ3ZGI5NGI5OWVhMmY4MmNkYmExM2RhZGUxZjE3NDFiNTc1YjVlZjExMTFiOWNmNjk4YTliIiwidGFnIjoiIn0%3D; expires=Wed, 29-Jan-2025 20:32:43 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6Imgza0tyOFBaVjlSNzV2b0Z4US8xWnc9PSIsInZhbHVlIjoiSGhZY1JNS0U2TzYyNFlXbzVudVJLSXR0TEZRTUdqQldDYjVESDVrM3lMNFY5VERNd0s5RlZtWlIwSjVwMHlHTXE5MEI4ZUNybGkrNVVQTzFkcldVY0VIY1VIdDAxRnpFL3BkcmVNMmNEdGk2R3U0NlhPUGxlUXJnUm8reHE1cGoiLCJtYWMiOiI5YzhmMTdmMzBmYjAyOTQ5ODA4OGY2OGQ1NDkwMmIyZjVjNzQwYzIwNzk3YjkzZTc4YmJhNGNmNjM3MjQ2NTBmIiwidGFnIjoiIn0%3D; expires=Wed, 29-Jan-2025 20:32:43 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
content-encoding: br

ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7

143.204.55.87

200 OK

11 kB

URL GET HTTP/2
ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7
IP
143.204.55.87:443
ASN
#16509 AMAZON-02

Requested by
https://dg.erovetemone.ru/vQMe4c/
Certificate
IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT

File type
PNG image data, 420 x 94, 8-bit/color RGBA, non-interlaced
Size
11 kB (10796 bytes)
Hash
12bdacc832185d0367ecc23fd24c86ce
4422f316eb4d8c8d160312bb695fd1d944cbff12
877ae491d9aac5c6ef82a8430f9f652ace8a0dbc7294bd112aad49bd593769d0

HTTP Headers

GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dg.erovetemone.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/png
content-length: 10796
server: nginx
last-modified: Tue, 23 Feb 2021 04:20:08 GMT
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
accept-ranges: bytes
date: Wed, 29 Jan 2025 00:59:17 GMT
expires: Thu, 29 Jan 2026 00:59:17 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: "12bdacc832185d0367ecc23fd24c86ce"
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 3dlh2A384QIl1Za0nNf7-LWeJn95SrW_dEajFPnLObSp_5rMbeYvWw==
age: 63208
X-Firefox-Spdy: h2

github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js

140.82.121.3

302 Found

0 B

URL GET HTTP/2
github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js
IP
140.82.121.3:443
ASN
#36459 GITHUB

Requested by
https://dg.erovetemone.ru/vQMe4c/
Certificate
IssuerSectigo Limited
Subjectgithub.com
FingerprintE7:03:5B:CC:1C:18:77:1F:79:2F:90:86:6B:6C:1D:F8:DF:AA:BD:C0
ValidityThu, 07 Mar 2024 00:00:00 GMT - Fri, 07 Mar 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /fent/randexp.js/releases/download/v0.4.3/randexp.min.js HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dg.erovetemone.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: GitHub.com
date: Wed, 29 Jan 2025 18:32:45 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250129%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250129T183245Z&X-Amz-Expires=300&X-Amz-Signature=d3d39f6747082b4cf5255dda8c0b3f64db9c9c269c0044786a8c05dda4e9f159&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: A7E5:1985C2:D0CC6:D701C:679A744D
X-Firefox-Spdy: h2

objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250129%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250129T183245Z&X-Amz-Expires=300&X-Amz-Signature=d3d39f6747082b4cf5255dda8c0b3f64db9c9c269c0044786a8c05dda4e9f159&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream

185.199.109.133

200 OK

10 kB

URL GET HTTP/2
objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250129%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250129T183245Z&X-Amz-Expires=300&X-Amz-Signature=d3d39f6747082b4cf5255dda8c0b3f64db9c9c269c0044786a8c05dda4e9f159&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
IP
185.199.109.133:443
ASN
#54113 FASTLY

Requested by
https://dg.erovetemone.ru/vQMe4c/
Certificate
IssuerDigiCert Inc
Subject*.github.io
Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28
ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (10017)
Size
10 kB (10245 bytes)
Hash
6c20a2be8ba900bc0a7118893a2b1072
ff7766fde1f33882c6e1c481ceed6f6588ea764c
b1c42acd0288c435e95e00332476781532ed002cac6f3dcee9110ced30b31500

HTTP Headers

GET /github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250129%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250129T183245Z&X-Amz-Expires=300&X-Amz-Signature=d3d39f6747082b4cf5255dda8c0b3f64db9c9c269c0044786a8c05dda4e9f159&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream HTTP/1.1
Host: objects.githubusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dg.erovetemone.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/octet-stream
last-modified: Tue, 07 Dec 2021 16:38:45 GMT
etag: "0x8D9B9A009499A1E"
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d91f6eaf-e01e-0032-2f18-13e122000000
x-ms-version: 2023-11-03
x-ms-creation-time: Tue, 17 Aug 2021 14:57:31 GMT
x-ms-blob-content-md5: bCCivoupALwKcRiJOisQcg==
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
content-disposition: attachment; filename=randexp.min.js
x-ms-server-encrypted: true
via: 1.1 varnish, 1.1 varnish
fastly-restarts: 1
accept-ranges: bytes
date: Wed, 29 Jan 2025 18:32:45 GMT
age: 5599
x-served-by: cache-iad-kiad7000045-IAD, cache-hel1410025-HEL
x-cache: HIT, HIT
x-cache-hits: 11369, 2
x-timer: S1738175565.372123,VS0,VE0
content-length: 10245
X-Firefox-Spdy: h2

dg.erovetemone.ru/ijEIiMegr3mgEKcmtUZEBh1y2ZmnsBIABIeO43p9X1PPqyvPCkmaqSgZef210

104.21.112.1

200 OK

25 kB

URL GET HTTP/3
dg.erovetemone.ru/ijEIiMegr3mgEKcmtUZEBh1y2ZmnsBIABIeO43p9X1PPqyvPCkmaqSgZef210
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dg.erovetemone.ru/vQMe4c/
Certificate
IssuerGoogle Trust Services
Subjecterovetemone.ru
Fingerprint87:BC:93:DB:10:A6:A5:36:C7:AF:66:4B:D1:AD:40:65:6F:34:AF:27
ValidityThu, 23 Jan 2025 04:33:05 GMT - Wed, 23 Apr 2025 05:30:16 GMT

File type
RIFF (little-endian) data, Web/P image
Size
25 kB (25216 bytes)
Hash
f9a795e2270664a7a169c73b6d84a575
0fbb60ab27ab88c064eb347d0722c8ed4cf5e8b8
d00203b2eea6e418c31baafa949ada5349a9f9b7e99fa003aec7406822693740

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /ijEIiMegr3mgEKcmtUZEBh1y2ZmnsBIABIeO43p9X1PPqyvPCkmaqSgZef210 HTTP/1.1
Host: dg.erovetemone.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dg.erovetemone.ru/vQMe4c/
Cookie: XSRF-TOKEN=eyJpdiI6Im03aW11Z2RUaEpuUzNhaThQQjlzdmc9PSIsInZhbHVlIjoicS9IaHZodmxGSDkxam1FUnhTN0I0YWNBMTd6Z3JaL0xaYVRWWC9SQnJHL2FlZTRxY29xd1pnd2Y4WGhwWHNWbTRZbXhYbjhWazZzOERhZHlGMDNMamxmREFyM1ZTbmV0eHpzRUx6ZDBXemEwdFFML1ltaTMzUjdPK1hZdHhTcEEiLCJtYWMiOiI4NzJlZmI3NzY4YzcwMzllMzE5YTM3NmZlNWQ5N2U0YWIzYzFjOTdlZDYyZGQzNTAwNDQ2MDE5NDc4YTFhZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik9lVVJnMG5ZZkdhME8wV1ZyOWVDdHc9PSIsInZhbHVlIjoiRGNxZXNqTFJZeVRVbFRxM011ODlweGN2OHcrYk1qd24yWTdNQ1k4SWxvRjZSbHZ2MVdyc1MwUXpLZndHeG55eGM2Q0tQOTIyUFpPR05IeXI0aHFnTHhRd1pGWWhRL01zWWU4ODUyV3J6dG84ekMxVHhFU3h6NEh5UHVjMitxdmEiLCJtYWMiOiIyYzg5YTQzYWM4MmM0ZmMxOWMwM2QyMzEyOGQ3MTgwODE1MjcxYmM4NmM5MDVmZTVkMTk3ZWJkZDkyYjlkN2VmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 29 Jan 2025 18:32:45 GMT
content-type: image/webp
content-length: 25216
server: cloudflare
content-disposition: inline; filename="ijEIiMegr3mgEKcmtUZEBh1y2ZmnsBIABIeO43p9X1PPqyvPCkmaqSgZef210"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yofnwE6G7wA7QWysBafnBv283u%2B7geX0X%2BvbvFJ2UKczIcUfUj2zmCmEx8pYMI06Jp%2Bgl4a0xNOi4davp2Km%2B1xL2HmHEazAwBT9NjKBqC1yCW0pvq%2FY8QE5qr%2BA8Qn16GSm7g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1281&min_rtt=1063&rtt_var=479&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2158&delivery_rate=2577375&cwnd=251&unsent_bytes=0&cid=fb595080f7b91025&ts=213&x=0"
cf-ray: 909b4e819c3db51d-OSL

dg.erovetemone.ru/opWRVgznpi4VIbHtTnAK97kMVDsDeFbLNofRoZG3uP79hyg12bbEfBtgBtRwJBRJ8BCNoy3081XxwmuBcd240

104.21.112.1

200 OK

9.6 kB

URL GET HTTP/3
dg.erovetemone.ru/opWRVgznpi4VIbHtTnAK97kMVDsDeFbLNofRoZG3uP79hyg12bbEfBtgBtRwJBRJ8BCNoy3081XxwmuBcd240
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dg.erovetemone.ru/vQMe4c/
Certificate
IssuerGoogle Trust Services
Subjecterovetemone.ru
Fingerprint87:BC:93:DB:10:A6:A5:36:C7:AF:66:4B:D1:AD:40:65:6F:34:AF:27
ValidityThu, 23 Jan 2025 04:33:05 GMT - Wed, 23 Apr 2025 05:30:16 GMT

File type
RIFF (little-endian) data, Web/P image
Size
9.6 kB (9648 bytes)
Hash
4946eb373b18d178c93d473489673bb6
16477acb73b63ca251d37401249e7e4515febd24
666bc574c9f3fb28a8ac626fa8105c187c2a313736494a06bd5a937473673c92

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /opWRVgznpi4VIbHtTnAK97kMVDsDeFbLNofRoZG3uP79hyg12bbEfBtgBtRwJBRJ8BCNoy3081XxwmuBcd240 HTTP/1.1
Host: dg.erovetemone.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dg.erovetemone.ru/vQMe4c/
Cookie: XSRF-TOKEN=eyJpdiI6Im03aW11Z2RUaEpuUzNhaThQQjlzdmc9PSIsInZhbHVlIjoicS9IaHZodmxGSDkxam1FUnhTN0I0YWNBMTd6Z3JaL0xaYVRWWC9SQnJHL2FlZTRxY29xd1pnd2Y4WGhwWHNWbTRZbXhYbjhWazZzOERhZHlGMDNMamxmREFyM1ZTbmV0eHpzRUx6ZDBXemEwdFFML1ltaTMzUjdPK1hZdHhTcEEiLCJtYWMiOiI4NzJlZmI3NzY4YzcwMzllMzE5YTM3NmZlNWQ5N2U0YWIzYzFjOTdlZDYyZGQzNTAwNDQ2MDE5NDc4YTFhZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik9lVVJnMG5ZZkdhME8wV1ZyOWVDdHc9PSIsInZhbHVlIjoiRGNxZXNqTFJZeVRVbFRxM011ODlweGN2OHcrYk1qd24yWTdNQ1k4SWxvRjZSbHZ2MVdyc1MwUXpLZndHeG55eGM2Q0tQOTIyUFpPR05IeXI0aHFnTHhRd1pGWWhRL01zWWU4ODUyV3J6dG84ekMxVHhFU3h6NEh5UHVjMitxdmEiLCJtYWMiOiIyYzg5YTQzYWM4MmM0ZmMxOWMwM2QyMzEyOGQ3MTgwODE1MjcxYmM4NmM5MDVmZTVkMTk3ZWJkZDkyYjlkN2VmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 29 Jan 2025 18:32:45 GMT
content-type: image/webp
content-length: 9648
server: cloudflare
content-disposition: inline; filename="opWRVgznpi4VIbHtTnAK97kMVDsDeFbLNofRoZG3uP79hyg12bbEfBtgBtRwJBRJ8BCNoy3081XxwmuBcd240"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QNNcCvwM83J12xvE2eFqVsvX%2BQDs0EJQ5sQguWeIUyyWwlJqD7Rq6H%2FfzwLqulr2qGaTOJ%2BnaovtRzekTWuXKrgWUuitvp02FdCShT0ADOhMVkoGykRG%2BioAoqZ7p4bwHEpP6A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1475&min_rtt=1295&rtt_var=614&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2182&delivery_rate=2199227&cwnd=251&unsent_bytes=0&cid=b69fb6491a0574ab&ts=391&x=0"
cf-ray: 909b4e819c40b51d-OSL

dg.erovetemone.ru/op3TeFCAxuqkVu01iQ9njpsFU6oaghPZjE4lCDmDasLSM8qXe67131

104.21.112.1

200 OK

892 B

URL GET HTTP/3
dg.erovetemone.ru/op3TeFCAxuqkVu01iQ9njpsFU6oaghPZjE4lCDmDasLSM8qXe67131
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dg.erovetemone.ru/vQMe4c/
Certificate
IssuerGoogle Trust Services
Subjecterovetemone.ru
Fingerprint87:BC:93:DB:10:A6:A5:36:C7:AF:66:4B:D1:AD:40:65:6F:34:AF:27
ValidityThu, 23 Jan 2025 04:33:05 GMT - Wed, 23 Apr 2025 05:30:16 GMT

File type
RIFF (little-endian) data, Web/P image
Size
892 B (892 bytes)
Hash
41d62ca205d54a78e4298367482b4e2b
839aae21ed8ecfc238fdc68b93ccb27431cd5393
20a4a780db0bcc047015a0d8037eb4eb58b3e5cb338673799c030a3e1b626b40

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /op3TeFCAxuqkVu01iQ9njpsFU6oaghPZjE4lCDmDasLSM8qXe67131 HTTP/1.1
Host: dg.erovetemone.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dg.erovetemone.ru/vQMe4c/
Cookie: XSRF-TOKEN=eyJpdiI6Im03aW11Z2RUaEpuUzNhaThQQjlzdmc9PSIsInZhbHVlIjoicS9IaHZodmxGSDkxam1FUnhTN0I0YWNBMTd6Z3JaL0xaYVRWWC9SQnJHL2FlZTRxY29xd1pnd2Y4WGhwWHNWbTRZbXhYbjhWazZzOERhZHlGMDNMamxmREFyM1ZTbmV0eHpzRUx6ZDBXemEwdFFML1ltaTMzUjdPK1hZdHhTcEEiLCJtYWMiOiI4NzJlZmI3NzY4YzcwMzllMzE5YTM3NmZlNWQ5N2U0YWIzYzFjOTdlZDYyZGQzNTAwNDQ2MDE5NDc4YTFhZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik9lVVJnMG5ZZkdhME8wV1ZyOWVDdHc9PSIsInZhbHVlIjoiRGNxZXNqTFJZeVRVbFRxM011ODlweGN2OHcrYk1qd24yWTdNQ1k4SWxvRjZSbHZ2MVdyc1MwUXpLZndHeG55eGM2Q0tQOTIyUFpPR05IeXI0aHFnTHhRd1pGWWhRL01zWWU4ODUyV3J6dG84ekMxVHhFU3h6NEh5UHVjMitxdmEiLCJtYWMiOiIyYzg5YTQzYWM4MmM0ZmMxOWMwM2QyMzEyOGQ3MTgwODE1MjcxYmM4NmM5MDVmZTVkMTk3ZWJkZDkyYjlkN2VmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 29 Jan 2025 18:32:46 GMT
content-type: image/webp
content-length: 892
server: cloudflare
content-disposition: inline; filename="op3TeFCAxuqkVu01iQ9njpsFU6oaghPZjE4lCDmDasLSM8qXe67131"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b%2FUKHItmyOQWLhEk87SQmQaO70xvnqdM9EhCh5msWTDgBdpcJyg0%2FInKuck247DpdlSnrUhyKy%2BjQ6EBJHD3bnHyU0xoDvya1BiTsdRi1aCjsLnB0zZEJgsUUCW%2FN8iS3kF33w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=75155&min_rtt=74703&rtt_var=28336&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=2151&delivery_rate=38124&cwnd=32&unsent_bytes=0&cid=46cce46ae7b464e9&ts=447&x=0"
cf-ray: 909b4e818c38b51d-OSL

ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/img/ui/forms/checkbox-sign-in-widget.png

143.204.55.87

200 OK

3.1 kB

URL GET HTTP/2
ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/img/ui/forms/checkbox-sign-in-widget.png
IP
143.204.55.87:443
ASN
#16509 AMAZON-02

Requested by
https://dg.erovetemone.ru/vQMe4c/
Certificate
IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT

File type
PNG image data, 50 x 1155, 8-bit/color RGBA, non-interlaced
Size
3.1 kB (3141 bytes)
Hash
7846b2f8c6d0a7ca69fdd3d3c294e92d
e0bb021ffdf93c68fef44de2a3b08f378b6fb50a
40810b0318131f9ba52c83a17e633a0ac476ade66ea8a914d6c4980571397665

HTTP Headers

GET /assets/js/sdk/okta-signin-widget/7.18.0/img/ui/forms/checkbox-sign-in-widget.png HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/png
content-length: 3141
date: Mon, 20 Jan 2025 09:26:31 GMT
server: nginx
last-modified: Tue, 14 May 2024 21:49:26 GMT
etag: "7846b2f8c6d0a7ca69fdd3d3c294e92d"
x-amz-meta-sha1sum: e0bb021ffdf93c68fef44de2a3b08f378b6fb50a
expires: Tue, 20 Jan 2026 09:26:31 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: iTMYM_FC65szmvGXpFOZRDdBsJZ6Yv44ywrwB95BczneHl0ctMng2w==
age: 810375
X-Firefox-Spdy: h2

ok4static.oktacdn.com/assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2

143.204.55.87

200 OK

20 kB

URL GET HTTP/2
ok4static.oktacdn.com/assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2
IP
143.204.55.87:443
ASN
#16509 AMAZON-02

Requested by
https://dg.erovetemone.ru/vQMe4c/
Certificate
IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 20416, version 2.197
Size
20 kB (20416 bytes)
Hash
d99a7377dabb55772ca9f986b0a04b57
2b5fcd8431953c44e410d0489899e74f6d2cfecc
affdba1620552b12a1a8a04467136aeb408c03fa337d20e9c38374d682d4d149

HTTP Headers

GET /assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2 HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://dg.erovetemone.ru
DNT: 1
Connection: keep-alive
Referer: https://ok4static.oktacdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/font-woff2
content-length: 20416
date: Mon, 27 Jan 2025 07:42:18 GMT
server: nginx
last-modified: Tue, 07 Nov 2023 18:56:28 GMT
etag: "d99a7377dabb55772ca9f986b0a04b57"
x-amz-meta-sha1sum: 2b5fcd8431953c44e410d0489899e74f6d2cfecc
expires: Tue, 27 Jan 2026 07:42:18 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: jyF-tvAMFrjDDiuhi-OC29TV1XgHzLHbHjeTlz2EYqqeRlLtdM3OUQ==
age: 211828
X-Firefox-Spdy: h2

ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css

143.204.55.87

200 OK

4.6 kB

URL GET HTTP/2
ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css
IP
143.204.55.87:443
ASN
#16509 AMAZON-02

Requested by
https://dg.erovetemone.ru/vQMe4c/
Certificate
IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT

File type
gzip compressed data, from Unix
Size
4.6 kB (4585 bytes)
Hash
81024da952dcf6444539ff7b030e4b37
eb6602de401bb26e75794f195b81598995965151
126c5a03de3d52a621df8bcfa30f6a7a0aa89510ca1ee217f55af428bc32e7d1

HTTP Headers

GET /assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dg.erovetemone.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css
date: Fri, 10 Jan 2025 02:18:42 GMT
server: nginx
last-modified: Thu, 14 Mar 2024 00:03:58 GMT
etag: W/"e0d37a504604ef874bad26435d62011f"
x-amz-meta-sha1sum: 4301f0d2b729ae22adece657d79eccaa25f429b1
expires: Sat, 10 Jan 2026 02:18:42 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: I9xyPjTZz-RnhA5rU50a8hO7a70KiZRSKz9DCleeOLlZi5_lBiPdlQ==
age: 1700043
X-Firefox-Spdy: h2

ok4static.oktacdn.com/assets/loginpage/font/assets/proximanova-sbold-webfont.41acb8650115f83780fc.woff2

143.204.55.87

200 OK

20 kB

URL GET HTTP/2
ok4static.oktacdn.com/assets/loginpage/font/assets/proximanova-sbold-webfont.41acb8650115f83780fc.woff2
IP
143.204.55.87:443
ASN
#16509 AMAZON-02

Requested by
https://dg.erovetemone.ru/vQMe4c/
Certificate
IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 20328, version 2.197
Size
20 kB (20328 bytes)
Hash
27429b092c0595aa8803b611bd7508f3
dd4beda27e8057403b27d1276ca9d68902692615
9b5d2290b34cd718e1e97e894d6790f92387ee50de0b3364da291e7112f412be

HTTP Headers

GET /assets/loginpage/font/assets/proximanova-sbold-webfont.41acb8650115f83780fc.woff2 HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://dg.erovetemone.ru
DNT: 1
Connection: keep-alive
Referer: https://ok4static.oktacdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/font-woff2
content-length: 20328
date: Mon, 27 Jan 2025 06:31:17 GMT
server: nginx
last-modified: Tue, 07 Nov 2023 18:54:23 GMT
etag: "27429b092c0595aa8803b611bd7508f3"
x-amz-meta-sha1sum: dd4beda27e8057403b27d1276ca9d68902692615
expires: Tue, 27 Jan 2026 06:31:17 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: w6l80isGpGddwrSI8eBvmq6JUJX5-jT2NXJRFvb2P2zKWtOEMlbexA==
age: 216089
X-Firefox-Spdy: h2

ok4static.oktacdn.com/assets/loginpage/font/assets/proximanova-light-webfont.aba797dabec6686294a9.woff2

143.204.55.87

200 OK

20 kB

URL GET HTTP/2
ok4static.oktacdn.com/assets/loginpage/font/assets/proximanova-light-webfont.aba797dabec6686294a9.woff2
IP
143.204.55.87:443
ASN
#16509 AMAZON-02

Requested by
https://dg.erovetemone.ru/vQMe4c/
Certificate
IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 20052, version 2.197
Size
20 kB (20052 bytes)
Hash
3bf194f33d52c87ea38f13e04fd41950
28b8b4bd234dde07b7ee63a6d32c6f275f03eca1
018930498a4b01e598099a6e45d7316d54c7b1411ce2b741a3b1f1b0ed4e578b

HTTP Headers

GET /assets/loginpage/font/assets/proximanova-light-webfont.aba797dabec6686294a9.woff2 HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://dg.erovetemone.ru
DNT: 1
Connection: keep-alive
Referer: https://ok4static.oktacdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/font-woff2
content-length: 20052
date: Mon, 27 Jan 2025 06:31:17 GMT
server: nginx
last-modified: Tue, 07 Nov 2023 18:58:19 GMT
etag: "3bf194f33d52c87ea38f13e04fd41950"
x-amz-meta-sha1sum: 28b8b4bd234dde07b7ee63a6d32c6f275f03eca1
expires: Tue, 27 Jan 2026 06:31:17 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: k0O6kHv_Bx3jVWZ4zly43sFpnCurVty-BcSbJfxHbfBXg08HT235eA==
age: 216089
X-Firefox-Spdy: h2

dg.erovetemone.ru/wxsh4eJrZfXMfMzcfj85OrzrsthhxILGQ4MvuFnVFmDpZb34128

104.21.112.1

200 OK

644 B

URL GET HTTP/3
dg.erovetemone.ru/wxsh4eJrZfXMfMzcfj85OrzrsthhxILGQ4MvuFnVFmDpZb34128
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dg.erovetemone.ru/vQMe4c/
Certificate
IssuerGoogle Trust Services
Subjecterovetemone.ru
Fingerprint87:BC:93:DB:10:A6:A5:36:C7:AF:66:4B:D1:AD:40:65:6F:34:AF:27
ValidityThu, 23 Jan 2025 04:33:05 GMT - Wed, 23 Apr 2025 05:30:16 GMT

File type
RIFF (little-endian) data, Web/P image
Size
644 B (644 bytes)
Hash
541b83c2195088043337e4353b6fd60d
f09630596b6713217984785a64f6ea83e91b49c5
2658b8874f0d2a12e8726df78ac8954324c3bbe4695e66bdef89195fde64322f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /wxsh4eJrZfXMfMzcfj85OrzrsthhxILGQ4MvuFnVFmDpZb34128 HTTP/1.1
Host: dg.erovetemone.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dg.erovetemone.ru/vQMe4c/
Cookie: XSRF-TOKEN=eyJpdiI6Im03aW11Z2RUaEpuUzNhaThQQjlzdmc9PSIsInZhbHVlIjoicS9IaHZodmxGSDkxam1FUnhTN0I0YWNBMTd6Z3JaL0xaYVRWWC9SQnJHL2FlZTRxY29xd1pnd2Y4WGhwWHNWbTRZbXhYbjhWazZzOERhZHlGMDNMamxmREFyM1ZTbmV0eHpzRUx6ZDBXemEwdFFML1ltaTMzUjdPK1hZdHhTcEEiLCJtYWMiOiI4NzJlZmI3NzY4YzcwMzllMzE5YTM3NmZlNWQ5N2U0YWIzYzFjOTdlZDYyZGQzNTAwNDQ2MDE5NDc4YTFhZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik9lVVJnMG5ZZkdhME8wV1ZyOWVDdHc9PSIsInZhbHVlIjoiRGNxZXNqTFJZeVRVbFRxM011ODlweGN2OHcrYk1qd24yWTdNQ1k4SWxvRjZSbHZ2MVdyc1MwUXpLZndHeG55eGM2Q0tQOTIyUFpPR05IeXI0aHFnTHhRd1pGWWhRL01zWWU4ODUyV3J6dG84ekMxVHhFU3h6NEh5UHVjMitxdmEiLCJtYWMiOiIyYzg5YTQzYWM4MmM0ZmMxOWMwM2QyMzEyOGQ3MTgwODE1MjcxYmM4NmM5MDVmZTVkMTk3ZWJkZDkyYjlkN2VmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 29 Jan 2025 18:32:46 GMT
content-type: image/webp
content-length: 644
server: cloudflare
content-disposition: inline; filename="wxsh4eJrZfXMfMzcfj85OrzrsthhxILGQ4MvuFnVFmDpZb34128"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eANhAT5dL4MPgQDYWWhSvBGNA5fzvYEmN%2BYN%2BlDFwubzzBd%2Baug9NWAHd32YJv3282tW2u8MF6%2Fr%2FXYB5D977KOmeEjahkmiVbMtaCCp2I1wu1WXxNbtx8lI5u6pWV1ARSh07Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=32488&min_rtt=32450&rtt_var=12196&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2148&delivery_rate=87765&cwnd=167&unsent_bytes=0&cid=8f833047d65891b5&ts=587&x=0"
cf-ray: 909b4e818c37b51d-OSL

dg.erovetemone.ru/stmT0R5rJbYkZZbJCOWrNYFxMMZoOVYf2OwDa6terBcWxlBmny17ppxZDajOw0VVLixEK1RPeDvDWQqgh260

104.21.112.1

200 OK

18 kB

URL GET HTTP/3
dg.erovetemone.ru/stmT0R5rJbYkZZbJCOWrNYFxMMZoOVYf2OwDa6terBcWxlBmny17ppxZDajOw0VVLixEK1RPeDvDWQqgh260
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dg.erovetemone.ru/vQMe4c/
Certificate
IssuerGoogle Trust Services
Subjecterovetemone.ru
Fingerprint87:BC:93:DB:10:A6:A5:36:C7:AF:66:4B:D1:AD:40:65:6F:34:AF:27
ValidityThu, 23 Jan 2025 04:33:05 GMT - Wed, 23 Apr 2025 05:30:16 GMT

File type
RIFF (little-endian) data, Web/P image
Size
18 kB (17842 bytes)
Hash
4b52ecdc33382c9dca874f551990e704
8f3bf8e41cd4cdddb17836b261e73f827b84341b
cce050cc3b150c0b370751021bb15018ee2b64ac369e230fe3b571a9b00d4342

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /stmT0R5rJbYkZZbJCOWrNYFxMMZoOVYf2OwDa6terBcWxlBmny17ppxZDajOw0VVLixEK1RPeDvDWQqgh260 HTTP/1.1
Host: dg.erovetemone.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dg.erovetemone.ru/vQMe4c/
Cookie: XSRF-TOKEN=eyJpdiI6Im03aW11Z2RUaEpuUzNhaThQQjlzdmc9PSIsInZhbHVlIjoicS9IaHZodmxGSDkxam1FUnhTN0I0YWNBMTd6Z3JaL0xaYVRWWC9SQnJHL2FlZTRxY29xd1pnd2Y4WGhwWHNWbTRZbXhYbjhWazZzOERhZHlGMDNMamxmREFyM1ZTbmV0eHpzRUx6ZDBXemEwdFFML1ltaTMzUjdPK1hZdHhTcEEiLCJtYWMiOiI4NzJlZmI3NzY4YzcwMzllMzE5YTM3NmZlNWQ5N2U0YWIzYzFjOTdlZDYyZGQzNTAwNDQ2MDE5NDc4YTFhZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik9lVVJnMG5ZZkdhME8wV1ZyOWVDdHc9PSIsInZhbHVlIjoiRGNxZXNqTFJZeVRVbFRxM011ODlweGN2OHcrYk1qd24yWTdNQ1k4SWxvRjZSbHZ2MVdyc1MwUXpLZndHeG55eGM2Q0tQOTIyUFpPR05IeXI0aHFnTHhRd1pGWWhRL01zWWU4ODUyV3J6dG84ekMxVHhFU3h6NEh5UHVjMitxdmEiLCJtYWMiOiIyYzg5YTQzYWM4MmM0ZmMxOWMwM2QyMzEyOGQ3MTgwODE1MjcxYmM4NmM5MDVmZTVkMTk3ZWJkZDkyYjlkN2VmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 29 Jan 2025 18:32:45 GMT
content-type: image/webp
content-length: 17842
server: cloudflare
content-disposition: inline; filename="stmT0R5rJbYkZZbJCOWrNYFxMMZoOVYf2OwDa6terBcWxlBmny17ppxZDajOw0VVLixEK1RPeDvDWQqgh260"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gg%2FgDTj9GBZVXY5GKZhFZTwUM1Rsq6LJph%2BGqtHvWVCSXpdyt%2BhK2Irw48qy84G60LsngEJlyJgUyVmv9ldxKUTV8kCcu5NhvvS%2BweZFviimnHdE%2B4efXuRsWxp7WaT9iGkqqA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1631&min_rtt=1565&rtt_var=634&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2181&delivery_rate=1819808&cwnd=251&unsent_bytes=0&cid=5aabe05629e54811&ts=484&x=0"
cf-ray: 909b4e819c41b51d-OSL

dg.erovetemone.ru/GDSherpa-regular.woff2

104.21.112.1

200 OK

29 kB

URL GET HTTP/3
dg.erovetemone.ru/GDSherpa-regular.woff2
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dg.erovetemone.ru/vQMe4c/
Certificate
IssuerGoogle Trust Services
Subjecterovetemone.ru
Fingerprint87:BC:93:DB:10:A6:A5:36:C7:AF:66:4B:D1:AD:40:65:6F:34:AF:27
ValidityThu, 23 Jan 2025 04:33:05 GMT - Wed, 23 Apr 2025 05:30:16 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28584, version 1.66
Size
29 kB (28584 bytes)
Hash
17081510f3a6f2f619ec8c6f244523c7
87f34b2a1532c50f2a424c345d03fe028db35635
2c7292014e2ef00374aeb63691d9f23159a010455784ee0b274ba7db2bcca956

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /GDSherpa-regular.woff2 HTTP/1.1
Host: dg.erovetemone.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dg.erovetemone.ru/vQMe4c/
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Im03aW11Z2RUaEpuUzNhaThQQjlzdmc9PSIsInZhbHVlIjoicS9IaHZodmxGSDkxam1FUnhTN0I0YWNBMTd6Z3JaL0xaYVRWWC9SQnJHL2FlZTRxY29xd1pnd2Y4WGhwWHNWbTRZbXhYbjhWazZzOERhZHlGMDNMamxmREFyM1ZTbmV0eHpzRUx6ZDBXemEwdFFML1ltaTMzUjdPK1hZdHhTcEEiLCJtYWMiOiI4NzJlZmI3NzY4YzcwMzllMzE5YTM3NmZlNWQ5N2U0YWIzYzFjOTdlZDYyZGQzNTAwNDQ2MDE5NDc4YTFhZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik9lVVJnMG5ZZkdhME8wV1ZyOWVDdHc9PSIsInZhbHVlIjoiRGNxZXNqTFJZeVRVbFRxM011ODlweGN2OHcrYk1qd24yWTdNQ1k4SWxvRjZSbHZ2MVdyc1MwUXpLZndHeG55eGM2Q0tQOTIyUFpPR05IeXI0aHFnTHhRd1pGWWhRL01zWWU4ODUyV3J6dG84ekMxVHhFU3h6NEh5UHVjMitxdmEiLCJtYWMiOiIyYzg5YTQzYWM4MmM0ZmMxOWMwM2QyMzEyOGQ3MTgwODE1MjcxYmM4NmM5MDVmZTVkMTk3ZWJkZDkyYjlkN2VmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 29 Jan 2025 18:32:46 GMT
content-type: font/woff2
content-length: 28584
server: cloudflare
content-disposition: inline; filename="GDSherpa-regular.woff2"
cache-control: max-age=14400
last-modified: Wed, 29 Jan 2025 18:32:45 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8hGlkw8XzRBysruf%2BVCIqWsUqkD47bmAZ0CFg%2BHzMAKKJEmiHr6CtMizarucuFMRZ1Qs98Q1qtiatDNmr4yRXrEQhfEiNO2cN80iDLm1SkR5Govxjco%2FaYiZLrcar1fLHCB%2BTg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1187&min_rtt=1171&rtt_var=345&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2140&delivery_rate=2336341&cwnd=251&unsent_bytes=0&cid=e34f3cc656859c31&ts=561&x=0"
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 909b4e817c33b51d-OSL

dg.erovetemone.ru/GDSherpa-regular.woff

104.21.112.1

200 OK

37 kB

URL GET HTTP/3
dg.erovetemone.ru/GDSherpa-regular.woff
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dg.erovetemone.ru/vQMe4c/
Certificate
IssuerGoogle Trust Services
Subjecterovetemone.ru
Fingerprint87:BC:93:DB:10:A6:A5:36:C7:AF:66:4B:D1:AD:40:65:6F:34:AF:27
ValidityThu, 23 Jan 2025 04:33:05 GMT - Wed, 23 Apr 2025 05:30:16 GMT

File type
Web Open Font Format, TrueType, length 36696, version 1.0
Size
37 kB (36696 bytes)
Hash
a69e9ab8afdd7486ec0749c551051ff2
c34e6aa327b536fb48d1fe03577a47c7ee2231b8
fd78a1913db912221b8ead1e62fad47d1ff0a9fa6cd88d3b128a721ad91d2faf

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /GDSherpa-regular.woff HTTP/1.1
Host: dg.erovetemone.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dg.erovetemone.ru/vQMe4c/
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Im03aW11Z2RUaEpuUzNhaThQQjlzdmc9PSIsInZhbHVlIjoicS9IaHZodmxGSDkxam1FUnhTN0I0YWNBMTd6Z3JaL0xaYVRWWC9SQnJHL2FlZTRxY29xd1pnd2Y4WGhwWHNWbTRZbXhYbjhWazZzOERhZHlGMDNMamxmREFyM1ZTbmV0eHpzRUx6ZDBXemEwdFFML1ltaTMzUjdPK1hZdHhTcEEiLCJtYWMiOiI4NzJlZmI3NzY4YzcwMzllMzE5YTM3NmZlNWQ5N2U0YWIzYzFjOTdlZDYyZGQzNTAwNDQ2MDE5NDc4YTFhZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik9lVVJnMG5ZZkdhME8wV1ZyOWVDdHc9PSIsInZhbHVlIjoiRGNxZXNqTFJZeVRVbFRxM011ODlweGN2OHcrYk1qd24yWTdNQ1k4SWxvRjZSbHZ2MVdyc1MwUXpLZndHeG55eGM2Q0tQOTIyUFpPR05IeXI0aHFnTHhRd1pGWWhRL01zWWU4ODUyV3J6dG84ekMxVHhFU3h6NEh5UHVjMitxdmEiLCJtYWMiOiIyYzg5YTQzYWM4MmM0ZmMxOWMwM2QyMzEyOGQ3MTgwODE1MjcxYmM4NmM5MDVmZTVkMTk3ZWJkZDkyYjlkN2VmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 29 Jan 2025 18:32:46 GMT
content-type: font/woff
content-length: 36696
server: cloudflare
content-disposition: inline; filename="GDSherpa-regular.woff"
cache-control: max-age=14400
last-modified: Wed, 29 Jan 2025 18:32:45 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=68kaFnaJDbFPhYXPFPZhhBNkbie%2FOAEz7MgT2EQBw7fnk28XFXIE2FSs4DjyrV7fiGCCy7f%2FxPY%2BJ%2FOnQ6fmtsgMHf1PXaj%2FwN0eE78lSZe%2BpQa7cV%2Flzb0xeq0rw6A5%2BtwqUw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1125&min_rtt=1111&rtt_var=427&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=2140&delivery_rate=2563456&cwnd=192&unsent_bytes=0&cid=42b4b1aeeac9afc7&ts=608&x=0"
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 909b4e817c34b51d-OSL

dg.erovetemone.ru/GDSherpa-bold.woff

104.21.112.1

200 OK

36 kB

URL GET HTTP/3
dg.erovetemone.ru/GDSherpa-bold.woff
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dg.erovetemone.ru/vQMe4c/
Certificate
IssuerGoogle Trust Services
Subjecterovetemone.ru
Fingerprint87:BC:93:DB:10:A6:A5:36:C7:AF:66:4B:D1:AD:40:65:6F:34:AF:27
ValidityThu, 23 Jan 2025 04:33:05 GMT - Wed, 23 Apr 2025 05:30:16 GMT

File type
Web Open Font Format, TrueType, length 35970, version 1.0
Size
36 kB (35970 bytes)
Hash
496b7bbde91c7dc7cf9bbabbb3921da8
2bd3c406a715ab52dad84c803c55bf4a6e66a924
ae40a04f95df12b0c364f26ab691dc0c391d394a28bcdb4aeacfaca325d0a798

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /GDSherpa-bold.woff HTTP/1.1
Host: dg.erovetemone.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dg.erovetemone.ru/vQMe4c/
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Im03aW11Z2RUaEpuUzNhaThQQjlzdmc9PSIsInZhbHVlIjoicS9IaHZodmxGSDkxam1FUnhTN0I0YWNBMTd6Z3JaL0xaYVRWWC9SQnJHL2FlZTRxY29xd1pnd2Y4WGhwWHNWbTRZbXhYbjhWazZzOERhZHlGMDNMamxmREFyM1ZTbmV0eHpzRUx6ZDBXemEwdFFML1ltaTMzUjdPK1hZdHhTcEEiLCJtYWMiOiI4NzJlZmI3NzY4YzcwMzllMzE5YTM3NmZlNWQ5N2U0YWIzYzFjOTdlZDYyZGQzNTAwNDQ2MDE5NDc4YTFhZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik9lVVJnMG5ZZkdhME8wV1ZyOWVDdHc9PSIsInZhbHVlIjoiRGNxZXNqTFJZeVRVbFRxM011ODlweGN2OHcrYk1qd24yWTdNQ1k4SWxvRjZSbHZ2MVdyc1MwUXpLZndHeG55eGM2Q0tQOTIyUFpPR05IeXI0aHFnTHhRd1pGWWhRL01zWWU4ODUyV3J6dG84ekMxVHhFU3h6NEh5UHVjMitxdmEiLCJtYWMiOiIyYzg5YTQzYWM4MmM0ZmMxOWMwM2QyMzEyOGQ3MTgwODE1MjcxYmM4NmM5MDVmZTVkMTk3ZWJkZDkyYjlkN2VmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 29 Jan 2025 18:32:46 GMT
content-type: font/woff
content-length: 35970
server: cloudflare
content-disposition: inline; filename="GDSherpa-bold.woff"
cache-control: max-age=14400
last-modified: Wed, 29 Jan 2025 18:32:45 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=niBlEtgcfORFiW%2FSCknypZhgvKlDsgTgYXKlTyekYYAtj%2FKCblQnN%2B06qbqbkEmJ6TaeZUV4jzfMfGhPJxLJeKKTTVmtPwEMZ978E1KsEQV4jSrYARFEzyYUONGp1p8o%2F%2B94ag%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1452&min_rtt=1424&rtt_var=591&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2137&delivery_rate=1723970&cwnd=237&unsent_bytes=0&cid=a2316c277e755685&ts=654&x=0"
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 909b4e817c32b51d-OSL

dg.erovetemone.ru/GDSherpa-bold.woff2

104.21.112.1

200 OK

28 kB

URL GET HTTP/3
dg.erovetemone.ru/GDSherpa-bold.woff2
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dg.erovetemone.ru/vQMe4c/
Certificate
IssuerGoogle Trust Services
Subjecterovetemone.ru
Fingerprint87:BC:93:DB:10:A6:A5:36:C7:AF:66:4B:D1:AD:40:65:6F:34:AF:27
ValidityThu, 23 Jan 2025 04:33:05 GMT - Wed, 23 Apr 2025 05:30:16 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28000, version 1.66
Size
28 kB (28000 bytes)
Hash
a4bca6c95fed0d0c5cc46cf07710dcec
73b56e33b82b42921db8702a33efd0f2b2ec9794
5a51d246af54d903f67f07f2bd820ce77736f8d08c5f1602db07469d96dbf77f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /GDSherpa-bold.woff2 HTTP/1.1
Host: dg.erovetemone.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dg.erovetemone.ru/vQMe4c/
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Im03aW11Z2RUaEpuUzNhaThQQjlzdmc9PSIsInZhbHVlIjoicS9IaHZodmxGSDkxam1FUnhTN0I0YWNBMTd6Z3JaL0xaYVRWWC9SQnJHL2FlZTRxY29xd1pnd2Y4WGhwWHNWbTRZbXhYbjhWazZzOERhZHlGMDNMamxmREFyM1ZTbmV0eHpzRUx6ZDBXemEwdFFML1ltaTMzUjdPK1hZdHhTcEEiLCJtYWMiOiI4NzJlZmI3NzY4YzcwMzllMzE5YTM3NmZlNWQ5N2U0YWIzYzFjOTdlZDYyZGQzNTAwNDQ2MDE5NDc4YTFhZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik9lVVJnMG5ZZkdhME8wV1ZyOWVDdHc9PSIsInZhbHVlIjoiRGNxZXNqTFJZeVRVbFRxM011ODlweGN2OHcrYk1qd24yWTdNQ1k4SWxvRjZSbHZ2MVdyc1MwUXpLZndHeG55eGM2Q0tQOTIyUFpPR05IeXI0aHFnTHhRd1pGWWhRL01zWWU4ODUyV3J6dG84ekMxVHhFU3h6NEh5UHVjMitxdmEiLCJtYWMiOiIyYzg5YTQzYWM4MmM0ZmMxOWMwM2QyMzEyOGQ3MTgwODE1MjcxYmM4NmM5MDVmZTVkMTk3ZWJkZDkyYjlkN2VmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 29 Jan 2025 18:32:46 GMT
content-type: font/woff2
content-length: 28000
server: cloudflare
content-disposition: inline; filename="GDSherpa-bold.woff2"
cache-control: max-age=14400
last-modified: Wed, 29 Jan 2025 18:32:45 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aXbGgpXhnI13JMZyxCbViBzUOpQ58tmqzanEfAnPp9UqfPQSgdSp5Ct%2FwxUVZjuFEYKl8c61zc0uzDmzK5HzYih4WyFDuJkEwsmCn%2F9TmpcMro34oVuUIRy3YsycG0n2rVOn9g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1401&min_rtt=1372&rtt_var=437&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2138&delivery_rate=1887342&cwnd=251&unsent_bytes=0&cid=3b6a3348992e7291&ts=698&x=0"
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 909b4e816c31b51d-OSL

dg.erovetemone.ru/kliIcMkUzvL7FqquYiEwbOzeB4P1hyqYghXQg7jeRiRHopjdabDc17RZabBFc9g9a4ab230

104.21.112.1

200 OK

1.3 kB

URL GET HTTP/3
dg.erovetemone.ru/kliIcMkUzvL7FqquYiEwbOzeB4P1hyqYghXQg7jeRiRHopjdabDc17RZabBFc9g9a4ab230
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dg.erovetemone.ru/vQMe4c/
Certificate
IssuerGoogle Trust Services
Subjecterovetemone.ru
Fingerprint87:BC:93:DB:10:A6:A5:36:C7:AF:66:4B:D1:AD:40:65:6F:34:AF:27
ValidityThu, 23 Jan 2025 04:33:05 GMT - Wed, 23 Apr 2025 05:30:16 GMT

File type
RIFF (little-endian) data, Web/P image
Size
1.3 kB (1298 bytes)
Hash
32ca2081553e969f9fdd4374134521ad
7b09924c4c3d8b6e41fe38363e342da098be4173
216fc342a469aa6a005b2eacc24622095e5282d3e9f1ae99ce54c27b92ec3587

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /kliIcMkUzvL7FqquYiEwbOzeB4P1hyqYghXQg7jeRiRHopjdabDc17RZabBFc9g9a4ab230 HTTP/1.1
Host: dg.erovetemone.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dg.erovetemone.ru/vQMe4c/
Cookie: XSRF-TOKEN=eyJpdiI6Im03aW11Z2RUaEpuUzNhaThQQjlzdmc9PSIsInZhbHVlIjoicS9IaHZodmxGSDkxam1FUnhTN0I0YWNBMTd6Z3JaL0xaYVRWWC9SQnJHL2FlZTRxY29xd1pnd2Y4WGhwWHNWbTRZbXhYbjhWazZzOERhZHlGMDNMamxmREFyM1ZTbmV0eHpzRUx6ZDBXemEwdFFML1ltaTMzUjdPK1hZdHhTcEEiLCJtYWMiOiI4NzJlZmI3NzY4YzcwMzllMzE5YTM3NmZlNWQ5N2U0YWIzYzFjOTdlZDYyZGQzNTAwNDQ2MDE5NDc4YTFhZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik9lVVJnMG5ZZkdhME8wV1ZyOWVDdHc9PSIsInZhbHVlIjoiRGNxZXNqTFJZeVRVbFRxM011ODlweGN2OHcrYk1qd24yWTdNQ1k4SWxvRjZSbHZ2MVdyc1MwUXpLZndHeG55eGM2Q0tQOTIyUFpPR05IeXI0aHFnTHhRd1pGWWhRL01zWWU4ODUyV3J6dG84ekMxVHhFU3h6NEh5UHVjMitxdmEiLCJtYWMiOiIyYzg5YTQzYWM4MmM0ZmMxOWMwM2QyMzEyOGQ3MTgwODE1MjcxYmM4NmM5MDVmZTVkMTk3ZWJkZDkyYjlkN2VmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 29 Jan 2025 18:32:46 GMT
content-type: image/webp
content-length: 1298
server: cloudflare
content-disposition: inline; filename="kliIcMkUzvL7FqquYiEwbOzeB4P1hyqYghXQg7jeRiRHopjdabDc17RZabBFc9g9a4ab230"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b8X3wbyTezY4sGd%2FWwjhfM%2FHFu0LAfWZtKrcN2VM5GDwd66e9RVSykoRoseo%2FQVwFQBrvnSvPvP%2Bf2QikC6a73h2Kqt8Rx3%2BE5PevGsKJXzMZJgDn0fGaKfEPAOp7oVFaWSNpw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=12462&min_rtt=12457&rtt_var=4683&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2168&delivery_rate=227767&cwnd=175&unsent_bytes=0&cid=19b28420bd43c6ff&ts=282&x=0"
cf-ray: 909b4e87bc69b51d-OSL

dg.erovetemone.ru/GDSherpa-vf2.woff2

104.21.112.1

200 OK

93 kB

URL GET HTTP/3
dg.erovetemone.ru/GDSherpa-vf2.woff2
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dg.erovetemone.ru/vQMe4c/
Certificate
IssuerGoogle Trust Services
Subjecterovetemone.ru
Fingerprint87:BC:93:DB:10:A6:A5:36:C7:AF:66:4B:D1:AD:40:65:6F:34:AF:27
ValidityThu, 23 Jan 2025 04:33:05 GMT - Wed, 23 Apr 2025 05:30:16 GMT

File type
Web Open Font Format (Version 2), TrueType, length 93276, version 1.0
Size
93 kB (93276 bytes)
Hash
bcd7983ea5aa57c55f6758b4977983cb
ef3a009e205229e07fb0ec8569e669b11c378ef1
6528a0bf9a836a53dfd8536e1786ba6831c9d1faa74967126fddf5b2081b858c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /GDSherpa-vf2.woff2 HTTP/1.1
Host: dg.erovetemone.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dg.erovetemone.ru/vQMe4c/
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Im03aW11Z2RUaEpuUzNhaThQQjlzdmc9PSIsInZhbHVlIjoicS9IaHZodmxGSDkxam1FUnhTN0I0YWNBMTd6Z3JaL0xaYVRWWC9SQnJHL2FlZTRxY29xd1pnd2Y4WGhwWHNWbTRZbXhYbjhWazZzOERhZHlGMDNMamxmREFyM1ZTbmV0eHpzRUx6ZDBXemEwdFFML1ltaTMzUjdPK1hZdHhTcEEiLCJtYWMiOiI4NzJlZmI3NzY4YzcwMzllMzE5YTM3NmZlNWQ5N2U0YWIzYzFjOTdlZDYyZGQzNTAwNDQ2MDE5NDc4YTFhZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik9lVVJnMG5ZZkdhME8wV1ZyOWVDdHc9PSIsInZhbHVlIjoiRGNxZXNqTFJZeVRVbFRxM011ODlweGN2OHcrYk1qd24yWTdNQ1k4SWxvRjZSbHZ2MVdyc1MwUXpLZndHeG55eGM2Q0tQOTIyUFpPR05IeXI0aHFnTHhRd1pGWWhRL01zWWU4ODUyV3J6dG84ekMxVHhFU3h6NEh5UHVjMitxdmEiLCJtYWMiOiIyYzg5YTQzYWM4MmM0ZmMxOWMwM2QyMzEyOGQ3MTgwODE1MjcxYmM4NmM5MDVmZTVkMTk3ZWJkZDkyYjlkN2VmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 29 Jan 2025 18:32:46 GMT
content-type: font/woff2
content-length: 93276
server: cloudflare
content-disposition: inline; filename="GDSherpa-vf2.woff2"
cache-control: max-age=14400
last-modified: Wed, 29 Jan 2025 18:32:45 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CXBMnOG76b2B8JjpAuR9iNhb9iVlCt3Mdt8kQxzf%2BY5NK0Roxueb5JnF%2FgyRSNqp2RDQal3IQJA%2Fzh5F5tRNc3LGfcTYyegBOLx4lo5ZcWEJSV8Wt082p99MjmHOJJOH4B8jxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1278&min_rtt=1173&rtt_var=422&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2136&delivery_rate=2413559&cwnd=241&unsent_bytes=0&cid=b14fce609b63e850&ts=776&x=0"
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 909b4e818c36b51d-OSL

dg.erovetemone.ru/GDSherpa-vf.woff2

104.21.112.1

200 OK

44 kB

URL GET HTTP/3
dg.erovetemone.ru/GDSherpa-vf.woff2
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dg.erovetemone.ru/vQMe4c/
Certificate
IssuerGoogle Trust Services
Subjecterovetemone.ru
Fingerprint87:BC:93:DB:10:A6:A5:36:C7:AF:66:4B:D1:AD:40:65:6F:34:AF:27
ValidityThu, 23 Jan 2025 04:33:05 GMT - Wed, 23 Apr 2025 05:30:16 GMT

File type
Web Open Font Format (Version 2), TrueType, length 43596, version 1.0
Size
44 kB (43596 bytes)
Hash
2a05e9e5572abc320b2b7ea38a70dcc1
d5fa2a856d5632c2469e42436159375117ef3c35
3efcb941aaddaf4aea08dab3fb97d3e904aa1b83264e64b4d5bda53bc7c798ec

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /GDSherpa-vf.woff2 HTTP/1.1
Host: dg.erovetemone.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dg.erovetemone.ru/vQMe4c/
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Im03aW11Z2RUaEpuUzNhaThQQjlzdmc9PSIsInZhbHVlIjoicS9IaHZodmxGSDkxam1FUnhTN0I0YWNBMTd6Z3JaL0xaYVRWWC9SQnJHL2FlZTRxY29xd1pnd2Y4WGhwWHNWbTRZbXhYbjhWazZzOERhZHlGMDNMamxmREFyM1ZTbmV0eHpzRUx6ZDBXemEwdFFML1ltaTMzUjdPK1hZdHhTcEEiLCJtYWMiOiI4NzJlZmI3NzY4YzcwMzllMzE5YTM3NmZlNWQ5N2U0YWIzYzFjOTdlZDYyZGQzNTAwNDQ2MDE5NDc4YTFhZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik9lVVJnMG5ZZkdhME8wV1ZyOWVDdHc9PSIsInZhbHVlIjoiRGNxZXNqTFJZeVRVbFRxM011ODlweGN2OHcrYk1qd24yWTdNQ1k4SWxvRjZSbHZ2MVdyc1MwUXpLZndHeG55eGM2Q0tQOTIyUFpPR05IeXI0aHFnTHhRd1pGWWhRL01zWWU4ODUyV3J6dG84ekMxVHhFU3h6NEh5UHVjMitxdmEiLCJtYWMiOiIyYzg5YTQzYWM4MmM0ZmMxOWMwM2QyMzEyOGQ3MTgwODE1MjcxYmM4NmM5MDVmZTVkMTk3ZWJkZDkyYjlkN2VmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 29 Jan 2025 18:32:46 GMT
content-type: font/woff2
content-length: 43596
server: cloudflare
content-disposition: inline; filename="GDSherpa-vf.woff2"
cache-control: max-age=14400
last-modified: Wed, 29 Jan 2025 18:32:45 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fZIGWEUxqUPJNgJBM1%2Bd00v0vSB8fzGaTAw8740W0K9YBI3153Wy0g9ZYyus9N8p5zhtrPxiiVoKf6uTTMef0%2F8ByT1lyfz2G%2FscryM%2Bi%2FHAx1damvwfI3BdROXbRwXNk6AP%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=9649&min_rtt=9558&rtt_var=3650&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2135&delivery_rate=297970&cwnd=167&unsent_bytes=0&cid=bdad6ee6030886b1&ts=874&x=0"
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 909b4e817c35b51d-OSL

dg.erovetemone.ru/efWCvPLXluX6KhW4c47EoRVGijxUenReKH7kpLhq78150

104.21.112.1

200 OK

270 B

URL GET HTTP/3
dg.erovetemone.ru/efWCvPLXluX6KhW4c47EoRVGijxUenReKH7kpLhq78150
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dg.erovetemone.ru/vQMe4c/
Certificate
IssuerGoogle Trust Services
Subjecterovetemone.ru
Fingerprint87:BC:93:DB:10:A6:A5:36:C7:AF:66:4B:D1:AD:40:65:6F:34:AF:27
ValidityThu, 23 Jan 2025 04:33:05 GMT - Wed, 23 Apr 2025 05:30:16 GMT

File type
SVG Scalable Vector Graphics image
Size
270 B (270 bytes)
Hash
0c09c5ea7c28d6feb4d124957dde0a0d
1b9efde2d8f0e2a3d9d5315117e597c2d622fc5e
b3c39d2c15327b7ae68940502a2d7bf457fe521e075e6e671d0340edc58bcb3a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /efWCvPLXluX6KhW4c47EoRVGijxUenReKH7kpLhq78150 HTTP/1.1
Host: dg.erovetemone.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dg.erovetemone.ru/vQMe4c/
Cookie: XSRF-TOKEN=eyJpdiI6Im03aW11Z2RUaEpuUzNhaThQQjlzdmc9PSIsInZhbHVlIjoicS9IaHZodmxGSDkxam1FUnhTN0I0YWNBMTd6Z3JaL0xaYVRWWC9SQnJHL2FlZTRxY29xd1pnd2Y4WGhwWHNWbTRZbXhYbjhWazZzOERhZHlGMDNMamxmREFyM1ZTbmV0eHpzRUx6ZDBXemEwdFFML1ltaTMzUjdPK1hZdHhTcEEiLCJtYWMiOiI4NzJlZmI3NzY4YzcwMzllMzE5YTM3NmZlNWQ5N2U0YWIzYzFjOTdlZDYyZGQzNTAwNDQ2MDE5NDc4YTFhZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik9lVVJnMG5ZZkdhME8wV1ZyOWVDdHc9PSIsInZhbHVlIjoiRGNxZXNqTFJZeVRVbFRxM011ODlweGN2OHcrYk1qd24yWTdNQ1k4SWxvRjZSbHZ2MVdyc1MwUXpLZndHeG55eGM2Q0tQOTIyUFpPR05IeXI0aHFnTHhRd1pGWWhRL01zWWU4ODUyV3J6dG84ekMxVHhFU3h6NEh5UHVjMitxdmEiLCJtYWMiOiIyYzg5YTQzYWM4MmM0ZmMxOWMwM2QyMzEyOGQ3MTgwODE1MjcxYmM4NmM5MDVmZTVkMTk3ZWJkZDkyYjlkN2VmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 29 Jan 2025 18:32:45 GMT
content-type: image/svg+xml
cf-ray: 909b4e818c39b51d-OSL
server: cloudflare
content-disposition: inline; filename="efWCvPLXluX6KhW4c47EoRVGijxUenReKH7kpLhq78150"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YHXLH3t3CYFGq4I%2FQhRzt8bkESqzB3HT3uLqQ4nXhOOQXYffAQQTayfLPXx%2B1woenxPDNxF%2BZ648bUZxuD6LsH%2FLboBdSLyXMtpOwkmCYzuBmls6SfOMWInBNUNd%2Fc7gjkcr%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1152&min_rtt=1143&rtt_var=448&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2142&delivery_rate=2332514&cwnd=216&unsent_bytes=0&cid=66dcae9676b355a1&ts=377&x=0"
vary: accept-encoding
content-encoding: br

dg.erovetemone.ru/34uep8acSB4vcCINfPzwxNgh058mTafNDrNFeY89110

104.21.112.1

200 OK

137 kB

URL GET HTTP/3
dg.erovetemone.ru/34uep8acSB4vcCINfPzwxNgh058mTafNDrNFeY89110
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dg.erovetemone.ru/vQMe4c/
Certificate
IssuerGoogle Trust Services
Subjecterovetemone.ru
Fingerprint87:BC:93:DB:10:A6:A5:36:C7:AF:66:4B:D1:AD:40:65:6F:34:AF:27
ValidityThu, 23 Jan 2025 04:33:05 GMT - Wed, 23 Apr 2025 05:30:16 GMT

File type

Size
137 kB (136817 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /34uep8acSB4vcCINfPzwxNgh058mTafNDrNFeY89110 HTTP/1.1
Host: dg.erovetemone.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dg.erovetemone.ru/vQMe4c/
Cookie: XSRF-TOKEN=eyJpdiI6Im03aW11Z2RUaEpuUzNhaThQQjlzdmc9PSIsInZhbHVlIjoicS9IaHZodmxGSDkxam1FUnhTN0I0YWNBMTd6Z3JaL0xaYVRWWC9SQnJHL2FlZTRxY29xd1pnd2Y4WGhwWHNWbTRZbXhYbjhWazZzOERhZHlGMDNMamxmREFyM1ZTbmV0eHpzRUx6ZDBXemEwdFFML1ltaTMzUjdPK1hZdHhTcEEiLCJtYWMiOiI4NzJlZmI3NzY4YzcwMzllMzE5YTM3NmZlNWQ5N2U0YWIzYzFjOTdlZDYyZGQzNTAwNDQ2MDE5NDc4YTFhZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik9lVVJnMG5ZZkdhME8wV1ZyOWVDdHc9PSIsInZhbHVlIjoiRGNxZXNqTFJZeVRVbFRxM011ODlweGN2OHcrYk1qd24yWTdNQ1k4SWxvRjZSbHZ2MVdyc1MwUXpLZndHeG55eGM2Q0tQOTIyUFpPR05IeXI0aHFnTHhRd1pGWWhRL01zWWU4ODUyV3J6dG84ekMxVHhFU3h6NEh5UHVjMitxdmEiLCJtYWMiOiIyYzg5YTQzYWM4MmM0ZmMxOWMwM2QyMzEyOGQ3MTgwODE1MjcxYmM4NmM5MDVmZTVkMTk3ZWJkZDkyYjlkN2VmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 29 Jan 2025 18:32:45 GMT
content-type: application/javascript
cf-ray: 909b4e819c42b51d-OSL
server: cloudflare
content-disposition: inline; filename="34uep8acSB4vcCINfPzwxNgh058mTafNDrNFeY89110"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3ha5Iv5r%2BubVYZwuelzUIjjE0D7gqOewwnweQfap7M%2BgfNBk7snQeu52srxd1ZQgLXbkc%2BiRS7A76DXFfEEFVa374%2Bp%2F5eKSx%2BEPDI8tHVxUvLhLhW7UiHdwNRzB99mwspWllQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1404&min_rtt=1346&rtt_var=546&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=2104&delivery_rate=2115898&cwnd=252&unsent_bytes=0&cid=766b2893b81a469a&ts=407&x=0"
vary: accept-encoding
content-encoding: br

dg.erovetemone.ru/34ju5cgkoJabdun8913

104.21.112.1

200 OK

24 kB

URL GET HTTP/3
dg.erovetemone.ru/34ju5cgkoJabdun8913
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dg.erovetemone.ru/vQMe4c/
Certificate
IssuerGoogle Trust Services
Subjecterovetemone.ru
Fingerprint87:BC:93:DB:10:A6:A5:36:C7:AF:66:4B:D1:AD:40:65:6F:34:AF:27
ValidityThu, 23 Jan 2025 04:33:05 GMT - Wed, 23 Apr 2025 05:30:16 GMT

File type
ASCII text, with very long lines (23854), with no line terminators
Size
24 kB (23854 bytes)
Hash
8025ea2266871f7af97c89d4b43dc4a6
b80f1279a6438e2325d0ece6642ba34cebd9b4d8
bad46ff2d915998c6f922bfca9b0f01b805f3b548cf038da1bf6643fe371385e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /34ju5cgkoJabdun8913 HTTP/1.1
Host: dg.erovetemone.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dg.erovetemone.ru/vQMe4c/
Cookie: XSRF-TOKEN=eyJpdiI6Im03aW11Z2RUaEpuUzNhaThQQjlzdmc9PSIsInZhbHVlIjoicS9IaHZodmxGSDkxam1FUnhTN0I0YWNBMTd6Z3JaL0xaYVRWWC9SQnJHL2FlZTRxY29xd1pnd2Y4WGhwWHNWbTRZbXhYbjhWazZzOERhZHlGMDNMamxmREFyM1ZTbmV0eHpzRUx6ZDBXemEwdFFML1ltaTMzUjdPK1hZdHhTcEEiLCJtYWMiOiI4NzJlZmI3NzY4YzcwMzllMzE5YTM3NmZlNWQ5N2U0YWIzYzFjOTdlZDYyZGQzNTAwNDQ2MDE5NDc4YTFhZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik9lVVJnMG5ZZkdhME8wV1ZyOWVDdHc9PSIsInZhbHVlIjoiRGNxZXNqTFJZeVRVbFRxM011ODlweGN2OHcrYk1qd24yWTdNQ1k4SWxvRjZSbHZ2MVdyc1MwUXpLZndHeG55eGM2Q0tQOTIyUFpPR05IeXI0aHFnTHhRd1pGWWhRL01zWWU4ODUyV3J6dG84ekMxVHhFU3h6NEh5UHVjMitxdmEiLCJtYWMiOiIyYzg5YTQzYWM4MmM0ZmMxOWMwM2QyMzEyOGQ3MTgwODE1MjcxYmM4NmM5MDVmZTVkMTk3ZWJkZDkyYjlkN2VmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 29 Jan 2025 18:32:45 GMT
content-type: text/css;charset=UTF-8
cf-ray: 909b4e816c2fb51d-OSL
server: cloudflare
content-disposition: inline; filename="34ju5cgkoJabdun8913"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EXx8OCKdsdC%2F%2Bf%2FOuMUBzf6laSF9BXYvMCsJxS%2BmP2p6VZ8TuQaXCuSgzlUKI%2Bmltz%2BlL06L54e%2B5I2joKTEankNratNN8Dn9vvK2%2B3z6FwVjLVH4Y8RSTyIiTQquI50vR2nQg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1369&min_rtt=1362&rtt_var=515&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=2109&delivery_rate=2091042&cwnd=249&unsent_bytes=0&cid=fd814ddf03b71736&ts=505&x=0"
vary: accept-encoding
content-encoding: br

dg.erovetemone.ru/klqUFMIq9b9JbPpLrgAMD4ulS1Tb9wxwjH3M46S0T2mMLkGSdd78170

104.21.112.1

200 OK

7.4 kB

URL GET HTTP/3
dg.erovetemone.ru/klqUFMIq9b9JbPpLrgAMD4ulS1Tb9wxwjH3M46S0T2mMLkGSdd78170
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dg.erovetemone.ru/vQMe4c/
Certificate
IssuerGoogle Trust Services
Subjecterovetemone.ru
Fingerprint87:BC:93:DB:10:A6:A5:36:C7:AF:66:4B:D1:AD:40:65:6F:34:AF:27
ValidityThu, 23 Jan 2025 04:33:05 GMT - Wed, 23 Apr 2025 05:30:16 GMT

File type
SVG Scalable Vector Graphics image
Size
7.4 kB (7390 bytes)
Hash
bca9b46fee32162356ba5b4783e614dc
cc09ee862df9bf86e545f9dfdf2fbd4facfa71f5
fb48e7087def752683bc9a9fe4035acf2419cebbe8b17a16e5c81699a06f6fec

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /klqUFMIq9b9JbPpLrgAMD4ulS1Tb9wxwjH3M46S0T2mMLkGSdd78170 HTTP/1.1
Host: dg.erovetemone.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dg.erovetemone.ru/vQMe4c/
Cookie: XSRF-TOKEN=eyJpdiI6Im03aW11Z2RUaEpuUzNhaThQQjlzdmc9PSIsInZhbHVlIjoicS9IaHZodmxGSDkxam1FUnhTN0I0YWNBMTd6Z3JaL0xaYVRWWC9SQnJHL2FlZTRxY29xd1pnd2Y4WGhwWHNWbTRZbXhYbjhWazZzOERhZHlGMDNMamxmREFyM1ZTbmV0eHpzRUx6ZDBXemEwdFFML1ltaTMzUjdPK1hZdHhTcEEiLCJtYWMiOiI4NzJlZmI3NzY4YzcwMzllMzE5YTM3NmZlNWQ5N2U0YWIzYzFjOTdlZDYyZGQzNTAwNDQ2MDE5NDc4YTFhZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik9lVVJnMG5ZZkdhME8wV1ZyOWVDdHc9PSIsInZhbHVlIjoiRGNxZXNqTFJZeVRVbFRxM011ODlweGN2OHcrYk1qd24yWTdNQ1k4SWxvRjZSbHZ2MVdyc1MwUXpLZndHeG55eGM2Q0tQOTIyUFpPR05IeXI0aHFnTHhRd1pGWWhRL01zWWU4ODUyV3J6dG84ekMxVHhFU3h6NEh5UHVjMitxdmEiLCJtYWMiOiIyYzg5YTQzYWM4MmM0ZmMxOWMwM2QyMzEyOGQ3MTgwODE1MjcxYmM4NmM5MDVmZTVkMTk3ZWJkZDkyYjlkN2VmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 29 Jan 2025 18:32:45 GMT
content-type: image/svg+xml
cf-ray: 909b4e818c3ab51d-OSL
server: cloudflare
content-disposition: inline; filename="klqUFMIq9b9JbPpLrgAMD4ulS1Tb9wxwjH3M46S0T2mMLkGSdd78170"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EHcVNtXPEOF2BryMsWejNOOVHoTJBG6oaKOWIgUp52iNlZf6zdJtKebahFjm%2BAJccmhQ5JoyKGtbH%2F8P3wxW8CRI93HW4A5C%2B9vKIRPuOfmHMnn5sZNjN%2FuQ0lYQMJr1Lg7vpg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=11666&min_rtt=11651&rtt_var=4399&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=2152&delivery_rate=241909&cwnd=167&unsent_bytes=0&cid=08f392f50c899ecd&ts=435&x=0"
vary: accept-encoding
content-encoding: br

ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css

143.204.55.87

200 OK

223 kB

URL GET HTTP/2
ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css
IP
143.204.55.87:443
ASN
#16509 AMAZON-02

Requested by
https://dg.erovetemone.ru/vQMe4c/
Certificate
IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT

File type

Size
223 kB (222931 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dg.erovetemone.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css
server: nginx
last-modified: Tue, 14 May 2024 21:48:24 GMT
x-amz-meta-sha1sum: 7b5499b46660a0348cc2b22cae927dcc3fda8b20
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
date: Wed, 29 Jan 2025 17:13:28 GMT
expires: Thu, 29 Jan 2026 17:13:28 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: W/"0329c939fca7c78756b94fbcd95e322b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: rYlj1uD6JyHK1_29uDNoecIZCWahjli1RVGF8UB51G9MdKDqLDOmjQ==
age: 4757
X-Firefox-Spdy: h2

dg.erovetemone.ru/ajkYxJdJ78UrWTPhJ67LL8tTLH7iq1k7JaT7UtryLitCI5cxVJy7

104.21.112.1

200 OK

4.5 kB

URL POST HTTP/3
dg.erovetemone.ru/ajkYxJdJ78UrWTPhJ67LL8tTLH7iq1k7JaT7UtryLitCI5cxVJy7
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dg.erovetemone.ru/vQMe4c/
Certificate
IssuerGoogle Trust Services
Subjecterovetemone.ru
Fingerprint87:BC:93:DB:10:A6:A5:36:C7:AF:66:4B:D1:AD:40:65:6F:34:AF:27
ValidityThu, 23 Jan 2025 04:33:05 GMT - Wed, 23 Apr 2025 05:30:16 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (4535), with no line terminators
Size
4.5 kB (4520 bytes)
Hash
283f1ad1463f43ca7f5e59720a33a17f
055e75c1d9ba219e51c0fb69b804701d884b3df0
8bbcade546b04172244451bca209bbeea1f189626798bfe9014deaed755b64b7

HTTP Headers

POST /ajkYxJdJ78UrWTPhJ67LL8tTLH7iq1k7JaT7UtryLitCI5cxVJy7 HTTP/1.1
Host: dg.erovetemone.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 53
Origin: https://dg.erovetemone.ru
DNT: 1
Connection: keep-alive
Referer: https://dg.erovetemone.ru/vQMe4c/
Cookie: XSRF-TOKEN=eyJpdiI6Im03aW11Z2RUaEpuUzNhaThQQjlzdmc9PSIsInZhbHVlIjoicS9IaHZodmxGSDkxam1FUnhTN0I0YWNBMTd6Z3JaL0xaYVRWWC9SQnJHL2FlZTRxY29xd1pnd2Y4WGhwWHNWbTRZbXhYbjhWazZzOERhZHlGMDNMamxmREFyM1ZTbmV0eHpzRUx6ZDBXemEwdFFML1ltaTMzUjdPK1hZdHhTcEEiLCJtYWMiOiI4NzJlZmI3NzY4YzcwMzllMzE5YTM3NmZlNWQ5N2U0YWIzYzFjOTdlZDYyZGQzNTAwNDQ2MDE5NDc4YTFhZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik9lVVJnMG5ZZkdhME8wV1ZyOWVDdHc9PSIsInZhbHVlIjoiRGNxZXNqTFJZeVRVbFRxM011ODlweGN2OHcrYk1qd24yWTdNQ1k4SWxvRjZSbHZ2MVdyc1MwUXpLZndHeG55eGM2Q0tQOTIyUFpPR05IeXI0aHFnTHhRd1pGWWhRL01zWWU4ODUyV3J6dG84ekMxVHhFU3h6NEh5UHVjMitxdmEiLCJtYWMiOiIyYzg5YTQzYWM4MmM0ZmMxOWMwM2QyMzEyOGQ3MTgwODE1MjcxYmM4NmM5MDVmZTVkMTk3ZWJkZDkyYjlkN2VmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 29 Jan 2025 18:32:46 GMT
content-type: application/json
cf-ray: 909b4e878c67b51d-OSL
server: cloudflare
cache-control: no-cache, private
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TzTRCq8HAngG9aJNvs2AxwbH7QZN%2FBhGTvHEA2MsQ9g%2FR09ayc%2FGE9K1XPmClLNLLgPxFSJh5fEMrcdwfdw2LS2t%2BWn4E%2BA6nK9SbCSE0bnBviag8KKQnA9AJNLiySZ9TAW65w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1135&min_rtt=1130&rtt_var=434&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2316&delivery_rate=2432109&cwnd=222&unsent_bytes=0&cid=66975df18fa65a22&ts=229&x=0"
set-cookie: XSRF-TOKEN=eyJpdiI6IjU0cHRlejJVaG5XNE5xMVk2OW5nQkE9PSIsInZhbHVlIjoieTJ0VWJBR3RXTCtNRHNjNUhvc2JSVHRRQ2Y3eVJOdjhxM1VvV0N1elFhREdKUUg5ajZmT1BCYTQzQ3gvbXhPK1F0b2xMSWxBRkt0aVNkckZFUVFPa1YyUkJQczllbERRbG56T3ZHeGgwalVqR0F3RWgvNmh2NDlVeFpGVTRQOEMiLCJtYWMiOiI3YmYxY2UxMGZkZjk4ZTk5NDFlNGUwODQ1N2ZlNjRlYzM5MGE5OTcxYTlmYmFmZDFjZmM5NzVlMmUxNGRiYTJhIiwidGFnIjoiIn0%3D; expires=Wed, 29-Jan-2025 20:32:46 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IlZzbWR0R25hdFZXc0hBSXJiNThwY3c9PSIsInZhbHVlIjoiWm10YWZUa2Uwd3daeG8zUk0yYlA4YWFZV0Z2emt1YndST0c1K1NZRThhTTloM29OOW9vTVJIRkpPTzhXNGs0RXV1c0FDaHZ4cHF2a0dOZnJtSks3Z09BcE16R3U4SGo2MnVxNExkeDFrLzlMZjBEQ0F0ME9PR3RiZFh6K0JWRzkiLCJtYWMiOiIzMWY3YjYwYmY1OTkzMjk1YWYwYTZiMjQyMmMzZTYxMzZmZWUxMjBjODYwYzJjOTdhZDFkMDJjMmM2MTc2MTQwIiwidGFnIjoiIn0%3D; expires=Wed, 29-Jan-2025 20:32:46 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
vary: accept-encoding
content-encoding: br

dg.erovetemone.ru/wxIK6YXYkWqS8pbO1gZQuCTAxaopNZbPdX1mO0ZyCbuab175

104.21.112.1

200 OK

2.9 kB

URL GET HTTP/3
dg.erovetemone.ru/wxIK6YXYkWqS8pbO1gZQuCTAxaopNZbPdX1mO0ZyCbuab175
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dg.erovetemone.ru/vQMe4c/
Certificate
IssuerGoogle Trust Services
Subjecterovetemone.ru
Fingerprint87:BC:93:DB:10:A6:A5:36:C7:AF:66:4B:D1:AD:40:65:6F:34:AF:27
ValidityThu, 23 Jan 2025 04:33:05 GMT - Wed, 23 Apr 2025 05:30:16 GMT

File type
SVG Scalable Vector Graphics image
Size
2.9 kB (2905 bytes)
Hash
e924de0d471df54b6280f3dc8b187cb8
857f03226070b502a9e06b4249710ec10be4c9e9
24ce135a31ce83ac3d62471fcc0e1a82ce6f1533c993ee59ca4e110d5f2fae33

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /wxIK6YXYkWqS8pbO1gZQuCTAxaopNZbPdX1mO0ZyCbuab175 HTTP/1.1
Host: dg.erovetemone.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dg.erovetemone.ru/vQMe4c/
Cookie: XSRF-TOKEN=eyJpdiI6Im03aW11Z2RUaEpuUzNhaThQQjlzdmc9PSIsInZhbHVlIjoicS9IaHZodmxGSDkxam1FUnhTN0I0YWNBMTd6Z3JaL0xaYVRWWC9SQnJHL2FlZTRxY29xd1pnd2Y4WGhwWHNWbTRZbXhYbjhWazZzOERhZHlGMDNMamxmREFyM1ZTbmV0eHpzRUx6ZDBXemEwdFFML1ltaTMzUjdPK1hZdHhTcEEiLCJtYWMiOiI4NzJlZmI3NzY4YzcwMzllMzE5YTM3NmZlNWQ5N2U0YWIzYzFjOTdlZDYyZGQzNTAwNDQ2MDE5NDc4YTFhZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik9lVVJnMG5ZZkdhME8wV1ZyOWVDdHc9PSIsInZhbHVlIjoiRGNxZXNqTFJZeVRVbFRxM011ODlweGN2OHcrYk1qd24yWTdNQ1k4SWxvRjZSbHZ2MVdyc1MwUXpLZndHeG55eGM2Q0tQOTIyUFpPR05IeXI0aHFnTHhRd1pGWWhRL01zWWU4ODUyV3J6dG84ekMxVHhFU3h6NEh5UHVjMitxdmEiLCJtYWMiOiIyYzg5YTQzYWM4MmM0ZmMxOWMwM2QyMzEyOGQ3MTgwODE1MjcxYmM4NmM5MDVmZTVkMTk3ZWJkZDkyYjlkN2VmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 29 Jan 2025 18:32:45 GMT
content-type: image/svg+xml
cf-ray: 909b4e818c3bb51d-OSL
server: cloudflare
content-disposition: inline; filename="wxIK6YXYkWqS8pbO1gZQuCTAxaopNZbPdX1mO0ZyCbuab175"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YvRJiomWWQVTIiuwPJXkZcIXX0onI2IXThMptF2IZpP87932te34xIiw7VPDpJutXe%2Bw98zvsFBAILCaZaCvP6FMG0wB0RlcEJVHhOYx5KgAFOHLIE5BIXrd3dQNlC9IH5UmuA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=14310&min_rtt=14283&rtt_var=4039&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2820&recv_bytes=2145&delivery_rate=199300&cwnd=177&unsent_bytes=0&cid=a0634b33736939e7&ts=298&x=0"
vary: accept-encoding
content-encoding: br

dg.erovetemone.ru/mnoVWQRVyRHfnNzsB56vywHwr566dwLsyPA0ifLPWCpSLHXkvSHOZwx213

104.21.112.1

200 OK

1.9 kB

URL GET HTTP/3
dg.erovetemone.ru/mnoVWQRVyRHfnNzsB56vywHwr566dwLsyPA0ifLPWCpSLHXkvSHOZwx213
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dg.erovetemone.ru/vQMe4c/
Certificate
IssuerGoogle Trust Services
Subjecterovetemone.ru
Fingerprint87:BC:93:DB:10:A6:A5:36:C7:AF:66:4B:D1:AD:40:65:6F:34:AF:27
ValidityThu, 23 Jan 2025 04:33:05 GMT - Wed, 23 Apr 2025 05:30:16 GMT

File type
SVG Scalable Vector Graphics image
Size
1.9 kB (1864 bytes)
Hash
4b5c228b4faba433d06ec569ed855b2d
a7d3882b93e332460e7c59510a6a811ef011983f
eb19d76cd1fad39abf0f2778991883a5cf9ff560117ce8f7c64124e71471b4ed

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /mnoVWQRVyRHfnNzsB56vywHwr566dwLsyPA0ifLPWCpSLHXkvSHOZwx213 HTTP/1.1
Host: dg.erovetemone.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dg.erovetemone.ru/vQMe4c/
Cookie: XSRF-TOKEN=eyJpdiI6Im03aW11Z2RUaEpuUzNhaThQQjlzdmc9PSIsInZhbHVlIjoicS9IaHZodmxGSDkxam1FUnhTN0I0YWNBMTd6Z3JaL0xaYVRWWC9SQnJHL2FlZTRxY29xd1pnd2Y4WGhwWHNWbTRZbXhYbjhWazZzOERhZHlGMDNMamxmREFyM1ZTbmV0eHpzRUx6ZDBXemEwdFFML1ltaTMzUjdPK1hZdHhTcEEiLCJtYWMiOiI4NzJlZmI3NzY4YzcwMzllMzE5YTM3NmZlNWQ5N2U0YWIzYzFjOTdlZDYyZGQzNTAwNDQ2MDE5NDc4YTFhZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik9lVVJnMG5ZZkdhME8wV1ZyOWVDdHc9PSIsInZhbHVlIjoiRGNxZXNqTFJZeVRVbFRxM011ODlweGN2OHcrYk1qd24yWTdNQ1k4SWxvRjZSbHZ2MVdyc1MwUXpLZndHeG55eGM2Q0tQOTIyUFpPR05IeXI0aHFnTHhRd1pGWWhRL01zWWU4ODUyV3J6dG84ekMxVHhFU3h6NEh5UHVjMitxdmEiLCJtYWMiOiIyYzg5YTQzYWM4MmM0ZmMxOWMwM2QyMzEyOGQ3MTgwODE1MjcxYmM4NmM5MDVmZTVkMTk3ZWJkZDkyYjlkN2VmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 29 Jan 2025 18:32:46 GMT
content-type: image/svg+xml
cf-ray: 909b4e87ac68b51d-OSL
server: cloudflare
content-disposition: inline; filename="mnoVWQRVyRHfnNzsB56vywHwr566dwLsyPA0ifLPWCpSLHXkvSHOZwx213"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AuNN9Wsr70orbRGvx9NdjryxOvVNjPBz1OAATNDsln%2BpSG1nD9gYhFaKGFFsPptOglhNbZDKVD3hUfRurDpSeEhppPZfgvYQ7q6Ju2FRa0zWF4f2O3oPJ7uK8KGBH3FjfVisFg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1251&min_rtt=1212&rtt_var=367&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2155&delivery_rate=2304207&cwnd=251&unsent_bytes=0&cid=d818a277d200b57a&ts=422&x=0"
vary: accept-encoding
content-encoding: br

ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/img/security/default.png

143.204.55.87

200 OK

1.8 kB

URL GET HTTP/2
ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/img/security/default.png
IP
143.204.55.87:443
ASN
#16509 AMAZON-02

Requested by
https://dg.erovetemone.ru/vQMe4c/
Certificate
IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT

File type
PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced
Size
1.8 kB (1800 bytes)
Hash
04eeeba5b3538c4524d8e6828ba2c405
8db73b75bc7547a90aebd1377852ea3bf7cbc5ea
da75c3f3ce27c081541dfb59edd7e756fefe054a9e0e976356c4b0d3778bb434

HTTP Headers

GET /assets/js/sdk/okta-signin-widget/7.18.0/img/security/default.png HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/png
content-length: 1800
date: Mon, 20 Jan 2025 09:26:31 GMT
server: nginx
last-modified: Tue, 14 May 2024 21:49:26 GMT
etag: "04eeeba5b3538c4524d8e6828ba2c405"
x-amz-meta-sha1sum: 8db73b75bc7547a90aebd1377852ea3bf7cbc5ea
expires: Tue, 20 Jan 2026 09:26:31 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: fMZ2rUSI5cwn7DDYf67W-BTGyy_rg8lhhUnNc2Rw7CidAqDum8H-9A==
age: 810375
X-Firefox-Spdy: h2

dg.erovetemone.ru/abmeZGIl1rs2KKcd30

104.21.112.1

200 OK

36 kB

URL GET HTTP/3
dg.erovetemone.ru/abmeZGIl1rs2KKcd30
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dg.erovetemone.ru/vQMe4c/
Certificate
IssuerGoogle Trust Services
Subjecterovetemone.ru
Fingerprint87:BC:93:DB:10:A6:A5:36:C7:AF:66:4B:D1:AD:40:65:6F:34:AF:27
ValidityThu, 23 Jan 2025 04:33:05 GMT - Wed, 23 Apr 2025 05:30:16 GMT

File type
ASCII text, with CRLF line terminators
Size
36 kB (35786 bytes)
Hash
38501e3fbbbd89b56aa5ba35de1a32fe
d9b31981b6f834e8480ba28fbc1cff1be772f589
a1ca6b381cb01968851c98512c6e7f6c5309a49f7a16b864813135cbff82a85b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /abmeZGIl1rs2KKcd30 HTTP/1.1
Host: dg.erovetemone.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dg.erovetemone.ru/vQMe4c/
Cookie: XSRF-TOKEN=eyJpdiI6Im03aW11Z2RUaEpuUzNhaThQQjlzdmc9PSIsInZhbHVlIjoicS9IaHZodmxGSDkxam1FUnhTN0I0YWNBMTd6Z3JaL0xaYVRWWC9SQnJHL2FlZTRxY29xd1pnd2Y4WGhwWHNWbTRZbXhYbjhWazZzOERhZHlGMDNMamxmREFyM1ZTbmV0eHpzRUx6ZDBXemEwdFFML1ltaTMzUjdPK1hZdHhTcEEiLCJtYWMiOiI4NzJlZmI3NzY4YzcwMzllMzE5YTM3NmZlNWQ5N2U0YWIzYzFjOTdlZDYyZGQzNTAwNDQ2MDE5NDc4YTFhZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik9lVVJnMG5ZZkdhME8wV1ZyOWVDdHc9PSIsInZhbHVlIjoiRGNxZXNqTFJZeVRVbFRxM011ODlweGN2OHcrYk1qd24yWTdNQ1k4SWxvRjZSbHZ2MVdyc1MwUXpLZndHeG55eGM2Q0tQOTIyUFpPR05IeXI0aHFnTHhRd1pGWWhRL01zWWU4ODUyV3J6dG84ekMxVHhFU3h6NEh5UHVjMitxdmEiLCJtYWMiOiIyYzg5YTQzYWM4MmM0ZmMxOWMwM2QyMzEyOGQ3MTgwODE1MjcxYmM4NmM5MDVmZTVkMTk3ZWJkZDkyYjlkN2VmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 29 Jan 2025 18:32:45 GMT
content-type: text/css;charset=UTF-8
cf-ray: 909b4e816c30b51d-OSL
server: cloudflare
content-disposition: inline; filename="abmeZGIl1rs2KKcd30"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k4eN9SkW8KvtU%2FBAOo%2FPz6AYP3GPFDsI5TaI34%2BDqvhZsSMe%2BGThH8DHWXOeMDxPA%2Ffb%2FqiHdk6QjgHOi4gbBq9bYhB6JRCjWtjKlMV6AR7XPalI935Ma%2F%2BLOsM%2B1MxF4XfldA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1427&min_rtt=1397&rtt_var=545&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2108&delivery_rate=2038654&cwnd=217&unsent_bytes=0&cid=bc19af7211bb62b0&ts=451&x=0"
vary: accept-encoding
content-encoding: br

dg.erovetemone.ru/pdtfqataffkfqvxqY0KWP1QC91E91YVOTZ6O9?ATAFQYQXTWQAVECLTH

104.21.112.1

200 OK

143 kB

URL GET HTTP/3
dg.erovetemone.ru/pdtfqataffkfqvxqY0KWP1QC91E91YVOTZ6O9?ATAFQYQXTWQAVECLTH
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dg.erovetemone.ru/vQMe4c/
Certificate
IssuerGoogle Trust Services
Subjecterovetemone.ru
Fingerprint87:BC:93:DB:10:A6:A5:36:C7:AF:66:4B:D1:AD:40:65:6F:34:AF:27
ValidityThu, 23 Jan 2025 04:33:05 GMT - Wed, 23 Apr 2025 05:30:16 GMT

File type
HTML document, ASCII text, with very long lines (52489), with CRLF line terminators
Size
143 kB (143364 bytes)
Hash
563a324e805e144dabd48d55f5c1caa3
ce05ba834752ca205e5bba7e49c26095508fb645
50464985e711c2f48d5964b19c207f72d63cfa316b7de5b59956aae33e018237

HTTP Headers

GET /pdtfqataffkfqvxqY0KWP1QC91E91YVOTZ6O9?ATAFQYQXTWQAVECLTH HTTP/1.1
Host: dg.erovetemone.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://dg.erovetemone.ru/vQMe4c/
Cookie: XSRF-TOKEN=eyJpdiI6IituK3hOU05UeHJwL09uL29PNnVWRkE9PSIsInZhbHVlIjoiUE0rSnRhV0VKRE5IQjEzQnJ6V3VlK0RjTHJ5YmVzVWltZTJ4SUtaZHc5K0I3SDM3VHowQzdYbGRCSkxpOHMxZEZtSXh6NnNPcFRVeUxXQVVVMUtwWDgvZ0lwY3ZNcy9aTnFhUERFTytFeEhMNHdWQ0szQmJXNDRpS3V1Yi96enUiLCJtYWMiOiIzMGVjZTAzYmY5MjJkYzJlN2U0NDhiOGUxOTBhNDE1NzU5Yjg1MGZmODM1YTgwM2Y5YWE3ZGY2MTI2MjRiZDNkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik9WZ053VGd6WUFYR0RDNEhBbURzd3c9PSIsInZhbHVlIjoiTHJMakk5cFdyaGhUZVRrcmQvb2V0Ris3UkUwMVgwc3FHZVVudXhqMERtYnZ6cE16YndoY3QvVHRaa0lucThES3UxMU1YdDZYZEhqUVhLdHd4QUw4UlNOUGNQc05PbVordERIYlU4TWd1MVM3eHBFZ3U4aTBWWVN6OHdiQlNOUUEiLCJtYWMiOiJmMjRmZWU0MDFjNzEzZjNiNjFmMjU4NGFlMzA2ODg0NWMzMmY4MjcxODBhYWQ1ZmY3NGE2ZWY1NTFlMzM5ZDNmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 29 Jan 2025 18:32:44 GMT
content-type: text/html; charset=UTF-8
cf-ray: 909b4e7b8c0fb51d-OSL
server: cloudflare
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2By8M%2FCWLUwYARhJwEAq8t4z2%2FRGhhuoKCXvnXQ3K6drIS0236VcVsa2a5eATQ1%2B7nkTSPmqeydaQrL9v7vgGzSLe9knEeNtppcVAkXtDUBwtdIi8DLXM8OnPVy%2Br0%2BpdbgTDXw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=11288&min_rtt=11196&rtt_var=4264&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2147&delivery_rate=254376&cwnd=197&unsent_bytes=0&cid=9f34946c4bc36a73&ts=283&x=0"
set-cookie: XSRF-TOKEN=eyJpdiI6Im03aW11Z2RUaEpuUzNhaThQQjlzdmc9PSIsInZhbHVlIjoicS9IaHZodmxGSDkxam1FUnhTN0I0YWNBMTd6Z3JaL0xaYVRWWC9SQnJHL2FlZTRxY29xd1pnd2Y4WGhwWHNWbTRZbXhYbjhWazZzOERhZHlGMDNMamxmREFyM1ZTbmV0eHpzRUx6ZDBXemEwdFFML1ltaTMzUjdPK1hZdHhTcEEiLCJtYWMiOiI4NzJlZmI3NzY4YzcwMzllMzE5YTM3NmZlNWQ5N2U0YWIzYzFjOTdlZDYyZGQzNTAwNDQ2MDE5NDc4YTFhZDI1IiwidGFnIjoiIn0%3D; expires=Wed, 29-Jan-2025 20:32:44 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6Ik9lVVJnMG5ZZkdhME8wV1ZyOWVDdHc9PSIsInZhbHVlIjoiRGNxZXNqTFJZeVRVbFRxM011ODlweGN2OHcrYk1qd24yWTdNQ1k4SWxvRjZSbHZ2MVdyc1MwUXpLZndHeG55eGM2Q0tQOTIyUFpPR05IeXI0aHFnTHhRd1pGWWhRL01zWWU4ODUyV3J6dG84ekMxVHhFU3h6NEh5UHVjMitxdmEiLCJtYWMiOiIyYzg5YTQzYWM4MmM0ZmMxOWMwM2QyMzEyOGQ3MTgwODE1MjcxYmM4NmM5MDVmZTVkMTk3ZWJkZDkyYjlkN2VmIiwidGFnIjoiIn0%3D; expires=Wed, 29-Jan-2025 20:32:44 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
content-encoding: br

dg.erovetemone.ru/lm74lDmPB5qq5OBXPvVofo1EPi8YOGTQulsBlyVbK242j1N5yLew

104.21.112.1

200 OK

286 B

URL POST HTTP/3
dg.erovetemone.ru/lm74lDmPB5qq5OBXPvVofo1EPi8YOGTQulsBlyVbK242j1N5yLew
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dg.erovetemone.ru/vQMe4c/
Certificate
IssuerGoogle Trust Services
Subjecterovetemone.ru
Fingerprint87:BC:93:DB:10:A6:A5:36:C7:AF:66:4B:D1:AD:40:65:6F:34:AF:27
ValidityThu, 23 Jan 2025 04:33:05 GMT - Wed, 23 Apr 2025 05:30:16 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (303), with no line terminators
Size
286 B (286 bytes)
Hash
6393701ad2695d00f29d52d3211362f2
b9cd16de7b6a1f1154f076721124d46121393de2
601443503b10dded0130d75adbafd37a4da6ca216dd94eed174fd8f0b804e4ae

HTTP Headers

POST /lm74lDmPB5qq5OBXPvVofo1EPi8YOGTQulsBlyVbK242j1N5yLew HTTP/1.1
Host: dg.erovetemone.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 6
Origin: https://dg.erovetemone.ru
DNT: 1
Connection: keep-alive
Referer: https://dg.erovetemone.ru/vQMe4c/
Cookie: XSRF-TOKEN=eyJpdiI6InFpTkZSQ0tRd2dxdm40MnR0M2phRGc9PSIsInZhbHVlIjoibnl2cmFHcFJmakZtd2FDWVF3NVp6SEtTNDVyaDlvQkx3KzNIQWNLZlRac3VnVTdWTmNtamY3RGUwaXpqdDR0ZFZVeDZERnd4NU9vZE1XMkp2cTZ5TkovT1lORi9wOTR0bXoyaEx3Q2lLRUxOazgycWxKS1ZpR0E5QjVsL0UxTWYiLCJtYWMiOiI5MjAxYzRiNTY5MGQ3ZGI5NGI5OWVhMmY4MmNkYmExM2RhZGUxZjE3NDFiNTc1YjVlZjExMTFiOWNmNjk4YTliIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Imgza0tyOFBaVjlSNzV2b0Z4US8xWnc9PSIsInZhbHVlIjoiSGhZY1JNS0U2TzYyNFlXbzVudVJLSXR0TEZRTUdqQldDYjVESDVrM3lMNFY5VERNd0s5RlZtWlIwSjVwMHlHTXE5MEI4ZUNybGkrNVVQTzFkcldVY0VIY1VIdDAxRnpFL3BkcmVNMmNEdGk2R3U0NlhPUGxlUXJnUm8reHE1cGoiLCJtYWMiOiI5YzhmMTdmMzBmYjAyOTQ5ODA4OGY2OGQ1NDkwMmIyZjVjNzQwYzIwNzk3YjkzZTc4YmJhNGNmNjM3MjQ2NTBmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 29 Jan 2025 18:32:43 GMT
content-type: text/html; charset=UTF-8
cf-ray: 909b4e780bdbb51d-OSL
server: cloudflare
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BhfdvJbomXNmPITNSiQJbqhgJpkxuUqvD55oANDVReyKeOPb4yzpxQiumDfuR9mYFaYR%2FR%2F5CTkZ6nXfbFP4UA6YwnKvhr1SzV7s8iXnT999OWXSBt2GaV1lX6zZt4bJvOqezQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1833&min_rtt=1813&rtt_var=721&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=2268&delivery_rate=1439110&cwnd=211&unsent_bytes=0&cid=c3d80e5fac9c2c0e&ts=252&x=0"
set-cookie: XSRF-TOKEN=eyJpdiI6IituK3hOU05UeHJwL09uL29PNnVWRkE9PSIsInZhbHVlIjoiUE0rSnRhV0VKRE5IQjEzQnJ6V3VlK0RjTHJ5YmVzVWltZTJ4SUtaZHc5K0I3SDM3VHowQzdYbGRCSkxpOHMxZEZtSXh6NnNPcFRVeUxXQVVVMUtwWDgvZ0lwY3ZNcy9aTnFhUERFTytFeEhMNHdWQ0szQmJXNDRpS3V1Yi96enUiLCJtYWMiOiIzMGVjZTAzYmY5MjJkYzJlN2U0NDhiOGUxOTBhNDE1NzU5Yjg1MGZmODM1YTgwM2Y5YWE3ZGY2MTI2MjRiZDNkIiwidGFnIjoiIn0%3D; expires=Wed, 29-Jan-2025 20:32:43 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6Ik9WZ053VGd6WUFYR0RDNEhBbURzd3c9PSIsInZhbHVlIjoiTHJMakk5cFdyaGhUZVRrcmQvb2V0Ris3UkUwMVgwc3FHZVVudXhqMERtYnZ6cE16YndoY3QvVHRaa0lucThES3UxMU1YdDZYZEhqUVhLdHd4QUw4UlNOUGNQc05PbVordERIYlU4TWd1MVM3eHBFZ3U4aTBWWVN6OHdiQlNOUUEiLCJtYWMiOiJmMjRmZWU0MDFjNzEzZjNiNjFmMjU4NGFlMzA2ODg0NWMzMmY4MjcxODBhYWQ1ZmY3NGE2ZWY1NTFlMzM5ZDNmIiwidGFnIjoiIn0%3D; expires=Wed, 29-Jan-2025 20:32:43 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
content-encoding: br

dg.erovetemone.ru/op4vumqyzIhPR8OaBYruvXmpBJpCdCwsuv1JejpCAezqCSWQxTvPL5omef191

104.21.112.1

200 OK

268 B

URL GET HTTP/3
dg.erovetemone.ru/op4vumqyzIhPR8OaBYruvXmpBJpCdCwsuv1JejpCAezqCSWQxTvPL5omef191
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dg.erovetemone.ru/vQMe4c/
Certificate
IssuerGoogle Trust Services
Subjecterovetemone.ru
Fingerprint87:BC:93:DB:10:A6:A5:36:C7:AF:66:4B:D1:AD:40:65:6F:34:AF:27
ValidityThu, 23 Jan 2025 04:33:05 GMT - Wed, 23 Apr 2025 05:30:16 GMT

File type
SVG Scalable Vector Graphics image
Size
268 B (268 bytes)
Hash
1318aafc1fb9ded0c623e5b9a557e6df
0917cdd7633cd1642b02b2b785416ec7e5106dcc
d86660a84daa211b121ec9fe0df83d6b945f61b888384391eabc7d6b4e941dc4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /op4vumqyzIhPR8OaBYruvXmpBJpCdCwsuv1JejpCAezqCSWQxTvPL5omef191 HTTP/1.1
Host: dg.erovetemone.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dg.erovetemone.ru/vQMe4c/
Cookie: XSRF-TOKEN=eyJpdiI6Im03aW11Z2RUaEpuUzNhaThQQjlzdmc9PSIsInZhbHVlIjoicS9IaHZodmxGSDkxam1FUnhTN0I0YWNBMTd6Z3JaL0xaYVRWWC9SQnJHL2FlZTRxY29xd1pnd2Y4WGhwWHNWbTRZbXhYbjhWazZzOERhZHlGMDNMamxmREFyM1ZTbmV0eHpzRUx6ZDBXemEwdFFML1ltaTMzUjdPK1hZdHhTcEEiLCJtYWMiOiI4NzJlZmI3NzY4YzcwMzllMzE5YTM3NmZlNWQ5N2U0YWIzYzFjOTdlZDYyZGQzNTAwNDQ2MDE5NDc4YTFhZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik9lVVJnMG5ZZkdhME8wV1ZyOWVDdHc9PSIsInZhbHVlIjoiRGNxZXNqTFJZeVRVbFRxM011ODlweGN2OHcrYk1qd24yWTdNQ1k4SWxvRjZSbHZ2MVdyc1MwUXpLZndHeG55eGM2Q0tQOTIyUFpPR05IeXI0aHFnTHhRd1pGWWhRL01zWWU4ODUyV3J6dG84ekMxVHhFU3h6NEh5UHVjMitxdmEiLCJtYWMiOiIyYzg5YTQzYWM4MmM0ZmMxOWMwM2QyMzEyOGQ3MTgwODE1MjcxYmM4NmM5MDVmZTVkMTk3ZWJkZDkyYjlkN2VmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 29 Jan 2025 18:32:46 GMT
content-type: image/svg+xml
cf-ray: 909b4e818c3cb51d-OSL
server: cloudflare
content-disposition: inline; filename="op4vumqyzIhPR8OaBYruvXmpBJpCdCwsuv1JejpCAezqCSWQxTvPL5omef191"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F%2FdgHTkvD8eRN%2FfAYKlohrPnVlR%2FyhJt3JMixkFpX9dLZJLN5bbvSdaPhZh5NBccc1PhCX0TfRxzfjru2QH8j9ZI%2FygZgbcTkkmmTEMgDKYN2r8wg639ZgSO9yUJ7hnmFjnxSg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=12853&min_rtt=12838&rtt_var=4845&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2158&delivery_rate=219736&cwnd=187&unsent_bytes=0&cid=503c78b11d3a62e8&ts=1425&x=0"
vary: accept-encoding
content-encoding: br

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (17)

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations