Report - bmsecondhandcateringequipment.co.uk/newcastle/aHg7mJxz0N/ZGJ1cmdveW5lQHNsdXJwbWFpbC5uZXQ=

Report Overview

Visitedpublic

2025-05-20 18:07:54

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
code.jquery.com	634	2005-12-10	2012-05-21	2025-05-14	427 B	90 kB	151.101.194.137
cdnjs.cloudflare.com	235	2009-02-17	2012-05-23	2025-05-14	455 B	49 kB	104.17.25.14
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-05-14	535 B	16 kB	142.250.74.35
www.gstatic.com	unknown	2008-02-11	2012-05-29	2025-05-14	455 B	3.0 kB	142.250.74.99
bmsecondhandcateringequipment.co.uk	unknown	2021-09-02	2025-05-20	2025-05-20	557 B	68 kB	162.222.226.202
r6kqp.hrjlfvlwng.ru	unknown	2025-05-07	2025-05-20	2025-05-20	1.7 kB	70 kB	104.21.56.70
unpkg.com	11693	2016-01-06	2016-01-07	2025-05-14	436 B	2.1 kB	104.18.1.22

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (7)

	URL	From	Size	First Seen	Last Seen
	r6kqp.hrjlfvlwng.ru/Gz5yqh4WfVQhB!kU/*dburgoyne%40slurpmail.net	ScriptElement	3.5 kB	2025-05-20	2025-05-20
URL r6kqp.hrjlfvlwng.ru/Gz5yqh4WfVQhB!kU/*dburgoyne%40slurpmail.net IP / ASN 104.21.56.70 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2025-05-20 Last Seen 2025-05-20 Times Seen 1 Size 3.5 kB (3509 bytes) MD5 85c045897920967387d5fcda2da34759 SHA1 6615d9b54cdc42f2eb0eac1beee58971f8fa3177 SHA256 569e4e0bf45ab729ecfb87794c2485aff76a5cd7389d14a6e0cd6c247cef6c6e Format Code Loading...

	r6kqp.hrjlfvlwng.ru/Gz5yqh4WfVQhB!kU/*dburgoyne%40slurpmail.net	ScriptElement	3.7 kB	2025-05-20	2025-05-20
URL r6kqp.hrjlfvlwng.ru/Gz5yqh4WfVQhB!kU/*dburgoyne%40slurpmail.net IP / ASN 104.21.56.70 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2025-05-20 Last Seen 2025-05-20 Times Seen 1 Size 3.7 kB (3726 bytes) MD5 992a5c8fd3814e0efc32e810c6ba9874 SHA1 cf147120deacce4acd1771255f9466977dfc597c SHA256 fd8d4167ee4a82f12a0cdef22f5d4a742236a91db7316a2893ddb3ae246b054c Format Code Loading...

	r6kqp.hrjlfvlwng.ru/Gz5yqh4WfVQhB!kU/*dburgoyne%40slurpmail.net	Eval	1.7 kB	2025-05-20	2025-05-20
URL r6kqp.hrjlfvlwng.ru/Gz5yqh4WfVQhB!kU/*dburgoyne%40slurpmail.net IP / ASN 104.21.56.70 #13335 CLOUDFLARENET Introduced by Eval Embedded false Resource Info First Seen 2025-05-20 Last Seen 2025-05-20 Times Seen 1 Size 1.7 kB (1745 bytes) MD5 600e62e30a96df5b8c165331937362df SHA1 7169b5086899992216ad4c736164295f7a2462e5 SHA256 5f29013640adf33ef41102644576cc9749218b36ac901a3abe41485f582af9e0 Format Code Loading...

	unpkg.com/base91-js@1.0.8/dist/base91.min.js	ScriptElement	1.2 kB	2025-05-16	2025-08-02
URL unpkg.com/base91-js@1.0.8/dist/base91.min.js IP / ASN 104.18.1.22 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2025-05-16 Last Seen 2025-08-02 Times Seen 2809 Size 1.2 kB (1214 bytes) MD5 0d75fe206c30e00fd18a59127c54597c SHA1 196624cf693db8feb517bc2cf67e0eac1518d4da SHA256 fcce61c7dd31c8c9ad070ea56f736de984faec247102eae943cd603aba5c057f Format Code Loading...

	r6kqp.hrjlfvlwng.ru/Gz5yqh4WfVQhB!kU/*dburgoyne%40slurpmail.net	Eval	1.9 kB	2025-05-20	2025-05-20
URL r6kqp.hrjlfvlwng.ru/Gz5yqh4WfVQhB!kU/*dburgoyne%40slurpmail.net IP / ASN 104.21.56.70 #13335 CLOUDFLARENET Introduced by Eval Embedded false Resource Info First Seen 2025-05-20 Last Seen 2025-05-20 Times Seen 1 Size 1.9 kB (1870 bytes) MD5 df29a55a75aee68e81d3c0648b204439 SHA1 6050029b41cf5191e174dbb5d509a5111d0bf680 SHA256 7902c6493fa2444aa2697a1b16ba27e24f7fa68eb4d94e632fb00013d2a4ad0c Format Code Loading...

	code.jquery.com/jquery-3.6.0.min.js	ScriptElement	90 kB	2023-03-07	2025-08-02
URL code.jquery.com/jquery-3.6.0.min.js IP / ASN 151.101.194.137 #54113 FASTLY Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-02 Times Seen 263495 Size 90 kB (89501 bytes) MD5 8fb8fee4fcc3cc86ff6c724154c49c42 SHA1 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 SHA256 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Format Code Loading...

	cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js	ScriptElement	48 kB	2023-03-07	2025-08-02
URL cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js IP / ASN 104.17.25.14 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-02 Times Seen 133047 Size 48 kB (48316 bytes) MD5 2ca03ad87885ab983541092b87adb299 SHA1 1a17f60bf776a8c468a185c1e8e985c41a50dc27 SHA256 8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762 Format Code Loading...

HTTP Transactions (8)

URL IP Response Size

GET www.gstatic.com/recaptcha/api2/logo_48.png

142.250.74.99

200 OK

2.2 kB

URL

www.gstatic.com/recaptcha/api2/logo_48.png

IP / ASN

142.250.74.99

#15169 GOOGLE

Requested byhttps://r6kqp.hrjlfvlwng.ru/Gz5yqh4WfVQhB!kU/*dburgoyne%40slurpmail.net

Resource Info

File typePNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced

First Seen2023-04-05

Last Seen2025-08-02

Times Seen185288

Size2.2 kB (2228 bytes)

MD5ef9941290c50cd3866e2ba6b793f010d

SHA14736508c795667dcea21f8d864233031223b7832

SHA2561b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Certificate Info

IssuerGoogle Trust Services

Subject*.gstatic.com

Fingerprint15:8B:D4:EA:7E:CB:34:1B:6F:2E:20:9E:39:44:7A:D6:D7:30:26:AB

ValidityMon, 21 Apr 2025 08:41:49 GMT - Mon, 14 Jul 2025 08:41:48 GMT

HTTP Headers

GET /recaptcha/api2/logo_48.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://r6kqp.hrjlfvlwng.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 2228
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 15 May 2025 10:27:36 GMT
expires: Thu, 22 May 2025 10:27:36 GMT
cache-control: public, max-age=604800
age: 459587
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET bmsecondhandcateringequipment.co.uk/newcastle/aHg7mJxz0N/ZGJ1cmdveW5lQHNsdXJwbWFpbC5uZXQ=

162.222.226.202

302 Found

68 kB

URL

bmsecondhandcateringequipment.co.uk/newcastle/aHg7mJxz0N/ZGJ1cmdveW5lQHNsdXJwbWFpbC5uZXQ=

IP / ASN

162.222.226.202

#46606 UNIFIEDLAYER-AS-1

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5608801

Size68 kB (67749 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectbmsecondhandcateringequipment.co.uk

FingerprintE4:B5:15:EF:3D:76:EA:B1:41:CB:46:53:B4:6B:A4:60:76:D6:FB:61

ValidityFri, 04 Apr 2025 00:10:44 GMT - Thu, 03 Jul 2025 00:10:43 GMT

HTTP Headers

GET /newcastle/aHg7mJxz0N/ZGJ1cmdveW5lQHNsdXJwbWFpbC5uZXQ= HTTP/1.1
Host: bmsecondhandcateringequipment.co.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
content-security-policy: default-src 'self';
location: https://R6KqP.hrjlfvlwng.ru/Gz5yqh4WfVQhB!kU/*dburgoyne%40slurpmail.net
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 20 May 2025 18:07:21 GMT
server: Apache
X-Firefox-Spdy: h2

GET r6kqp.hrjlfvlwng.ru/Gz5yqh4WfVQhB!kU/*dburgoyne%40slurpmail.net

104.21.56.70

200 OK

68 kB

URL

r6kqp.hrjlfvlwng.ru/Gz5yqh4WfVQhB!kU/*dburgoyne%40slurpmail.net

IP / ASN

104.21.56.70

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (42297)

First Seen2025-05-20

Last Seen2025-05-20

Times Seen1

Size68 kB (67749 bytes)

MD568124d8a5dad5ee153bf5c9e1b468504

SHA14bd02e6f02024c10f18d3e4a646ece4dc97dd2c6

SHA25650890f6ff4dbbaed8de899185a2114304f84d24ae02033e2a7e6a4b036abb609

Certificate Info

IssuerGoogle Trust Services

Subjecthrjlfvlwng.ru

FingerprintAB:02:B2:64:9F:22:A9:B4:69:5E:6B:7C:3A:69:71:7C:9F:D8:95:6D

ValidityWed, 07 May 2025 12:37:44 GMT - Tue, 05 Aug 2025 13:35:51 GMT

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Anti-debugging code
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /Gz5yqh4WfVQhB!kU/*dburgoyne%40slurpmail.net HTTP/1.1
Host: r6kqp.hrjlfvlwng.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 20 May 2025 18:07:22 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bznABdjYQVY3Fale7UVPJWgc%2BUCfTpRNwWeyvNdBJw2i9l73jV5uy3IrSj63htjgl22%2FruRQKu%2BmT2E9wS9RGrZiBXwZCRfyWDsikP15A3EvxBmCyAp2LAseYrYTLn8Zk%2Bbw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=11532&min_rtt=11428&rtt_var=4360&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2819&recv_bytes=1430&delivery_rate=249212&cwnd=252&unsent_bytes=0&cid=8fb941abc8ab324a&ts=248&x=0"
content-encoding: br
set-cookie: XSRF-TOKEN=eyJpdiI6ImhlNjNhUDA2UTlqMEd0dHdFeU82U0E9PSIsInZhbHVlIjoiOThqTnBFNjczSlVMV3RmMmtRVlA5WS9sL2U3bFR6MmhLMUZZTHh6MXYyRlAxMUh4b1NJVGgwQ0NVN21lQkxHMFFSR1JkdXl6aTBSNnpmQ0dKVDk4VllvQ05LVE5wZ1JsUTZ4bHdzNEl6VnRnOHhpOHZXRnRtNndPd3UrQVBsZEMiLCJtYWMiOiIwZDU2NmI5MWY0YTAyNTRmMzc0NjAyMTJhNmU3ZjI2ZjdkZThiODQ0ZWE3YTA5OGIwNzViN2EzMjU0M2M5YWU3IiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 20 May 2025 20:07:22 GMT
laravel_session=eyJpdiI6IjFLa3MwdGdwYkV4QzNSOWZNTkdmNmc9PSIsInZhbHVlIjoiYVUrUmU5aFhuOC9saThqRlNHMVZNZU1OUFRKM00wSlBZK1llb21EODBsTVkwOW5WSkNQMzE1TURuei9yQmNydkpYYnc3TmRlOEZkbVdSMXE2d1h4c25XMFZzM25sVHZMLzBmM2phOVp4YWV6YVVET000ZzlVYXNxUTZETVR3RGUiLCJtYWMiOiI0NGU3ZGQ0NDAxZGJjOGM5M2FmNzU0ZTA3MzRiZTVhNDNlM2Q4N2U3ZDFjZGViNDY5NjExMGIzMTU4ZDU0ZDUwIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 20 May 2025 20:07:22 GMT
cf-ray: 942dc5f31e4dfff1-AMS
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET unpkg.com/base91-js@1.0.8/dist/base91.min.js

104.18.1.22

200 OK

1.2 kB

URL

unpkg.com/base91-js@1.0.8/dist/base91.min.js

IP / ASN

104.18.1.22

#13335 CLOUDFLARENET

Requested byhttps://r6kqp.hrjlfvlwng.ru/Gz5yqh4WfVQhB!kU/*dburgoyne%40slurpmail.net

Resource Info

File typeJavaScript source, ASCII text, with very long lines (1213)

First Seen2025-05-16

Last Seen2025-08-02

Times Seen2809

Size1.2 kB (1214 bytes)

MD50d75fe206c30e00fd18a59127c54597c

SHA1196624cf693db8feb517bc2cf67e0eac1518d4da

SHA256fcce61c7dd31c8c9ad070ea56f736de984faec247102eae943cd603aba5c057f

Certificate Info

IssuerGoogle Trust Services

Subjectunpkg.com

Fingerprint6A:50:E9:D4:F9:DB:BA:3A:76:D2:D3:E2:A2:6D:16:12:07:9D:D4:DA

ValidityTue, 29 Apr 2025 07:12:06 GMT - Mon, 28 Jul 2025 08:12:03 GMT

HTTP Headers

GET /base91-js@1.0.8/dist/base91.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://r6kqp.hrjlfvlwng.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 20 May 2025 18:07:23 GMT
content-type: text/javascript; charset=utf-8
cf-ray: 942dc5fb4a88712d-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 330048
cache-control: public, max-age=31536000
expires: Wed, 20 May 2026 18:07:23 GMT
last-modified: Fri, 16 May 2025 20:57:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 fly.io, 1.1 fly.io
access-control-allow-headers: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-expose-headers: *
content-digest: sha256=:/M5hx90xyMmtBw6lb3Nt6YT67CRxAurpQ81gOrpcBX8=:
cross-origin-resource-policy: cross-origin
fly-request-id: 01JVDE78TSGHEBTM656X2XQEH6-ord
x-content-type-options: nosniff
server: cloudflare
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET code.jquery.com/jquery-3.6.0.min.js

151.101.194.137

200 OK

90 kB

URL

code.jquery.com/jquery-3.6.0.min.js

IP / ASN

151.101.194.137

#54113 FASTLY

Requested byhttps://r6kqp.hrjlfvlwng.ru/Gz5yqh4WfVQhB!kU/*dburgoyne%40slurpmail.net

Resource Info

File typeJavaScript source, ASCII text, with very long lines (65447)

First Seen2023-03-07

Last Seen2025-08-02

Times Seen263495

Size90 kB (89501 bytes)

MD58fb8fee4fcc3cc86ff6c724154c49c42

SHA1b82d238d4e31fdf618bae8ac11a6c812c03dd0d4

SHA256ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Certificate Info

IssuerSectigo Limited

Subject*.jquery.com

FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5

ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://r6kqp.hrjlfvlwng.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 20 May 2025 18:07:23 GMT
age: 1832725
x-served-by: cache-lga21931-LGA, cache-hel1410021-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 414382
x-timer: S1747764443.460216,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

104.17.25.14

200 OK

48 kB

URL

cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

IP / ASN

104.17.25.14

#13335 CLOUDFLARENET

Requested byhttps://r6kqp.hrjlfvlwng.ru/Gz5yqh4WfVQhB!kU/*dburgoyne%40slurpmail.net

Resource Info

File typeJavaScript source, ASCII text, with very long lines (48316), with no line terminators

First Seen2023-03-07

Last Seen2025-08-02

Times Seen133047

Size48 kB (48316 bytes)

MD52ca03ad87885ab983541092b87adb299

SHA11a17f60bf776a8c468a185c1e8e985c41a50dc27

SHA2568e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762

Certificate Info

IssuerGoogle Trust Services

Subjectcdnjs.cloudflare.com

Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC

ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT

HTTP Headers

GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://r6kqp.hrjlfvlwng.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 20 May 2025 18:07:23 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
server: cloudflare
strict-transport-security: max-age=15780000
cf-ray: 942dc5fb49845694-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 518153
expires: Sun, 10 May 2026 18:07:23 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FOWY74F%2FLaqzpKjF%2B1nWSHacAI7Va3b0WW5CEeygq%2BDjRz%2FPU85tQZ%2FYgR8SWyz3c0rLKff63ly9EtQwFxxKUzfTELwYxTgeFa389VaLF7oJmsdnB7Wq3v%2Bag%2BPRfkdNCnC6Sfk0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.35

200 OK

15 kB

URL

fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

IP / ASN

142.250.74.35

#15169 GOOGLE

Requested byhttps://r6kqp.hrjlfvlwng.ru/Gz5yqh4WfVQhB!kU/*dburgoyne%40slurpmail.net

Resource Info

File typeWeb Open Font Format (Version 2), TrueType, length 15344, version 1.0

First Seen0001-01-01

Last Seen2025-08-02

Times Seen255324

Size15 kB (15344 bytes)

MD55d4aeb4e5f5ef754e307d7ffaef688bd

SHA106db651cdf354c64a7383ea9c77024ef4fb4cef8

SHA2563e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Certificate Info

IssuerGoogle Trust Services

Subject*.gstatic.com

Fingerprint15:8B:D4:EA:7E:CB:34:1B:6F:2E:20:9E:39:44:7A:D6:D7:30:26:AB

ValidityMon, 21 Apr 2025 08:41:49 GMT - Mon, 14 Jul 2025 08:41:48 GMT

HTTP Headers

GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://r6kqp.hrjlfvlwng.ru
DNT: 1
Connection: keep-alive
Referer: https://r6kqp.hrjlfvlwng.ru/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 15 May 2025 09:35:39 GMT
expires: Fri, 15 May 2026 09:35:39 GMT
cache-control: public, max-age=31536000
age: 462704
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET r6kqp.hrjlfvlwng.ru/favicon.ico

104.21.56.70

404 Not Found

0 B

URL

r6kqp.hrjlfvlwng.ru/favicon.ico

IP / ASN

104.21.56.70

#13335 CLOUDFLARENET

Requested byhttps://r6kqp.hrjlfvlwng.ru/Gz5yqh4WfVQhB!kU/*dburgoyne%40slurpmail.net

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5608801

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subjecthrjlfvlwng.ru

FingerprintAB:02:B2:64:9F:22:A9:B4:69:5E:6B:7C:3A:69:71:7C:9F:D8:95:6D

ValidityWed, 07 May 2025 12:37:44 GMT - Tue, 05 Aug 2025 13:35:51 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: r6kqp.hrjlfvlwng.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://r6kqp.hrjlfvlwng.ru/Gz5yqh4WfVQhB!kU/*dburgoyne%40slurpmail.net
Cookie: XSRF-TOKEN=eyJpdiI6ImhlNjNhUDA2UTlqMEd0dHdFeU82U0E9PSIsInZhbHVlIjoiOThqTnBFNjczSlVMV3RmMmtRVlA5WS9sL2U3bFR6MmhLMUZZTHh6MXYyRlAxMUh4b1NJVGgwQ0NVN21lQkxHMFFSR1JkdXl6aTBSNnpmQ0dKVDk4VllvQ05LVE5wZ1JsUTZ4bHdzNEl6VnRnOHhpOHZXRnRtNndPd3UrQVBsZEMiLCJtYWMiOiIwZDU2NmI5MWY0YTAyNTRmMzc0NjAyMTJhNmU3ZjI2ZjdkZThiODQ0ZWE3YTA5OGIwNzViN2EzMjU0M2M5YWU3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFLa3MwdGdwYkV4QzNSOWZNTkdmNmc9PSIsInZhbHVlIjoiYVUrUmU5aFhuOC9saThqRlNHMVZNZU1OUFRKM00wSlBZK1llb21EODBsTVkwOW5WSkNQMzE1TURuei9yQmNydkpYYnc3TmRlOEZkbVdSMXE2d1h4c25XMFZzM25sVHZMLzBmM2phOVp4YWV6YVVET000ZzlVYXNxUTZETVR3RGUiLCJtYWMiOiI0NGU3ZGQ0NDAxZGJjOGM5M2FmNzU0ZTA3MzRiZTVhNDNlM2Q4N2U3ZDFjZGViNDY5NjExMGIzMTU4ZDU0ZDUwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Tue, 20 May 2025 18:07:23 GMT
content-type: text/html; charset=UTF-8
cf-ray: 942dc5fdcbb0fe9b-AMS
server: cloudflare
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IcrATOychNJUAX5qN%2BDP%2FLWU6RS7eFTd9BXCaOFURkbg%2ByIgQ6i5ggmyfCaYpxm0d8uaxmmeDA3%2BWBC9xln1jUqPA8z9rJrL9IMqTx8E7O3tWzKemTFoLq%2FUmYI%2B6WAegQox"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server-timing: cfL4;desc="?proto=TCP&rtt=10402&min_rtt=10276&rtt_var=3944&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=2144&delivery_rate=277150&cwnd=251&unsent_bytes=0&cid=1c1c9d20f5bac9d4&ts=416&x=0", cfL4;desc="?proto=QUIC&rtt=27383&min_rtt=19247&rtt_var=11900&sent=17&recv=14&lost=0&retrans=0&sent_bytes=3987&recv_bytes=2124&delivery_rate=107854&cwnd=12000&unsent_bytes=0&cid=4885f0e9dee293b9&ts=751&x=16"
age: 140
cache-control: max-age=14400
content-encoding: br
alt-svc: h3=":443"; ma=86400