Report - bsukd2.dmuok.es/n9IzCybq/

Report Overview

Visited public
2025-03-28 17:16:29
Tags
microsoft phishing suspicious tycoon
URL
bsukd2.dmuok.es/n9IzCybq/
Finishing URL
bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
IP / ASN
104.21.48.1
#13335 CLOUDFLARENET
Title
Proceed To Secure Access
Phishing - Microsoft
Phishing - Generic phishing
Suspicious - Anti-debugging code
Phishing - Tycoon Phishing Kit

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ok4static.oktacdn.com	16592	2014-11-11	2018-06-15	2025-03-25	2.0 kB	268 kB	143.204.55.3
cdnjs.cloudflare.com	235	2009-02-17	2012-05-23	2025-03-26	1.4 kB	148 kB	104.17.24.14
c00u.aezeib.ru	unknown	2025-02-26	2025-03-28	2025-03-28	442 B	816 B	104.21.53.220
objects.githubusercontent.com	134060	2014-02-06	2021-11-01	2025-03-26	889 B	11 kB	185.199.109.133
github.com	1423	2007-10-09	2016-07-13	2025-03-26	454 B	15 kB	140.82.121.3
code.jquery.com	634	2005-12-10	2012-05-21	2025-03-26	1.3 kB	270 kB	151.101.2.137
developers.cloudflare.com	592034	2009-02-17	2012-09-07	2025-03-26	446 B	1.7 kB	104.16.4.189
bsukd2.dmuok.es	unknown	unknown	2025-03-28	2025-03-28	34 kB	6.1 MB	104.21.96.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (27)

	URL	From	Size	First Seen	Last Seen
	code.jquery.com/jquery-3.6.0.min.js	ScriptElement	90 kB	2023-03-07	2025-06-06
Pretty URL code.jquery.com/jquery-3.6.0.min.js IP 151.101.2.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-06 17:26 Times Seen211714 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI	Eval	197 kB	2025-03-19	2025-05-03
Pretty URL bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI IP 104.21.96.1 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-03-19 19:34 Last Seen2025-05-03 07:23 Times Seen3899 Hash 6c3e12f3c6adef6b7fd961c67dbe3da8 d009941f0f482ec59da4cd9676d51da21c52a5af aae52996a7f7c8d8777e467eeff0725581388f05ac914b823ac037a1d236e72a Loading...

	bsukd2.dmuok.es/n9IzCybq/	ScriptElement	807 kB	2025-03-28	2025-03-28
Pretty URL bsukd2.dmuok.es/n9IzCybq/ IP 104.21.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-28 17:16 Last Seen2025-03-28 17:16 Times Seen1 Hash 9ceec8ab5b772b07b92ce6e05ce62ac8 fd6fe2dd722ddb0336c951967cc134aa5a93666c 43b43dd80d1ee947569bbf10a062d0f53ff2060f8610185fa33985b52479d076 Loading...

	bsukd2.dmuok.es/n9IzCybq/	Eval	9.9 kB	2025-03-28	2025-03-28
Pretty URL bsukd2.dmuok.es/n9IzCybq/ IP 104.21.96.1 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-03-28 17:16 Last Seen2025-03-28 17:16 Times Seen1 Hash df8d9b27870834e1b25add7619898c2c bae3319b0007616d68b47d37b5d1f1b719eae284 ea163054e0fd4ce622fd438785141a2d80095b50a04d8afa3043423270800d2d Loading...

	code.jquery.com/jquery-3.6.0.min.js	ScriptElement	90 kB	2023-03-07	2025-06-06
Pretty URL code.jquery.com/jquery-3.6.0.min.js IP 151.101.2.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-06 17:26 Times Seen211714 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js	ScriptElement	48 kB	2023-03-07	2025-06-06
Pretty URL cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31 Last Seen2025-06-06 17:26 Times Seen95850 Hash 2ca03ad87885ab983541092b87adb299 1a17f60bf776a8c468a185c1e8e985c41a50dc27 8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762 Loading...

	bsukd2.dmuok.es/n9IzCybq/	ScriptElement	12 kB	2025-03-28	2025-03-28
Pretty URL bsukd2.dmuok.es/n9IzCybq/ IP 104.21.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-28 17:16 Last Seen2025-03-28 17:16 Times Seen1 Hash 21a567dd752c2a34a34d5f246dd585e0 930c3c9d7996f17257e26993b5ff868bfe9f7643 0ec70f39f2d81bcc7dcb0fafc2010e0f50503e69a7d9f30a62deefc52bdbbaec Loading...

	bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI	ScriptElement	2.4 kB	2025-03-28	2025-03-28
Pretty URL bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI IP 104.21.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-28 17:16 Last Seen2025-03-28 17:16 Times Seen1 Hash 0b9cfe51404122e09f2fabd524f534bb 39922ad3f4495f25603540da013320c5121bbc20 6996c7eb8c9f983bb737eccc86718c42f6f782f1edf2d90c67bbee2fe1bbf12a Loading...

	bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI	ScriptElement	770 B	2025-03-28	2025-03-28
Pretty URL bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI IP 104.21.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-28 17:16 Last Seen2025-03-28 17:16 Times Seen1 Hash 61cff0e237c2098a9b428a8317ecebed a996185c194d640b5c0c1f396a4f913e29a6ceff 7998bc53e2f876884ef0497a332c9aaad292f9a978968d3607fcd9a35e9a89bd Loading...

	bsukd2.dmuok.es/56CYJ7XtyXLkK16ij4gPRdvvfUD6Qk67105	ScriptElement	4.7 MB	2025-03-19	2025-04-10
Pretty URL bsukd2.dmuok.es/56CYJ7XtyXLkK16ij4gPRdvvfUD6Qk67105 IP 104.21.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-19 19:34 Last Seen2025-04-10 19:30 Times Seen1602 Hash b0dd0ee65ad6c93237212291f6ace239 f6533f76a1e8f0682f7773e34920bb20eb1fa890 c8b1697ed6be7a7fc6e61df7e018aed20c6f53db559f4b1faad855e469ae3a03 Loading...

	bsukd2.dmuok.es/n9IzCybq/	Eval	1.7 kB	2025-03-28	2025-03-28
Pretty URL bsukd2.dmuok.es/n9IzCybq/ IP 104.21.96.1 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-03-28 17:16 Last Seen2025-03-28 17:16 Times Seen1 Hash 9bfa3d0c9ff5f0644aeeb8e0c77bc5d9 b2985f978c5c8d6c8ac46b3fbfb50bbb4d5febb1 15d0bb0914fb454b92ee593e85f291dfb9fb011c68f1b1f24d38c4793d366634 Loading...

	bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI	Eval	148 kB	2025-03-19	2025-05-03
Pretty URL bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI IP 104.21.96.1 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-03-19 19:34 Last Seen2025-05-03 07:23 Times Seen3889 Hash 8970b928fbfc88d2a9e4ec87364781b9 a377b962b64905bf923db1b1ec2661519991aca4 5b48fe8776491e5d298044f7bcbe5f875074fa22cda01bcbb9396ee2a3051cb1 Loading...

	bsukd2.dmuok.es/n9IzCybq/	ScriptElement	236 kB	2025-03-28	2025-03-28
Pretty URL bsukd2.dmuok.es/n9IzCybq/ IP 104.21.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-28 17:16 Last Seen2025-03-28 17:16 Times Seen1 Hash eb040ed81bcee1d8cdcbed43320ed00c ab6d585ad7fa0d5eeaf4b77bc9d6f44868f4229f 1e6a72bcd74dd718bd732182afed8d483e82960894869a81d4637bff90014c95 Loading...

	bsukd2.dmuok.es/n9IzCybq/	ScriptElement	2.5 kB	2025-03-28	2025-03-28
Pretty URL bsukd2.dmuok.es/n9IzCybq/ IP 104.21.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-28 17:16 Last Seen2025-03-28 17:16 Times Seen1 Hash 76382200b40e97e2e0ddc55948d90465 432922d6857532c08cadd58fe013a5f9af73f2b6 e1bd9be1ccaa19c710b1a2233080c721ceb372ee687aa5108b46e179ebc1c0d4 Loading...

	bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI	ScriptElement	2.1 kB	2025-03-28	2025-03-28
Pretty URL bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI IP 104.21.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-28 17:16 Last Seen2025-03-28 17:16 Times Seen1 Hash 286881e92aefd90b0eb5880f5ecd094c ee89c1d7c7ade4dbce2c5af65c1990767bdf61b2 de2d048012a09ede6d96096d042cac443348a398d425bd88aed525f0a11f4621 Loading...

	bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI	ScriptElement	138 kB	2025-03-28	2025-03-28
Pretty URL bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI IP 104.21.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-28 17:16 Last Seen2025-03-28 17:16 Times Seen1 Hash 539f25a5ed2d2dcca3d370294f1e4d05 bee321ddf3bfd43598209c79e20f12498662d8cd f8e951dd5da5519a520236102d193b3293cae0702ab5ff4137572282dda65ae2 Loading...

	github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js	ScriptElement	10 kB	2024-05-30	2025-06-06
Pretty URL github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js IP 140.82.121.3 ASN #36459 GITHUB Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-30 22:56 Last Seen2025-06-06 17:26 Times Seen20270 Hash 6c20a2be8ba900bc0a7118893a2b1072 ff7766fde1f33882c6e1c481ceed6f6588ea764c b1c42acd0288c435e95e00332476781532ed002cac6f3dcee9110ced30b31500 Loading...

	cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js	ScriptElement	48 kB	2023-03-07	2025-06-06
Pretty URL cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31 Last Seen2025-06-06 17:26 Times Seen95850 Hash 2ca03ad87885ab983541092b87adb299 1a17f60bf776a8c468a185c1e8e985c41a50dc27 8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762 Loading...

	bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI	ScriptElement	19 kB	2025-03-28	2025-03-28
Pretty URL bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI IP 104.21.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-28 17:16 Last Seen2025-03-28 17:16 Times Seen1 Hash 7c48dbfc7dd22976bbd958d22cae72c8 cb1089a7d69186cfe1e37cc41e607cffb9b4ea7d 377f977bff17e23c8ded5e39067d8b71a8586db3dccc7b84f417ea2fb1b31ef5 Loading...

	bsukd2.dmuok.es/n9IzCybq/	ScriptElement	39 kB	2025-03-28	2025-03-28
Pretty URL bsukd2.dmuok.es/n9IzCybq/ IP 104.21.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-28 17:16 Last Seen2025-03-28 17:16 Times Seen1 Hash defa189a22fa79abba8e1876eb8bb642 19a95bc8b1f151e012f0c251c31d3d97c6a9dc2a d58e65c9f262585d9656f1dc89eb1036b41ac3b86889c9d870dacabb7fc1a915 Loading...

	bsukd2.dmuok.es/n9IzCybq/	Function	1.8 kB	2025-03-28	2025-03-28
Pretty URL bsukd2.dmuok.es/n9IzCybq/ IP 104.21.96.1 ASN #13335 CLOUDFLARENET Introduced by Function Embedded in HTML false Observations First Seen2025-03-28 17:16 Last Seen2025-03-28 17:16 Times Seen1 Hash ba2fe20a30f3e36d4e9ef6439c5d604a 769cd8fb16a0bb8d9f4d9cfc5feb8adfe454a3c8 f5b286e27642efe57314fd1a529b91f5a781f151d255bcdcbf736a860e846b7e Loading...

	code.jquery.com/jquery-3.6.0.min.js	ScriptElement	90 kB	2023-03-07	2025-06-06
Pretty URL code.jquery.com/jquery-3.6.0.min.js IP 151.101.2.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-06 17:26 Times Seen211714 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI	Eval	13 kB	2025-03-28	2025-03-28
Pretty URL bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI IP 104.21.96.1 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-03-28 17:16 Last Seen2025-03-28 17:16 Times Seen1 Hash e47f4a3c5a5ad07ec3faecf492249285 1ebe05623074fb45176da66e235bf8c997494dd4 f17dd856a6e4ee810ff7f688ac42461ea0ddd1aefd7736a75d045bad6f816f4d Loading...

	cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js	ScriptElement	48 kB	2023-03-07	2025-06-06
Pretty URL cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31 Last Seen2025-06-06 17:26 Times Seen95850 Hash 2ca03ad87885ab983541092b87adb299 1a17f60bf776a8c468a185c1e8e985c41a50dc27 8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762 Loading...

		Size	First Seen	Last Seen
	#1 Write - 7cfd57f28e0e499a73bf8d967e64bbf1	218 kB	2025-03-28 17:16	2025-03-28 17:16
Pretty Observations First Seen2025-03-28 17:16 Last Seen2025-03-28 17:16 Times Seen1 Hash 7cfd57f28e0e499a73bf8d967e64bbf1 522d31a6e49d21287aa21d40dfcf0f23099d2ce0 a4057becf3a451b740dc1c99d16de443ebddb2f39f6ee8895a74e29b7cb0300f Loading...

	#2 Write - 8473987d4a8080467b90c1f56e8ff78f	15 kB	2025-03-28 17:16	2025-03-28 17:16
Pretty Observations First Seen2025-03-28 17:16 Last Seen2025-03-28 17:16 Times Seen1 Hash 8473987d4a8080467b90c1f56e8ff78f df96acbf53c0e8bbc6405a06c58752f5a7a38136 d66b15536f868b7d642a223a1ae73ee4d221909f5226922ac20d9aa672d81f9d Loading...

	#3 Write - e9545c98aea6d13f0a69faceb3cd40a5	102 kB	2025-03-28 17:16	2025-03-28 17:16
Pretty Observations First Seen2025-03-28 17:16 Last Seen2025-03-28 17:16 Times Seen1 Hash e9545c98aea6d13f0a69faceb3cd40a5 90106b950133ed5099761880d451d36c94ee42ae 8135cb196d4587dca505d7398550ef0d7d51ffbd13fd71169eae768cd905f8d7 Loading...

HTTP Transactions (41)

URL IP Response Size

code.jquery.com/jquery-3.6.0.min.js

151.101.2.137

200 OK

90 kB

URL GET
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.2.137:443
ASN
#54113 FASTLY

Requested by
https://bsukd2.dmuok.es/n9IzCybq/
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
90 kB (89501 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bsukd2.dmuok.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Fri, 28 Mar 2025 17:16:06 GMT
age: 1851370
x-served-by: cache-lga21931-LGA, cache-hel1410029-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 645472
x-timer: S1743182166.369967,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

developers.cloudflare.com/favicon.png

104.16.4.189

200 OK

937 B

URL GET
developers.cloudflare.com/favicon.png
IP
104.16.4.189:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bsukd2.dmuok.es/n9IzCybq/
Certificate
IssuerGoogle Trust Services
Subjectdevelopers.cloudflare.com
Fingerprint40:EB:B1:34:10:10:4D:1A:39:4E:1C:9D:94:F9:3A:A8:D7:1B:D9:43
ValidityFri, 14 Mar 2025 21:43:15 GMT - Thu, 12 Jun 2025 22:43:11 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Size
937 B (937 bytes)
Hash
fc3b7bbe7970f47579127561139060e2
3f7c5783fe1f4404cb16304a5a274778ea3abd25
85e6223afdbd5badf2c79bcfbaa6fe686acaa781eca52c196647ffabb3be2ffe

HTTP Headers

GET /favicon.png HTTP/1.1
Host: developers.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bsukd2.dmuok.es/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 28 Mar 2025 17:16:06 GMT
content-type: image/png
content-length: 937
cf-cache-status: HIT
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "6be7ff94b6151f8cfbf08b53a17e2ac1"
set-cookie: __cf_bm=At2QpBejZaCsWTSLt25McSTX3qAcg694rSTWqyKpz5U-1743182166-1.0.1.1-fTWxBdkcvTRMRPu178875NyBRoC0QrPIdfJP79ZXwdjGYCvypSbxyutr4OjyZHbE2XOzOVS29gNl8C.vlRFym.Y4sa5XBhMBHs1k_KDRmT8; path=/; expires=Fri, 28-Mar-25 17:46:06 GMT; domain=.developers.cloudflare.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 9278c5fd2faa712d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.6.0.min.js

151.101.2.137

200 OK

90 kB

URL GET
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.2.137:443
ASN
#54113 FASTLY

Requested by
https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
90 kB (89501 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bsukd2.dmuok.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Fri, 28 Mar 2025 17:16:17 GMT
age: 1851381
x-served-by: cache-lga21931-LGA, cache-hel1410029-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 645486
x-timer: S1743182178.924983,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

bsukd2.dmuok.es/56Awqlx1xyOAhjsq6720

104.21.96.1

200 OK

27 kB

URL GET
bsukd2.dmuok.es/56Awqlx1xyOAhjsq6720
IP
104.21.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
Certificate
IssuerGoogle Trust Services
Subjectdmuok.es
Fingerprint71:90:53:8F:DC:0D:35:D2:7D:61:F7:5B:46:B7:42:0F:26:C4:A4:31
ValidityFri, 14 Mar 2025 16:29:05 GMT - Thu, 12 Jun 2025 17:26:16 GMT

File type
ASCII text, with very long lines (26765), with no line terminators
Size
27 kB (26765 bytes)
Hash
1a862a89d5633fac83d763886726740d
e5ce3aa454c992a13fd406a9647d7afbf831051f
5c22fd904edb792331a7307ddf4a790e0d1318924f6d8e7362fa6b55d5ab6fbb

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /56Awqlx1xyOAhjsq6720 HTTP/1.1
Host: bsukd2.dmuok.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
Cookie: XSRF-TOKEN=eyJpdiI6Imd2QzVKRWxxd2VzbUpkWDZFV1FFWXc9PSIsInZhbHVlIjoiaFZ3bUswVjEyNzJmR3pDM2NKenYwWURac0svOGM2QzFiTmRZWGJ1UnlMVHc5N1VaWUVrN084M0d4NkNSQnoxd04rYVhxUE95aVRmQlRGQWdLUkY0dktvd1lmd3dGYTRYZGp3WDBzUE9KNjV3WlFLK3hVaDFEMFI3T3I1d1NGMW4iLCJtYWMiOiIyZjBmYzEyMzE5ZGExMDY2NDAzODg0ZjgxNzZlOGU3MDRjMmVjYzYxOTY0NTgxNzMwM2U3NDBkOGEyZTc1NWZlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkdOQnYwOFNZRVlxMkFETUswelM5ZVE9PSIsInZhbHVlIjoiK3FqdHVWcFJiNXBnWnkxUWNhUExKRkF0aCt4R3R6TDJlOXhMbEdqWW5aMGgxZm1EM3lZVG1tR2hWMk9qREMrUk51a09WQjRoM2w4eCtzNVNXWWdsMHVLMklFMGU5NkFWcXVRVDliSWthZmIxOHVwRGI0NGx4bzRNWml2Uk1UVXMiLCJtYWMiOiI2MzNiMjAwNDY2ZWFmMWQxZmFiM2QyNmJjZjFkYjBiZTFjMmIyNjFiMTk0ZTliYThmYzA2MjczYmM4N2Y2NGFlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 28 Mar 2025 17:16:18 GMT
content-type: text/css;charset=UTF-8
cf-ray: 9278c6442f065696-OSL
server: cloudflare
content-disposition: inline; filename="56Awqlx1xyOAhjsq6720"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CLLHM0JK3i91AGF1d3kebEt2fvuHNH49Iry3mqOltmWgmLow%2Bel3B%2FuCkW3CiRyhgD0PyiQ0Zyzm%2FZzgd6UkYSp92JGoHNTiXmyqFKdHhCyHHDKXLhQu4HZut1LCQE3FEuP%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=64446&min_rtt=64059&rtt_var=24299&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2174&delivery_rate=44459&cwnd=166&unsent_bytes=0&cid=612a0453b29df8d8&ts=295&x=0"
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400

bsukd2.dmuok.es/klGzxZ7P8TGfwM9lcwpusTLouWlchCmX3v3wxDPYFQb5PTKGvs56170

104.21.96.1

200 OK

7.4 kB

URL GET
bsukd2.dmuok.es/klGzxZ7P8TGfwM9lcwpusTLouWlchCmX3v3wxDPYFQb5PTKGvs56170
IP
104.21.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
Certificate
IssuerGoogle Trust Services
Subjectdmuok.es
Fingerprint71:90:53:8F:DC:0D:35:D2:7D:61:F7:5B:46:B7:42:0F:26:C4:A4:31
ValidityFri, 14 Mar 2025 16:29:05 GMT - Thu, 12 Jun 2025 17:26:16 GMT

File type
SVG Scalable Vector Graphics image
Size
7.4 kB (7390 bytes)
Hash
bca9b46fee32162356ba5b4783e614dc
cc09ee862df9bf86e545f9dfdf2fbd4facfa71f5
fb48e7087def752683bc9a9fe4035acf2419cebbe8b17a16e5c81699a06f6fec

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /klGzxZ7P8TGfwM9lcwpusTLouWlchCmX3v3wxDPYFQb5PTKGvs56170 HTTP/1.1
Host: bsukd2.dmuok.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
Cookie: XSRF-TOKEN=eyJpdiI6Imd2QzVKRWxxd2VzbUpkWDZFV1FFWXc9PSIsInZhbHVlIjoiaFZ3bUswVjEyNzJmR3pDM2NKenYwWURac0svOGM2QzFiTmRZWGJ1UnlMVHc5N1VaWUVrN084M0d4NkNSQnoxd04rYVhxUE95aVRmQlRGQWdLUkY0dktvd1lmd3dGYTRYZGp3WDBzUE9KNjV3WlFLK3hVaDFEMFI3T3I1d1NGMW4iLCJtYWMiOiIyZjBmYzEyMzE5ZGExMDY2NDAzODg0ZjgxNzZlOGU3MDRjMmVjYzYxOTY0NTgxNzMwM2U3NDBkOGEyZTc1NWZlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkdOQnYwOFNZRVlxMkFETUswelM5ZVE9PSIsInZhbHVlIjoiK3FqdHVWcFJiNXBnWnkxUWNhUExKRkF0aCt4R3R6TDJlOXhMbEdqWW5aMGgxZm1EM3lZVG1tR2hWMk9qREMrUk51a09WQjRoM2w4eCtzNVNXWWdsMHVLMklFMGU5NkFWcXVRVDliSWthZmIxOHVwRGI0NGx4bzRNWml2Uk1UVXMiLCJtYWMiOiI2MzNiMjAwNDY2ZWFmMWQxZmFiM2QyNmJjZjFkYjBiZTFjMmIyNjFiMTk0ZTliYThmYzA2MjczYmM4N2Y2NGFlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 28 Mar 2025 17:16:18 GMT
content-type: image/svg+xml
cf-ray: 9278c6444f115696-OSL
server: cloudflare
content-disposition: inline; filename="klGzxZ7P8TGfwM9lcwpusTLouWlchCmX3v3wxDPYFQb5PTKGvs56170"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ef0LblRNgvwv%2BsHzzEUsVD%2FnTGYMllXc4moypWQYl6KRhC%2F1d%2B%2Fko%2BuDJ9qsQn9SzButVCUvnHvo1C5UKdWTNL6a6o%2F085sOAU62zc8GQHzgd2Ke%2FTYBzCwUFEuB9vzDoR9N"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=30528&min_rtt=30295&rtt_var=11527&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2216&delivery_rate=94008&cwnd=146&unsent_bytes=0&cid=bfb5f48295f84207&ts=246&x=0"
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400

bsukd2.dmuok.es/n9IzCybq/

104.21.96.1

200 OK

807 kB

URL User Request GET
bsukd2.dmuok.es/n9IzCybq/
IP
104.21.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectdmuok.es
Fingerprint71:90:53:8F:DC:0D:35:D2:7D:61:F7:5B:46:B7:42:0F:26:C4:A4:31
ValidityFri, 14 Mar 2025 16:29:05 GMT - Thu, 12 Jun 2025 17:26:16 GMT

File type
HTML document, ASCII text, with very long lines (65364)
Size
807 kB (807011 bytes)
Hash
239a64dfc12067a1a29ca2457bb99d18
3b82d879c68fd9f8c6bdad927b29e26ede48e84a
9a249635cd221a30960fa49f82c43583b3df5e5fbb27aa9908d480156f4d3b6d

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Anti-debugging code
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /n9IzCybq/ HTTP/1.1
Host: bsukd2.dmuok.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 28 Mar 2025 17:16:05 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GO86gZxh%2BykWM0DIWOQJWMxBSxlnJcQROCfFnTrpI6DeoOZbgiei6Autt43ktbFskQaSVhqu6LIqBd6jeT6VBE1EtQBTmwagwHtwgfyfFdsOa10pKrA11mUNjTGTiFRZRUcQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: XSRF-TOKEN=eyJpdiI6Ilh1VFlaaWpkU1BqVDhQZUVocWQwNnc9PSIsInZhbHVlIjoiMEV6YVN1TWNaLzNyeklaemNpM1oxbERBd25NaVo0OXdTM1ZSSnd4clVXc0wzUXFEUzhacHFPZXdkbmc2TFI0S3NnV3gwL0hIMXhqL1I3cUkzQmFuR0UvQkVibUg0SHNTYlkvTGFKeHdKeFprUnFuaGxKN282bFhLOUF3QTJ6UmYiLCJtYWMiOiJjNzlhMTlhMGFmMzU4N2YwY2Y1MDIxYWUzNmUyYzhjOTNmZjM4NWU4YjVhYmE2ZTEwZjMwYTAxNjMwOWJhMDQ1IiwidGFnIjoiIn0%3D; expires=Fri, 28-Mar-2025 19:16:05 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6ImxpT29ZQVQ4bWlBcHl6QzhvVG43Vmc9PSIsInZhbHVlIjoiOW1rWUhrOUVnR0QwWUIyU0EvdE4rbDZwaEUyTlZzYk5XODZob2piWG1EUy81SSs1cktUUzkyWjZsUWpocElTUlFHTFJPTDcrT1RRRzdwVlBDSE5ycmljKzhNc29GWVFtWTdPZlVSRSsxUVBKT2V3OHpMSExBbzQxVXRXQUVsT1ciLCJtYWMiOiJiZTk0ZTFmZThlMjM3ZDA1ZDVjYzgxZTljNDZkNTJkYzcyODVhNTEzYTExNmUxOGI0NDRiMDgwNjRjOGZhZGVhIiwidGFnIjoiIn0%3D; expires=Fri, 28-Mar-2025 19:16:05 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
server: cloudflare
cf-ray: 9278c5f23f9356c1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=30290&min_rtt=30200&rtt_var=11389&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2821&recv_bytes=1400&delivery_rate=94304&cwnd=60&unsent_bytes=0&cid=2e0077646e3deaba&ts=354&x=0", cfL4;desc="?proto=TCP&rtt=5581&min_rtt=417&rtt_var=10290&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3187&recv_bytes=1133&delivery_rate=6851735&cwnd=252&unsent_bytes=0&cid=099d5326a6cc382d&ts=771&x=0"
X-Firefox-Spdy: h2

bsukd2.dmuok.es/n9IzCybq/

104.21.96.1

200 OK

25 kB

URL User Request GET
bsukd2.dmuok.es/n9IzCybq/
IP
104.21.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectdmuok.es
Fingerprint71:90:53:8F:DC:0D:35:D2:7D:61:F7:5B:46:B7:42:0F:26:C4:A4:31
ValidityFri, 14 Mar 2025 16:29:05 GMT - Thu, 12 Jun 2025 17:26:16 GMT

File type
HTML document, ASCII text, with very long lines (19869), with CRLF line terminators
Size
25 kB (24904 bytes)
Hash
64fd8c6f38740a6834d11e283db373b2
1ae19a60d13d94b6c5b16d7b3cb75b51fb98278d
438bea6a9ca1c329c27d5e9434ab140aec3ef7e598749b5e3321e1b9cb969d81

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Anti-debugging code
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /n9IzCybq/ HTTP/1.1
Host: bsukd2.dmuok.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkNMNFd6L3RYSDRsL05MVUt4K1JReGc9PSIsInZhbHVlIjoiNFdwM3EzSzdlT3pkVW5iZXpFeUh1Rmx0Tm56a0FHRTdKZlJQM0plMmllVWZTSmpWVUZCaUdhUjZsWmdMelJiTzl0SndBU00rYkRSS3NEWCtQK3dXRUcrVlpDaHVQZE0zYmtqYXFYbTdTVWswMzRGeXpjY1JsTDV1ZFNVeWx1d0QiLCJtYWMiOiI3OWZmY2I0NzM0MDA5N2MyYWYwZTI4YzM3ZTk4ZTcxYjhhZWFhZWI0MzJlMmZjYjgzODg5MGQ4YjIyMTQwYzEyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik03ZU1lZ0xBVEYvS1MvRHhWeEhMd3c9PSIsInZhbHVlIjoidjA4ZVpybkk3cDlyUjZFWThJa0pUOEVVQkRwcWRnSXNtS0NBTkNjbUdVaVB0UzZMeTVzMHNVbDh4WGpmNEIyN3dVUlcwUDB5WU5pNlhGYUJ5SDNDRmoza3kvTzVGL3ZVd1BoWXNhZWwxeXlKY0VnUE9pSitBWkpnQTRoVUVZak0iLCJtYWMiOiJiYjMzOWU0MDBkODQ4YWE4ODdjODczODc1YzFiYmZjNTRhNjQyNmY5YjY4ZmFjZWM1Nzk1YTQ5NjgwNjZiODk2IiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 28 Mar 2025 17:16:15 GMT
content-type: text/html; charset=UTF-8
cf-ray: 9278c6339e3a5696-OSL
server: cloudflare
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S5akg4Xq7XfXCoQhAW277MAQJrZDEHCWxzgh589xfP9LAn1AD1HBDY79paPhiPXG%2FAepkPMfALpRrTAcsbjbYxYBP9Fz4mwch73KkL3TF0MUfWLefUPpgSy6luX3nhRSZb5f"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=42746&min_rtt=42522&rtt_var=16106&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2151&delivery_rate=66977&cwnd=77&unsent_bytes=0&cid=407fd682137c2aec&ts=253&x=0"
set-cookie: XSRF-TOKEN=eyJpdiI6IlhYR25IQnBzeG0yUGZqRDUvSjA0NEE9PSIsInZhbHVlIjoiZUtIbEJPUmtSdVVYc0gwMHNYdlEvb3ZKdlRER2tOTmpIbEUrNlB6eEdKK1U0VFBqWjBidVdHT3J4RERKMlk4QjlBdTFUY1QxWHdrRS8vZC9vYjZvdFgxRFRib3RGWXI0aDBaZ2I1QzNpV2V4YlYyTHlVVDg4TkJKekhQOGVhamMiLCJtYWMiOiJjMzZlYWFiNmE1MmRlYzE5MDUxODcyMzE3NWYwZTM0OTNkMThlNWIyNDRlOTk2ZWJlODQ4MzIxOWY1NDVmYzQ1IiwidGFnIjoiIn0%3D; expires=Fri, 28-Mar-2025 19:16:15 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6ImlkSXgrR250TFQ2cEFlVThsenhFbVE9PSIsInZhbHVlIjoiT0M3cHlNaDRNb0VXYk5kVE9PcHBlV2diYm5iNXRqRnVqam5acjlPdWpROCtBVXRsUGFBQUV6dG9QbWZKbnRsMXduSmlTMWNFVko1UnVaN0VndHpRbEx1T1I5VGVRaEM2Y0FjVXdBOEdsK3pJU0dlRlpzYlBPVm1mZUJoZHRoRGEiLCJtYWMiOiJlN2U2YjljY2ZhMDE2NDRkMzE2MTVmZjc0NjQ4ZTVlZGEyY2FiMzk0YTM3ZmU2YjRhMjU0Njg1OWQ1OGRjNzBlIiwidGFnIjoiIn0%3D; expires=Fri, 28-Mar-2025 19:16:15 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
content-encoding: br
alt-svc: h3=":443"; ma=86400

bsukd2.dmuok.es/staJKcOXUhTOlYD7Kefiu3ztGLr7fwb46oFxZnC8mna28YcKDQCY7i2x38vvxi4oJRnBWRGLLVzMr2CIigh260

104.21.96.1

200 OK

18 kB

URL GET
bsukd2.dmuok.es/staJKcOXUhTOlYD7Kefiu3ztGLr7fwb46oFxZnC8mna28YcKDQCY7i2x38vvxi4oJRnBWRGLLVzMr2CIigh260
IP
104.21.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
Certificate
IssuerGoogle Trust Services
Subjectdmuok.es
Fingerprint71:90:53:8F:DC:0D:35:D2:7D:61:F7:5B:46:B7:42:0F:26:C4:A4:31
ValidityFri, 14 Mar 2025 16:29:05 GMT - Thu, 12 Jun 2025 17:26:16 GMT

File type
RIFF (little-endian) data, Web/P image
Size
18 kB (17842 bytes)
Hash
4b52ecdc33382c9dca874f551990e704
8f3bf8e41cd4cdddb17836b261e73f827b84341b
cce050cc3b150c0b370751021bb15018ee2b64ac369e230fe3b571a9b00d4342

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /staJKcOXUhTOlYD7Kefiu3ztGLr7fwb46oFxZnC8mna28YcKDQCY7i2x38vvxi4oJRnBWRGLLVzMr2CIigh260 HTTP/1.1
Host: bsukd2.dmuok.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
Cookie: XSRF-TOKEN=eyJpdiI6Imd2QzVKRWxxd2VzbUpkWDZFV1FFWXc9PSIsInZhbHVlIjoiaFZ3bUswVjEyNzJmR3pDM2NKenYwWURac0svOGM2QzFiTmRZWGJ1UnlMVHc5N1VaWUVrN084M0d4NkNSQnoxd04rYVhxUE95aVRmQlRGQWdLUkY0dktvd1lmd3dGYTRYZGp3WDBzUE9KNjV3WlFLK3hVaDFEMFI3T3I1d1NGMW4iLCJtYWMiOiIyZjBmYzEyMzE5ZGExMDY2NDAzODg0ZjgxNzZlOGU3MDRjMmVjYzYxOTY0NTgxNzMwM2U3NDBkOGEyZTc1NWZlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkdOQnYwOFNZRVlxMkFETUswelM5ZVE9PSIsInZhbHVlIjoiK3FqdHVWcFJiNXBnWnkxUWNhUExKRkF0aCt4R3R6TDJlOXhMbEdqWW5aMGgxZm1EM3lZVG1tR2hWMk9qREMrUk51a09WQjRoM2w4eCtzNVNXWWdsMHVLMklFMGU5NkFWcXVRVDliSWthZmIxOHVwRGI0NGx4bzRNWml2Uk1UVXMiLCJtYWMiOiI2MzNiMjAwNDY2ZWFmMWQxZmFiM2QyNmJjZjFkYjBiZTFjMmIyNjFiMTk0ZTliYThmYzA2MjczYmM4N2Y2NGFlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 28 Mar 2025 17:16:21 GMT
content-type: image/webp
content-length: 17842
server: cloudflare
content-disposition: inline; filename="staJKcOXUhTOlYD7Kefiu3ztGLr7fwb46oFxZnC8mna28YcKDQCY7i2x38vvxi4oJRnBWRGLLVzMr2CIigh260"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RJmAiOxAEKbdpAsASj%2BFu1bRrzOxj5hECLVhJaxs6JtDtl4SnKWmjgAt1SL4TroTGRg06L5T3RAHrkoGNricnech5muZJ8LfABJi4%2FtknkCD37DPwhPjVX6iA%2FQ2bGb4%2BS1X"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=43076&min_rtt=42757&rtt_var=16262&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=2247&delivery_rate=66608&cwnd=158&unsent_bytes=0&cid=382f76ef1c01b47a&ts=255&x=0"
cf-ray: 9278c6447f185696-OSL
alt-svc: h3=":443"; ma=86400

bsukd2.dmuok.es/ijvAb2RpbYu9EPqbjXRecB2XujfjaNxSlo8iuqvjs34OOD89svtRwMCPCwlvltIJDOUnMVSUFHraksuab230

104.21.96.1

200 OK

1.3 kB

URL GET
bsukd2.dmuok.es/ijvAb2RpbYu9EPqbjXRecB2XujfjaNxSlo8iuqvjs34OOD89svtRwMCPCwlvltIJDOUnMVSUFHraksuab230
IP
104.21.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
Certificate
IssuerGoogle Trust Services
Subjectdmuok.es
Fingerprint71:90:53:8F:DC:0D:35:D2:7D:61:F7:5B:46:B7:42:0F:26:C4:A4:31
ValidityFri, 14 Mar 2025 16:29:05 GMT - Thu, 12 Jun 2025 17:26:16 GMT

File type
RIFF (little-endian) data, Web/P image
Size
1.3 kB (1298 bytes)
Hash
32ca2081553e969f9fdd4374134521ad
7b09924c4c3d8b6e41fe38363e342da098be4173
216fc342a469aa6a005b2eacc24622095e5282d3e9f1ae99ce54c27b92ec3587

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /ijvAb2RpbYu9EPqbjXRecB2XujfjaNxSlo8iuqvjs34OOD89svtRwMCPCwlvltIJDOUnMVSUFHraksuab230 HTTP/1.1
Host: bsukd2.dmuok.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
Cookie: XSRF-TOKEN=eyJpdiI6Imd2QzVKRWxxd2VzbUpkWDZFV1FFWXc9PSIsInZhbHVlIjoiaFZ3bUswVjEyNzJmR3pDM2NKenYwWURac0svOGM2QzFiTmRZWGJ1UnlMVHc5N1VaWUVrN084M0d4NkNSQnoxd04rYVhxUE95aVRmQlRGQWdLUkY0dktvd1lmd3dGYTRYZGp3WDBzUE9KNjV3WlFLK3hVaDFEMFI3T3I1d1NGMW4iLCJtYWMiOiIyZjBmYzEyMzE5ZGExMDY2NDAzODg0ZjgxNzZlOGU3MDRjMmVjYzYxOTY0NTgxNzMwM2U3NDBkOGEyZTc1NWZlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkdOQnYwOFNZRVlxMkFETUswelM5ZVE9PSIsInZhbHVlIjoiK3FqdHVWcFJiNXBnWnkxUWNhUExKRkF0aCt4R3R6TDJlOXhMbEdqWW5aMGgxZm1EM3lZVG1tR2hWMk9qREMrUk51a09WQjRoM2w4eCtzNVNXWWdsMHVLMklFMGU5NkFWcXVRVDliSWthZmIxOHVwRGI0NGx4bzRNWml2Uk1UVXMiLCJtYWMiOiI2MzNiMjAwNDY2ZWFmMWQxZmFiM2QyNmJjZjFkYjBiZTFjMmIyNjFiMTk0ZTliYThmYzA2MjczYmM4N2Y2NGFlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 28 Mar 2025 17:16:19 GMT
content-type: image/webp
content-length: 1298
server: cloudflare
content-disposition: inline; filename="ijvAb2RpbYu9EPqbjXRecB2XujfjaNxSlo8iuqvjs34OOD89svtRwMCPCwlvltIJDOUnMVSUFHraksuab230"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WotTpMqpD%2BpjqS%2Bso%2FCjqz8GGp4kUmii5kPadQN2ISc%2Fv82PMa3sjxGqbsICzAtSEB8mHbKnZyLfh38Ah4rZntQ9VMuXc2LB96TJPtHDQlhw3PI03zfUUfuTGFvA6NPEucJn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=30460&min_rtt=30327&rtt_var=11467&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2245&delivery_rate=93909&cwnd=95&unsent_bytes=0&cid=291358d8bbd8136a&ts=253&x=0"
cf-ray: 9278c64b8f5e5696-OSL
alt-svc: h3=":443"; ma=86400

bsukd2.dmuok.es/tdfufv2qVYxaH7pl9dT3hZ1dARYTjSFnwg

104.21.96.1

200 OK

20 B

URL POST
bsukd2.dmuok.es/tdfufv2qVYxaH7pl9dT3hZ1dARYTjSFnwg
IP
104.21.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bsukd2.dmuok.es/n9IzCybq/
Certificate
IssuerGoogle Trust Services
Subjectdmuok.es
Fingerprint71:90:53:8F:DC:0D:35:D2:7D:61:F7:5B:46:B7:42:0F:26:C4:A4:31
ValidityFri, 14 Mar 2025 16:29:05 GMT - Thu, 12 Jun 2025 17:26:16 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
20 B (20 bytes)
Hash
0b35866f4a3aa4d34ce5dda2d14c2cd8
d2b80911f09c3106fdf0df9920f983945d644083
493851374626d927bfe1c7d084fa977a0e636c03f163fda258ab6b638edc2f0d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

POST /tdfufv2qVYxaH7pl9dT3hZ1dARYTjSFnwg HTTP/1.1
Host: bsukd2.dmuok.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bsukd2.dmuok.es/n9IzCybq/
Content-Type: multipart/form-data; boundary=---------------------------218462861618891255801282026880
Content-Length: 927
Origin: https://bsukd2.dmuok.es
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Ilh1VFlaaWpkU1BqVDhQZUVocWQwNnc9PSIsInZhbHVlIjoiMEV6YVN1TWNaLzNyeklaemNpM1oxbERBd25NaVo0OXdTM1ZSSnd4clVXc0wzUXFEUzhacHFPZXdkbmc2TFI0S3NnV3gwL0hIMXhqL1I3cUkzQmFuR0UvQkVibUg0SHNTYlkvTGFKeHdKeFprUnFuaGxKN282bFhLOUF3QTJ6UmYiLCJtYWMiOiJjNzlhMTlhMGFmMzU4N2YwY2Y1MDIxYWUzNmUyYzhjOTNmZjM4NWU4YjVhYmE2ZTEwZjMwYTAxNjMwOWJhMDQ1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImxpT29ZQVQ4bWlBcHl6QzhvVG43Vmc9PSIsInZhbHVlIjoiOW1rWUhrOUVnR0QwWUIyU0EvdE4rbDZwaEUyTlZzYk5XODZob2piWG1EUy81SSs1cktUUzkyWjZsUWpocElTUlFHTFJPTDcrT1RRRzdwVlBDSE5ycmljKzhNc29GWVFtWTdPZlVSRSsxUVBKT2V3OHpMSExBbzQxVXRXQUVsT1ciLCJtYWMiOiJiZTk0ZTFmZThlMjM3ZDA1ZDVjYzgxZTljNDZkNTJkYzcyODVhNTEzYTExNmUxOGI0NDRiMDgwNjRjOGZhZGVhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 28 Mar 2025 17:16:15 GMT
content-type: application/json
cf-ray: 9278c62f5dee5696-OSL
server: cloudflare
cache-control: no-cache, private
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aCLYAlvHSILflK0u%2F9irH0XE9qFDhhj9N4s6HYg7rm%2Bt8so%2BKhohqK9D6uomWZjFaqrMhEE8pi942Ovdu8RaxDFieM%2FiJ7BsRnizZ8ZFJQUandztcIpkCy1rId0%2Fguyk57K3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=42573&min_rtt=42550&rtt_var=16003&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2822&recv_bytes=3183&delivery_rate=66637&cwnd=88&unsent_bytes=0&cid=dabba92f5bd18668&ts=230&x=0"
set-cookie: XSRF-TOKEN=eyJpdiI6IkNMNFd6L3RYSDRsL05MVUt4K1JReGc9PSIsInZhbHVlIjoiNFdwM3EzSzdlT3pkVW5iZXpFeUh1Rmx0Tm56a0FHRTdKZlJQM0plMmllVWZTSmpWVUZCaUdhUjZsWmdMelJiTzl0SndBU00rYkRSS3NEWCtQK3dXRUcrVlpDaHVQZE0zYmtqYXFYbTdTVWswMzRGeXpjY1JsTDV1ZFNVeWx1d0QiLCJtYWMiOiI3OWZmY2I0NzM0MDA5N2MyYWYwZTI4YzM3ZTk4ZTcxYjhhZWFhZWI0MzJlMmZjYjgzODg5MGQ4YjIyMTQwYzEyIiwidGFnIjoiIn0%3D; expires=Fri, 28-Mar-2025 19:16:15 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6Ik03ZU1lZ0xBVEYvS1MvRHhWeEhMd3c9PSIsInZhbHVlIjoidjA4ZVpybkk3cDlyUjZFWThJa0pUOEVVQkRwcWRnSXNtS0NBTkNjbUdVaVB0UzZMeTVzMHNVbDh4WGpmNEIyN3dVUlcwUDB5WU5pNlhGYUJ5SDNDRmoza3kvTzVGL3ZVd1BoWXNhZWwxeXlKY0VnUE9pSitBWkpnQTRoVUVZak0iLCJtYWMiOiJiYjMzOWU0MDBkODQ4YWE4ODdjODczODc1YzFiYmZjNTRhNjQyNmY5YjY4ZmFjZWM1Nzk1YTQ5NjgwNjZiODk2IiwidGFnIjoiIn0%3D; expires=Fri, 28-Mar-2025 19:16:15 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400

bsukd2.dmuok.es/xyl8bH1Z2F4Ek4qtMmE3PxHQyligkpdPihquTrhUwOBlew

104.21.96.1

200 OK

313 B

URL POST
bsukd2.dmuok.es/xyl8bH1Z2F4Ek4qtMmE3PxHQyligkpdPihquTrhUwOBlew
IP
104.21.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bsukd2.dmuok.es/n9IzCybq/
Certificate
IssuerGoogle Trust Services
Subjectdmuok.es
Fingerprint71:90:53:8F:DC:0D:35:D2:7D:61:F7:5B:46:B7:42:0F:26:C4:A4:31
ValidityFri, 14 Mar 2025 16:29:05 GMT - Thu, 12 Jun 2025 17:26:16 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (333), with no line terminators
Size
313 B (313 bytes)
Hash
90b29ff9249f96e60d09a71bee9e3346
b8db61d8aaec1240a4f7a5caef32dc3e948cacf0
0cd175984ec3a40880c11f25b1e3463779741a1655704506768ea4336018fa53

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

POST /xyl8bH1Z2F4Ek4qtMmE3PxHQyligkpdPihquTrhUwOBlew HTTP/1.1
Host: bsukd2.dmuok.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 6
Origin: https://bsukd2.dmuok.es
DNT: 1
Connection: keep-alive
Referer: https://bsukd2.dmuok.es/n9IzCybq/
Cookie: XSRF-TOKEN=eyJpdiI6IlhYR25IQnBzeG0yUGZqRDUvSjA0NEE9PSIsInZhbHVlIjoiZUtIbEJPUmtSdVVYc0gwMHNYdlEvb3ZKdlRER2tOTmpIbEUrNlB6eEdKK1U0VFBqWjBidVdHT3J4RERKMlk4QjlBdTFUY1QxWHdrRS8vZC9vYjZvdFgxRFRib3RGWXI0aDBaZ2I1QzNpV2V4YlYyTHlVVDg4TkJKekhQOGVhamMiLCJtYWMiOiJjMzZlYWFiNmE1MmRlYzE5MDUxODcyMzE3NWYwZTM0OTNkMThlNWIyNDRlOTk2ZWJlODQ4MzIxOWY1NDVmYzQ1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImlkSXgrR250TFQ2cEFlVThsenhFbVE9PSIsInZhbHVlIjoiT0M3cHlNaDRNb0VXYk5kVE9PcHBlV2diYm5iNXRqRnVqam5acjlPdWpROCtBVXRsUGFBQUV6dG9QbWZKbnRsMXduSmlTMWNFVko1UnVaN0VndHpRbEx1T1I5VGVRaEM2Y0FjVXdBOEdsK3pJU0dlRlpzYlBPVm1mZUJoZHRoRGEiLCJtYWMiOiJlN2U2YjljY2ZhMDE2NDRkMzE2MTVmZjc0NjQ4ZTVlZGEyY2FiMzk0YTM3ZmU2YjRhMjU0Njg1OWQ1OGRjNzBlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 28 Mar 2025 17:16:16 GMT
content-type: text/html; charset=UTF-8
cf-ray: 9278c6387e8d5696-OSL
server: cloudflare
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t88fJ9UlEUhC0gLvyqdZRuJkpE6OputxZQV2j3E3lia2l6Juvpwhk1KShbD4DtlWVlogbIcvwEuY397jpSq2xRBBMySgYtWlMf0ncJS%2BqXraOtKEEYQ144Ol4dSFJ3Tc9oPe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=10457&min_rtt=10297&rtt_var=3975&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2252&delivery_rate=276585&cwnd=110&unsent_bytes=0&cid=e35449d298935f3a&ts=453&x=0"
set-cookie: XSRF-TOKEN=eyJpdiI6ImZpL2VJVUdjTjZ0bzd6M1JScGhsWmc9PSIsInZhbHVlIjoidTExYTlQcHB2VGVhd3RqSHJWbElJR3JDQTVrNHJKNk13a1l0MDVSOEw2am1ZM2ZnZHhYR1BNS1VUUUJjWGJOODFrRnF5ajBSeGliSlFMUzVpbUtZd2lRVU5Namc3Y1padUhuUHpqV1hic2swWU44bkM1dzZjNGdGQjd6WjBOUFMiLCJtYWMiOiI5OWFjNDUxYjVjNmYyNzcxYjMyYTBjMWUzZjhiMWQ3NWRmNTMzZmRkMWFiY2JhMmNkNDgwZTIxOGQxM2I0ZDNhIiwidGFnIjoiIn0%3D; expires=Fri, 28-Mar-2025 19:16:16 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IitoOGFINGtTTXpJK1pzbUtESCtZd2c9PSIsInZhbHVlIjoiUUNTQ2VxWDdIdTlEcDg4a2ZoOXIzUlpBV21HcVhXQjBRS1d1QWxBQTRXblNCZXNJNkdGd3oxRjdSRzZHbVlTWElDMmZsQi9vbkErenN2eXZkWElrd3lDU1NiSUhmMVdRMStQRXY2WE9KMFJBQU5TNjQ0b2luNk4yNXVjNFRwbVciLCJtYWMiOiJiMmNjZTYwNmNiZTM2NTg1NDhhMDNhNmFhODRiZGJkOGM3MDY4OWM0Mzg0NDlhZDQ2ODU4ODE3YWIwNDI1MjUzIiwidGFnIjoiIn0%3D; expires=Fri, 28-Mar-2025 19:16:16 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
content-encoding: br
alt-svc: h3=":443"; ma=86400

bsukd2.dmuok.es/favicon.ico

0.0.0.0

0 B

URL GET
bsukd2.dmuok.es/favicon.ico
IP
0.0.0.0:0
ASN
#0

Requested by
https://bsukd2.dmuok.es/n9IzCybq/
Certificate
IssuerGoogle Trust Services
Subjectdmuok.es
Fingerprint71:90:53:8F:DC:0D:35:D2:7D:61:F7:5B:46:B7:42:0F:26:C4:A4:31
ValidityFri, 14 Mar 2025 16:29:05 GMT - Thu, 12 Jun 2025 17:26:16 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: bsukd2.dmuok.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bsukd2.dmuok.es/n9IzCybq/
Cookie: XSRF-TOKEN=eyJpdiI6IlhYR25IQnBzeG0yUGZqRDUvSjA0NEE9PSIsInZhbHVlIjoiZUtIbEJPUmtSdVVYc0gwMHNYdlEvb3ZKdlRER2tOTmpIbEUrNlB6eEdKK1U0VFBqWjBidVdHT3J4RERKMlk4QjlBdTFUY1QxWHdrRS8vZC9vYjZvdFgxRFRib3RGWXI0aDBaZ2I1QzNpV2V4YlYyTHlVVDg4TkJKekhQOGVhamMiLCJtYWMiOiJjMzZlYWFiNmE1MmRlYzE5MDUxODcyMzE3NWYwZTM0OTNkMThlNWIyNDRlOTk2ZWJlODQ4MzIxOWY1NDVmYzQ1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImlkSXgrR250TFQ2cEFlVThsenhFbVE9PSIsInZhbHVlIjoiT0M3cHlNaDRNb0VXYk5kVE9PcHBlV2diYm5iNXRqRnVqam5acjlPdWpROCtBVXRsUGFBQUV6dG9QbWZKbnRsMXduSmlTMWNFVko1UnVaN0VndHpRbEx1T1I5VGVRaEM2Y0FjVXdBOEdsK3pJU0dlRlpzYlBPVm1mZUJoZHRoRGEiLCJtYWMiOiJlN2U2YjljY2ZhMDE2NDRkMzE2MTVmZjc0NjQ4ZTVlZGEyY2FiMzk0YTM3ZmU2YjRhMjU0Njg1OWQ1OGRjNzBlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

bsukd2.dmuok.es/opDgcog4ihjpR3P5Am0TFdgTgv3tijW8VdYzRANbmrfUcjsxxjcTvMgcd195

104.21.96.1

200 OK

268 B

URL GET
bsukd2.dmuok.es/opDgcog4ihjpR3P5Am0TFdgTgv3tijW8VdYzRANbmrfUcjsxxjcTvMgcd195
IP
104.21.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
Certificate
IssuerGoogle Trust Services
Subjectdmuok.es
Fingerprint71:90:53:8F:DC:0D:35:D2:7D:61:F7:5B:46:B7:42:0F:26:C4:A4:31
ValidityFri, 14 Mar 2025 16:29:05 GMT - Thu, 12 Jun 2025 17:26:16 GMT

File type
SVG Scalable Vector Graphics image
Size
268 B (268 bytes)
Hash
1318aafc1fb9ded0c623e5b9a557e6df
0917cdd7633cd1642b02b2b785416ec7e5106dcc
d86660a84daa211b121ec9fe0df83d6b945f61b888384391eabc7d6b4e941dc4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /opDgcog4ihjpR3P5Am0TFdgTgv3tijW8VdYzRANbmrfUcjsxxjcTvMgcd195 HTTP/1.1
Host: bsukd2.dmuok.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
Cookie: XSRF-TOKEN=eyJpdiI6Imd2QzVKRWxxd2VzbUpkWDZFV1FFWXc9PSIsInZhbHVlIjoiaFZ3bUswVjEyNzJmR3pDM2NKenYwWURac0svOGM2QzFiTmRZWGJ1UnlMVHc5N1VaWUVrN084M0d4NkNSQnoxd04rYVhxUE95aVRmQlRGQWdLUkY0dktvd1lmd3dGYTRYZGp3WDBzUE9KNjV3WlFLK3hVaDFEMFI3T3I1d1NGMW4iLCJtYWMiOiIyZjBmYzEyMzE5ZGExMDY2NDAzODg0ZjgxNzZlOGU3MDRjMmVjYzYxOTY0NTgxNzMwM2U3NDBkOGEyZTc1NWZlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkdOQnYwOFNZRVlxMkFETUswelM5ZVE9PSIsInZhbHVlIjoiK3FqdHVWcFJiNXBnWnkxUWNhUExKRkF0aCt4R3R6TDJlOXhMbEdqWW5aMGgxZm1EM3lZVG1tR2hWMk9qREMrUk51a09WQjRoM2w4eCtzNVNXWWdsMHVLMklFMGU5NkFWcXVRVDliSWthZmIxOHVwRGI0NGx4bzRNWml2Uk1UVXMiLCJtYWMiOiI2MzNiMjAwNDY2ZWFmMWQxZmFiM2QyNmJjZjFkYjBiZTFjMmIyNjFiMTk0ZTliYThmYzA2MjczYmM4N2Y2NGFlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 28 Mar 2025 17:16:20 GMT
content-type: image/svg+xml
cf-ray: 9278c6445f145696-OSL
server: cloudflare
content-disposition: inline; filename="opDgcog4ihjpR3P5Am0TFdgTgv3tijW8VdYzRANbmrfUcjsxxjcTvMgcd195"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=77iuZDJAIqzgjiw1LGG1X2Zyp4LdUNrKiwtiTtyZhlfbqPZJT%2BWL%2Frwuwe4f3ClgCVUuUqa%2BEEWmxUE7IO%2Bc2o%2FB%2FVAPVKZVW6%2BOas8xiF%2BHuRhbLBzwC6%2FfWuVduzLx05Xc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=42332&min_rtt=42285&rtt_var=15890&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2221&delivery_rate=67352&cwnd=76&unsent_bytes=0&cid=01483b53114c0d6c&ts=251&x=0"
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400

ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7

143.204.55.3

200 OK

11 kB

URL GET
ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7
IP
143.204.55.3:443
ASN
#16509 AMAZON-02

Requested by
https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
Certificate
IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT

File type
PNG image data, 420 x 94, 8-bit/color RGBA, non-interlaced
Size
11 kB (10796 bytes)
Hash
12bdacc832185d0367ecc23fd24c86ce
4422f316eb4d8c8d160312bb695fd1d944cbff12
877ae491d9aac5c6ef82a8430f9f652ace8a0dbc7294bd112aad49bd593769d0

HTTP Headers

GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bsukd2.dmuok.es/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/png
content-length: 10796
date: Wed, 12 Mar 2025 01:00:17 GMT
server: nginx
last-modified: Tue, 23 Feb 2021 04:20:08 GMT
etag: "12bdacc832185d0367ecc23fd24c86ce"
expires: Thu, 12 Mar 2026 01:00:17 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-security-policy: default-src 'none'; img-src 'self'; require-trusted-types-for 'script'; report-uri  https://oktacsp.report-uri.com/r/t/csp/enforce
x-content-type-options: nosniff
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: GRP03CGQfdNVNxceIxD-tpmf3D6MOvNUXlE3rA8BJcMiAfNr-OBrSA==
age: 1440961
X-Firefox-Spdy: h2

bsukd2.dmuok.es/favicon.ico

104.21.96.1

404 Not Found

0 B

URL GET
bsukd2.dmuok.es/favicon.ico
IP
104.21.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
Certificate
IssuerGoogle Trust Services
Subjectdmuok.es
Fingerprint71:90:53:8F:DC:0D:35:D2:7D:61:F7:5B:46:B7:42:0F:26:C4:A4:31
ValidityFri, 14 Mar 2025 16:29:05 GMT - Thu, 12 Jun 2025 17:26:16 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: bsukd2.dmuok.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
Cookie: XSRF-TOKEN=eyJpdiI6Imd2QzVKRWxxd2VzbUpkWDZFV1FFWXc9PSIsInZhbHVlIjoiaFZ3bUswVjEyNzJmR3pDM2NKenYwWURac0svOGM2QzFiTmRZWGJ1UnlMVHc5N1VaWUVrN084M0d4NkNSQnoxd04rYVhxUE95aVRmQlRGQWdLUkY0dktvd1lmd3dGYTRYZGp3WDBzUE9KNjV3WlFLK3hVaDFEMFI3T3I1d1NGMW4iLCJtYWMiOiIyZjBmYzEyMzE5ZGExMDY2NDAzODg0ZjgxNzZlOGU3MDRjMmVjYzYxOTY0NTgxNzMwM2U3NDBkOGEyZTc1NWZlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkdOQnYwOFNZRVlxMkFETUswelM5ZVE9PSIsInZhbHVlIjoiK3FqdHVWcFJiNXBnWnkxUWNhUExKRkF0aCt4R3R6TDJlOXhMbEdqWW5aMGgxZm1EM3lZVG1tR2hWMk9qREMrUk51a09WQjRoM2w4eCtzNVNXWWdsMHVLMklFMGU5NkFWcXVRVDliSWthZmIxOHVwRGI0NGx4bzRNWml2Uk1UVXMiLCJtYWMiOiI2MzNiMjAwNDY2ZWFmMWQxZmFiM2QyNmJjZjFkYjBiZTFjMmIyNjFiMTk0ZTliYThmYzA2MjczYmM4N2Y2NGFlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Fri, 28 Mar 2025 17:16:23 GMT
content-type: text/html; charset=UTF-8
cf-ray: 9278c667288f5696-OSL
server: cloudflare
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gh8SMsqBWcBGQI%2FOszTQKY5tu1n0qfsthZLOI%2BQB1X1hlwtC4LUkPz9yb6jFNaB4ZBkDNGSoFca%2BCvrUY9POTZXgVB0m2VpDRB0mQvRrPSzBB59ls%2BJFKIb9BAtHAFhK42Hn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server-timing: cfL4;desc="?proto=TCP&rtt=42630&min_rtt=42473&rtt_var=16040&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2099&delivery_rate=67054&cwnd=56&unsent_bytes=0&cid=9c982dbbb0b773c7&ts=396&x=0"
age: 6
cache-control: max-age=14400
content-encoding: br
alt-svc: h3=":443"; ma=86400

cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

104.17.24.14

200 OK

48 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bsukd2.dmuok.es/n9IzCybq/
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC
ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT

File type
JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Size
48 kB (48316 bytes)
Hash
2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762

HTTP Headers

GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bsukd2.dmuok.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 28 Mar 2025 17:16:06 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1264610
expires: Wed, 18 Mar 2026 17:16:06 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uDU2L5OwI6LfbYKZBjYWFjfvjS%2BUyPZNwGhovFB9BtVfR64uTqO5Z1FJ3jemOGZC%2Bfgy%2BEuWKT931rtK1%2Fyf8ogmK%2Fo9oiY1QPdT6D%2BAj79kqMak7cF%2FA9ts9ocSFEbHxkUt9Fkh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 9278c5fb5bdb0b59-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

bsukd2.dmuok.es/GDSherpa-regular.woff

104.21.96.1

200 OK

37 kB

URL GET
bsukd2.dmuok.es/GDSherpa-regular.woff
IP
104.21.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
Certificate
IssuerGoogle Trust Services
Subjectdmuok.es
Fingerprint71:90:53:8F:DC:0D:35:D2:7D:61:F7:5B:46:B7:42:0F:26:C4:A4:31
ValidityFri, 14 Mar 2025 16:29:05 GMT - Thu, 12 Jun 2025 17:26:16 GMT

File type
Web Open Font Format, TrueType, length 36696, version 1.0
Size
37 kB (36696 bytes)
Hash
a69e9ab8afdd7486ec0749c551051ff2
c34e6aa327b536fb48d1fe03577a47c7ee2231b8
fd78a1913db912221b8ead1e62fad47d1ff0a9fa6cd88d3b128a721ad91d2faf

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /GDSherpa-regular.woff HTTP/1.1
Host: bsukd2.dmuok.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Imd2QzVKRWxxd2VzbUpkWDZFV1FFWXc9PSIsInZhbHVlIjoiaFZ3bUswVjEyNzJmR3pDM2NKenYwWURac0svOGM2QzFiTmRZWGJ1UnlMVHc5N1VaWUVrN084M0d4NkNSQnoxd04rYVhxUE95aVRmQlRGQWdLUkY0dktvd1lmd3dGYTRYZGp3WDBzUE9KNjV3WlFLK3hVaDFEMFI3T3I1d1NGMW4iLCJtYWMiOiIyZjBmYzEyMzE5ZGExMDY2NDAzODg0ZjgxNzZlOGU3MDRjMmVjYzYxOTY0NTgxNzMwM2U3NDBkOGEyZTc1NWZlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkdOQnYwOFNZRVlxMkFETUswelM5ZVE9PSIsInZhbHVlIjoiK3FqdHVWcFJiNXBnWnkxUWNhUExKRkF0aCt4R3R6TDJlOXhMbEdqWW5aMGgxZm1EM3lZVG1tR2hWMk9qREMrUk51a09WQjRoM2w4eCtzNVNXWWdsMHVLMklFMGU5NkFWcXVRVDliSWthZmIxOHVwRGI0NGx4bzRNWml2Uk1UVXMiLCJtYWMiOiI2MzNiMjAwNDY2ZWFmMWQxZmFiM2QyNmJjZjFkYjBiZTFjMmIyNjFiMTk0ZTliYThmYzA2MjczYmM4N2Y2NGFlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 28 Mar 2025 17:16:20 GMT
content-type: font/woff
content-length: 36696
server: cloudflare
content-disposition: inline; filename="GDSherpa-regular.woff"
cf-cache-status: MISS
last-modified: Fri, 28 Mar 2025 17:16:20 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LnvQN5bkPiqrqr3aRjYNrFVKNPlX0KIBH87kl7Y0IMdvzt6aoRiJBkBdHp3tDnVQx6%2FEaQx17MykJSRwBfU2h0vvh8SnjQGDVf%2FNPrdVlBFebmXL51pvT9a27VUK5hCOTaL8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server-timing: cfL4;desc="?proto=TCP&rtt=42752&min_rtt=42683&rtt_var=16055&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2205&delivery_rate=66724&cwnd=87&unsent_bytes=0&cid=e1c458419b61eae8&ts=529&x=0"
cache-control: max-age=14400
cf-ray: 9278c6443f0b5696-OSL
alt-svc: h3=":443"; ma=86400

bsukd2.dmuok.es/mnq2eDqO2xxqGGzHaY3NuYhnb3Ugkb3L8klpkkqJmo3sEDTKuQBVPMIuv220

104.21.96.1

200 OK

1.9 kB

URL GET
bsukd2.dmuok.es/mnq2eDqO2xxqGGzHaY3NuYhnb3Ugkb3L8klpkkqJmo3sEDTKuQBVPMIuv220
IP
104.21.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
Certificate
IssuerGoogle Trust Services
Subjectdmuok.es
Fingerprint71:90:53:8F:DC:0D:35:D2:7D:61:F7:5B:46:B7:42:0F:26:C4:A4:31
ValidityFri, 14 Mar 2025 16:29:05 GMT - Thu, 12 Jun 2025 17:26:16 GMT

File type
SVG Scalable Vector Graphics image
Size
1.9 kB (1864 bytes)
Hash
4b5c228b4faba433d06ec569ed855b2d
a7d3882b93e332460e7c59510a6a811ef011983f
eb19d76cd1fad39abf0f2778991883a5cf9ff560117ce8f7c64124e71471b4ed

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /mnq2eDqO2xxqGGzHaY3NuYhnb3Ugkb3L8klpkkqJmo3sEDTKuQBVPMIuv220 HTTP/1.1
Host: bsukd2.dmuok.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
Cookie: XSRF-TOKEN=eyJpdiI6Imd2QzVKRWxxd2VzbUpkWDZFV1FFWXc9PSIsInZhbHVlIjoiaFZ3bUswVjEyNzJmR3pDM2NKenYwWURac0svOGM2QzFiTmRZWGJ1UnlMVHc5N1VaWUVrN084M0d4NkNSQnoxd04rYVhxUE95aVRmQlRGQWdLUkY0dktvd1lmd3dGYTRYZGp3WDBzUE9KNjV3WlFLK3hVaDFEMFI3T3I1d1NGMW4iLCJtYWMiOiIyZjBmYzEyMzE5ZGExMDY2NDAzODg0ZjgxNzZlOGU3MDRjMmVjYzYxOTY0NTgxNzMwM2U3NDBkOGEyZTc1NWZlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkdOQnYwOFNZRVlxMkFETUswelM5ZVE9PSIsInZhbHVlIjoiK3FqdHVWcFJiNXBnWnkxUWNhUExKRkF0aCt4R3R6TDJlOXhMbEdqWW5aMGgxZm1EM3lZVG1tR2hWMk9qREMrUk51a09WQjRoM2w4eCtzNVNXWWdsMHVLMklFMGU5NkFWcXVRVDliSWthZmIxOHVwRGI0NGx4bzRNWml2Uk1UVXMiLCJtYWMiOiI2MzNiMjAwNDY2ZWFmMWQxZmFiM2QyNmJjZjFkYjBiZTFjMmIyNjFiMTk0ZTliYThmYzA2MjczYmM4N2Y2NGFlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 28 Mar 2025 17:16:19 GMT
content-type: image/svg+xml
cf-ray: 9278c64b7f5b5696-OSL
server: cloudflare
content-disposition: inline; filename="mnq2eDqO2xxqGGzHaY3NuYhnb3Ugkb3L8klpkkqJmo3sEDTKuQBVPMIuv220"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OOTU%2FkFrF%2FKlceW2l28S6h9My9sCFmOqo9o1dV8tmm4k4JlPzFvZwj4Yrozn4pMuN4JMDtfIXLt7g1ke6pztyTzEESj0rbKE2dmw%2FbDACn1AudpuWS4WmrtJzyCAZSZHAQjo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=34314&min_rtt=34279&rtt_var=12879&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=2221&delivery_rate=83082&cwnd=63&unsent_bytes=0&cid=f48028e2f877146b&ts=270&x=0"
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400

bsukd2.dmuok.es/GDSherpa-bold.woff2

104.21.96.1

200 OK

28 kB

URL GET
bsukd2.dmuok.es/GDSherpa-bold.woff2
IP
104.21.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
Certificate
IssuerGoogle Trust Services
Subjectdmuok.es
Fingerprint71:90:53:8F:DC:0D:35:D2:7D:61:F7:5B:46:B7:42:0F:26:C4:A4:31
ValidityFri, 14 Mar 2025 16:29:05 GMT - Thu, 12 Jun 2025 17:26:16 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28000, version 1.66
Size
28 kB (28000 bytes)
Hash
a4bca6c95fed0d0c5cc46cf07710dcec
73b56e33b82b42921db8702a33efd0f2b2ec9794
5a51d246af54d903f67f07f2bd820ce77736f8d08c5f1602db07469d96dbf77f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /GDSherpa-bold.woff2 HTTP/1.1
Host: bsukd2.dmuok.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Imd2QzVKRWxxd2VzbUpkWDZFV1FFWXc9PSIsInZhbHVlIjoiaFZ3bUswVjEyNzJmR3pDM2NKenYwWURac0svOGM2QzFiTmRZWGJ1UnlMVHc5N1VaWUVrN084M0d4NkNSQnoxd04rYVhxUE95aVRmQlRGQWdLUkY0dktvd1lmd3dGYTRYZGp3WDBzUE9KNjV3WlFLK3hVaDFEMFI3T3I1d1NGMW4iLCJtYWMiOiIyZjBmYzEyMzE5ZGExMDY2NDAzODg0ZjgxNzZlOGU3MDRjMmVjYzYxOTY0NTgxNzMwM2U3NDBkOGEyZTc1NWZlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkdOQnYwOFNZRVlxMkFETUswelM5ZVE9PSIsInZhbHVlIjoiK3FqdHVWcFJiNXBnWnkxUWNhUExKRkF0aCt4R3R6TDJlOXhMbEdqWW5aMGgxZm1EM3lZVG1tR2hWMk9qREMrUk51a09WQjRoM2w4eCtzNVNXWWdsMHVLMklFMGU5NkFWcXVRVDliSWthZmIxOHVwRGI0NGx4bzRNWml2Uk1UVXMiLCJtYWMiOiI2MzNiMjAwNDY2ZWFmMWQxZmFiM2QyNmJjZjFkYjBiZTFjMmIyNjFiMTk0ZTliYThmYzA2MjczYmM4N2Y2NGFlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 28 Mar 2025 17:16:19 GMT
content-type: font/woff2
content-length: 28000
server: cloudflare
content-disposition: inline; filename="GDSherpa-bold.woff2"
last-modified: Fri, 28 Mar 2025 17:16:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fT5YKtxcweMTvImSE7rkjFhz9AgO5ItDuLozBgVxWIAOe0hdBNpx%2FUcMgXMjxrPXZCypmUO0NnuRprpv%2B8AKjv8KKuSnEjKD8Y21RvBwmdm3QcC558fmwvc1nl4D3tGIriyK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server-timing: cfL4;desc="?proto=TCP&rtt=42190&min_rtt=42115&rtt_var=15847&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2201&delivery_rate=67624&cwnd=78&unsent_bytes=0&cid=67eef79294154353&ts=548&x=0"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 9278c6442f085696-OSL
alt-svc: h3=":443"; ma=86400

code.jquery.com/jquery-3.6.0.min.js

151.101.2.137

200 OK

90 kB

URL GET
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.2.137:443
ASN
#54113 FASTLY

Requested by
https://bsukd2.dmuok.es/n9IzCybq/
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
90 kB (89501 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bsukd2.dmuok.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Fri, 28 Mar 2025 17:16:16 GMT
age: 1851380
x-served-by: cache-lga21931-LGA, cache-hel1410029-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 645481
x-timer: S1743182176.013843,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI

104.21.96.1

200 OK

150 kB

URL User Request GET
bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
IP
104.21.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectdmuok.es
Fingerprint71:90:53:8F:DC:0D:35:D2:7D:61:F7:5B:46:B7:42:0F:26:C4:A4:31
ValidityFri, 14 Mar 2025 16:29:05 GMT - Thu, 12 Jun 2025 17:26:16 GMT

File type
HTML document, ASCII text, with very long lines (52003), with CRLF line terminators
Size
150 kB (149626 bytes)
Hash
fb3cf921edb37f91699743710676255e
51d3b848cbbab8662fd0d62c64c7d7f4acf7dd70
426579bc60974c501dc3c08a0faffb4bfde17138d3d7aabe31cc562436906787

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Anti-debugging code
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI HTTP/1.1
Host: bsukd2.dmuok.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bsukd2.dmuok.es/n9IzCybq/
Cookie: XSRF-TOKEN=eyJpdiI6ImZpL2VJVUdjTjZ0bzd6M1JScGhsWmc9PSIsInZhbHVlIjoidTExYTlQcHB2VGVhd3RqSHJWbElJR3JDQTVrNHJKNk13a1l0MDVSOEw2am1ZM2ZnZHhYR1BNS1VUUUJjWGJOODFrRnF5ajBSeGliSlFMUzVpbUtZd2lRVU5Namc3Y1padUhuUHpqV1hic2swWU44bkM1dzZjNGdGQjd6WjBOUFMiLCJtYWMiOiI5OWFjNDUxYjVjNmYyNzcxYjMyYTBjMWUzZjhiMWQ3NWRmNTMzZmRkMWFiY2JhMmNkNDgwZTIxOGQxM2I0ZDNhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IitoOGFINGtTTXpJK1pzbUtESCtZd2c9PSIsInZhbHVlIjoiUUNTQ2VxWDdIdTlEcDg4a2ZoOXIzUlpBV21HcVhXQjBRS1d1QWxBQTRXblNCZXNJNkdGd3oxRjdSRzZHbVlTWElDMmZsQi9vbkErenN2eXZkWElrd3lDU1NiSUhmMVdRMStQRXY2WE9KMFJBQU5TNjQ0b2luNk4yNXVjNFRwbVciLCJtYWMiOiJiMmNjZTYwNmNiZTM2NTg1NDhhMDNhNmFhODRiZGJkOGM3MDY4OWM0Mzg0NDlhZDQ2ODU4ODE3YWIwNDI1MjUzIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 28 Mar 2025 17:16:17 GMT
content-type: text/html; charset=UTF-8
cf-ray: 9278c63d7ecd5696-OSL
server: cloudflare
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gXkPsIYA5LZLvG4Ajs3VFqVZ56n3adaekxzg84OZXx9E7eO%2FDTdWuhxMa%2BgLmWyzLrYWFDUmuKFqCgaueH4eIzstSGHo6u4%2FhATlqPzdLj5d8lxzRGNxMIJsucEgRW1lpuiz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=63912&min_rtt=63791&rtt_var=24008&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2264&delivery_rate=44645&cwnd=141&unsent_bytes=0&cid=47d6c4cc65ef50da&ts=408&x=0"
set-cookie: XSRF-TOKEN=eyJpdiI6Imd2QzVKRWxxd2VzbUpkWDZFV1FFWXc9PSIsInZhbHVlIjoiaFZ3bUswVjEyNzJmR3pDM2NKenYwWURac0svOGM2QzFiTmRZWGJ1UnlMVHc5N1VaWUVrN084M0d4NkNSQnoxd04rYVhxUE95aVRmQlRGQWdLUkY0dktvd1lmd3dGYTRYZGp3WDBzUE9KNjV3WlFLK3hVaDFEMFI3T3I1d1NGMW4iLCJtYWMiOiIyZjBmYzEyMzE5ZGExMDY2NDAzODg0ZjgxNzZlOGU3MDRjMmVjYzYxOTY0NTgxNzMwM2U3NDBkOGEyZTc1NWZlIiwidGFnIjoiIn0%3D; expires=Fri, 28-Mar-2025 19:16:17 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IkdOQnYwOFNZRVlxMkFETUswelM5ZVE9PSIsInZhbHVlIjoiK3FqdHVWcFJiNXBnWnkxUWNhUExKRkF0aCt4R3R6TDJlOXhMbEdqWW5aMGgxZm1EM3lZVG1tR2hWMk9qREMrUk51a09WQjRoM2w4eCtzNVNXWWdsMHVLMklFMGU5NkFWcXVRVDliSWthZmIxOHVwRGI0NGx4bzRNWml2Uk1UVXMiLCJtYWMiOiI2MzNiMjAwNDY2ZWFmMWQxZmFiM2QyNmJjZjFkYjBiZTFjMmIyNjFiMTk0ZTliYThmYzA2MjczYmM4N2Y2NGFlIiwidGFnIjoiIn0%3D; expires=Fri, 28-Mar-2025 19:16:17 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
content-encoding: br
alt-svc: h3=":443"; ma=86400

cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

104.17.24.14

200 OK

48 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC
ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT

File type
JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Size
48 kB (48316 bytes)
Hash
2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762

HTTP Headers

GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bsukd2.dmuok.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 28 Mar 2025 17:16:17 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1264621
expires: Wed, 18 Mar 2026 17:16:17 GMT
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1LuUJtJmfL%2FgQPLIXhDXJKqo7AL9f7qVOttzzSAT%2BL2IV8TS9CXRDXWydkhdOHxTj5H7LyYmK0mlrmXjjc5UaU7O9wMfHhFZ5M61j3HvP3SqQ80QnmSbOfjgIjAvQ583o86bldrH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 9278c644298eb521-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

bsukd2.dmuok.es/GDSherpa-vf2.woff2

104.21.96.1

200 OK

93 kB

URL GET
bsukd2.dmuok.es/GDSherpa-vf2.woff2
IP
104.21.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
Certificate
IssuerGoogle Trust Services
Subjectdmuok.es
Fingerprint71:90:53:8F:DC:0D:35:D2:7D:61:F7:5B:46:B7:42:0F:26:C4:A4:31
ValidityFri, 14 Mar 2025 16:29:05 GMT - Thu, 12 Jun 2025 17:26:16 GMT

File type
Web Open Font Format (Version 2), TrueType, length 93276, version 1.0
Size
93 kB (93276 bytes)
Hash
bcd7983ea5aa57c55f6758b4977983cb
ef3a009e205229e07fb0ec8569e669b11c378ef1
6528a0bf9a836a53dfd8536e1786ba6831c9d1faa74967126fddf5b2081b858c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /GDSherpa-vf2.woff2 HTTP/1.1
Host: bsukd2.dmuok.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Imd2QzVKRWxxd2VzbUpkWDZFV1FFWXc9PSIsInZhbHVlIjoiaFZ3bUswVjEyNzJmR3pDM2NKenYwWURac0svOGM2QzFiTmRZWGJ1UnlMVHc5N1VaWUVrN084M0d4NkNSQnoxd04rYVhxUE95aVRmQlRGQWdLUkY0dktvd1lmd3dGYTRYZGp3WDBzUE9KNjV3WlFLK3hVaDFEMFI3T3I1d1NGMW4iLCJtYWMiOiIyZjBmYzEyMzE5ZGExMDY2NDAzODg0ZjgxNzZlOGU3MDRjMmVjYzYxOTY0NTgxNzMwM2U3NDBkOGEyZTc1NWZlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkdOQnYwOFNZRVlxMkFETUswelM5ZVE9PSIsInZhbHVlIjoiK3FqdHVWcFJiNXBnWnkxUWNhUExKRkF0aCt4R3R6TDJlOXhMbEdqWW5aMGgxZm1EM3lZVG1tR2hWMk9qREMrUk51a09WQjRoM2w4eCtzNVNXWWdsMHVLMklFMGU5NkFWcXVRVDliSWthZmIxOHVwRGI0NGx4bzRNWml2Uk1UVXMiLCJtYWMiOiI2MzNiMjAwNDY2ZWFmMWQxZmFiM2QyNmJjZjFkYjBiZTFjMmIyNjFiMTk0ZTliYThmYzA2MjczYmM4N2Y2NGFlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 28 Mar 2025 17:16:22 GMT
content-type: font/woff2
content-length: 93276
server: cloudflare
content-disposition: inline; filename="GDSherpa-vf2.woff2"
last-modified: Fri, 28 Mar 2025 17:16:21 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nBGhpuX6tqhq8zrdAuQzbCs%2FI7vVLMJ1MqYKCpVbMm9EAl8tVgxg3IqaRaD5wm6Zo6xnT%2BLgHP1mLN8nQfVkDbOnZFSG2CNMVTAeBlIOsezo1w0OZt3uzFnGTqvg8J%2B02Mz7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server-timing: cfL4;desc="?proto=TCP&rtt=42745&min_rtt=42658&rtt_var=16172&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2202&delivery_rate=65681&cwnd=79&unsent_bytes=0&cid=af06a3c42c7d3292&ts=531&x=0"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 9278c6444f0d5696-OSL
alt-svc: h3=":443"; ma=86400

bsukd2.dmuok.es/56CYJ7XtyXLkK16ij4gPRdvvfUD6Qk67105

104.21.96.1

200 OK

4.7 MB

URL GET
bsukd2.dmuok.es/56CYJ7XtyXLkK16ij4gPRdvvfUD6Qk67105
IP
104.21.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
Certificate
IssuerGoogle Trust Services
Subjectdmuok.es
Fingerprint71:90:53:8F:DC:0D:35:D2:7D:61:F7:5B:46:B7:42:0F:26:C4:A4:31
ValidityFri, 14 Mar 2025 16:29:05 GMT - Thu, 12 Jun 2025 17:26:16 GMT

File type

Size
4.7 MB (4724541 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /56CYJ7XtyXLkK16ij4gPRdvvfUD6Qk67105 HTTP/1.1
Host: bsukd2.dmuok.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
Cookie: XSRF-TOKEN=eyJpdiI6Imd2QzVKRWxxd2VzbUpkWDZFV1FFWXc9PSIsInZhbHVlIjoiaFZ3bUswVjEyNzJmR3pDM2NKenYwWURac0svOGM2QzFiTmRZWGJ1UnlMVHc5N1VaWUVrN084M0d4NkNSQnoxd04rYVhxUE95aVRmQlRGQWdLUkY0dktvd1lmd3dGYTRYZGp3WDBzUE9KNjV3WlFLK3hVaDFEMFI3T3I1d1NGMW4iLCJtYWMiOiIyZjBmYzEyMzE5ZGExMDY2NDAzODg0ZjgxNzZlOGU3MDRjMmVjYzYxOTY0NTgxNzMwM2U3NDBkOGEyZTc1NWZlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkdOQnYwOFNZRVlxMkFETUswelM5ZVE9PSIsInZhbHVlIjoiK3FqdHVWcFJiNXBnWnkxUWNhUExKRkF0aCt4R3R6TDJlOXhMbEdqWW5aMGgxZm1EM3lZVG1tR2hWMk9qREMrUk51a09WQjRoM2w4eCtzNVNXWWdsMHVLMklFMGU5NkFWcXVRVDliSWthZmIxOHVwRGI0NGx4bzRNWml2Uk1UVXMiLCJtYWMiOiI2MzNiMjAwNDY2ZWFmMWQxZmFiM2QyNmJjZjFkYjBiZTFjMmIyNjFiMTk0ZTliYThmYzA2MjczYmM4N2Y2NGFlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 28 Mar 2025 17:16:21 GMT
content-type: application/javascript
cf-ray: 9278c6448f195696-OSL
server: cloudflare
content-disposition: inline; filename="56CYJ7XtyXLkK16ij4gPRdvvfUD6Qk67105"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bUbkc4dleR8MgH5CRsdyTw6KnIOM%2F1Q11KZYHa96e7OQIb%2F1lAYd3Q6TnUXRGKb5n23vAWfyO2%2B8sJuz43Tb51zrxUIRHH%2FV%2FvgCvUhqIZg%2Fkdv3o2mJUxqifTPnGrZaIqyl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=35236&min_rtt=35100&rtt_var=13260&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2160&delivery_rate=81139&cwnd=95&unsent_bytes=0&cid=f2ddb5cdbd3081df&ts=236&x=0"
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400

ok4static.oktacdn.com/assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2

143.204.55.3

200 OK

20 kB

URL GET
ok4static.oktacdn.com/assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2
IP
143.204.55.3:443
ASN
#16509 AMAZON-02

Requested by
https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
Certificate
IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 20416, version 2.197
Size
20 kB (20416 bytes)
Hash
d99a7377dabb55772ca9f986b0a04b57
2b5fcd8431953c44e410d0489899e74f6d2cfecc
affdba1620552b12a1a8a04467136aeb408c03fa337d20e9c38374d682d4d149

HTTP Headers

GET /assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2 HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bsukd2.dmuok.es
DNT: 1
Connection: keep-alive
Referer: https://ok4static.oktacdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/font-woff2
content-length: 20416
server: nginx
last-modified: Tue, 07 Nov 2023 18:56:28 GMT
x-amz-meta-sha1sum: 2b5fcd8431953c44e410d0489899e74f6d2cfecc
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
accept-ranges: bytes
date: Wed, 26 Mar 2025 04:24:56 GMT
expires: Thu, 26 Mar 2026 04:24:56 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: "d99a7377dabb55772ca9f986b0a04b57"
x-cache: Hit from cloudfront
via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: eZwcKjeNSaYxzQjizfmcC2Ry-tfWyiGQQlLzD7FCrIt5ft54TwxCYg==
age: 219083
X-Firefox-Spdy: h2

c00u.aezeib.ru/ando$eahgq

104.21.53.220

200 OK

1 B

URL GET
c00u.aezeib.ru/ando$eahgq
IP
104.21.53.220:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bsukd2.dmuok.es/n9IzCybq/
Certificate
IssuerGoogle Trust Services
Subjectaezeib.ru
Fingerprint0E:C8:D1:96:0C:14:88:F1:65:13:03:70:A8:D3:1C:95:5F:FE:01:FE
ValidityThu, 27 Feb 2025 12:42:48 GMT - Wed, 28 May 2025 13:41:38 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
cfcd208495d565ef66e7dff9f98764da
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /ando$eahgq HTTP/1.1
Host: c00u.aezeib.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bsukd2.dmuok.es/
Origin: https://bsukd2.dmuok.es
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 28 Mar 2025 17:16:14 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j%2Fx408LCO0hT3kzK4i0AH5MHWOiYhKKV681dJL9XubfoZBRjKx8jMX7AjyIuwJ0MDhdpdC8wWBBRzjnrS55b%2BpLbohsTaFdhVGYx9w7ijAF4e4emRH8xtek2CjyYQl6SPg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 9278c629dff956c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=6478&min_rtt=498&rtt_var=11969&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3267&recv_bytes=1216&delivery_rate=7063414&cwnd=252&unsent_bytes=0&cid=656ec30c360b6ac2&ts=809&x=0"
X-Firefox-Spdy: h2

bsukd2.dmuok.es/abZsAOgZLjMBsrsuvZef29

104.21.96.1

200 OK

36 kB

URL GET
bsukd2.dmuok.es/abZsAOgZLjMBsrsuvZef29
IP
104.21.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
Certificate
IssuerGoogle Trust Services
Subjectdmuok.es
Fingerprint71:90:53:8F:DC:0D:35:D2:7D:61:F7:5B:46:B7:42:0F:26:C4:A4:31
ValidityFri, 14 Mar 2025 16:29:05 GMT - Thu, 12 Jun 2025 17:26:16 GMT

File type
ASCII text, with CRLF line terminators
Size
36 kB (35786 bytes)
Hash
38501e3fbbbd89b56aa5ba35de1a32fe
d9b31981b6f834e8480ba28fbc1cff1be772f589
a1ca6b381cb01968851c98512c6e7f6c5309a49f7a16b864813135cbff82a85b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /abZsAOgZLjMBsrsuvZef29 HTTP/1.1
Host: bsukd2.dmuok.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
Cookie: XSRF-TOKEN=eyJpdiI6Imd2QzVKRWxxd2VzbUpkWDZFV1FFWXc9PSIsInZhbHVlIjoiaFZ3bUswVjEyNzJmR3pDM2NKenYwWURac0svOGM2QzFiTmRZWGJ1UnlMVHc5N1VaWUVrN084M0d4NkNSQnoxd04rYVhxUE95aVRmQlRGQWdLUkY0dktvd1lmd3dGYTRYZGp3WDBzUE9KNjV3WlFLK3hVaDFEMFI3T3I1d1NGMW4iLCJtYWMiOiIyZjBmYzEyMzE5ZGExMDY2NDAzODg0ZjgxNzZlOGU3MDRjMmVjYzYxOTY0NTgxNzMwM2U3NDBkOGEyZTc1NWZlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkdOQnYwOFNZRVlxMkFETUswelM5ZVE9PSIsInZhbHVlIjoiK3FqdHVWcFJiNXBnWnkxUWNhUExKRkF0aCt4R3R6TDJlOXhMbEdqWW5aMGgxZm1EM3lZVG1tR2hWMk9qREMrUk51a09WQjRoM2w4eCtzNVNXWWdsMHVLMklFMGU5NkFWcXVRVDliSWthZmIxOHVwRGI0NGx4bzRNWml2Uk1UVXMiLCJtYWMiOiI2MzNiMjAwNDY2ZWFmMWQxZmFiM2QyNmJjZjFkYjBiZTFjMmIyNjFiMTk0ZTliYThmYzA2MjczYmM4N2Y2NGFlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 28 Mar 2025 17:16:18 GMT
content-type: text/css;charset=UTF-8
cf-ray: 9278c6442f075696-OSL
server: cloudflare
content-disposition: inline; filename="abZsAOgZLjMBsrsuvZef29"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M11ZRgfxlddcnYRM7IJZFlRprm50Ktb6knmOLKvKrmhyjwGVaq15ZYbPb%2BNI0AJAR5qvZOi0fgbxodJ%2F%2F%2BNCK2rndmKthx%2B1jM9HL%2BCKOwu1PIm%2FzKisqNnIdKYBIqcv6kLJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=64087&min_rtt=63783&rtt_var=24136&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2176&delivery_rate=44651&cwnd=117&unsent_bytes=0&cid=419a8af29b37b8ee&ts=284&x=0"
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400

bsukd2.dmuok.es/GDSherpa-bold.woff

104.21.96.1

200 OK

36 kB

URL GET
bsukd2.dmuok.es/GDSherpa-bold.woff
IP
104.21.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
Certificate
IssuerGoogle Trust Services
Subjectdmuok.es
Fingerprint71:90:53:8F:DC:0D:35:D2:7D:61:F7:5B:46:B7:42:0F:26:C4:A4:31
ValidityFri, 14 Mar 2025 16:29:05 GMT - Thu, 12 Jun 2025 17:26:16 GMT

File type
Web Open Font Format, TrueType, length 35970, version 1.0
Size
36 kB (35970 bytes)
Hash
496b7bbde91c7dc7cf9bbabbb3921da8
2bd3c406a715ab52dad84c803c55bf4a6e66a924
ae40a04f95df12b0c364f26ab691dc0c391d394a28bcdb4aeacfaca325d0a798

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /GDSherpa-bold.woff HTTP/1.1
Host: bsukd2.dmuok.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Imd2QzVKRWxxd2VzbUpkWDZFV1FFWXc9PSIsInZhbHVlIjoiaFZ3bUswVjEyNzJmR3pDM2NKenYwWURac0svOGM2QzFiTmRZWGJ1UnlMVHc5N1VaWUVrN084M0d4NkNSQnoxd04rYVhxUE95aVRmQlRGQWdLUkY0dktvd1lmd3dGYTRYZGp3WDBzUE9KNjV3WlFLK3hVaDFEMFI3T3I1d1NGMW4iLCJtYWMiOiIyZjBmYzEyMzE5ZGExMDY2NDAzODg0ZjgxNzZlOGU3MDRjMmVjYzYxOTY0NTgxNzMwM2U3NDBkOGEyZTc1NWZlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkdOQnYwOFNZRVlxMkFETUswelM5ZVE9PSIsInZhbHVlIjoiK3FqdHVWcFJiNXBnWnkxUWNhUExKRkF0aCt4R3R6TDJlOXhMbEdqWW5aMGgxZm1EM3lZVG1tR2hWMk9qREMrUk51a09WQjRoM2w4eCtzNVNXWWdsMHVLMklFMGU5NkFWcXVRVDliSWthZmIxOHVwRGI0NGx4bzRNWml2Uk1UVXMiLCJtYWMiOiI2MzNiMjAwNDY2ZWFmMWQxZmFiM2QyNmJjZjFkYjBiZTFjMmIyNjFiMTk0ZTliYThmYzA2MjczYmM4N2Y2NGFlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 28 Mar 2025 17:16:19 GMT
content-type: font/woff
content-length: 35970
server: cloudflare
content-disposition: inline; filename="GDSherpa-bold.woff"
last-modified: Fri, 28 Mar 2025 17:16:18 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UkZluhCMOd46780NbnM9TcwP1gc15%2F0Bv8qOPHjckkuEMJWmhwoHcyEWHUBaQ%2B1d0tcFoBmQhdPTTcDob7VcUG3Z%2BHY7aSObJ7QedJuuoWWOJZSznzGhP0h7DYUdE8mHeWuB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server-timing: cfL4;desc="?proto=TCP&rtt=42697&min_rtt=42450&rtt_var=16095&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2201&delivery_rate=67090&cwnd=164&unsent_bytes=0&cid=8d051110adbf9a32&ts=546&x=0"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 9278c6443f095696-OSL
alt-svc: h3=":443"; ma=86400

bsukd2.dmuok.es/GDSherpa-regular.woff2

104.21.96.1

200 OK

29 kB

URL GET
bsukd2.dmuok.es/GDSherpa-regular.woff2
IP
104.21.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
Certificate
IssuerGoogle Trust Services
Subjectdmuok.es
Fingerprint71:90:53:8F:DC:0D:35:D2:7D:61:F7:5B:46:B7:42:0F:26:C4:A4:31
ValidityFri, 14 Mar 2025 16:29:05 GMT - Thu, 12 Jun 2025 17:26:16 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28584, version 1.66
Size
29 kB (28584 bytes)
Hash
17081510f3a6f2f619ec8c6f244523c7
87f34b2a1532c50f2a424c345d03fe028db35635
2c7292014e2ef00374aeb63691d9f23159a010455784ee0b274ba7db2bcca956

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /GDSherpa-regular.woff2 HTTP/1.1
Host: bsukd2.dmuok.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Imd2QzVKRWxxd2VzbUpkWDZFV1FFWXc9PSIsInZhbHVlIjoiaFZ3bUswVjEyNzJmR3pDM2NKenYwWURac0svOGM2QzFiTmRZWGJ1UnlMVHc5N1VaWUVrN084M0d4NkNSQnoxd04rYVhxUE95aVRmQlRGQWdLUkY0dktvd1lmd3dGYTRYZGp3WDBzUE9KNjV3WlFLK3hVaDFEMFI3T3I1d1NGMW4iLCJtYWMiOiIyZjBmYzEyMzE5ZGExMDY2NDAzODg0ZjgxNzZlOGU3MDRjMmVjYzYxOTY0NTgxNzMwM2U3NDBkOGEyZTc1NWZlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkdOQnYwOFNZRVlxMkFETUswelM5ZVE9PSIsInZhbHVlIjoiK3FqdHVWcFJiNXBnWnkxUWNhUExKRkF0aCt4R3R6TDJlOXhMbEdqWW5aMGgxZm1EM3lZVG1tR2hWMk9qREMrUk51a09WQjRoM2w4eCtzNVNXWWdsMHVLMklFMGU5NkFWcXVRVDliSWthZmIxOHVwRGI0NGx4bzRNWml2Uk1UVXMiLCJtYWMiOiI2MzNiMjAwNDY2ZWFmMWQxZmFiM2QyNmJjZjFkYjBiZTFjMmIyNjFiMTk0ZTliYThmYzA2MjczYmM4N2Y2NGFlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 28 Mar 2025 17:16:19 GMT
content-type: font/woff2
content-length: 28584
server: cloudflare
content-disposition: inline; filename="GDSherpa-regular.woff2"
last-modified: Fri, 28 Mar 2025 17:16:18 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8JWLIz8drauwwNEZg%2FwVGd3J9OKuPMUm7y4xtbif7A%2BFSQi2S2GdiGlYLDBC09krQzGX56cyq105e6iIZ17QleyWx69VozUDGAu%2BZReJAZeuwMmRZl5ATZDvC6Zbd0IrXfaA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server-timing: cfL4;desc="?proto=TCP&rtt=10362&min_rtt=10299&rtt_var=3907&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=2205&delivery_rate=276531&cwnd=102&unsent_bytes=0&cid=979dc546f9beb710&ts=593&x=0"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 9278c6443f0a5696-OSL
alt-svc: h3=":443"; ma=86400

bsukd2.dmuok.es/GDSherpa-vf.woff2

104.21.96.1

200 OK

44 kB

URL GET
bsukd2.dmuok.es/GDSherpa-vf.woff2
IP
104.21.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
Certificate
IssuerGoogle Trust Services
Subjectdmuok.es
Fingerprint71:90:53:8F:DC:0D:35:D2:7D:61:F7:5B:46:B7:42:0F:26:C4:A4:31
ValidityFri, 14 Mar 2025 16:29:05 GMT - Thu, 12 Jun 2025 17:26:16 GMT

File type
Web Open Font Format (Version 2), TrueType, length 43596, version 1.0
Size
44 kB (43596 bytes)
Hash
2a05e9e5572abc320b2b7ea38a70dcc1
d5fa2a856d5632c2469e42436159375117ef3c35
3efcb941aaddaf4aea08dab3fb97d3e904aa1b83264e64b4d5bda53bc7c798ec

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /GDSherpa-vf.woff2 HTTP/1.1
Host: bsukd2.dmuok.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Imd2QzVKRWxxd2VzbUpkWDZFV1FFWXc9PSIsInZhbHVlIjoiaFZ3bUswVjEyNzJmR3pDM2NKenYwWURac0svOGM2QzFiTmRZWGJ1UnlMVHc5N1VaWUVrN084M0d4NkNSQnoxd04rYVhxUE95aVRmQlRGQWdLUkY0dktvd1lmd3dGYTRYZGp3WDBzUE9KNjV3WlFLK3hVaDFEMFI3T3I1d1NGMW4iLCJtYWMiOiIyZjBmYzEyMzE5ZGExMDY2NDAzODg0ZjgxNzZlOGU3MDRjMmVjYzYxOTY0NTgxNzMwM2U3NDBkOGEyZTc1NWZlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkdOQnYwOFNZRVlxMkFETUswelM5ZVE9PSIsInZhbHVlIjoiK3FqdHVWcFJiNXBnWnkxUWNhUExKRkF0aCt4R3R6TDJlOXhMbEdqWW5aMGgxZm1EM3lZVG1tR2hWMk9qREMrUk51a09WQjRoM2w4eCtzNVNXWWdsMHVLMklFMGU5NkFWcXVRVDliSWthZmIxOHVwRGI0NGx4bzRNWml2Uk1UVXMiLCJtYWMiOiI2MzNiMjAwNDY2ZWFmMWQxZmFiM2QyNmJjZjFkYjBiZTFjMmIyNjFiMTk0ZTliYThmYzA2MjczYmM4N2Y2NGFlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 28 Mar 2025 17:16:20 GMT
content-type: font/woff2
content-length: 43596
server: cloudflare
content-disposition: inline; filename="GDSherpa-vf.woff2"
last-modified: Fri, 28 Mar 2025 17:16:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O4IzoZr0%2BmKSNi9tASHGApMe4CRQ9xF1Je%2FAPBW3iAt1pUyVlsL7ba3e3zBhYZBXypXaHo%2BFB1FM2VloqJDEY0s7%2Fmg94j2Ub17yZFwuQC0vck18JN02W5kcpVCSymSjne3W"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server-timing: cfL4;desc="?proto=TCP&rtt=10270&min_rtt=10263&rtt_var=3863&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2201&delivery_rate=275942&cwnd=71&unsent_bytes=0&cid=76b405f877bb7acf&ts=753&x=0"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 9278c6443f0c5696-OSL
alt-svc: h3=":443"; ma=86400

bsukd2.dmuok.es/mn5qoNzzyBx6xRM4wc1KRYOj1J2Bmm1KwWPklAfRAm88BDuKH78147

104.21.96.1

200 OK

270 B

URL GET
bsukd2.dmuok.es/mn5qoNzzyBx6xRM4wc1KRYOj1J2Bmm1KwWPklAfRAm88BDuKH78147
IP
104.21.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
Certificate
IssuerGoogle Trust Services
Subjectdmuok.es
Fingerprint71:90:53:8F:DC:0D:35:D2:7D:61:F7:5B:46:B7:42:0F:26:C4:A4:31
ValidityFri, 14 Mar 2025 16:29:05 GMT - Thu, 12 Jun 2025 17:26:16 GMT

File type
SVG Scalable Vector Graphics image
Size
270 B (270 bytes)
Hash
0c09c5ea7c28d6feb4d124957dde0a0d
1b9efde2d8f0e2a3d9d5315117e597c2d622fc5e
b3c39d2c15327b7ae68940502a2d7bf457fe521e075e6e671d0340edc58bcb3a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /mn5qoNzzyBx6xRM4wc1KRYOj1J2Bmm1KwWPklAfRAm88BDuKH78147 HTTP/1.1
Host: bsukd2.dmuok.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
Cookie: XSRF-TOKEN=eyJpdiI6Imd2QzVKRWxxd2VzbUpkWDZFV1FFWXc9PSIsInZhbHVlIjoiaFZ3bUswVjEyNzJmR3pDM2NKenYwWURac0svOGM2QzFiTmRZWGJ1UnlMVHc5N1VaWUVrN084M0d4NkNSQnoxd04rYVhxUE95aVRmQlRGQWdLUkY0dktvd1lmd3dGYTRYZGp3WDBzUE9KNjV3WlFLK3hVaDFEMFI3T3I1d1NGMW4iLCJtYWMiOiIyZjBmYzEyMzE5ZGExMDY2NDAzODg0ZjgxNzZlOGU3MDRjMmVjYzYxOTY0NTgxNzMwM2U3NDBkOGEyZTc1NWZlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkdOQnYwOFNZRVlxMkFETUswelM5ZVE9PSIsInZhbHVlIjoiK3FqdHVWcFJiNXBnWnkxUWNhUExKRkF0aCt4R3R6TDJlOXhMbEdqWW5aMGgxZm1EM3lZVG1tR2hWMk9qREMrUk51a09WQjRoM2w4eCtzNVNXWWdsMHVLMklFMGU5NkFWcXVRVDliSWthZmIxOHVwRGI0NGx4bzRNWml2Uk1UVXMiLCJtYWMiOiI2MzNiMjAwNDY2ZWFmMWQxZmFiM2QyNmJjZjFkYjBiZTFjMmIyNjFiMTk0ZTliYThmYzA2MjczYmM4N2Y2NGFlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 28 Mar 2025 17:16:18 GMT
content-type: image/svg+xml
cf-ray: 9278c6444f105696-OSL
server: cloudflare
content-disposition: inline; filename="mn5qoNzzyBx6xRM4wc1KRYOj1J2Bmm1KwWPklAfRAm88BDuKH78147"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pY1NMCbN052MRbrfM7JvoknqJutP6bF1UF%2B%2FvNzQ6GMao8D6%2BPUTD6HW%2BtpUAHBArAvOGxRu9hl1xIUTpWvZVaul%2FmM2hizOo1nHdTa8v3ew%2FfJHoyhxaSLowtBDCtb9rd%2BL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=64192&min_rtt=64139&rtt_var=24090&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2215&delivery_rate=44403&cwnd=122&unsent_bytes=0&cid=926876092ddfeb8f&ts=281&x=0"
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400

ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css

143.204.55.3

200 OK

10 kB

URL GET
ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css
IP
143.204.55.3:443
ASN
#16509 AMAZON-02

Requested by
https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
Certificate
IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT

File type
ASCII text, with very long lines (10450)
Size
10 kB (10498 bytes)
Hash
e0d37a504604ef874bad26435d62011f
4301f0d2b729ae22adece657d79eccaa25f429b1
c39ff65e2a102e644eb0bf2e31d2bad3d18f7afb25b3b9ba7a4d46263a711179

HTTP Headers

GET /assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bsukd2.dmuok.es/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css
server: nginx
last-modified: Thu, 14 Mar 2024 00:03:58 GMT
x-amz-meta-sha1sum: 4301f0d2b729ae22adece657d79eccaa25f429b1
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
date: Tue, 18 Mar 2025 00:00:41 GMT
expires: Wed, 18 Mar 2026 00:00:41 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: W/"e0d37a504604ef874bad26435d62011f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: fzXYXVG0mLJ-aVh1OI-rAZMO9-bRHlIyRj5jeabiV7iNdpNCYyw2Mw==
age: 926137
X-Firefox-Spdy: h2

bsukd2.dmuok.es/opvPoPR4HwBO6ydcqY2G6qmBc51taJ4IP2iZ1J6Y85Quvi5MTAIFW6ij4UunWxc0EhqFwef234

104.21.96.1

200 OK

9.6 kB

URL GET
bsukd2.dmuok.es/opvPoPR4HwBO6ydcqY2G6qmBc51taJ4IP2iZ1J6Y85Quvi5MTAIFW6ij4UunWxc0EhqFwef234
IP
104.21.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
Certificate
IssuerGoogle Trust Services
Subjectdmuok.es
Fingerprint71:90:53:8F:DC:0D:35:D2:7D:61:F7:5B:46:B7:42:0F:26:C4:A4:31
ValidityFri, 14 Mar 2025 16:29:05 GMT - Thu, 12 Jun 2025 17:26:16 GMT

File type
RIFF (little-endian) data, Web/P image
Size
9.6 kB (9648 bytes)
Hash
4946eb373b18d178c93d473489673bb6
16477acb73b63ca251d37401249e7e4515febd24
666bc574c9f3fb28a8ac626fa8105c187c2a313736494a06bd5a937473673c92

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /opvPoPR4HwBO6ydcqY2G6qmBc51taJ4IP2iZ1J6Y85Quvi5MTAIFW6ij4UunWxc0EhqFwef234 HTTP/1.1
Host: bsukd2.dmuok.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
Cookie: XSRF-TOKEN=eyJpdiI6Imd2QzVKRWxxd2VzbUpkWDZFV1FFWXc9PSIsInZhbHVlIjoiaFZ3bUswVjEyNzJmR3pDM2NKenYwWURac0svOGM2QzFiTmRZWGJ1UnlMVHc5N1VaWUVrN084M0d4NkNSQnoxd04rYVhxUE95aVRmQlRGQWdLUkY0dktvd1lmd3dGYTRYZGp3WDBzUE9KNjV3WlFLK3hVaDFEMFI3T3I1d1NGMW4iLCJtYWMiOiIyZjBmYzEyMzE5ZGExMDY2NDAzODg0ZjgxNzZlOGU3MDRjMmVjYzYxOTY0NTgxNzMwM2U3NDBkOGEyZTc1NWZlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkdOQnYwOFNZRVlxMkFETUswelM5ZVE9PSIsInZhbHVlIjoiK3FqdHVWcFJiNXBnWnkxUWNhUExKRkF0aCt4R3R6TDJlOXhMbEdqWW5aMGgxZm1EM3lZVG1tR2hWMk9qREMrUk51a09WQjRoM2w4eCtzNVNXWWdsMHVLMklFMGU5NkFWcXVRVDliSWthZmIxOHVwRGI0NGx4bzRNWml2Uk1UVXMiLCJtYWMiOiI2MzNiMjAwNDY2ZWFmMWQxZmFiM2QyNmJjZjFkYjBiZTFjMmIyNjFiMTk0ZTliYThmYzA2MjczYmM4N2Y2NGFlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 28 Mar 2025 17:16:21 GMT
content-type: image/webp
content-length: 9648
server: cloudflare
content-disposition: inline; filename="opvPoPR4HwBO6ydcqY2G6qmBc51taJ4IP2iZ1J6Y85Quvi5MTAIFW6ij4UunWxc0EhqFwef234"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iu5PVqtFm23enKIiQAvRGjklDNXC6qNK%2B6CRLX7AppwUZTRzVeZSD8fF7Xn35VL0C4puuTixKUGrHEEzyXvVUnl7PMqAeM16kWiZeCeIZHhQmqz3%2FYG0DcnRnmLyDRJy6wpo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=64287&min_rtt=64137&rtt_var=24159&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=2235&delivery_rate=44404&cwnd=200&unsent_bytes=0&cid=6e8e3be2ab5a34ab&ts=291&x=0"
cf-ray: 9278c6447f175696-OSL
alt-svc: h3=":443"; ma=86400

cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

104.17.24.14

200 OK

48 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bsukd2.dmuok.es/n9IzCybq/
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC
ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT

File type
JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Size
48 kB (48316 bytes)
Hash
2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762

HTTP Headers

GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bsukd2.dmuok.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 28 Mar 2025 17:16:16 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1264620
expires: Wed, 18 Mar 2026 17:16:16 GMT
accept-ranges: bytes
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yQjVk0lXdYtgH44u%2BzruyKmOjVwGL7wP%2F0rr8UWtBHud2HNRdSVDHCaHBpDOK1PvrabGYPAagT80FXcUdA8EqVXMpwYngk846kn66Wf5b3Gx7aHXCkgSgfj%2FiNbpzbSxYmv2FfuN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 9278c6380c90b521-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

bsukd2.dmuok.es/wxxvph8FBHTfRnUgop8HROvFIxCljej3x34130

104.21.96.1

200 OK

644 B

URL GET
bsukd2.dmuok.es/wxxvph8FBHTfRnUgop8HROvFIxCljej3x34130
IP
104.21.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
Certificate
IssuerGoogle Trust Services
Subjectdmuok.es
Fingerprint71:90:53:8F:DC:0D:35:D2:7D:61:F7:5B:46:B7:42:0F:26:C4:A4:31
ValidityFri, 14 Mar 2025 16:29:05 GMT - Thu, 12 Jun 2025 17:26:16 GMT

File type
RIFF (little-endian) data, Web/P image
Size
644 B (644 bytes)
Hash
541b83c2195088043337e4353b6fd60d
f09630596b6713217984785a64f6ea83e91b49c5
2658b8874f0d2a12e8726df78ac8954324c3bbe4695e66bdef89195fde64322f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /wxxvph8FBHTfRnUgop8HROvFIxCljej3x34130 HTTP/1.1
Host: bsukd2.dmuok.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
Cookie: XSRF-TOKEN=eyJpdiI6Imd2QzVKRWxxd2VzbUpkWDZFV1FFWXc9PSIsInZhbHVlIjoiaFZ3bUswVjEyNzJmR3pDM2NKenYwWURac0svOGM2QzFiTmRZWGJ1UnlMVHc5N1VaWUVrN084M0d4NkNSQnoxd04rYVhxUE95aVRmQlRGQWdLUkY0dktvd1lmd3dGYTRYZGp3WDBzUE9KNjV3WlFLK3hVaDFEMFI3T3I1d1NGMW4iLCJtYWMiOiIyZjBmYzEyMzE5ZGExMDY2NDAzODg0ZjgxNzZlOGU3MDRjMmVjYzYxOTY0NTgxNzMwM2U3NDBkOGEyZTc1NWZlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkdOQnYwOFNZRVlxMkFETUswelM5ZVE9PSIsInZhbHVlIjoiK3FqdHVWcFJiNXBnWnkxUWNhUExKRkF0aCt4R3R6TDJlOXhMbEdqWW5aMGgxZm1EM3lZVG1tR2hWMk9qREMrUk51a09WQjRoM2w4eCtzNVNXWWdsMHVLMklFMGU5NkFWcXVRVDliSWthZmIxOHVwRGI0NGx4bzRNWml2Uk1UVXMiLCJtYWMiOiI2MzNiMjAwNDY2ZWFmMWQxZmFiM2QyNmJjZjFkYjBiZTFjMmIyNjFiMTk0ZTliYThmYzA2MjczYmM4N2Y2NGFlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 28 Mar 2025 17:16:20 GMT
content-type: image/webp
content-length: 644
server: cloudflare
content-disposition: inline; filename="wxxvph8FBHTfRnUgop8HROvFIxCljej3x34130"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hil34jVQg9HhoK%2BebUv9cJM1oP1FO%2BA39wwWot%2FSBxV%2Fol3bL24QIJU2VHIFDnAWEhLdtdB%2FxjNowV7w9PFW5rHDUQFP1VoZPqX9ygztY1QirzUvzgi78Xa2BnxTNO%2FX8HBQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=42558&min_rtt=42477&rtt_var=15987&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2199&delivery_rate=67048&cwnd=105&unsent_bytes=0&cid=57866de4bae70c9e&ts=240&x=0"
cf-ray: 9278c6444f0e5696-OSL
alt-svc: h3=":443"; ma=86400

bsukd2.dmuok.es/ij4ohXF485LjQswGDjGN3W7fyPIOkl9I0j67sTNvG3F3UgXkNgFbst5V012210

104.21.96.1

200 OK

25 kB

URL GET
bsukd2.dmuok.es/ij4ohXF485LjQswGDjGN3W7fyPIOkl9I0j67sTNvG3F3UgXkNgFbst5V012210
IP
104.21.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
Certificate
IssuerGoogle Trust Services
Subjectdmuok.es
Fingerprint71:90:53:8F:DC:0D:35:D2:7D:61:F7:5B:46:B7:42:0F:26:C4:A4:31
ValidityFri, 14 Mar 2025 16:29:05 GMT - Thu, 12 Jun 2025 17:26:16 GMT

File type
RIFF (little-endian) data, Web/P image
Size
25 kB (25216 bytes)
Hash
f9a795e2270664a7a169c73b6d84a575
0fbb60ab27ab88c064eb347d0722c8ed4cf5e8b8
d00203b2eea6e418c31baafa949ada5349a9f9b7e99fa003aec7406822693740

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /ij4ohXF485LjQswGDjGN3W7fyPIOkl9I0j67sTNvG3F3UgXkNgFbst5V012210 HTTP/1.1
Host: bsukd2.dmuok.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
Cookie: XSRF-TOKEN=eyJpdiI6Imd2QzVKRWxxd2VzbUpkWDZFV1FFWXc9PSIsInZhbHVlIjoiaFZ3bUswVjEyNzJmR3pDM2NKenYwWURac0svOGM2QzFiTmRZWGJ1UnlMVHc5N1VaWUVrN084M0d4NkNSQnoxd04rYVhxUE95aVRmQlRGQWdLUkY0dktvd1lmd3dGYTRYZGp3WDBzUE9KNjV3WlFLK3hVaDFEMFI3T3I1d1NGMW4iLCJtYWMiOiIyZjBmYzEyMzE5ZGExMDY2NDAzODg0ZjgxNzZlOGU3MDRjMmVjYzYxOTY0NTgxNzMwM2U3NDBkOGEyZTc1NWZlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkdOQnYwOFNZRVlxMkFETUswelM5ZVE9PSIsInZhbHVlIjoiK3FqdHVWcFJiNXBnWnkxUWNhUExKRkF0aCt4R3R6TDJlOXhMbEdqWW5aMGgxZm1EM3lZVG1tR2hWMk9qREMrUk51a09WQjRoM2w4eCtzNVNXWWdsMHVLMklFMGU5NkFWcXVRVDliSWthZmIxOHVwRGI0NGx4bzRNWml2Uk1UVXMiLCJtYWMiOiI2MzNiMjAwNDY2ZWFmMWQxZmFiM2QyNmJjZjFkYjBiZTFjMmIyNjFiMTk0ZTliYThmYzA2MjczYmM4N2Y2NGFlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 28 Mar 2025 17:16:21 GMT
content-type: image/webp
content-length: 25216
server: cloudflare
content-disposition: inline; filename="ij4ohXF485LjQswGDjGN3W7fyPIOkl9I0j67sTNvG3F3UgXkNgFbst5V012210"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IuiPRZC3vKhCH8NMaVK4c3briC1XM6jwSD0XAQu%2FpdjDZ34iJ1M2VxIBoaBqatvE6iBbHX%2Frk2cwCAQpAPc%2BvWNGY8izYhhyynAuH9IIletPU5%2Fu7xE%2FEl6Dot6rtWORqswq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=28349&min_rtt=28123&rtt_var=10708&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2223&delivery_rate=101269&cwnd=62&unsent_bytes=0&cid=66da89b986b409ab&ts=248&x=0"
cf-ray: 9278c6446f165696-OSL
alt-svc: h3=":443"; ma=86400

objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250328%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250328T171618Z&X-Amz-Expires=300&X-Amz-Signature=83e61805b7965e38d30c3ccd4e1871fa3a3678fbf6eda4c1054c7a3529a167e3&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream

185.199.109.133

200 OK

10 kB

URL GET
objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250328%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250328T171618Z&X-Amz-Expires=300&X-Amz-Signature=83e61805b7965e38d30c3ccd4e1871fa3a3678fbf6eda4c1054c7a3529a167e3&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
IP
185.199.109.133:443
ASN
#54113 FASTLY

Requested by
https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
Certificate
IssuerSectigo Limited
Subject*.github.io
Fingerprint8C:FF:59:E5:8E:C4:FA:76:FE:AF:2D:C5:C0:D4:13:6A:77:2D:F9:91
ValidityFri, 07 Mar 2025 00:00:00 GMT - Sat, 07 Mar 2026 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (10017)
Size
10 kB (10245 bytes)
Hash
6c20a2be8ba900bc0a7118893a2b1072
ff7766fde1f33882c6e1c481ceed6f6588ea764c
b1c42acd0288c435e95e00332476781532ed002cac6f3dcee9110ced30b31500

HTTP Headers

GET /github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250328%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250328T171618Z&X-Amz-Expires=300&X-Amz-Signature=83e61805b7965e38d30c3ccd4e1871fa3a3678fbf6eda4c1054c7a3529a167e3&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream HTTP/1.1
Host: objects.githubusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bsukd2.dmuok.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/octet-stream
last-modified: Tue, 07 Dec 2021 16:38:45 GMT
etag: "0x8D9B9A009499A1E"
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d91f6eaf-e01e-0032-2f18-13e122000000
x-ms-version: 2023-11-03
x-ms-creation-time: Tue, 17 Aug 2021 14:57:31 GMT
x-ms-blob-content-md5: bCCivoupALwKcRiJOisQcg==
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
content-disposition: attachment; filename=randexp.min.js
x-ms-server-encrypted: true
via: 1.1 varnish, 1.1 varnish
fastly-restarts: 1
accept-ranges: bytes
age: 4315
date: Fri, 28 Mar 2025 17:16:18 GMT
x-served-by: cache-iad-kiad7000045-IAD, cache-hel1410028-HEL
x-cache: HIT, HIT
x-cache-hits: 11369, 0
x-timer: S1743182178.447994,VS0,VE1
content-length: 10245
X-Firefox-Spdy: h2

github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js

140.82.121.3

302 Found

10 kB

URL GET
github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js
IP
140.82.121.3:443
ASN
#36459 GITHUB

Requested by
https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
Certificate
IssuerSectigo Limited
Subjectgithub.com
FingerprintE4:33:71:DD:D6:91:4A:75:B6:1F:9E:4F:74:6D:9B:F0:DD:26:FC:3A
ValidityWed, 05 Feb 2025 00:00:00 GMT - Thu, 05 Feb 2026 23:59:59 GMT

File type

Size
10 kB (10245 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /fent/randexp.js/releases/download/v0.4.3/randexp.min.js HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bsukd2.dmuok.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 28 Mar 2025 17:16:18 GMT
content-type: text/html; charset=utf-8
content-length: 0
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame,Accept-Encoding, Accept, X-Requested-With
location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250328%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250328T171618Z&X-Amz-Expires=300&X-Amz-Signature=83e61805b7965e38d30c3ccd4e1871fa3a3678fbf6eda4c1054c7a3529a167e3&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
server: github.com
x-github-request-id: D2C2:2D110A:B75B7A0:BC94757:67E6D961
X-Firefox-Spdy: h2

bsukd2.dmuok.es/yzWmddODqieBIsD7NvSYJ8pM17TdvwPmnVVsKKijH6YauEIc90177

104.21.96.1

200 OK

2.9 kB

URL GET
bsukd2.dmuok.es/yzWmddODqieBIsD7NvSYJ8pM17TdvwPmnVVsKKijH6YauEIc90177
IP
104.21.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
Certificate
IssuerGoogle Trust Services
Subjectdmuok.es
Fingerprint71:90:53:8F:DC:0D:35:D2:7D:61:F7:5B:46:B7:42:0F:26:C4:A4:31
ValidityFri, 14 Mar 2025 16:29:05 GMT - Thu, 12 Jun 2025 17:26:16 GMT

File type
SVG Scalable Vector Graphics image
Size
2.9 kB (2905 bytes)
Hash
e924de0d471df54b6280f3dc8b187cb8
857f03226070b502a9e06b4249710ec10be4c9e9
24ce135a31ce83ac3d62471fcc0e1a82ce6f1533c993ee59ca4e110d5f2fae33

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /yzWmddODqieBIsD7NvSYJ8pM17TdvwPmnVVsKKijH6YauEIc90177 HTTP/1.1
Host: bsukd2.dmuok.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
Cookie: XSRF-TOKEN=eyJpdiI6Imd2QzVKRWxxd2VzbUpkWDZFV1FFWXc9PSIsInZhbHVlIjoiaFZ3bUswVjEyNzJmR3pDM2NKenYwWURac0svOGM2QzFiTmRZWGJ1UnlMVHc5N1VaWUVrN084M0d4NkNSQnoxd04rYVhxUE95aVRmQlRGQWdLUkY0dktvd1lmd3dGYTRYZGp3WDBzUE9KNjV3WlFLK3hVaDFEMFI3T3I1d1NGMW4iLCJtYWMiOiIyZjBmYzEyMzE5ZGExMDY2NDAzODg0ZjgxNzZlOGU3MDRjMmVjYzYxOTY0NTgxNzMwM2U3NDBkOGEyZTc1NWZlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkdOQnYwOFNZRVlxMkFETUswelM5ZVE9PSIsInZhbHVlIjoiK3FqdHVWcFJiNXBnWnkxUWNhUExKRkF0aCt4R3R6TDJlOXhMbEdqWW5aMGgxZm1EM3lZVG1tR2hWMk9qREMrUk51a09WQjRoM2w4eCtzNVNXWWdsMHVLMklFMGU5NkFWcXVRVDliSWthZmIxOHVwRGI0NGx4bzRNWml2Uk1UVXMiLCJtYWMiOiI2MzNiMjAwNDY2ZWFmMWQxZmFiM2QyNmJjZjFkYjBiZTFjMmIyNjFiMTk0ZTliYThmYzA2MjczYmM4N2Y2NGFlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 28 Mar 2025 17:16:18 GMT
content-type: image/svg+xml
cf-ray: 9278c6445f135696-OSL
server: cloudflare
content-disposition: inline; filename="yzWmddODqieBIsD7NvSYJ8pM17TdvwPmnVVsKKijH6YauEIc90177"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NEyFkHM1mBrQDadwNMUw1RwqJxTxhj%2FtHxkb0MJqvNIUhqnT6vmQRa6OM%2FtVrNJRJzGCujPq%2B1J4Qc6Vt83O36RR8337BeBZ6zReSrFkpcu%2Bo4DobfzyBM1tYHpoWLSKLB3K"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=36941&min_rtt=36842&rtt_var=14013&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2214&delivery_rate=75676&cwnd=107&unsent_bytes=0&cid=d8a70e512b729ad9&ts=447&x=0"
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400

ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css

143.204.55.3

200 OK

223 kB

URL GET
ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css
IP
143.204.55.3:443
ASN
#16509 AMAZON-02

Requested by
https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
Certificate
IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT

File type

Size
223 kB (222931 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bsukd2.dmuok.es/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css
server: nginx
last-modified: Tue, 14 May 2024 21:48:24 GMT
x-amz-meta-sha1sum: 7b5499b46660a0348cc2b22cae927dcc3fda8b20
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
date: Tue, 18 Mar 2025 03:22:46 GMT
expires: Wed, 18 Mar 2026 03:22:46 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: W/"0329c939fca7c78756b94fbcd95e322b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ybHTxPCj2Q8SJY-8Wm-alyCX6VzI7Egjrmp1mC42GRtVNzYLo42qHw==
age: 914012
X-Firefox-Spdy: h2

bsukd2.dmuok.es/opwx5cFAcAqfdQp3WkgEUThdmWiDzDn2ghJCqqmVjRSXRX1N2xd7gfx45140

104.21.96.1

200 OK

892 B

URL GET
bsukd2.dmuok.es/opwx5cFAcAqfdQp3WkgEUThdmWiDzDn2ghJCqqmVjRSXRX1N2xd7gfx45140
IP
104.21.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
Certificate
IssuerGoogle Trust Services
Subjectdmuok.es
Fingerprint71:90:53:8F:DC:0D:35:D2:7D:61:F7:5B:46:B7:42:0F:26:C4:A4:31
ValidityFri, 14 Mar 2025 16:29:05 GMT - Thu, 12 Jun 2025 17:26:16 GMT

File type
RIFF (little-endian) data, Web/P image
Size
892 B (892 bytes)
Hash
41d62ca205d54a78e4298367482b4e2b
839aae21ed8ecfc238fdc68b93ccb27431cd5393
20a4a780db0bcc047015a0d8037eb4eb58b3e5cb338673799c030a3e1b626b40

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /opwx5cFAcAqfdQp3WkgEUThdmWiDzDn2ghJCqqmVjRSXRX1N2xd7gfx45140 HTTP/1.1
Host: bsukd2.dmuok.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bsukd2.dmuok.es/MKKLYTLTRRUGGUHOCZYTPy8duch86xavw9mmclf26b1opgdzr4?NRNTFNNMFUSEDRJAUFNRBQNQEADINI
Cookie: XSRF-TOKEN=eyJpdiI6Imd2QzVKRWxxd2VzbUpkWDZFV1FFWXc9PSIsInZhbHVlIjoiaFZ3bUswVjEyNzJmR3pDM2NKenYwWURac0svOGM2QzFiTmRZWGJ1UnlMVHc5N1VaWUVrN084M0d4NkNSQnoxd04rYVhxUE95aVRmQlRGQWdLUkY0dktvd1lmd3dGYTRYZGp3WDBzUE9KNjV3WlFLK3hVaDFEMFI3T3I1d1NGMW4iLCJtYWMiOiIyZjBmYzEyMzE5ZGExMDY2NDAzODg0ZjgxNzZlOGU3MDRjMmVjYzYxOTY0NTgxNzMwM2U3NDBkOGEyZTc1NWZlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkdOQnYwOFNZRVlxMkFETUswelM5ZVE9PSIsInZhbHVlIjoiK3FqdHVWcFJiNXBnWnkxUWNhUExKRkF0aCt4R3R6TDJlOXhMbEdqWW5aMGgxZm1EM3lZVG1tR2hWMk9qREMrUk51a09WQjRoM2w4eCtzNVNXWWdsMHVLMklFMGU5NkFWcXVRVDliSWthZmIxOHVwRGI0NGx4bzRNWml2Uk1UVXMiLCJtYWMiOiI2MzNiMjAwNDY2ZWFmMWQxZmFiM2QyNmJjZjFkYjBiZTFjMmIyNjFiMTk0ZTliYThmYzA2MjczYmM4N2Y2NGFlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 28 Mar 2025 17:16:21 GMT
content-type: image/webp
content-length: 892
server: cloudflare
content-disposition: inline; filename="opwx5cFAcAqfdQp3WkgEUThdmWiDzDn2ghJCqqmVjRSXRX1N2xd7gfx45140"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MrTJRK2heLDFl%2BUEeUusBSWo1HZcY%2FPvw4pI2jW2POBv2TNbh7WSKTogzOSgsb5TEIQL%2BNTg2Uh190GoN9yS2Zxh2iAKYx0TH9rPzlx5aSQ9G47%2BfWGr6pGeaISXqvjPHm1U"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=42648&min_rtt=42486&rtt_var=16048&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2221&delivery_rate=67033&cwnd=109&unsent_bytes=0&cid=f8c2efd29a0cfed6&ts=245&x=0"
cf-ray: 9278c6444f0f5696-OSL
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (27)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML