| offhz.vestusiab.com/GDSherpa-bold.woff |  104.21.96.1 | 200 OK | 36 kB |
URL GET offhz.vestusiab.com/GDSherpa-bold.woff IP104.21.96.1:443
Requested byhttps://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP CertificateIssuerCLOUDFLARE, INC. Subjectvestusiab.com Fingerprint7E:07:E7:01:47:0D:FC:59:F6:ED:95:B6:A9:6C:11:8B:E1:31:B8:EA ValidityWed, 02 Apr 2025 21:14:26 GMT - Tue, 01 Jul 2025 21:21:44 GMT
File typeWeb Open Font Format, TrueType, length 35970, version 1.0 Hash496b7bbde91c7dc7cf9bbabbb3921da8 2bd3c406a715ab52dad84c803c55bf4a6e66a924 ae40a04f95df12b0c364f26ab691dc0c391d394a28bcdb4aeacfaca325d0a798
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Tycoon Phishing Kit |
GET /GDSherpa-bold.woff HTTP/1.1
Host: offhz.vestusiab.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImFuZXVpMXFnSWJqK3FDZ0U4eFA4MHc9PSIsInZhbHVlIjoiV1c3Z29jN0hlMlRna1dIbDlsa3JQWlh3OURHK2JBTThzUWNlajFza1Y4NmNXWkY0bEZxQ0hVVW15K2ZrZStURnJlblU2UCszTDBQVzUvUUliTUVqQy9yUC8xeWM2bGp3L1hHVHcyV2dGVFlaUWFtMDM0OGs5NWZ2VGw5WERMeGEiLCJtYWMiOiIwODhhMjU0YTgxNjY1NWI3M2IwNTgyMDczZGQzNmYwNTY3MmZmOTlhNWVkYTdlYzUxNDZjMzQ4NmUxNWRhNTNkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlV4dHFFdEZHRFZBQWRFc2NXaENodVE9PSIsInZhbHVlIjoiTnhQSFBOTHpjbHBIOTY4S2FtOGVCWHhWbjNWeEpyWXNHakMyOE0xSzBlN3lSa3R6ZTdBVjNnVytJZlRDcjJpMENWQ0o2TEVYU0NUd3g4aFZ4ZThDUnR0RUhqSlllT01Ob3FEQ1NwQXpLVTlxcXc3VnpSOXovK1I1NmQxM3BKUDEiLCJtYWMiOiI4NzFkM2U2MDRmZGEyY2Q2OWZjZjRlNmU0MjlhMDA2YmYwNjNiYzEzMzY0NzdjMWY2NTRkMzUyMjAyM2U2Y2U0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 06 May 2025 21:16:01 GMT
content-type: font/woff
content-length: 35970
server: cloudflare
content-disposition: inline; filename="GDSherpa-bold.woff"
cf-cache-status: MISS
last-modified: Tue, 06 May 2025 21:16:00 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DeORHZ6nQS%2BBtD2xntkPtLI2Nl7kZKaCECqgU4DtF5Wqp8%2BH9YDD1ORvhl0Q1xBUbjxZfLrRhc3wCUeNleDC2cUQBix4H56oDY76E1YmZbR0Q5KlCR9N%2BAel0R9o"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server-timing: cfL4;desc="?proto=TCP&rtt=310&min_rtt=305&rtt_var=92&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2194&delivery_rate=12291793&cwnd=252&unsent_bytes=0&cid=f23489c77104e812&ts=289&x=0", cfL4;desc="?proto=QUIC&rtt=1287&min_rtt=595&rtt_var=316&sent=1234&recv=431&lost=0&retrans=0&sent_bytes=1116936&recv_bytes=46070&delivery_rate=95399&cwnd=67200&unsent_bytes=0&cid=eee6443af1f9f3b0&ts=12122&x=16"
cache-control: max-age=14400
cf-ray: 93bb7ef80833712f-OSL
alt-svc: h3=":443"; ma=86400
|
|
| offhz.vestusiab.com/GDSherpa-regular.woff2 | 104.21.96.1 | 200 OK | 29 kB |
URL GET offhz.vestusiab.com/GDSherpa-regular.woff2 IP104.21.96.1:443
Requested byhttps://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP CertificateIssuerCLOUDFLARE, INC. Subjectvestusiab.com Fingerprint7E:07:E7:01:47:0D:FC:59:F6:ED:95:B6:A9:6C:11:8B:E1:31:B8:EA ValidityWed, 02 Apr 2025 21:14:26 GMT - Tue, 01 Jul 2025 21:21:44 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 28584, version 1.66 Hash17081510f3a6f2f619ec8c6f244523c7 87f34b2a1532c50f2a424c345d03fe028db35635 2c7292014e2ef00374aeb63691d9f23159a010455784ee0b274ba7db2bcca956
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Tycoon Phishing Kit |
GET /GDSherpa-regular.woff2 HTTP/1.1
Host: offhz.vestusiab.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImFuZXVpMXFnSWJqK3FDZ0U4eFA4MHc9PSIsInZhbHVlIjoiV1c3Z29jN0hlMlRna1dIbDlsa3JQWlh3OURHK2JBTThzUWNlajFza1Y4NmNXWkY0bEZxQ0hVVW15K2ZrZStURnJlblU2UCszTDBQVzUvUUliTUVqQy9yUC8xeWM2bGp3L1hHVHcyV2dGVFlaUWFtMDM0OGs5NWZ2VGw5WERMeGEiLCJtYWMiOiIwODhhMjU0YTgxNjY1NWI3M2IwNTgyMDczZGQzNmYwNTY3MmZmOTlhNWVkYTdlYzUxNDZjMzQ4NmUxNWRhNTNkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlV4dHFFdEZHRFZBQWRFc2NXaENodVE9PSIsInZhbHVlIjoiTnhQSFBOTHpjbHBIOTY4S2FtOGVCWHhWbjNWeEpyWXNHakMyOE0xSzBlN3lSa3R6ZTdBVjNnVytJZlRDcjJpMENWQ0o2TEVYU0NUd3g4aFZ4ZThDUnR0RUhqSlllT01Ob3FEQ1NwQXpLVTlxcXc3VnpSOXovK1I1NmQxM3BKUDEiLCJtYWMiOiI4NzFkM2U2MDRmZGEyY2Q2OWZjZjRlNmU0MjlhMDA2YmYwNjNiYzEzMzY0NzdjMWY2NTRkMzUyMjAyM2U2Y2U0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 06 May 2025 21:15:58 GMT
content-type: font/woff2
content-length: 28584
server: cloudflare
content-disposition: inline; filename="GDSherpa-regular.woff2"
cf-cache-status: MISS
last-modified: Tue, 06 May 2025 21:15:58 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=whgtpsqfroHQuJG9zKu1vEi6HnVKae756GopE7K9NnYbvna4bCt1YNqFGNEE2p1oYAZba%2Favb4Vv1XIrGYW9nyLWKOm2H6E5VBeMk30ZSuxEfMFiPRIt4cetEZZZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server-timing: cfL4;desc="?proto=TCP&rtt=15745&min_rtt=15730&rtt_var=4447&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2197&delivery_rate=255641&cwnd=246&unsent_bytes=0&cid=0948150888e9209a&ts=446&x=0", cfL4;desc="?proto=QUIC&rtt=1312&min_rtt=595&rtt_var=383&sent=865&recv=401&lost=0&retrans=0&sent_bytes=702672&recv_bytes=43705&delivery_rate=1743441&cwnd=45600&unsent_bytes=0&cid=eee6443af1f9f3b0&ts=9814&x=16"
cache-control: max-age=14400
cf-ray: 93bb7ef80832712f-OSL
alt-svc: h3=":443"; ma=86400
|
|
| royalleaffashion.com/c/409098/c21vcmdhbkBzbHVycG1haWwubmV0 |  103.159.36.91 | 200 OK | 0 B |
URL User Request GET royalleaffashion.com/c/409098/c21vcmdhbkBzbHVycG1haWwubmV0 IP103.159.36.91:443
CertificateIssuerLet's Encrypt Subject*.royalleaffashion.com Fingerprint48:D1:64:C1:21:5D:6C:62:4C:65:E4:8B:EB:B5:5C:3E:9E:9F:4E:ED ValidityMon, 07 Apr 2025 13:21:13 GMT - Sun, 06 Jul 2025 13:21:12 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c/409098/c21vcmdhbkBzbHVycG1haWwubmV0 HTTP/1.1
Host: royalleaffashion.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
refresh: 0; url=https://ofFHZ.vestusiab.com/iZth3V2uyphCyUg!h/*c21vcmdhbkBzbHVycG1haWwubmV0
content-type: text/html; charset=UTF-8
content-length: 0
date: Tue, 06 May 2025 21:15:48 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
|
|
| offhz.vestusiab.com/klRP2XxAf25ccVHrrtWiZSRpFTH5GWfhdHEZvMwxBSNewC3lr5HnAcUmKVPo1Q78170 | 104.21.96.1 | 200 OK | 7.4 kB |
URL GET offhz.vestusiab.com/klRP2XxAf25ccVHrrtWiZSRpFTH5GWfhdHEZvMwxBSNewC3lr5HnAcUmKVPo1Q78170 IP104.21.96.1:443
Requested byhttps://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP CertificateIssuerCLOUDFLARE, INC. Subjectvestusiab.com Fingerprint7E:07:E7:01:47:0D:FC:59:F6:ED:95:B6:A9:6C:11:8B:E1:31:B8:EA ValidityWed, 02 Apr 2025 21:14:26 GMT - Tue, 01 Jul 2025 21:21:44 GMT
File typeSVG Scalable Vector Graphics image Hashb59c16ca9bf156438a8a96d45e33db64 4e51b7d3477414b220f688adabd76d3ae6472ee3 a7ee799dd5b6f6dbb70b043b766362a6724e71458f9839306c995f06b218c2f8
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Tycoon Phishing Kit |
GET /klRP2XxAf25ccVHrrtWiZSRpFTH5GWfhdHEZvMwxBSNewC3lr5HnAcUmKVPo1Q78170 HTTP/1.1
Host: offhz.vestusiab.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP
Cookie: XSRF-TOKEN=eyJpdiI6ImFuZXVpMXFnSWJqK3FDZ0U4eFA4MHc9PSIsInZhbHVlIjoiV1c3Z29jN0hlMlRna1dIbDlsa3JQWlh3OURHK2JBTThzUWNlajFza1Y4NmNXWkY0bEZxQ0hVVW15K2ZrZStURnJlblU2UCszTDBQVzUvUUliTUVqQy9yUC8xeWM2bGp3L1hHVHcyV2dGVFlaUWFtMDM0OGs5NWZ2VGw5WERMeGEiLCJtYWMiOiIwODhhMjU0YTgxNjY1NWI3M2IwNTgyMDczZGQzNmYwNTY3MmZmOTlhNWVkYTdlYzUxNDZjMzQ4NmUxNWRhNTNkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlV4dHFFdEZHRFZBQWRFc2NXaENodVE9PSIsInZhbHVlIjoiTnhQSFBOTHpjbHBIOTY4S2FtOGVCWHhWbjNWeEpyWXNHakMyOE0xSzBlN3lSa3R6ZTdBVjNnVytJZlRDcjJpMENWQ0o2TEVYU0NUd3g4aFZ4ZThDUnR0RUhqSlllT01Ob3FEQ1NwQXpLVTlxcXc3VnpSOXovK1I1NmQxM3BKUDEiLCJtYWMiOiI4NzFkM2U2MDRmZGEyY2Q2OWZjZjRlNmU0MjlhMDA2YmYwNjNiYzEzMzY0NzdjMWY2NTRkMzUyMjAyM2U2Y2U0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 06 May 2025 21:16:00 GMT
content-type: image/svg+xml
cf-ray: 93bb7ef80839712f-OSL
server: cloudflare
content-disposition: inline; filename="klRP2XxAf25ccVHrrtWiZSRpFTH5GWfhdHEZvMwxBSNewC3lr5HnAcUmKVPo1Q78170"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kw%2BxR4MxPT%2BmATiQjewHfWmRldGaGsAm1C6jF63zJ8I7G81LIxCWDXXLmZeRUmU8R79%2BT5RCTQiOWos4qRFT6AyjT%2FcDshPCty2rzPvFKAvUuJh8zdC40ILdcmS7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=320&min_rtt=315&rtt_var=122&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2825&recv_bytes=2220&delivery_rate=12838095&cwnd=252&unsent_bytes=0&cid=72b5cdd6f6e5da1c&ts=156&x=0", cfL4;desc="?proto=QUIC&rtt=1273&min_rtt=595&rtt_var=339&sent=1227&recv=429&lost=0&retrans=0&sent_bytes=1111655&recv_bytes=45977&delivery_rate=17934822&cwnd=67200&unsent_bytes=0&cid=eee6443af1f9f3b0&ts=11986&x=16"
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| developers.cloudflare.com/favicon.png | 104.16.2.189 | 200 OK | 937 B |
URL GET developers.cloudflare.com/favicon.png IP104.16.2.189:443
Requested byhttps://offhz.vestusiab.com/iZth3V2uyphCyUg!h/*c21vcmdhbkBzbHVycG1haWwubmV0 CertificateIssuerGoogle Trust Services Subjectdevelopers.cloudflare.com Fingerprint40:EB:B1:34:10:10:4D:1A:39:4E:1C:9D:94:F9:3A:A8:D7:1B:D9:43 ValidityFri, 14 Mar 2025 21:43:15 GMT - Thu, 12 Jun 2025 22:43:11 GMT
File typePNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced Hashfc3b7bbe7970f47579127561139060e2 3f7c5783fe1f4404cb16304a5a274778ea3abd25 85e6223afdbd5badf2c79bcfbaa6fe686acaa781eca52c196647ffabb3be2ffe
GET /favicon.png HTTP/1.1
Host: developers.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://offhz.vestusiab.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 06 May 2025 21:15:49 GMT
content-type: image/png
content-length: 937
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-cache-status: HIT
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "6be7ff94b6151f8cfbf08b53a17e2ac1"
cf-ray: 93bb7ec14f8356c1-OSL
vary: Accept-Encoding
set-cookie: __cf_bm=KAhiouHFGdAy_GG8cv7NDk_MRdIjk2ihHSR3.0Tlr74-1746566149-1.0.1.1-MKDUG5KxQzMVeRI9lvCRz8NGNBH9VWD9eZAm4_aoB2iHORK4TzjLVGvoQOX760ZFH4rVN.xcKNPv6u.7A5Mv9QTTFHYdY5vbUpormIG5574; HttpOnly; SameSite=None; Secure; Path=/; Domain=developers.cloudflare.com; Expires=Tue, 06 May 2025 21:45:49 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| challenges.cloudflare.com/turnstile/v0/b/701fd2559006/api.js | 104.18.94.41 | 200 OK | 48 kB |
URL GET challenges.cloudflare.com/turnstile/v0/b/701fd2559006/api.js IP104.18.94.41:443
Requested byhttps://offhz.vestusiab.com/iZth3V2uyphCyUg!h/*c21vcmdhbkBzbHVycG1haWwubmV0 CertificateIssuerGoogle Trust Services Subjectchallenges.cloudflare.com Fingerprint66:48:DF:B4:8B:9D:6A:8C:3A:B7:0F:CF:92:C7:AF:56:B9:3D:A2:1C ValidityTue, 29 Apr 2025 17:49:00 GMT - Mon, 28 Jul 2025 18:48:58 GMT
File typeJavaScript source, ASCII text, with very long lines (48199) Hash836e5c0174a12217e501c67b80a15c72 b938c4182594f1caac154d8d10a463df7cbc5b81 caa976b62fb6b8808a12c08ee3434d1b41d614d404674fd4a3fd7c0528c923f4
GET /turnstile/v0/b/701fd2559006/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://offhz.vestusiab.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 06 May 2025 21:15:49 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Mon, 05 May 2025 16:10:46 GMT
cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
priority: u=2,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 93bb7ec03acf56a3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| offhz.vestusiab.com/iZth3V2uyphCyUg!h/*c21vcmdhbkBzbHVycG1haWwubmV0 | 104.21.96.1 | 200 OK | 15 kB |
URL User Request GET offhz.vestusiab.com/iZth3V2uyphCyUg!h/*c21vcmdhbkBzbHVycG1haWwubmV0 IP104.21.96.1:443
CertificateIssuerCLOUDFLARE, INC. Subjectvestusiab.com Fingerprint7E:07:E7:01:47:0D:FC:59:F6:ED:95:B6:A9:6C:11:8B:E1:31:B8:EA ValidityWed, 02 Apr 2025 21:14:26 GMT - Tue, 01 Jul 2025 21:21:44 GMT
File typeHTML document, ASCII text, with very long lines (9453), with CRLF line terminators Hashe366975572bf17f13a09d800910a81d2 a090e88fdb4125223dfc0fe702a0ae505c98f136 7213e5f1babfa264386789f8c0c027aed659cf1f3297b655f08c42375bfa2422
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - Anti-debugging code | | urlquery | phishing | Phishing - Tycoon Phishing Kit |
GET /iZth3V2uyphCyUg!h/*c21vcmdhbkBzbHVycG1haWwubmV0 HTTP/1.1
Host: offhz.vestusiab.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImNucnNUZXc3WEdhYjczKzRBZzVTY1E9PSIsInZhbHVlIjoiaE0zckNscUx5dnJnc2RSQi9saFgxWDh6Q3NVZDcrRUg1MjV4S3ZXRjFCdzAxb1Y5NUZOUDllMUxYM1VvZXBuN1g3NUhDbDdaWnhCYUtGT21NbXFlTXJGRG54VGxlSHZzcUFXZENaTXpvb1JPZ1lPZm9ISStMclVpRVYxak12dGYiLCJtYWMiOiI3ZmExMTc3MzhlYzE5OThjYzRmN2I4NDAyZDA5OGIxYmQ5ZmFmNmQ0NzE2OGFmNzRmN2ViMGM4ZjE5YTg5MWJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ikl4RkI2d0RRSDVZSldta0J1bXc4QUE9PSIsInZhbHVlIjoiNndVV21yUDg5YmFDMVlrc2hMalpxdVY2VThqZ3hFblVzVnlDTUVQek0yMUhab2F3b0VYK2pKLzY0dVhsVWtkdktDZWpmVDNkd2J6Q0xkT3dEL1FZTUtoUnVuK3pRWlF0NWU1NFVMa0Z5YmtwcXFkL3NWYWRPcklIMUV3dnAxRDEiLCJtYWMiOiIyOTkxMTEwZDI1ZWQ3MGQ0NjRkOTgwNWEwMGYzMTkyNzdiNzExOGVhZWM4MzYyYmM4MTg0NmY0YjZjNjI5NDg0IiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 06 May 2025 21:15:54 GMT
content-type: text/html; charset=UTF-8
cf-ray: 93bb7edfdf46712f-OSL
server: cloudflare
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ykTxsQX3DiFKVOsT2iC1LypY8dKHP7CXPHYg0C9n9Sr0Ia%2BymA%2BKT36SEJGBcl7LWQ3%2F7MfXzSeGtsOA08WG4Blp%2BCmjbdseebRoa%2BToqlNCiq0pkNjlomz0ny8%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=377&min_rtt=355&rtt_var=140&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2827&recv_bytes=2182&delivery_rate=8791304&cwnd=252&unsent_bytes=0&cid=37419933769f9cdf&ts=177&x=0", cfL4;desc="?proto=QUIC&rtt=1755&min_rtt=595&rtt_var=976&sent=232&recv=305&lost=0&retrans=0&sent_bytes=17431&recv_bytes=19147&delivery_rate=3559&cwnd=12000&unsent_bytes=0&cid=eee6443af1f9f3b0&ts=5537&x=16"
set-cookie: XSRF-TOKEN=eyJpdiI6Im5uaFVRb09PRi9Od3AvaEtXWmpLSWc9PSIsInZhbHVlIjoiNUVZMFNxcWxlanBhS1JES3Npa0xjWVJ4bkN6ZUo3ZHFyalkrdFVtV2RLWkxtUXY0aW5sa2k0K0JTV3F6TVppd3ZlNWk5dFFYNmlPOFQ3REg2bjFBdGt1R3RZYXlRY2NWTVVHa0RsTzFObG1EVmM2T3hvdFgxU242RmtBY1Z6cmUiLCJtYWMiOiJhNmYwNzBhZmJkNzNlNThhOTYyZGVjYzEzMzc4YjY3YTI5YzlhN2ZhM2I0ZjYxNzQ1ZmY3MjlkZDE5MDY2ODM5IiwidGFnIjoiIn0%3D; expires=Tue, 06-May-2025 23:15:54 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IjBLN245MG9LQzJaYUxkSVNsOCtYSXc9PSIsInZhbHVlIjoibnoybXNVUHhOdVVPZzFhN2NmaFovNUtXMlZwQVZ6ZDhaa1lWYTF6NTl3N2Ezbm8rMTMxcTdBRUNwMHlML0ZYYmJSZ2ovbjIreUVRclFKQWUrWkVKdkVSMDBwU1lhVE1yTHFHbFNEQS9jU1BwYUpENGVKcVVMTVdXQ0VvMWM2ZloiLCJtYWMiOiI1YThjOGExZTdjODgzMzZmNzNiMWE5ZTNkY2NhZDFiNmU5NmY0NzFjOTMwN2U2YWJkNmZiZjU3MmQ5NTUzYWFhIiwidGFnIjoiIn0%3D; expires=Tue, 06-May-2025 23:15:54 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| code.jquery.com/jquery-3.6.0.min.js |  151.101.194.137 | 200 OK | 90 kB |
URL GET code.jquery.com/jquery-3.6.0.min.js IP151.101.194.137:443
Requested byhttps://offhz.vestusiab.com/iZth3V2uyphCyUg!h/*c21vcmdhbkBzbHVycG1haWwubmV0 CertificateIssuerSectigo Limited Subject*.jquery.com FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5 ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65447) Hash8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://offhz.vestusiab.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 06 May 2025 21:15:54 GMT
age: 2966841
x-served-by: cache-lga21931-LGA, cache-hel1410023-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 433793
x-timer: S1746566155.581142,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2
|
|
| offhz.vestusiab.com/favicon.ico | 0.0.0.0 | | 0 B |
URL GET offhz.vestusiab.com/favicon.ico IP0.0.0.0:0
Requested byhttps://offhz.vestusiab.com/iZth3V2uyphCyUg!h/*c21vcmdhbkBzbHVycG1haWwubmV0 CertificateIssuerCLOUDFLARE, INC. Subjectvestusiab.com Fingerprint7E:07:E7:01:47:0D:FC:59:F6:ED:95:B6:A9:6C:11:8B:E1:31:B8:EA ValidityWed, 02 Apr 2025 21:14:26 GMT - Tue, 01 Jul 2025 21:21:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Tycoon Phishing Kit |
GET /favicon.ico HTTP/1.1
Host: offhz.vestusiab.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://offhz.vestusiab.com/iZth3V2uyphCyUg!h/*c21vcmdhbkBzbHVycG1haWwubmV0
Cookie: XSRF-TOKEN=eyJpdiI6Im5uaFVRb09PRi9Od3AvaEtXWmpLSWc9PSIsInZhbHVlIjoiNUVZMFNxcWxlanBhS1JES3Npa0xjWVJ4bkN6ZUo3ZHFyalkrdFVtV2RLWkxtUXY0aW5sa2k0K0JTV3F6TVppd3ZlNWk5dFFYNmlPOFQ3REg2bjFBdGt1R3RZYXlRY2NWTVVHa0RsTzFObG1EVmM2T3hvdFgxU242RmtBY1Z6cmUiLCJtYWMiOiJhNmYwNzBhZmJkNzNlNThhOTYyZGVjYzEzMzc4YjY3YTI5YzlhN2ZhM2I0ZjYxNzQ1ZmY3MjlkZDE5MDY2ODM5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjBLN245MG9LQzJaYUxkSVNsOCtYSXc9PSIsInZhbHVlIjoibnoybXNVUHhOdVVPZzFhN2NmaFovNUtXMlZwQVZ6ZDhaa1lWYTF6NTl3N2Ezbm8rMTMxcTdBRUNwMHlML0ZYYmJSZ2ovbjIreUVRclFKQWUrWkVKdkVSMDBwU1lhVE1yTHFHbFNEQS9jU1BwYUpENGVKcVVMTVdXQ0VvMWM2ZloiLCJtYWMiOiI1YThjOGExZTdjODgzMzZmNzNiMWE5ZTNkY2NhZDFiNmU5NmY0NzFjOTMwN2U2YWJkNmZiZjU3MmQ5NTUzYWFhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
|
|
| cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js | 104.17.24.14 | 200 OK | 48 kB |
URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js IP104.17.24.14:443
Requested byhttps://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP CertificateIssuerGoogle Trust Services Subjectcdnjs.cloudflare.com Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT
File typeJavaScript source, ASCII text, with very long lines (48316), with no line terminators Hash2ca03ad87885ab983541092b87adb299 1a17f60bf776a8c468a185c1e8e985c41a50dc27 8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://offhz.vestusiab.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 06 May 2025 21:15:55 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
server: cloudflare
strict-transport-security: max-age=15780000
cf-ray: 93bb7ee8080d569a-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 302902
expires: Sun, 26 Apr 2026 21:15:55 GMT
accept-ranges: bytes
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5fbo3XfTjZrsnHj5acvQsxKHE4dkNA5FNUVvypIQsFwO5TawlW8eIIofMktOiIBkOoLBmIye0a49ux8ui8cx%2FJwnqIcrFhSlb2GEZV%2FwzRscOWt5M0iYV9KLpyhh%2B4FpILRE%2FB%2Bt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| offhz.vestusiab.com/34XPlG1QQCXkWOTabEJUoUT6717 | 104.21.96.1 | 200 OK | 28 kB |
URL GET offhz.vestusiab.com/34XPlG1QQCXkWOTabEJUoUT6717 IP104.21.96.1:443
Requested byhttps://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP CertificateIssuerCLOUDFLARE, INC. Subjectvestusiab.com Fingerprint7E:07:E7:01:47:0D:FC:59:F6:ED:95:B6:A9:6C:11:8B:E1:31:B8:EA ValidityWed, 02 Apr 2025 21:14:26 GMT - Tue, 01 Jul 2025 21:21:44 GMT
File typeASCII text, with very long lines (28186), with no line terminators Hasha1606fe4c64f4a7649b295a56b8d4b47 ffea9bddd62c0ddfe5f3c314f885da0bc2cf8a1e 8734d2dcfa9c93df3e755660ba1c6bb54ed5fb2a7bfac1b0410d017f11129746
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Tycoon Phishing Kit |
GET /34XPlG1QQCXkWOTabEJUoUT6717 HTTP/1.1
Host: offhz.vestusiab.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP
Cookie: XSRF-TOKEN=eyJpdiI6ImFuZXVpMXFnSWJqK3FDZ0U4eFA4MHc9PSIsInZhbHVlIjoiV1c3Z29jN0hlMlRna1dIbDlsa3JQWlh3OURHK2JBTThzUWNlajFza1Y4NmNXWkY0bEZxQ0hVVW15K2ZrZStURnJlblU2UCszTDBQVzUvUUliTUVqQy9yUC8xeWM2bGp3L1hHVHcyV2dGVFlaUWFtMDM0OGs5NWZ2VGw5WERMeGEiLCJtYWMiOiIwODhhMjU0YTgxNjY1NWI3M2IwNTgyMDczZGQzNmYwNTY3MmZmOTlhNWVkYTdlYzUxNDZjMzQ4NmUxNWRhNTNkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlV4dHFFdEZHRFZBQWRFc2NXaENodVE9PSIsInZhbHVlIjoiTnhQSFBOTHpjbHBIOTY4S2FtOGVCWHhWbjNWeEpyWXNHakMyOE0xSzBlN3lSa3R6ZTdBVjNnVytJZlRDcjJpMENWQ0o2TEVYU0NUd3g4aFZ4ZThDUnR0RUhqSlllT01Ob3FEQ1NwQXpLVTlxcXc3VnpSOXovK1I1NmQxM3BKUDEiLCJtYWMiOiI4NzFkM2U2MDRmZGEyY2Q2OWZjZjRlNmU0MjlhMDA2YmYwNjNiYzEzMzY0NzdjMWY2NTRkMzUyMjAyM2U2Y2U0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 06 May 2025 21:15:58 GMT
content-type: text/css;charset=UTF-8
cf-ray: 93bb7ef8082f712f-OSL
server: cloudflare
content-disposition: inline; filename="34XPlG1QQCXkWOTabEJUoUT6717"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G%2Bf14KIT7NJI9X5JkUvoYBJ7HLIn4pyQ1gbptFgreXJmRQXe%2B313Wg9Y%2BBZauCNHM2hPeX9Fn%2BMCcJQpe1S%2FfeRc5lxp%2FLNQYnnvC7aOhx77WB0hKUwUpEZlCexE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=369&min_rtt=358&rtt_var=122&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2173&delivery_rate=9275229&cwnd=252&unsent_bytes=0&cid=656c2bffb03b4bae&ts=162&x=0", cfL4;desc="?proto=QUIC&rtt=1023&min_rtt=595&rtt_var=216&sent=824&recv=390&lost=0&retrans=0&sent_bytes=664256&recv_bytes=43195&delivery_rate=27389388&cwnd=45600&unsent_bytes=0&cid=eee6443af1f9f3b0&ts=9393&x=16"
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| offhz.vestusiab.com/efBt0VymAcBJQVBLH1pZMUxmqkljKeA4L1A6WcaxP90150 | 104.21.96.1 | 200 OK | 270 B |
URL GET offhz.vestusiab.com/efBt0VymAcBJQVBLH1pZMUxmqkljKeA4L1A6WcaxP90150 IP104.21.96.1:443
Requested byhttps://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP CertificateIssuerCLOUDFLARE, INC. Subjectvestusiab.com Fingerprint7E:07:E7:01:47:0D:FC:59:F6:ED:95:B6:A9:6C:11:8B:E1:31:B8:EA ValidityWed, 02 Apr 2025 21:14:26 GMT - Tue, 01 Jul 2025 21:21:44 GMT
File typeSVG Scalable Vector Graphics image Hash40eb39126300b56bf66c20ee75b54093 83678d94097257eb474713dec49e8094f49d2e2a 765709425a5b9209e875dccf2217d3161429d2d48159fc1df7b253b77c1574f4
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Tycoon Phishing Kit |
GET /efBt0VymAcBJQVBLH1pZMUxmqkljKeA4L1A6WcaxP90150 HTTP/1.1
Host: offhz.vestusiab.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP
Cookie: XSRF-TOKEN=eyJpdiI6ImFuZXVpMXFnSWJqK3FDZ0U4eFA4MHc9PSIsInZhbHVlIjoiV1c3Z29jN0hlMlRna1dIbDlsa3JQWlh3OURHK2JBTThzUWNlajFza1Y4NmNXWkY0bEZxQ0hVVW15K2ZrZStURnJlblU2UCszTDBQVzUvUUliTUVqQy9yUC8xeWM2bGp3L1hHVHcyV2dGVFlaUWFtMDM0OGs5NWZ2VGw5WERMeGEiLCJtYWMiOiIwODhhMjU0YTgxNjY1NWI3M2IwNTgyMDczZGQzNmYwNTY3MmZmOTlhNWVkYTdlYzUxNDZjMzQ4NmUxNWRhNTNkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlV4dHFFdEZHRFZBQWRFc2NXaENodVE9PSIsInZhbHVlIjoiTnhQSFBOTHpjbHBIOTY4S2FtOGVCWHhWbjNWeEpyWXNHakMyOE0xSzBlN3lSa3R6ZTdBVjNnVytJZlRDcjJpMENWQ0o2TEVYU0NUd3g4aFZ4ZThDUnR0RUhqSlllT01Ob3FEQ1NwQXpLVTlxcXc3VnpSOXovK1I1NmQxM3BKUDEiLCJtYWMiOiI4NzFkM2U2MDRmZGEyY2Q2OWZjZjRlNmU0MjlhMDA2YmYwNjNiYzEzMzY0NzdjMWY2NTRkMzUyMjAyM2U2Y2U0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 06 May 2025 21:16:01 GMT
content-type: image/svg+xml
cf-ray: 93bb7ef80838712f-OSL
server: cloudflare
content-disposition: inline; filename="efBt0VymAcBJQVBLH1pZMUxmqkljKeA4L1A6WcaxP90150"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VX9m403qkWc6div0SXuFcqZWFl%2F%2F%2Bd6cdi3kzPNXGNM5AayxyNjrUCJjiuAIgekIl74wibK2rTK3ubWNv6uRrclfGwlBtV1uY5p42TNI9mZjJn5OuVfKASKe8VK5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=16173&min_rtt=16152&rtt_var=6099&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2199&delivery_rate=247748&cwnd=244&unsent_bytes=0&cid=b685b8010ab83d25&ts=188&x=0", cfL4;desc="?proto=QUIC&rtt=1245&min_rtt=595&rtt_var=310&sent=1231&recv=430&lost=0&retrans=0&sent_bytes=1114929&recv_bytes=46023&delivery_rate=2127655&cwnd=67200&unsent_bytes=0&cid=eee6443af1f9f3b0&ts=12032&x=16"
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| offhz.vestusiab.com/iZth3V2uyphCyUg!h/*c21vcmdhbkBzbHVycG1haWwubmV0 | 104.21.96.1 | 200 OK | 25 kB |
URL User Request GET offhz.vestusiab.com/iZth3V2uyphCyUg!h/*c21vcmdhbkBzbHVycG1haWwubmV0 IP104.21.96.1:443
CertificateIssuerCLOUDFLARE, INC. Subjectvestusiab.com Fingerprint7E:07:E7:01:47:0D:FC:59:F6:ED:95:B6:A9:6C:11:8B:E1:31:B8:EA ValidityWed, 02 Apr 2025 21:14:26 GMT - Tue, 01 Jul 2025 21:21:44 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (5491) Hashdd62ecdb5b8d7b573f882c065328e225 77479b88c603ef10a98b86475ccde6c4ec0e82b6 bb28002a37fb4f20f16919a9ee54b639c09f75626a6dd832e9853653cf675c11
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - Anti-debugging code | | urlquery | phishing | Phishing - Tycoon Phishing Kit |
GET /iZth3V2uyphCyUg!h/*c21vcmdhbkBzbHVycG1haWwubmV0 HTTP/1.1
Host: offhz.vestusiab.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 06 May 2025 21:15:48 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=meNiiFD0409Yol42B51a3PsxxSv%2FD6BIs7M31UV%2FIggSBRvJIz8ComDR4iqadayhsREQuNz4hqDwCd0acJZ1VeTyWdHVP8ch4bjXmpfVoSQScghf3G2LaSy4SMCY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=351&min_rtt=337&rtt_var=122&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2826&recv_bytes=1431&delivery_rate=9628571&cwnd=252&unsent_bytes=0&cid=59c78227964d3c8f&ts=187&x=0"
content-encoding: br
set-cookie: XSRF-TOKEN=eyJpdiI6IjZkL0J0VEVPRnJHTUFZekdSQmM3emc9PSIsInZhbHVlIjoicXVCclVQS29YeTNkOGRpTjJvakZsZ25iRHF1Snpnbk0wU0FkTG91bjRoOU45a09veUhDa0s0MWZRU242aS8yS2pzMXJTT1Bjc0pvZnByemtZN2dRdFJVOFUzWHJoelF2cmdXcmUraEpNaXFnc3BEZmtpa1hUdVpscFdhSG9Ga2MiLCJtYWMiOiIxN2Q3MjZlYjNjODVlOTA4NGFmZGQzZWEwMmZkOTM0OTJlZWZiMWNkNTcwOTIxNTk4YWMxNWU1OWFkNmVhYWNhIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 06 May 2025 23:15:48 GMT
laravel_session=eyJpdiI6IjV3RVpwQ2FMNitoY05XZDFJanovQnc9PSIsInZhbHVlIjoiYTl6RjNTQ3c0UkdzQkdpN0F4QWpTNlRnTjE3ZjlsVjlmNGFVbmg3bEROOStTa240dEhyQ00vZXBBQ1NaeDhzQ3E2TmgzQXZpbk0zU1dYaHg1UmV4QllJK1hSb2h5YkZnZndSdWwzdG1PRWNCN25jWWo0cGp4MzJpNkUrQlB5TXkiLCJtYWMiOiI0ZDVmODg3ZGI3MzQ0ZmZjMTE3YzE1MDQ1ODk5Y2JkN2ZmNTRjMjE0MzU0ZjFmN2RmMzdmZTNiYmViYmI5ZjhhIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 06 May 2025 23:15:48 GMT
cf-ray: 93bb7ebb8990712d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css | 3.167.2.112 | 200 OK | 223 kB |
URL GET ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css IP3.167.2.112:443
Requested byhttps://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP CertificateIssuerDigiCert Inc Subject*.oktacdn.com Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5 ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT
File typeASCII text, with very long lines (51734) Size223 kB (222931 bytes) Hash0329c939fca7c78756b94fbcd95e322b 7b5499b46660a0348cc2b22cae927dcc3fda8b20 0e47f4d2af98bfe77921113c8aaf0c53614f88ff14ff819be6612538611ed3d1
GET /assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://offhz.vestusiab.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css
server: nginx
last-modified: Tue, 14 May 2024 21:48:24 GMT
x-amz-meta-sha1sum: 7b5499b46660a0348cc2b22cae927dcc3fda8b20
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
date: Fri, 02 May 2025 05:06:15 GMT
expires: Sat, 02 May 2026 05:06:15 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: W/"0329c939fca7c78756b94fbcd95e322b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 edea1d4f37b8855878682c02540138fe.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P2
x-amz-cf-id: eGlCn3Yrb7IrGLdUHGqZBQ_joHjFO76_WtbPWHBZKbgk9Zug_uCjXA==
age: 403783
X-Firefox-Spdy: h2
|
|
| offhz.vestusiab.com/qrmGHwDKLYFDuiNDJjjTL73bYiXkAkMwPJ9YHozyY412hCOmKkz7zzojVKm7ZOb0D3YRjgx1vbuvhcd240 | 104.21.96.1 | 200 OK | 9.6 kB |
URL GET offhz.vestusiab.com/qrmGHwDKLYFDuiNDJjjTL73bYiXkAkMwPJ9YHozyY412hCOmKkz7zzojVKm7ZOb0D3YRjgx1vbuvhcd240 IP104.21.96.1:443
Requested byhttps://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP CertificateIssuerCLOUDFLARE, INC. Subjectvestusiab.com Fingerprint7E:07:E7:01:47:0D:FC:59:F6:ED:95:B6:A9:6C:11:8B:E1:31:B8:EA ValidityWed, 02 Apr 2025 21:14:26 GMT - Tue, 01 Jul 2025 21:21:44 GMT
File typeRIFF (little-endian) data, Web/P image Hash4946eb373b18d178c93d473489673bb6 16477acb73b63ca251d37401249e7e4515febd24 666bc574c9f3fb28a8ac626fa8105c187c2a313736494a06bd5a937473673c92
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Tycoon Phishing Kit |
GET /qrmGHwDKLYFDuiNDJjjTL73bYiXkAkMwPJ9YHozyY412hCOmKkz7zzojVKm7ZOb0D3YRjgx1vbuvhcd240 HTTP/1.1
Host: offhz.vestusiab.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP
Cookie: XSRF-TOKEN=eyJpdiI6ImFuZXVpMXFnSWJqK3FDZ0U4eFA4MHc9PSIsInZhbHVlIjoiV1c3Z29jN0hlMlRna1dIbDlsa3JQWlh3OURHK2JBTThzUWNlajFza1Y4NmNXWkY0bEZxQ0hVVW15K2ZrZStURnJlblU2UCszTDBQVzUvUUliTUVqQy9yUC8xeWM2bGp3L1hHVHcyV2dGVFlaUWFtMDM0OGs5NWZ2VGw5WERMeGEiLCJtYWMiOiIwODhhMjU0YTgxNjY1NWI3M2IwNTgyMDczZGQzNmYwNTY3MmZmOTlhNWVkYTdlYzUxNDZjMzQ4NmUxNWRhNTNkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlV4dHFFdEZHRFZBQWRFc2NXaENodVE9PSIsInZhbHVlIjoiTnhQSFBOTHpjbHBIOTY4S2FtOGVCWHhWbjNWeEpyWXNHakMyOE0xSzBlN3lSa3R6ZTdBVjNnVytJZlRDcjJpMENWQ0o2TEVYU0NUd3g4aFZ4ZThDUnR0RUhqSlllT01Ob3FEQ1NwQXpLVTlxcXc3VnpSOXovK1I1NmQxM3BKUDEiLCJtYWMiOiI4NzFkM2U2MDRmZGEyY2Q2OWZjZjRlNmU0MjlhMDA2YmYwNjNiYzEzMzY0NzdjMWY2NTRkMzUyMjAyM2U2Y2U0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 06 May 2025 21:15:59 GMT
content-type: image/webp
content-length: 9648
server: cloudflare
content-disposition: inline; filename="qrmGHwDKLYFDuiNDJjjTL73bYiXkAkMwPJ9YHozyY412hCOmKkz7zzojVKm7ZOb0D3YRjgx1vbuvhcd240"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vsleX5koHCUcE%2FGK9ucc02S4vWm%2BvnOaZT6cAzV1QGIsaTvNJQ2ncOq0MnTRnVWUHYDUmfXp0Y5J5J2jDeL1Zo8uoNTANKOHvVDsQmWJM62khpQj8ZoyxwIPiVVS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=584&min_rtt=377&rtt_var=284&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2825&recv_bytes=2235&delivery_rate=10135338&cwnd=252&unsent_bytes=0&cid=2084414426d049f7&ts=153&x=0", cfL4;desc="?proto=QUIC&rtt=1371&min_rtt=595&rtt_var=359&sent=976&recv=409&lost=0&retrans=0&sent_bytes=828962&recv_bytes=45020&delivery_rate=3501&cwnd=45600&unsent_bytes=0&cid=eee6443af1f9f3b0&ts=10903&x=16"
cf-ray: 93bb7ef80840712f-OSL
alt-svc: h3=":443"; ma=86400
|
|
| offhz.vestusiab.com/rsJjCGpj3CWOGVlmpqWP97x13ijqzfyqJL0nAATD1IpO8ywJ6UsGsyPucd192 | 104.21.96.1 | 200 OK | 268 B |
URL GET offhz.vestusiab.com/rsJjCGpj3CWOGVlmpqWP97x13ijqzfyqJL0nAATD1IpO8ywJ6UsGsyPucd192 IP104.21.96.1:443
Requested byhttps://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP CertificateIssuerCLOUDFLARE, INC. Subjectvestusiab.com Fingerprint7E:07:E7:01:47:0D:FC:59:F6:ED:95:B6:A9:6C:11:8B:E1:31:B8:EA ValidityWed, 02 Apr 2025 21:14:26 GMT - Tue, 01 Jul 2025 21:21:44 GMT
File typeSVG Scalable Vector Graphics image Hash59759b80e24a89c8cd029b14700e646d 651b1921c99e143d3c242de3faacfb9ad51dbb53 b02b5df3ecd59d6cd90c60878683477532cbfc24660028657f290bdc7bc774b5
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Tycoon Phishing Kit |
GET /rsJjCGpj3CWOGVlmpqWP97x13ijqzfyqJL0nAATD1IpO8ywJ6UsGsyPucd192 HTTP/1.1
Host: offhz.vestusiab.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP
Cookie: XSRF-TOKEN=eyJpdiI6ImFuZXVpMXFnSWJqK3FDZ0U4eFA4MHc9PSIsInZhbHVlIjoiV1c3Z29jN0hlMlRna1dIbDlsa3JQWlh3OURHK2JBTThzUWNlajFza1Y4NmNXWkY0bEZxQ0hVVW15K2ZrZStURnJlblU2UCszTDBQVzUvUUliTUVqQy9yUC8xeWM2bGp3L1hHVHcyV2dGVFlaUWFtMDM0OGs5NWZ2VGw5WERMeGEiLCJtYWMiOiIwODhhMjU0YTgxNjY1NWI3M2IwNTgyMDczZGQzNmYwNTY3MmZmOTlhNWVkYTdlYzUxNDZjMzQ4NmUxNWRhNTNkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlV4dHFFdEZHRFZBQWRFc2NXaENodVE9PSIsInZhbHVlIjoiTnhQSFBOTHpjbHBIOTY4S2FtOGVCWHhWbjNWeEpyWXNHakMyOE0xSzBlN3lSa3R6ZTdBVjNnVytJZlRDcjJpMENWQ0o2TEVYU0NUd3g4aFZ4ZThDUnR0RUhqSlllT01Ob3FEQ1NwQXpLVTlxcXc3VnpSOXovK1I1NmQxM3BKUDEiLCJtYWMiOiI4NzFkM2U2MDRmZGEyY2Q2OWZjZjRlNmU0MjlhMDA2YmYwNjNiYzEzMzY0NzdjMWY2NTRkMzUyMjAyM2U2Y2U0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 06 May 2025 21:16:01 GMT
content-type: image/svg+xml
cf-ray: 93bb7ef8083c712f-OSL
server: cloudflare
content-disposition: inline; filename="rsJjCGpj3CWOGVlmpqWP97x13ijqzfyqJL0nAATD1IpO8ywJ6UsGsyPucd192"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wotRtUDsiVFlKyJY%2FqN6qvNqudCpEOGjHIIrYSycl1z9TAUPdjAvJJtXAWdoOszSNT2AMVgeKhIgrnrBNq1Z8W9pR0RoXCF%2FJuSC9oUcDcDEM%2BEyJ8UPM4SFJnRb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=15798&min_rtt=15742&rtt_var=5944&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2827&recv_bytes=2214&delivery_rate=256892&cwnd=252&unsent_bytes=0&cid=852a08ef0cc597c0&ts=198&x=0", cfL4;desc="?proto=QUIC&rtt=1245&min_rtt=595&rtt_var=310&sent=1232&recv=430&lost=0&retrans=0&sent_bytes=1115906&recv_bytes=46023&delivery_rate=2127655&cwnd=67200&unsent_bytes=0&cid=eee6443af1f9f3b0&ts=12050&x=16"
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js | 104.17.24.14 | 200 OK | 48 kB |
URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js IP104.17.24.14:443
Requested byhttps://offhz.vestusiab.com/iZth3V2uyphCyUg!h/*c21vcmdhbkBzbHVycG1haWwubmV0 CertificateIssuerGoogle Trust Services Subjectcdnjs.cloudflare.com Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT
File typeJavaScript source, ASCII text, with very long lines (48316), with no line terminators Hash2ca03ad87885ab983541092b87adb299 1a17f60bf776a8c468a185c1e8e985c41a50dc27 8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://offhz.vestusiab.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 06 May 2025 21:15:49 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
server: cloudflare
strict-transport-security: max-age=15780000
cf-ray: 93bb7ebfccf356ae-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 302896
expires: Sun, 26 Apr 2026 21:15:49 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f3cY8SrwX7R7R3Gl1ieiBqm2xc1jUThK09RG1OLg8UvNftBfFVaGC6TytW39I9w2TbRuSBz2xcX31PuFFDt1Y6qyiqergvRzSOkfJ7W6rta8Ir3fXZSXhAXPkKE7XDecZFnK%2BnVC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| code.jquery.com/jquery-3.6.0.min.js | 151.101.194.137 | 200 OK | 90 kB |
URL GET code.jquery.com/jquery-3.6.0.min.js IP151.101.194.137:443
Requested byhttps://offhz.vestusiab.com/iZth3V2uyphCyUg!h/*c21vcmdhbkBzbHVycG1haWwubmV0 CertificateIssuerSectigo Limited Subject*.jquery.com FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5 ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65447) Hash8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://offhz.vestusiab.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 06 May 2025 21:15:49 GMT
age: 2966835
x-served-by: cache-lga21931-LGA, cache-hel1410023-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 433786
x-timer: S1746566149.119860,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2
|
|
| github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js |  140.82.121.4 | 302 Found | 10 kB |
URL GET github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js IP140.82.121.4:443
Requested byhttps://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP CertificateIssuerSectigo Limited Subjectgithub.com FingerprintE4:33:71:DD:D6:91:4A:75:B6:1F:9E:4F:74:6D:9B:F0:DD:26:FC:3A ValidityWed, 05 Feb 2025 00:00:00 GMT - Thu, 05 Feb 2026 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fent/randexp.js/releases/download/v0.4.3/randexp.min.js HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://offhz.vestusiab.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Tue, 06 May 2025 21:13:59 GMT
content-type: text/html; charset=utf-8
content-length: 0
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame,Accept-Encoding, Accept, X-Requested-With
location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250506%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250506T211359Z&X-Amz-Expires=300&X-Amz-Signature=e9b230cced4524fd3ae59bb14a4f183da4c0f8e76cd1a97ad86e7aa4067882ce&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
server: github.com
x-github-request-id: A502:13A254:289D46D:298DA47:681A7C0E
X-Firefox-Spdy: h2
|
|
| offhz.vestusiab.com/GDSherpa-bold.woff2 | 104.21.96.1 | 200 OK | 28 kB |
URL GET offhz.vestusiab.com/GDSherpa-bold.woff2 IP104.21.96.1:443
Requested byhttps://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP CertificateIssuerCLOUDFLARE, INC. Subjectvestusiab.com Fingerprint7E:07:E7:01:47:0D:FC:59:F6:ED:95:B6:A9:6C:11:8B:E1:31:B8:EA ValidityWed, 02 Apr 2025 21:14:26 GMT - Tue, 01 Jul 2025 21:21:44 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 28000, version 1.66 Hasha4bca6c95fed0d0c5cc46cf07710dcec 73b56e33b82b42921db8702a33efd0f2b2ec9794 5a51d246af54d903f67f07f2bd820ce77736f8d08c5f1602db07469d96dbf77f
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Tycoon Phishing Kit |
GET /GDSherpa-bold.woff2 HTTP/1.1
Host: offhz.vestusiab.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImFuZXVpMXFnSWJqK3FDZ0U4eFA4MHc9PSIsInZhbHVlIjoiV1c3Z29jN0hlMlRna1dIbDlsa3JQWlh3OURHK2JBTThzUWNlajFza1Y4NmNXWkY0bEZxQ0hVVW15K2ZrZStURnJlblU2UCszTDBQVzUvUUliTUVqQy9yUC8xeWM2bGp3L1hHVHcyV2dGVFlaUWFtMDM0OGs5NWZ2VGw5WERMeGEiLCJtYWMiOiIwODhhMjU0YTgxNjY1NWI3M2IwNTgyMDczZGQzNmYwNTY3MmZmOTlhNWVkYTdlYzUxNDZjMzQ4NmUxNWRhNTNkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlV4dHFFdEZHRFZBQWRFc2NXaENodVE9PSIsInZhbHVlIjoiTnhQSFBOTHpjbHBIOTY4S2FtOGVCWHhWbjNWeEpyWXNHakMyOE0xSzBlN3lSa3R6ZTdBVjNnVytJZlRDcjJpMENWQ0o2TEVYU0NUd3g4aFZ4ZThDUnR0RUhqSlllT01Ob3FEQ1NwQXpLVTlxcXc3VnpSOXovK1I1NmQxM3BKUDEiLCJtYWMiOiI4NzFkM2U2MDRmZGEyY2Q2OWZjZjRlNmU0MjlhMDA2YmYwNjNiYzEzMzY0NzdjMWY2NTRkMzUyMjAyM2U2Y2U0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 06 May 2025 21:15:58 GMT
content-type: font/woff2
content-length: 28000
server: cloudflare
content-disposition: inline; filename="GDSherpa-bold.woff2"
last-modified: Tue, 06 May 2025 21:15:58 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pHsUmHOkcBKW312HRHJ6WNuHl6IU6O5ST0keaID6z7s1eqetrbRu1p%2FGvOUjogrYWdSy0IzeLGjbjQPylwHOn03FlKgXZVDM%2B3AQS5gPUttZEz%2Bw6HCQV%2F7UkBvY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server-timing: cfL4;desc="?proto=TCP&rtt=15943&min_rtt=15925&rtt_var=4493&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2194&delivery_rate=253828&cwnd=239&unsent_bytes=0&cid=353221a796e16165&ts=455&x=0", cfL4;desc="?proto=QUIC&rtt=1334&min_rtt=595&rtt_var=261&sent=934&recv=405&lost=0&retrans=0&sent_bytes=782347&recv_bytes=43899&delivery_rate=11274604&cwnd=45600&unsent_bytes=0&cid=eee6443af1f9f3b0&ts=9927&x=16"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 93bb7ef80831712f-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 | 3.167.2.112 | 200 OK | 11 kB |
URL GET ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 IP3.167.2.112:443
Requested byhttps://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP CertificateIssuerDigiCert Inc Subject*.oktacdn.com Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5 ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT
File typePNG image data, 420 x 94, 8-bit/color RGBA, non-interlaced Hash12bdacc832185d0367ecc23fd24c86ce 4422f316eb4d8c8d160312bb695fd1d944cbff12 877ae491d9aac5c6ef82a8430f9f652ace8a0dbc7294bd112aad49bd593769d0
GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://offhz.vestusiab.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 10796
server: nginx
last-modified: Tue, 23 Feb 2021 04:20:08 GMT
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-security-policy: default-src 'none'; img-src 'self'; require-trusted-types-for 'script'; report-uri https://oktacsp.report-uri.com/r/t/csp/enforce
x-content-type-options: nosniff
accept-ranges: bytes
date: Thu, 24 Apr 2025 21:36:23 GMT
expires: Fri, 24 Apr 2026 21:36:23 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: "12bdacc832185d0367ecc23fd24c86ce"
x-cache: Hit from cloudfront
via: 1.1 edea1d4f37b8855878682c02540138fe.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P2
x-amz-cf-id: 2TjV84OR7HW6TWiX8BvzU2BlMAcE6pUO98Sv-nFW1jI8I2EArhvNQw==
age: 1035575
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js | 104.17.24.14 | 200 OK | 48 kB |
URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js IP104.17.24.14:443
Requested byhttps://offhz.vestusiab.com/iZth3V2uyphCyUg!h/*c21vcmdhbkBzbHVycG1haWwubmV0 CertificateIssuerGoogle Trust Services Subjectcdnjs.cloudflare.com Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT
File typeJavaScript source, ASCII text, with very long lines (48316), with no line terminators Hash2ca03ad87885ab983541092b87adb299 1a17f60bf776a8c468a185c1e8e985c41a50dc27 8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://offhz.vestusiab.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 06 May 2025 21:15:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
server: cloudflare
strict-transport-security: max-age=15780000
cf-ray: 93bb7ee2191c569a-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 302901
expires: Sun, 26 Apr 2026 21:15:54 GMT
accept-ranges: bytes
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FNNRjiV6oGfvIpErIaeNx4BTQjLj1o89Nv%2BJufUFQ4LUNVKO5rJmsMjfS%2BNXxoSyn1GUzZ7lTtpT6zyIEFRkNfz58iSqfUJ4Z5wDkU1aEWl77CVbAmqVCbG0c8fg%2FPaGQpEkUdT0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| offhz.vestusiab.com/mnbfbzu4su6YvZ2wBmgFppEPNFcc6nS62zijxIxUPtPymRFXTA84Kf2C0aqFHlDw4JEIuv220 | 104.21.96.1 | 200 OK | 1.9 kB |
URL GET offhz.vestusiab.com/mnbfbzu4su6YvZ2wBmgFppEPNFcc6nS62zijxIxUPtPymRFXTA84Kf2C0aqFHlDw4JEIuv220 IP104.21.96.1:443
Requested byhttps://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP CertificateIssuerCLOUDFLARE, INC. Subjectvestusiab.com Fingerprint7E:07:E7:01:47:0D:FC:59:F6:ED:95:B6:A9:6C:11:8B:E1:31:B8:EA ValidityWed, 02 Apr 2025 21:14:26 GMT - Tue, 01 Jul 2025 21:21:44 GMT
File typeSVG Scalable Vector Graphics image Hashbc3d32a696895f78c19df6c717586a5d 9191cb156a30a3ed79c44c0a16c95159e8ff689d 0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Tycoon Phishing Kit |
GET /mnbfbzu4su6YvZ2wBmgFppEPNFcc6nS62zijxIxUPtPymRFXTA84Kf2C0aqFHlDw4JEIuv220 HTTP/1.1
Host: offhz.vestusiab.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP
Cookie: XSRF-TOKEN=eyJpdiI6ImFuZXVpMXFnSWJqK3FDZ0U4eFA4MHc9PSIsInZhbHVlIjoiV1c3Z29jN0hlMlRna1dIbDlsa3JQWlh3OURHK2JBTThzUWNlajFza1Y4NmNXWkY0bEZxQ0hVVW15K2ZrZStURnJlblU2UCszTDBQVzUvUUliTUVqQy9yUC8xeWM2bGp3L1hHVHcyV2dGVFlaUWFtMDM0OGs5NWZ2VGw5WERMeGEiLCJtYWMiOiIwODhhMjU0YTgxNjY1NWI3M2IwNTgyMDczZGQzNmYwNTY3MmZmOTlhNWVkYTdlYzUxNDZjMzQ4NmUxNWRhNTNkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlV4dHFFdEZHRFZBQWRFc2NXaENodVE9PSIsInZhbHVlIjoiTnhQSFBOTHpjbHBIOTY4S2FtOGVCWHhWbjNWeEpyWXNHakMyOE0xSzBlN3lSa3R6ZTdBVjNnVytJZlRDcjJpMENWQ0o2TEVYU0NUd3g4aFZ4ZThDUnR0RUhqSlllT01Ob3FEQ1NwQXpLVTlxcXc3VnpSOXovK1I1NmQxM3BKUDEiLCJtYWMiOiI4NzFkM2U2MDRmZGEyY2Q2OWZjZjRlNmU0MjlhMDA2YmYwNjNiYzEzMzY0NzdjMWY2NTRkMzUyMjAyM2U2Y2U0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 06 May 2025 21:15:59 GMT
content-type: image/svg+xml
cf-ray: 93bb7efe4867712f-OSL
server: cloudflare
content-disposition: inline; filename="mnbfbzu4su6YvZ2wBmgFppEPNFcc6nS62zijxIxUPtPymRFXTA84Kf2C0aqFHlDw4JEIuv220"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kcCBsl1BeOeKymmRKnbXraCcdcwyqJT%2FkRGSTG8cwsehEiTyRJUZqC8bMt4DSWaSxdXlOtNSYujr5rpaB%2BviGcJa11Q%2BVHuAjAkva2BJ1Lc1mNwulaMhovw89JOi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=15555&min_rtt=15547&rtt_var=5846&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2825&recv_bytes=2226&delivery_rate=259031&cwnd=246&unsent_bytes=0&cid=95c4cb2301cdefc8&ts=186&x=0", cfL4;desc="?proto=QUIC&rtt=1411&min_rtt=595&rtt_var=371&sent=974&recv=408&lost=0&retrans=0&sent_bytes=827439&recv_bytes=44976&delivery_rate=7262536&cwnd=45600&unsent_bytes=0&cid=eee6443af1f9f3b0&ts=10445&x=16"
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| offhz.vestusiab.com/GDSherpa-regular.woff | 104.21.96.1 | 200 OK | 37 kB |
URL GET offhz.vestusiab.com/GDSherpa-regular.woff IP104.21.96.1:443
Requested byhttps://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP CertificateIssuerCLOUDFLARE, INC. Subjectvestusiab.com Fingerprint7E:07:E7:01:47:0D:FC:59:F6:ED:95:B6:A9:6C:11:8B:E1:31:B8:EA ValidityWed, 02 Apr 2025 21:14:26 GMT - Tue, 01 Jul 2025 21:21:44 GMT
File typeWeb Open Font Format, TrueType, length 36696, version 1.0 Hasha69e9ab8afdd7486ec0749c551051ff2 c34e6aa327b536fb48d1fe03577a47c7ee2231b8 fd78a1913db912221b8ead1e62fad47d1ff0a9fa6cd88d3b128a721ad91d2faf
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Tycoon Phishing Kit |
GET /GDSherpa-regular.woff HTTP/1.1
Host: offhz.vestusiab.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImFuZXVpMXFnSWJqK3FDZ0U4eFA4MHc9PSIsInZhbHVlIjoiV1c3Z29jN0hlMlRna1dIbDlsa3JQWlh3OURHK2JBTThzUWNlajFza1Y4NmNXWkY0bEZxQ0hVVW15K2ZrZStURnJlblU2UCszTDBQVzUvUUliTUVqQy9yUC8xeWM2bGp3L1hHVHcyV2dGVFlaUWFtMDM0OGs5NWZ2VGw5WERMeGEiLCJtYWMiOiIwODhhMjU0YTgxNjY1NWI3M2IwNTgyMDczZGQzNmYwNTY3MmZmOTlhNWVkYTdlYzUxNDZjMzQ4NmUxNWRhNTNkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlV4dHFFdEZHRFZBQWRFc2NXaENodVE9PSIsInZhbHVlIjoiTnhQSFBOTHpjbHBIOTY4S2FtOGVCWHhWbjNWeEpyWXNHakMyOE0xSzBlN3lSa3R6ZTdBVjNnVytJZlRDcjJpMENWQ0o2TEVYU0NUd3g4aFZ4ZThDUnR0RUhqSlllT01Ob3FEQ1NwQXpLVTlxcXc3VnpSOXovK1I1NmQxM3BKUDEiLCJtYWMiOiI4NzFkM2U2MDRmZGEyY2Q2OWZjZjRlNmU0MjlhMDA2YmYwNjNiYzEzMzY0NzdjMWY2NTRkMzUyMjAyM2U2Y2U0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 06 May 2025 21:15:58 GMT
content-type: font/woff
content-length: 36696
server: cloudflare
content-disposition: inline; filename="GDSherpa-regular.woff"
last-modified: Tue, 06 May 2025 21:15:58 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vK0rlx8LamnN4GLdrCvlIabrpGdSk3zIeX8fcYfdmJzgb%2Br%2FOiISNWRLpkh2NMILvW4vI7VuWIP1xYQRMdoq73MueUqUEHcZjc%2BAZFL0GuuGe8oMm9bE%2FHcnQ74Y"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server-timing: cfL4;desc="?proto=TCP&rtt=308&min_rtt=277&rtt_var=96&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2196&delivery_rate=12797468&cwnd=252&unsent_bytes=0&cid=c25a76be5226b46c&ts=411&x=0", cfL4;desc="?proto=QUIC&rtt=1339&min_rtt=595&rtt_var=343&sent=875&recv=402&lost=0&retrans=0&sent_bytes=713768&recv_bytes=43752&delivery_rate=5686264&cwnd=45600&unsent_bytes=0&cid=eee6443af1f9f3b0&ts=9856&x=16"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 93bb7ef80834712f-OSL
alt-svc: h3=":443"; ma=86400
|
|
| eoq4s.smjaskgdtoyq.es/bhanchod!ashi03t | 172.67.188.38 | 200 OK | 1 B |
URL GET eoq4s.smjaskgdtoyq.es/bhanchod!ashi03t IP172.67.188.38:443
Requested byhttps://offhz.vestusiab.com/iZth3V2uyphCyUg!h/*c21vcmdhbkBzbHVycG1haWwubmV0 CertificateIssuerGoogle Trust Services Subjectsmjaskgdtoyq.es FingerprintCD:D2:0D:82:B2:55:EF:DB:ED:39:B6:70:5D:5E:7F:76:42:2E:F8:F9 ValiditySat, 05 Apr 2025 23:14:21 GMT - Sat, 05 Jul 2025 00:12:58 GMT
File typevery short file (no magic) Hashcfcd208495d565ef66e7dff9f98764da b6589fc6ab0dc82cf12099d1c2d40ab994e8410c 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
GET /bhanchod!ashi03t HTTP/1.1
Host: eoq4s.smjaskgdtoyq.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://offhz.vestusiab.com/
Origin: https://offhz.vestusiab.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 06 May 2025 21:15:53 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
access-control-allow-origin: *
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=pJ72G0affAEYtSL0OtzATHoi9TVDSpCp0KDyB%2B%2FHPL0DoxByBMR2Zzi%2FPoBkTnWoy1LlNi0l2XYMkEjBNvQnRJYBbfZMd3teLxMWyt0lx0%2FVCuP3EDr72eKB66w0dOmA4c%2BjR3xZMg8%3D"}]}
content-encoding: br
cf-ray: 93bb7ed93dec5687-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| get.geojs.io/v1/ip/geo.json | 104.26.1.100 | 200 OK | 337 B |
URL GET get.geojs.io/v1/ip/geo.json IP104.26.1.100:443
Requested byhttps://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP CertificateIssuerGoogle Trust Services Subjectgeojs.io Fingerprint88:B3:65:B8:95:15:9F:37:C6:F0:8D:A3:3B:A4:29:F9:CC:31:E1:BC ValidityMon, 28 Apr 2025 06:03:21 GMT - Sun, 27 Jul 2025 07:02:58 GMT
Hashae1a1b8af1ed860a03cc04ca2f099175 daaf8952bf0e6c08fe8eee787fd78d017f1af933 0505b9333944f9191ae7952adafba3011eaee425166e6ec481ea0fecae23a993
GET /v1/ip/geo.json HTTP/1.1
Host: get.geojs.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://offhz.vestusiab.com
DNT: 1
Connection: keep-alive
Referer: https://offhz.vestusiab.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 06 May 2025 21:16:03 GMT
content-type: application/json
x-request-id: cca0f452b5e1246e5cc09d90ce0ff39e-ASH
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-origin: *
access-control-allow-methods: GET
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
geojs-backend: ash-01
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BM05oFlrg9WdUvmfar5lSDft0%2F3hxRwjgBl201nZaNK1IT1Y7qLBA5ypqsb8Cw9URwv3sdigVlTy4uWx7y3nhuKrUKEI07G2olDav0eoOTJKO78Vo5M7O2ymqrUT%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server: cloudflare
cf-ray: 93bb7f18ac12b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=593&min_rtt=506&rtt_var=244&sent=8&recv=10&lost=0&retrans=0&sent_bytes=3189&recv_bytes=1126&delivery_rate=7757142&cwnd=254&unsent_bytes=0&cid=2141329b243fe9c9&ts=140&x=0"
X-Firefox-Spdy: h2
|
|
| offhz.vestusiab.com/kfnyDT6Iylf4KwKFk9cAtk9q7aHglIKWe6hpmZjy | 104.21.96.1 | 200 OK | 287 B |
URL POST offhz.vestusiab.com/kfnyDT6Iylf4KwKFk9cAtk9q7aHglIKWe6hpmZjy IP104.21.96.1:443
Requested byhttps://offhz.vestusiab.com/iZth3V2uyphCyUg!h/*c21vcmdhbkBzbHVycG1haWwubmV0 CertificateIssuerCLOUDFLARE, INC. Subjectvestusiab.com Fingerprint7E:07:E7:01:47:0D:FC:59:F6:ED:95:B6:A9:6C:11:8B:E1:31:B8:EA ValidityWed, 02 Apr 2025 21:14:26 GMT - Tue, 01 Jul 2025 21:21:44 GMT
Hashb9001cdab8e669e4c521b87cd36462c4 d8f7da4136a4f6ed9d5e806743d05fb7e9a8075a ebc0adf71f33cad94edd267e93ff0baaa9af34d1127c5ff66f5602bd7bc62e0e
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Tycoon Phishing Kit |
POST /kfnyDT6Iylf4KwKFk9cAtk9q7aHglIKWe6hpmZjy HTTP/1.1
Host: offhz.vestusiab.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 30
Origin: https://offhz.vestusiab.com
DNT: 1
Connection: keep-alive
Referer: https://offhz.vestusiab.com/iZth3V2uyphCyUg!h/*c21vcmdhbkBzbHVycG1haWwubmV0
Cookie: XSRF-TOKEN=eyJpdiI6Im5uaFVRb09PRi9Od3AvaEtXWmpLSWc9PSIsInZhbHVlIjoiNUVZMFNxcWxlanBhS1JES3Npa0xjWVJ4bkN6ZUo3ZHFyalkrdFVtV2RLWkxtUXY0aW5sa2k0K0JTV3F6TVppd3ZlNWk5dFFYNmlPOFQ3REg2bjFBdGt1R3RZYXlRY2NWTVVHa0RsTzFObG1EVmM2T3hvdFgxU242RmtBY1Z6cmUiLCJtYWMiOiJhNmYwNzBhZmJkNzNlNThhOTYyZGVjYzEzMzc4YjY3YTI5YzlhN2ZhM2I0ZjYxNzQ1ZmY3MjlkZDE5MDY2ODM5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjBLN245MG9LQzJaYUxkSVNsOCtYSXc9PSIsInZhbHVlIjoibnoybXNVUHhOdVVPZzFhN2NmaFovNUtXMlZwQVZ6ZDhaa1lWYTF6NTl3N2Ezbm8rMTMxcTdBRUNwMHlML0ZYYmJSZ2ovbjIreUVRclFKQWUrWkVKdkVSMDBwU1lhVE1yTHFHbFNEQS9jU1BwYUpENGVKcVVMTVdXQ0VvMWM2ZloiLCJtYWMiOiI1YThjOGExZTdjODgzMzZmNzNiMWE5ZTNkY2NhZDFiNmU5NmY0NzFjOTMwN2U2YWJkNmZiZjU3MmQ5NTUzYWFhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 06 May 2025 21:15:54 GMT
content-type: text/html; charset=UTF-8
cf-ray: 93bb7ee2bf65712f-OSL
server: cloudflare
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FvJul1kpnQ2%2BdUvsZV4pDkTmSDQ7smR41xmqbreAj9tWDVPyd57ra5UxjDyC7kiSYMFHp%2FXIGoqTZt2PNcwoNnMhRu49lUqZSfa%2FRjQnQP8dzwc0pneqWklh7%2BU1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=345&min_rtt=290&rtt_var=120&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2319&delivery_rate=12637500&cwnd=252&unsent_bytes=0&cid=190f8a513ab40da3&ts=162&x=0", cfL4;desc="?proto=QUIC&rtt=1778&min_rtt=595&rtt_var=827&sent=244&recv=309&lost=0&retrans=0&sent_bytes=27120&recv_bytes=21163&delivery_rate=31299&cwnd=12000&unsent_bytes=0&cid=eee6443af1f9f3b0&ts=5979&x=16"
set-cookie: XSRF-TOKEN=eyJpdiI6IjA0MTJURnBQN1V4d2krWHhFaUdsU1E9PSIsInZhbHVlIjoieUxWWklLOG1XS205ZHdVbDVPanRPTVJDcE5HR3c5UEZzbUxtdXdVaE9aeHY3VWE1c0ZXb0FnSjFFRE9WU0Q2RXFOQmR6SEhockxkVlIxVERuWGFna0dzS2wwMXIwL1hrWlBpM0V3TFlXR0tDK1RnNFdMWmdhVitESEJ1a3EzbnUiLCJtYWMiOiJlNDU5OTA1MDk3ZTExMGJlNTYyZDdhMjQwNjY2NWUxMDJjMjBiNWMzMWI2OWVlZDNlNTYyYzUzZWY0MTM4NmUyIiwidGFnIjoiIn0%3D; expires=Tue, 06-May-2025 23:15:54 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IkpPL1A5cGUzemYydmorOWRkQUJ3aWc9PSIsInZhbHVlIjoiN2huVm52UzJJZWZHN3Nia3dIdUF4cEZQK1RDVXl1ZHNaTmV5WDZvOXByZVdBNUJtYnFnci8zblNvSUpHOXl5UFhjM1hDamlZemFyajI4U1UyWkxkQ0ZvWkU5V2VFNEE0ZHV6RGQ1UGl0MFBNbFQ5eW84aTVmU0JxS25memFGRi8iLCJtYWMiOiJlNDIwYWJiYjNmOWU1NWJiYTYxYTk0NjZkN2ZmNTM0NjY3ZjdkYTJiMzc2MWRjNGNiMGM5ODU5NWNiOGZmN2RjIiwidGFnIjoiIn0%3D; expires=Tue, 06-May-2025 23:15:54 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| offhz.vestusiab.com/ijWvh2OLTqcdb0EfW2kYnItPTPQGkkYHpgiwYZKAmnBHE2s47qWxPdWn1aeSn4ejBnqxP12208 | 104.21.96.1 | 200 OK | 25 kB |
URL GET offhz.vestusiab.com/ijWvh2OLTqcdb0EfW2kYnItPTPQGkkYHpgiwYZKAmnBHE2s47qWxPdWn1aeSn4ejBnqxP12208 IP104.21.96.1:443
Requested byhttps://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP CertificateIssuerCLOUDFLARE, INC. Subjectvestusiab.com Fingerprint7E:07:E7:01:47:0D:FC:59:F6:ED:95:B6:A9:6C:11:8B:E1:31:B8:EA ValidityWed, 02 Apr 2025 21:14:26 GMT - Tue, 01 Jul 2025 21:21:44 GMT
File typeRIFF (little-endian) data, Web/P image Hashf9a795e2270664a7a169c73b6d84a575 0fbb60ab27ab88c064eb347d0722c8ed4cf5e8b8 d00203b2eea6e418c31baafa949ada5349a9f9b7e99fa003aec7406822693740
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Tycoon Phishing Kit |
GET /ijWvh2OLTqcdb0EfW2kYnItPTPQGkkYHpgiwYZKAmnBHE2s47qWxPdWn1aeSn4ejBnqxP12208 HTTP/1.1
Host: offhz.vestusiab.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP
Cookie: XSRF-TOKEN=eyJpdiI6ImFuZXVpMXFnSWJqK3FDZ0U4eFA4MHc9PSIsInZhbHVlIjoiV1c3Z29jN0hlMlRna1dIbDlsa3JQWlh3OURHK2JBTThzUWNlajFza1Y4NmNXWkY0bEZxQ0hVVW15K2ZrZStURnJlblU2UCszTDBQVzUvUUliTUVqQy9yUC8xeWM2bGp3L1hHVHcyV2dGVFlaUWFtMDM0OGs5NWZ2VGw5WERMeGEiLCJtYWMiOiIwODhhMjU0YTgxNjY1NWI3M2IwNTgyMDczZGQzNmYwNTY3MmZmOTlhNWVkYTdlYzUxNDZjMzQ4NmUxNWRhNTNkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlV4dHFFdEZHRFZBQWRFc2NXaENodVE9PSIsInZhbHVlIjoiTnhQSFBOTHpjbHBIOTY4S2FtOGVCWHhWbjNWeEpyWXNHakMyOE0xSzBlN3lSa3R6ZTdBVjNnVytJZlRDcjJpMENWQ0o2TEVYU0NUd3g4aFZ4ZThDUnR0RUhqSlllT01Ob3FEQ1NwQXpLVTlxcXc3VnpSOXovK1I1NmQxM3BKUDEiLCJtYWMiOiI4NzFkM2U2MDRmZGEyY2Q2OWZjZjRlNmU0MjlhMDA2YmYwNjNiYzEzMzY0NzdjMWY2NTRkMzUyMjAyM2U2Y2U0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 06 May 2025 21:15:58 GMT
content-type: image/webp
content-length: 25216
server: cloudflare
content-disposition: inline; filename="ijWvh2OLTqcdb0EfW2kYnItPTPQGkkYHpgiwYZKAmnBHE2s47qWxPdWn1aeSn4ejBnqxP12208"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qk7WSLLoN73n%2BzgQ648X7FK9VCqwezPZXse3KevoRv1PEzBYJlahY8OTugxoDq0ztPIPjS%2BWPiTavGueEfLEl48zGx2si6vIHuTEfrIudM7mw%2BDEueSEnIBupSHb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=298&min_rtt=271&rtt_var=156&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2227&delivery_rate=8253061&cwnd=252&unsent_bytes=0&cid=66f2594f58963fbb&ts=164&x=0", cfL4;desc="?proto=QUIC&rtt=1374&min_rtt=595&rtt_var=326&sent=908&recv=403&lost=0&retrans=0&sent_bytes=752197&recv_bytes=43800&delivery_rate=9401219&cwnd=45600&unsent_bytes=0&cid=eee6443af1f9f3b0&ts=9872&x=16"
cf-ray: 93bb7ef8083d712f-OSL
alt-svc: h3=":443"; ma=86400
|
|
| offhz.vestusiab.com/zu06f0Rz7WtFdDIGrgF5FF6mX1zfq9TCxKAHW815yo | 104.21.96.1 | 200 OK | 20 B |
URL POST offhz.vestusiab.com/zu06f0Rz7WtFdDIGrgF5FF6mX1zfq9TCxKAHW815yo IP104.21.96.1:443
Requested byhttps://offhz.vestusiab.com/iZth3V2uyphCyUg!h/*c21vcmdhbkBzbHVycG1haWwubmV0 CertificateIssuerCLOUDFLARE, INC. Subjectvestusiab.com Fingerprint7E:07:E7:01:47:0D:FC:59:F6:ED:95:B6:A9:6C:11:8B:E1:31:B8:EA ValidityWed, 02 Apr 2025 21:14:26 GMT - Tue, 01 Jul 2025 21:21:44 GMT
Hash5820854f62a6eb3d38ba7ba0d1b3ea75 639df0b84fe699b4a290a713fd6b9a94bd4deb95 912d0c07da7bdb22cdae025b96da26d01523aaab7362edb28544e3949deb369d
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Tycoon Phishing Kit |
POST /zu06f0Rz7WtFdDIGrgF5FF6mX1zfq9TCxKAHW815yo HTTP/1.1
Host: offhz.vestusiab.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://offhz.vestusiab.com/iZth3V2uyphCyUg!h/*c21vcmdhbkBzbHVycG1haWwubmV0
Content-Type: multipart/form-data; boundary=---------------------------714451960298749568623887180
Content-Length: 902
Origin: https://offhz.vestusiab.com
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IjZkL0J0VEVPRnJHTUFZekdSQmM3emc9PSIsInZhbHVlIjoicXVCclVQS29YeTNkOGRpTjJvakZsZ25iRHF1Snpnbk0wU0FkTG91bjRoOU45a09veUhDa0s0MWZRU242aS8yS2pzMXJTT1Bjc0pvZnByemtZN2dRdFJVOFUzWHJoelF2cmdXcmUraEpNaXFnc3BEZmtpa1hUdVpscFdhSG9Ga2MiLCJtYWMiOiIxN2Q3MjZlYjNjODVlOTA4NGFmZGQzZWEwMmZkOTM0OTJlZWZiMWNkNTcwOTIxNTk4YWMxNWU1OWFkNmVhYWNhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjV3RVpwQ2FMNitoY05XZDFJanovQnc9PSIsInZhbHVlIjoiYTl6RjNTQ3c0UkdzQkdpN0F4QWpTNlRnTjE3ZjlsVjlmNGFVbmg3bEROOStTa240dEhyQ00vZXBBQ1NaeDhzQ3E2TmgzQXZpbk0zU1dYaHg1UmV4QllJK1hSb2h5YkZnZndSdWwzdG1PRWNCN25jWWo0cGp4MzJpNkUrQlB5TXkiLCJtYWMiOiI0ZDVmODg3ZGI3MzQ0ZmZjMTE3YzE1MDQ1ODk5Y2JkN2ZmNTRjMjE0MzU0ZjFmN2RmMzdmZTNiYmViYmI5ZjhhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 06 May 2025 21:15:54 GMT
content-type: application/json
cf-ray: 93bb7edd0f33712f-OSL
server: cloudflare
cache-control: no-cache, private
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K789BLINrVOT4n6UxiGUwbG0RmEfKxNNAYqqZZEHeVj2IZg8zBnuwGiS%2B7gY9xa4UfHE9QzZAv0Mqmp%2FsLVhRosmb%2Bq%2BhWRjPypMBmPBbzQLxE%2BZWQhZTePFRGP1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=325&min_rtt=316&rtt_var=137&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2826&recv_bytes=3211&delivery_rate=10290076&cwnd=252&unsent_bytes=0&cid=ece1b44f5bb8258b&ts=171&x=0", cfL4;desc="?proto=QUIC&rtt=1844&min_rtt=595&rtt_var=1062&sent=229&recv=303&lost=0&retrans=0&sent_bytes=15858&recv_bytes=18167&delivery_rate=2403&cwnd=12000&unsent_bytes=0&cid=eee6443af1f9f3b0&ts=5213&x=16"
set-cookie: XSRF-TOKEN=eyJpdiI6ImNucnNUZXc3WEdhYjczKzRBZzVTY1E9PSIsInZhbHVlIjoiaE0zckNscUx5dnJnc2RSQi9saFgxWDh6Q3NVZDcrRUg1MjV4S3ZXRjFCdzAxb1Y5NUZOUDllMUxYM1VvZXBuN1g3NUhDbDdaWnhCYUtGT21NbXFlTXJGRG54VGxlSHZzcUFXZENaTXpvb1JPZ1lPZm9ISStMclVpRVYxak12dGYiLCJtYWMiOiI3ZmExMTc3MzhlYzE5OThjYzRmN2I4NDAyZDA5OGIxYmQ5ZmFmNmQ0NzE2OGFmNzRmN2ViMGM4ZjE5YTg5MWJiIiwidGFnIjoiIn0%3D; expires=Tue, 06-May-2025 23:15:54 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6Ikl4RkI2d0RRSDVZSldta0J1bXc4QUE9PSIsInZhbHVlIjoiNndVV21yUDg5YmFDMVlrc2hMalpxdVY2VThqZ3hFblVzVnlDTUVQek0yMUhab2F3b0VYK2pKLzY0dVhsVWtkdktDZWpmVDNkd2J6Q0xkT3dEL1FZTUtoUnVuK3pRWlF0NWU1NFVMa0Z5YmtwcXFkL3NWYWRPcklIMUV3dnAxRDEiLCJtYWMiOiIyOTkxMTEwZDI1ZWQ3MGQ0NjRkOTgwNWEwMGYzMTkyNzdiNzExOGVhZWM4MzYyYmM4MTg0NmY0YjZjNjI5NDg0IiwidGFnIjoiIn0%3D; expires=Tue, 06-May-2025 23:15:54 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css | 3.167.2.112 | 200 OK | 10 kB |
URL GET ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css IP3.167.2.112:443
Requested byhttps://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP CertificateIssuerDigiCert Inc Subject*.oktacdn.com Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5 ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT
File typeASCII text, with very long lines (10450) Hashe0d37a504604ef874bad26435d62011f 4301f0d2b729ae22adece657d79eccaa25f429b1 c39ff65e2a102e644eb0bf2e31d2bad3d18f7afb25b3b9ba7a4d46263a711179
GET /assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://offhz.vestusiab.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css
server: nginx
last-modified: Thu, 14 Mar 2024 00:03:58 GMT
x-amz-meta-sha1sum: 4301f0d2b729ae22adece657d79eccaa25f429b1
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
date: Fri, 02 May 2025 02:47:50 GMT
expires: Sat, 02 May 2026 02:47:50 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: W/"e0d37a504604ef874bad26435d62011f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 edea1d4f37b8855878682c02540138fe.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P2
x-amz-cf-id: CVayaaGon8LRsI1lDuEpz44aQd66B0kxBTLfr8z-I0LQqbehuUWg6Q==
age: 412088
X-Firefox-Spdy: h2
|
|
| aadcdn.msauth.net/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif | 13.107.246.53 | 200 OK | 3.6 kB |
URL GET aadcdn.msauth.net/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif IP13.107.246.53:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP CertificateIssuerDigiCert Inc Subjectaadcdn.msauth.net Fingerprint38:05:DB:30:B5:83:1A:A0:A9:AD:24:B2:62:0F:E7:F6:60:9B:7C:00 ValidityTue, 29 Oct 2024 00:00:00 GMT - Wed, 29 Oct 2025 23:59:59 GMT
File typeGIF image data, version 89a, 352 x 3 Hashb540a8e518037192e32c4fe58bf2dbab 3047c1db97b86f6981e0ad2f96af40cdf43511af 8737d721808655f37b333f08a90185699e7e8b9bdaaa15cdb63c8448b426f95d
GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://offhz.vestusiab.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 06 May 2025 21:15:58 GMT
content-type: image/gif
content-length: 3620
cache-control: public, max-age=31536000
last-modified: Wed, 24 May 2023 10:11:48 GMT
etag: 0x8DB5C3F4904824B
x-ms-request-id: 34b6eab7-b01e-0004-6fe4-b939ee000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250506T211558Z-16c476b8794l5fn9hC1SVGhnw40000000kd000000000094s
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| offhz.vestusiab.com/qrmxFLy7wQfqTS3v4RTFMHcuHWXRlWmn6JYtTO21ynqSEr45140 | 104.21.96.1 | 200 OK | 892 B |
URL GET offhz.vestusiab.com/qrmxFLy7wQfqTS3v4RTFMHcuHWXRlWmn6JYtTO21ynqSEr45140 IP104.21.96.1:443
Requested byhttps://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP CertificateIssuerCLOUDFLARE, INC. Subjectvestusiab.com Fingerprint7E:07:E7:01:47:0D:FC:59:F6:ED:95:B6:A9:6C:11:8B:E1:31:B8:EA ValidityWed, 02 Apr 2025 21:14:26 GMT - Tue, 01 Jul 2025 21:21:44 GMT
File typeRIFF (little-endian) data, Web/P image Hash41d62ca205d54a78e4298367482b4e2b 839aae21ed8ecfc238fdc68b93ccb27431cd5393 20a4a780db0bcc047015a0d8037eb4eb58b3e5cb338673799c030a3e1b626b40
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Tycoon Phishing Kit |
GET /qrmxFLy7wQfqTS3v4RTFMHcuHWXRlWmn6JYtTO21ynqSEr45140 HTTP/1.1
Host: offhz.vestusiab.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP
Cookie: XSRF-TOKEN=eyJpdiI6ImFuZXVpMXFnSWJqK3FDZ0U4eFA4MHc9PSIsInZhbHVlIjoiV1c3Z29jN0hlMlRna1dIbDlsa3JQWlh3OURHK2JBTThzUWNlajFza1Y4NmNXWkY0bEZxQ0hVVW15K2ZrZStURnJlblU2UCszTDBQVzUvUUliTUVqQy9yUC8xeWM2bGp3L1hHVHcyV2dGVFlaUWFtMDM0OGs5NWZ2VGw5WERMeGEiLCJtYWMiOiIwODhhMjU0YTgxNjY1NWI3M2IwNTgyMDczZGQzNmYwNTY3MmZmOTlhNWVkYTdlYzUxNDZjMzQ4NmUxNWRhNTNkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlV4dHFFdEZHRFZBQWRFc2NXaENodVE9PSIsInZhbHVlIjoiTnhQSFBOTHpjbHBIOTY4S2FtOGVCWHhWbjNWeEpyWXNHakMyOE0xSzBlN3lSa3R6ZTdBVjNnVytJZlRDcjJpMENWQ0o2TEVYU0NUd3g4aFZ4ZThDUnR0RUhqSlllT01Ob3FEQ1NwQXpLVTlxcXc3VnpSOXovK1I1NmQxM3BKUDEiLCJtYWMiOiI4NzFkM2U2MDRmZGEyY2Q2OWZjZjRlNmU0MjlhMDA2YmYwNjNiYzEzMzY0NzdjMWY2NTRkMzUyMjAyM2U2Y2U0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 06 May 2025 21:15:58 GMT
content-type: image/webp
content-length: 892
server: cloudflare
content-disposition: inline; filename="qrmxFLy7wQfqTS3v4RTFMHcuHWXRlWmn6JYtTO21ynqSEr45140"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uHuvp%2BQmE5dSx1eCA7suSwtOEMMm%2B0DDgZeQ%2BtHrFYvxaAQYqmioiFZNQCpTnTcGkdA3Jv6W1mI4u3Op8z0dnSIeIrXpGADlYtGnxA1fbW7IRpwiVyXcFBuAM12w"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=269&min_rtt=262&rtt_var=87&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2825&recv_bytes=2204&delivery_rate=12716981&cwnd=252&unsent_bytes=0&cid=7103d93104bf5786&ts=166&x=0", cfL4;desc="?proto=QUIC&rtt=1063&min_rtt=595&rtt_var=242&sent=830&recv=391&lost=0&retrans=0&sent_bytes=670014&recv_bytes=43240&delivery_rate=14262&cwnd=45600&unsent_bytes=0&cid=eee6443af1f9f3b0&ts=9494&x=16"
cf-ray: 93bb7ef8083b712f-OSL
alt-svc: h3=":443"; ma=86400
|
|
| objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250506%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250506T211359Z&X-Amz-Expires=300&X-Amz-Signature=e9b230cced4524fd3ae59bb14a4f183da4c0f8e76cd1a97ad86e7aa4067882ce&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream | 185.199.110.133 | 200 OK | 10 kB |
URL GET objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250506%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250506T211359Z&X-Amz-Expires=300&X-Amz-Signature=e9b230cced4524fd3ae59bb14a4f183da4c0f8e76cd1a97ad86e7aa4067882ce&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream IP185.199.110.133:443
Requested byhttps://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP CertificateIssuerSectigo Limited Subject*.github.io Fingerprint8C:FF:59:E5:8E:C4:FA:76:FE:AF:2D:C5:C0:D4:13:6A:77:2D:F9:91 ValidityFri, 07 Mar 2025 00:00:00 GMT - Sat, 07 Mar 2026 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (10017) Hash6c20a2be8ba900bc0a7118893a2b1072 ff7766fde1f33882c6e1c481ceed6f6588ea764c b1c42acd0288c435e95e00332476781532ed002cac6f3dcee9110ced30b31500
GET /github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250506%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250506T211359Z&X-Amz-Expires=300&X-Amz-Signature=e9b230cced4524fd3ae59bb14a4f183da4c0f8e76cd1a97ad86e7aa4067882ce&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream HTTP/1.1
Host: objects.githubusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://offhz.vestusiab.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/octet-stream
last-modified: Tue, 07 Dec 2021 16:38:45 GMT
etag: "0x8D9B9A009499A1E"
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d91f6eaf-e01e-0032-2f18-13e122000000
x-ms-version: 2023-11-03
x-ms-creation-time: Tue, 17 Aug 2021 14:57:31 GMT
x-ms-blob-content-md5: bCCivoupALwKcRiJOisQcg==
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
content-disposition: attachment; filename=randexp.min.js
x-ms-server-encrypted: true
via: 1.1 varnish, 1.1 varnish
fastly-restarts: 1
accept-ranges: bytes
age: 2750
date: Tue, 06 May 2025 21:15:58 GMT
x-served-by: cache-iad-kiad7000045-IAD, cache-hel1410033-HEL
x-cache: HIT, HIT
x-cache-hits: 27167, 0
x-timer: S1746566158.374522,VS0,VE0
content-length: 10245
X-Firefox-Spdy: h2
|
|
| offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP | 104.21.96.1 | 200 OK | 1.3 MB |
URL User Request GET offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP IP104.21.96.1:443
CertificateIssuerCLOUDFLARE, INC. Subjectvestusiab.com Fingerprint7E:07:E7:01:47:0D:FC:59:F6:ED:95:B6:A9:6C:11:8B:E1:31:B8:EA ValidityWed, 02 Apr 2025 21:14:26 GMT - Tue, 01 Jul 2025 21:21:44 GMT
File typeHTML document, ASCII text, with very long lines (39801), with CRLF line terminators Size1.3 MB (1259484 bytes) Hash684b8980fc6cf3039c06bc27a6be0b28 3c2a8b7e43bdbc3eaa9b4ac530498fb917346e9c bad4bc53ca0a8b61b6edbe0fc48614fa214fa1467a5aaa59e330d86795d0ca3e
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - Anti-debugging code | | urlquery | phishing | Phishing - Tycoon Phishing Kit |
GET /abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP HTTP/1.1
Host: offhz.vestusiab.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://offhz.vestusiab.com/iZth3V2uyphCyUg!h/*c21vcmdhbkBzbHVycG1haWwubmV0
Cookie: XSRF-TOKEN=eyJpdiI6IjA0MTJURnBQN1V4d2krWHhFaUdsU1E9PSIsInZhbHVlIjoieUxWWklLOG1XS205ZHdVbDVPanRPTVJDcE5HR3c5UEZzbUxtdXdVaE9aeHY3VWE1c0ZXb0FnSjFFRE9WU0Q2RXFOQmR6SEhockxkVlIxVERuWGFna0dzS2wwMXIwL1hrWlBpM0V3TFlXR0tDK1RnNFdMWmdhVitESEJ1a3EzbnUiLCJtYWMiOiJlNDU5OTA1MDk3ZTExMGJlNTYyZDdhMjQwNjY2NWUxMDJjMjBiNWMzMWI2OWVlZDNlNTYyYzUzZWY0MTM4NmUyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkpPL1A5cGUzemYydmorOWRkQUJ3aWc9PSIsInZhbHVlIjoiN2huVm52UzJJZWZHN3Nia3dIdUF4cEZQK1RDVXl1ZHNaTmV5WDZvOXByZVdBNUJtYnFnci8zblNvSUpHOXl5UFhjM1hDamlZemFyajI4U1UyWkxkQ0ZvWkU5V2VFNEE0ZHV6RGQ1UGl0MFBNbFQ5eW84aTVmU0JxS25memFGRi8iLCJtYWMiOiJlNDIwYWJiYjNmOWU1NWJiYTYxYTk0NjZkN2ZmNTM0NjY3ZjdkYTJiMzc2MWRjNGNiMGM5ODU5NWNiOGZmN2RjIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 06 May 2025 21:15:55 GMT
content-type: text/html; charset=UTF-8
cf-ray: 93bb7ee55f8a712f-OSL
server: cloudflare
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=itY0lBv1iONcb%2B%2Bxz9jN2XQ3Ws42kEYs85GdV6RC8Qve%2Bp81cGxGvuO1JPeKWa6%2B8yZYgH2MSY5DoPSGmTONV%2B%2B9UGW42ENnQMPmeLQgFfOtpbEDtaMbWgbGQTsD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=277&min_rtt=267&rtt_var=84&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2294&delivery_rate=13849315&cwnd=252&unsent_bytes=0&cid=59534c5c1d9e7cdf&ts=255&x=0", cfL4;desc="?proto=QUIC&rtt=1598&min_rtt=595&rtt_var=800&sent=249&recv=313&lost=0&retrans=0&sent_bytes=28932&recv_bytes=22295&delivery_rate=1429&cwnd=12000&unsent_bytes=0&cid=eee6443af1f9f3b0&ts=6499&x=16"
set-cookie: XSRF-TOKEN=eyJpdiI6ImFuZXVpMXFnSWJqK3FDZ0U4eFA4MHc9PSIsInZhbHVlIjoiV1c3Z29jN0hlMlRna1dIbDlsa3JQWlh3OURHK2JBTThzUWNlajFza1Y4NmNXWkY0bEZxQ0hVVW15K2ZrZStURnJlblU2UCszTDBQVzUvUUliTUVqQy9yUC8xeWM2bGp3L1hHVHcyV2dGVFlaUWFtMDM0OGs5NWZ2VGw5WERMeGEiLCJtYWMiOiIwODhhMjU0YTgxNjY1NWI3M2IwNTgyMDczZGQzNmYwNTY3MmZmOTlhNWVkYTdlYzUxNDZjMzQ4NmUxNWRhNTNkIiwidGFnIjoiIn0%3D; expires=Tue, 06-May-2025 23:15:55 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IlV4dHFFdEZHRFZBQWRFc2NXaENodVE9PSIsInZhbHVlIjoiTnhQSFBOTHpjbHBIOTY4S2FtOGVCWHhWbjNWeEpyWXNHakMyOE0xSzBlN3lSa3R6ZTdBVjNnVytJZlRDcjJpMENWQ0o2TEVYU0NUd3g4aFZ4ZThDUnR0RUhqSlllT01Ob3FEQ1NwQXpLVTlxcXc3VnpSOXovK1I1NmQxM3BKUDEiLCJtYWMiOiI4NzFkM2U2MDRmZGEyY2Q2OWZjZjRlNmU0MjlhMDA2YmYwNjNiYzEzMzY0NzdjMWY2NTRkMzUyMjAyM2U2Y2U0IiwidGFnIjoiIn0%3D; expires=Tue, 06-May-2025 23:15:55 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| offhz.vestusiab.com/uv9AGInIXuCIHOpI7RuYkBsta7Q88ZNrqq12124 | 104.21.96.1 | 200 OK | 644 B |
URL GET offhz.vestusiab.com/uv9AGInIXuCIHOpI7RuYkBsta7Q88ZNrqq12124 IP104.21.96.1:443
Requested byhttps://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP CertificateIssuerCLOUDFLARE, INC. Subjectvestusiab.com Fingerprint7E:07:E7:01:47:0D:FC:59:F6:ED:95:B6:A9:6C:11:8B:E1:31:B8:EA ValidityWed, 02 Apr 2025 21:14:26 GMT - Tue, 01 Jul 2025 21:21:44 GMT
File typeRIFF (little-endian) data, Web/P image Hash541b83c2195088043337e4353b6fd60d f09630596b6713217984785a64f6ea83e91b49c5 2658b8874f0d2a12e8726df78ac8954324c3bbe4695e66bdef89195fde64322f
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Tycoon Phishing Kit |
GET /uv9AGInIXuCIHOpI7RuYkBsta7Q88ZNrqq12124 HTTP/1.1
Host: offhz.vestusiab.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP
Cookie: XSRF-TOKEN=eyJpdiI6ImFuZXVpMXFnSWJqK3FDZ0U4eFA4MHc9PSIsInZhbHVlIjoiV1c3Z29jN0hlMlRna1dIbDlsa3JQWlh3OURHK2JBTThzUWNlajFza1Y4NmNXWkY0bEZxQ0hVVW15K2ZrZStURnJlblU2UCszTDBQVzUvUUliTUVqQy9yUC8xeWM2bGp3L1hHVHcyV2dGVFlaUWFtMDM0OGs5NWZ2VGw5WERMeGEiLCJtYWMiOiIwODhhMjU0YTgxNjY1NWI3M2IwNTgyMDczZGQzNmYwNTY3MmZmOTlhNWVkYTdlYzUxNDZjMzQ4NmUxNWRhNTNkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlV4dHFFdEZHRFZBQWRFc2NXaENodVE9PSIsInZhbHVlIjoiTnhQSFBOTHpjbHBIOTY4S2FtOGVCWHhWbjNWeEpyWXNHakMyOE0xSzBlN3lSa3R6ZTdBVjNnVytJZlRDcjJpMENWQ0o2TEVYU0NUd3g4aFZ4ZThDUnR0RUhqSlllT01Ob3FEQ1NwQXpLVTlxcXc3VnpSOXovK1I1NmQxM3BKUDEiLCJtYWMiOiI4NzFkM2U2MDRmZGEyY2Q2OWZjZjRlNmU0MjlhMDA2YmYwNjNiYzEzMzY0NzdjMWY2NTRkMzUyMjAyM2U2Y2U0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 06 May 2025 21:15:58 GMT
content-type: image/webp
content-length: 644
server: cloudflare
content-disposition: inline; filename="uv9AGInIXuCIHOpI7RuYkBsta7Q88ZNrqq12124"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ol0tg%2FqJw%2B%2BJNXMnA5BTIswP%2BbGVVI9i8Rgt%2FFJbR9u18JQ1GhiOpKe7YECZyJtdUZ%2BC%2FNoRSe9Mw7yQN3G4EDEIsQExSwV9PkbT9mgAVaIyiizoAujGDQLaDIv%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=305&min_rtt=300&rtt_var=94&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2192&delivery_rate=12144144&cwnd=252&unsent_bytes=0&cid=6d2c66a744fcce34&ts=167&x=0", cfL4;desc="?proto=QUIC&rtt=1063&min_rtt=595&rtt_var=242&sent=828&recv=391&lost=0&retrans=0&sent_bytes=668552&recv_bytes=43240&delivery_rate=14262&cwnd=45600&unsent_bytes=0&cid=eee6443af1f9f3b0&ts=9493&x=16"
cf-ray: 93bb7ef80837712f-OSL
alt-svc: h3=":443"; ma=86400
|
|
| pzlc8ebolevtd2t93chvh0fpzco0pjgaeix6dj2pnyxfgfr1fvdjxclt2kh.tvbmys.es/6473284663501235954203zwmNBmSGDZSWGYNKETTNJYQPMUBKSAPFGFQIDOYKFLFpqdvRwS5GPgyfCXtWl3k12RAwx40 | 104.21.23.197 | 200 OK | 536 B |
URL POST pzlc8ebolevtd2t93chvh0fpzco0pjgaeix6dj2pnyxfgfr1fvdjxclt2kh.tvbmys.es/6473284663501235954203zwmNBmSGDZSWGYNKETTNJYQPMUBKSAPFGFQIDOYKFLFpqdvRwS5GPgyfCXtWl3k12RAwx40 IP104.21.23.197:443
Requested byhttps://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP CertificateIssuerGoogle Trust Services Subjecttvbmys.es Fingerprint5E:DE:BA:9F:B1:03:44:1B:FC:8D:1B:F2:2F:F5:EA:89:FF:B2:72:5C ValiditySat, 12 Apr 2025 23:13:34 GMT - Sat, 12 Jul 2025 00:12:13 GMT
File typeASCII text, with very long lines (536), with no line terminators Hashb700a2408fff4601b18b91dd7b1adf0f 294a42cbff29c06fe6bff0cc3d5d6b93f7fda3dc 23731d6f86bfade6b1fd1acf5985785e9e1cb0f155f662cf89464d7a6f2c04b6
POST /6473284663501235954203zwmNBmSGDZSWGYNKETTNJYQPMUBKSAPFGFQIDOYKFLFpqdvRwS5GPgyfCXtWl3k12RAwx40 HTTP/1.1
Host: pzlc8ebolevtd2t93chvh0fpzco0pjgaeix6dj2pnyxfgfr1fvdjxclt2kh.tvbmys.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 103
Origin: https://offhz.vestusiab.com
DNT: 1
Connection: keep-alive
Referer: https://offhz.vestusiab.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 06 May 2025 21:16:04 GMT
content-type: text/plain; charset=utf-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: Origin
access-control-allow-origin: https://offhz.vestusiab.com
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=0pE8K4TtIC40CSjg5eQhwk0ggf1iASRT4Db2UBbFStSXTGxDIpT9LrSGcBPqDSGwSbBJCxhYXoNmp7EJGL7DRZOrnBdzzWb4GisP9SGUaKmsYXMycw4Y%2BfEqz8%2FdmBWTipJEMyYXRX05cLlvzDUZfVgbp5SpTWVKdtmN5pMRmh%2FHUEt2VnsJMk6gEQS2QJYcfecrKyF0fmo%3D"}]}
content-encoding: br
cf-ray: 93bb7f1a1cc0b505-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| offhz.vestusiab.com/GDSherpa-vf.woff2 | 104.21.96.1 | 200 OK | 44 kB |
URL GET offhz.vestusiab.com/GDSherpa-vf.woff2 IP104.21.96.1:443
Requested byhttps://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP CertificateIssuerCLOUDFLARE, INC. Subjectvestusiab.com Fingerprint7E:07:E7:01:47:0D:FC:59:F6:ED:95:B6:A9:6C:11:8B:E1:31:B8:EA ValidityWed, 02 Apr 2025 21:14:26 GMT - Tue, 01 Jul 2025 21:21:44 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 43596, version 1.0 Hash2a05e9e5572abc320b2b7ea38a70dcc1 d5fa2a856d5632c2469e42436159375117ef3c35 3efcb941aaddaf4aea08dab3fb97d3e904aa1b83264e64b4d5bda53bc7c798ec
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Tycoon Phishing Kit |
GET /GDSherpa-vf.woff2 HTTP/1.1
Host: offhz.vestusiab.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImFuZXVpMXFnSWJqK3FDZ0U4eFA4MHc9PSIsInZhbHVlIjoiV1c3Z29jN0hlMlRna1dIbDlsa3JQWlh3OURHK2JBTThzUWNlajFza1Y4NmNXWkY0bEZxQ0hVVW15K2ZrZStURnJlblU2UCszTDBQVzUvUUliTUVqQy9yUC8xeWM2bGp3L1hHVHcyV2dGVFlaUWFtMDM0OGs5NWZ2VGw5WERMeGEiLCJtYWMiOiIwODhhMjU0YTgxNjY1NWI3M2IwNTgyMDczZGQzNmYwNTY3MmZmOTlhNWVkYTdlYzUxNDZjMzQ4NmUxNWRhNTNkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlV4dHFFdEZHRFZBQWRFc2NXaENodVE9PSIsInZhbHVlIjoiTnhQSFBOTHpjbHBIOTY4S2FtOGVCWHhWbjNWeEpyWXNHakMyOE0xSzBlN3lSa3R6ZTdBVjNnVytJZlRDcjJpMENWQ0o2TEVYU0NUd3g4aFZ4ZThDUnR0RUhqSlllT01Ob3FEQ1NwQXpLVTlxcXc3VnpSOXovK1I1NmQxM3BKUDEiLCJtYWMiOiI4NzFkM2U2MDRmZGEyY2Q2OWZjZjRlNmU0MjlhMDA2YmYwNjNiYzEzMzY0NzdjMWY2NTRkMzUyMjAyM2U2Y2U0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 06 May 2025 21:16:00 GMT
content-type: font/woff2
content-length: 43596
server: cloudflare
content-disposition: inline; filename="GDSherpa-vf.woff2"
last-modified: Tue, 06 May 2025 21:16:00 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uSH%2BNfeQ8sWPTE43zYbH1Jsr5rQOI3b4F3eGOlQ6W9CmHg49na%2FuWd4OwdmuEYQS49TXV7FlFSl0VYhykbXabnLmV2lq1ezbTfGgFE0CxD397MN%2FGvl0C9zg%2Fn%2BG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server-timing: cfL4;desc="?proto=TCP&rtt=15868&min_rtt=15847&rtt_var=5958&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2825&recv_bytes=2191&delivery_rate=255190&cwnd=245&unsent_bytes=0&cid=07692b10af01f531&ts=566&x=0", cfL4;desc="?proto=QUIC&rtt=1397&min_rtt=595&rtt_var=246&sent=996&recv=411&lost=0&retrans=0&sent_bytes=851492&recv_bytes=45111&delivery_rate=4807600&cwnd=45600&unsent_bytes=0&cid=eee6443af1f9f3b0&ts=11562&x=16"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 93bb7ef80835712f-OSL
alt-svc: h3=":443"; ma=86400
|
|
| code.jquery.com/jquery-3.6.0.min.js | 151.101.194.137 | 200 OK | 90 kB |
URL GET code.jquery.com/jquery-3.6.0.min.js IP151.101.194.137:443
Requested byhttps://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP CertificateIssuerSectigo Limited Subject*.jquery.com FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5 ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65447) Hash8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://offhz.vestusiab.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 06 May 2025 21:15:57 GMT
age: 2966844
x-served-by: cache-lga21931-LGA, cache-hel1410023-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 433798
x-timer: S1746566158.882691,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2
|
|
| offhz.vestusiab.com/yz7q42YD9AuzUV1I0g2zLtJUBvNOthL0foprrunV2hnarEoHBvgPb190172 | 104.21.96.1 | 200 OK | 2.9 kB |
URL GET offhz.vestusiab.com/yz7q42YD9AuzUV1I0g2zLtJUBvNOthL0foprrunV2hnarEoHBvgPb190172 IP104.21.96.1:443
Requested byhttps://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP CertificateIssuerCLOUDFLARE, INC. Subjectvestusiab.com Fingerprint7E:07:E7:01:47:0D:FC:59:F6:ED:95:B6:A9:6C:11:8B:E1:31:B8:EA ValidityWed, 02 Apr 2025 21:14:26 GMT - Tue, 01 Jul 2025 21:21:44 GMT
File typeSVG Scalable Vector Graphics image Hashfe87496cc7a44412f7893a72099c120a a0c1458c08a815df63d3cb0406d60be6607ca699 55ce3b0ce5bc71339308107982cd7671f96014256ded0be36dc8062e64c847f1
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Tycoon Phishing Kit |
GET /yz7q42YD9AuzUV1I0g2zLtJUBvNOthL0foprrunV2hnarEoHBvgPb190172 HTTP/1.1
Host: offhz.vestusiab.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP
Cookie: XSRF-TOKEN=eyJpdiI6ImFuZXVpMXFnSWJqK3FDZ0U4eFA4MHc9PSIsInZhbHVlIjoiV1c3Z29jN0hlMlRna1dIbDlsa3JQWlh3OURHK2JBTThzUWNlajFza1Y4NmNXWkY0bEZxQ0hVVW15K2ZrZStURnJlblU2UCszTDBQVzUvUUliTUVqQy9yUC8xeWM2bGp3L1hHVHcyV2dGVFlaUWFtMDM0OGs5NWZ2VGw5WERMeGEiLCJtYWMiOiIwODhhMjU0YTgxNjY1NWI3M2IwNTgyMDczZGQzNmYwNTY3MmZmOTlhNWVkYTdlYzUxNDZjMzQ4NmUxNWRhNTNkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlV4dHFFdEZHRFZBQWRFc2NXaENodVE9PSIsInZhbHVlIjoiTnhQSFBOTHpjbHBIOTY4S2FtOGVCWHhWbjNWeEpyWXNHakMyOE0xSzBlN3lSa3R6ZTdBVjNnVytJZlRDcjJpMENWQ0o2TEVYU0NUd3g4aFZ4ZThDUnR0RUhqSlllT01Ob3FEQ1NwQXpLVTlxcXc3VnpSOXovK1I1NmQxM3BKUDEiLCJtYWMiOiI4NzFkM2U2MDRmZGEyY2Q2OWZjZjRlNmU0MjlhMDA2YmYwNjNiYzEzMzY0NzdjMWY2NTRkMzUyMjAyM2U2Y2U0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 06 May 2025 21:15:58 GMT
content-type: image/svg+xml
cf-ray: 93bb7ef8083a712f-OSL
server: cloudflare
content-disposition: inline; filename="yz7q42YD9AuzUV1I0g2zLtJUBvNOthL0foprrunV2hnarEoHBvgPb190172"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bKHHF5UlXm7%2BERNcYxwZ7x1oDM3M2J4rJFjwq%2Bh4M5sg1Ej2tJIw9HF1NpQcsIPNOfCuUsAi61PaGm0DfS2U7QqwODaHIjxZN7bnk4TnurZ3mDRIp05uuvhV3lbg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=15454&min_rtt=15436&rtt_var=4375&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2212&delivery_rate=260432&cwnd=250&unsent_bytes=0&cid=4083ee2b5032ff4f&ts=187&x=0", cfL4;desc="?proto=QUIC&rtt=1430&min_rtt=595&rtt_var=661&sent=850&recv=396&lost=0&retrans=0&sent_bytes=689989&recv_bytes=43468&delivery_rate=5861637&cwnd=45600&unsent_bytes=0&cid=eee6443af1f9f3b0&ts=9551&x=16"
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js | 104.17.24.14 | 200 OK | 48 kB |
URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js IP104.17.24.14:443
Requested byhttps://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP CertificateIssuerGoogle Trust Services Subjectcdnjs.cloudflare.com Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT
File typeJavaScript source, ASCII text, with very long lines (48316), with no line terminators Hash2ca03ad87885ab983541092b87adb299 1a17f60bf776a8c468a185c1e8e985c41a50dc27 8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://offhz.vestusiab.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 06 May 2025 21:15:58 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
server: cloudflare
strict-transport-security: max-age=15780000
cf-ray: 93bb7efcefab569a-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 302905
expires: Sun, 26 Apr 2026 21:15:58 GMT
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mi1pIgCD%2BOIHU5wJHvaI%2FgxcxLGJ7QToI7ui4G2n5UUfx1a2iujKEeRENyGqv65G89ebJJHG2nAnLiDrq4CLgBoTybcN8r0Bj9A2TuRN70vyoaBIE5WLnsV%2BB5cJK6Xj8a%2FODxsl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| 005.free-counters.co.uk/count-072.pl?count=reg22&type=microblack&prog=hit&cmd=link&url=royalleaffashion.com/c/409098/c21vcmdhbkBzbHVycG1haWwubmV0 |  37.187.24.74 | 302 Redirect | 0 B |
URL User Request GET 005.free-counters.co.uk/count-072.pl?count=reg22&type=microblack&prog=hit&cmd=link&url=royalleaffashion.com/c/409098/c21vcmdhbkBzbHVycG1haWwubmV0 IP37.187.24.74:80
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /count-072.pl?count=reg22&type=microblack&prog=hit&cmd=link&url=royalleaffashion.com/c/409098/c21vcmdhbkBzbHVycG1haWwubmV0 HTTP/1.1
Host: 005.free-counters.co.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Redirect
Content-Type: text/html; charset=UTF-8
Location: http://royalleaffashion.com/c/409098/c21vcmdhbkBzbHVycG1haWwubmV0
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Tue, 06 May 2025 21:13:54 GMT
Content-Length: 188
|
|
| offhz.vestusiab.com/favicon.ico | 104.21.96.1 | 404 Not Found | 0 B |
URL GET offhz.vestusiab.com/favicon.ico IP104.21.96.1:443
Requested byhttps://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP CertificateIssuerCLOUDFLARE, INC. Subjectvestusiab.com Fingerprint7E:07:E7:01:47:0D:FC:59:F6:ED:95:B6:A9:6C:11:8B:E1:31:B8:EA ValidityWed, 02 Apr 2025 21:14:26 GMT - Tue, 01 Jul 2025 21:21:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Tycoon Phishing Kit |
GET /favicon.ico HTTP/1.1
Host: offhz.vestusiab.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP
Cookie: XSRF-TOKEN=eyJpdiI6ImFuZXVpMXFnSWJqK3FDZ0U4eFA4MHc9PSIsInZhbHVlIjoiV1c3Z29jN0hlMlRna1dIbDlsa3JQWlh3OURHK2JBTThzUWNlajFza1Y4NmNXWkY0bEZxQ0hVVW15K2ZrZStURnJlblU2UCszTDBQVzUvUUliTUVqQy9yUC8xeWM2bGp3L1hHVHcyV2dGVFlaUWFtMDM0OGs5NWZ2VGw5WERMeGEiLCJtYWMiOiIwODhhMjU0YTgxNjY1NWI3M2IwNTgyMDczZGQzNmYwNTY3MmZmOTlhNWVkYTdlYzUxNDZjMzQ4NmUxNWRhNTNkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlV4dHFFdEZHRFZBQWRFc2NXaENodVE9PSIsInZhbHVlIjoiTnhQSFBOTHpjbHBIOTY4S2FtOGVCWHhWbjNWeEpyWXNHakMyOE0xSzBlN3lSa3R6ZTdBVjNnVytJZlRDcjJpMENWQ0o2TEVYU0NUd3g4aFZ4ZThDUnR0RUhqSlllT01Ob3FEQ1NwQXpLVTlxcXc3VnpSOXovK1I1NmQxM3BKUDEiLCJtYWMiOiI4NzFkM2U2MDRmZGEyY2Q2OWZjZjRlNmU0MjlhMDA2YmYwNjNiYzEzMzY0NzdjMWY2NTRkMzUyMjAyM2U2Y2U0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Tue, 06 May 2025 21:15:56 GMT
content-type: text/html; charset=UTF-8
cf-ray: 93bb7ef03feb712f-OSL
server: cloudflare
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O0pgr47iPcpCdlieKgvM8AgmBxMpZy0vPvvDIW4pKO7Wk3FBO9Eg79d1bcDf6Iybu0mX9eGFnB6kKR%2FoFb%2FbMaqjwgtFj1AyuJKQUqL9kF6TsvYPan29Yuh88%2BGu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server-timing: cfL4;desc="?proto=TCP&rtt=331&min_rtt=311&rtt_var=157&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2825&recv_bytes=2145&delivery_rate=8549682&cwnd=250&unsent_bytes=0&cid=c68bd812fc86780c&ts=168&x=0", cfL4;desc="?proto=QUIC&rtt=1304&min_rtt=595&rtt_var=297&sent=580&recv=351&lost=0&retrans=0&sent_bytes=396182&recv_bytes=24959&delivery_rate=23300446&cwnd=45600&unsent_bytes=0&cid=eee6443af1f9f3b0&ts=7855&x=16"
age: 1
cache-control: max-age=14400
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| offhz.vestusiab.com/34ZNIypSshYXHQZE4GRxmeOMghTRFTYcmquiWgwjMI67110 | 104.21.96.1 | 200 OK | 291 kB |
URL GET offhz.vestusiab.com/34ZNIypSshYXHQZE4GRxmeOMghTRFTYcmquiWgwjMI67110 IP104.21.96.1:443
Requested byhttps://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP CertificateIssuerCLOUDFLARE, INC. Subjectvestusiab.com Fingerprint7E:07:E7:01:47:0D:FC:59:F6:ED:95:B6:A9:6C:11:8B:E1:31:B8:EA ValidityWed, 02 Apr 2025 21:14:26 GMT - Tue, 01 Jul 2025 21:21:44 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size291 kB (290783 bytes) Hashec462614afcaf87892db3a945626715e 71b44c75fcc04126ea9a67486dcb5b59be7dd57f 69ef3968d268d8ed85c5db3ab30f94b5df9a217eb541822bfdda560c00b8c80b
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Tycoon Phishing Kit |
GET /34ZNIypSshYXHQZE4GRxmeOMghTRFTYcmquiWgwjMI67110 HTTP/1.1
Host: offhz.vestusiab.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP
Cookie: XSRF-TOKEN=eyJpdiI6ImFuZXVpMXFnSWJqK3FDZ0U4eFA4MHc9PSIsInZhbHVlIjoiV1c3Z29jN0hlMlRna1dIbDlsa3JQWlh3OURHK2JBTThzUWNlajFza1Y4NmNXWkY0bEZxQ0hVVW15K2ZrZStURnJlblU2UCszTDBQVzUvUUliTUVqQy9yUC8xeWM2bGp3L1hHVHcyV2dGVFlaUWFtMDM0OGs5NWZ2VGw5WERMeGEiLCJtYWMiOiIwODhhMjU0YTgxNjY1NWI3M2IwNTgyMDczZGQzNmYwNTY3MmZmOTlhNWVkYTdlYzUxNDZjMzQ4NmUxNWRhNTNkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlV4dHFFdEZHRFZBQWRFc2NXaENodVE9PSIsInZhbHVlIjoiTnhQSFBOTHpjbHBIOTY4S2FtOGVCWHhWbjNWeEpyWXNHakMyOE0xSzBlN3lSa3R6ZTdBVjNnVytJZlRDcjJpMENWQ0o2TEVYU0NUd3g4aFZ4ZThDUnR0RUhqSlllT01Ob3FEQ1NwQXpLVTlxcXc3VnpSOXovK1I1NmQxM3BKUDEiLCJtYWMiOiI4NzFkM2U2MDRmZGEyY2Q2OWZjZjRlNmU0MjlhMDA2YmYwNjNiYzEzMzY0NzdjMWY2NTRkMzUyMjAyM2U2Y2U0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 06 May 2025 21:16:00 GMT
content-type: application/javascript
cf-ray: 93bb7ef8083f712f-OSL
server: cloudflare
content-disposition: inline; filename="34ZNIypSshYXHQZE4GRxmeOMghTRFTYcmquiWgwjMI67110"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aDqOzMBbtp%2BgWmVG2W0L4sruOgSLoAGQdjyoFffA0gxDdAhLnQXC3HBipK6RLEAt6djghGmsEaJetI3DKTodd87%2FP%2FFGrLdQ6Hm5IKAVhAv9Vv5CVepVkpKl2D2m"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=324&min_rtt=307&rtt_var=151&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2164&delivery_rate=8986666&cwnd=252&unsent_bytes=0&cid=cb7b0392819bff91&ts=160&x=0", cfL4;desc="?proto=QUIC&rtt=1387&min_rtt=595&rtt_var=301&sent=985&recv=410&lost=0&retrans=0&sent_bytes=839657&recv_bytes=45065&delivery_rate=4993948&cwnd=45600&unsent_bytes=0&cid=eee6443af1f9f3b0&ts=11505&x=16"
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| offhz.vestusiab.com/xymovGx4QQpirslcd28 | 104.21.96.1 | 200 OK | 36 kB |
URL GET offhz.vestusiab.com/xymovGx4QQpirslcd28 IP104.21.96.1:443
Requested byhttps://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP CertificateIssuerCLOUDFLARE, INC. Subjectvestusiab.com Fingerprint7E:07:E7:01:47:0D:FC:59:F6:ED:95:B6:A9:6C:11:8B:E1:31:B8:EA ValidityWed, 02 Apr 2025 21:14:26 GMT - Tue, 01 Jul 2025 21:21:44 GMT
File typeASCII text, with CRLF line terminators Hash38501e3fbbbd89b56aa5ba35de1a32fe d9b31981b6f834e8480ba28fbc1cff1be772f589 a1ca6b381cb01968851c98512c6e7f6c5309a49f7a16b864813135cbff82a85b
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Tycoon Phishing Kit |
GET /xymovGx4QQpirslcd28 HTTP/1.1
Host: offhz.vestusiab.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP
Cookie: XSRF-TOKEN=eyJpdiI6ImFuZXVpMXFnSWJqK3FDZ0U4eFA4MHc9PSIsInZhbHVlIjoiV1c3Z29jN0hlMlRna1dIbDlsa3JQWlh3OURHK2JBTThzUWNlajFza1Y4NmNXWkY0bEZxQ0hVVW15K2ZrZStURnJlblU2UCszTDBQVzUvUUliTUVqQy9yUC8xeWM2bGp3L1hHVHcyV2dGVFlaUWFtMDM0OGs5NWZ2VGw5WERMeGEiLCJtYWMiOiIwODhhMjU0YTgxNjY1NWI3M2IwNTgyMDczZGQzNmYwNTY3MmZmOTlhNWVkYTdlYzUxNDZjMzQ4NmUxNWRhNTNkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlV4dHFFdEZHRFZBQWRFc2NXaENodVE9PSIsInZhbHVlIjoiTnhQSFBOTHpjbHBIOTY4S2FtOGVCWHhWbjNWeEpyWXNHakMyOE0xSzBlN3lSa3R6ZTdBVjNnVytJZlRDcjJpMENWQ0o2TEVYU0NUd3g4aFZ4ZThDUnR0RUhqSlllT01Ob3FEQ1NwQXpLVTlxcXc3VnpSOXovK1I1NmQxM3BKUDEiLCJtYWMiOiI4NzFkM2U2MDRmZGEyY2Q2OWZjZjRlNmU0MjlhMDA2YmYwNjNiYzEzMzY0NzdjMWY2NTRkMzUyMjAyM2U2Y2U0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 06 May 2025 21:15:58 GMT
content-type: text/css;charset=UTF-8
cf-ray: 93bb7ef80830712f-OSL
server: cloudflare
content-disposition: inline; filename="xymovGx4QQpirslcd28"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=awo0ZzWMzZmopFrI5yv0%2BQtmJ6yyqFNViRazAAYF9sugkClfm1gSIu%2FJdQUmFA1ZEoJ8eeR3shR2sJmTVuivRqgObqj%2BLsq66AqMcWTncvwWIKigFO3KKWyvFqY%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=292&min_rtt=257&rtt_var=98&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2165&delivery_rate=14813186&cwnd=252&unsent_bytes=0&cid=f7dc5edc0bc34a82&ts=178&x=0", cfL4;desc="?proto=QUIC&rtt=1500&min_rtt=595&rtt_var=976&sent=836&recv=394&lost=0&retrans=0&sent_bytes=674940&recv_bytes=43375&delivery_rate=1932657&cwnd=45600&unsent_bytes=0&cid=eee6443af1f9f3b0&ts=9508&x=16"
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback | 104.18.94.41 | 302 Found | 48 kB |
URL GET challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback IP104.18.94.41:443
Requested byhttps://offhz.vestusiab.com/iZth3V2uyphCyUg!h/*c21vcmdhbkBzbHVycG1haWwubmV0 CertificateIssuerGoogle Trust Services Subjectchallenges.cloudflare.com Fingerprint66:48:DF:B4:8B:9D:6A:8C:3A:B7:0F:CF:92:C7:AF:56:B9:3D:A2:1C ValidityTue, 29 Apr 2025 17:49:00 GMT - Mon, 28 Jul 2025 18:48:58 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://offhz.vestusiab.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Tue, 06 May 2025 21:15:49 GMT
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public
cross-origin-resource-policy: cross-origin
location: /turnstile/v0/b/701fd2559006/api.js
vary: Accept-Encoding
server: cloudflare
cf-ray: 93bb7ebffb765699-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js | 104.17.24.14 | 200 OK | 48 kB |
URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js IP104.17.24.14:443
Requested byhttps://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP CertificateIssuerGoogle Trust Services Subjectcdnjs.cloudflare.com Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT
File typeJavaScript source, ASCII text, with very long lines (48316), with no line terminators Hash2ca03ad87885ab983541092b87adb299 1a17f60bf776a8c468a185c1e8e985c41a50dc27 8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://offhz.vestusiab.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 06 May 2025 21:15:55 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
server: cloudflare
strict-transport-security: max-age=15780000
cf-ray: 93bb7ee898b4569a-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 302902
expires: Sun, 26 Apr 2026 21:15:55 GMT
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1zda8EBRN3AwFbLKWV%2Fghqco4%2FiFSGHxtsmFO89ZcgMLGNqBK9PaJ75Wq5fkqGlx5aN14HNEIdp9aH1iDqSp8mEHjVGXPC%2BymH2G66e7ahws0dDwhEc8g7OY53%2FftU6P7njfCX%2Fj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| offhz.vestusiab.com/GDSherpa-vf2.woff2 | 104.21.96.1 | 200 OK | 93 kB |
URL GET offhz.vestusiab.com/GDSherpa-vf2.woff2 IP104.21.96.1:443
Requested byhttps://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP CertificateIssuerCLOUDFLARE, INC. Subjectvestusiab.com Fingerprint7E:07:E7:01:47:0D:FC:59:F6:ED:95:B6:A9:6C:11:8B:E1:31:B8:EA ValidityWed, 02 Apr 2025 21:14:26 GMT - Tue, 01 Jul 2025 21:21:44 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 93276, version 1.0 Hashbcd7983ea5aa57c55f6758b4977983cb ef3a009e205229e07fb0ec8569e669b11c378ef1 6528a0bf9a836a53dfd8536e1786ba6831c9d1faa74967126fddf5b2081b858c
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Tycoon Phishing Kit |
GET /GDSherpa-vf2.woff2 HTTP/1.1
Host: offhz.vestusiab.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImFuZXVpMXFnSWJqK3FDZ0U4eFA4MHc9PSIsInZhbHVlIjoiV1c3Z29jN0hlMlRna1dIbDlsa3JQWlh3OURHK2JBTThzUWNlajFza1Y4NmNXWkY0bEZxQ0hVVW15K2ZrZStURnJlblU2UCszTDBQVzUvUUliTUVqQy9yUC8xeWM2bGp3L1hHVHcyV2dGVFlaUWFtMDM0OGs5NWZ2VGw5WERMeGEiLCJtYWMiOiIwODhhMjU0YTgxNjY1NWI3M2IwNTgyMDczZGQzNmYwNTY3MmZmOTlhNWVkYTdlYzUxNDZjMzQ4NmUxNWRhNTNkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlV4dHFFdEZHRFZBQWRFc2NXaENodVE9PSIsInZhbHVlIjoiTnhQSFBOTHpjbHBIOTY4S2FtOGVCWHhWbjNWeEpyWXNHakMyOE0xSzBlN3lSa3R6ZTdBVjNnVytJZlRDcjJpMENWQ0o2TEVYU0NUd3g4aFZ4ZThDUnR0RUhqSlllT01Ob3FEQ1NwQXpLVTlxcXc3VnpSOXovK1I1NmQxM3BKUDEiLCJtYWMiOiI4NzFkM2U2MDRmZGEyY2Q2OWZjZjRlNmU0MjlhMDA2YmYwNjNiYzEzMzY0NzdjMWY2NTRkMzUyMjAyM2U2Y2U0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 06 May 2025 21:16:02 GMT
content-type: font/woff2
content-length: 93276
server: cloudflare
content-disposition: inline; filename="GDSherpa-vf2.woff2"
cf-cache-status: MISS
last-modified: Tue, 06 May 2025 21:16:02 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JmMrLvQfD9h%2BqBeFKHuOJO6wvnJytoR3%2BS8xE6Xe5M8MgO9Li4hRkCwdWwlsMmzCeXvAXQm9zsc8WLovO6u8nQV%2FIosvYOSTiphVtZ4SkJVeu1Zu0A83GoSxILsg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server-timing: cfL4;desc="?proto=TCP&rtt=305&min_rtt=298&rtt_var=96&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2827&recv_bytes=2193&delivery_rate=12180722&cwnd=252&unsent_bytes=0&cid=013a413a484a9fd1&ts=405&x=0", cfL4;desc="?proto=QUIC&rtt=1400&min_rtt=595&rtt_var=391&sent=1267&recv=434&lost=0&retrans=0&sent_bytes=1154635&recv_bytes=46210&delivery_rate=20018525&cwnd=67200&unsent_bytes=0&cid=eee6443af1f9f3b0&ts=13337&x=16"
cache-control: max-age=14400
cf-ray: 93bb7ef80836712f-OSL
alt-svc: h3=":443"; ma=86400
|
|
| cloudmasonry.com/wp-content/uploads/2020/06/DocuSign-Logo.png | 192.124.249.161 | 403 Forbidden | 0 B |
URL GET cloudmasonry.com/wp-content/uploads/2020/06/DocuSign-Logo.png IP192.124.249.161:443
Requested byhttps://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP CertificateIssuerGoDaddy.com, Inc. Subjectcloudmasonry.com Fingerprint16:F3:6B:B7:5C:0F:AA:50:92:5E:D3:2E:A8:01:B2:13:53:2E:0E:F1 ValiditySun, 20 Apr 2025 14:19:10 GMT - Sat, 19 Jul 2025 14:19:10 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wp-content/uploads/2020/06/DocuSign-Logo.png HTTP/1.1
Host: cloudmasonry.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://offhz.vestusiab.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 403 Forbidden
date: Tue, 06 May 2025 21:15:58 GMT
content-type: text/html
x-sucuri-id: 15011
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
x-sucuri-block: BLACK02
server: Sucuri/Cloudproxy
X-Firefox-Spdy: h2
|
|
| offhz.vestusiab.com/stH0LzoxBCGj2NwMGWFvlGjg8fmMAstScwy8Y673lewWjtofq46I3Ic4DzmgWn42RMgh260 | 104.21.96.1 | 200 OK | 18 kB |
URL GET offhz.vestusiab.com/stH0LzoxBCGj2NwMGWFvlGjg8fmMAstScwy8Y673lewWjtofq46I3Ic4DzmgWn42RMgh260 IP104.21.96.1:443
Requested byhttps://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP CertificateIssuerCLOUDFLARE, INC. Subjectvestusiab.com Fingerprint7E:07:E7:01:47:0D:FC:59:F6:ED:95:B6:A9:6C:11:8B:E1:31:B8:EA ValidityWed, 02 Apr 2025 21:14:26 GMT - Tue, 01 Jul 2025 21:21:44 GMT
File typeRIFF (little-endian) data, Web/P image Hash4b52ecdc33382c9dca874f551990e704 8f3bf8e41cd4cdddb17836b261e73f827b84341b cce050cc3b150c0b370751021bb15018ee2b64ac369e230fe3b571a9b00d4342
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Tycoon Phishing Kit |
GET /stH0LzoxBCGj2NwMGWFvlGjg8fmMAstScwy8Y673lewWjtofq46I3Ic4DzmgWn42RMgh260 HTTP/1.1
Host: offhz.vestusiab.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP
Cookie: XSRF-TOKEN=eyJpdiI6ImFuZXVpMXFnSWJqK3FDZ0U4eFA4MHc9PSIsInZhbHVlIjoiV1c3Z29jN0hlMlRna1dIbDlsa3JQWlh3OURHK2JBTThzUWNlajFza1Y4NmNXWkY0bEZxQ0hVVW15K2ZrZStURnJlblU2UCszTDBQVzUvUUliTUVqQy9yUC8xeWM2bGp3L1hHVHcyV2dGVFlaUWFtMDM0OGs5NWZ2VGw5WERMeGEiLCJtYWMiOiIwODhhMjU0YTgxNjY1NWI3M2IwNTgyMDczZGQzNmYwNTY3MmZmOTlhNWVkYTdlYzUxNDZjMzQ4NmUxNWRhNTNkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlV4dHFFdEZHRFZBQWRFc2NXaENodVE9PSIsInZhbHVlIjoiTnhQSFBOTHpjbHBIOTY4S2FtOGVCWHhWbjNWeEpyWXNHakMyOE0xSzBlN3lSa3R6ZTdBVjNnVytJZlRDcjJpMENWQ0o2TEVYU0NUd3g4aFZ4ZThDUnR0RUhqSlllT01Ob3FEQ1NwQXpLVTlxcXc3VnpSOXovK1I1NmQxM3BKUDEiLCJtYWMiOiI4NzFkM2U2MDRmZGEyY2Q2OWZjZjRlNmU0MjlhMDA2YmYwNjNiYzEzMzY0NzdjMWY2NTRkMzUyMjAyM2U2Y2U0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 06 May 2025 21:15:58 GMT
content-type: image/webp
content-length: 17842
server: cloudflare
content-disposition: inline; filename="stH0LzoxBCGj2NwMGWFvlGjg8fmMAstScwy8Y673lewWjtofq46I3Ic4DzmgWn42RMgh260"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UL%2FKAn%2FNS7Tp%2BDueF02VFfu1ddJW80nOy0u1JrfACVRra7wKiLg5%2BTguQ5aTmg50F0rj06bRZGm5y0JUSnH1KwjfLEyQ0m6WJs803kirFDdbSmtnHej6J76wgT0m"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=15954&min_rtt=15930&rtt_var=4523&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2827&recv_bytes=2224&delivery_rate=252151&cwnd=251&unsent_bytes=0&cid=b72dc142a25689b9&ts=182&x=0", cfL4;desc="?proto=QUIC&rtt=1445&min_rtt=595&rtt_var=841&sent=840&recv=395&lost=0&retrans=0&sent_bytes=678857&recv_bytes=43420&delivery_rate=2551404&cwnd=45600&unsent_bytes=0&cid=eee6443af1f9f3b0&ts=9541&x=16"
cf-ray: 93bb7ef8083e712f-OSL
alt-svc: h3=":443"; ma=86400
|
|
| 005.free-counters.co.uk/count-072.pl?count=reg22&type=microblack&prog=hit&cmd=link&url=royalleaffashion.com/c/409098/c21vcmdhbkBzbHVycG1haWwubmV0 | 0.0.0.0 | | 0 B |
URL User Request GET 005.free-counters.co.uk/count-072.pl?count=reg22&type=microblack&prog=hit&cmd=link&url=royalleaffashion.com/c/409098/c21vcmdhbkBzbHVycG1haWwubmV0 IP0.0.0.0:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /count-072.pl?count=reg22&type=microblack&prog=hit&cmd=link&url=royalleaffashion.com/c/409098/c21vcmdhbkBzbHVycG1haWwubmV0 HTTP/1.1
Host: 005.free-counters.co.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| res-1.cdn.office.net/officeonline/hashed/83987e0f63d43f20/we_version2.png |  23.36.76.120 | 200 OK | 25 kB |
URL GET res-1.cdn.office.net/officeonline/hashed/83987e0f63d43f20/we_version2.png IP23.36.76.120:443 ASN#20940 Akamai International B.V.
Requested byhttps://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP CertificateIssuerDigiCert Inc Subject*.public.cdn.office.net Fingerprint4D:76:68:BA:18:F2:E4:E0:DA:01:64:B6:85:9D:C5:C9:B0:82:95:E2 ValidityThu, 06 Feb 2025 00:00:00 GMT - Fri, 06 Feb 2026 23:59:59 GMT
File typePNG image data, 296 x 302, 8-bit/color RGBA, non-interlaced Hashfd59a454c80d16a1cb998096478f7068 eb74904b48f598ec609be7b6e0089ae5f06db825 83987e0f63d43f20ff756121f3d91b50787c1e4e57d3bca110c06d0d6423c8cc
GET /officeonline/hashed/83987e0f63d43f20/we_version2.png HTTP/1.1
Host: res-1.cdn.office.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://offhz.vestusiab.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 24960
content-type: image/png
last-modified: Tue, 23 Jan 2024 00:52:15 GMT
x-ms-request-id: 4ccd2bad-c01e-004e-4f49-5dd11f000000
cache-control: max-age=630720000
date: Tue, 06 May 2025 21:15:58 GMT
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,quic=":443"; ma=93600; v="43"
akamai-request-bc: [a=23.36.76.116,b=7101833,c=g,n=NO__OSLO,o=20940]
ak-network: FF
report-to: {"group":"NelM365CDNUpload1","max_age":604800,"endpoints":[{"url":"https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=OSLO&ASN=20940&Country=NO&Region=&RequestIdentifier=0.744c2417.1746566158.6c5d89&TotalRTCDNTime=0&CompressionType=&FileSize=24960"}],"include_subdomains ":true}
nel: {"report_to":"NelM365CDNUpload1","max_age":604800,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
server-timing: clientrtt; dur=0, clienttt; dur=, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC,X-Cdn-Provider,X-Ms-Request-Id
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
x-cdn-provider: Akamai
X-Firefox-Spdy: h2
|
|
| cloudmasonry.com/wp-content/uploads/2020/06/DocuSign-Logo.png | 192.124.249.161 | 403 Forbidden | 0 B |
URL GET cloudmasonry.com/wp-content/uploads/2020/06/DocuSign-Logo.png IP192.124.249.161:443
Requested byhttps://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP CertificateIssuerGoDaddy.com, Inc. Subjectcloudmasonry.com Fingerprint16:F3:6B:B7:5C:0F:AA:50:92:5E:D3:2E:A8:01:B2:13:53:2E:0E:F1 ValiditySun, 20 Apr 2025 14:19:10 GMT - Sat, 19 Jul 2025 14:19:10 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wp-content/uploads/2020/06/DocuSign-Logo.png HTTP/1.1
Host: cloudmasonry.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://offhz.vestusiab.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 403 Forbidden
date: Tue, 06 May 2025 21:15:59 GMT
content-type: text/html
x-sucuri-id: 15011
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
x-sucuri-block: BLACK02
server: Sucuri/Cloudproxy
X-Firefox-Spdy: h2
|
|
| addins.verityrms.com/assets/icon-80.png | 52.70.72.151 | 200 OK | 4.9 kB |
URL GET addins.verityrms.com/assets/icon-80.png IP52.70.72.151:443
Requested byhttps://offhz.vestusiab.com/abkiicyrvmgttmnxcktltonzxvm4y3wpquym2vwartmikr1n?YEWNZWIEWPAPSDRGUP CertificateIssuerAmazon Subject*.verityrms.com Fingerprint0E:97:DA:5B:99:C8:88:4B:47:DA:62:7A:97:E1:65:B8:6B:AB:49:50 ValidityFri, 15 Nov 2024 00:00:00 GMT - Mon, 15 Dec 2025 23:59:59 GMT
File typePNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced Hashce52ad7a5c1a9570a42d804f32059c56 70f9c86c05f0628b4ac72d8c77fc70d6770736e9 fac5922d060ebbe6a668b9fafcbc284ece3100754c742480fb58425acd562603
GET /assets/icon-80.png HTTP/1.1
Host: addins.verityrms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://offhz.vestusiab.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 06 May 2025 21:15:59 GMT
content-type: image/png
content-length: 4937
server: nginx/1.27.4
last-modified: Thu, 03 Apr 2025 12:43:47 GMT
etag: "67ee8283-1349"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|