Report - www.subbly.co/referral_program?r=326936&return=HtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQHNsdXJwbWFpbC5uZXQ=&opi=256371986142&usg=lxfGUQNysmkDx&source=gmail&ust=9267284461223020&usg=AOaY2pZBJ0UQjng20rOWFwZaY2pZBJ0UQqR230/1/010001951a9ed9e2-68501440-db10-4a3b-b44d-79f205acc376-000000/EU-jlW_82exR-vPRl5XMMjNw3lQ=413HtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQGRhbmRkZ2FyYWdlZG9vcnMuY29tHtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQGRhbmRkZ2FyYWdlZG9vcnMuY29tHtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQGRhbmRkZ2FyYWdlZG9vcnMuY29tHtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQGRhbmRkZ2FyYWdlZG9vcnMuY29tHtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQGRhbmRkZ2FyYWdlZG9vcnMuY29tHtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQGRhbmRkZ2FyYWdlZG9vcnMuY29tHtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQGRhbmRkZ2FyYWdlZG9vcnMuY29tHtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQGRhbmRkZ2FyYWdlZG9vcnMuY29t

Report Overview

Visited public
2025-02-19 08:46:52
Tags
microsoft phishing outlook suspicious
URL
www.subbly.co/referral_program?r=326936&return=HtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQHNsdXJwbWFpbC5uZXQ=&opi=256371986142&usg=lxfGUQNysmkDx&source=gmail&ust=9267284461223020&usg=AOaY2pZBJ0UQjng20rOWFwZaY2pZBJ0UQqR230/1/010001951a9ed9e2-68501440-db10-4a3b-b44d-79f205acc376-000000/EU-jlW_82exR-vPRl5XMMjNw3lQ=413HtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQGRhbmRkZ2FyYWdlZG9vcnMuY29tHtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQGRhbmRkZ2FyYWdlZG9vcnMuY29tHtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQGRhbmRkZ2FyYWdlZG9vcnMuY29tHtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQGRhbmRkZ2FyYWdlZG9vcnMuY29tHtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQGRhbmRkZ2FyYWdlZG9vcnMuY29tHtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQGRhbmRkZ2FyYWdlZG9vcnMuY29tHtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQGRhbmRkZ2FyYWdlZG9vcnMuY29tHtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQGRhbmRkZ2FyYWdlZG9vcnMuY29t
Finishing URL
nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
IP / ASN
104.18.5.93
#13335 CLOUDFLARENET
Title
Microsoft Secure Login
Phishing - Microsoft
Phishing - Generic phishing
Phishing - Microsoft Outlook
Suspicious - Anti-debugging code

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20	2025-02-19	916 B	18 kB	104.18.94.41
cdnjs.cloudflare.com	235	2009-02-17	2012-05-23	2025-02-19	1.4 kB	45 kB	104.17.25.14
ok4static.oktacdn.com	16592	2014-11-11	2018-06-15	2025-02-18	2.0 kB	268 kB	143.204.55.47
get.geojs.io	17418	2017-02-18	2017-03-30	2025-02-15	481 B	1.5 kB	104.26.0.100
objects.githubusercontent.com	134060	2014-02-06	2021-11-01	2025-02-19	886 B	11 kB	185.199.108.133
www.subbly.co	unknown	2013-11-26	2014-12-04	2025-02-18	1.6 kB	1.7 kB	104.18.5.93
alumincompanybw.com	unknown	2021-02-26	2021-02-26	2024-03-01	544 B	256 B	192.64.117.201
code.jquery.com	634	2005-12-10	2012-05-21	2025-02-19	418 B	32 kB	151.101.130.137
nv.vwnrju.ru	unknown	2025-02-08	2025-02-18	2025-02-18	33 kB	5.6 MB	104.21.24.27
github.com	1423	2007-10-09	2016-07-13	2025-02-19	449 B	4.3 kB	140.82.121.3
ugucjlk2t1ujwutlgtcviovdazaaxdpv2ii9ggovabejn6zfapmmzs0ea.bbjcgw.ru	unknown	2025-02-11	2025-02-19	2025-02-19	659 B	1.5 kB	172.67.133.24

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-02-19 08:46:36	medium	Client IP	104.26.0.100	ET INFO External IP Address Lookup Domain (get .geojs .io) in TLS SNI

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-02-19	medium	bbjcgw.ru	Sinkholed

ThreatFox

No alerts detected

JavaScript (17)

	URL	From	Size	First Seen	Last Seen
	nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK	ScriptElement	44 kB	2025-02-19	2025-02-19
Pretty URL nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK IP 104.21.24.27 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-02-19 08:46 Last Seen2025-02-19 08:46 Times Seen1 Hash a54b63b0c9df06347cd5b9b0e0fa231c e3f7137633ade86855b1b8c94e62915ca0cfa8cf db472ce89ffbf05fe9b95e75389876c5ffbbdfdb4636454e42b49f89141da58b Loading...

	github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js	ScriptElement	10 kB	2024-05-30	2025-05-08
Pretty URL github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js IP 140.82.121.3 ASN #36459 GITHUB Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-30 22:56 Last Seen2025-05-08 03:43 Times Seen18294 Hash 6c20a2be8ba900bc0a7118893a2b1072 ff7766fde1f33882c6e1c481ceed6f6588ea764c b1c42acd0288c435e95e00332476781532ed002cac6f3dcee9110ced30b31500 Loading...

	cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js	ScriptElement	48 kB	2023-03-07	2025-05-08
Pretty URL cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31 Last Seen2025-05-08 03:43 Times Seen92536 Hash 2ca03ad87885ab983541092b87adb299 1a17f60bf776a8c468a185c1e8e985c41a50dc27 8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762 Loading...

	unknown	ScriptElement	20 kB	2025-02-19	2025-02-19
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-19 08:46 Last Seen2025-02-19 08:46 Times Seen1 Hash 18f37b031ef89abf620f7ea961a1575d 45d5bd3ff0d8b21e9eeeb6225c5c5bd83dc77857 29651116e821a1c617884872acbb33be638d1a797d824af5cad0d15a67f25715 Loading...

	code.jquery.com/jquery-3.6.0.min.js	ScriptElement	90 kB	2023-03-07	2025-05-08
Pretty URL code.jquery.com/jquery-3.6.0.min.js IP 151.101.130.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-08 03:45 Times Seen205351 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	nv.vwnrju.ru/34qa1LV3bc9S2tijsxAvRJl3gaPhnLP67104	ScriptElement	4.8 MB	2025-02-12	2025-02-28
Pretty URL nv.vwnrju.ru/34qa1LV3bc9S2tijsxAvRJl3gaPhnLP67104 IP 104.21.24.27 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-12 21:51 Last Seen2025-02-28 23:51 Times Seen4941 Hash 1fcbe4aacbe30b67606277e365405928 68443d074aeff59a5940e48a91c82268b2c3e30f 89feb7dcb6afb24066a555b39d94bbc817a16a597db8a0ca3bbba9eb3ced1f5b Loading...

	nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK	ScriptElement	235 kB	2025-02-19	2025-02-19
Pretty URL nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK IP 104.21.24.27 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-02-19 08:46 Last Seen2025-02-19 08:46 Times Seen1 Hash eb242461b0c89c6a51f8f8c1d5f10db3 6aada7ce9552ef5c23f3cedc2d022c131cc2b3c2 323deee3c529569fb9c4975a8bd6bd8c2910f1f93b15cb1ef0ee5b67876b26b8 Loading...

	unknown	ScriptElement	646 B	2025-02-19	2025-02-19
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-19 08:46 Last Seen2025-02-19 08:46 Times Seen1 Hash a4d3c4e5adb3e818c9618f661677be46 a1a65efefcf496d91e49aa168ef0b18f0a64548d 596a6b6f1ccc3ad892d250e26e6a7738e2ffa73a45d3c92da43213515950003a Loading...

		Size	First Seen	Last Seen
	#1 Eval - 6e04e66d41841212935627c9961acd7b	4.9 kB	2025-02-19 08:46	2025-02-19 08:46
Pretty Observations First Seen2025-02-19 08:46 Last Seen2025-02-19 08:46 Times Seen1 Hash 6e04e66d41841212935627c9961acd7b 65ad3b93ad8859b8c1f88c7bc2c89c2d01be5823 d0b4b4f15472a26ed2600531b557329f37c0dfc4fa8c56d7ef5ac69803c5e5d2 Loading...

	#2 Eval - 30f3ba348195d0237b2d43fa12995f5e	1.8 kB	2025-02-19 08:46	2025-02-19 08:46
Pretty Observations First Seen2025-02-19 08:46 Last Seen2025-02-19 08:46 Times Seen1 Hash 30f3ba348195d0237b2d43fa12995f5e 75ac2cbd1b7a65501d22d6f7bb010b580d855da7 b5a9784336de7a8bb08a0d3169e31420dd5da9373c22fb941a9bdff651df93ea Loading...

	#3 Eval - e02c5cea485ebc4c57548fb383b0fe08	198 kB	2025-02-12 21:51	2025-03-05 21:26
Pretty Observations First Seen2025-02-12 21:51 Last Seen2025-03-05 21:26 Times Seen5350 Hash e02c5cea485ebc4c57548fb383b0fe08 46ca89bcbd64f2c27cb2147b23ff976c7d93ebeb 944a843f8023cf4d833b53d7714e30bdb2aa2625248becc7c38e4de9ebf47071 Loading...

	#4 Eval - e9ce3aa8ed1847c1d2e608dcd8445713	149 kB	2025-02-12 21:51	2025-03-02 04:44
Pretty Observations First Seen2025-02-12 21:51 Last Seen2025-03-02 04:44 Times Seen4685 Hash e9ce3aa8ed1847c1d2e608dcd8445713 c9cfe3514bad81fa8149990266572b73e14e2cd1 b51043dd7aaa1bc4205fc0f00653c26b8d92f836198668cc92b7902493ba2bf5 Loading...

	#5 Eval - baffd4147f004eb68a113ac645d706e0	1.7 kB	2025-02-19 08:46	2025-02-19 08:46
Pretty Observations First Seen2025-02-19 08:46 Last Seen2025-02-19 08:46 Times Seen1 Hash baffd4147f004eb68a113ac645d706e0 93087f41aa388520789761ca917b0ae9345e9a87 ef2709756d6c198a735d9ad958dd79f46ccc1df36d847101551c5c69585628bf Loading...

	#6 Eval - f66dd2a8f812dbef4a0e10ae75dd0864	13 kB	2025-02-19 08:46	2025-02-19 08:46
Pretty Observations First Seen2025-02-19 08:46 Last Seen2025-02-19 08:46 Times Seen1 Hash f66dd2a8f812dbef4a0e10ae75dd0864 9435be969f5147b0d3eae3d3adb3905caca3c39b 30c61535d9daeb8454bb357647a74199f9676dfd76400a897d81d9ea683dfa46 Loading...

		Size	First Seen	Last Seen
	#1 Write - b86cdd651747b985f6dbb797146187f4	135 kB	2025-02-19 08:46	2025-02-19 08:46
Pretty Observations First Seen2025-02-19 08:46 Last Seen2025-02-19 08:46 Times Seen1 Hash b86cdd651747b985f6dbb797146187f4 8fb7517c2a785ede5954cfcb3c0a298cc2c395c8 1b2259bf7478a3b45f7248760aa7844d5131a2295008aeeac6b4238970622854 Loading...

	#2 Write - 76b4c250ba7ac38813c67b47980a5274	8.4 kB	2025-02-19 08:46	2025-02-19 08:46
Pretty Observations First Seen2025-02-19 08:46 Last Seen2025-02-19 08:46 Times Seen1 Hash 76b4c250ba7ac38813c67b47980a5274 89246a007f27bbf38e8d8ab17e4b67b1f5bd9139 2d47a42c0517e460abdd5ee4a0cb04921a625b58e939f85a56311154fd36212a Loading...

	#3 Write - 1457032ce5180c8c3ab86fa1911415c4	144 kB	2025-02-19 08:46	2025-02-19 08:46
Pretty Observations First Seen2025-02-19 08:46 Last Seen2025-02-19 08:46 Times Seen1 Hash 1457032ce5180c8c3ab86fa1911415c4 02209c66395bb0194849be6f0567eb30a08e1f8c a480c2508455cbc0ef03ef341d7b35aad83cea4148a9a10e27013a022ba20672 Loading...

HTTP Transactions (42)

URL IP Response Size

www.subbly.co/referral_program?r=326936&return=HtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQHNsdXJwbWFpbC5uZXQ=&opi=256371986142&usg=lxfGUQNysmkDx&source=gmail&ust=9267284461223020&usg=AOaY2pZBJ0UQjng20rOWFwZaY2pZBJ0UQqR230/1/010001951a9ed9e2-68501440-db10-4a3b-b44d-79f205acc376-000000/EU-jlW_82exR-vPRl5XMMjNw3lQ=413HtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQGRhbmRkZ2FyYWdlZG9vcnMuY29tHtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQGRhbmRkZ2FyYWdlZG9vcnMuY29tHtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQGRhbmRkZ2FyYWdlZG9vcnMuY29tHtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQGRhbmRkZ2FyYWdlZG9vcnMuY29tHtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQGRhbmRkZ2FyYWdlZG9vcnMuY29tHtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQGRhbmRkZ2FyYWdlZG9vcnMuY29tHtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQGRhbmRkZ2FyYWdlZG9vcnMuY29tHtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQGRhbmRkZ2FyYWdlZG9vcnMuY29t

104.18.5.93

301 Moved Permanently

472 B

URL
www.subbly.co/referral_program?r=326936&return=HtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQHNsdXJwbWFpbC5uZXQ=&opi=256371986142&usg=lxfGUQNysmkDx&source=gmail&ust=9267284461223020&usg=AOaY2pZBJ0UQjng20rOWFwZaY2pZBJ0UQqR230/1/010001951a9ed9e2-68501440-db10-4a3b-b44d-79f205acc376-000000/EU-jlW_82exR-vPRl5XMMjNw3lQ=413HtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQGRhbmRkZ2FyYWdlZG9vcnMuY29tHtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQGRhbmRkZ2FyYWdlZG9vcnMuY29tHtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQGRhbmRkZ2FyYWdlZG9vcnMuY29tHtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQGRhbmRkZ2FyYWdlZG9vcnMuY29tHtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQGRhbmRkZ2FyYWdlZG9vcnMuY29tHtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQGRhbmRkZ2FyYWdlZG9vcnMuY29tHtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQGRhbmRkZ2FyYWdlZG9vcnMuY29tHtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQGRhbmRkZ2FyYWdlZG9vcnMuY29t
IP
104.18.5.93:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
64e4b4e7c471c9f8de0de44d9168661b
190f9cac931acdc4b0b8d30a7369e83c757bdf20
e9d463ad535acc8b0033166bf6c355ed62c235534db6307fc2ba862ecaa288e8

HTTP Headers

GET /referral_program?r=326936&return=HtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQHNsdXJwbWFpbC5uZXQ=&opi=256371986142&usg=lxfGUQNysmkDx&source=gmail&ust=9267284461223020&usg=AOaY2pZBJ0UQjng20rOWFwZaY2pZBJ0UQqR230/1/010001951a9ed9e2-68501440-db10-4a3b-b44d-79f205acc376-000000/EU-jlW_82exR-vPRl5XMMjNw3lQ=413HtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQGRhbmRkZ2FyYWdlZG9vcnMuY29tHtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQGRhbmRkZ2FyYWdlZG9vcnMuY29tHtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQGRhbmRkZ2FyYWdlZG9vcnMuY29tHtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQGRhbmRkZ2FyYWdlZG9vcnMuY29tHtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQGRhbmRkZ2FyYWdlZG9vcnMuY29tHtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQGRhbmRkZ2FyYWdlZG9vcnMuY29tHtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQGRhbmRkZ2FyYWdlZG9vcnMuY29tHtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQGRhbmRkZ2FyYWdlZG9vcnMuY29t HTTP/1.1
Host: www.subbly.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Wed, 19 Feb 2025 08:46:18 GMT
content-type: text/html; charset=UTF-8
location: HtTPs://alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQHNsdXJwbWFpbC5uZXQ=
cf-ray: 9144fc54a914568e-OSL
cf-cache-status: DYNAMIC
strict-transport-security: max-age=15724800; includeSubDomains
set-cookie: csrf_cookie_subbly=eyJpdiI6Iiswekk4REhTN1NCMXZ3ZVVoQ2puVVE9PSIsInZhbHVlIjoiMWJqS3ZBcG1uM0ZXeE11ckg5S25UZGpDc3ZrKzBJcEVUNm5rOFhERm91V0dyTnVobmp5Y1JxMFBaRDVOUHRBRCIsIm1hYyI6ImEzNDkxNTJlYmU4MzMyNzUxNGNkNWNhYzI4OGMwZDEzOWVhYmNlZWI1NGFmY2FiYjExYzUzNjQxNTk1NDA2NzYifQ%3D%3D; expires=Wed, 19-Feb-2025 10:46:18 GMT; Max-Age=7200; path=/; domain=.subbly.co; secure; httponly; samesite=lax
ci_session=eyJpdiI6IlVVZGVSUlI2bkVJSzNuUjNCZ29heFE9PSIsInZhbHVlIjoiNlZsQkRwdmdUYzBrRXpYUDFGNUJzM1wvZThDbG5QU1wvYVRCeVVSVmNacXhneHBjMW9JRDhFQzhvWjRTUlZqUFZNa0pJVTI0QlNLXC95XC9DUjlYUWVSZFJRPT0iLCJtYWMiOiJkMDgyZDNmODJhYzhjODdhNzUwODQzYjYwOWJlZWJkYWYxZDkzNmM5MzM1ODk1MDk5YWQ1YjNjMjlmYzYyZTU1In0%3D; expires=Wed, 19-Feb-2025 10:46:18 GMT; Max-Age=7200; path=/; domain=.subbly.co; secure; httponly; samesite=lax
x-robots-tag: noindex
vary: Accept-Encoding
x-frame-options: sameorigin
server: cloudflare
X-Firefox-Spdy: h2

alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQHNsdXJwbWFpbC5uZXQ=

192.64.117.201

200 OK

0 B

URL
alumincompanybw.com/auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQHNsdXJwbWFpbC5uZXQ=
IP
192.64.117.201:0
ASN
#22612 NAMECHEAP-NET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /auth/oy0KWKhcRZoQAfH0o8sz0JFf/ZGFsbGFzQHNsdXJwbWFpbC5uZXQ= HTTP/1.1
Host: alumincompanybw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
refresh: 0;url=https://Nv.vwnrju.ru/Is5axnrWbRNTrs/#Edallas@slurpmail.net
content-type: text/html; charset=UTF-8
content-length: 0
date: Wed, 19 Feb 2025 08:46:19 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback

104.18.94.41

302 Found

0 B

URL
challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
IP
104.18.94.41:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nv.vwnrju.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Wed, 19 Feb 2025 08:46:21 GMT
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public
cross-origin-resource-policy: cross-origin
location: /turnstile/v0/g/0e3e6804b971/api.js
vary: Accept-Encoding
server: cloudflare
cf-ray: 9144fc697d340b69-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

104.17.25.14

200 OK

14 kB

URL GET HTTP/3
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint00:0E:39:59:53:CF:68:07:90:75:EB:68:26:B9:04:22:44:7D:9A:32
ValidityFri, 24 Jan 2025 09:16:22 GMT - Thu, 24 Apr 2025 10:16:21 GMT

File type
JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Size
14 kB (13972 bytes)
Hash
2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762

HTTP Headers

GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nv.vwnrju.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 19 Feb 2025 08:46:21 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 359739
expires: Mon, 09 Feb 2026 08:46:21 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7ILw9o8qfe7af6Ixdwa8ps5qaFvapy330icC5Zqf3nXS9vFm%2BooZSpxne7vP7CaYMUlvprT2r%2FkeQjaF6rwbaAwQXFTMyi5vKwYIaVm35R8LjWM1%2Fvz2wnuR7xZTwzM4lUHF1ayr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 9144fc69799e5697-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.6.0.min.js

151.101.130.137

200 OK

31 kB

URL GET HTTP/2
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.130.137:443
ASN
#54113 FASTLY

Requested by
https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
31 kB (30875 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nv.vwnrju.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 19 Feb 2025 08:46:21 GMT
age: 3708316
x-served-by: cache-lga21931-LGA, cache-hel1410027-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 682604
x-timer: S1739954782.686744,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

challenges.cloudflare.com/turnstile/v0/g/0e3e6804b971/api.js

104.18.94.41

200 OK

17 kB

URL
challenges.cloudflare.com/turnstile/v0/g/0e3e6804b971/api.js
IP
104.18.94.41:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (48263)
Size
17 kB (17132 bytes)
Hash
8bde1466278edbc80095065c0a8606b6
f99781a5a0fa1ae58218329f47c5163363b403d0
5bba95cd14598342c37b07f71259e8813ba6c1e856d0bed270105f50d88309d0

HTTP Headers

GET /turnstile/v0/g/0e3e6804b971/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nv.vwnrju.ru/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 19 Feb 2025 08:46:21 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Fri, 14 Feb 2025 14:12:08 GMT
cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
priority: u=2,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 9144fc69eee85685-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

nv.vwnrju.ru/Is5axnrWbRNTrs/

104.21.24.27

200 OK

35 kB

URL
nv.vwnrju.ru/Is5axnrWbRNTrs/
IP
104.21.24.27:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (65390)
Size
35 kB (34839 bytes)
Hash
f0a9c5cae7ac5a62c401bab6597149d6
db0874b165dca7778b9a1f32ed930d6055ca2cc6
7a16261dafe412d2746f9622d071c1155514c632803b2deab3543264a5046ed2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /Is5axnrWbRNTrs/ HTTP/1.1
Host: nv.vwnrju.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 19 Feb 2025 08:46:21 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LYFOycPG2B%2Fkk%2FHmCMUogo6P%2Bzszj9%2FQwAht0HtgFIKlg5v4KatZSPqAlix7K2kxvuim715UGENtD2hNw1JMqqIgnHg1p9nd78hnhbuFIUQPUHgcJ%2F5mktTXRU310w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6IkpqdHFQZXVHQXM1V1pXTHdYTWVBTUE9PSIsInZhbHVlIjoidFdET09DQ2hPaUw4NERPeVVWQTE0SHg2cGZzRmVkRnRCbUh2WmpGcDAxM0tvUGZRQ3cxeFcvTG5DV0JnYXV4U3pKcW16SHQwL3NPaENSOUNwOVQzSmhCa1VwZ2NZMDFmcjg1TzZKT2d0MXg5Q1RYYTg3UitZWmJUeEtIVWQxbUQiLCJtYWMiOiI3NDkyMjA1ZjMyMmI2ODNiNjAwY2QyNjEzM2FmNzhkMTFiNjFiMjhmOWVhMjljNjEzNjI4ZGQ5YzgxMjQ2YjUxIiwidGFnIjoiIn0%3D; expires=Wed, 19-Feb-2025 10:46:21 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6ImNQVjhEYVhUd09PRGNLbHk4RXpHTUE9PSIsInZhbHVlIjoiSjNqOXZDRXRpYWtqRXhZSjB5eTRnOHEvL1h6dzVmMXJoV280UlR0VWJqdFBmMkh2cEdKUUZIejRRS0c2dVJab3lDT3MvT0REZUQ4bUNIUXBFaGNpbTVjbkF3NE5wN29zNlF1RWJ4UTRpNWR4R3I1TDdVd1lKck1DVHc3djdQbnAiLCJtYWMiOiJhN2Q4YTIwM2E0NGViMjA5NTQ3YjE3MTc5YTAzOTc3OWJlNDI2NDg3MTFmMDcwNWE5YjNhMGY4NjMxMTQ0ODYyIiwidGFnIjoiIn0%3D; expires=Wed, 19-Feb-2025 10:46:21 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
server: cloudflare
cf-ray: 9144fc5c385e56aa-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=1233&min_rtt=1229&rtt_var=464&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2822&recv_bytes=1392&delivery_rate=2356387&cwnd=251&unsent_bytes=0&cid=e50b6e8f42a078f9&ts=156&x=0", cfL4;desc="?proto=TCP&rtt=576&min_rtt=495&rtt_var=156&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3195&recv_bytes=1136&delivery_rate=6819466&cwnd=254&unsent_bytes=0&cid=c5cf8af71e7eea85&ts=1911&x=0"
X-Firefox-Spdy: h2

nv.vwnrju.ru/taQpv1hyHZXMpy49rmWNrbF3acQRtr

104.21.24.27

200 OK

40 kB

URL
nv.vwnrju.ru/taQpv1hyHZXMpy49rmWNrbF3acQRtr
IP
104.21.24.27:0
ASN
#13335 CLOUDFLARENET

File type
JSON text data
Size
40 kB (40241 bytes)
Hash
5820854f62a6eb3d38ba7ba0d1b3ea75
639df0b84fe699b4a290a713fd6b9a94bd4deb95
912d0c07da7bdb22cdae025b96da26d01523aaab7362edb28544e3949deb369d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

POST /taQpv1hyHZXMpy49rmWNrbF3acQRtr HTTP/1.1
Host: nv.vwnrju.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nv.vwnrju.ru/Is5axnrWbRNTrs/
Content-Type: multipart/form-data; boundary=---------------------------34281246193836431098741483065
Content-Length: 920
Origin: https://nv.vwnrju.ru
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkpqdHFQZXVHQXM1V1pXTHdYTWVBTUE9PSIsInZhbHVlIjoidFdET09DQ2hPaUw4NERPeVVWQTE0SHg2cGZzRmVkRnRCbUh2WmpGcDAxM0tvUGZRQ3cxeFcvTG5DV0JnYXV4U3pKcW16SHQwL3NPaENSOUNwOVQzSmhCa1VwZ2NZMDFmcjg1TzZKT2d0MXg5Q1RYYTg3UitZWmJUeEtIVWQxbUQiLCJtYWMiOiI3NDkyMjA1ZjMyMmI2ODNiNjAwY2QyNjEzM2FmNzhkMTFiNjFiMjhmOWVhMjljNjEzNjI4ZGQ5YzgxMjQ2YjUxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImNQVjhEYVhUd09PRGNLbHk4RXpHTUE9PSIsInZhbHVlIjoiSjNqOXZDRXRpYWtqRXhZSjB5eTRnOHEvL1h6dzVmMXJoV280UlR0VWJqdFBmMkh2cEdKUUZIejRRS0c2dVJab3lDT3MvT0REZUQ4bUNIUXBFaGNpbTVjbkF3NE5wN29zNlF1RWJ4UTRpNWR4R3I1TDdVd1lKck1DVHc3djdQbnAiLCJtYWMiOiJhN2Q4YTIwM2E0NGViMjA5NTQ3YjE3MTc5YTAzOTc3OWJlNDI2NDg3MTFmMDcwNWE5YjNhMGY4NjMxMTQ0ODYyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 19 Feb 2025 08:46:31 GMT
content-type: application/json
cache-control: no-cache, private
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Cyumm9fcbVHJmvIX13aZuiPySn8zrPBWJgduBYiyfj1C7ikEqxqvu2DHNS7vlilFOSi7EguN0NZaMHHSVSFttAF%2FRTwTezeVM6LDuyFIuatPQOvnonWh4Pa5PMr7fQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6InZGK0Z5NGZFWTNKZmV4RzlQTWEzTlE9PSIsInZhbHVlIjoiU3lpYThoZWJSNG9DbjFBZjNQMHlqQTBnNmNaMXNvTExUdmwyMi9FMVpLdHNRMlkvZ3QxRDNGL3FTSDdVa2l4MmgzakdxL3h0akl3bEpkK3VEdzRpNWNHemszTk92ZkpwK25uQUdob0crVW9BTFBDb3kwSVdaY1M2ZUJHN1VqODciLCJtYWMiOiIwM2ViMjk5ODAzMGYyMjBlNTMzMGU1ZjBiYTViYjYzOWQyY2Q1MTA0YzNjYWMzMDZmMDFlYWRhZDE5ZmQyNjAwIiwidGFnIjoiIn0%3D; expires=Wed, 19-Feb-2025 10:46:31 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IjlIbTFLdzA4UFVLQVIyMWMwQVJGZVE9PSIsInZhbHVlIjoiUGIxcDl6cDd4cWhNVDZlZFRuU0NRYmxGcXlCcTI1N0c5eDVxcmRXbWx4UmF3MkhlMmRTQU9hSkpQVjEyNURNNDQ5clkvakJ6R2loUDFjR3dVd001WWVPNjJaNk5GVlBGNXByaTZ2NmdZSjFpQ0xOcjJjT1NocHZIdCtOOVhOS0wiLCJtYWMiOiIzZWY5MTQ5NWM3ZGEwZmI5YjNjYzM4ODk3YWYzODZkNzM4ZDFmMmE5ZTFiOTM2MzUzYzkzMjY1NDQzZmQxMzkwIiwidGFnIjoiIn0%3D; expires=Wed, 19-Feb-2025 10:46:31 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
vary: accept-encoding
priority: u=4,i=?0
server: cloudflare
cf-ray: 9144fca89e961c06-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=1257&min_rtt=1210&rtt_var=487&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2824&recv_bytes=3164&delivery_rate=2393388&cwnd=251&unsent_bytes=0&cid=7f39279b5875f17d&ts=133&x=0", cfL4;desc="?proto=QUIC&rtt=5469&min_rtt=2279&rtt_var=3133&sent=13&recv=11&lost=0&retrans=0&sent_bytes=4141&recv_bytes=2952&delivery_rate=260611&cwnd=12000&unsent_bytes=0&cid=6e3cc140cce5b77d&ts=10509&x=1", cfExtPri, cfHdrFlush;dur=0

cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

104.17.25.14

200 OK

14 kB

URL GET HTTP/3
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint00:0E:39:59:53:CF:68:07:90:75:EB:68:26:B9:04:22:44:7D:9A:32
ValidityFri, 24 Jan 2025 09:16:22 GMT - Thu, 24 Apr 2025 10:16:21 GMT

File type
JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Size
14 kB (13972 bytes)
Hash
2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762

HTTP Headers

GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nv.vwnrju.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 19 Feb 2025 08:46:32 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 359750
expires: Mon, 09 Feb 2026 08:46:32 GMT
accept-ranges: bytes
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TsqEKId2MGa9PU5eMbpcavFzcDa770Oyfc%2BTElBSv6UxRBdNs%2BPEAuL3jk3WTPp9FKMaeD9Q7Pdz4YjyznHqwdq1ibhj6kkHGVsEeSkt%2F2otToc3ipAbiRJrVWUpNawlM3xEGhXu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 9144fcab6b74569a-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

nv.vwnrju.ru/xy5C6ABgYRfQeADUOyjMJZhkRwq2XqffKG4bXtelhOdfJfw

104.21.24.27

200 OK

105 kB

URL
nv.vwnrju.ru/xy5C6ABgYRfQeADUOyjMJZhkRwq2XqffKG4bXtelhOdfJfw
IP
104.21.24.27:0
ASN
#13335 CLOUDFLARENET

File type
JSON text data
Size
105 kB (104999 bytes)
Hash
5c7d08203b00f70d63fe238760979684
1a2dab08bfb513cd25ee417853934a2bc5d9f395
ecf2ec7a377e8a2e8a20735208372ab8e792ac78331e59d88cfae809988aa3ef

HTTP Headers

POST /xy5C6ABgYRfQeADUOyjMJZhkRwq2XqffKG4bXtelhOdfJfw HTTP/1.1
Host: nv.vwnrju.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 29
Origin: https://nv.vwnrju.ru
DNT: 1
Connection: keep-alive
Referer: https://nv.vwnrju.ru/Is5axnrWbRNTrs/
Cookie: XSRF-TOKEN=eyJpdiI6ImRIcjJYM2ZPWjdvaVFQNlhzM29JQUE9PSIsInZhbHVlIjoibVpwcmdYS0JreWhZeUFMbSsvQmZLU1JoNFNCdzJwZzFZbHFybmhyU3RscCtJdUV4RFlicG8rWHQzanYrRjdKaFJvUGhMcUhESmVCS2NkeFA2QmIvTVQ2VGlrS3NrcUV0aEFiWGZCVVZFaWZvaCtoTXp1MEZGWWt1NW54eVJLVkwiLCJtYWMiOiJlMmZiNWEwNmRkOWJhNjk0NDI2NjBiZWQyZDUzZTRhY2JhNzk3OWExZGEzNjhiODFmNTVjNjcyNjYzZmI3ZDg3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlBNeDBMVGZDNHhScHBNMWxVLzQ1c2c9PSIsInZhbHVlIjoiTlNrY250Wk56WXVKalh6VXlXZlV5UG5idisyKzRiWDFwSzRlQzNRckRHL2RBMksrcGZiYll0aExJa1lzdkw2eDZCYjhaNFVZdUoxZS9JbDZpRDlITTJUMTFhV0pKS1VjZXk3cXJ2d1dTbm5lZUMvQUdVbmhSYTY4cGFHdUtRaXMiLCJtYWMiOiIyN2ZiMDNiMTE0NjMyNDc0MjAwNDYyZmNhY2RkNWY1M2Q0M2I4NjZkMGY1NzVmNGZjZDg3OTY4MWUwY2VmODNjIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 19 Feb 2025 08:46:32 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QUlrdDH9oa%2ByBD6MoiE63hf%2FWFFvWixX1qs6xwgmGAN46mmkCUj65gWq1YiOVLQj1IbYbNsueJ%2F3xQZEAye%2F5HIuWCicF8a%2FMkUV%2Fov1Tbcxldtx8byqwgiQ7tnuBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6IkRJNVdXajA2Nlc5VjZNZk9IQzlTaHc9PSIsInZhbHVlIjoieXRMTlVXSDF1dFVUaytRcGJtc2pkZUR2NVU4ODdHa3ZtaWpOaXBuRmI3V1l5dTJGb3h3MFY5MktQZkZXK3ZOWFRQK0tDS21HQk5qS2k1OVVRZVp3NHlKYTlRbzhSSkdibVlWVGNvY3c1WGFXWDJZSHZQd0VPa3U4Rm9neUlzVVUiLCJtYWMiOiJkOTljMmRjMWE4NTQ3MzAxNzQ4YTNkYWFkNGQ0MTUyODE2YzU0ZGVjMjZjNGM0YjZhZjYzNGEwZDc2OWI4ZTFhIiwidGFnIjoiIn0%3D; expires=Wed, 19-Feb-2025 10:46:32 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IkJSK3hQdWtOKzBxUE5MYklURlVBSEE9PSIsInZhbHVlIjoiMmhwS2VoQ0VkWjZ2Nmh0R0UxNHhnM3h6d3oxNXJNeFA4VzBtMkN6em83cDUxbmlqT1llNlBiYjhYNkNMS00vWHl6SlkzUDRhaDNLTldnV0tUdHlNNEJETU50WGJ6bkFtaVoyT1R6TDQ3ZjhCZ2l3cWNNcWFPNm1SOHkrRzRrWHYiLCJtYWMiOiI5ZmU1NGRmNjkyMmYxYzJjYzkyMGFmNzQ0YTY2ZDMzYjk0Njc0ZDkyMjAwOTAzOWI3ZDkzZjg3N2Y2MDVlYzRmIiwidGFnIjoiIn0%3D; expires=Wed, 19-Feb-2025 10:46:32 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
priority: u=3,i=?0
server: cloudflare
cf-ray: 9144fcabe9c71c06-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=1167&min_rtt=1150&rtt_var=443&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2824&recv_bytes=2270&delivery_rate=2518260&cwnd=251&unsent_bytes=0&cid=ffd94bd2b41b7aae&ts=152&x=0", cfL4;desc="?proto=QUIC&rtt=3818&min_rtt=1729&rtt_var=2653&sent=32&recv=19&lost=0&retrans=0&sent_bytes=17872&recv_bytes=5947&delivery_rate=6007&cwnd=12000&unsent_bytes=0&cid=6e3cc140cce5b77d&ts=11056&x=1", cfExtPri, cfHdrFlush;dur=0

cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

104.17.25.14

200 OK

14 kB

URL GET HTTP/3
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint00:0E:39:59:53:CF:68:07:90:75:EB:68:26:B9:04:22:44:7D:9A:32
ValidityFri, 24 Jan 2025 09:16:22 GMT - Thu, 24 Apr 2025 10:16:21 GMT

File type
JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Size
14 kB (13972 bytes)
Hash
2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762

HTTP Headers

GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nv.vwnrju.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 19 Feb 2025 08:46:33 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 359751
expires: Mon, 09 Feb 2026 08:46:33 GMT
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L03HnqZv%2F1nYEOOTol9rGK%2Fn%2FCWw20uTzt4fPUGZemjKHlN4UhCqqkuqX1M6tK9s2mm%2F4jAgqAO0cC8UyZ%2BoUbBhjjVsWeb5Bl4VDfaCGP48CpzgMyq95qwdvLKWW3QnJl%2B1Bfcj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 9144fcb079fd569a-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

nv.vwnrju.ru/GDSherpa-bold.woff2

104.21.24.27

200 OK

28 kB

URL GET HTTP/3
nv.vwnrju.ru/GDSherpa-bold.woff2
IP
104.21.24.27:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Certificate
IssuerGoogle Trust Services
Subjectvwnrju.ru
Fingerprint86:C5:DD:95:51:38:F6:8E:1A:2C:1F:19:08:1D:17:22:01:15:A2:1A
ValiditySun, 09 Feb 2025 22:29:15 GMT - Sat, 10 May 2025 23:22:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28000, version 1.66
Size
28 kB (28000 bytes)
Hash
a4bca6c95fed0d0c5cc46cf07710dcec
73b56e33b82b42921db8702a33efd0f2b2ec9794
5a51d246af54d903f67f07f2bd820ce77736f8d08c5f1602db07469d96dbf77f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /GDSherpa-bold.woff2 HTTP/1.1
Host: nv.vwnrju.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkkzQzBqRTQvVTREeFAzWU5wV3hDL0E9PSIsInZhbHVlIjoiWnltbjArc3BRME5aMG1yU09vamRibk03bHc1SGl6WkNReGVCMDBYM2JSdEhMb1cyNnhUQmV6RWR4MUdjR1BWVWN2TnJiSDIvK0F6aUNPM1FqTjd3QmZLTlc3Z3NrK0E2S2o3R2theUhxL1EwelYvM2RMQmJ6S0F0L2FFYkpKWDQiLCJtYWMiOiI2ZmFmZTBkYmM5NzE4N2Q3ZDIzYTMwNjliN2M4YjUxMzNjN2JlZGIxNGYzYzEwOWRmNDZkNWFmNDViNjI2YWM0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijc5Zk9xdjlRaWZrOUNVZWJnR3IxcGc9PSIsInZhbHVlIjoib3V3c0Znd29zVi9zS3R3YU9KelVObVhIYm5PNTFtaVQwTXpuakhZTWNPRnBRQnJsRDRqRlZndnBJUFo3RlBHYVlhZ25MYnM5Qi9CTWZZazRyeWJhaGM4Tnp2bjVaS3g3M1RrRmhWdjhzY0dQNm5hdlUrY1oyQkF1WnQ0QXl0NzYiLCJtYWMiOiI2MjYzYjgyNDNmMWFjNjY4MTZhOGRkYjY2M2RmNmVmZDU4NTI0NmM0MWI2NjE4YWJlNDYwMTZhY2I0ZGM3NmFhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 19 Feb 2025 08:46:33 GMT
content-type: font/woff2
content-length: 28000
content-disposition: inline; filename="GDSherpa-bold.woff2"
cache-control: max-age=14400
last-modified: Wed, 19 Feb 2025 08:46:18 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sAtKN71hyQclywjQpRa8uFqgY8bQgpkJOQ9ACwpg8DYaQYHtX95v2GVYZKVwkNHeNnhgwK1Hn%2FL1PtWH4c4HvyqGh%2BeBIyC3AXw0rMoLaRGQcwkT%2Fi0UxH2lEL3GVA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 15
accept-ranges: bytes
priority: u=3,i=?0
server: cloudflare
cf-ray: 9144fcb07e461c06-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=1346&min_rtt=1197&rtt_var=555&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2232&delivery_rate=2419381&cwnd=251&unsent_bytes=0&cid=df5249f75166ab23&ts=174&x=0", cfL4;desc="?proto=QUIC&rtt=1652&min_rtt=637&rtt_var=1072&sent=110&recv=44&lost=0&retrans=0&sent_bytes=97291&recv_bytes=17997&delivery_rate=8810462&cwnd=24000&unsent_bytes=0&cid=6e3cc140cce5b77d&ts=11599&x=1", cfExtPri, cfHdrFlush;dur=2

nv.vwnrju.ru/GDSherpa-bold.woff

104.21.24.27

200 OK

36 kB

URL GET HTTP/3
nv.vwnrju.ru/GDSherpa-bold.woff
IP
104.21.24.27:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Certificate
IssuerGoogle Trust Services
Subjectvwnrju.ru
Fingerprint86:C5:DD:95:51:38:F6:8E:1A:2C:1F:19:08:1D:17:22:01:15:A2:1A
ValiditySun, 09 Feb 2025 22:29:15 GMT - Sat, 10 May 2025 23:22:48 GMT

File type
Web Open Font Format, TrueType, length 35970, version 1.0
Size
36 kB (35970 bytes)
Hash
496b7bbde91c7dc7cf9bbabbb3921da8
2bd3c406a715ab52dad84c803c55bf4a6e66a924
ae40a04f95df12b0c364f26ab691dc0c391d394a28bcdb4aeacfaca325d0a798

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /GDSherpa-bold.woff HTTP/1.1
Host: nv.vwnrju.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkkzQzBqRTQvVTREeFAzWU5wV3hDL0E9PSIsInZhbHVlIjoiWnltbjArc3BRME5aMG1yU09vamRibk03bHc1SGl6WkNReGVCMDBYM2JSdEhMb1cyNnhUQmV6RWR4MUdjR1BWVWN2TnJiSDIvK0F6aUNPM1FqTjd3QmZLTlc3Z3NrK0E2S2o3R2theUhxL1EwelYvM2RMQmJ6S0F0L2FFYkpKWDQiLCJtYWMiOiI2ZmFmZTBkYmM5NzE4N2Q3ZDIzYTMwNjliN2M4YjUxMzNjN2JlZGIxNGYzYzEwOWRmNDZkNWFmNDViNjI2YWM0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijc5Zk9xdjlRaWZrOUNVZWJnR3IxcGc9PSIsInZhbHVlIjoib3V3c0Znd29zVi9zS3R3YU9KelVObVhIYm5PNTFtaVQwTXpuakhZTWNPRnBRQnJsRDRqRlZndnBJUFo3RlBHYVlhZ25MYnM5Qi9CTWZZazRyeWJhaGM4Tnp2bjVaS3g3M1RrRmhWdjhzY0dQNm5hdlUrY1oyQkF1WnQ0QXl0NzYiLCJtYWMiOiI2MjYzYjgyNDNmMWFjNjY4MTZhOGRkYjY2M2RmNmVmZDU4NTI0NmM0MWI2NjE4YWJlNDYwMTZhY2I0ZGM3NmFhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 19 Feb 2025 08:46:33 GMT
content-type: font/woff
content-length: 35970
content-disposition: inline; filename="GDSherpa-bold.woff"
cache-control: max-age=14400
last-modified: Wed, 19 Feb 2025 08:46:18 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SJWfQNI7CcuxhXSk9zdQQqnUc18Wn5Cl3m%2B1lJUt%2B2DdhCQxIO6Eum3u3z19eY6DoTOZ5Ltsx%2FQ9EHkmJ0FBfFRQdONnpoNudpGfNw7nEcAGdvuOB2z4xfRYWHkBYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 15
accept-ranges: bytes
priority: u=3,i=?0
server: cloudflare
cf-ray: 9144fcb07e471c06-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=945&min_rtt=887&rtt_var=374&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2231&delivery_rate=3264937&cwnd=251&unsent_bytes=0&cid=8923b4502da95908&ts=172&x=0", cfL4;desc="?proto=QUIC&rtt=1638&min_rtt=637&rtt_var=832&sent=172&recv=46&lost=0&retrans=0&sent_bytes=169317&recv_bytes=19011&delivery_rate=2663402&cwnd=48000&unsent_bytes=0&cid=6e3cc140cce5b77d&ts=11603&x=1", cfExtPri, cfHdrFlush;dur=3

nv.vwnrju.ru/GDSherpa-regular.woff2

104.21.24.27

200 OK

29 kB

URL GET HTTP/3
nv.vwnrju.ru/GDSherpa-regular.woff2
IP
104.21.24.27:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Certificate
IssuerGoogle Trust Services
Subjectvwnrju.ru
Fingerprint86:C5:DD:95:51:38:F6:8E:1A:2C:1F:19:08:1D:17:22:01:15:A2:1A
ValiditySun, 09 Feb 2025 22:29:15 GMT - Sat, 10 May 2025 23:22:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28584, version 1.66
Size
29 kB (28584 bytes)
Hash
17081510f3a6f2f619ec8c6f244523c7
87f34b2a1532c50f2a424c345d03fe028db35635
2c7292014e2ef00374aeb63691d9f23159a010455784ee0b274ba7db2bcca956

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /GDSherpa-regular.woff2 HTTP/1.1
Host: nv.vwnrju.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkkzQzBqRTQvVTREeFAzWU5wV3hDL0E9PSIsInZhbHVlIjoiWnltbjArc3BRME5aMG1yU09vamRibk03bHc1SGl6WkNReGVCMDBYM2JSdEhMb1cyNnhUQmV6RWR4MUdjR1BWVWN2TnJiSDIvK0F6aUNPM1FqTjd3QmZLTlc3Z3NrK0E2S2o3R2theUhxL1EwelYvM2RMQmJ6S0F0L2FFYkpKWDQiLCJtYWMiOiI2ZmFmZTBkYmM5NzE4N2Q3ZDIzYTMwNjliN2M4YjUxMzNjN2JlZGIxNGYzYzEwOWRmNDZkNWFmNDViNjI2YWM0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijc5Zk9xdjlRaWZrOUNVZWJnR3IxcGc9PSIsInZhbHVlIjoib3V3c0Znd29zVi9zS3R3YU9KelVObVhIYm5PNTFtaVQwTXpuakhZTWNPRnBRQnJsRDRqRlZndnBJUFo3RlBHYVlhZ25MYnM5Qi9CTWZZazRyeWJhaGM4Tnp2bjVaS3g3M1RrRmhWdjhzY0dQNm5hdlUrY1oyQkF1WnQ0QXl0NzYiLCJtYWMiOiI2MjYzYjgyNDNmMWFjNjY4MTZhOGRkYjY2M2RmNmVmZDU4NTI0NmM0MWI2NjE4YWJlNDYwMTZhY2I0ZGM3NmFhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 19 Feb 2025 08:46:33 GMT
content-type: font/woff2
content-length: 28584
content-disposition: inline; filename="GDSherpa-regular.woff2"
cache-control: max-age=14400
last-modified: Wed, 19 Feb 2025 08:46:18 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3%2BCGrVTaFLQZIcw3NMC%2FzuN%2F09tVGFIkYYRjmd6bretnvfzJZYdLg7I9xq1EM6hjHTjYvOxCgO3E5vc8abEtTpPZAkee4NZajuepeNu2AdfaQEwK%2FyqnKB6Lu%2FjdCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 15
accept-ranges: bytes
priority: u=3,i=?0
server: cloudflare
cf-ray: 9144fcb07e481c06-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=896&min_rtt=889&rtt_var=338&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2824&recv_bytes=2236&delivery_rate=3257592&cwnd=251&unsent_bytes=0&cid=dc2875f8e792dedf&ts=171&x=0", cfL4;desc="?proto=QUIC&rtt=1652&min_rtt=637&rtt_var=1072&sent=110&recv=44&lost=0&retrans=0&sent_bytes=97291&recv_bytes=17997&delivery_rate=8810462&cwnd=24000&unsent_bytes=0&cid=6e3cc140cce5b77d&ts=11599&x=1", cfExtPri, cfHdrFlush;dur=0

nv.vwnrju.ru/GDSherpa-regular.woff

104.21.24.27

200 OK

37 kB

URL GET HTTP/3
nv.vwnrju.ru/GDSherpa-regular.woff
IP
104.21.24.27:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Certificate
IssuerGoogle Trust Services
Subjectvwnrju.ru
Fingerprint86:C5:DD:95:51:38:F6:8E:1A:2C:1F:19:08:1D:17:22:01:15:A2:1A
ValiditySun, 09 Feb 2025 22:29:15 GMT - Sat, 10 May 2025 23:22:48 GMT

File type
Web Open Font Format, TrueType, length 36696, version 1.0
Size
37 kB (36696 bytes)
Hash
a69e9ab8afdd7486ec0749c551051ff2
c34e6aa327b536fb48d1fe03577a47c7ee2231b8
fd78a1913db912221b8ead1e62fad47d1ff0a9fa6cd88d3b128a721ad91d2faf

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /GDSherpa-regular.woff HTTP/1.1
Host: nv.vwnrju.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkkzQzBqRTQvVTREeFAzWU5wV3hDL0E9PSIsInZhbHVlIjoiWnltbjArc3BRME5aMG1yU09vamRibk03bHc1SGl6WkNReGVCMDBYM2JSdEhMb1cyNnhUQmV6RWR4MUdjR1BWVWN2TnJiSDIvK0F6aUNPM1FqTjd3QmZLTlc3Z3NrK0E2S2o3R2theUhxL1EwelYvM2RMQmJ6S0F0L2FFYkpKWDQiLCJtYWMiOiI2ZmFmZTBkYmM5NzE4N2Q3ZDIzYTMwNjliN2M4YjUxMzNjN2JlZGIxNGYzYzEwOWRmNDZkNWFmNDViNjI2YWM0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijc5Zk9xdjlRaWZrOUNVZWJnR3IxcGc9PSIsInZhbHVlIjoib3V3c0Znd29zVi9zS3R3YU9KelVObVhIYm5PNTFtaVQwTXpuakhZTWNPRnBRQnJsRDRqRlZndnBJUFo3RlBHYVlhZ25MYnM5Qi9CTWZZazRyeWJhaGM4Tnp2bjVaS3g3M1RrRmhWdjhzY0dQNm5hdlUrY1oyQkF1WnQ0QXl0NzYiLCJtYWMiOiI2MjYzYjgyNDNmMWFjNjY4MTZhOGRkYjY2M2RmNmVmZDU4NTI0NmM0MWI2NjE4YWJlNDYwMTZhY2I0ZGM3NmFhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 19 Feb 2025 08:46:33 GMT
content-type: font/woff
content-length: 36696
content-disposition: inline; filename="GDSherpa-regular.woff"
cache-control: max-age=14400
last-modified: Wed, 19 Feb 2025 08:46:18 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u7juCmMiBYqN%2B4kICmUBkrDipJ1ODVt5TXfWegYBhiLPfp%2BMs80fEv61PQgYrk2UYkNVpNoxgj2P%2Fvs%2BenNY7kpoNGHMGsdTtsJovr1LhjvD5LHfzgCCgLfCsX%2FtcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 15
accept-ranges: bytes
priority: u=3,i=?0
server: cloudflare
cf-ray: 9144fcb07e491c06-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=816&min_rtt=780&rtt_var=318&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2234&delivery_rate=3712820&cwnd=245&unsent_bytes=0&cid=0eb343f2bf166fb6&ts=175&x=0", cfL4;desc="?proto=QUIC&rtt=1652&min_rtt=637&rtt_var=1072&sent=110&recv=44&lost=0&retrans=0&sent_bytes=97291&recv_bytes=17997&delivery_rate=8810462&cwnd=24000&unsent_bytes=0&cid=6e3cc140cce5b77d&ts=11599&x=1", cfExtPri, cfHdrFlush;dur=2

nv.vwnrju.ru/GDSherpa-vf.woff2

104.21.24.27

200 OK

44 kB

URL GET HTTP/3
nv.vwnrju.ru/GDSherpa-vf.woff2
IP
104.21.24.27:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Certificate
IssuerGoogle Trust Services
Subjectvwnrju.ru
Fingerprint86:C5:DD:95:51:38:F6:8E:1A:2C:1F:19:08:1D:17:22:01:15:A2:1A
ValiditySun, 09 Feb 2025 22:29:15 GMT - Sat, 10 May 2025 23:22:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 43596, version 1.0
Size
44 kB (43596 bytes)
Hash
2a05e9e5572abc320b2b7ea38a70dcc1
d5fa2a856d5632c2469e42436159375117ef3c35
3efcb941aaddaf4aea08dab3fb97d3e904aa1b83264e64b4d5bda53bc7c798ec

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /GDSherpa-vf.woff2 HTTP/1.1
Host: nv.vwnrju.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkkzQzBqRTQvVTREeFAzWU5wV3hDL0E9PSIsInZhbHVlIjoiWnltbjArc3BRME5aMG1yU09vamRibk03bHc1SGl6WkNReGVCMDBYM2JSdEhMb1cyNnhUQmV6RWR4MUdjR1BWVWN2TnJiSDIvK0F6aUNPM1FqTjd3QmZLTlc3Z3NrK0E2S2o3R2theUhxL1EwelYvM2RMQmJ6S0F0L2FFYkpKWDQiLCJtYWMiOiI2ZmFmZTBkYmM5NzE4N2Q3ZDIzYTMwNjliN2M4YjUxMzNjN2JlZGIxNGYzYzEwOWRmNDZkNWFmNDViNjI2YWM0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijc5Zk9xdjlRaWZrOUNVZWJnR3IxcGc9PSIsInZhbHVlIjoib3V3c0Znd29zVi9zS3R3YU9KelVObVhIYm5PNTFtaVQwTXpuakhZTWNPRnBRQnJsRDRqRlZndnBJUFo3RlBHYVlhZ25MYnM5Qi9CTWZZazRyeWJhaGM4Tnp2bjVaS3g3M1RrRmhWdjhzY0dQNm5hdlUrY1oyQkF1WnQ0QXl0NzYiLCJtYWMiOiI2MjYzYjgyNDNmMWFjNjY4MTZhOGRkYjY2M2RmNmVmZDU4NTI0NmM0MWI2NjE4YWJlNDYwMTZhY2I0ZGM3NmFhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 19 Feb 2025 08:46:33 GMT
content-type: font/woff2
content-length: 43596
content-disposition: inline; filename="GDSherpa-vf.woff2"
cache-control: max-age=14400
last-modified: Wed, 19 Feb 2025 08:46:18 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FlNnds7jKaEvXEfB7877LOFZMsfsJytQkD80sz3%2BFGMLvNAnM%2FkRuSoDlBOmfmVZ4VcER7mku%2FXp4ZTpgZ%2BcahGjf0m4v%2BW600gxU%2FwvpORC%2BNthPRvcd4pxbdefIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 15
accept-ranges: bytes
priority: u=3,i=?0
server: cloudflare
cf-ray: 9144fcb07e4a1c06-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=1204&min_rtt=1200&rtt_var=453&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2230&delivery_rate=2413333&cwnd=251&unsent_bytes=0&cid=c9b081c7aee4e676&ts=215&x=0", cfL4;desc="?proto=QUIC&rtt=1652&min_rtt=637&rtt_var=1072&sent=130&recv=44&lost=0&retrans=0&sent_bytes=121291&recv_bytes=17997&delivery_rate=8810462&cwnd=24000&unsent_bytes=0&cid=6e3cc140cce5b77d&ts=11600&x=1", cfExtPri, cfHdrFlush;dur=6

nv.vwnrju.ru/GDSherpa-vf2.woff2

104.21.24.27

200 OK

93 kB

URL GET HTTP/3
nv.vwnrju.ru/GDSherpa-vf2.woff2
IP
104.21.24.27:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Certificate
IssuerGoogle Trust Services
Subjectvwnrju.ru
Fingerprint86:C5:DD:95:51:38:F6:8E:1A:2C:1F:19:08:1D:17:22:01:15:A2:1A
ValiditySun, 09 Feb 2025 22:29:15 GMT - Sat, 10 May 2025 23:22:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 93276, version 1.0
Size
93 kB (93276 bytes)
Hash
bcd7983ea5aa57c55f6758b4977983cb
ef3a009e205229e07fb0ec8569e669b11c378ef1
6528a0bf9a836a53dfd8536e1786ba6831c9d1faa74967126fddf5b2081b858c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /GDSherpa-vf2.woff2 HTTP/1.1
Host: nv.vwnrju.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkkzQzBqRTQvVTREeFAzWU5wV3hDL0E9PSIsInZhbHVlIjoiWnltbjArc3BRME5aMG1yU09vamRibk03bHc1SGl6WkNReGVCMDBYM2JSdEhMb1cyNnhUQmV6RWR4MUdjR1BWVWN2TnJiSDIvK0F6aUNPM1FqTjd3QmZLTlc3Z3NrK0E2S2o3R2theUhxL1EwelYvM2RMQmJ6S0F0L2FFYkpKWDQiLCJtYWMiOiI2ZmFmZTBkYmM5NzE4N2Q3ZDIzYTMwNjliN2M4YjUxMzNjN2JlZGIxNGYzYzEwOWRmNDZkNWFmNDViNjI2YWM0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijc5Zk9xdjlRaWZrOUNVZWJnR3IxcGc9PSIsInZhbHVlIjoib3V3c0Znd29zVi9zS3R3YU9KelVObVhIYm5PNTFtaVQwTXpuakhZTWNPRnBRQnJsRDRqRlZndnBJUFo3RlBHYVlhZ25MYnM5Qi9CTWZZazRyeWJhaGM4Tnp2bjVaS3g3M1RrRmhWdjhzY0dQNm5hdlUrY1oyQkF1WnQ0QXl0NzYiLCJtYWMiOiI2MjYzYjgyNDNmMWFjNjY4MTZhOGRkYjY2M2RmNmVmZDU4NTI0NmM0MWI2NjE4YWJlNDYwMTZhY2I0ZGM3NmFhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 19 Feb 2025 08:46:33 GMT
content-type: font/woff2
content-length: 93276
content-disposition: inline; filename="GDSherpa-vf2.woff2"
cache-control: max-age=14400
last-modified: Wed, 19 Feb 2025 08:46:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DOdKqx39vYJeFK%2BRTRyp3V87SuZ552KED9fK5Qpxns4hpsQX36RUc3DHqULH7OLIGXO1KgNJNGwj9KD7YUZWLwp%2F5Kpap7aT32jvbvnvJ32cJ98RdkVWN5wdcTHXdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 14
accept-ranges: bytes
priority: u=3,i=?0
server: cloudflare
cf-ray: 9144fcb07e4b1c06-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=1113&min_rtt=1112&rtt_var=315&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2232&delivery_rate=2583407&cwnd=251&unsent_bytes=0&cid=943923a1cf49487a&ts=218&x=0", cfL4;desc="?proto=QUIC&rtt=1739&min_rtt=637&rtt_var=825&sent=254&recv=49&lost=0&retrans=0&sent_bytes=265317&recv_bytes=20996&delivery_rate=11179466&cwnd=96000&unsent_bytes=0&cid=6e3cc140cce5b77d&ts=11615&x=1", cfExtPri, cfHdrFlush;dur=0

ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7

143.204.55.47

200 OK

11 kB

URL GET HTTP/2
ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7
IP
143.204.55.47:443
ASN
#16509 AMAZON-02

Requested by
https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Certificate
IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT

File type
PNG image data, 420 x 94, 8-bit/color RGBA, non-interlaced
Size
11 kB (10796 bytes)
Hash
12bdacc832185d0367ecc23fd24c86ce
4422f316eb4d8c8d160312bb695fd1d944cbff12
877ae491d9aac5c6ef82a8430f9f652ace8a0dbc7294bd112aad49bd593769d0

HTTP Headers

GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nv.vwnrju.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/png
content-length: 10796
date: Thu, 30 Jan 2025 19:53:14 GMT
server: nginx
last-modified: Tue, 23 Feb 2021 04:20:08 GMT
etag: "12bdacc832185d0367ecc23fd24c86ce"
expires: Fri, 30 Jan 2026 19:53:14 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: L78SKQowlDTUHnRkHqw062G4g1fCQsgte7qrICyJKQZ9TbTy1DLEvw==
age: 1687999
X-Firefox-Spdy: h2

nv.vwnrju.ru/ije2KsRgY494nJnzHMwOpEN7VyTPDrRF9QxyNjJKb91xyJ97DE0wLWhsd92l6Q212210

104.21.24.27

200 OK

25 kB

URL GET HTTP/3
nv.vwnrju.ru/ije2KsRgY494nJnzHMwOpEN7VyTPDrRF9QxyNjJKb91xyJ97DE0wLWhsd92l6Q212210
IP
104.21.24.27:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Certificate
IssuerGoogle Trust Services
Subjectvwnrju.ru
Fingerprint86:C5:DD:95:51:38:F6:8E:1A:2C:1F:19:08:1D:17:22:01:15:A2:1A
ValiditySun, 09 Feb 2025 22:29:15 GMT - Sat, 10 May 2025 23:22:48 GMT

File type
RIFF (little-endian) data, Web/P image
Size
25 kB (25216 bytes)
Hash
f9a795e2270664a7a169c73b6d84a575
0fbb60ab27ab88c064eb347d0722c8ed4cf5e8b8
d00203b2eea6e418c31baafa949ada5349a9f9b7e99fa003aec7406822693740

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /ije2KsRgY494nJnzHMwOpEN7VyTPDrRF9QxyNjJKb91xyJ97DE0wLWhsd92l6Q212210 HTTP/1.1
Host: nv.vwnrju.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Cookie: XSRF-TOKEN=eyJpdiI6IkkzQzBqRTQvVTREeFAzWU5wV3hDL0E9PSIsInZhbHVlIjoiWnltbjArc3BRME5aMG1yU09vamRibk03bHc1SGl6WkNReGVCMDBYM2JSdEhMb1cyNnhUQmV6RWR4MUdjR1BWVWN2TnJiSDIvK0F6aUNPM1FqTjd3QmZLTlc3Z3NrK0E2S2o3R2theUhxL1EwelYvM2RMQmJ6S0F0L2FFYkpKWDQiLCJtYWMiOiI2ZmFmZTBkYmM5NzE4N2Q3ZDIzYTMwNjliN2M4YjUxMzNjN2JlZGIxNGYzYzEwOWRmNDZkNWFmNDViNjI2YWM0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijc5Zk9xdjlRaWZrOUNVZWJnR3IxcGc9PSIsInZhbHVlIjoib3V3c0Znd29zVi9zS3R3YU9KelVObVhIYm5PNTFtaVQwTXpuakhZTWNPRnBRQnJsRDRqRlZndnBJUFo3RlBHYVlhZ25MYnM5Qi9CTWZZazRyeWJhaGM4Tnp2bjVaS3g3M1RrRmhWdjhzY0dQNm5hdlUrY1oyQkF1WnQ0QXl0NzYiLCJtYWMiOiI2MjYzYjgyNDNmMWFjNjY4MTZhOGRkYjY2M2RmNmVmZDU4NTI0NmM0MWI2NjE4YWJlNDYwMTZhY2I0ZGM3NmFhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 19 Feb 2025 08:46:33 GMT
content-type: image/webp
content-length: 25216
content-disposition: inline; filename="ije2KsRgY494nJnzHMwOpEN7VyTPDrRF9QxyNjJKb91xyJ97DE0wLWhsd92l6Q212210"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GBP8cNixt3Bk2y2YTNDmkgyOE%2BXFGWh4Pwp%2BbRtThkm13guqDihk8BZSCZTsU37gv1wXVMBasQKRt3RH%2BJzOfcvtrw7P1zWa2wp5eX77XYR1C%2BCRkbExpCVrjTOgJA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
priority: u=4,i=?0
server: cloudflare
cf-ray: 9144fcb0be911c06-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=917&min_rtt=901&rtt_var=349&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2225&delivery_rate=3214206&cwnd=251&unsent_bytes=0&cid=0aac0c958bf31f49&ts=81&x=0", cfL4;desc="?proto=QUIC&rtt=1675&min_rtt=637&rtt_var=603&sent=352&recv=56&lost=0&retrans=0&sent_bytes=378703&recv_bytes=24976&delivery_rate=40897&cwnd=127200&unsent_bytes=0&cid=6e3cc140cce5b77d&ts=11753&x=1", cfExtPri, cfHdrFlush;dur=0

nv.vwnrju.ru/wxFnc9StEUmtTwGbw2RSHLTFopIoaXx9wxuCqK34129

104.21.24.27

200 OK

644 B

URL GET HTTP/3
nv.vwnrju.ru/wxFnc9StEUmtTwGbw2RSHLTFopIoaXx9wxuCqK34129
IP
104.21.24.27:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Certificate
IssuerGoogle Trust Services
Subjectvwnrju.ru
Fingerprint86:C5:DD:95:51:38:F6:8E:1A:2C:1F:19:08:1D:17:22:01:15:A2:1A
ValiditySun, 09 Feb 2025 22:29:15 GMT - Sat, 10 May 2025 23:22:48 GMT

File type
RIFF (little-endian) data, Web/P image
Size
644 B (644 bytes)
Hash
541b83c2195088043337e4353b6fd60d
f09630596b6713217984785a64f6ea83e91b49c5
2658b8874f0d2a12e8726df78ac8954324c3bbe4695e66bdef89195fde64322f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /wxFnc9StEUmtTwGbw2RSHLTFopIoaXx9wxuCqK34129 HTTP/1.1
Host: nv.vwnrju.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Cookie: XSRF-TOKEN=eyJpdiI6IkkzQzBqRTQvVTREeFAzWU5wV3hDL0E9PSIsInZhbHVlIjoiWnltbjArc3BRME5aMG1yU09vamRibk03bHc1SGl6WkNReGVCMDBYM2JSdEhMb1cyNnhUQmV6RWR4MUdjR1BWVWN2TnJiSDIvK0F6aUNPM1FqTjd3QmZLTlc3Z3NrK0E2S2o3R2theUhxL1EwelYvM2RMQmJ6S0F0L2FFYkpKWDQiLCJtYWMiOiI2ZmFmZTBkYmM5NzE4N2Q3ZDIzYTMwNjliN2M4YjUxMzNjN2JlZGIxNGYzYzEwOWRmNDZkNWFmNDViNjI2YWM0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijc5Zk9xdjlRaWZrOUNVZWJnR3IxcGc9PSIsInZhbHVlIjoib3V3c0Znd29zVi9zS3R3YU9KelVObVhIYm5PNTFtaVQwTXpuakhZTWNPRnBRQnJsRDRqRlZndnBJUFo3RlBHYVlhZ25MYnM5Qi9CTWZZazRyeWJhaGM4Tnp2bjVaS3g3M1RrRmhWdjhzY0dQNm5hdlUrY1oyQkF1WnQ0QXl0NzYiLCJtYWMiOiI2MjYzYjgyNDNmMWFjNjY4MTZhOGRkYjY2M2RmNmVmZDU4NTI0NmM0MWI2NjE4YWJlNDYwMTZhY2I0ZGM3NmFhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 19 Feb 2025 08:46:33 GMT
content-type: image/webp
content-length: 644
content-disposition: inline; filename="wxFnc9StEUmtTwGbw2RSHLTFopIoaXx9wxuCqK34129"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ay5OPF5FWXYuvMJiXS%2BOOQ8uKxoVU6DgbBkImtqHpFlQm0etSZ6oTu4SpuLdfntwOqwAA3qFotHBN4g1soMOAL5SGyWRnYCZPJOSjyOiQ84b419ss0ORu1Lx8oOQVA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
priority: u=4,i=?0
server: cloudflare
cf-ray: 9144fcb07e4e1c06-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=1379&min_rtt=1140&rtt_var=598&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2824&recv_bytes=2200&delivery_rate=2540350&cwnd=251&unsent_bytes=0&cid=b8e2d71b56c28909&ts=124&x=0", cfL4;desc="?proto=QUIC&rtt=1600&min_rtt=637&rtt_var=603&sent=375&recv=57&lost=0&retrans=0&sent_bytes=405429&recv_bytes=25022&delivery_rate=13133647&cwnd=127200&unsent_bytes=0&cid=6e3cc140cce5b77d&ts=11759&x=1", cfExtPri, cfHdrFlush;dur=0

nv.vwnrju.ru/opDeUBM9zr4To4xIvYQPBBbKiGl100ATRnmnwjpZ42gA8MPUYYZE9qTdu45133

104.21.24.27

200 OK

892 B

URL GET HTTP/3
nv.vwnrju.ru/opDeUBM9zr4To4xIvYQPBBbKiGl100ATRnmnwjpZ42gA8MPUYYZE9qTdu45133
IP
104.21.24.27:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Certificate
IssuerGoogle Trust Services
Subjectvwnrju.ru
Fingerprint86:C5:DD:95:51:38:F6:8E:1A:2C:1F:19:08:1D:17:22:01:15:A2:1A
ValiditySun, 09 Feb 2025 22:29:15 GMT - Sat, 10 May 2025 23:22:48 GMT

File type
RIFF (little-endian) data, Web/P image
Size
892 B (892 bytes)
Hash
41d62ca205d54a78e4298367482b4e2b
839aae21ed8ecfc238fdc68b93ccb27431cd5393
20a4a780db0bcc047015a0d8037eb4eb58b3e5cb338673799c030a3e1b626b40

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /opDeUBM9zr4To4xIvYQPBBbKiGl100ATRnmnwjpZ42gA8MPUYYZE9qTdu45133 HTTP/1.1
Host: nv.vwnrju.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Cookie: XSRF-TOKEN=eyJpdiI6IkkzQzBqRTQvVTREeFAzWU5wV3hDL0E9PSIsInZhbHVlIjoiWnltbjArc3BRME5aMG1yU09vamRibk03bHc1SGl6WkNReGVCMDBYM2JSdEhMb1cyNnhUQmV6RWR4MUdjR1BWVWN2TnJiSDIvK0F6aUNPM1FqTjd3QmZLTlc3Z3NrK0E2S2o3R2theUhxL1EwelYvM2RMQmJ6S0F0L2FFYkpKWDQiLCJtYWMiOiI2ZmFmZTBkYmM5NzE4N2Q3ZDIzYTMwNjliN2M4YjUxMzNjN2JlZGIxNGYzYzEwOWRmNDZkNWFmNDViNjI2YWM0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijc5Zk9xdjlRaWZrOUNVZWJnR3IxcGc9PSIsInZhbHVlIjoib3V3c0Znd29zVi9zS3R3YU9KelVObVhIYm5PNTFtaVQwTXpuakhZTWNPRnBRQnJsRDRqRlZndnBJUFo3RlBHYVlhZ25MYnM5Qi9CTWZZazRyeWJhaGM4Tnp2bjVaS3g3M1RrRmhWdjhzY0dQNm5hdlUrY1oyQkF1WnQ0QXl0NzYiLCJtYWMiOiI2MjYzYjgyNDNmMWFjNjY4MTZhOGRkYjY2M2RmNmVmZDU4NTI0NmM0MWI2NjE4YWJlNDYwMTZhY2I0ZGM3NmFhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 19 Feb 2025 08:46:33 GMT
content-type: image/webp
content-length: 892
content-disposition: inline; filename="opDeUBM9zr4To4xIvYQPBBbKiGl100ATRnmnwjpZ42gA8MPUYYZE9qTdu45133"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7ZoWctFKaEX9YSmkWes75NaKSgDVP1zKjqO%2FPq2JlEWVMv5m3JDvDLV6hxhlh5iieRlAbyRlFxaGkN8M9cPTarRGg41SpWnAHctXNXHiPrVSxMvp1O32yODCCexjWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
priority: u=4,i=?0
server: cloudflare
cf-ray: 9144fcb07e4f1c06-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=1215&min_rtt=1213&rtt_var=459&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2824&recv_bytes=2219&delivery_rate=2356387&cwnd=251&unsent_bytes=0&cid=fbf15e2286fdc55b&ts=124&x=0", cfL4;desc="?proto=QUIC&rtt=1528&min_rtt=637&rtt_var=596&sent=381&recv=58&lost=0&retrans=0&sent_bytes=410933&recv_bytes=25068&delivery_rate=2898987&cwnd=127200&unsent_bytes=0&cid=6e3cc140cce5b77d&ts=11763&x=1", cfExtPri, cfHdrFlush;dur=0

github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js

140.82.121.3

302 Found

0 B

URL GET HTTP/2
github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js
IP
140.82.121.3:443
ASN
#36459 GITHUB

Requested by
https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Certificate
IssuerSectigo Limited
Subjectgithub.com
FingerprintE4:33:71:DD:D6:91:4A:75:B6:1F:9E:4F:74:6D:9B:F0:DD:26:FC:3A
ValidityWed, 05 Feb 2025 00:00:00 GMT - Thu, 05 Feb 2026 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /fent/randexp.js/releases/download/v0.4.3/randexp.min.js HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nv.vwnrju.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: GitHub.com
date: Wed, 19 Feb 2025 08:44:52 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250219%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250219T084452Z&X-Amz-Expires=300&X-Amz-Signature=997487f5133e1bb6d69a9efaa42be2a036a414600b1ab6ef001d113764f8940f&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: 825A:34EDF0:29D48FE:2B73AD6:67B59A69
X-Firefox-Spdy: h2

nv.vwnrju.ru/abj8rj8kpqiKCrgh28

104.21.24.27

200 OK

6.1 kB

URL GET HTTP/3
nv.vwnrju.ru/abj8rj8kpqiKCrgh28
IP
104.21.24.27:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Certificate
IssuerGoogle Trust Services
Subjectvwnrju.ru
Fingerprint86:C5:DD:95:51:38:F6:8E:1A:2C:1F:19:08:1D:17:22:01:15:A2:1A
ValiditySun, 09 Feb 2025 22:29:15 GMT - Sat, 10 May 2025 23:22:48 GMT

File type
ASCII text, with CRLF line terminators
Size
6.1 kB (6100 bytes)
Hash
38501e3fbbbd89b56aa5ba35de1a32fe
d9b31981b6f834e8480ba28fbc1cff1be772f589
a1ca6b381cb01968851c98512c6e7f6c5309a49f7a16b864813135cbff82a85b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /abj8rj8kpqiKCrgh28 HTTP/1.1
Host: nv.vwnrju.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Cookie: XSRF-TOKEN=eyJpdiI6IkkzQzBqRTQvVTREeFAzWU5wV3hDL0E9PSIsInZhbHVlIjoiWnltbjArc3BRME5aMG1yU09vamRibk03bHc1SGl6WkNReGVCMDBYM2JSdEhMb1cyNnhUQmV6RWR4MUdjR1BWVWN2TnJiSDIvK0F6aUNPM1FqTjd3QmZLTlc3Z3NrK0E2S2o3R2theUhxL1EwelYvM2RMQmJ6S0F0L2FFYkpKWDQiLCJtYWMiOiI2ZmFmZTBkYmM5NzE4N2Q3ZDIzYTMwNjliN2M4YjUxMzNjN2JlZGIxNGYzYzEwOWRmNDZkNWFmNDViNjI2YWM0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijc5Zk9xdjlRaWZrOUNVZWJnR3IxcGc9PSIsInZhbHVlIjoib3V3c0Znd29zVi9zS3R3YU9KelVObVhIYm5PNTFtaVQwTXpuakhZTWNPRnBRQnJsRDRqRlZndnBJUFo3RlBHYVlhZ25MYnM5Qi9CTWZZazRyeWJhaGM4Tnp2bjVaS3g3M1RrRmhWdjhzY0dQNm5hdlUrY1oyQkF1WnQ0QXl0NzYiLCJtYWMiOiI2MjYzYjgyNDNmMWFjNjY4MTZhOGRkYjY2M2RmNmVmZDU4NTI0NmM0MWI2NjE4YWJlNDYwMTZhY2I0ZGM3NmFhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 19 Feb 2025 08:46:33 GMT
content-type: text/css;charset=UTF-8
content-disposition: inline; filename="abj8rj8kpqiKCrgh28"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1vAhI1O9R2aPe%2FnAVHP6C91ej2ieqUQYPeMcrJXtjG%2FUebrK7mz5%2BR8NPACRqnbnHNVEvLCZHh428x3ymLUTjEYvZbAdza2lqjmCHNDrKxV0cC1b4nR00YpbEOAaUw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
vary: accept-encoding
priority: u=2,i=?0
server: cloudflare
cf-ray: 9144fcb07e451c06-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=1234&min_rtt=1184&rtt_var=480&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2168&delivery_rate=2445945&cwnd=250&unsent_bytes=0&cid=a7d428601023b396&ts=123&x=0", cfL4;desc="?proto=QUIC&rtt=1600&min_rtt=637&rtt_var=603&sent=377&recv=57&lost=0&retrans=0&sent_bytes=406953&recv_bytes=25022&delivery_rate=13133647&cwnd=127200&unsent_bytes=0&cid=6e3cc140cce5b77d&ts=11760&x=1", cfExtPri, cfHdrFlush;dur=0

nv.vwnrju.ru/uvcM28Gt3dWC5nPzOg3bZYjtbXl4mnaJBa3EO8fZJ85gzyWmQby64ntSef260

104.21.24.27

200 OK

18 kB

URL GET HTTP/3
nv.vwnrju.ru/uvcM28Gt3dWC5nPzOg3bZYjtbXl4mnaJBa3EO8fZJ85gzyWmQby64ntSef260
IP
104.21.24.27:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Certificate
IssuerGoogle Trust Services
Subjectvwnrju.ru
Fingerprint86:C5:DD:95:51:38:F6:8E:1A:2C:1F:19:08:1D:17:22:01:15:A2:1A
ValiditySun, 09 Feb 2025 22:29:15 GMT - Sat, 10 May 2025 23:22:48 GMT

File type
RIFF (little-endian) data, Web/P image
Size
18 kB (17842 bytes)
Hash
4b52ecdc33382c9dca874f551990e704
8f3bf8e41cd4cdddb17836b261e73f827b84341b
cce050cc3b150c0b370751021bb15018ee2b64ac369e230fe3b571a9b00d4342

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /uvcM28Gt3dWC5nPzOg3bZYjtbXl4mnaJBa3EO8fZJ85gzyWmQby64ntSef260 HTTP/1.1
Host: nv.vwnrju.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Cookie: XSRF-TOKEN=eyJpdiI6IkkzQzBqRTQvVTREeFAzWU5wV3hDL0E9PSIsInZhbHVlIjoiWnltbjArc3BRME5aMG1yU09vamRibk03bHc1SGl6WkNReGVCMDBYM2JSdEhMb1cyNnhUQmV6RWR4MUdjR1BWVWN2TnJiSDIvK0F6aUNPM1FqTjd3QmZLTlc3Z3NrK0E2S2o3R2theUhxL1EwelYvM2RMQmJ6S0F0L2FFYkpKWDQiLCJtYWMiOiI2ZmFmZTBkYmM5NzE4N2Q3ZDIzYTMwNjliN2M4YjUxMzNjN2JlZGIxNGYzYzEwOWRmNDZkNWFmNDViNjI2YWM0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijc5Zk9xdjlRaWZrOUNVZWJnR3IxcGc9PSIsInZhbHVlIjoib3V3c0Znd29zVi9zS3R3YU9KelVObVhIYm5PNTFtaVQwTXpuakhZTWNPRnBRQnJsRDRqRlZndnBJUFo3RlBHYVlhZ25MYnM5Qi9CTWZZazRyeWJhaGM4Tnp2bjVaS3g3M1RrRmhWdjhzY0dQNm5hdlUrY1oyQkF1WnQ0QXl0NzYiLCJtYWMiOiI2MjYzYjgyNDNmMWFjNjY4MTZhOGRkYjY2M2RmNmVmZDU4NTI0NmM0MWI2NjE4YWJlNDYwMTZhY2I0ZGM3NmFhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 19 Feb 2025 08:46:33 GMT
content-type: image/webp
content-length: 17842
content-disposition: inline; filename="uvcM28Gt3dWC5nPzOg3bZYjtbXl4mnaJBa3EO8fZJ85gzyWmQby64ntSef260"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MDsSZ8GFzioTfiWJV1UcSjHxcXR7Sse627JjEhXlBz3IsUy9dXiy00Wm7D78Gvf%2BiHL8jUQ4icOvSjV8VVqoc3UnTDTPePOePusf7PrSEivdMg3YnONxSikODQeKXg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
priority: u=4,i=?0
server: cloudflare
cf-ray: 9144fcb0deaa1c06-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=1138&min_rtt=1136&rtt_var=430&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2218&delivery_rate=2507359&cwnd=251&unsent_bytes=0&cid=98966fa0c9ea2efd&ts=87&x=0", cfL4;desc="?proto=QUIC&rtt=1161&min_rtt=637&rtt_var=503&sent=397&recv=64&lost=0&retrans=0&sent_bytes=426699&recv_bytes=25338&delivery_rate=3023926&cwnd=127200&unsent_bytes=0&cid=6e3cc140cce5b77d&ts=11935&x=1", cfExtPri, cfHdrFlush;dur=0

nv.vwnrju.ru/qrK24XLb3s3JLzZHZhsWoEHFkJEGXgAthxBuvWGn4GPSrTPde2ovTfRURSAfxef240

104.21.24.27

200 OK

9.6 kB

URL GET HTTP/3
nv.vwnrju.ru/qrK24XLb3s3JLzZHZhsWoEHFkJEGXgAthxBuvWGn4GPSrTPde2ovTfRURSAfxef240
IP
104.21.24.27:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Certificate
IssuerGoogle Trust Services
Subjectvwnrju.ru
Fingerprint86:C5:DD:95:51:38:F6:8E:1A:2C:1F:19:08:1D:17:22:01:15:A2:1A
ValiditySun, 09 Feb 2025 22:29:15 GMT - Sat, 10 May 2025 23:22:48 GMT

File type
RIFF (little-endian) data, Web/P image
Size
9.6 kB (9648 bytes)
Hash
4946eb373b18d178c93d473489673bb6
16477acb73b63ca251d37401249e7e4515febd24
666bc574c9f3fb28a8ac626fa8105c187c2a313736494a06bd5a937473673c92

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /qrK24XLb3s3JLzZHZhsWoEHFkJEGXgAthxBuvWGn4GPSrTPde2ovTfRURSAfxef240 HTTP/1.1
Host: nv.vwnrju.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Cookie: XSRF-TOKEN=eyJpdiI6IkkzQzBqRTQvVTREeFAzWU5wV3hDL0E9PSIsInZhbHVlIjoiWnltbjArc3BRME5aMG1yU09vamRibk03bHc1SGl6WkNReGVCMDBYM2JSdEhMb1cyNnhUQmV6RWR4MUdjR1BWVWN2TnJiSDIvK0F6aUNPM1FqTjd3QmZLTlc3Z3NrK0E2S2o3R2theUhxL1EwelYvM2RMQmJ6S0F0L2FFYkpKWDQiLCJtYWMiOiI2ZmFmZTBkYmM5NzE4N2Q3ZDIzYTMwNjliN2M4YjUxMzNjN2JlZGIxNGYzYzEwOWRmNDZkNWFmNDViNjI2YWM0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijc5Zk9xdjlRaWZrOUNVZWJnR3IxcGc9PSIsInZhbHVlIjoib3V3c0Znd29zVi9zS3R3YU9KelVObVhIYm5PNTFtaVQwTXpuakhZTWNPRnBRQnJsRDRqRlZndnBJUFo3RlBHYVlhZ25MYnM5Qi9CTWZZazRyeWJhaGM4Tnp2bjVaS3g3M1RrRmhWdjhzY0dQNm5hdlUrY1oyQkF1WnQ0QXl0NzYiLCJtYWMiOiI2MjYzYjgyNDNmMWFjNjY4MTZhOGRkYjY2M2RmNmVmZDU4NTI0NmM0MWI2NjE4YWJlNDYwMTZhY2I0ZGM3NmFhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 19 Feb 2025 08:46:33 GMT
content-type: image/webp
content-length: 9648
content-disposition: inline; filename="qrK24XLb3s3JLzZHZhsWoEHFkJEGXgAthxBuvWGn4GPSrTPde2ovTfRURSAfxef240"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8pQ0j2lt%2B1WivpN30Z1b86bfQRbrFDQoVUbLwU%2F2e4fgNgyktxoaRHFgMGMQN0vcFmmX1DttCTbwumSvo5WTG6uu0MXlqVrqt%2BuZGGICdpxdci%2BPJuCOY42DVUTTow%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
priority: u=4,i=?0
server: cloudflare
cf-ray: 9144fcb0dea91c06-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=1219&min_rtt=1214&rtt_var=459&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2824&recv_bytes=2223&delivery_rate=2385502&cwnd=251&unsent_bytes=0&cid=6a19bf5d9970feb9&ts=126&x=0", cfL4;desc="?proto=QUIC&rtt=1125&min_rtt=637&rtt_var=354&sent=414&recv=66&lost=0&retrans=0&sent_bytes=445864&recv_bytes=25429&delivery_rate=4433662&cwnd=127200&unsent_bytes=0&cid=6e3cc140cce5b77d&ts=12002&x=1", cfExtPri, cfHdrFlush;dur=0

nv.vwnrju.ru/opZjm8yhxqCqHIiymLqrocC3M4gbaEYCoEtRLiPgMuvuT31yE8gJsEmF8ZPoKp8cd196

104.21.24.27

200 OK

10 kB

URL GET HTTP/3
nv.vwnrju.ru/opZjm8yhxqCqHIiymLqrocC3M4gbaEYCoEtRLiPgMuvuT31yE8gJsEmF8ZPoKp8cd196
IP
104.21.24.27:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Certificate
IssuerGoogle Trust Services
Subjectvwnrju.ru
Fingerprint86:C5:DD:95:51:38:F6:8E:1A:2C:1F:19:08:1D:17:22:01:15:A2:1A
ValiditySun, 09 Feb 2025 22:29:15 GMT - Sat, 10 May 2025 23:22:48 GMT

File type
SVG Scalable Vector Graphics image
Size
10 kB (10435 bytes)
Hash
59759b80e24a89c8cd029b14700e646d
651b1921c99e143d3c242de3faacfb9ad51dbb53
b02b5df3ecd59d6cd90c60878683477532cbfc24660028657f290bdc7bc774b5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /opZjm8yhxqCqHIiymLqrocC3M4gbaEYCoEtRLiPgMuvuT31yE8gJsEmF8ZPoKp8cd196 HTTP/1.1
Host: nv.vwnrju.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Cookie: XSRF-TOKEN=eyJpdiI6IkkzQzBqRTQvVTREeFAzWU5wV3hDL0E9PSIsInZhbHVlIjoiWnltbjArc3BRME5aMG1yU09vamRibk03bHc1SGl6WkNReGVCMDBYM2JSdEhMb1cyNnhUQmV6RWR4MUdjR1BWVWN2TnJiSDIvK0F6aUNPM1FqTjd3QmZLTlc3Z3NrK0E2S2o3R2theUhxL1EwelYvM2RMQmJ6S0F0L2FFYkpKWDQiLCJtYWMiOiI2ZmFmZTBkYmM5NzE4N2Q3ZDIzYTMwNjliN2M4YjUxMzNjN2JlZGIxNGYzYzEwOWRmNDZkNWFmNDViNjI2YWM0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijc5Zk9xdjlRaWZrOUNVZWJnR3IxcGc9PSIsInZhbHVlIjoib3V3c0Znd29zVi9zS3R3YU9KelVObVhIYm5PNTFtaVQwTXpuakhZTWNPRnBRQnJsRDRqRlZndnBJUFo3RlBHYVlhZ25MYnM5Qi9CTWZZazRyeWJhaGM4Tnp2bjVaS3g3M1RrRmhWdjhzY0dQNm5hdlUrY1oyQkF1WnQ0QXl0NzYiLCJtYWMiOiI2MjYzYjgyNDNmMWFjNjY4MTZhOGRkYjY2M2RmNmVmZDU4NTI0NmM0MWI2NjE4YWJlNDYwMTZhY2I0ZGM3NmFhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 19 Feb 2025 08:46:33 GMT
content-type: image/svg+xml
content-disposition: inline; filename="opZjm8yhxqCqHIiymLqrocC3M4gbaEYCoEtRLiPgMuvuT31yE8gJsEmF8ZPoKp8cd196"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aRwpgYoyZss1niBeB%2By3YQ6zg3Ptf6Fb6C%2Bb3HCZB8IzW8JNNeI%2FqUFe204kuHTtERyxpD0b5gLorITgzTbu5vEfUkyMdP5V5om%2BFBhBBZzaafDOVE3capgeqdYxyg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
vary: accept-encoding
priority: u=4,i=?0
server: cloudflare
cf-ray: 9144fcb09e671c06-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=911&min_rtt=890&rtt_var=348&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2225&delivery_rate=3253932&cwnd=251&unsent_bytes=0&cid=248bd9be60db58ae&ts=122&x=0", cfL4;desc="?proto=QUIC&rtt=1349&min_rtt=637&rtt_var=520&sent=390&recv=61&lost=0&retrans=0&sent_bytes=420174&recv_bytes=25203&delivery_rate=855386&cwnd=127200&unsent_bytes=0&cid=6e3cc140cce5b77d&ts=11782&x=1", cfExtPri, cfHdrFlush;dur=0

ok4static.oktacdn.com/assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2

143.204.55.47

200 OK

20 kB

URL GET HTTP/2
ok4static.oktacdn.com/assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2
IP
143.204.55.47:443
ASN
#16509 AMAZON-02

Requested by
https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Certificate
IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 20416, version 2.197
Size
20 kB (20416 bytes)
Hash
d99a7377dabb55772ca9f986b0a04b57
2b5fcd8431953c44e410d0489899e74f6d2cfecc
affdba1620552b12a1a8a04467136aeb408c03fa337d20e9c38374d682d4d149

HTTP Headers

GET /assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2 HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://nv.vwnrju.ru
DNT: 1
Connection: keep-alive
Referer: https://ok4static.oktacdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/font-woff2
content-length: 20416
date: Mon, 10 Feb 2025 01:49:35 GMT
server: nginx
last-modified: Tue, 07 Nov 2023 18:56:28 GMT
etag: "d99a7377dabb55772ca9f986b0a04b57"
x-amz-meta-sha1sum: 2b5fcd8431953c44e410d0489899e74f6d2cfecc
expires: Tue, 10 Feb 2026 01:49:35 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 1xx7HF8gs9CrmwfwEPCwx2U_wpETVFy3wE6HyDgALz8oR0kyZxbW4Q==
age: 802619
X-Firefox-Spdy: h2

nv.vwnrju.ru/klcA78EBpv6ygFvujaLrwCIt8tHZxOg49WhorNWORA7SCbliopgD2fSBZytpy3XVfk97hCsab229

104.21.24.27

200 OK

1.3 kB

URL GET HTTP/3
nv.vwnrju.ru/klcA78EBpv6ygFvujaLrwCIt8tHZxOg49WhorNWORA7SCbliopgD2fSBZytpy3XVfk97hCsab229
IP
104.21.24.27:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Certificate
IssuerGoogle Trust Services
Subjectvwnrju.ru
Fingerprint86:C5:DD:95:51:38:F6:8E:1A:2C:1F:19:08:1D:17:22:01:15:A2:1A
ValiditySun, 09 Feb 2025 22:29:15 GMT - Sat, 10 May 2025 23:22:48 GMT

File type
RIFF (little-endian) data, Web/P image
Size
1.3 kB (1298 bytes)
Hash
32ca2081553e969f9fdd4374134521ad
7b09924c4c3d8b6e41fe38363e342da098be4173
216fc342a469aa6a005b2eacc24622095e5282d3e9f1ae99ce54c27b92ec3587

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /klcA78EBpv6ygFvujaLrwCIt8tHZxOg49WhorNWORA7SCbliopgD2fSBZytpy3XVfk97hCsab229 HTTP/1.1
Host: nv.vwnrju.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Cookie: XSRF-TOKEN=eyJpdiI6IkkzQzBqRTQvVTREeFAzWU5wV3hDL0E9PSIsInZhbHVlIjoiWnltbjArc3BRME5aMG1yU09vamRibk03bHc1SGl6WkNReGVCMDBYM2JSdEhMb1cyNnhUQmV6RWR4MUdjR1BWVWN2TnJiSDIvK0F6aUNPM1FqTjd3QmZLTlc3Z3NrK0E2S2o3R2theUhxL1EwelYvM2RMQmJ6S0F0L2FFYkpKWDQiLCJtYWMiOiI2ZmFmZTBkYmM5NzE4N2Q3ZDIzYTMwNjliN2M4YjUxMzNjN2JlZGIxNGYzYzEwOWRmNDZkNWFmNDViNjI2YWM0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijc5Zk9xdjlRaWZrOUNVZWJnR3IxcGc9PSIsInZhbHVlIjoib3V3c0Znd29zVi9zS3R3YU9KelVObVhIYm5PNTFtaVQwTXpuakhZTWNPRnBRQnJsRDRqRlZndnBJUFo3RlBHYVlhZ25MYnM5Qi9CTWZZazRyeWJhaGM4Tnp2bjVaS3g3M1RrRmhWdjhzY0dQNm5hdlUrY1oyQkF1WnQ0QXl0NzYiLCJtYWMiOiI2MjYzYjgyNDNmMWFjNjY4MTZhOGRkYjY2M2RmNmVmZDU4NTI0NmM0MWI2NjE4YWJlNDYwMTZhY2I0ZGM3NmFhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 19 Feb 2025 08:46:34 GMT
content-type: image/webp
content-length: 1298
content-disposition: inline; filename="klcA78EBpv6ygFvujaLrwCIt8tHZxOg49WhorNWORA7SCbliopgD2fSBZytpy3XVfk97hCsab229"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XUm50P3b9zefDyFzftX4Du4a5pz0BPx%2BnLqLQ8CrJAiPPn0izkXGeYc3mb%2Fn4hie8jS3esm9s9aqf3ZTMu4S9k%2BmGPEobIRi0WTnkuNBW0dLZNtyiaYL8yBvcbEEDw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
priority: u=4,i=?0
server: cloudflare
cf-ray: 9144fcb78c561c06-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=913&min_rtt=912&rtt_var=345&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2233&delivery_rate=3134199&cwnd=251&unsent_bytes=0&cid=1131f518318b99fd&ts=124&x=0", cfL4;desc="?proto=QUIC&rtt=1088&min_rtt=637&rtt_var=266&sent=430&recv=71&lost=0&retrans=0&sent_bytes=459597&recv_bytes=28537&delivery_rate=16636&cwnd=127200&unsent_bytes=0&cid=6e3cc140cce5b77d&ts=12890&x=1", cfExtPri, cfHdrFlush;dur=0

ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css

143.204.55.47

200 OK

10 kB

URL GET HTTP/2
ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css
IP
143.204.55.47:443
ASN
#16509 AMAZON-02

Requested by
https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Certificate
IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT

File type
ASCII text, with very long lines (10450)
Size
10 kB (10498 bytes)
Hash
e0d37a504604ef874bad26435d62011f
4301f0d2b729ae22adece657d79eccaa25f429b1
c39ff65e2a102e644eb0bf2e31d2bad3d18f7afb25b3b9ba7a4d46263a711179

HTTP Headers

GET /assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nv.vwnrju.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css
server: nginx
last-modified: Thu, 14 Mar 2024 00:03:58 GMT
x-amz-meta-sha1sum: 4301f0d2b729ae22adece657d79eccaa25f429b1
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
date: Fri, 31 Jan 2025 02:19:39 GMT
expires: Sat, 31 Jan 2026 02:19:39 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: W/"e0d37a504604ef874bad26435d62011f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: P4K9FCFtu6on38nMyr61d9TEw7n0qYk1slkGb_HI5qpqTydvko-cgQ==
age: 1664814
X-Firefox-Spdy: h2

nv.vwnrju.ru/favicon.ico

104.21.24.27

404 Not Found

0 B

URL GET HTTP/3
nv.vwnrju.ru/favicon.ico
IP
104.21.24.27:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Certificate
IssuerGoogle Trust Services
Subjectvwnrju.ru
Fingerprint86:C5:DD:95:51:38:F6:8E:1A:2C:1F:19:08:1D:17:22:01:15:A2:1A
ValiditySun, 09 Feb 2025 22:29:15 GMT - Sat, 10 May 2025 23:22:48 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: nv.vwnrju.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Cookie: XSRF-TOKEN=eyJpdiI6IjV6bUYrbFZnS28yblN2T1Z4ODJjcmc9PSIsInZhbHVlIjoibG1CcStOMTVyTkp6VkxSKzA0alR2RDQrb0RFRk5oMkw4NVlpRGx0bVpQMnF0R1pkOU5jNE9IVFo5ZnBHOGlyVXBNUHIyd0lXQ2k0dHVWVWRRZWd5TGRKSGptVTZ4Lzh0N1UwcG1Sc2pLM29SUUtwMVgyUi8wdThiOU5jQk9vZksiLCJtYWMiOiJhNjlmOGVjMWQ1OTE4YTk5ODRlNWQzZjM2NjhkNWRhOWMzOTUxOWI2Y2Q1NGY5MTI4YmI3NGU3NzA4ZWYzMTVjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkR0SzBjUXNSZ25PWGs0Z292N3FXc3c9PSIsInZhbHVlIjoiSVFoWGI2S1FNMkVoajBRSms4QnZtYldzRFc1bFc0S2h2cFpIUGhQeVU3RlpMZVljVUsyMDV0OHdJcWVTRXBYKzFvWEwraUdKZVRoUzFHc3lnb2ZZR0lqTSs2dEFRbDFlWmJtSXBkU1ZFSXhodWRXSXhIU1dWRXZNbFRKdkc0VGUiLCJtYWMiOiJjMjNmYmYzYmE2YzFkNDdkMTFkOThiZTJmOTZhMzcxN2I5Y2ExMGRmNzRjZWQ5MjAxYTU1YWE0NDc3OWI3YmZmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Wed, 19 Feb 2025 08:46:35 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=14400
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ROYj20yiIxTROyDS3GFRzYb60%2Fc65zKDcnKL2u%2BlQ7F7Sjr55q9SqOuGx064YSu%2FsmvOSnzFkJcHYtvQTt8jlc2HpMiV77Z7dv4iXRKKdt%2BQllwADibkN3XLD67nBA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 17
priority: u=6,i=?0
server: cloudflare
cf-ray: 9144fcbf5b311c06-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=1290&min_rtt=1278&rtt_var=488&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2097&delivery_rate=2266040&cwnd=249&unsent_bytes=0&cid=1b61f0c164dee537&ts=132&x=0", cfL4;desc="?proto=QUIC&rtt=1265&min_rtt=637&rtt_var=323&sent=853&recv=107&lost=0&retrans=0&sent_bytes=941449&recv_bytes=31053&delivery_rate=4966722&cwnd=127200&unsent_bytes=0&cid=6e3cc140cce5b77d&ts=13979&x=1", cfExtPri, cfHdrFlush;dur=0

nv.vwnrju.ru/klRWqE1dKIodhWl4TpdaxFJijhYuapwgllaKZfmtQJkSm0tLq8uv214

104.21.24.27

200 OK

1.9 kB

URL GET HTTP/3
nv.vwnrju.ru/klRWqE1dKIodhWl4TpdaxFJijhYuapwgllaKZfmtQJkSm0tLq8uv214
IP
104.21.24.27:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Certificate
IssuerGoogle Trust Services
Subjectvwnrju.ru
Fingerprint86:C5:DD:95:51:38:F6:8E:1A:2C:1F:19:08:1D:17:22:01:15:A2:1A
ValiditySun, 09 Feb 2025 22:29:15 GMT - Sat, 10 May 2025 23:22:48 GMT

File type
SVG Scalable Vector Graphics image
Size
1.9 kB (1864 bytes)
Hash
4b5c228b4faba433d06ec569ed855b2d
a7d3882b93e332460e7c59510a6a811ef011983f
eb19d76cd1fad39abf0f2778991883a5cf9ff560117ce8f7c64124e71471b4ed

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /klRWqE1dKIodhWl4TpdaxFJijhYuapwgllaKZfmtQJkSm0tLq8uv214 HTTP/1.1
Host: nv.vwnrju.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Cookie: XSRF-TOKEN=eyJpdiI6IkkzQzBqRTQvVTREeFAzWU5wV3hDL0E9PSIsInZhbHVlIjoiWnltbjArc3BRME5aMG1yU09vamRibk03bHc1SGl6WkNReGVCMDBYM2JSdEhMb1cyNnhUQmV6RWR4MUdjR1BWVWN2TnJiSDIvK0F6aUNPM1FqTjd3QmZLTlc3Z3NrK0E2S2o3R2theUhxL1EwelYvM2RMQmJ6S0F0L2FFYkpKWDQiLCJtYWMiOiI2ZmFmZTBkYmM5NzE4N2Q3ZDIzYTMwNjliN2M4YjUxMzNjN2JlZGIxNGYzYzEwOWRmNDZkNWFmNDViNjI2YWM0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijc5Zk9xdjlRaWZrOUNVZWJnR3IxcGc9PSIsInZhbHVlIjoib3V3c0Znd29zVi9zS3R3YU9KelVObVhIYm5PNTFtaVQwTXpuakhZTWNPRnBRQnJsRDRqRlZndnBJUFo3RlBHYVlhZ25MYnM5Qi9CTWZZazRyeWJhaGM4Tnp2bjVaS3g3M1RrRmhWdjhzY0dQNm5hdlUrY1oyQkF1WnQ0QXl0NzYiLCJtYWMiOiI2MjYzYjgyNDNmMWFjNjY4MTZhOGRkYjY2M2RmNmVmZDU4NTI0NmM0MWI2NjE4YWJlNDYwMTZhY2I0ZGM3NmFhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 19 Feb 2025 08:46:34 GMT
content-type: image/svg+xml
content-disposition: inline; filename="klRWqE1dKIodhWl4TpdaxFJijhYuapwgllaKZfmtQJkSm0tLq8uv214"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9xKE65kcXlJem1ZoTTjDR0XZk48DUyLTG7ib4CQ8YOPrWcKaNrNn2tPfCfASD9UvKbFhiJ8e%2FhoAn6ZGQFSLZ411jEVgA5WP32ElOAlw3eXIew8sqlHb6OhvMIEohw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
vary: accept-encoding
priority: u=4,i=?0
server: cloudflare
cf-ray: 9144fcb78c551c06-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=1139&min_rtt=1100&rtt_var=440&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2212&delivery_rate=2632727&cwnd=252&unsent_bytes=0&cid=f7af0727503e9292&ts=126&x=0", cfL4;desc="?proto=QUIC&rtt=1114&min_rtt=637&rtt_var=251&sent=432&recv=72&lost=0&retrans=0&sent_bytes=461802&recv_bytes=28583&delivery_rate=1072728&cwnd=127200&unsent_bytes=0&cid=6e3cc140cce5b77d&ts=12897&x=1", cfExtPri, cfHdrFlush;dur=0

ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css

143.204.55.47

200 OK

223 kB

URL GET HTTP/2
ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css
IP
143.204.55.47:443
ASN
#16509 AMAZON-02

Requested by
https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Certificate
IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT

File type

Size
223 kB (222931 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nv.vwnrju.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css
server: nginx
last-modified: Tue, 14 May 2024 21:48:24 GMT
x-amz-meta-sha1sum: 7b5499b46660a0348cc2b22cae927dcc3fda8b20
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
date: Wed, 29 Jan 2025 17:13:28 GMT
expires: Thu, 29 Jan 2026 17:13:28 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: W/"0329c939fca7c78756b94fbcd95e322b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: mdVk-BU0xMhN1FDDa51nDbH5KesesUdmKkSEDZPyrGNrcuP2lrq6YA==
age: 1783985
X-Firefox-Spdy: h2

nv.vwnrju.ru/ij3Ivke3gLCviqSYzdVPuSBgF8TI3Yg7FcdHPBdPiNyYjZqWSxLA56170

104.21.24.27

200 OK

7.4 kB

URL GET HTTP/3
nv.vwnrju.ru/ij3Ivke3gLCviqSYzdVPuSBgF8TI3Yg7FcdHPBdPiNyYjZqWSxLA56170
IP
104.21.24.27:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Certificate
IssuerGoogle Trust Services
Subjectvwnrju.ru
Fingerprint86:C5:DD:95:51:38:F6:8E:1A:2C:1F:19:08:1D:17:22:01:15:A2:1A
ValiditySun, 09 Feb 2025 22:29:15 GMT - Sat, 10 May 2025 23:22:48 GMT

File type
SVG Scalable Vector Graphics image
Size
7.4 kB (7390 bytes)
Hash
bca9b46fee32162356ba5b4783e614dc
cc09ee862df9bf86e545f9dfdf2fbd4facfa71f5
fb48e7087def752683bc9a9fe4035acf2419cebbe8b17a16e5c81699a06f6fec

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /ij3Ivke3gLCviqSYzdVPuSBgF8TI3Yg7FcdHPBdPiNyYjZqWSxLA56170 HTTP/1.1
Host: nv.vwnrju.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Cookie: XSRF-TOKEN=eyJpdiI6IkkzQzBqRTQvVTREeFAzWU5wV3hDL0E9PSIsInZhbHVlIjoiWnltbjArc3BRME5aMG1yU09vamRibk03bHc1SGl6WkNReGVCMDBYM2JSdEhMb1cyNnhUQmV6RWR4MUdjR1BWVWN2TnJiSDIvK0F6aUNPM1FqTjd3QmZLTlc3Z3NrK0E2S2o3R2theUhxL1EwelYvM2RMQmJ6S0F0L2FFYkpKWDQiLCJtYWMiOiI2ZmFmZTBkYmM5NzE4N2Q3ZDIzYTMwNjliN2M4YjUxMzNjN2JlZGIxNGYzYzEwOWRmNDZkNWFmNDViNjI2YWM0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijc5Zk9xdjlRaWZrOUNVZWJnR3IxcGc9PSIsInZhbHVlIjoib3V3c0Znd29zVi9zS3R3YU9KelVObVhIYm5PNTFtaVQwTXpuakhZTWNPRnBRQnJsRDRqRlZndnBJUFo3RlBHYVlhZ25MYnM5Qi9CTWZZazRyeWJhaGM4Tnp2bjVaS3g3M1RrRmhWdjhzY0dQNm5hdlUrY1oyQkF1WnQ0QXl0NzYiLCJtYWMiOiI2MjYzYjgyNDNmMWFjNjY4MTZhOGRkYjY2M2RmNmVmZDU4NTI0NmM0MWI2NjE4YWJlNDYwMTZhY2I0ZGM3NmFhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 19 Feb 2025 08:46:33 GMT
content-type: image/svg+xml
content-disposition: inline; filename="ij3Ivke3gLCviqSYzdVPuSBgF8TI3Yg7FcdHPBdPiNyYjZqWSxLA56170"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F8VvdBq7xHcaz5pG9yHmmtnsENLuboXQ%2BuuM60fnLLW94sjjTF%2BW6KfGNDNpQuMhomJz3SDLJvjeRG3qGo9juDJj85m2j%2B%2FqXRc3wdqkhBO4bcyO3QZRP%2FXiGHjEEA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
vary: accept-encoding
priority: u=4,i=?0
server: cloudflare
cf-ray: 9144fcb08e5f1c06-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=1070&min_rtt=1056&rtt_var=406&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2214&delivery_rate=2742424&cwnd=245&unsent_bytes=0&cid=db4ff7172addb550&ts=83&x=0", cfL4;desc="?proto=QUIC&rtt=1766&min_rtt=637&rtt_var=561&sent=349&recv=55&lost=0&retrans=0&sent_bytes=375393&recv_bytes=24931&delivery_rate=4672764&cwnd=127200&unsent_bytes=0&cid=6e3cc140cce5b77d&ts=11729&x=1", cfExtPri, cfHdrFlush;dur=0

nv.vwnrju.ru/34hWgQUp6aGXabqKeGrF6720

104.21.24.27

200 OK

27 kB

URL GET HTTP/3
nv.vwnrju.ru/34hWgQUp6aGXabqKeGrF6720
IP
104.21.24.27:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Certificate
IssuerGoogle Trust Services
Subjectvwnrju.ru
Fingerprint86:C5:DD:95:51:38:F6:8E:1A:2C:1F:19:08:1D:17:22:01:15:A2:1A
ValiditySun, 09 Feb 2025 22:29:15 GMT - Sat, 10 May 2025 23:22:48 GMT

File type
ASCII text, with very long lines (26765), with no line terminators
Size
27 kB (26765 bytes)
Hash
1a862a89d5633fac83d763886726740d
e5ce3aa454c992a13fd406a9647d7afbf831051f
5c22fd904edb792331a7307ddf4a790e0d1318924f6d8e7362fa6b55d5ab6fbb

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /34hWgQUp6aGXabqKeGrF6720 HTTP/1.1
Host: nv.vwnrju.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Cookie: XSRF-TOKEN=eyJpdiI6IkkzQzBqRTQvVTREeFAzWU5wV3hDL0E9PSIsInZhbHVlIjoiWnltbjArc3BRME5aMG1yU09vamRibk03bHc1SGl6WkNReGVCMDBYM2JSdEhMb1cyNnhUQmV6RWR4MUdjR1BWVWN2TnJiSDIvK0F6aUNPM1FqTjd3QmZLTlc3Z3NrK0E2S2o3R2theUhxL1EwelYvM2RMQmJ6S0F0L2FFYkpKWDQiLCJtYWMiOiI2ZmFmZTBkYmM5NzE4N2Q3ZDIzYTMwNjliN2M4YjUxMzNjN2JlZGIxNGYzYzEwOWRmNDZkNWFmNDViNjI2YWM0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijc5Zk9xdjlRaWZrOUNVZWJnR3IxcGc9PSIsInZhbHVlIjoib3V3c0Znd29zVi9zS3R3YU9KelVObVhIYm5PNTFtaVQwTXpuakhZTWNPRnBRQnJsRDRqRlZndnBJUFo3RlBHYVlhZ25MYnM5Qi9CTWZZazRyeWJhaGM4Tnp2bjVaS3g3M1RrRmhWdjhzY0dQNm5hdlUrY1oyQkF1WnQ0QXl0NzYiLCJtYWMiOiI2MjYzYjgyNDNmMWFjNjY4MTZhOGRkYjY2M2RmNmVmZDU4NTI0NmM0MWI2NjE4YWJlNDYwMTZhY2I0ZGM3NmFhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 19 Feb 2025 08:46:33 GMT
content-type: text/css;charset=UTF-8
content-disposition: inline; filename="34hWgQUp6aGXabqKeGrF6720"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gTib5tY5PSMV8i%2B2eRE1J0G6CltAt8FrrRu22PK8w8kY4Fm0rlXwFNsd4%2Bg317mA2xZV3cbeg1iafUD1Q9Mdggu7DaL%2B1A9C4RoU8R%2Bm9e0YF%2BqoBW2NnbQB6G0ftA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
vary: accept-encoding
priority: u=2,i=?0
server: cloudflare
cf-ray: 9144fcb07e431c06-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=1138&min_rtt=1099&rtt_var=440&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2824&recv_bytes=2174&delivery_rate=2635122&cwnd=251&unsent_bytes=0&cid=cea64dd6ad274a8a&ts=128&x=0", cfL4;desc="?proto=QUIC&rtt=1458&min_rtt=637&rtt_var=586&sent=383&recv=59&lost=0&retrans=0&sent_bytes=412720&recv_bytes=25113&delivery_rate=1462379&cwnd=127200&unsent_bytes=0&cid=6e3cc140cce5b77d&ts=11765&x=1", cfExtPri, cfHdrFlush;dur=0

ugucjlk2t1ujwutlgtcviovdazaaxdpv2ii9ggovabejn6zfapmmzs0ea.bbjcgw.ru/4474001581746548ZwcAEyVLMJJBGRONXLWSSNYRZFQFLBFCCHMYWUFJIVGNBOVPrsFQJ4XtsFAmaVPGCum34YQYXXwx35

172.67.133.24

200 OK

536 B

URL POST HTTP/2
ugucjlk2t1ujwutlgtcviovdazaaxdpv2ii9ggovabejn6zfapmmzs0ea.bbjcgw.ru/4474001581746548ZwcAEyVLMJJBGRONXLWSSNYRZFQFLBFCCHMYWUFJIVGNBOVPrsFQJ4XtsFAmaVPGCum34YQYXXwx35
IP
172.67.133.24:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Certificate
IssuerGoogle Trust Services
Subjectbbjcgw.ru
FingerprintF2:4F:BB:09:C1:D5:54:A2:D2:57:11:2B:C0:F6:A4:B7:51:46:48:F4
ValidityTue, 11 Feb 2025 18:23:51 GMT - Mon, 12 May 2025 19:21:35 GMT

File type
ASCII text, with very long lines (536), with no line terminators
Size
536 B (536 bytes)
Hash
b700a2408fff4601b18b91dd7b1adf0f
294a42cbff29c06fe6bff0cc3d5d6b93f7fda3dc
23731d6f86bfade6b1fd1acf5985785e9e1cb0f155f662cf89464d7a6f2c04b6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /4474001581746548ZwcAEyVLMJJBGRONXLWSSNYRZFQFLBFCCHMYWUFJIVGNBOVPrsFQJ4XtsFAmaVPGCum34YQYXXwx35 HTTP/1.1
Host: ugucjlk2t1ujwutlgtcviovdazaaxdpv2ii9ggovabejn6zfapmmzs0ea.bbjcgw.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 107
Origin: https://nv.vwnrju.ru
DNT: 1
Connection: keep-alive
Referer: https://nv.vwnrju.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 19 Feb 2025 08:46:37 GMT
content-type: text/plain; charset=utf-8
vary: Origin
access-control-allow-origin: https://nv.vwnrju.ru
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ju9OWRQSoRSZubR8ZcPtkCHmbFYlEJGotPwsyBCcDm7xxYJwsIixdlK6nZarl5TT0u1AwoeAL%2Fm3gDXLxNfaCrJfGuckfKWKSgMW2GtvGix70PeiIyufWBTZa%2FbI%2BrGqIXahToTtOK1lfdoneBXUk1MuUxDAthNpWHK9xdJoNYSlm2hvsYt8Iii0RYr%2FAKc6znRup7%2BW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 9144fcc8cdf51bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=595&min_rtt=465&rtt_var=267&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3194&recv_bytes=1375&delivery_rate=7554782&cwnd=254&unsent_bytes=0&cid=8c1830b7e8a9434e&ts=801&x=0"
X-Firefox-Spdy: h2

nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK

104.21.24.27

200 OK

288 kB

URL User Request GET HTTP/3
nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
IP
104.21.24.27:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectvwnrju.ru
Fingerprint86:C5:DD:95:51:38:F6:8E:1A:2C:1F:19:08:1D:17:22:01:15:A2:1A
ValiditySun, 09 Feb 2025 22:29:15 GMT - Sat, 10 May 2025 23:22:48 GMT

File type

Size
288 kB (288186 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK HTTP/1.1
Host: nv.vwnrju.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nv.vwnrju.ru/Is5axnrWbRNTrs/
Cookie: XSRF-TOKEN=eyJpdiI6IkRJNVdXajA2Nlc5VjZNZk9IQzlTaHc9PSIsInZhbHVlIjoieXRMTlVXSDF1dFVUaytRcGJtc2pkZUR2NVU4ODdHa3ZtaWpOaXBuRmI3V1l5dTJGb3h3MFY5MktQZkZXK3ZOWFRQK0tDS21HQk5qS2k1OVVRZVp3NHlKYTlRbzhSSkdibVlWVGNvY3c1WGFXWDJZSHZQd0VPa3U4Rm9neUlzVVUiLCJtYWMiOiJkOTljMmRjMWE4NTQ3MzAxNzQ4YTNkYWFkNGQ0MTUyODE2YzU0ZGVjMjZjNGM0YjZhZjYzNGEwZDc2OWI4ZTFhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkJSK3hQdWtOKzBxUE5MYklURlVBSEE9PSIsInZhbHVlIjoiMmhwS2VoQ0VkWjZ2Nmh0R0UxNHhnM3h6d3oxNXJNeFA4VzBtMkN6em83cDUxbmlqT1llNlBiYjhYNkNMS00vWHl6SlkzUDRhaDNLTldnV0tUdHlNNEJETU50WGJ6bkFtaVoyT1R6TDQ3ZjhCZ2l3cWNNcWFPNm1SOHkrRzRrWHYiLCJtYWMiOiI5ZmU1NGRmNjkyMmYxYzJjYzkyMGFmNzQ0YTY2ZDMzYjk0Njc0ZDkyMjAwOTAzOWI3ZDkzZjg3N2Y2MDVlYzRmIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 19 Feb 2025 08:46:32 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2kXOwdiXRoROm82f83rONeMRJ3LiMUJ7FKO9KKM88Xo1Vj%2FkVWc5KbulkHPXV5V%2FwzI%2FEpbXfuNnSPx2nSpWzEYv5AB5SCyFRXjLJdpqgfXq0nmDf%2FAxNc5eKyRmtA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6IkkzQzBqRTQvVTREeFAzWU5wV3hDL0E9PSIsInZhbHVlIjoiWnltbjArc3BRME5aMG1yU09vamRibk03bHc1SGl6WkNReGVCMDBYM2JSdEhMb1cyNnhUQmV6RWR4MUdjR1BWVWN2TnJiSDIvK0F6aUNPM1FqTjd3QmZLTlc3Z3NrK0E2S2o3R2theUhxL1EwelYvM2RMQmJ6S0F0L2FFYkpKWDQiLCJtYWMiOiI2ZmFmZTBkYmM5NzE4N2Q3ZDIzYTMwNjliN2M4YjUxMzNjN2JlZGIxNGYzYzEwOWRmNDZkNWFmNDViNjI2YWM0IiwidGFnIjoiIn0%3D; expires=Wed, 19-Feb-2025 10:46:32 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6Ijc5Zk9xdjlRaWZrOUNVZWJnR3IxcGc9PSIsInZhbHVlIjoib3V3c0Znd29zVi9zS3R3YU9KelVObVhIYm5PNTFtaVQwTXpuakhZTWNPRnBRQnJsRDRqRlZndnBJUFo3RlBHYVlhZ25MYnM5Qi9CTWZZazRyeWJhaGM4Tnp2bjVaS3g3M1RrRmhWdjhzY0dQNm5hdlUrY1oyQkF1WnQ0QXl0NzYiLCJtYWMiOiI2MjYzYjgyNDNmMWFjNjY4MTZhOGRkYjY2M2RmNmVmZDU4NTI0NmM0MWI2NjE4YWJlNDYwMTZhY2I0ZGM3NmFhIiwidGFnIjoiIn0%3D; expires=Wed, 19-Feb-2025 10:46:32 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
priority: u=1,i=?0
server: cloudflare
cf-ray: 9144fcae3c3d1c06-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=1273&min_rtt=1252&rtt_var=485&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2266&delivery_rate=2313099&cwnd=249&unsent_bytes=0&cid=5ab73c5b942467b1&ts=151&x=0", cfL4;desc="?proto=QUIC&rtt=3595&min_rtt=1729&rtt_var=2434&sent=36&recv=21&lost=0&retrans=0&sent_bytes=19751&recv_bytes=6977&delivery_rate=907244&cwnd=12000&unsent_bytes=0&cid=6e3cc140cce5b77d&ts=11428&x=1", cfExtPri, cfHdrFlush;dur=0

nv.vwnrju.ru/mnWR2yRlju3JMB6nX5RQR5pudrGyYijJzRGOtCpcOVv23q1vSF90150

104.21.24.27

200 OK

270 B

URL GET HTTP/3
nv.vwnrju.ru/mnWR2yRlju3JMB6nX5RQR5pudrGyYijJzRGOtCpcOVv23q1vSF90150
IP
104.21.24.27:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Certificate
IssuerGoogle Trust Services
Subjectvwnrju.ru
Fingerprint86:C5:DD:95:51:38:F6:8E:1A:2C:1F:19:08:1D:17:22:01:15:A2:1A
ValiditySun, 09 Feb 2025 22:29:15 GMT - Sat, 10 May 2025 23:22:48 GMT

File type
SVG Scalable Vector Graphics image
Size
270 B (270 bytes)
Hash
0c09c5ea7c28d6feb4d124957dde0a0d
1b9efde2d8f0e2a3d9d5315117e597c2d622fc5e
b3c39d2c15327b7ae68940502a2d7bf457fe521e075e6e671d0340edc58bcb3a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /mnWR2yRlju3JMB6nX5RQR5pudrGyYijJzRGOtCpcOVv23q1vSF90150 HTTP/1.1
Host: nv.vwnrju.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Cookie: XSRF-TOKEN=eyJpdiI6IkkzQzBqRTQvVTREeFAzWU5wV3hDL0E9PSIsInZhbHVlIjoiWnltbjArc3BRME5aMG1yU09vamRibk03bHc1SGl6WkNReGVCMDBYM2JSdEhMb1cyNnhUQmV6RWR4MUdjR1BWVWN2TnJiSDIvK0F6aUNPM1FqTjd3QmZLTlc3Z3NrK0E2S2o3R2theUhxL1EwelYvM2RMQmJ6S0F0L2FFYkpKWDQiLCJtYWMiOiI2ZmFmZTBkYmM5NzE4N2Q3ZDIzYTMwNjliN2M4YjUxMzNjN2JlZGIxNGYzYzEwOWRmNDZkNWFmNDViNjI2YWM0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijc5Zk9xdjlRaWZrOUNVZWJnR3IxcGc9PSIsInZhbHVlIjoib3V3c0Znd29zVi9zS3R3YU9KelVObVhIYm5PNTFtaVQwTXpuakhZTWNPRnBRQnJsRDRqRlZndnBJUFo3RlBHYVlhZ25MYnM5Qi9CTWZZazRyeWJhaGM4Tnp2bjVaS3g3M1RrRmhWdjhzY0dQNm5hdlUrY1oyQkF1WnQ0QXl0NzYiLCJtYWMiOiI2MjYzYjgyNDNmMWFjNjY4MTZhOGRkYjY2M2RmNmVmZDU4NTI0NmM0MWI2NjE4YWJlNDYwMTZhY2I0ZGM3NmFhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 19 Feb 2025 08:46:33 GMT
content-type: image/svg+xml
content-disposition: inline; filename="mnWR2yRlju3JMB6nX5RQR5pudrGyYijJzRGOtCpcOVv23q1vSF90150"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oBgQevikfpOgZmoKVqlrP6PqcYV4PBQmOAPt66is%2BzulBaVDwr18cyuk2TQSutENtWoWOfwRCoK%2Fhi7TmE%2FxSZJo2vKEB0N2vql%2FstS8ePu03GapFivn%2FMEkUBui%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
vary: accept-encoding
priority: u=4,i=?0
server: cloudflare
cf-ray: 9144fcb08e581c06-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=1252&min_rtt=1252&rtt_var=471&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2824&recv_bytes=2212&delivery_rate=2302066&cwnd=251&unsent_bytes=0&cid=bbe3f2f7c0464d43&ts=130&x=0", cfL4;desc="?proto=QUIC&rtt=1402&min_rtt=637&rtt_var=552&sent=387&recv=60&lost=0&retrans=0&sent_bytes=417074&recv_bytes=25158&delivery_rate=3353556&cwnd=127200&unsent_bytes=0&cid=6e3cc140cce5b77d&ts=11772&x=1", cfExtPri, cfHdrFlush;dur=0

nv.vwnrju.ru/yzNVEMf1R0xeDWCUU82VemnQYia5opWzVZjKt6ZYDH1PLKab178

104.21.24.27

200 OK

2.9 kB

URL GET HTTP/3
nv.vwnrju.ru/yzNVEMf1R0xeDWCUU82VemnQYia5opWzVZjKt6ZYDH1PLKab178
IP
104.21.24.27:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Certificate
IssuerGoogle Trust Services
Subjectvwnrju.ru
Fingerprint86:C5:DD:95:51:38:F6:8E:1A:2C:1F:19:08:1D:17:22:01:15:A2:1A
ValiditySun, 09 Feb 2025 22:29:15 GMT - Sat, 10 May 2025 23:22:48 GMT

File type
SVG Scalable Vector Graphics image
Size
2.9 kB (2905 bytes)
Hash
e924de0d471df54b6280f3dc8b187cb8
857f03226070b502a9e06b4249710ec10be4c9e9
24ce135a31ce83ac3d62471fcc0e1a82ce6f1533c993ee59ca4e110d5f2fae33

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /yzNVEMf1R0xeDWCUU82VemnQYia5opWzVZjKt6ZYDH1PLKab178 HTTP/1.1
Host: nv.vwnrju.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Cookie: XSRF-TOKEN=eyJpdiI6IkkzQzBqRTQvVTREeFAzWU5wV3hDL0E9PSIsInZhbHVlIjoiWnltbjArc3BRME5aMG1yU09vamRibk03bHc1SGl6WkNReGVCMDBYM2JSdEhMb1cyNnhUQmV6RWR4MUdjR1BWVWN2TnJiSDIvK0F6aUNPM1FqTjd3QmZLTlc3Z3NrK0E2S2o3R2theUhxL1EwelYvM2RMQmJ6S0F0L2FFYkpKWDQiLCJtYWMiOiI2ZmFmZTBkYmM5NzE4N2Q3ZDIzYTMwNjliN2M4YjUxMzNjN2JlZGIxNGYzYzEwOWRmNDZkNWFmNDViNjI2YWM0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijc5Zk9xdjlRaWZrOUNVZWJnR3IxcGc9PSIsInZhbHVlIjoib3V3c0Znd29zVi9zS3R3YU9KelVObVhIYm5PNTFtaVQwTXpuakhZTWNPRnBRQnJsRDRqRlZndnBJUFo3RlBHYVlhZ25MYnM5Qi9CTWZZazRyeWJhaGM4Tnp2bjVaS3g3M1RrRmhWdjhzY0dQNm5hdlUrY1oyQkF1WnQ0QXl0NzYiLCJtYWMiOiI2MjYzYjgyNDNmMWFjNjY4MTZhOGRkYjY2M2RmNmVmZDU4NTI0NmM0MWI2NjE4YWJlNDYwMTZhY2I0ZGM3NmFhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 19 Feb 2025 08:46:33 GMT
content-type: image/svg+xml
content-disposition: inline; filename="yzNVEMf1R0xeDWCUU82VemnQYia5opWzVZjKt6ZYDH1PLKab178"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2NlRU3XzrtYypJZesN1c6nO0oBy9Epwp4qr7D4S%2F%2BL1sjZbOMqzqJ980CcPly1tK66LCZnfaQ46zT1CtAtBeciHYFT1GfiB1Fbev6IKb%2F5D2GoB1CzKbN2B6VabJkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
vary: accept-encoding
priority: u=4,i=?0
server: cloudflare
cf-ray: 9144fcb09e651c06-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=1159&min_rtt=1158&rtt_var=436&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2208&delivery_rate=2483704&cwnd=251&unsent_bytes=0&cid=038f60bbb6a2eb0b&ts=122&x=0", cfL4;desc="?proto=QUIC&rtt=1402&min_rtt=637&rtt_var=552&sent=388&recv=60&lost=0&retrans=0&sent_bytes=418124&recv_bytes=25158&delivery_rate=3353556&cwnd=127200&unsent_bytes=0&cid=6e3cc140cce5b77d&ts=11774&x=1", cfExtPri, cfHdrFlush;dur=0

objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250219%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250219T084452Z&X-Amz-Expires=300&X-Amz-Signature=997487f5133e1bb6d69a9efaa42be2a036a414600b1ab6ef001d113764f8940f&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream

185.199.108.133

200 OK

10 kB

URL GET HTTP/2
objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250219%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250219T084452Z&X-Amz-Expires=300&X-Amz-Signature=997487f5133e1bb6d69a9efaa42be2a036a414600b1ab6ef001d113764f8940f&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
IP
185.199.108.133:443
ASN
#54113 FASTLY

Requested by
https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Certificate
IssuerDigiCert Inc
Subject*.github.io
Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28
ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (10017)
Size
10 kB (10245 bytes)
Hash
6c20a2be8ba900bc0a7118893a2b1072
ff7766fde1f33882c6e1c481ceed6f6588ea764c
b1c42acd0288c435e95e00332476781532ed002cac6f3dcee9110ced30b31500

HTTP Headers

GET /github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250219%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250219T084452Z&X-Amz-Expires=300&X-Amz-Signature=997487f5133e1bb6d69a9efaa42be2a036a414600b1ab6ef001d113764f8940f&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream HTTP/1.1
Host: objects.githubusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nv.vwnrju.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/octet-stream
last-modified: Tue, 07 Dec 2021 16:38:45 GMT
etag: "0x8D9B9A009499A1E"
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d91f6eaf-e01e-0032-2f18-13e122000000
x-ms-version: 2023-11-03
x-ms-creation-time: Tue, 17 Aug 2021 14:57:31 GMT
x-ms-blob-content-md5: bCCivoupALwKcRiJOisQcg==
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
content-disposition: attachment; filename=randexp.min.js
x-ms-server-encrypted: true
via: 1.1 varnish, 1.1 varnish
fastly-restarts: 1
accept-ranges: bytes
date: Wed, 19 Feb 2025 08:46:33 GMT
age: 1389
x-served-by: cache-iad-kiad7000045-IAD, cache-hel1410025-HEL
x-cache: HIT, HIT
x-cache-hits: 11369, 1
x-timer: S1739954793.374647,VS0,VE1
content-length: 10245
X-Firefox-Spdy: h2

nv.vwnrju.ru/34qa1LV3bc9S2tijsxAvRJl3gaPhnLP67104

104.21.24.27

200 OK

4.8 MB

URL GET HTTP/3
nv.vwnrju.ru/34qa1LV3bc9S2tijsxAvRJl3gaPhnLP67104
IP
104.21.24.27:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Certificate
IssuerGoogle Trust Services
Subjectvwnrju.ru
Fingerprint86:C5:DD:95:51:38:F6:8E:1A:2C:1F:19:08:1D:17:22:01:15:A2:1A
ValiditySun, 09 Feb 2025 22:29:15 GMT - Sat, 10 May 2025 23:22:48 GMT

File type

Size
4.8 MB (4756466 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /34qa1LV3bc9S2tijsxAvRJl3gaPhnLP67104 HTTP/1.1
Host: nv.vwnrju.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Cookie: XSRF-TOKEN=eyJpdiI6IkkzQzBqRTQvVTREeFAzWU5wV3hDL0E9PSIsInZhbHVlIjoiWnltbjArc3BRME5aMG1yU09vamRibk03bHc1SGl6WkNReGVCMDBYM2JSdEhMb1cyNnhUQmV6RWR4MUdjR1BWVWN2TnJiSDIvK0F6aUNPM1FqTjd3QmZLTlc3Z3NrK0E2S2o3R2theUhxL1EwelYvM2RMQmJ6S0F0L2FFYkpKWDQiLCJtYWMiOiI2ZmFmZTBkYmM5NzE4N2Q3ZDIzYTMwNjliN2M4YjUxMzNjN2JlZGIxNGYzYzEwOWRmNDZkNWFmNDViNjI2YWM0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijc5Zk9xdjlRaWZrOUNVZWJnR3IxcGc9PSIsInZhbHVlIjoib3V3c0Znd29zVi9zS3R3YU9KelVObVhIYm5PNTFtaVQwTXpuakhZTWNPRnBRQnJsRDRqRlZndnBJUFo3RlBHYVlhZ25MYnM5Qi9CTWZZazRyeWJhaGM4Tnp2bjVaS3g3M1RrRmhWdjhzY0dQNm5hdlUrY1oyQkF1WnQ0QXl0NzYiLCJtYWMiOiI2MjYzYjgyNDNmMWFjNjY4MTZhOGRkYjY2M2RmNmVmZDU4NTI0NmM0MWI2NjE4YWJlNDYwMTZhY2I0ZGM3NmFhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 19 Feb 2025 08:46:34 GMT
content-type: application/javascript
content-disposition: inline; filename="34qa1LV3bc9S2tijsxAvRJl3gaPhnLP67104"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iLjnZ%2BxtpdGizcuP%2BouL%2F90VA8PbZC%2FWJOGW88skilWbt8R1X380Na3YqS%2B8XaJaylZkCiferFZeAxrHJffEysN8Ep%2BgWhlgmMMdwMr%2BscqmEJVVDqVuP9d3vCfb2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
vary: accept-encoding
priority: u=3,i=?0
server: cloudflare
cf-ray: 9144fcb0deab1c06-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=1113&min_rtt=1072&rtt_var=431&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2824&recv_bytes=2157&delivery_rate=2701492&cwnd=251&unsent_bytes=0&cid=1e3efed3d3a23fed&ts=129&x=0", cfL4;desc="?proto=QUIC&rtt=1105&min_rtt=637&rtt_var=206&sent=434&recv=73&lost=0&retrans=0&sent_bytes=463371&recv_bytes=28629&delivery_rate=919210&cwnd=127200&unsent_bytes=0&cid=6e3cc140cce5b77d&ts=13000&x=1", cfExtPri, cfHdrFlush;dur=0

nv.vwnrju.ru/sq4d6XW8NCVHIPHvS60wckLVrsBWPnqmM6n3QP7fWs88zEkp

104.21.24.27

200 OK

2.8 kB

URL POST HTTP/3
nv.vwnrju.ru/sq4d6XW8NCVHIPHvS60wckLVrsBWPnqmM6n3QP7fWs88zEkp
IP
104.21.24.27:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Certificate
IssuerGoogle Trust Services
Subjectvwnrju.ru
Fingerprint86:C5:DD:95:51:38:F6:8E:1A:2C:1F:19:08:1D:17:22:01:15:A2:1A
ValiditySun, 09 Feb 2025 22:29:15 GMT - Sat, 10 May 2025 23:22:48 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (2831), with no line terminators
Size
2.8 kB (2816 bytes)
Hash
3e74d1842107559838ee8837dc0509f1
23c9f700d68fbed7d0d187aeeddd055837681e5e
6f5c10a3f84d3d6b41e2a84a9e63f96268365d0efb431d22b6c1e839e6d084c7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

POST /sq4d6XW8NCVHIPHvS60wckLVrsBWPnqmM6n3QP7fWs88zEkp HTTP/1.1
Host: nv.vwnrju.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 53
Origin: https://nv.vwnrju.ru
DNT: 1
Connection: keep-alive
Referer: https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Cookie: XSRF-TOKEN=eyJpdiI6IkkzQzBqRTQvVTREeFAzWU5wV3hDL0E9PSIsInZhbHVlIjoiWnltbjArc3BRME5aMG1yU09vamRibk03bHc1SGl6WkNReGVCMDBYM2JSdEhMb1cyNnhUQmV6RWR4MUdjR1BWVWN2TnJiSDIvK0F6aUNPM1FqTjd3QmZLTlc3Z3NrK0E2S2o3R2theUhxL1EwelYvM2RMQmJ6S0F0L2FFYkpKWDQiLCJtYWMiOiI2ZmFmZTBkYmM5NzE4N2Q3ZDIzYTMwNjliN2M4YjUxMzNjN2JlZGIxNGYzYzEwOWRmNDZkNWFmNDViNjI2YWM0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijc5Zk9xdjlRaWZrOUNVZWJnR3IxcGc9PSIsInZhbHVlIjoib3V3c0Znd29zVi9zS3R3YU9KelVObVhIYm5PNTFtaVQwTXpuakhZTWNPRnBRQnJsRDRqRlZndnBJUFo3RlBHYVlhZ25MYnM5Qi9CTWZZazRyeWJhaGM4Tnp2bjVaS3g3M1RrRmhWdjhzY0dQNm5hdlUrY1oyQkF1WnQ0QXl0NzYiLCJtYWMiOiI2MjYzYjgyNDNmMWFjNjY4MTZhOGRkYjY2M2RmNmVmZDU4NTI0NmM0MWI2NjE4YWJlNDYwMTZhY2I0ZGM3NmFhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 19 Feb 2025 08:46:34 GMT
content-type: application/json
cache-control: no-cache, private
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ScSJvHJ8eZIWVPHUW05LoosslJAZY5Jb7YhCuZ%2BYGlvCowPl5JTk2M9VzE1gLMRcEzwmp%2B4KslicK25U5paVZC68l2CSo77rV%2FIS%2F3yFfw9x96DChOnBiD2JLq0HyA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6IjV6bUYrbFZnS28yblN2T1Z4ODJjcmc9PSIsInZhbHVlIjoibG1CcStOMTVyTkp6VkxSKzA0alR2RDQrb0RFRk5oMkw4NVlpRGx0bVpQMnF0R1pkOU5jNE9IVFo5ZnBHOGlyVXBNUHIyd0lXQ2k0dHVWVWRRZWd5TGRKSGptVTZ4Lzh0N1UwcG1Sc2pLM29SUUtwMVgyUi8wdThiOU5jQk9vZksiLCJtYWMiOiJhNjlmOGVjMWQ1OTE4YTk5ODRlNWQzZjM2NjhkNWRhOWMzOTUxOWI2Y2Q1NGY5MTI4YmI3NGU3NzA4ZWYzMTVjIiwidGFnIjoiIn0%3D; expires=Wed, 19-Feb-2025 10:46:34 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IkR0SzBjUXNSZ25PWGs0Z292N3FXc3c9PSIsInZhbHVlIjoiSVFoWGI2S1FNMkVoajBRSms4QnZtYldzRFc1bFc0S2h2cFpIUGhQeVU3RlpMZVljVUsyMDV0OHdJcWVTRXBYKzFvWEwraUdKZVRoUzFHc3lnb2ZZR0lqTSs2dEFRbDFlWmJtSXBkU1ZFSXhodWRXSXhIU1dWRXZNbFRKdkc0VGUiLCJtYWMiOiJjMjNmYmYzYmE2YzFkNDdkMTFkOThiZTJmOTZhMzcxN2I5Y2ExMGRmNzRjZWQ5MjAxYTU1YWE0NDc3OWI3YmZmIiwidGFnIjoiIn0%3D; expires=Wed, 19-Feb-2025 10:46:34 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
vary: accept-encoding
priority: u=3,i=?0
server: cloudflare
cf-ray: 9144fcb74bff1c06-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=928&min_rtt=891&rtt_var=361&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2824&recv_bytes=2367&delivery_rate=3250280&cwnd=251&unsent_bytes=0&cid=8627ec3fa19f698c&ts=132&x=0", cfL4;desc="?proto=QUIC&rtt=1109&min_rtt=637&rtt_var=298&sent=426&recv=70&lost=0&retrans=0&sent_bytes=456695&recv_bytes=28491&delivery_rate=5441894&cwnd=127200&unsent_bytes=0&cid=6e3cc140cce5b77d&ts=12848&x=1", cfExtPri, cfHdrFlush;dur=0

get.geojs.io/v1/ip/geo.json

104.26.0.100

200 OK

336 B

URL GET HTTP/2
get.geojs.io/v1/ip/geo.json
IP
104.26.0.100:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nv.vwnrju.ru/bbtxjkwxobxgugbplpdpzhfpojdgvnyytrymyoareths6q6lnhdh97ut4wdpckr?MMUZPZDQMAGGRHLHPWAENIK
Certificate
IssuerGoogle Trust Services
Subjectgeojs.io
Fingerprint55:74:AA:F3:7A:AF:02:8B:48:DB:6E:73:EB:A1:95:20:EC:13:2D:8E
ValidityTue, 31 Dec 2024 05:30:37 GMT - Mon, 31 Mar 2025 06:30:13 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (394), with no line terminators
Size
336 B (336 bytes)
Hash
b1653bc218f7be5f63d56c2b0cb09fdb
503a497c538da386fc409aa9079b55733084232e
119a7be2a4180987ffeb25430c797f01433c206f2c747fd0c492270d74e0c60b

HTTP Headers

GET /v1/ip/geo.json HTTP/1.1
Host: get.geojs.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nv.vwnrju.ru
DNT: 1
Connection: keep-alive
Referer: https://nv.vwnrju.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 19 Feb 2025 08:46:36 GMT
content-type: application/json
x-request-id: 850613f303805335c10d3a013b6c0293-ASH
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-origin: *
access-control-allow-methods: GET
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
geojs-backend: ash-01
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NYSvIVNgu4tMiKCgWedAWi7Bx1TkwJVbNuaO%2BbYrCq6FKa8Gkxyk%2F%2BCtUb8uV8T2Rf%2Br8M2cdVmfTL4iwbQBjVSvM4tzqC6kKF42eZBbmuAtlgQw7k9km%2FAk0DJVuQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server: cloudflare
cf-ray: 9144fcc71813b51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=641&min_rtt=468&rtt_var=330&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3264&recv_bytes=1243&delivery_rate=7362711&cwnd=254&unsent_bytes=0&cid=0c07c63ee2b2ddbd&ts=132&x=0"
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (17)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash