Report - worldwinnerit.com/wp-includes/images/re/goldenrulephc.com/YmVyZ2Vzb25AZ29sZGVucnVsZXBoYy5jb20=?utm_campaign=Spently%20Order%20Confirmation%20Email&utm_medium=notification_email&utm

Report Overview

Visited public
2023-09-22 19:50:20
Tags
phishing microsoft outlook
URL
worldwinnerit.com/wp-includes/images/re/goldenrulephc.com/YmVyZ2Vzb25AZ29sZGVucnVsZXBoYy5jb20=?utm_campaign=Spently%20Order%20Confirmation%20Email&utm_medium=notification_email&utm_source=spently
Finishing URL
khevyak.qcnztau.ru/u73aa7am4p#bergeson@goldenrulephc.com
IP / ASN
198.54.115.68
#22612 NAMECHEAP-NET
Title
Sign in to your Microsoft account
Phishing - Microsoft Outlook

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ipinfo.io	8136	2013-04-23	2013-12-16 08:25:53	2023-09-22 06:00:08	466 B	796 B	34.117.59.81
zerossl.ocsp.sectigo.com	4049	2018-08-16	2020-05-09 21:05:29	2023-09-22 05:56:35	338 B	1.2 kB	104.18.15.101
worldwinnerit.com	unknown	2022-11-07	2022-11-07 12:38:27	2023-08-22 19:58:17	651 B	228 B	198.54.115.68
code.jquery.com	634	2005-12-10	2012-05-21 19:28:02	2023-09-22 05:24:08	414 B	32 kB	151.101.130.137
devcraftingsolutions.com	unknown	2023-09-06	2023-09-06 19:49:54	2023-09-22 20:36:45	9.9 kB	357 kB	172.67.74.198
aadcdn.msauth.net	1421	2018-10-25	2018-11-19 11:50:03	2023-09-22 05:38:50	500 B	1.6 kB	13.107.246.53
khevyak.qcnztau.ru	unknown	unknown	No data	No data	3.6 kB	10 kB	188.114.96.1
logincdn.msauth.net	2330	2018-10-25	2019-04-23 03:13:28	2023-09-22 18:31:26	504 B	1.0 kB	192.229.221.185
r39vx6.ru	unknown	2023-09-11	2023-09-11 21:32:42	2023-09-22 18:03:55	864 B	1.9 kB	172.67.219.159
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20 07:02:03	2023-09-22 05:16:55	3.0 kB	187 kB	104.17.2.184
aadcdn.msftauth.net	1455	2018-10-25	2018-11-19 11:50:32	2023-09-22 06:01:41	1.5 kB	6.2 kB	152.199.23.37
adfs.heart.org	unknown	1995-01-12	2016-10-10 20:42:57	2023-09-22 18:03:55	440 B	6.9 kB	69.152.183.140

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-09-22 19:50:11	medium	Client IP	34.117.59.81	ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

Scan Date	Severity	Indicator	Alert
2023-09-22	medium	devcraftingsolutions.com	Sinkholed
2023-09-22	medium	devcraftingsolutions.com	Sinkholed
2023-09-22	medium	devcraftingsolutions.com	Sinkholed
2023-09-22	medium	devcraftingsolutions.com	Sinkholed
2023-09-22	medium	devcraftingsolutions.com	Sinkholed
2023-09-22	medium	devcraftingsolutions.com	Sinkholed
2023-09-22	medium	devcraftingsolutions.com	Sinkholed
2023-09-22	medium	devcraftingsolutions.com	Sinkholed
2023-09-22	medium	devcraftingsolutions.com	Sinkholed
2023-09-22	medium	devcraftingsolutions.com	Sinkholed
2023-09-22	medium	devcraftingsolutions.com	Sinkholed
2023-09-22	medium	devcraftingsolutions.com	Sinkholed
2023-09-22	medium	devcraftingsolutions.com	Sinkholed
2023-09-22	medium	devcraftingsolutions.com	Sinkholed
2023-09-22	medium	devcraftingsolutions.com	Sinkholed
2023-09-22	medium	devcraftingsolutions.com	Sinkholed
2023-09-22	medium	devcraftingsolutions.com	Sinkholed
2023-09-22	medium	devcraftingsolutions.com	Sinkholed
2023-09-22	medium	devcraftingsolutions.com	Sinkholed
2023-09-22	medium	devcraftingsolutions.com	Sinkholed
2023-09-22	medium	devcraftingsolutions.com	Sinkholed

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (8)

	URL	From	Size	First Seen	Last Seen
	code.jquery.com/jquery-3.6.0.min.js	ScriptElement	90 kB	2023-03-07	2025-05-28
Pretty URL code.jquery.com/jquery-3.6.0.min.js IP 151.101.130.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-28 04:16 Times Seen208504 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	khevyak.qcnztau.ru/u73aa7am4p#bergeson@goldenrulephc.com	ScriptElement	0 B	0001-01-01	2025-05-28
Pretty URL khevyak.qcnztau.ru/u73aa7am4p#bergeson@goldenrulephc.com IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-28 04:26 Times Seen4773746 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	devcraftingsolutions.com/assets/js/pages.js?cb=1695412204488	ScriptElement	77 kB	2023-09-22	2023-09-23
Pretty URL devcraftingsolutions.com/assets/js/pages.js?cb=1695412204488 IP 172.67.74.198 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-22 20:56 Last Seen2023-09-23 00:30 Times Seen43 Hash ae31244150d69cf9d7c9ebe6b552e782 594ddb1deff70956e58a8cf575dcd01e87fd7df8 618f1aa36e38e856525b4db8b6672bce3232ac3f95dfaf7acb62898c8e0b8daf Loading...

	challenges.cloudflare.com/turnstile/v0/api.js?render=explicit	ScriptElement	34 kB	2023-09-22	2023-11-27
Pretty URL challenges.cloudflare.com/turnstile/v0/api.js?render=explicit IP 104.17.2.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-22 02:43 Last Seen2023-11-27 19:36 Times Seen13990 Hash cc3e43876d80dbb4f1bff1e8b15a9c60 3b43cbd347df372f7c1daf463b1229e4a8849195 06d063d7e58bade3ae244489087afa82f9f7c59276cdd7dcfbb2a9b5b600c5da Loading...

	devcraftingsolutions.com/assets/js/pages-head-top.min.js?cb=1695412204294	ScriptElement	2.1 kB	2023-09-22	2024-08-21
Pretty URL devcraftingsolutions.com/assets/js/pages-head-top.min.js?cb=1695412204294 IP 172.67.74.198 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-22 18:04 Last Seen2024-08-21 06:04 Times Seen47 Hash af524bb1b2752dfbc6ad8b76717eda45 8519e7908d1f16f014dfb59833b20b830b81fff2 af43e1e6ba60756ad8ed3c331bf60a205e0c92528128a9eaf582996df4f4cd1f Loading...

	devcraftingsolutions.com/assets/js/pages-head.min.js?cb=1695412204488	ScriptElement	15 kB	2023-09-22	2023-09-23
Pretty URL devcraftingsolutions.com/assets/js/pages-head.min.js?cb=1695412204488 IP 172.67.74.198 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-22 18:03 Last Seen2023-09-23 00:30 Times Seen49 Hash 0a85cfa00ae4ff05d213a007658877f6 ab10854258f1a0f4c2ccfdcfe454c31c68296567 2bf418f792e4b25dd596c701a944228bcb767af733196ba340df3954cfc87b19 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 9e925e9341b490bfd3b4c4ca3b0c1ef2	4 B	2023-03-07 01:03	2025-05-28 04:07
Pretty Observations First Seen2023-03-07 01:03 Last Seen2025-05-28 04:07 Times Seen371733 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

		Size	First Seen	Last Seen
	#1 Write - adfb1bc5b6ba91ec5ab5c54ddc225a7a	3.6 kB	2023-09-22 02:30	2024-08-21 06:07
Pretty Observations First Seen2023-09-22 02:30 Last Seen2024-08-21 06:07 Times Seen41377 Hash adfb1bc5b6ba91ec5ab5c54ddc225a7a 16d4d2247f8f343811417dce829fe7595e73995c ca2d1c64f76c12b39444ddb57fb6a2def9521e9d0d29df80eb309ac34ed23b80 Loading...

HTTP Transactions (45)

URL IP Response Size

zerossl.ocsp.sectigo.com/

104.18.15.101

728 B

URL
zerossl.ocsp.sectigo.com/
IP
104.18.15.101:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
728 B (728 bytes)
Hash
fb7b90a7c8e1d710dd7f91af408cc7c1
07f8b22636dfbc958e640f7d7bb61c539eb8b6f8
149869207212c340b6c03189801d7b591154ae2bbe01421f49cb93c35db3abb0

HTTP Headers

POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 22 Sep 2023 19:50:02 GMT
Content-Type: application/ocsp-response
Content-Length: 728
Connection: keep-alive
Last-Modified: Thu, 21 Sep 2023 10:26:15 GMT
Expires: Thu, 28 Sep 2023 10:26:14 GMT
Etag: "07f8b22636dfbc958e640f7d7bb61c539eb8b6f8"
Cache-Control: max-age=484427,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 80ad1316eb50067b-OSL

worldwinnerit.com/wp-includes/images/re/goldenrulephc.com/YmVyZ2Vzb25AZ29sZGVucnVsZXBoYy5jb20=?utm_campaign=Spently%20Order%20Confirmation%20Email&utm_medium=notification_email&utm_source=spently

198.54.115.68

0 B

URL
worldwinnerit.com/wp-includes/images/re/goldenrulephc.com/YmVyZ2Vzb25AZ29sZGVucnVsZXBoYy5jb20=?utm_campaign=Spently%20Order%20Confirmation%20Email&utm_medium=notification_email&utm_source=spently
IP
198.54.115.68:0
ASN
#22612 NAMECHEAP-NET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /wp-includes/images/re/goldenrulephc.com/YmVyZ2Vzb25AZ29sZGVucnVsZXBoYy5jb20=?utm_campaign=Spently%20Order%20Confirmation%20Email&utm_medium=notification_email&utm_source=spently HTTP/1.1
Host: worldwinnerit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 22 Sep 2023 19:50:02 GMT
server: Apache
refresh: 0;url=https://khevyak.qcnztau.ru/u73aa7am4p#bergeson@goldenrulephc.com
content-length: 0
content-type: text/html; charset=UTF-8
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.6.0.min.js

151.101.130.137

200 OK

31 kB

URL GET HTTP/2
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.130.137:443
ASN
#54113 FASTLY

Requested by
https://khevyak.qcnztau.ru/u73aa7am4p#bergeson@goldenrulephc.com
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65447)
Size
31 kB (30875 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://khevyak.qcnztau.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Fri, 22 Sep 2023 19:50:03 GMT
age: 174103
x-served-by: cache-lga21931-LGA, cache-bma1664-BMA
x-cache: HIT, HIT
x-cache-hits: 30, 53417
x-timer: S1695412204.932062,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

devcraftingsolutions.com/assets/css/pages-okta.css?cb=1695412204488

172.67.74.198

200 OK

0 B

URL GET HTTP/3
devcraftingsolutions.com/assets/css/pages-okta.css?cb=1695412204488
IP
172.67.74.198:443
ASN
#13335 CLOUDFLARENET

Requested by
https://khevyak.qcnztau.ru/u73aa7am4p#bergeson@goldenrulephc.com
Certificate
IssuerGoogle Trust Services LLC
Subjectdevcraftingsolutions.com
FingerprintA5:A0:56:28:B0:AE:C8:24:C1:7E:ED:00:52:BF:DF:18:94:D9:99:57
ValidityWed, 06 Sep 2023 12:07:49 GMT - Tue, 05 Dec 2023 12:07:48 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed

HTTP Headers

GET /assets/css/pages-okta.css?cb=1695412204488 HTTP/1.1
Host: devcraftingsolutions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://khevyak.qcnztau.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 22 Sep 2023 19:50:04 GMT
content-type: text/css
content-length: 0
last-modified: Thu, 24 Aug 2023 12:07:13 GMT
etag: "0-603aa11867866"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EjFBsbeOgtw9SBQNu6CVqyna0MTNLEIHrhOv%2FJunxYOOCS0RRGY6E5cjkeAdec8aMmP4axeUMqKoxPfhpn8ZUmLv34FRkekvXJckXOapg0U9nNOHRNoV4wodzT%2BplSAO3uCKMD14vLAlvw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80ad1324cfaeb4f1-OSL
alt-svc: h3=":443"; ma=86400

devcraftingsolutions.com/assets/key.png

172.67.74.198

200 OK

727 B

URL GET HTTP/3
devcraftingsolutions.com/assets/key.png
IP
172.67.74.198:443
ASN
#13335 CLOUDFLARENET

Requested by
https://khevyak.qcnztau.ru/u73aa7am4p#bergeson@goldenrulephc.com
Certificate
IssuerGoogle Trust Services LLC
Subjectdevcraftingsolutions.com
FingerprintA5:A0:56:28:B0:AE:C8:24:C1:7E:ED:00:52:BF:DF:18:94:D9:99:57
ValidityWed, 06 Sep 2023 12:07:49 GMT - Tue, 05 Dec 2023 12:07:48 GMT

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
727 B (727 bytes)
Hash
839cb0f55c3d2d5c2f740bda95cb2878
93f6fa3a2da8b7184d4b5c5f2065872793370c2e
40ecb8832f6a9a8aaa0cc6e1287e867a4fca38433d091d86c6cab1f28fbab652

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed

HTTP Headers

GET /assets/key.png HTTP/1.1
Host: devcraftingsolutions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://khevyak.qcnztau.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 22 Sep 2023 19:50:09 GMT
content-type: image/png
content-length: 727
last-modified: Sun, 19 Mar 2023 15:20:17 GMT
etag: "2d7-5f7425905ae40"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
cache-control: max-age=14400
cf-cache-status: HIT
age: 3214
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F8%2ByAkuAqW20hSjT%2F%2BLK%2Flb0%2BwWXS1y8fyp1iqZbf3n1DBEHoR55I2u0oohRVNd0Hj3QFCvEHALKAACbNIDGXJmtANIWkB45X8brSGsB4JADf6kv%2BUKRG9ObyJJIXbocolqMII0gn3RlbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80ad13429ce2b4f1-OSL
alt-svc: h3=":443"; ma=86400

devcraftingsolutions.com/assets/back.png

172.67.74.198

200 OK

231 B

URL GET HTTP/3
devcraftingsolutions.com/assets/back.png
IP
172.67.74.198:443
ASN
#13335 CLOUDFLARENET

Requested by
https://khevyak.qcnztau.ru/u73aa7am4p#bergeson@goldenrulephc.com
Certificate
IssuerGoogle Trust Services LLC
Subjectdevcraftingsolutions.com
FingerprintA5:A0:56:28:B0:AE:C8:24:C1:7E:ED:00:52:BF:DF:18:94:D9:99:57
ValidityWed, 06 Sep 2023 12:07:49 GMT - Tue, 05 Dec 2023 12:07:48 GMT

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size
231 B (231 bytes)
Hash
547988bac5584b4608466d761e16f370
c11bb71049702528402a31027f200184910a7e23
70e32b2db3f079bb0295a85a0db15ed9e5926294dd947938d6cfa595f5ab18b4

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed

HTTP Headers

GET /assets/back.png HTTP/1.1
Host: devcraftingsolutions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://khevyak.qcnztau.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 22 Sep 2023 19:50:09 GMT
content-type: image/png
content-length: 231
last-modified: Sun, 19 Mar 2023 15:20:17 GMT
etag: "e7-5f7425905ae40"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
cache-control: max-age=14400
cf-cache-status: HIT
age: 3214
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=69ZrsvQys7cVNika4cCIGxZN3ETRJjh9vgzl%2FDAMz5lSJHV32EOch2bZbf0zC%2FsixILAJoIcvZrs3Y4Dk6LkfYQUjwvcUuKHlEIqhAVbJm8sByS7vQ%2F%2By2lqQv4QuYGHYfwnlw348KtGmg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80ad13429ce0b4f1-OSL
alt-svc: h3=":443"; ma=86400

r39vx6.ru/assets/back.png

172.67.219.159

200 OK

231 B

URL GET HTTP/2
r39vx6.ru/assets/back.png
IP
172.67.219.159:443
ASN
#13335 CLOUDFLARENET

Requested by
https://khevyak.qcnztau.ru/u73aa7am4p#bergeson@goldenrulephc.com
Certificate
IssuerGoogle Trust Services LLC
Subject*.r39vx6.ru
Fingerprint44:09:78:A0:DD:80:B9:2E:A4:7A:8D:16:5A:8C:2C:13:89:6D:BD:61
ValidityMon, 11 Sep 2023 18:30:12 GMT - Sun, 10 Dec 2023 18:30:11 GMT

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size
231 B (231 bytes)
Hash
547988bac5584b4608466d761e16f370
c11bb71049702528402a31027f200184910a7e23
70e32b2db3f079bb0295a85a0db15ed9e5926294dd947938d6cfa595f5ab18b4

HTTP Headers

GET /assets/back.png HTTP/1.1
Host: r39vx6.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://khevyak.qcnztau.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 22 Sep 2023 19:50:09 GMT
content-type: image/png
content-length: 231
last-modified: Sun, 19 Mar 2023 15:20:17 GMT
etag: "e7-5f7425905ae40"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
cache-control: max-age=14400
cf-cache-status: HIT
age: 5592
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5vIroQstqlYYU%2FO5MxQwZBfnosaKk56DFXc0T%2B8Xry9nUNt2W2nMxf4ZgoeRs91gw888To9%2Fo06U7pGk%2FsjdWHDCW%2BwpMHxoE6MCU%2Fdc6M2%2BY3eVc%2BZBIxHPnBQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80ad13435cec56ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/848998342:1695409856:n-17wrTLdhfBXqxm0URh7d270T2a3qFL5pZPOWVAngM/80ad1328d8c1b4eb/48d9bfb3c71c073

104.17.2.184

71 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/848998342:1695409856:n-17wrTLdhfBXqxm0URh7d270T2a3qFL5pZPOWVAngM/80ad1328d8c1b4eb/48d9bfb3c71c073
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
71 kB (70649 bytes)
Hash
15e32e1cb90a72bbaf6321fbc6ef3dbf
48746216b745a3bae5f07f9a22a8fbf57ccc7c05
593948b826abf6cec5b8b5ba9bd6a323372b3258c33a5ed43a1929b3230f9118

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/848998342:1695409856:n-17wrTLdhfBXqxm0URh7d270T2a3qFL5pZPOWVAngM/80ad1328d8c1b4eb/48d9bfb3c71c073 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hfv7j/0x4AAAAAAAKV2h94qgLURaAU/auto/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 48d9bfb3c71c073
Content-Length: 2310
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 22 Sep 2023 19:50:05 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: ZsAlI2auGqwMzQ5EgLaT4si0MKDykvOA4g4WuZgnXGObOUqKYEgngi9WqoUJZ2w+9wHXeGG16X+dH5SOzgh1itNeOmSK3Te/F4Qr5GfGMHEflu0soxd4oyiw8cM5aTyW02Q4AVonfcnD8YghsaJFwqB2zXzzrT2Gx0PR2gqT78QCP0Xh0Xs7XgXHBbdTIBR2l4nJYqqrFbXZXcFWYIyHWCvVRCSQeI2Zw6uda/iO/EnOLosTKiKQzHURkjdL0d06qZFTev8pvlGdE1AVTnSu8LIhk7/9f6dH6jzBIiseXr1d4JCmmU87/7txhq2YP/rNAp3GZ5yeOUjVWN/9qCB0moJB4ZxwhBeuvBvd1Xz1oYQ5R26cj2C3x+SWluWcelD4$0SOqQyLBzLOjg6gpEYoZ3Q==
server: cloudflare
cf-ray: 80ad132b2af3b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/turnstile/v0/api.js?render=explicit

104.17.2.184

302 Found

50 kB

URL GET HTTP/2
challenges.cloudflare.com/turnstile/v0/api.js?render=explicit
IP
104.17.2.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://khevyak.qcnztau.ru/u73aa7am4p#bergeson@goldenrulephc.com
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
PNG image data, 2160 x 443, 8-bit/color RGBA, non-interlaced\012- data
Size
50 kB (49602 bytes)
Hash
db783743cd246ff4d77f4a3694285989
b9466716904457641b7831868b47162d8d378d41
5913b1ec0fc58ab2bec576804b9e9b566a584ea3d21a1bf74a7b40051a447fdc

HTTP Headers

GET /turnstile/v0/api.js?render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://khevyak.qcnztau.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 22 Sep 2023 19:50:03 GMT
access-control-allow-origin: *
location: /turnstile/v0/g/dffb14d6/api.js?render=explicit
vary: accept-encoding
cache-control: max-age=300, public
server: cloudflare
cf-ray: 80ad13228d8cb51b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

aadcdn.msftauth.net/shared/1.0/content/images/picker_verify_call_c2616792e1950f83fdef6e72dab97293.svg

152.199.23.37

200 OK

1.2 kB

URL GET HTTP/2
aadcdn.msftauth.net/shared/1.0/content/images/picker_verify_call_c2616792e1950f83fdef6e72dab97293.svg
IP
152.199.23.37:443
ASN
#15133 EDGECAST

Requested by
https://khevyak.qcnztau.ru/u73aa7am4p#bergeson@goldenrulephc.com
Certificate
IssuerDigiCert Inc
Subjectaadcdn.msftauth.net
Fingerprint99:06:D8:1E:EC:BF:DB:78:DF:F4:89:A3:ED:23:07:3D:79:F1:16:D6
ValidityTue, 31 Jan 2023 00:00:00 GMT - Wed, 31 Jan 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (2905), with no line terminators
Size
1.2 kB (1173 bytes)
Hash
fe87496cc7a44412f7893a72099c120a
a0c1458c08a815df63d3cb0406d60be6607ca699
55ce3b0ce5bc71339308107982cd7671f96014256ded0be36dc8062e64c847f1

HTTP Headers

GET /shared/1.0/content/images/picker_verify_call_c2616792e1950f83fdef6e72dab97293.svg HTTP/1.1
Host: aadcdn.msftauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://khevyak.qcnztau.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 9244101
cache-control: public, max-age=31536000
content-md5: XHrPYKKsqlxUvysuxtSE2A==
content-type: image/svg+xml
date: Fri, 22 Sep 2023 19:50:09 GMT
etag: 0x8DB5C3F4A98E9BB
last-modified: Wed, 24 May 2023 10:11:50 GMT
server: ECAcc (ska/F6F3)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 3afb7c4b-e01e-0039-1e7a-99c6de000000
x-ms-version: 2009-09-19
content-length: 1173
X-Firefox-Spdy: h2

devcraftingsolutions.com/assets/godaddy-left.png

172.67.74.198

200 OK

30 kB

URL GET HTTP/3
devcraftingsolutions.com/assets/godaddy-left.png
IP
172.67.74.198:443
ASN
#13335 CLOUDFLARENET

Requested by
https://khevyak.qcnztau.ru/u73aa7am4p#bergeson@goldenrulephc.com
Certificate
IssuerGoogle Trust Services LLC
Subjectdevcraftingsolutions.com
FingerprintA5:A0:56:28:B0:AE:C8:24:C1:7E:ED:00:52:BF:DF:18:94:D9:99:57
ValidityWed, 06 Sep 2023 12:07:49 GMT - Tue, 05 Dec 2023 12:07:48 GMT

File type
PNG image data, 506 x 303, 8-bit/color RGBA, non-interlaced\012- data
Size
30 kB (29796 bytes)
Hash
210433a8774859368f3a7b86d125a2a7
408bacddc39f12cad285579c102fe4a629862d88
9c6addfc339ce1c1d262290ab4cc2de8d38d4b54b11a8e85afd44fbb0acc2561

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed

HTTP Headers

GET /assets/godaddy-left.png HTTP/1.1
Host: devcraftingsolutions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 22 Sep 2023 19:50:09 GMT
content-type: image/png
content-length: 29796
last-modified: Thu, 24 Aug 2023 14:10:07 GMT
etag: "7464-603abc9079d32"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
cache-control: max-age=14400
cf-cache-status: HIT
age: 3214
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=18oFMCHZU6UMOWsJ1F1F0b6okikp2cYVOQQHDE36ZcxAmKJDpRU%2Fhr62C7ecmvcP%2FGtDDxEaQ9Cu9XM%2BzBx1L9WUZlzyj9ERjA8PK9EgtTOyHi8IdZIisLarOhJH8aZ%2BQE4CEeuisqe5Yw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80ad13436da3b4f1-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/80ad1328d8c1b4eb/1695412205322/b4e6ebbbee53213aa8c2e90156120ea9121338e19ed95448a582f0afdf26cbb9/XM6hA6oFjO0CZPa

104.17.2.184

2.8 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/80ad1328d8c1b4eb/1695412205322/b4e6ebbbee53213aa8c2e90156120ea9121338e19ed95448a582f0afdf26cbb9/XM6hA6oFjO0CZPa
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
2.8 kB (2819 bytes)
Hash
77a9a989d43aec81d0572cbccb35c21a
5aec9001c33b68b729fce55533c1d54fa8aceb3b
21b375135341a8a6e7056697876795efaa5188332c714e99fddda906a81899ce

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/pat/80ad1328d8c1b4eb/1695412205322/b4e6ebbbee53213aa8c2e90156120ea9121338e19ed95448a582f0afdf26cbb9/XM6hA6oFjO0CZPa HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hfv7j/0x4AAAAAAAKV2h94qgLURaAU/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 401 Unauthorized
date: Fri, 22 Sep 2023 19:50:07 GMT
content-type: text/plain; charset=UTF-8
www-authenticate: PrivateToken challenge=AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gtObru-5TITqowukBVhIOqRITOOGe2VRIpYLwr98my7kAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=, token-key=MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAn1ZfzSm03EE-bQ2vyHGoatzOhMQQoSkZJgtlUOeu091eJinlRwZ5_4BTom3oIh0HWQXOP2Ko79pFy4RajyPGGUnpKyZYnOWFkhsoDSxu5-mQU2GJwrjJX_yaMRl4bb20EqnGIERdwtMem4df2KEmgBw0CdbgA9cWA8Sw-p4PSTUE75F9P9l437hPRc1f-yTBzI_xwMw7O9Tvbyfu7MqzhGd7fDQ6YGNN7IixVfimtNppUDOS4jH5LAIP5kfZwfIpRvwEaZV2PvwSnk0CgKpcZSte7dIKJUNP3rdAH7BHlxsP3sonqr_aDbwXk-DoVqn2J0hO_LPo9-cMWaw2TtLM_QIDAQAB, max-age=20
server: cloudflare
cf-ray: 80ad1338efa6b4eb-OSL
alt-svc: h3=":443"; ma=86400

aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg

13.107.246.53

200 OK

673 B

URL GET HTTP/2
aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg
IP
13.107.246.53:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://khevyak.qcnztau.ru/u73aa7am4p#bergeson@goldenrulephc.com
Certificate
IssuerDigiCert Inc
Subjectaadcdn.msauth.net
Fingerprint44:5F:75:46:1C:BE:AF:E4:F2:BF:F3:04:1D:0B:56:0F:EE:DA:A0:96
ValiditySat, 29 Jul 2023 00:00:00 GMT - Mon, 29 Jul 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1864), with no line terminators
Size
673 B (673 bytes)
Hash
bc3d32a696895f78c19df6c717586a5d
9191cb156a30a3ed79c44c0a16c95159e8ff689d
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68

HTTP Headers

GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://devcraftingsolutions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 673
content-type: image/svg+xml
content-encoding: gzip
content-md5: DhdidjYrlCeaRJJRG/y9mA==
last-modified: Wed, 24 May 2023 10:11:46 GMT
etag: 0x8DB5C3F47E260FD
x-cache: TCP_HIT
x-ms-request-id: 9e175a2f-d01e-0052-7489-e20244000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 09MIBZQAAAAD0y366oGdwQZQVmj9+XybCQU1TMDRFREdFMTgxNQAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 08e8NZQAAAAA5gyXUyM0uTZuvn2Pr5SGhU1ZHMjBFREdFMDYyMgAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Fri, 22 Sep 2023 19:50:08 GMT
X-Firefox-Spdy: h2

aadcdn.msftauth.net/shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg

152.199.23.37

200 OK

2.4 kB

URL GET HTTP/2
aadcdn.msftauth.net/shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg
IP
152.199.23.37:443
ASN
#15133 EDGECAST

Requested by
https://khevyak.qcnztau.ru/u73aa7am4p#bergeson@goldenrulephc.com
Certificate
IssuerDigiCert Inc
Subjectaadcdn.msftauth.net
Fingerprint99:06:D8:1E:EC:BF:DB:78:DF:F4:89:A3:ED:23:07:3D:79:F1:16:D6
ValidityTue, 31 Jan 2023 00:00:00 GMT - Wed, 31 Jan 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (4714), with CRLF line terminators
Size
2.4 kB (2407 bytes)
Hash
b59c16ca9bf156438a8a96d45e33db64
4e51b7d3477414b220f688adabd76d3ae6472ee3
a7ee799dd5b6f6dbb70b043b766362a6724e71458f9839306c995f06b218c2f8

HTTP Headers

GET /shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg HTTP/1.1
Host: aadcdn.msftauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://khevyak.qcnztau.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 9812906
cache-control: public, max-age=31536000
content-md5: nTculR1Fom7eLci0F6rk+A==
content-type: image/svg+xml
date: Fri, 22 Sep 2023 19:50:09 GMT
etag: 0x8DB5C3F4ADC079A
last-modified: Wed, 24 May 2023 10:11:51 GMT
server: ECAcc (ska/F7B6)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 9d35d246-701e-009b-604e-944da7000000
x-ms-version: 2009-09-19
content-length: 2407
X-Firefox-Spdy: h2

devcraftingsolutions.com/assets/officelogo.png

172.67.74.198

200 OK

1.4 kB

URL GET HTTP/3
devcraftingsolutions.com/assets/officelogo.png
IP
172.67.74.198:443
ASN
#13335 CLOUDFLARENET

Requested by
https://khevyak.qcnztau.ru/u73aa7am4p#bergeson@goldenrulephc.com
Certificate
IssuerGoogle Trust Services LLC
Subjectdevcraftingsolutions.com
FingerprintA5:A0:56:28:B0:AE:C8:24:C1:7E:ED:00:52:BF:DF:18:94:D9:99:57
ValidityWed, 06 Sep 2023 12:07:49 GMT - Tue, 05 Dec 2023 12:07:48 GMT

File type
PNG image data, 108 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size
1.4 kB (1400 bytes)
Hash
333ee830e5ab72c41dd9126a27b4d878
12d8d66ebb3076f3d6069e133c3212f97c8774e1
8702292cbc365e9f0488143e2b309b85efe09c61fd2e0a2e21c53735a309313c

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed

HTTP Headers

GET /assets/officelogo.png HTTP/1.1
Host: devcraftingsolutions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 22 Sep 2023 19:50:09 GMT
content-type: image/png
content-length: 1400
last-modified: Sun, 19 Mar 2023 15:20:17 GMT
etag: "578-5f7425905ae40"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
cache-control: max-age=14400
cf-cache-status: HIT
age: 3214
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yaGwprR4wWa%2F%2Brmpx70fVksBktDJwQ0cj5LK26CibxlvgWY5glzX5MlWF0xkHw6j7u2wH4ARL5ownQDz16o3P7CgAm1G1bR9ahbBdSP%2FmuvWy8DQrDaN%2B7O6s9da3dIzDCVjY3YKjJftUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80ad13451f69b4f1-OSL
alt-svc: h3=":443"; ma=86400

devcraftingsolutions.com/assets/godaddy-microsoftlogo.png

172.67.74.198

200 OK

71 kB

URL GET HTTP/3
devcraftingsolutions.com/assets/godaddy-microsoftlogo.png
IP
172.67.74.198:443
ASN
#13335 CLOUDFLARENET

Requested by
https://khevyak.qcnztau.ru/u73aa7am4p#bergeson@goldenrulephc.com
Certificate
IssuerGoogle Trust Services LLC
Subjectdevcraftingsolutions.com
FingerprintA5:A0:56:28:B0:AE:C8:24:C1:7E:ED:00:52:BF:DF:18:94:D9:99:57
ValidityWed, 06 Sep 2023 12:07:49 GMT - Tue, 05 Dec 2023 12:07:48 GMT

File type
PNG image data, 2446 x 899, 8-bit/color RGBA, non-interlaced\012- data
Size
71 kB (70712 bytes)
Hash
f70ff06d19498d80b130ec78176fd3ff
9d8a3b74c5164ff7ae2c7930b6d7b14707b404fc
df6dbab5251e56b405e48aaf57d3cd4188f073ffba71131fa6cd26e6742923ae

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed

HTTP Headers

GET /assets/godaddy-microsoftlogo.png HTTP/1.1
Host: devcraftingsolutions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 22 Sep 2023 19:50:09 GMT
content-type: image/png
content-length: 70712
last-modified: Thu, 24 Aug 2023 12:58:17 GMT
etag: "11438-603aac821e121"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
cache-control: max-age=14400
cf-cache-status: HIT
age: 3214
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v9eEAbcaBBKc7SUPfmo920z97RvFkhYuywzeauFHMO3mIEyZZkaC%2BAyu9zt05%2BAHPgeiV5O%2Bx3r5BO4xSZ%2BNvjeOw%2B2OektpyjtK%2Bg87ScUuLwuq3VkteX1neN4Dyz3kRLTqoVCSIvpkEw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80ad13451f67b4f1-OSL
alt-svc: h3=":443"; ma=86400

adfs.heart.org/adfs/portal/logo/logo.png

69.152.183.140

200 OK

6.4 kB

URL GET HTTP/1.1
adfs.heart.org/adfs/portal/logo/logo.png
IP
69.152.183.140:443
ASN
#7018 ATT-INTERNET4

Requested by
https://khevyak.qcnztau.ru/u73aa7am4p#bergeson@goldenrulephc.com
Certificate
IssuerSectigo Limited
Subjectadfs.heart.org
Fingerprint11:D1:74:EB:5A:DF:CB:58:DE:8A:EE:06:70:FD:78:6D:A5:F4:22:58
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT

File type
PNG image data, 260 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
6.4 kB (6428 bytes)
Hash
d3f69be16baf7acef2e7f4dd03729866
e11aa0084b93253a24dd3ed57ddde66d27c84d2b
3a5eeea11e1041db96b81498ab69c050dd045d9e56c69e19bd98430ba752165f

HTTP Headers

GET /adfs/portal/logo/logo.png HTTP/1.1
Host: adfs.heart.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://khevyak.qcnztau.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 6428
Content-Type: image/png
Expires: Sun, 22 Oct 2023 19:50:09 GMT
ETag: 3A5EEEA11E1041DB96B81498AB69C050DD045D9E56C69E19BD98430BA752165F
Server: Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age = 31536000
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:;
Date: Fri, 22 Sep 2023 19:50:09 GMT

devcraftingsolutions.com/validatecaptcha

172.67.74.198

200 OK

740 B

URL POST HTTP/3
devcraftingsolutions.com/validatecaptcha
IP
172.67.74.198:443
ASN
#13335 CLOUDFLARENET

Requested by
https://khevyak.qcnztau.ru/u73aa7am4p#bergeson@goldenrulephc.com
Certificate
IssuerGoogle Trust Services LLC
Subjectdevcraftingsolutions.com
FingerprintA5:A0:56:28:B0:AE:C8:24:C1:7E:ED:00:52:BF:DF:18:94:D9:99:57
ValidityWed, 06 Sep 2023 12:07:49 GMT - Tue, 05 Dec 2023 12:07:48 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
740 B (740 bytes)
Hash
5820854f62a6eb3d38ba7ba0d1b3ea75
639df0b84fe699b4a290a713fd6b9a94bd4deb95
912d0c07da7bdb22cdae025b96da26d01523aaab7362edb28544e3949deb369d

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed

HTTP Headers

POST /validatecaptcha HTTP/1.1
Host: devcraftingsolutions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 566
Origin: https://khevyak.qcnztau.ru
DNT: 1
Connection: keep-alive
Referer: https://khevyak.qcnztau.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 22 Sep 2023 19:50:08 GMT
content-type: application/json
x-powered-by: PHP/8.1.10
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IkJ0MnloM1JlczdmaVZ0WEV6Q1h5WkE9PSIsInZhbHVlIjoiKzM2bU9BTG1lMVdqS0t1ZjlrVzc4SWZFODJhY1dtandYeGNpK1NPNy9MbzBBbEd0dGNtZ1NRQzQ3aEloNG9zcW9NK1pOUFVaVFNOUk40K0NZaXBjWC9wNEZ6SXpKd3RYL0NRVFBGV1NyTE1OeUZBemhLK3NuWFpMQ0hEQjUyS2QiLCJtYWMiOiJhOTJmZWExYjkzOTQ2MWIyYTFkODdkYjY4ZTgxMTlkZGE5MGQwMDUzYzA4OWUyNDFlZGVhZjBlY2E1OTdhNGRkIiwidGFnIjoiIn0%3D; expires=Fri, 22-Sep-2023 21:50:08 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=eyJpdiI6Ikg3aTNhRDNHMzFNR0RCQmhzTG5lL0E9PSIsInZhbHVlIjoiZDBlMUp5Q3R0c3FXQzVzd2FDUGtJK1JKZmlKUExqVUdBZ1RGZmZxcThndjNwbmVPd2RSRmFsRkRWRmZsNXp0WTJaeHEybmxLaUhScGE4WGhlNytHOUx6QS92dTBtZDNVQ2xIdGM1ejU2VXc1cGNxL0x3ZXJSQVI1SVVaM096eU0iLCJtYWMiOiJkNDRkNzNlMDBmM2UxN2M4ZjZkODlhODA0NDM2NmQxNzFlMWFhYjhlZWMzNjlmNmY3NTJkMGM1MTZlNjAzMTNiIiwidGFnIjoiIn0%3D; expires=Fri, 22-Sep-2023 21:50:08 GMT; Max-Age=7200; path=/; httponly; samesite=lax
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WHcuYt0eeZCg6ufeEhpdc8YK7NnCaf3OGUNqOXN395R6WO8XFCiZCu4SyYFBpW%2B73npkeVQoQJ157GET0b7t4monU9khUEg52DzA4fIVD%2FVFQCptcvVqzX2sNMG%2FfHkPqliRS2qEgAld%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80ad133beebeb4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/turnstile/v0/g/dffb14d6/api.js?render=explicit

104.17.2.184

200 OK

34 kB

URL GET HTTP/3
challenges.cloudflare.com/turnstile/v0/g/dffb14d6/api.js?render=explicit
IP
104.17.2.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://khevyak.qcnztau.ru/u73aa7am4p#bergeson@goldenrulephc.com
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (33998)
Size
34 kB (33999 bytes)
Hash
cc3e43876d80dbb4f1bff1e8b15a9c60
3b43cbd347df372f7c1daf463b1229e4a8849195
06d063d7e58bade3ae244489087afa82f9f7c59276cdd7dcfbb2a9b5b600c5da

HTTP Headers

GET /turnstile/v0/g/dffb14d6/api.js?render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://khevyak.qcnztau.ru/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 22 Sep 2023 19:50:03 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Accept-Encoding
server: cloudflare
cf-ray: 80ad1322eb09b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

khevyak.qcnztau.ru/webname+%22/assets/fonts/GDSherpa-regular.woff%22

188.114.96.1

404 Not Found

315 B

URL GET HTTP/3
khevyak.qcnztau.ru/webname+%22/assets/fonts/GDSherpa-regular.woff%22
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://khevyak.qcnztau.ru/u73aa7am4p#bergeson@goldenrulephc.com
Certificate
IssuerGoogle Trust Services LLC
Subjectqcnztau.ru
FingerprintA3:4A:62:30:D2:2A:A1:B0:E4:36:B7:50:A2:62:33:F4:A3:7D:AD:AE
ValidityThu, 14 Sep 2023 18:29:30 GMT - Wed, 13 Dec 2023 18:29:29 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (326), with no line terminators
Size
315 B (315 bytes)
Hash
97ef40509b73c101d6815511c3adf98d
a4242322497ea630ea72e26ba297a95a2bbe5ccd
322c1f60d9d454c801f7cff3173ef16b61cf9963a64e09a4d9e21d36218b56be

HTTP Headers

GET /webname+%22/assets/fonts/GDSherpa-regular.woff%22 HTTP/1.1
Host: khevyak.qcnztau.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://khevyak.qcnztau.ru/u73aa7am4p
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Fri, 22 Sep 2023 19:50:05 GMT
content-type: text/html; charset=iso-8859-1
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W1BUaEOn3I8aXgUdCyszKjIh52CH6P1Vt4vF5ywR3WRCvSX6vpKkTFrQkuZ%2F0Pfr%2FPvIcWkzw%2B1BJhY9GYuYkkuNpiSfpNH1uApYiJFO0bPtYQxK4CSEQRXfCDujJNSTbCWPvN8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80ad1324dc28b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

devcraftingsolutions.com/info

172.67.74.198

200 OK

162 B

URL POST HTTP/3
devcraftingsolutions.com/info
IP
172.67.74.198:443
ASN
#13335 CLOUDFLARENET

Requested by
https://khevyak.qcnztau.ru/u73aa7am4p#bergeson@goldenrulephc.com
Certificate
IssuerGoogle Trust Services LLC
Subjectdevcraftingsolutions.com
FingerprintA5:A0:56:28:B0:AE:C8:24:C1:7E:ED:00:52:BF:DF:18:94:D9:99:57
ValidityWed, 06 Sep 2023 12:07:49 GMT - Tue, 05 Dec 2023 12:07:48 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
162 B (162 bytes)
Hash
8eb4bd504901c725a50e660acd3afaf6
b4ddeb7ff94fa42cf62be25409fa1ee0c602f9a9
10babf733e5588d98fc4357a1bc2e6cbdcddc0f5a203a37e219dbf0da4c82e0f

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed

HTTP Headers

POST /info HTTP/1.1
Host: devcraftingsolutions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 26
Origin: https://khevyak.qcnztau.ru
DNT: 1
Connection: keep-alive
Referer: https://khevyak.qcnztau.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 22 Sep 2023 19:50:04 GMT
content-type: application/json
x-powered-by: PHP/8.1.10
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6InRpakg1ZWFiWm13aUVGVmkrVlJuRHc9PSIsInZhbHVlIjoib0NERXh2bXU4K0c0WDlkR3huUFl3bmFSMWQ0dXZ3akZZS0lEWko2K3J2MXpwdW5FU2ZSZlZPZzdsWUFSVldDdTdneGZlQkd1R0F3MWFpbXlrYmpQdjNiNGFUVnREQyszeFJLeUpaand4WkF6YXk2dlhPeXRGOEpkamkyTkZUZm8iLCJtYWMiOiJkMWNhM2MwMjUwMGFkMTdhNWRlMDA0ZjNlMjljODUyOTNiNGZhOGYzYmZlMzgyOWE0MzA3ZmJhNTI2MzM1NjVmIiwidGFnIjoiIn0%3D; expires=Fri, 22-Sep-2023 21:50:04 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=eyJpdiI6IjByeithclJ6MHNrSnBxSmRWcmlseUE9PSIsInZhbHVlIjoiaE9ZNytQL0tmZW5rY2xRL3ZSRU53dzkxUW4wOTNwU0gyUWNXbWV3b0QvekRYRTJYcWpjYU03QXlsdHRra2MxRXNicEphWXFnUE5TdzBPakROcTZqOS9ERW9CT0xJdjVJK2Uva1RqemtTdG1oVmhQb3NPMWFSdWpzUmpuZ0YzN3oiLCJtYWMiOiIyOWUwZDk0NjRiZDI0YTdlMTVmMjZkMzJmMjNmNTQ4MjJkMDZhZWFjMmEyZjM1MDhmNDdmNGEyMTMzY2IxNDRlIiwidGFnIjoiIn0%3D; expires=Fri, 22-Sep-2023 21:50:04 GMT; Max-Age=7200; path=/; httponly; samesite=lax
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=096SuYdWARQW8ogwJfwrNR6ySsoHHGHK%2BcYI3Cy3EB5o2src51yyZ%2FBrIN1DpymkGWoNLj%2F18OIzJiH%2FeRDHWN%2Fr8tkpJrVO%2Bc56ucZ4LzTIJMzw%2FEwj%2FNHy%2FlLqEM6z3wCdMWq3HaPcrw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80ad132618dbb4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

devcraftingsolutions.com/assets/cloudfavicon.ico

0.0.0.0

0 B

URL GET
devcraftingsolutions.com/assets/cloudfavicon.ico
IP
0.0.0.0:0
ASN
#0

Requested by
https://khevyak.qcnztau.ru/u73aa7am4p#bergeson@goldenrulephc.com
Certificate
IssuerGoogle Trust Services LLC
Subjectdevcraftingsolutions.com
FingerprintA5:A0:56:28:B0:AE:C8:24:C1:7E:ED:00:52:BF:DF:18:94:D9:99:57
ValidityWed, 06 Sep 2023 12:07:49 GMT - Tue, 05 Dec 2023 12:07:48 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed

HTTP Headers

GET /assets/cloudfavicon.ico HTTP/1.1
Host: devcraftingsolutions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://khevyak.qcnztau.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 22 Sep 2023 19:50:05 GMT
content-type: image/x-icon
last-modified: Wed, 16 Aug 2023 15:22:46 GMT
etag: W/"86be-6030bde212b57"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
cache-control: max-age=14400
cf-cache-status: HIT
age: 3215
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FkALEWa7VM3eNvNlMH733O4AjZwKC6kGFo2DHGLNb4f7rVoaPS0TGPIyXM9BhVGsuJ1GQXNi1h%2BjA0ONxoyao4XTL%2F5qOBWLA3UuCp0DF%2BQWHJHNVGcTCmOgodkwFwkDe68lRSk484Wsug%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80ad132aad12b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

devcraftingsolutions.com/assets/godaddy-logo.png

172.67.74.198

200 OK

50 kB

URL GET HTTP/3
devcraftingsolutions.com/assets/godaddy-logo.png
IP
172.67.74.198:443
ASN
#13335 CLOUDFLARENET

Requested by
https://khevyak.qcnztau.ru/u73aa7am4p#bergeson@goldenrulephc.com
Certificate
IssuerGoogle Trust Services LLC
Subjectdevcraftingsolutions.com
FingerprintA5:A0:56:28:B0:AE:C8:24:C1:7E:ED:00:52:BF:DF:18:94:D9:99:57
ValidityWed, 06 Sep 2023 12:07:49 GMT - Tue, 05 Dec 2023 12:07:48 GMT

File type
PNG image data, 2160 x 443, 8-bit/color RGBA, non-interlaced\012- data
Size
50 kB (49602 bytes)
Hash
db783743cd246ff4d77f4a3694285989
b9466716904457641b7831868b47162d8d378d41
5913b1ec0fc58ab2bec576804b9e9b566a584ea3d21a1bf74a7b40051a447fdc

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed

HTTP Headers

GET /assets/godaddy-logo.png HTTP/1.1
Host: devcraftingsolutions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 22 Sep 2023 19:50:09 GMT
content-type: image/png
content-length: 49602
last-modified: Thu, 24 Aug 2023 13:40:53 GMT
etag: "c1c2-603ab607e0f57"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
cache-control: max-age=14400
cf-cache-status: HIT
age: 3214
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hmhlh29PFa%2FmFrvplRQXagAGMG4YBGnWuTI26CkT2oXlLmatuNQ3Clq08xcYk8D5KpeygeWyp8P99RthPkMlnjbpxNf2TrTecONdjQowDymcamqFupTtPN7MtXbSJHjxDIrrZpGQUXm3rQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80ad13436da2b4f1-OSL
alt-svc: h3=":443"; ma=86400

devcraftingsolutions.com/assets/pages/37fpszm4dx.css?cb=1695412204488

172.67.74.198

200 OK

1.2 kB

URL GET HTTP/3
devcraftingsolutions.com/assets/pages/37fpszm4dx.css?cb=1695412204488
IP
172.67.74.198:443
ASN
#13335 CLOUDFLARENET

Requested by
https://khevyak.qcnztau.ru/u73aa7am4p#bergeson@goldenrulephc.com
Certificate
IssuerGoogle Trust Services LLC
Subjectdevcraftingsolutions.com
FingerprintA5:A0:56:28:B0:AE:C8:24:C1:7E:ED:00:52:BF:DF:18:94:D9:99:57
ValidityWed, 06 Sep 2023 12:07:49 GMT - Tue, 05 Dec 2023 12:07:48 GMT

File type
ASCII text, with very long lines (1218), with no line terminators
Size
1.2 kB (1175 bytes)
Hash
3cfac0dca8aa03fba4a170943fc8ec68
8021b9c76074dfa9d854941c27d77a44fb532e64
d693e169531466098ed79aea6cbfde68652e280535862b1a91ecc6364d827852

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed

HTTP Headers

GET /assets/pages/37fpszm4dx.css?cb=1695412204488 HTTP/1.1
Host: devcraftingsolutions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://khevyak.qcnztau.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 22 Sep 2023 19:50:04 GMT
content-type: text/css
last-modified: Thu, 21 Sep 2023 14:07:20 GMT
etag: W/"497-605df029e694f"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3DRHhW9B7MyouvbcJLu5fHrv5mHPvavcqR23yDLeqS0dlQVdHE62PX202r581af5heg6WcARuCStzg7Jgh7JfQlZptx3eV15TY6UM1jiOBd42P0aL%2BMemSMaWWH98%2Bd8QtchPNDCucmGGA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80ad1324af92b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

devcraftingsolutions.com/assets/css/pages-godaddy.css?cb=1695412204488

172.67.74.198

200 OK

39 kB

URL GET HTTP/3
devcraftingsolutions.com/assets/css/pages-godaddy.css?cb=1695412204488
IP
172.67.74.198:443
ASN
#13335 CLOUDFLARENET

Requested by
https://khevyak.qcnztau.ru/u73aa7am4p#bergeson@goldenrulephc.com
Certificate
IssuerGoogle Trust Services LLC
Subjectdevcraftingsolutions.com
FingerprintA5:A0:56:28:B0:AE:C8:24:C1:7E:ED:00:52:BF:DF:18:94:D9:99:57
ValidityWed, 06 Sep 2023 12:07:49 GMT - Tue, 05 Dec 2023 12:07:48 GMT

File type
ASCII text, with very long lines (1788), with CRLF line terminators
Size
39 kB (38788 bytes)
Hash
f8e7b147c9662cfe7f5bd5c05bfe70eb
d75663cf18dade0dd279ac4745698e9cbbad3495
604e3cbe766c8d94edfe3b7f844ded42d3115b83dcecc98ea4c027ce7258234b

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed

HTTP Headers

GET /assets/css/pages-godaddy.css?cb=1695412204488 HTTP/1.1
Host: devcraftingsolutions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://khevyak.qcnztau.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 22 Sep 2023 19:50:04 GMT
content-type: text/css
last-modified: Thu, 07 Sep 2023 00:28:09 GMT
etag: W/"9784-604b9ef435f4d"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a2TSZd5VCPG4gFbwu5ByLlE5CWkbOplD4SaYFZhi%2FOCQtAbPWyQp4%2BuJOxkxYaWxXVE50s1QrMd8zNHlvY0p3sjkHvpQTmZExXfsZ6IaKegVMb8GiKjr6WLy0mmNKB6I7EAgoTtnV4WPtg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80ad1324cfa8b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

aadcdn.msftauth.net/shared/1.0/content/images/close_790189870c9543725dc3f5a15fb25e46.svg

152.199.23.37

200 OK

270 B

URL GET HTTP/2
aadcdn.msftauth.net/shared/1.0/content/images/close_790189870c9543725dc3f5a15fb25e46.svg
IP
152.199.23.37:443
ASN
#15133 EDGECAST

Requested by
https://khevyak.qcnztau.ru/u73aa7am4p#bergeson@goldenrulephc.com
Certificate
IssuerDigiCert Inc
Subjectaadcdn.msftauth.net
Fingerprint99:06:D8:1E:EC:BF:DB:78:DF:F4:89:A3:ED:23:07:3D:79:F1:16:D6
ValidityTue, 31 Jan 2023 00:00:00 GMT - Wed, 31 Jan 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with no line terminators
Size
270 B (270 bytes)
Hash
0c09c5ea7c28d6feb4d124957dde0a0d
1b9efde2d8f0e2a3d9d5315117e597c2d622fc5e
b3c39d2c15327b7ae68940502a2d7bf457fe521e075e6e671d0340edc58bcb3a

HTTP Headers

GET /shared/1.0/content/images/close_790189870c9543725dc3f5a15fb25e46.svg HTTP/1.1
Host: aadcdn.msftauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://khevyak.qcnztau.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 9806442
cache-control: public, max-age=31536000
content-md5: rp+/fadJKxLUo+jgFmYTeQ==
content-type: image/svg+xml
date: Fri, 22 Sep 2023 19:50:09 GMT
etag: 0x8DB5C3F4721247A
last-modified: Wed, 24 May 2023 10:11:44 GMT
server: ECAcc (ska/F697)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: cf4cbdca-101e-0042-0c5d-942f4a000000
x-ms-version: 2009-09-19
content-length: 190
X-Firefox-Spdy: h2

khevyak.qcnztau.ru/u73aa7am4p

188.114.96.1

200 OK

4.6 kB

URL User Request GET HTTP/2
khevyak.qcnztau.ru/u73aa7am4p
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectqcnztau.ru
FingerprintA3:4A:62:30:D2:2A:A1:B0:E4:36:B7:50:A2:62:33:F4:A3:7D:AD:AE
ValidityThu, 14 Sep 2023 18:29:30 GMT - Wed, 13 Dec 2023 18:29:29 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (4854), with no line terminators
Size
4.6 kB (4612 bytes)
Hash
420345be2f43dad17d2db63cb9be5ba9
4bf7842457e53dc7bfd5336689cd8435f92b799c
de8b5ab82d30d37e56532d3cc3ff0a702dc92fa768c2b11937853f6ea0eb515b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /u73aa7am4p HTTP/1.1
Host: khevyak.qcnztau.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 22 Sep 2023 19:50:03 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IGwZa8N85A3i77t5qT7JJbnJjW1yomFz21e03bmM4aOcuiZm5J3agVzp8WSzML193ohG6a5TdEHYNTY1bdi1%2FErfHo0r9WMx4ZVpKZ9Z%2B7701fNLF8NnsoZVqUGeMpJKrbBoQLQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80ad131a7bfcb4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

devcraftingsolutions.com/assets/js/pages-head-top.min.js?cb=1695412204294

172.67.74.198

200 OK

2.1 kB

URL GET HTTP/2
devcraftingsolutions.com/assets/js/pages-head-top.min.js?cb=1695412204294
IP
172.67.74.198:443
ASN
#13335 CLOUDFLARENET

Requested by
https://khevyak.qcnztau.ru/u73aa7am4p#bergeson@goldenrulephc.com
Certificate
IssuerGoogle Trust Services LLC
Subjectdevcraftingsolutions.com
FingerprintA5:A0:56:28:B0:AE:C8:24:C1:7E:ED:00:52:BF:DF:18:94:D9:99:57
ValidityWed, 06 Sep 2023 12:07:49 GMT - Tue, 05 Dec 2023 12:07:48 GMT

File type
ASCII text, with very long lines (2292), with no line terminators
Size
2.1 kB (2134 bytes)
Hash
f3f914c80dbc62a776936778c9ff5f20
1be5a1e6faea8f86878bdf675b07060aa9fe83f6
ad677d1c9de860f8938d13a4171fb83b2ed50d24ddb640f36d8b10d99301766a

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed

HTTP Headers

GET /assets/js/pages-head-top.min.js?cb=1695412204294 HTTP/1.1
Host: devcraftingsolutions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://khevyak.qcnztau.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 22 Sep 2023 19:50:04 GMT
content-type: application/javascript
last-modified: Fri, 22 Sep 2023 15:16:28 GMT
etag: W/"856-605f417be7cd8"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tQW6akPfWhBwOItmqiXl7QDcAPHplIlnFn%2Fj9oGtQmyxwj0MM45vBCvunjW5a4pSJkpecaxnaMBlJC6fA5TsbGCL2o1FyngNAojAEph3KYPatq%2FK1yOWf4BP9R7Uy2sy3TMDrsuPClX0%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80ad132389510b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

khevyak.qcnztau.ru/webname+%22/assets/fonts/GDSherpa-bold.woff%22

188.114.96.1

404 Not Found

315 B

URL GET HTTP/3
khevyak.qcnztau.ru/webname+%22/assets/fonts/GDSherpa-bold.woff%22
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://khevyak.qcnztau.ru/u73aa7am4p#bergeson@goldenrulephc.com
Certificate
IssuerGoogle Trust Services LLC
Subjectqcnztau.ru
FingerprintA3:4A:62:30:D2:2A:A1:B0:E4:36:B7:50:A2:62:33:F4:A3:7D:AD:AE
ValidityThu, 14 Sep 2023 18:29:30 GMT - Wed, 13 Dec 2023 18:29:29 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (326), with no line terminators
Size
315 B (315 bytes)
Hash
97ef40509b73c101d6815511c3adf98d
a4242322497ea630ea72e26ba297a95a2bbe5ccd
322c1f60d9d454c801f7cff3173ef16b61cf9963a64e09a4d9e21d36218b56be

HTTP Headers

GET /webname+%22/assets/fonts/GDSherpa-bold.woff%22 HTTP/1.1
Host: khevyak.qcnztau.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://khevyak.qcnztau.ru/u73aa7am4p
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Fri, 22 Sep 2023 19:50:04 GMT
content-type: text/html; charset=iso-8859-1
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jXqPUkLipri6oC469mZ5VzngrMc%2Foh%2BawbG%2B1oab%2FAp%2B5lpxfQQgUbCDhTuiGgXg%2B3IRkKumHbTq62szYuvc1eMowhVmjdbufnO5tVqqPHxqZIm8aSkEFeLf0G7EbDhqR1vWEMg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80ad1324dc19b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

logincdn.msauth.net/shared/1.0/content/images/picker_verify_email_958962caa7cf6b75cd412e9e3b687b22.svg

192.229.221.185

200 OK

268 B

URL GET HTTP/2
logincdn.msauth.net/shared/1.0/content/images/picker_verify_email_958962caa7cf6b75cd412e9e3b687b22.svg
IP
192.229.221.185:443
ASN
#15133 EDGECAST

Requested by
https://khevyak.qcnztau.ru/u73aa7am4p#bergeson@goldenrulephc.com
Certificate
IssuerMicrosoft Corporation
Subjectidentitycdn.msauth.net
Fingerprint7E:49:E0:7F:53:0A:55:E1:C7:51:9E:26:2E:16:15:30:F1:F6:FB:0A
ValidityThu, 10 Aug 2023 19:09:28 GMT - Thu, 27 Jun 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with no line terminators
Size
268 B (268 bytes)
Hash
1318aafc1fb9ded0c623e5b9a557e6df
0917cdd7633cd1642b02b2b785416ec7e5106dcc
d86660a84daa211b121ec9fe0df83d6b945f61b888384391eabc7d6b4e941dc4

HTTP Headers

GET /shared/1.0/content/images/picker_verify_email_958962caa7cf6b75cd412e9e3b687b22.svg HTTP/1.1
Host: logincdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://khevyak.qcnztau.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 9247635
cache-control: public, max-age=31536000
content-md5: pFQUXilUkzYtIbvSwGgVBQ==
content-type: image/svg+xml
date: Fri, 22 Sep 2023 19:50:09 GMT
etag: 0x8DB5C409F549E50
last-modified: Wed, 24 May 2023 10:21:22 GMT
server: ECAcc (ska/F7AD)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: e6e3cc87-601e-0079-1c72-993a7c000000
x-ms-version: 2009-09-19
content-length: 212
X-Firefox-Spdy: h2

khevyak.qcnztau.ru/webname+%22/assets/fonts/GDSherpa-regular.woff2%22

188.114.96.1

404 Not Found

315 B

URL GET HTTP/3
khevyak.qcnztau.ru/webname+%22/assets/fonts/GDSherpa-regular.woff2%22
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://khevyak.qcnztau.ru/u73aa7am4p#bergeson@goldenrulephc.com
Certificate
IssuerGoogle Trust Services LLC
Subjectqcnztau.ru
FingerprintA3:4A:62:30:D2:2A:A1:B0:E4:36:B7:50:A2:62:33:F4:A3:7D:AD:AE
ValidityThu, 14 Sep 2023 18:29:30 GMT - Wed, 13 Dec 2023 18:29:29 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (326), with no line terminators
Size
315 B (315 bytes)
Hash
97ef40509b73c101d6815511c3adf98d
a4242322497ea630ea72e26ba297a95a2bbe5ccd
322c1f60d9d454c801f7cff3173ef16b61cf9963a64e09a4d9e21d36218b56be

HTTP Headers

GET /webname+%22/assets/fonts/GDSherpa-regular.woff2%22 HTTP/1.1
Host: khevyak.qcnztau.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://khevyak.qcnztau.ru/u73aa7am4p
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Fri, 22 Sep 2023 19:50:04 GMT
content-type: text/html; charset=iso-8859-1
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p1YRfELVIrwj5eYMDmtjxz2ERw4wQOwOLaCzBD4iv3FW0R3NbBUr08jargA6LuGYW%2BreOUscOt%2FtLiP%2FikkHT592FN8EKCniXe2ocA46UPgeOUPquftLEDWUFKS8X%2FlfP4%2B8ZCw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80ad1324dc21b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

khevyak.qcnztau.ru/webname+%22/assets/fonts/GDSherpa-vf2.woff2%22

188.114.96.1

404 Not Found

315 B

URL GET HTTP/3
khevyak.qcnztau.ru/webname+%22/assets/fonts/GDSherpa-vf2.woff2%22
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://khevyak.qcnztau.ru/u73aa7am4p#bergeson@goldenrulephc.com
Certificate
IssuerGoogle Trust Services LLC
Subjectqcnztau.ru
FingerprintA3:4A:62:30:D2:2A:A1:B0:E4:36:B7:50:A2:62:33:F4:A3:7D:AD:AE
ValidityThu, 14 Sep 2023 18:29:30 GMT - Wed, 13 Dec 2023 18:29:29 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (326), with no line terminators
Size
315 B (315 bytes)
Hash
97ef40509b73c101d6815511c3adf98d
a4242322497ea630ea72e26ba297a95a2bbe5ccd
322c1f60d9d454c801f7cff3173ef16b61cf9963a64e09a4d9e21d36218b56be

HTTP Headers

GET /webname+%22/assets/fonts/GDSherpa-vf2.woff2%22 HTTP/1.1
Host: khevyak.qcnztau.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://khevyak.qcnztau.ru/u73aa7am4p
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Fri, 22 Sep 2023 19:50:05 GMT
content-type: text/html; charset=iso-8859-1
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=81EBCcNWhJRejtfTqcM%2FO3EK5c0T7wZAPFYhKjJa1OmF5cmAkf1XUKm8e0xK0TgAlUjtuElNSm0Z8KDZajK7T4xXMyfH%2BFeuNx28qBAgfsqiCiDgWbnW7lDkR8awtNROBRf7HZs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80ad1324ec2fb4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hfv7j/0x4AAAAAAAKV2h94qgLURaAU/auto/normal

104.17.2.184

200 OK

27 kB

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hfv7j/0x4AAAAAAAKV2h94qgLURaAU/auto/normal
IP
104.17.2.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://khevyak.qcnztau.ru/u73aa7am4p#bergeson@goldenrulephc.com
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (14577)
Size
27 kB (27300 bytes)
Hash
94faf09a1d77caca7e5f77fa611bba99
5cbebd548919f5d47f29463dafdea8fbe9ef54f8
bd2fd4d2d7679851887260a4a2879374912e4abe754c245e870cc8bd606c444d

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hfv7j/0x4AAAAAAAKV2h94qgLURaAU/auto/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://khevyak.qcnztau.ru/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 22 Sep 2023 19:50:04 GMT
content-type: text/html; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self'
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
document-policy: js-profiling
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare
cf-ray: 80ad1328d8c1b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

khevyak.qcnztau.ru/webname+%22/assets/fonts/GDSherpa-bold.woff2%22

188.114.96.1

404 Not Found

315 B

URL GET HTTP/3
khevyak.qcnztau.ru/webname+%22/assets/fonts/GDSherpa-bold.woff2%22
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://khevyak.qcnztau.ru/u73aa7am4p#bergeson@goldenrulephc.com
Certificate
IssuerGoogle Trust Services LLC
Subjectqcnztau.ru
FingerprintA3:4A:62:30:D2:2A:A1:B0:E4:36:B7:50:A2:62:33:F4:A3:7D:AD:AE
ValidityThu, 14 Sep 2023 18:29:30 GMT - Wed, 13 Dec 2023 18:29:29 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (326), with no line terminators
Size
315 B (315 bytes)
Hash
97ef40509b73c101d6815511c3adf98d
a4242322497ea630ea72e26ba297a95a2bbe5ccd
322c1f60d9d454c801f7cff3173ef16b61cf9963a64e09a4d9e21d36218b56be

HTTP Headers

GET /webname+%22/assets/fonts/GDSherpa-bold.woff2%22 HTTP/1.1
Host: khevyak.qcnztau.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://khevyak.qcnztau.ru/u73aa7am4p
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Fri, 22 Sep 2023 19:50:04 GMT
content-type: text/html; charset=iso-8859-1
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PRzNFGjxSd09tBHZ3wQJaQrF6cOefN38svVg0Skba9KE2Hw0OksEjTbuP%2FYch7GT4XsCig8fez8LOFoRFkee%2FAL8ZCmB2bzOLTl2%2B0Q%2Bvlpdm57LNDhuMt%2Ff4xStutOSGcjIhO8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80ad1324cc16b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

devcraftingsolutions.com/call

172.67.74.198

200 OK

139 B

URL POST HTTP/3
devcraftingsolutions.com/call
IP
172.67.74.198:443
ASN
#13335 CLOUDFLARENET

Requested by
https://khevyak.qcnztau.ru/u73aa7am4p#bergeson@goldenrulephc.com
Certificate
IssuerGoogle Trust Services LLC
Subjectdevcraftingsolutions.com
FingerprintA5:A0:56:28:B0:AE:C8:24:C1:7E:ED:00:52:BF:DF:18:94:D9:99:57
ValidityWed, 06 Sep 2023 12:07:49 GMT - Tue, 05 Dec 2023 12:07:48 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
139 B (139 bytes)
Hash
84fc9656b23930b79e4bb57e80477b44
0944fecdb701a728118024a9fe71c5b5ded9d3b2
b9b9766d48a144521c064f4c4aaa539a7e215c2e0234acd7381baf46cbe575b9

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed

HTTP Headers

POST /call HTTP/1.1
Host: devcraftingsolutions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 111
Origin: https://khevyak.qcnztau.ru
DNT: 1
Connection: keep-alive
Referer: https://khevyak.qcnztau.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 22 Sep 2023 19:50:16 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.1.10
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6Ii9UcjdCcXdvMnhWTFIwSDVKVW9KVUE9PSIsInZhbHVlIjoiLzdtSTZWQTNlWENaK0xoalRwSGM0ellKNXYxSnBIaHk4azEwQkI4MUFMTkQvSGIyclJJTGdJamxJbERUTE9qcExEYkRpTzZ4dUhJNjdsL0hZTmpBOEVKMzRtb05qTVdHNnpIU20yOE84YnhhMTlaVHEvWjh6K093ZUxtMzFxYWsiLCJtYWMiOiIxNmZhZTU0ZmNjMmNmMjcxYzA5ZDFhOGVlMmQwYWFlMWI4ZWMyYWFiY2EwMTdlODMwN2UxOGFiNjhjNjI2NmUxIiwidGFnIjoiIn0%3D; expires=Fri, 22-Sep-2023 21:50:16 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=eyJpdiI6InBPOEJJTUt0emd6MHFCSnJkMnhlMVE9PSIsInZhbHVlIjoiRkdTdmdpRkxPVTdsQWdYNWtaY09FN2NySXRjRENqWlR2c3NyT2FkTnFLRnVEOUtJTWZ0elRDM0RPSGhpYit4VlJFbnJXRklKdUs5bG9xTXU3bCtMZnZQUitaajZyWCtEeHpIRWgyNCtaUUg3Mkp0VnN3c3ZJNmU3cE9FVmdJdkkiLCJtYWMiOiJiMmI0ZWViYzM5NzBiMGU2YzNhNmZhMmE4NzMxZDQ4OTlkNTIzY2Q1MzExMTk1YjM1Yjg1MGEyYWFiZjk1MjZkIiwidGFnIjoiIn0%3D; expires=Fri, 22-Sep-2023 21:50:16 GMT; Max-Age=7200; path=/; httponly; samesite=lax
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=18%2FcwPaU5ytkAZFxT0UdJdA0bzMCj1qhhK%2BE7s%2Bj1b88WVjDu%2BEoX38C5xREmh274IFReBJR1lD0OfTbv5Cj1Xns4lAiPchNM8MFkeA1%2F1szj1Ek3AYLuun3GI3ZdaPU%2BBDcLGYWJmmqVg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80ad13525c05b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

devcraftingsolutions.com/assets/css/pages.min.css?cb=1695412204488

172.67.74.198

200 OK

17 kB

URL GET HTTP/3
devcraftingsolutions.com/assets/css/pages.min.css?cb=1695412204488
IP
172.67.74.198:443
ASN
#13335 CLOUDFLARENET

Requested by
https://khevyak.qcnztau.ru/u73aa7am4p#bergeson@goldenrulephc.com
Certificate
IssuerGoogle Trust Services LLC
Subjectdevcraftingsolutions.com
FingerprintA5:A0:56:28:B0:AE:C8:24:C1:7E:ED:00:52:BF:DF:18:94:D9:99:57
ValidityWed, 06 Sep 2023 12:07:49 GMT - Tue, 05 Dec 2023 12:07:48 GMT

File type
ASCII text, with very long lines (17002), with no line terminators
Size
17 kB (17002 bytes)
Hash
68dd1bcccde5656be56122a5370bbb98
18d1618561916e13668295570a157c32acd9e1f5
bd5a242e3cd9e703a92c7d2667e8f78a3ba2c97cbd04237665782034e4760ed3

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed

HTTP Headers

GET /assets/css/pages.min.css?cb=1695412204488 HTTP/1.1
Host: devcraftingsolutions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://khevyak.qcnztau.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 22 Sep 2023 19:50:04 GMT
content-type: text/css
last-modified: Thu, 21 Sep 2023 16:09:44 GMT
etag: W/"426a-605e0b85d9fb1"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iyhgEaoEufEIQdpqQoh0ADmonIdqoFTxqqjTEEvdlXnGnll%2BM%2Fg7p8Ujk%2FOvk2BMlXTCY7b3MItjjjIajzov3pdY9Y4h2LrMJmzE27WfaEzHEtVebTTjbzhCaV8Bb0w3i8SwkNSceDZPLg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80ad1324bf9ab4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

r39vx6.ru/assets/microsoftfavicon.ico

0.0.0.0

0 B

URL GET
r39vx6.ru/assets/microsoftfavicon.ico
IP
0.0.0.0:0
ASN
#0

Requested by
https://khevyak.qcnztau.ru/u73aa7am4p#bergeson@goldenrulephc.com
Certificate
IssuerGoogle Trust Services LLC
Subject*.r39vx6.ru
Fingerprint44:09:78:A0:DD:80:B9:2E:A4:7A:8D:16:5A:8C:2C:13:89:6D:BD:61
ValidityMon, 11 Sep 2023 18:30:12 GMT - Sun, 10 Dec 2023 18:30:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /assets/microsoftfavicon.ico HTTP/1.1
Host: r39vx6.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://khevyak.qcnztau.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 22 Sep 2023 19:50:09 GMT
content-type: image/x-icon
last-modified: Sun, 19 Mar 2023 15:20:17 GMT
etag: W/"4316-5f7425905ae40"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
cache-control: max-age=14400
cf-cache-status: HIT
age: 113
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kqCQYfx3vMlkv3iUd%2FY3rByv36TduUw%2BwPye99EGaOqdQcdF4VuAAP1T8XQwwlkVkfC%2BxCXIpDz5viWGKB6ixwotNC0RLeO1OcumJ9odzHGe8u1GguD%2FHLr76Bk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80ad134608981c12-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

devcraftingsolutions.com/info

172.67.74.198

200 OK

16 B

URL POST HTTP/3
devcraftingsolutions.com/info
IP
172.67.74.198:443
ASN
#13335 CLOUDFLARENET

Requested by
https://khevyak.qcnztau.ru/u73aa7am4p#bergeson@goldenrulephc.com
Certificate
IssuerGoogle Trust Services LLC
Subjectdevcraftingsolutions.com
FingerprintA5:A0:56:28:B0:AE:C8:24:C1:7E:ED:00:52:BF:DF:18:94:D9:99:57
ValidityWed, 06 Sep 2023 12:07:49 GMT - Tue, 05 Dec 2023 12:07:48 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
16 B (16 bytes)
Hash
5005d94648e72474d71b26270ef76b24
1990e5a3fb804ab002a45ebf4ea0d57f256a26e9
9c7f514b35848a733525db010afba8e24f781d3d5383e7eb516855e78d56ff92

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed

HTTP Headers

POST /info HTTP/1.1
Host: devcraftingsolutions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 26
Origin: https://khevyak.qcnztau.ru
DNT: 1
Connection: keep-alive
Referer: https://khevyak.qcnztau.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 22 Sep 2023 19:50:11 GMT
content-type: application/json
x-powered-by: PHP/8.1.10
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6Im1heHowNVZJTm02dCtHZVIvTnRaakE9PSIsInZhbHVlIjoic2haTkhwTi9mVExuZXBKcW43VEswRU5kSVNhSnlqUTU5V3B5UUpVWGtQRjg4VzRpQlhoVllDZ1NvekJmdUJMYk9yWTBRc2YwMnczUTgvbDV0djNTak9FeGJ1UVdZOGRmWGFmN05GaThCVVh3LzEyM0U4eHJHeklXTk1ybWJ2MlUiLCJtYWMiOiJlNmIwYTIyNWJmYzhmMDA5ZGI4OTdlYWQ2NGJjYzg0NzQ5ZDczMmVmZGVjNjBmZjI3YjMwZTMxMzVmNzhjNWMyIiwidGFnIjoiIn0%3D; expires=Fri, 22-Sep-2023 21:50:11 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=eyJpdiI6ImJSbXhNRzNaRlpva2FxVW9vb3Nqamc9PSIsInZhbHVlIjoiUHJoMDF5TWJleGF6Wm5JUlRhelRaRE5ZL0ZZSVh1U3RPT1daWkVLeHl4V0YyNHVud041ekkrUzdRYW1xNGszbUVhNitpalJzbGc5aWlwWkxtc3N4RE5FVy9zekNqcWk4ekp5UXBwd1ltRWg3S1BQVzdCM0ZuSnkxai81TkRRVnIiLCJtYWMiOiI5ZGE5MzU1NWM1N2E1YzVjOWY0N2JiM2UxYjYxMGM5ZWExMDgxYzg5YmUzMjU1OGM0YzAyYTJjOTAyOTEyNTM2IiwidGFnIjoiIn0%3D; expires=Fri, 22-Sep-2023 21:50:11 GMT; Max-Age=7200; path=/; httponly; samesite=lax
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z%2BFAkhF9Ij33yfoBYtnZ1gWklYH2JLYbA3KZo7P2%2BOHqwNWRckuM0wkuq8lgFsP3oWGjsmigTCE2XLCKJg1LdPX36tqyfyQ9eG2hpkxPhftVwQJHB%2Bw%2Bw7kjGVTC9%2FLT9znZHie%2FEHNCOg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80ad134ed85eb4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

devcraftingsolutions.com/info

172.67.74.198

200 OK

1 B

URL POST HTTP/3
devcraftingsolutions.com/info
IP
172.67.74.198:443
ASN
#13335 CLOUDFLARENET

Requested by
https://khevyak.qcnztau.ru/u73aa7am4p#bergeson@goldenrulephc.com
Certificate
IssuerGoogle Trust Services LLC
Subjectdevcraftingsolutions.com
FingerprintA5:A0:56:28:B0:AE:C8:24:C1:7E:ED:00:52:BF:DF:18:94:D9:99:57
ValidityWed, 06 Sep 2023 12:07:49 GMT - Tue, 05 Dec 2023 12:07:48 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed

HTTP Headers

POST /info HTTP/1.1
Host: devcraftingsolutions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 135
Origin: https://khevyak.qcnztau.ru
DNT: 1
Connection: keep-alive
Referer: https://khevyak.qcnztau.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 22 Sep 2023 19:50:11 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.1.10
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6InFSZnc1SUMwQmpBeGVtN3VmZUlLOEE9PSIsInZhbHVlIjoiUGZDdzVLcnQ1VnhHRkZEMStpdXlEa0dPeWM5bDE0UGRoUXlSUkVucHN0RG9KSnI1a3F6dDRjOHl5SmdibXhhazdoZi9rdTgxaUJJSEovNDd4NE1XbzRiOElHaWZvWU0vb2w2aklCMWdjYzFtcy9oL0twWDJYU1U0NDJsZGpWckEiLCJtYWMiOiJhMzUwYzc2MGQwNGU3Mjc4MGY2MDUzN2UzZmYyZTRjOTM1NmE5M2M3NzNiNTU1NGMwMTMyMjNmOTFlMDMzY2NkIiwidGFnIjoiIn0%3D; expires=Fri, 22-Sep-2023 21:50:11 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=eyJpdiI6ImZHa3lrSFV2NmljeFpQTnliSUZYT0E9PSIsInZhbHVlIjoiV0Q5RkVSYnZSblFUMWpsMXlnMUFaZm9RUGtzU3NXaG1JTTlzT1lYQmU1NkJPeHlnNC9EYWt5RVlsdmlPdmVYRTVHN2FEQWRNTHVxSHFxL3JQNzFXVmFYMTIyd21BblB3WnN0NmNLeXVyK1p0NWUwZHFMdHdGK2tLVTFKeXRpTDUiLCJtYWMiOiI4NDkxZDJiOGVkNmE1ZWJmYjllNThkYTlkMWYzNTI0M2UwMDY1NmE2NWMyYWUzOWJiNDNlODAxMjFhMDgxZTliIiwidGFnIjoiIn0%3D; expires=Fri, 22-Sep-2023 21:50:11 GMT; Max-Age=7200; path=/; httponly; samesite=lax
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mqQ4JdI3kXWCYuxDkBk%2BQQu0WPxhp3XiNDrsMdyr4zi6BNU8jpXCIJo0%2FwicNBN9htLK0DrXQ4dOEiU3HVQxDa9uUxbl63w%2Bh5nJmsTmNKe4v8RAW5h8eqt9PdBy1QrmxyVIg3vISybOdw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80ad13525c08b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

devcraftingsolutions.com/assets/js/pages.js?cb=1695412204488

172.67.74.198

200 OK

77 kB

URL GET HTTP/3
devcraftingsolutions.com/assets/js/pages.js?cb=1695412204488
IP
172.67.74.198:443
ASN
#13335 CLOUDFLARENET

Requested by
https://khevyak.qcnztau.ru/u73aa7am4p#bergeson@goldenrulephc.com
Certificate
IssuerGoogle Trust Services LLC
Subjectdevcraftingsolutions.com
FingerprintA5:A0:56:28:B0:AE:C8:24:C1:7E:ED:00:52:BF:DF:18:94:D9:99:57
ValidityWed, 06 Sep 2023 12:07:49 GMT - Tue, 05 Dec 2023 12:07:48 GMT

File type

Size
77 kB (77031 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed

HTTP Headers

GET /assets/js/pages.js?cb=1695412204488 HTTP/1.1
Host: devcraftingsolutions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://khevyak.qcnztau.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 22 Sep 2023 19:50:09 GMT
content-type: application/javascript
last-modified: Fri, 22 Sep 2023 16:15:04 GMT
etag: W/"12ce7-605f4e952d80b"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p82cMPB4nFlLxF4fGP6klXfk%2Fs7LU9v8fiQiDgppFiUcnUM01IgADyjOQ8%2FPgOJ9Idbp%2BM0tDTsaT8jXZ%2FHu%2Bz%2Bh2lnE21uoivBKTQAzPQv32obhDFJbZjXXFmLHmVpztHf17S1hrfsMYw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80ad13435d8cb4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

devcraftingsolutions.com/assets/cloudfavicon.ico

0.0.0.0

0 B

URL GET
devcraftingsolutions.com/assets/cloudfavicon.ico
IP
0.0.0.0:0
ASN
#0

Requested by
https://khevyak.qcnztau.ru/u73aa7am4p#bergeson@goldenrulephc.com
Certificate
IssuerGoogle Trust Services LLC
Subjectdevcraftingsolutions.com
FingerprintA5:A0:56:28:B0:AE:C8:24:C1:7E:ED:00:52:BF:DF:18:94:D9:99:57
ValidityWed, 06 Sep 2023 12:07:49 GMT - Tue, 05 Dec 2023 12:07:48 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed

HTTP Headers

GET /assets/cloudfavicon.ico HTTP/1.1
Host: devcraftingsolutions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://khevyak.qcnztau.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 22 Sep 2023 19:50:04 GMT
content-type: image/x-icon
last-modified: Wed, 16 Aug 2023 15:22:46 GMT
etag: W/"86be-6030bde212b57"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
cache-control: max-age=14400
cf-cache-status: HIT
age: 3214
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TXsv%2BiFwq%2F%2BNopcTx%2Fs75WXkSZm%2Bo8rHEXzTx53vZs72NPtpJoCyucOoK5ysj%2F43sDnmpXKgtrAYJ7lgAaNF9upE3puWb%2FnEhQ1KKeknnkOqbc2%2F2RIT%2B4GJnulJTnPiEMS7bRWkejDkqw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80ad132429ab0b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

khevyak.qcnztau.ru/webname+%22/assets/fonts/GDSherpa-vf.woff2%22

188.114.96.1

404 Not Found

315 B

URL GET HTTP/3
khevyak.qcnztau.ru/webname+%22/assets/fonts/GDSherpa-vf.woff2%22
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://khevyak.qcnztau.ru/u73aa7am4p#bergeson@goldenrulephc.com
Certificate
IssuerGoogle Trust Services LLC
Subjectqcnztau.ru
FingerprintA3:4A:62:30:D2:2A:A1:B0:E4:36:B7:50:A2:62:33:F4:A3:7D:AD:AE
ValidityThu, 14 Sep 2023 18:29:30 GMT - Wed, 13 Dec 2023 18:29:29 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (326), with no line terminators
Size
315 B (315 bytes)
Hash
97ef40509b73c101d6815511c3adf98d
a4242322497ea630ea72e26ba297a95a2bbe5ccd
322c1f60d9d454c801f7cff3173ef16b61cf9963a64e09a4d9e21d36218b56be

HTTP Headers

GET /webname+%22/assets/fonts/GDSherpa-vf.woff2%22 HTTP/1.1
Host: khevyak.qcnztau.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://khevyak.qcnztau.ru/u73aa7am4p
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Fri, 22 Sep 2023 19:50:05 GMT
content-type: text/html; charset=iso-8859-1
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0De%2BAyZ7VYt7EeQkFrGw%2Fq%2FlvrVsOBBIvcPdm%2F7iq9fD5X%2BzTXEYAPNCBqo5s%2Bw1%2FYZMwnAMUBB7qZuuQMaq0zfU9%2FI%2Bc1FRRGux5v1dwyuNoArEnT%2Fq3v%2BWhg6P6doQMbmiqaI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80ad1324ec2cb4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

devcraftingsolutions.com/info

172.67.74.198

200 OK

30 kB

URL POST HTTP/3
devcraftingsolutions.com/info
IP
172.67.74.198:443
ASN
#13335 CLOUDFLARENET

Requested by
https://khevyak.qcnztau.ru/u73aa7am4p#bergeson@goldenrulephc.com
Certificate
IssuerGoogle Trust Services LLC
Subjectdevcraftingsolutions.com
FingerprintA5:A0:56:28:B0:AE:C8:24:C1:7E:ED:00:52:BF:DF:18:94:D9:99:57
ValidityWed, 06 Sep 2023 12:07:49 GMT - Tue, 05 Dec 2023 12:07:48 GMT

File type

Size
30 kB (30288 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed

HTTP Headers

POST /info HTTP/1.1
Host: devcraftingsolutions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 26
Origin: https://khevyak.qcnztau.ru
DNT: 1
Connection: keep-alive
Referer: https://khevyak.qcnztau.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 22 Sep 2023 19:50:08 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.1.10
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IllvVkxleWNWOFhCa1pwcGt1NGFQY1E9PSIsInZhbHVlIjoicDRwWG9KSEFPaHFGUnE0eUJycm1xQzVsc0JzaVRqa3lTdXplYm93WUdQelE5YzVVaXVlRzhIUitmYnFXMFhxZlE3WWc4enIwZmw3Z2xmWkNzeENQWnUwUWFGa29HWVlkNldzbTdVRGdibEtXY1lUOVVIYVB5S2hESjFvK2t6dUciLCJtYWMiOiIxNjQxMWRiNjdkNjg4ZGQ2OWNkMTZhZTliMDI3MGUyOWI0NGI5NTNkODdkYWU1ODhlNGJjZDYwYmRjYjRkNjhlIiwidGFnIjoiIn0%3D; expires=Fri, 22-Sep-2023 21:50:08 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=eyJpdiI6IjlGMTBMbWZvTFk5cUVkWGQ4VVF0V0E9PSIsInZhbHVlIjoiT1JOaHYyN1VxSDZnRi9udmFGa3E4NUpjVSs2aDlrNWUrV3dIalZBZU9FbFE4RzYvTUxHanJtNXVMbytrS3JjNTB3V0VVZXJURnJsZ3NFKys0UzBWY3BoWi91cGhBM3pqMGljeEZWMVoxTExkKzdXNWx5cTlsVDVkZ3h2R0V4OXAiLCJtYWMiOiIwNjQ0ZDRkZDlkMTczOGVjYzg2ZDEyNjVkOGUyMzFiNzI5OWUyNjgzNmM3NDE0NWUxYWJiMDVmNDNkMDJjZmRkIiwidGFnIjoiIn0%3D; expires=Fri, 22-Sep-2023 21:50:08 GMT; Max-Age=7200; path=/; httponly; samesite=lax
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yacqsKiHSU1EnllTY3OoO7FYJis8rHtIoTpiI%2FLMAUtefb7o3vFyf8nyff%2FbHsst787iMAicK23SQsRnJZIsqayncDcwam2lTkbb%2BwJCRumWBd5ZqS%2Br61qFc%2BTNCEbuFY%2FYlQYrMM%2FyRg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80ad13403aa7b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ipinfo.io/

34.117.59.81

200 OK

280 B

URL GET HTTP/2
ipinfo.io/
IP
34.117.59.81:443
ASN
#15169 GOOGLE

Requested by
https://khevyak.qcnztau.ru/u73aa7am4p#bergeson@goldenrulephc.com
Certificate
IssuerLet's Encrypt
Subjectipinfo.io
Fingerprint93:12:24:EE:DB:EC:6E:1F:10:38:75:88:62:FF:AE:40:74:B7:F8:F3
ValidityWed, 09 Aug 2023 08:13:42 GMT - Tue, 07 Nov 2023 08:13:41 GMT

File type
ASCII text, with very long lines (331), with no line terminators
Size
280 B (280 bytes)
Hash
1438617e5afe35240ea18211e338db01
89cd78f604e6cbe17941a252074a02a4a01e4f44
3ea7df984d0727ca5eddf1c01b8f584629a1fb93caa8c0b581e5835ede012c1d

HTTP Headers

GET / HTTP/1.1
Host: ipinfo.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://khevyak.qcnztau.ru
DNT: 1
Connection: keep-alive
Referer: https://khevyak.qcnztau.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
content-type: application/json; charset=utf-8
date: Fri, 22 Sep 2023 19:50:11 GMT
x-envoy-upstream-service-time: 2
strict-transport-security: max-age=2592000; includeSubDomains
vary: Accept-Encoding
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

devcraftingsolutions.com/assets/js/pages-head.min.js?cb=1695412204488

172.67.74.198

200 OK

15 kB

URL GET HTTP/3
devcraftingsolutions.com/assets/js/pages-head.min.js?cb=1695412204488
IP
172.67.74.198:443
ASN
#13335 CLOUDFLARENET

Requested by
https://khevyak.qcnztau.ru/u73aa7am4p#bergeson@goldenrulephc.com
Certificate
IssuerGoogle Trust Services LLC
Subjectdevcraftingsolutions.com
FingerprintA5:A0:56:28:B0:AE:C8:24:C1:7E:ED:00:52:BF:DF:18:94:D9:99:57
ValidityWed, 06 Sep 2023 12:07:49 GMT - Tue, 05 Dec 2023 12:07:48 GMT

File type
ASCII text, with very long lines (15270), with no line terminators
Size
15 kB (15270 bytes)
Hash
0a85cfa00ae4ff05d213a007658877f6
ab10854258f1a0f4c2ccfdcfe454c31c68296567
2bf418f792e4b25dd596c701a944228bcb767af733196ba340df3954cfc87b19

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed

HTTP Headers

GET /assets/js/pages-head.min.js?cb=1695412204488 HTTP/1.1
Host: devcraftingsolutions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://khevyak.qcnztau.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 22 Sep 2023 19:50:04 GMT
content-type: application/javascript
last-modified: Fri, 22 Sep 2023 15:46:41 GMT
etag: W/"3ba6-605f483c9c5f3"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MF00iWPBc%2BF8wI7F6C%2BC%2BeRdgnnwEbHt347yY8WtjU2SCtXjXtWY4vL98pH%2BZC7%2F6S9pJ19v4OBpd8pCJOH%2BlRZeKJ5XRIsjLoQ4QukVmqw9aOvbUW3mfRw0GYTEujoBEIE%2Fy0WDMeiJbw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80ad1324cfb6b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (45)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate