Report - redirect.viglink.com/?format=go&jsonp=vglnk_1528334718170259&key=172579b97fa4d5e8c1a3c2918a03e499&libId=ji37348e01012xfz000DA40uyjt16&loc=jamestowndeals.com/rq3dv?q=Blumenau&btnG=Pesquisar&v=1&out=https://conceptsinwoodwork.com/pp/ppp/kwi4t5TVQsJWppmqXjkwA/Y3BhbGRpbm9Ac2x1cnBtYWlsLm5ldA==

Report Overview

Visited public
2025-01-30 02:56:21
Tags
microsoft phishing suspicious
URL
redirect.viglink.com/?format=go&jsonp=vglnk_1528334718170259&key=172579b97fa4d5e8c1a3c2918a03e499&libId=ji37348e01012xfz000DA40uyjt16&loc=jamestowndeals.com/rq3dv?q=Blumenau&btnG=Pesquisar&v=1&out=https://conceptsinwoodwork.com/pp/ppp/kwi4t5TVQsJWppmqXjkwA/Y3BhbGRpbm9Ac2x1cnBtYWlsLm5ldA==
Finishing URL
flin.zelidarne.ru/s3u3uho/#Mcpaldino@slurpmail.net
IP / ASN
54.154.93.172
#16509 AMAZON-02
Title
secure profile access portal
Phishing - Microsoft
Phishing - Generic phishing
Suspicious - Anti-debugging code

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
redirect.viglink.com	37247	2008-12-17	2012-09-09	2025-01-23	755 B	292 B	34.247.240.19
developers.cloudflare.com	592034	2009-02-17	2012-09-07	2025-01-28	446 B	1.7 kB	104.16.6.189
objects.githubusercontent.com	134060	2014-02-06	2021-11-01	2025-01-29	889 B	11 kB	185.199.109.133
conceptsinwoodwork.com	unknown	2010-10-06	2013-09-08	2024-09-22	550 B	280 B	98.142.106.2
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20	2025-01-29	926 B	53 kB	104.18.95.41
cdnjs.cloudflare.com	235	2009-02-17	2012-05-23	2025-01-29	916 B	30 kB	104.17.24.14
code.jquery.com	634	2005-12-10	2012-05-21	2025-01-29	860 B	63 kB	151.101.130.137
flin.zelidarne.ru	unknown	2025-01-16	2025-01-23	2025-01-23	19 kB	426 kB	172.67.217.181
ok4static.oktacdn.com	16592	2014-11-11	2018-06-15	2025-01-28	1.1 kB	33 kB	143.204.55.81
github.com	1423	2007-10-09	2016-07-13	2025-01-29	454 B	4.3 kB	140.82.121.3

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-01-30 02:56:06	medium	Client IP	172.67.70.233	ET INFO External IP Address Lookup Domain (get .geojs .io) in TLS SNI

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (17)

	URL	From	Size	First Seen	Last Seen
	unknown	ScriptElement	9.5 kB	2025-01-30	2025-01-30
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-30 02:56 Last Seen2025-01-30 02:56 Times Seen1 Hash 7c9e8508c2e23fe2ec61c61d2cf28139 dfddf6cc5489001f665672cf934e1549534e5dc6 f088149cdf4931b6cf600312a4600a6e5b26a02a3bae32b31d11f38f2259c651 Loading...

	unknown	ScriptElement	2.0 kB	2025-01-30	2025-01-30
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-30 02:56 Last Seen2025-01-30 02:56 Times Seen1 Hash ec449789398bd3dd7bf0db3e0b3799cb 475ca3123dd28c9f664c2dfdcc769b021db1fb49 bba02531e788027d0786f2177177c3b0a938ff249fbea42127e092c31591d131 Loading...

	unknown	ScriptElement	2.2 kB	2025-01-30	2025-01-30
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-30 02:56 Last Seen2025-01-30 02:56 Times Seen1 Hash c8231f3110d84ff9b752681bd1325b3d 0e718c394f0b148fb68131db6ea8a2b031c2431c 6a7b7da8a3e3fdcfb2128c094a81978610d3cc84467c83f9c936c67e1c870669 Loading...

	unknown	ScriptElement	14 kB	2025-01-30	2025-01-30
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-30 02:56 Last Seen2025-01-30 02:56 Times Seen1 Hash 259cb8e5951f2c682b6bf359255ffedd c05f7b6f93f766d0d19d46adbc65331efcdb7349 284832d5a44fe40a26022e1d84790d6062fb8cbe3f2c02996cb2efe10017c456 Loading...

	flin.zelidarne.ru/34YkmXjI0gqKOiFKklKlEACzmETc0B67110	ScriptElement	137 kB	2025-01-27	2025-02-05
Pretty URL flin.zelidarne.ru/34YkmXjI0gqKOiFKklKlEACzmETc0B67110 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-27 23:50 Last Seen2025-02-05 01:24 Times Seen2855 Hash 378be0bda52e0dc309ba19e0e8dc3af0 88de4b6325b9af80fcf458097f05ae8a10f6df0a 0eb68b87fd0c31cf0110c8688f47f26699bdc1483c3034a983396a3b4548324c Loading...

	unknown	ScriptElement	1.6 kB	2025-01-30	2025-01-30
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-30 02:56 Last Seen2025-01-30 02:56 Times Seen1 Hash 44362e5ba538c7166a1cb7a597e52872 63a1c52479843611ac6955206065f13641e4248d 7889cb6169365a2e56f7a368b4178d32f5f8525ea34feed11020e42163daf1ec Loading...

	unknown	ScriptElement	132 kB	2025-01-30	2025-01-30
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-30 02:56 Last Seen2025-01-30 02:56 Times Seen1 Hash f6fd2ca00cc6f72d60a101ad29c33bf7 10e4e72604bdeaadb934edc503bfde5a44312e28 78e6019b6bcf2009e010dbd0118abca2ed0ce2706e84a5ae9c8702185b2cf986 Loading...

	code.jquery.com/jquery-3.6.0.min.js	ScriptElement	90 kB	2023-03-07	2025-05-07
Pretty URL code.jquery.com/jquery-3.6.0.min.js IP 151.101.130.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-07 03:29 Times Seen205117 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js	ScriptElement	10 kB	2024-05-30	2025-05-07
Pretty URL github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js IP 140.82.121.3 ASN #36459 GITHUB Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-30 22:56 Last Seen2025-05-07 03:23 Times Seen18248 Hash 6c20a2be8ba900bc0a7118893a2b1072 ff7766fde1f33882c6e1c481ceed6f6588ea764c b1c42acd0288c435e95e00332476781532ed002cac6f3dcee9110ced30b31500 Loading...

	unknown	ScriptElement	658 B	2025-01-27	2025-02-11
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-27 23:50 Last Seen2025-02-11 00:19 Times Seen1997 Hash a09106ffb33fd598d6dac0536c17c0ee 7dfc403b6b8b3b6c21a735fe1282026b66b1827f c0f009ea862434e2f422d8041768bf731e623e328dabed9724f22d4c7a8fdd76 Loading...

	cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js	ScriptElement	48 kB	2023-03-07	2025-05-07
Pretty URL cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31 Last Seen2025-05-07 03:29 Times Seen92464 Hash 2ca03ad87885ab983541092b87adb299 1a17f60bf776a8c468a185c1e8e985c41a50dc27 8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762 Loading...

	flin.zelidarne.ru/s3u3uho/#Mcpaldino@slurpmail.net	ScriptElement	20 kB	2025-01-30	2025-01-30
Pretty URL flin.zelidarne.ru/s3u3uho/#Mcpaldino@slurpmail.net IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-01-30 02:56 Last Seen2025-01-30 02:56 Times Seen1 Hash df67da8b0abf7705bc8d5b48703c7d48 18e903e1a4d3edb250b045511c0bb583933c37f7 463752ff4df76d2c489a627f7dc91b393ce4751ba127fd8f87f6d6324df7c3ae Loading...

		Size	First Seen	Last Seen
	#1 Eval - 0e90daaf649fa3abc3c8be6eabab10ca	8.9 kB	2025-01-30 02:56	2025-01-30 02:56
Pretty Observations First Seen2025-01-30 02:56 Last Seen2025-01-30 02:56 Times Seen1 Hash 0e90daaf649fa3abc3c8be6eabab10ca 54eaec48c12f4c4ef6b3109d035e456c8bab3d33 d4094b521adac232802bd93fb272233565ff52d38842c2234da1934927f04feb Loading...

		Size	First Seen	Last Seen
	#1 Write - cfb1a2d6c1c0d8ac91b39c602ba896bb	171 kB	2025-01-30 02:56	2025-01-30 02:56
Pretty Observations First Seen2025-01-30 02:56 Last Seen2025-01-30 02:56 Times Seen1 Hash cfb1a2d6c1c0d8ac91b39c602ba896bb 2d9c0c17865a31a7eaf59c37c13ba8d5f6a2ebad a4908c997e7e0fee59be278eb62cd5b1fcf7bfcea501e692d5e6580ee90afb3d Loading...

	#2 Write - d6235b953a07e21e0a04901ee1f73c87	11 kB	2025-01-30 02:56	2025-01-30 02:56
Pretty Observations First Seen2025-01-30 02:56 Last Seen2025-01-30 02:56 Times Seen1 Hash d6235b953a07e21e0a04901ee1f73c87 475d58426a0cf61db6654142aaf60aa3dc9ef16c c2474e5c8b7ec2a6051d9cdc6221579f6aaef8a720ef5efa556f367ee1b1e1a7 Loading...

	#3 Write - 4274056d4eb4b72a9edc1a60f7c1b96d	143 kB	2025-01-30 02:56	2025-01-30 02:56
Pretty Observations First Seen2025-01-30 02:56 Last Seen2025-01-30 02:56 Times Seen1 Hash 4274056d4eb4b72a9edc1a60f7c1b96d 3001c03253f07e20ab61d162c30e368598c5a62e ce476fff3d905c6da9fe56bbfca555447394ecf61e55f91e021db7334c47f758 Loading...

	#4 Write - 7d42cd1754ceeae646665a03a99082f4	97 kB	2025-01-30 02:56	2025-01-30 02:56
Pretty Observations First Seen2025-01-30 02:56 Last Seen2025-01-30 02:56 Times Seen1 Hash 7d42cd1754ceeae646665a03a99082f4 45265a3c7dbe07230f1b0315b59b54504c713746 3d458e596858ee7f8ba079a820b5573445649f6f181db5e475f8eac3418cc6fe Loading...

HTTP Transactions (28)

URL IP Response Size

redirect.viglink.com/?format=go&jsonp=vglnk_1528334718170259&key=172579b97fa4d5e8c1a3c2918a03e499&libId=ji37348e01012xfz000DA40uyjt16&loc=jamestowndeals.com/rq3dv?q=Blumenau&btnG=Pesquisar&v=1&out=https://conceptsinwoodwork.com/pp/ppp/kwi4t5TVQsJWppmqXjkwA/Y3BhbGRpbm9Ac2x1cnBtYWlsLm5ldA==

34.247.240.19

302

0 B

URL
redirect.viglink.com/?format=go&jsonp=vglnk_1528334718170259&key=172579b97fa4d5e8c1a3c2918a03e499&libId=ji37348e01012xfz000DA40uyjt16&loc=jamestowndeals.com/rq3dv?q=Blumenau&btnG=Pesquisar&v=1&out=https://conceptsinwoodwork.com/pp/ppp/kwi4t5TVQsJWppmqXjkwA/Y3BhbGRpbm9Ac2x1cnBtYWlsLm5ldA==
IP
34.247.240.19:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?format=go&jsonp=vglnk_1528334718170259&key=172579b97fa4d5e8c1a3c2918a03e499&libId=ji37348e01012xfz000DA40uyjt16&loc=jamestowndeals.com/rq3dv?q=Blumenau&btnG=Pesquisar&v=1&out=https://conceptsinwoodwork.com/pp/ppp/kwi4t5TVQsJWppmqXjkwA/Y3BhbGRpbm9Ac2x1cnBtYWlsLm5ldA== HTTP/1.1
Host: redirect.viglink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 
Cache-Control: no-cache, no-store
Date: Thu, 30 Jan 2025 02:55:50 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://conceptsinwoodwork.com/pp/ppp/kwi4t5TVQsJWppmqXjkwA/Y3BhbGRpbm9Ac2x1cnBtYWlsLm5ldA==
Pragma: no-cache
Content-Length: 0
Connection: keep-alive

conceptsinwoodwork.com/pp/ppp/kwi4t5TVQsJWppmqXjkwA/Y3BhbGRpbm9Ac2x1cnBtYWlsLm5ldA==

98.142.106.2

200 OK

0 B

URL
conceptsinwoodwork.com/pp/ppp/kwi4t5TVQsJWppmqXjkwA/Y3BhbGRpbm9Ac2x1cnBtYWlsLm5ldA==
IP
98.142.106.2:0
ASN
#33182 DIMENOC

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pp/ppp/kwi4t5TVQsJWppmqXjkwA/Y3BhbGRpbm9Ac2x1cnBtYWlsLm5ldA== HTTP/1.1
Host: conceptsinwoodwork.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 30 Jan 2025 02:55:51 GMT
Server: Apache
X-Powered-By: PHP/5.4.45
refresh: 0;url=https://flin.zelidarne.ru/s3u3uho/#Mcpaldino@slurpmail.net
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html

challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback

104.18.95.41

302 Found

0 B

URL
challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
IP
104.18.95.41:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flin.zelidarne.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Thu, 30 Jan 2025 02:55:52 GMT
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public
cross-origin-resource-policy: cross-origin
location: /turnstile/v0/g/dc9b2fe37153/api.js
vary: Accept-Encoding
server: cloudflare
cf-ray: 909e2f7f1b4a56c9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

104.17.24.14

200 OK

14 kB

URL
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Size
14 kB (13972 bytes)
Hash
2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762

HTTP Headers

GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flin.zelidarne.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 30 Jan 2025 02:55:52 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 638654
expires: Tue, 20 Jan 2026 02:55:52 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rSHVB3MepMf55L0ggx5nepsYWDJJfbv%2BON4X1gYs9vRcavtHLw%2Fq%2FeN8u3OcgAsC6GSiQr4nYGVcuMCF0zPgnDoPJFwNFLL4qq2HtwH6r17ZMb7N4Ff14bFVBdACwnMNYCp%2FJCN3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 909e2f7f2d50b50f-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.6.0.min.js

151.101.130.137

200 OK

31 kB

URL
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.130.137:0
ASN
#54113 FASTLY

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
31 kB (30875 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flin.zelidarne.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 30 Jan 2025 02:55:52 GMT
age: 1959287
x-served-by: cache-lga21931-LGA, cache-hel1410020-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 301331
x-timer: S1738205752.213808,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

developers.cloudflare.com/favicon.png

104.16.6.189

200 OK

937 B

URL
developers.cloudflare.com/favicon.png
IP
104.16.6.189:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Size
937 B (937 bytes)
Hash
fc3b7bbe7970f47579127561139060e2
3f7c5783fe1f4404cb16304a5a274778ea3abd25
85e6223afdbd5badf2c79bcfbaa6fe686acaa781eca52c196647ffabb3be2ffe

HTTP Headers

GET /favicon.png HTTP/1.1
Host: developers.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flin.zelidarne.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 30 Jan 2025 02:55:52 GMT
content-type: image/png
content-length: 937
cache-control: public, max-age=0, must-revalidate
etag: "6be7ff94b6151f8cfbf08b53a17e2ac1"
set-cookie: __cf_bm=CYM5YmwgHfWcEiC71JJrx_KIBYQsfIda4.rL3VXDFFI-1738205752-1.0.1.1-QDIO2Ea9kRbg1mViDBuL0E_Ol22PL_mY1OQjwgEt4xBnOUnSkC0azZhYcn_oUe82gZcxbLLbbu7sCMT91meVeQ; path=/; expires=Thu, 30-Jan-25 03:25:52 GMT; domain=.developers.cloudflare.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
access-control-allow-origin: *
server: cloudflare
cf-ray: 909e2f812fd3b524-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.6.0.min.js

151.101.130.137

200 OK

31 kB

URL
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.130.137:0
ASN
#54113 FASTLY

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
31 kB (30875 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flin.zelidarne.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 30 Jan 2025 02:56:02 GMT
age: 1959298
x-served-by: cache-lga21931-LGA, cache-hel1410020-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 301333
x-timer: S1738205763.984368,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

flin.zelidarne.ru/xuv0QlatGZDTDgaDY5XEettCPe3hmcAgEV6Jj8uer

172.67.217.181

200 OK

25 kB

URL
flin.zelidarne.ru/xuv0QlatGZDTDgaDY5XEettCPe3hmcAgEV6Jj8uer
IP
172.67.217.181:0
ASN
#13335 CLOUDFLARENET

File type
JSON text data
Size
25 kB (24788 bytes)
Hash
5820854f62a6eb3d38ba7ba0d1b3ea75
639df0b84fe699b4a290a713fd6b9a94bd4deb95
912d0c07da7bdb22cdae025b96da26d01523aaab7362edb28544e3949deb369d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

POST /xuv0QlatGZDTDgaDY5XEettCPe3hmcAgEV6Jj8uer HTTP/1.1
Host: flin.zelidarne.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flin.zelidarne.ru/s3u3uho/
Content-Type: multipart/form-data; boundary=---------------------------22494512548862525474093276085
Content-Length: 917
Origin: https://flin.zelidarne.ru
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Imp3UDVPMjlONVdWZDhrMHY3M3pqRXc9PSIsInZhbHVlIjoia3JaSkwrR3RQUE9xS0UydmVkdWpsSVB0Vk4xdGVtMElHT0NkK0o3dFhtc0IxRTB1bkt2V1RCbWxUQldHa2xUUEsrQUxFZGxRaXNWdVE3YnlrWDVDTkkzNjc5SW5kOGtZbkJZM1RjY0NyUnFUV3FVUkNNVG5pUlExZlRzbWlVYTIiLCJtYWMiOiJkODg3OThjNDVjNDU0YjEwMDc0YWMxNjQ2YzkyNjhlZDQ3ZjdiZGFkOWM1OTAyNzc2MWExNGVmMzQyM2Y0YzhjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImtaV0tkSVNCaE9nYmFsZ3l6K2YySHc9PSIsInZhbHVlIjoiazB1QVBtMzRaVnBZRlJLR3E5VFlYYjJZckprMkRVNWFhaGJUYUQvS3FQY1h0cE1SOXZxZ2Y1UlR0ZytzUmtEUlIxYjVTUVpGOUpaNkM5OWtrSE1sb2YyNDdETFJnNXZIendQYytwblJQVVVvODZKNUFCTTZHWGVrR2FaMXNVYjEiLCJtYWMiOiIyMTFmNGMyM2Y0NjgyOGU1YzdjYjBmODMzZGYyMGM4ZGZhNzc4YTZlNTUyNGM0ZjIwMjIxNTQ2ZDdmOGRiZDZkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 30 Jan 2025 02:56:02 GMT
content-type: application/json
cache-control: no-cache, private
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IFxj23yVIT8NLRZU%2FPV8a7YebGsjtP7Vi1Q6mQO9YxM4y2dL589U1Q9p0gICyPkvTF2vEb5dVEwCq69FcIuGOuBM5wLwqT1MvOFg5ZiOJxSHmLCxtTdjXoSk9f4T2g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6ImVlVkdLS0tERUt0ZjhhY09EN0V1blE9PSIsInZhbHVlIjoiRFdtNG0zbEtKazNsVldQNGh6V1E4TzRPR2l3cEw2bWM2QkRRbTBBU29UZ2Fsa29JSUlRUGR5dVlUNTNDRzlXcC9qQm8rR1Zvdk9jYzhnTHVydDk1Y05XWXFDMkpGMjRCSWN0T0JGcWtUT2UrRWNRK0l5VFVKYTQ5eStmanc5eFIiLCJtYWMiOiI1NjRmMTFkZDg3NzgwM2VjNTUyYjc5MGVlMDEyYWMxNzc1MzU3MzhjZDU5ZmMyOTczMTAzYjRhMjZkZTkzYTk3IiwidGFnIjoiIn0%3D; expires=Thu, 30-Jan-2025 04:56:02 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6ImVRSk90SmtuWE1iMk80dVN3VkhRZEE9PSIsInZhbHVlIjoiTGNZSU5HMDNYTW5HcTlPVWJ1TEdIUVFOUGQ4NlZhWFNQNE9JZ2FKaTFjOVJ5Q2ZwbjB0N2NXeVd0cUx1R2tJTTIyL1JqU0htWE5aQUNpWVBiazVRSnRZQXNoL0xrVTRmN21MV3FCUjlScDhXemFXWWcrek0rRHZHS2FkektFSEsiLCJtYWMiOiJmODE2OTEyNTY0ZDdhNjBkM2JmYWVkODEwZWM0MmE5MDI3NzM3MDQyMjVlZjEwMThlMThhYzQ5MjU3MzA4NDg2IiwidGFnIjoiIn0%3D; expires=Thu, 30-Jan-2025 04:56:02 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
vary: accept-encoding
priority: u=4,i=?0
server: cloudflare
cf-ray: 909e2fbfba3356bb-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=4543&min_rtt=4513&rtt_var=1327&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2824&recv_bytes=3181&delivery_rate=604799&cwnd=241&unsent_bytes=0&cid=bd92a5c3d8b2e6b0&ts=99&x=0", cfL4;desc="?proto=QUIC&rtt=3605&min_rtt=3461&rtt_var=1400&sent=12&recv=9&lost=0&retrans=0&sent_bytes=4095&recv_bytes=2851&delivery_rate=171591&cwnd=12000&unsent_bytes=0&cid=d08ccac0f5af65d0&ts=10854&x=1", cfExtPri, cfHdrFlush;dur=0

flin.zelidarne.ru/wvfahohqutgqupehymre834jaskmz1xvmrceojfdj?XVVVDVJOWVRDABYA

172.67.217.181

200 OK

91 kB

URL GET HTTP/3
flin.zelidarne.ru/wvfahohqutgqupehymre834jaskmz1xvmrceojfdj?XVVVDVJOWVRDABYA
IP
172.67.217.181:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flin.zelidarne.ru/s3u3uho/#Mcpaldino@slurpmail.net
Certificate
IssuerGoogle Trust Services
Subjectzelidarne.ru
FingerprintC2:43:DC:39:F6:52:65:01:87:DF:52:F6:59:22:85:A1:F8:34:04:BE
ValiditySat, 18 Jan 2025 16:42:11 GMT - Fri, 18 Apr 2025 17:40:53 GMT

File type
HTML document, ASCII text, with very long lines (52485), with CRLF line terminators
Size
91 kB (91234 bytes)
Hash
4274056d4eb4b72a9edc1a60f7c1b96d
3001c03253f07e20ab61d162c30e368598c5a62e
ce476fff3d905c6da9fe56bbfca555447394ecf61e55f91e021db7334c47f758

HTTP Headers

GET /wvfahohqutgqupehymre834jaskmz1xvmrceojfdj?XVVVDVJOWVRDABYA HTTP/1.1
Host: flin.zelidarne.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://flin.zelidarne.ru/s3u3uho/
Cookie: XSRF-TOKEN=eyJpdiI6Ik5MWndnR055RUcyT0dMQzgxTi91QUE9PSIsInZhbHVlIjoiVDFHQkp4ejExblpxNmMxNjVLSWczUUYvendxVW5welozQjdaeXlIQTljYkMrSDUwYjFrR2dTSUpPKy85RTg5U3ZSYkdzZEIrV1NFL29nWnZrb0lPN1ZqeGVKQ0lVbTdRYkwzQS95ZUJ2MFlwenpOemlkODNuVEU1QXc0MExmMHgiLCJtYWMiOiJjYTA1YzUwZGUwOTFhODQyMmIzMGQ3YzNkMjQ0ZDRlNzQ4ZDA2N2RlNmNlNjcwNGE5YTlmMmJjNTc1NjdiNzU3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InRvQnBXaFZYZW5QYzVmWHJGNjJCYVE9PSIsInZhbHVlIjoiMnpoeEpVdHdLVG0wWklna1hzSE9WUnV0MDdMbThTeHdrRTB3MXBrSVdwNWt0UjVxSGtWNXRETnY5UDZ4b0tneEx5WVlJVVpjdFZFWjNrWHdxUkZhK0RDOGIwaDRuWXNpU2FGSlcxYll6R25HZjllSGdCNXJZdDF4Mk9mdVZXWXEiLCJtYWMiOiI0NTI1OGM3NTdhNzYxNTZhYTY2MThlNzM3Mjc2YzA5NDYyYTdiOWY2ZDZiZjU4MjJmODJlZGVhMzdmMjIxZGU1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 30 Jan 2025 02:56:03 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Cmwrm6WmZZgqY5uMKgUHewbCEO7M9pkNU2S5ZxbyAVlapqZuRfkH93Q6%2BNHXFbrop5flZEHdbjY%2FFCRG5Dzj0IRbB4Ayl6jlOoGlos%2Bmf1YCzLkVT8Q%2FXEtPKbnzkg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6ImJHbldqdkVTMzFYRTlNNERMeDUwR1E9PSIsInZhbHVlIjoiZ09DUWdhZTh6R05kVjFXWEczVU4zQm1RcXNaazdJNU80UDJydjNMVk5WbHkyL2Y1R1NMKzNCZ2hqRDN1OTczcWNJOWp4SHhETjkyZVlMaFhycWRHL1VWTVRIUUNybVhFTjRhd1BmY1NRNW01a3lCMGVXSUNhbjR0aDRSTVVreGUiLCJtYWMiOiI1NzRlMWViOTRkM2VmMjMyOTk1MjFiNzIzOTE1NjAyODM1OTNkOTFkNmNhZDFjZjRjZjU3MzA3ZTg1Zjc0OTJjIiwidGFnIjoiIn0%3D; expires=Thu, 30-Jan-2025 04:56:03 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IlBLaVdwZ1dQUEdXbll6R1VDcU1hUFE9PSIsInZhbHVlIjoiVHZIK0RSUjNyYlNOWWx2MGo0VTVQYWt2a1dJR2Jmb3dZcEwxOEVMdWxySWc3cEwybEJVTnh2MUlwTjU5dHh6VExMQVpWUUZxTERhRU9iK3pFbEN2NXBBSFpMK2puVVRjZVZHSS9iMGZFOW50TlRsWTRETzV4bVQwdFBCaVhnWG4iLCJtYWMiOiJjZjRmMzhiYjNhNDZmNDA3ZmQ0ZTVjOWJhMDFkNWRjNTA5OTU2ZGZjYzRkMzFhNTk2NzQ4YjZhYmQxYmE3NmYzIiwidGFnIjoiIn0%3D; expires=Thu, 30-Jan-2025 04:56:03 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
priority: u=3,i=?0
server: cloudflare
cf-ray: 909e2fc53e5a56bb-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=5288&min_rtt=5256&rtt_var=1539&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2141&delivery_rate=521039&cwnd=218&unsent_bytes=0&cid=bdc86a5f90bda3c4&ts=202&x=0", cfL4;desc="?proto=QUIC&rtt=6832&min_rtt=2007&rtt_var=7272&sent=37&recv=18&lost=0&retrans=0&sent_bytes=21198&recv_bytes=6750&delivery_rate=842937&cwnd=24000&unsent_bytes=0&cid=d08ccac0f5af65d0&ts=11796&x=1", cfExtPri, cfHdrFlush;dur=0

cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

104.17.24.14

200 OK

14 kB

URL
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Size
14 kB (13972 bytes)
Hash
2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762

HTTP Headers

GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flin.zelidarne.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 30 Jan 2025 02:56:03 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 638665
expires: Tue, 20 Jan 2026 02:56:03 GMT
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pyM29AaiDvRC1G0hhzk1VbloZvNuJpxujWED1qA1FKUrEH8FmlNJEPQItwNO7hJ3EHb8nMEsq%2Ftt6olwG50Hd9EZIgXUxD81tL2EXgRS%2B9Mr2fuakoSLCv3rlRxh4742zQu8GG7U"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 909e2fc7cf0d56cb-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

flin.zelidarne.ru/GDSherpa-bold.woff2

172.67.217.181

200 OK

28 kB

URL
flin.zelidarne.ru/GDSherpa-bold.woff2
IP
172.67.217.181:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 28000, version 1.66
Size
28 kB (28000 bytes)
Hash
a4bca6c95fed0d0c5cc46cf07710dcec
73b56e33b82b42921db8702a33efd0f2b2ec9794
5a51d246af54d903f67f07f2bd820ce77736f8d08c5f1602db07469d96dbf77f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /GDSherpa-bold.woff2 HTTP/1.1
Host: flin.zelidarne.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flin.zelidarne.ru/s3u3uho/
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImJHbldqdkVTMzFYRTlNNERMeDUwR1E9PSIsInZhbHVlIjoiZ09DUWdhZTh6R05kVjFXWEczVU4zQm1RcXNaazdJNU80UDJydjNMVk5WbHkyL2Y1R1NMKzNCZ2hqRDN1OTczcWNJOWp4SHhETjkyZVlMaFhycWRHL1VWTVRIUUNybVhFTjRhd1BmY1NRNW01a3lCMGVXSUNhbjR0aDRSTVVreGUiLCJtYWMiOiI1NzRlMWViOTRkM2VmMjMyOTk1MjFiNzIzOTE1NjAyODM1OTNkOTFkNmNhZDFjZjRjZjU3MzA3ZTg1Zjc0OTJjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlBLaVdwZ1dQUEdXbll6R1VDcU1hUFE9PSIsInZhbHVlIjoiVHZIK0RSUjNyYlNOWWx2MGo0VTVQYWt2a1dJR2Jmb3dZcEwxOEVMdWxySWc3cEwybEJVTnh2MUlwTjU5dHh6VExMQVpWUUZxTERhRU9iK3pFbEN2NXBBSFpMK2puVVRjZVZHSS9iMGZFOW50TlRsWTRETzV4bVQwdFBCaVhnWG4iLCJtYWMiOiJjZjRmMzhiYjNhNDZmNDA3ZmQ0ZTVjOWJhMDFkNWRjNTA5OTU2ZGZjYzRkMzFhNTk2NzQ4YjZhYmQxYmE3NmYzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 30 Jan 2025 02:56:03 GMT
content-type: font/woff2
content-length: 28000
content-disposition: inline; filename="GDSherpa-bold.woff2"
cache-control: max-age=14400
last-modified: Thu, 30 Jan 2025 02:51:22 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C8U8V8BE1xmhkdrPsr0TGvXxTi4AegsAyp9HXvioFgMsk57qpZ00fss3%2ByKxnakOfNXQldwF60gm3q2Sz0kBMDDCMFeCZ5T%2FUykEKAngaDQnUn6THdif4Iz32SkjTw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 281
accept-ranges: bytes
priority: u=3,i=?0
server: cloudflare
cf-ray: 909e2fc8185956bb-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=5219&min_rtt=5195&rtt_var=1508&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2179&delivery_rate=532336&cwnd=238&unsent_bytes=0&cid=d1814da90e3595ea&ts=197&x=0", cfL4;desc="?proto=QUIC&rtt=2167&min_rtt=675&rtt_var=2413&sent=101&recv=36&lost=0&retrans=0&sent_bytes=84925&recv_bytes=13522&delivery_rate=9762546&cwnd=48000&unsent_bytes=0&cid=d08ccac0f5af65d0&ts=12000&x=1", cfExtPri, cfHdrFlush;dur=0

challenges.cloudflare.com/turnstile/v0/g/dc9b2fe37153/api.js

104.18.95.41

200 OK

52 kB

URL
challenges.cloudflare.com/turnstile/v0/g/dc9b2fe37153/api.js
IP
104.18.95.41:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (48121)
Size
52 kB (52146 bytes)
Hash
91f676f3335188d2681a442249e0e73c
128163cca8a902a564570e31ef09f36aefb1a98b
57d6a8ffd948f2ee0898b43639e8a58c2a37420d3a11d56f2eacc96ee7862065

HTTP Headers

GET /turnstile/v0/g/dc9b2fe37153/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flin.zelidarne.ru/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 30 Jan 2025 02:55:52 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Mon, 27 Jan 2025 15:47:50 GMT
cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 909e2f7f3b6956c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

flin.zelidarne.ru/GDSherpa-regular.woff2

172.67.217.181

200 OK

29 kB

URL GET HTTP/3
flin.zelidarne.ru/GDSherpa-regular.woff2
IP
172.67.217.181:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flin.zelidarne.ru/s3u3uho/#Mcpaldino@slurpmail.net
Certificate
IssuerGoogle Trust Services
Subjectzelidarne.ru
FingerprintC2:43:DC:39:F6:52:65:01:87:DF:52:F6:59:22:85:A1:F8:34:04:BE
ValiditySat, 18 Jan 2025 16:42:11 GMT - Fri, 18 Apr 2025 17:40:53 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28584, version 1.66
Size
29 kB (28584 bytes)
Hash
17081510f3a6f2f619ec8c6f244523c7
87f34b2a1532c50f2a424c345d03fe028db35635
2c7292014e2ef00374aeb63691d9f23159a010455784ee0b274ba7db2bcca956

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /GDSherpa-regular.woff2 HTTP/1.1
Host: flin.zelidarne.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flin.zelidarne.ru/s3u3uho/
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImJHbldqdkVTMzFYRTlNNERMeDUwR1E9PSIsInZhbHVlIjoiZ09DUWdhZTh6R05kVjFXWEczVU4zQm1RcXNaazdJNU80UDJydjNMVk5WbHkyL2Y1R1NMKzNCZ2hqRDN1OTczcWNJOWp4SHhETjkyZVlMaFhycWRHL1VWTVRIUUNybVhFTjRhd1BmY1NRNW01a3lCMGVXSUNhbjR0aDRSTVVreGUiLCJtYWMiOiI1NzRlMWViOTRkM2VmMjMyOTk1MjFiNzIzOTE1NjAyODM1OTNkOTFkNmNhZDFjZjRjZjU3MzA3ZTg1Zjc0OTJjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlBLaVdwZ1dQUEdXbll6R1VDcU1hUFE9PSIsInZhbHVlIjoiVHZIK0RSUjNyYlNOWWx2MGo0VTVQYWt2a1dJR2Jmb3dZcEwxOEVMdWxySWc3cEwybEJVTnh2MUlwTjU5dHh6VExMQVpWUUZxTERhRU9iK3pFbEN2NXBBSFpMK2puVVRjZVZHSS9iMGZFOW50TlRsWTRETzV4bVQwdFBCaVhnWG4iLCJtYWMiOiJjZjRmMzhiYjNhNDZmNDA3ZmQ0ZTVjOWJhMDFkNWRjNTA5OTU2ZGZjYzRkMzFhNTk2NzQ4YjZhYmQxYmE3NmYzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 30 Jan 2025 02:56:03 GMT
content-type: font/woff2
content-length: 28584
content-disposition: inline; filename="GDSherpa-regular.woff2"
cache-control: max-age=14400
last-modified: Thu, 30 Jan 2025 02:51:22 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R%2FyPQL%2B097yhWoKag0nxF6TVjOAlxalUCgAynuPkhHYV8CB6BIlFZvsmPMZN%2Fk5EFWdSB1sHDtZr5ppzHYlbspDthNgtynaTbbbf18EINvcRxzBLELReIP9Pxi05Pw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 281
accept-ranges: bytes
priority: u=3,i=?0
server: cloudflare
cf-ray: 909e2fc8185c56bb-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=5132&min_rtt=5101&rtt_var=1976&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2824&recv_bytes=2183&delivery_rate=531938&cwnd=171&unsent_bytes=0&cid=371a7ec23cdbaf7b&ts=204&x=0", cfL4;desc="?proto=QUIC&rtt=2167&min_rtt=675&rtt_var=2413&sent=142&recv=36&lost=0&retrans=0&sent_bytes=132925&recv_bytes=13522&delivery_rate=9762546&cwnd=48000&unsent_bytes=0&cid=d08ccac0f5af65d0&ts=12002&x=1", cfExtPri, cfHdrFlush;dur=3

flin.zelidarne.ru/GDSherpa-regular.woff

172.67.217.181

200 OK

37 kB

URL
flin.zelidarne.ru/GDSherpa-regular.woff
IP
172.67.217.181:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format, TrueType, length 36696, version 1.0
Size
37 kB (36696 bytes)
Hash
a69e9ab8afdd7486ec0749c551051ff2
c34e6aa327b536fb48d1fe03577a47c7ee2231b8
fd78a1913db912221b8ead1e62fad47d1ff0a9fa6cd88d3b128a721ad91d2faf

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /GDSherpa-regular.woff HTTP/1.1
Host: flin.zelidarne.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flin.zelidarne.ru/s3u3uho/
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImJHbldqdkVTMzFYRTlNNERMeDUwR1E9PSIsInZhbHVlIjoiZ09DUWdhZTh6R05kVjFXWEczVU4zQm1RcXNaazdJNU80UDJydjNMVk5WbHkyL2Y1R1NMKzNCZ2hqRDN1OTczcWNJOWp4SHhETjkyZVlMaFhycWRHL1VWTVRIUUNybVhFTjRhd1BmY1NRNW01a3lCMGVXSUNhbjR0aDRSTVVreGUiLCJtYWMiOiI1NzRlMWViOTRkM2VmMjMyOTk1MjFiNzIzOTE1NjAyODM1OTNkOTFkNmNhZDFjZjRjZjU3MzA3ZTg1Zjc0OTJjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlBLaVdwZ1dQUEdXbll6R1VDcU1hUFE9PSIsInZhbHVlIjoiVHZIK0RSUjNyYlNOWWx2MGo0VTVQYWt2a1dJR2Jmb3dZcEwxOEVMdWxySWc3cEwybEJVTnh2MUlwTjU5dHh6VExMQVpWUUZxTERhRU9iK3pFbEN2NXBBSFpMK2puVVRjZVZHSS9iMGZFOW50TlRsWTRETzV4bVQwdFBCaVhnWG4iLCJtYWMiOiJjZjRmMzhiYjNhNDZmNDA3ZmQ0ZTVjOWJhMDFkNWRjNTA5OTU2ZGZjYzRkMzFhNTk2NzQ4YjZhYmQxYmE3NmYzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 30 Jan 2025 02:56:03 GMT
content-type: font/woff
content-length: 36696
content-disposition: inline; filename="GDSherpa-regular.woff"
cache-control: max-age=14400
last-modified: Thu, 30 Jan 2025 02:51:22 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D283qwpVS1%2BRUUffZuKZtHpgz45ggO4pGDd%2BQPNXmsvDJPKd%2BNLo8%2B5IoaZNvn8hWPoBkTcd3gojXEDscZjWwrKXN7u6BZICUYlvxlwEvTSNTb3GI%2FS%2F2%2FeWsqAlBg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 281
accept-ranges: bytes
priority: u=3,i=?0
server: cloudflare
cf-ray: 909e2fc8185d56bb-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=4909&min_rtt=4895&rtt_var=1863&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2824&recv_bytes=2180&delivery_rate=568803&cwnd=237&unsent_bytes=0&cid=b42dae45b8700880&ts=193&x=0", cfL4;desc="?proto=QUIC&rtt=2167&min_rtt=675&rtt_var=2413&sent=126&recv=36&lost=0&retrans=0&sent_bytes=114484&recv_bytes=13522&delivery_rate=9762546&cwnd=48000&unsent_bytes=0&cid=d08ccac0f5af65d0&ts=12001&x=1", cfExtPri, cfHdrFlush;dur=0

flin.zelidarne.ru/GDSherpa-vf.woff2

172.67.217.181

200 OK

44 kB

URL
flin.zelidarne.ru/GDSherpa-vf.woff2
IP
172.67.217.181:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 43596, version 1.0
Size
44 kB (43596 bytes)
Hash
2a05e9e5572abc320b2b7ea38a70dcc1
d5fa2a856d5632c2469e42436159375117ef3c35
3efcb941aaddaf4aea08dab3fb97d3e904aa1b83264e64b4d5bda53bc7c798ec

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /GDSherpa-vf.woff2 HTTP/1.1
Host: flin.zelidarne.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flin.zelidarne.ru/s3u3uho/
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImJHbldqdkVTMzFYRTlNNERMeDUwR1E9PSIsInZhbHVlIjoiZ09DUWdhZTh6R05kVjFXWEczVU4zQm1RcXNaazdJNU80UDJydjNMVk5WbHkyL2Y1R1NMKzNCZ2hqRDN1OTczcWNJOWp4SHhETjkyZVlMaFhycWRHL1VWTVRIUUNybVhFTjRhd1BmY1NRNW01a3lCMGVXSUNhbjR0aDRSTVVreGUiLCJtYWMiOiI1NzRlMWViOTRkM2VmMjMyOTk1MjFiNzIzOTE1NjAyODM1OTNkOTFkNmNhZDFjZjRjZjU3MzA3ZTg1Zjc0OTJjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlBLaVdwZ1dQUEdXbll6R1VDcU1hUFE9PSIsInZhbHVlIjoiVHZIK0RSUjNyYlNOWWx2MGo0VTVQYWt2a1dJR2Jmb3dZcEwxOEVMdWxySWc3cEwybEJVTnh2MUlwTjU5dHh6VExMQVpWUUZxTERhRU9iK3pFbEN2NXBBSFpMK2puVVRjZVZHSS9iMGZFOW50TlRsWTRETzV4bVQwdFBCaVhnWG4iLCJtYWMiOiJjZjRmMzhiYjNhNDZmNDA3ZmQ0ZTVjOWJhMDFkNWRjNTA5OTU2ZGZjYzRkMzFhNTk2NzQ4YjZhYmQxYmE3NmYzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 30 Jan 2025 02:56:03 GMT
content-type: font/woff2
content-length: 43596
content-disposition: inline; filename="GDSherpa-vf.woff2"
cache-control: max-age=14400
last-modified: Thu, 30 Jan 2025 02:51:22 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mifds7Fe8%2F3g8iAqbKAO9l0W%2B09hLC2WicERie6aaTTIn2a%2FOik%2BOygwhYhWXioQ%2BEZksJlCtnfQnAg%2F5hk2UwXoRulbMBBCGloKmtFPqti3qtt2vb7KcYddKVahyw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 281
accept-ranges: bytes
priority: u=3,i=?0
server: cloudflare
cf-ray: 909e2fc8185f56bb-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=4039&min_rtt=4009&rtt_var=1525&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2177&delivery_rate=710401&cwnd=251&unsent_bytes=0&cid=9810f2ab00875c4d&ts=258&x=0", cfL4;desc="?proto=QUIC&rtt=2167&min_rtt=675&rtt_var=2413&sent=142&recv=36&lost=0&retrans=0&sent_bytes=132925&recv_bytes=13522&delivery_rate=9762546&cwnd=48000&unsent_bytes=0&cid=d08ccac0f5af65d0&ts=12004&x=1", cfExtPri, cfHdrFlush;dur=2

flin.zelidarne.ru/GDSherpa-vf2.woff2

172.67.217.181

200 OK

93 kB

URL GET HTTP/3
flin.zelidarne.ru/GDSherpa-vf2.woff2
IP
172.67.217.181:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flin.zelidarne.ru/s3u3uho/#Mcpaldino@slurpmail.net
Certificate
IssuerGoogle Trust Services
Subjectzelidarne.ru
FingerprintC2:43:DC:39:F6:52:65:01:87:DF:52:F6:59:22:85:A1:F8:34:04:BE
ValiditySat, 18 Jan 2025 16:42:11 GMT - Fri, 18 Apr 2025 17:40:53 GMT

File type
Web Open Font Format (Version 2), TrueType, length 93276, version 1.0
Size
93 kB (93276 bytes)
Hash
bcd7983ea5aa57c55f6758b4977983cb
ef3a009e205229e07fb0ec8569e669b11c378ef1
6528a0bf9a836a53dfd8536e1786ba6831c9d1faa74967126fddf5b2081b858c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /GDSherpa-vf2.woff2 HTTP/1.1
Host: flin.zelidarne.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flin.zelidarne.ru/s3u3uho/
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImJHbldqdkVTMzFYRTlNNERMeDUwR1E9PSIsInZhbHVlIjoiZ09DUWdhZTh6R05kVjFXWEczVU4zQm1RcXNaazdJNU80UDJydjNMVk5WbHkyL2Y1R1NMKzNCZ2hqRDN1OTczcWNJOWp4SHhETjkyZVlMaFhycWRHL1VWTVRIUUNybVhFTjRhd1BmY1NRNW01a3lCMGVXSUNhbjR0aDRSTVVreGUiLCJtYWMiOiI1NzRlMWViOTRkM2VmMjMyOTk1MjFiNzIzOTE1NjAyODM1OTNkOTFkNmNhZDFjZjRjZjU3MzA3ZTg1Zjc0OTJjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlBLaVdwZ1dQUEdXbll6R1VDcU1hUFE9PSIsInZhbHVlIjoiVHZIK0RSUjNyYlNOWWx2MGo0VTVQYWt2a1dJR2Jmb3dZcEwxOEVMdWxySWc3cEwybEJVTnh2MUlwTjU5dHh6VExMQVpWUUZxTERhRU9iK3pFbEN2NXBBSFpMK2puVVRjZVZHSS9iMGZFOW50TlRsWTRETzV4bVQwdFBCaVhnWG4iLCJtYWMiOiJjZjRmMzhiYjNhNDZmNDA3ZmQ0ZTVjOWJhMDFkNWRjNTA5OTU2ZGZjYzRkMzFhNTk2NzQ4YjZhYmQxYmE3NmYzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 30 Jan 2025 02:56:03 GMT
content-type: font/woff2
content-length: 93276
content-disposition: inline; filename="GDSherpa-vf2.woff2"
cache-control: max-age=14400
last-modified: Thu, 30 Jan 2025 02:51:22 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vWtQoWKUoDF64HGvSzFv%2FNwBcalO8sXfB9VFORJ%2Fs6m32uNZVk3Cs7xvTNka3aJMg1s6byCBmS88CFIeqekfI4S664w6hWvouQ74L4gsIfc94UaF4E7VpScqakenFg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 281
accept-ranges: bytes
priority: u=3,i=?0
server: cloudflare
cf-ray: 909e2fc8286756bb-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=5000&min_rtt=4982&rtt_var=1435&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2178&delivery_rate=558540&cwnd=216&unsent_bytes=0&cid=cc8827e5ce6877c5&ts=263&x=0", cfL4;desc="?proto=QUIC&rtt=2206&min_rtt=675&rtt_var=1883&sent=259&recv=43&lost=0&retrans=0&sent_bytes=266554&recv_bytes=18167&delivery_rate=1814669&cwnd=192000&unsent_bytes=0&cid=d08ccac0f5af65d0&ts=12015&x=1", cfExtPri, cfHdrFlush;dur=0

ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7

143.204.55.81

200 OK

11 kB

URL
ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7
IP
143.204.55.81:0
ASN
#16509 AMAZON-02

File type
PNG image data, 420 x 94, 8-bit/color RGBA, non-interlaced
Size
11 kB (10796 bytes)
Hash
12bdacc832185d0367ecc23fd24c86ce
4422f316eb4d8c8d160312bb695fd1d944cbff12
877ae491d9aac5c6ef82a8430f9f652ace8a0dbc7294bd112aad49bd593769d0

HTTP Headers

GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flin.zelidarne.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/png
content-length: 10796
server: nginx
last-modified: Tue, 23 Feb 2021 04:20:08 GMT
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
accept-ranges: bytes
date: Wed, 29 Jan 2025 00:59:17 GMT
expires: Thu, 29 Jan 2026 00:59:17 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: "12bdacc832185d0367ecc23fd24c86ce"
x-cache: Hit from cloudfront
via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: UXg593XuzpmgmVJmZp3Xby1iAbu7--ujQPX11GPksOm_4hmdnf82Vw==
age: 93406
X-Firefox-Spdy: h2

flin.zelidarne.ru/oppUXC6FOxBBIXLSyWin5VSI0YMiCefpx07j8otXEhOsTscl645140

172.67.217.181

200 OK

892 B

URL
flin.zelidarne.ru/oppUXC6FOxBBIXLSyWin5VSI0YMiCefpx07j8otXEhOsTscl645140
IP
172.67.217.181:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image
Size
892 B (892 bytes)
Hash
41d62ca205d54a78e4298367482b4e2b
839aae21ed8ecfc238fdc68b93ccb27431cd5393
20a4a780db0bcc047015a0d8037eb4eb58b3e5cb338673799c030a3e1b626b40

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /oppUXC6FOxBBIXLSyWin5VSI0YMiCefpx07j8otXEhOsTscl645140 HTTP/1.1
Host: flin.zelidarne.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flin.zelidarne.ru/s3u3uho/
Cookie: XSRF-TOKEN=eyJpdiI6ImJHbldqdkVTMzFYRTlNNERMeDUwR1E9PSIsInZhbHVlIjoiZ09DUWdhZTh6R05kVjFXWEczVU4zQm1RcXNaazdJNU80UDJydjNMVk5WbHkyL2Y1R1NMKzNCZ2hqRDN1OTczcWNJOWp4SHhETjkyZVlMaFhycWRHL1VWTVRIUUNybVhFTjRhd1BmY1NRNW01a3lCMGVXSUNhbjR0aDRSTVVreGUiLCJtYWMiOiI1NzRlMWViOTRkM2VmMjMyOTk1MjFiNzIzOTE1NjAyODM1OTNkOTFkNmNhZDFjZjRjZjU3MzA3ZTg1Zjc0OTJjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlBLaVdwZ1dQUEdXbll6R1VDcU1hUFE9PSIsInZhbHVlIjoiVHZIK0RSUjNyYlNOWWx2MGo0VTVQYWt2a1dJR2Jmb3dZcEwxOEVMdWxySWc3cEwybEJVTnh2MUlwTjU5dHh6VExMQVpWUUZxTERhRU9iK3pFbEN2NXBBSFpMK2puVVRjZVZHSS9iMGZFOW50TlRsWTRETzV4bVQwdFBCaVhnWG4iLCJtYWMiOiJjZjRmMzhiYjNhNDZmNDA3ZmQ0ZTVjOWJhMDFkNWRjNTA5OTU2ZGZjYzRkMzFhNTk2NzQ4YjZhYmQxYmE3NmYzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 30 Jan 2025 02:56:04 GMT
content-type: image/webp
content-length: 892
content-disposition: inline; filename="oppUXC6FOxBBIXLSyWin5VSI0YMiCefpx07j8otXEhOsTscl645140"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZHptBL6p1lLFfSFL%2BMygxVmojAHy2efNSwfRxOt8FJyKDPOTuM%2BPX8syx1TmPY%2BPC%2Fsmc3oqCBTn%2BDSngSt2i%2BeHTIABiswnu1EbKzL5rIPSxksk%2FDPiHaac1VAwcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
priority: u=4,i=?0
server: cloudflare
cf-ray: 909e2fc8286956bb-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=4943&min_rtt=4916&rtt_var=1432&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2143&delivery_rate=561735&cwnd=251&unsent_bytes=0&cid=265f1000da5bd1e7&ts=98&x=0", cfL4;desc="?proto=QUIC&rtt=2659&min_rtt=675&rtt_var=2537&sent=355&recv=53&lost=0&retrans=1&sent_bytes=375012&recv_bytes=23850&delivery_rate=2817276&cwnd=192000&unsent_bytes=0&cid=d08ccac0f5af65d0&ts=12204&x=1", cfExtPri, cfHdrFlush;dur=0

flin.zelidarne.ru/uvkMOBYG9V4ttwsGFFoue7T4LNJPUiAAqrxQNttVICD6drRVf34125

172.67.217.181

200 OK

644 B

URL GET HTTP/3
flin.zelidarne.ru/uvkMOBYG9V4ttwsGFFoue7T4LNJPUiAAqrxQNttVICD6drRVf34125
IP
172.67.217.181:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flin.zelidarne.ru/s3u3uho/#Mcpaldino@slurpmail.net
Certificate
IssuerGoogle Trust Services
Subjectzelidarne.ru
FingerprintC2:43:DC:39:F6:52:65:01:87:DF:52:F6:59:22:85:A1:F8:34:04:BE
ValiditySat, 18 Jan 2025 16:42:11 GMT - Fri, 18 Apr 2025 17:40:53 GMT

File type
RIFF (little-endian) data, Web/P image
Size
644 B (644 bytes)
Hash
541b83c2195088043337e4353b6fd60d
f09630596b6713217984785a64f6ea83e91b49c5
2658b8874f0d2a12e8726df78ac8954324c3bbe4695e66bdef89195fde64322f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /uvkMOBYG9V4ttwsGFFoue7T4LNJPUiAAqrxQNttVICD6drRVf34125 HTTP/1.1
Host: flin.zelidarne.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flin.zelidarne.ru/s3u3uho/
Cookie: XSRF-TOKEN=eyJpdiI6ImJHbldqdkVTMzFYRTlNNERMeDUwR1E9PSIsInZhbHVlIjoiZ09DUWdhZTh6R05kVjFXWEczVU4zQm1RcXNaazdJNU80UDJydjNMVk5WbHkyL2Y1R1NMKzNCZ2hqRDN1OTczcWNJOWp4SHhETjkyZVlMaFhycWRHL1VWTVRIUUNybVhFTjRhd1BmY1NRNW01a3lCMGVXSUNhbjR0aDRSTVVreGUiLCJtYWMiOiI1NzRlMWViOTRkM2VmMjMyOTk1MjFiNzIzOTE1NjAyODM1OTNkOTFkNmNhZDFjZjRjZjU3MzA3ZTg1Zjc0OTJjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlBLaVdwZ1dQUEdXbll6R1VDcU1hUFE9PSIsInZhbHVlIjoiVHZIK0RSUjNyYlNOWWx2MGo0VTVQYWt2a1dJR2Jmb3dZcEwxOEVMdWxySWc3cEwybEJVTnh2MUlwTjU5dHh6VExMQVpWUUZxTERhRU9iK3pFbEN2NXBBSFpMK2puVVRjZVZHSS9iMGZFOW50TlRsWTRETzV4bVQwdFBCaVhnWG4iLCJtYWMiOiJjZjRmMzhiYjNhNDZmNDA3ZmQ0ZTVjOWJhMDFkNWRjNTA5OTU2ZGZjYzRkMzFhNTk2NzQ4YjZhYmQxYmE3NmYzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 30 Jan 2025 02:56:04 GMT
content-type: image/webp
content-length: 644
content-disposition: inline; filename="uvkMOBYG9V4ttwsGFFoue7T4LNJPUiAAqrxQNttVICD6drRVf34125"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WNKyobNX3hH3%2FkY%2F3cmaGyNCQCcLwksGeSUCWf10%2BEJ3rrvPe50ZJKnwBQTG47ogMShJTALMMLtZKoGwbFzsqipcwkgP%2F2%2FWK32uEwHnsEbazBgAIqXSCVrEUX9fRA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
priority: u=4,i=?0
server: cloudflare
cf-ray: 909e2fc8286856bb-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=5136&min_rtt=5080&rtt_var=1945&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2143&delivery_rate=560629&cwnd=195&unsent_bytes=0&cid=a0c69fe55b789aeb&ts=99&x=0", cfL4;desc="?proto=QUIC&rtt=2659&min_rtt=675&rtt_var=2537&sent=357&recv=53&lost=0&retrans=1&sent_bytes=376801&recv_bytes=23850&delivery_rate=2817276&cwnd=192000&unsent_bytes=0&cid=d08ccac0f5af65d0&ts=12206&x=1", cfExtPri, cfHdrFlush;dur=0

github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js

140.82.121.3

302 Found

0 B

URL
github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js
IP
140.82.121.3:0
ASN
#36459 GITHUB

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /fent/randexp.js/releases/download/v0.4.3/randexp.min.js HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flin.zelidarne.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: GitHub.com
date: Thu, 30 Jan 2025 02:54:15 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250130%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250130T025415Z&X-Amz-Expires=300&X-Amz-Signature=65271993f75645a7fa8a2a1a126237da5768a02264a345ca9feebc8d3ccfa556&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: E54C:24C2BF:1236FA5:12F9AD0:679AEA43
X-Firefox-Spdy: h2

flin.zelidarne.ru/uvq4wwVesouhXabpM1TfJFebJc5Vuad21RrDemn0oekGloaepwMkAMqxiJNnQzzpGK7Ui4aRgh260

172.67.217.181

200 OK

18 kB

URL GET HTTP/3
flin.zelidarne.ru/uvq4wwVesouhXabpM1TfJFebJc5Vuad21RrDemn0oekGloaepwMkAMqxiJNnQzzpGK7Ui4aRgh260
IP
172.67.217.181:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flin.zelidarne.ru/s3u3uho/#Mcpaldino@slurpmail.net
Certificate
IssuerGoogle Trust Services
Subjectzelidarne.ru
FingerprintC2:43:DC:39:F6:52:65:01:87:DF:52:F6:59:22:85:A1:F8:34:04:BE
ValiditySat, 18 Jan 2025 16:42:11 GMT - Fri, 18 Apr 2025 17:40:53 GMT

File type
RIFF (little-endian) data, Web/P image
Size
18 kB (17842 bytes)
Hash
4b52ecdc33382c9dca874f551990e704
8f3bf8e41cd4cdddb17836b261e73f827b84341b
cce050cc3b150c0b370751021bb15018ee2b64ac369e230fe3b571a9b00d4342

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /uvq4wwVesouhXabpM1TfJFebJc5Vuad21RrDemn0oekGloaepwMkAMqxiJNnQzzpGK7Ui4aRgh260 HTTP/1.1
Host: flin.zelidarne.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flin.zelidarne.ru/s3u3uho/
Cookie: XSRF-TOKEN=eyJpdiI6ImJHbldqdkVTMzFYRTlNNERMeDUwR1E9PSIsInZhbHVlIjoiZ09DUWdhZTh6R05kVjFXWEczVU4zQm1RcXNaazdJNU80UDJydjNMVk5WbHkyL2Y1R1NMKzNCZ2hqRDN1OTczcWNJOWp4SHhETjkyZVlMaFhycWRHL1VWTVRIUUNybVhFTjRhd1BmY1NRNW01a3lCMGVXSUNhbjR0aDRSTVVreGUiLCJtYWMiOiI1NzRlMWViOTRkM2VmMjMyOTk1MjFiNzIzOTE1NjAyODM1OTNkOTFkNmNhZDFjZjRjZjU3MzA3ZTg1Zjc0OTJjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlBLaVdwZ1dQUEdXbll6R1VDcU1hUFE9PSIsInZhbHVlIjoiVHZIK0RSUjNyYlNOWWx2MGo0VTVQYWt2a1dJR2Jmb3dZcEwxOEVMdWxySWc3cEwybEJVTnh2MUlwTjU5dHh6VExMQVpWUUZxTERhRU9iK3pFbEN2NXBBSFpMK2puVVRjZVZHSS9iMGZFOW50TlRsWTRETzV4bVQwdFBCaVhnWG4iLCJtYWMiOiJjZjRmMzhiYjNhNDZmNDA3ZmQ0ZTVjOWJhMDFkNWRjNTA5OTU2ZGZjYzRkMzFhNTk2NzQ4YjZhYmQxYmE3NmYzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 30 Jan 2025 02:56:04 GMT
content-type: image/webp
content-length: 17842
content-disposition: inline; filename="uvq4wwVesouhXabpM1TfJFebJc5Vuad21RrDemn0oekGloaepwMkAMqxiJNnQzzpGK7Ui4aRgh260"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3W0hG6inBrodz2ZDQOZZSdWoc1auQ1x5jAb16nGgr3JxgGXwNr7tSRS8462x9JpoMdyUVekKuehAQfANc1v2AttIHlzi8wNVMhd0TO2SeBZzCs1TYM%2BzUpnto18EnA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
priority: u=4,i=?0
server: cloudflare
cf-ray: 909e2fc888b356bb-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=5254&min_rtt=5099&rtt_var=1714&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2166&delivery_rate=482630&cwnd=246&unsent_bytes=0&cid=96cea6bbecb221bd&ts=93&x=0", cfL4;desc="?proto=QUIC&rtt=2082&min_rtt=675&rtt_var=1477&sent=369&recv=57&lost=0&retrans=1&sent_bytes=388793&recv_bytes=24034&delivery_rate=47219&cwnd=192000&unsent_bytes=0&cid=d08ccac0f5af65d0&ts=12255&x=1", cfExtPri, cfHdrFlush;dur=0

flin.zelidarne.ru/qrSAicSnBZlG15cfx7N8ZW4KekQCJwWn9nQi12O2kQ1lPfCmvdBI0Hhp3bCUEAef240

172.67.217.181

200 OK

9.6 kB

URL
flin.zelidarne.ru/qrSAicSnBZlG15cfx7N8ZW4KekQCJwWn9nQi12O2kQ1lPfCmvdBI0Hhp3bCUEAef240
IP
172.67.217.181:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image
Size
9.6 kB (9648 bytes)
Hash
4946eb373b18d178c93d473489673bb6
16477acb73b63ca251d37401249e7e4515febd24
666bc574c9f3fb28a8ac626fa8105c187c2a313736494a06bd5a937473673c92

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /qrSAicSnBZlG15cfx7N8ZW4KekQCJwWn9nQi12O2kQ1lPfCmvdBI0Hhp3bCUEAef240 HTTP/1.1
Host: flin.zelidarne.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flin.zelidarne.ru/s3u3uho/
Cookie: XSRF-TOKEN=eyJpdiI6ImJHbldqdkVTMzFYRTlNNERMeDUwR1E9PSIsInZhbHVlIjoiZ09DUWdhZTh6R05kVjFXWEczVU4zQm1RcXNaazdJNU80UDJydjNMVk5WbHkyL2Y1R1NMKzNCZ2hqRDN1OTczcWNJOWp4SHhETjkyZVlMaFhycWRHL1VWTVRIUUNybVhFTjRhd1BmY1NRNW01a3lCMGVXSUNhbjR0aDRSTVVreGUiLCJtYWMiOiI1NzRlMWViOTRkM2VmMjMyOTk1MjFiNzIzOTE1NjAyODM1OTNkOTFkNmNhZDFjZjRjZjU3MzA3ZTg1Zjc0OTJjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlBLaVdwZ1dQUEdXbll6R1VDcU1hUFE9PSIsInZhbHVlIjoiVHZIK0RSUjNyYlNOWWx2MGo0VTVQYWt2a1dJR2Jmb3dZcEwxOEVMdWxySWc3cEwybEJVTnh2MUlwTjU5dHh6VExMQVpWUUZxTERhRU9iK3pFbEN2NXBBSFpMK2puVVRjZVZHSS9iMGZFOW50TlRsWTRETzV4bVQwdFBCaVhnWG4iLCJtYWMiOiJjZjRmMzhiYjNhNDZmNDA3ZmQ0ZTVjOWJhMDFkNWRjNTA5OTU2ZGZjYzRkMzFhNTk2NzQ4YjZhYmQxYmE3NmYzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 30 Jan 2025 02:56:04 GMT
content-type: image/webp
content-length: 9648
content-disposition: inline; filename="qrSAicSnBZlG15cfx7N8ZW4KekQCJwWn9nQi12O2kQ1lPfCmvdBI0Hhp3bCUEAef240"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DXepM6xJPCAETNw0iYlQnwlu7Z2TsLKsq4MmDIrcE9pACVL%2FT%2BGMAavIkz7i2z1CTlh52qtOB4Wh31jM6Xz7swPxXCvTxjttUouoRTaNRl6GPo%2BNrxV2qjSfUpYvBA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
priority: u=4,i=?0
server: cloudflare
cf-ray: 909e2fc888b156bb-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=5175&min_rtt=5148&rtt_var=1499&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2156&delivery_rate=534534&cwnd=251&unsent_bytes=0&cid=bb2fa2ca6acdef32&ts=161&x=0", cfL4;desc="?proto=QUIC&rtt=1412&min_rtt=675&rtt_var=781&sent=396&recv=64&lost=0&retrans=1&sent_bytes=417228&recv_bytes=24351&delivery_rate=4756309&cwnd=192000&unsent_bytes=0&cid=d08ccac0f5af65d0&ts=12315&x=1", cfExtPri, cfHdrFlush;dur=0

flin.zelidarne.ru/ghwmrbp4rmS6fumZoF1gn90kl9zlyWsybtYSaCecLeMrf12210

172.67.217.181

200 OK

25 kB

URL
flin.zelidarne.ru/ghwmrbp4rmS6fumZoF1gn90kl9zlyWsybtYSaCecLeMrf12210
IP
172.67.217.181:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image
Size
25 kB (25216 bytes)
Hash
f9a795e2270664a7a169c73b6d84a575
0fbb60ab27ab88c064eb347d0722c8ed4cf5e8b8
d00203b2eea6e418c31baafa949ada5349a9f9b7e99fa003aec7406822693740

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /ghwmrbp4rmS6fumZoF1gn90kl9zlyWsybtYSaCecLeMrf12210 HTTP/1.1
Host: flin.zelidarne.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flin.zelidarne.ru/s3u3uho/
Cookie: XSRF-TOKEN=eyJpdiI6ImJHbldqdkVTMzFYRTlNNERMeDUwR1E9PSIsInZhbHVlIjoiZ09DUWdhZTh6R05kVjFXWEczVU4zQm1RcXNaazdJNU80UDJydjNMVk5WbHkyL2Y1R1NMKzNCZ2hqRDN1OTczcWNJOWp4SHhETjkyZVlMaFhycWRHL1VWTVRIUUNybVhFTjRhd1BmY1NRNW01a3lCMGVXSUNhbjR0aDRSTVVreGUiLCJtYWMiOiI1NzRlMWViOTRkM2VmMjMyOTk1MjFiNzIzOTE1NjAyODM1OTNkOTFkNmNhZDFjZjRjZjU3MzA3ZTg1Zjc0OTJjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlBLaVdwZ1dQUEdXbll6R1VDcU1hUFE9PSIsInZhbHVlIjoiVHZIK0RSUjNyYlNOWWx2MGo0VTVQYWt2a1dJR2Jmb3dZcEwxOEVMdWxySWc3cEwybEJVTnh2MUlwTjU5dHh6VExMQVpWUUZxTERhRU9iK3pFbEN2NXBBSFpMK2puVVRjZVZHSS9iMGZFOW50TlRsWTRETzV4bVQwdFBCaVhnWG4iLCJtYWMiOiJjZjRmMzhiYjNhNDZmNDA3ZmQ0ZTVjOWJhMDFkNWRjNTA5OTU2ZGZjYzRkMzFhNTk2NzQ4YjZhYmQxYmE3NmYzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 30 Jan 2025 02:56:04 GMT
content-type: image/webp
content-length: 25216
content-disposition: inline; filename="ghwmrbp4rmS6fumZoF1gn90kl9zlyWsybtYSaCecLeMrf12210"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=or6ZgnTNExfhNbldjdZFXnLs4u0ue6Azl57b2x6QJLKmeO69FZSwmm3g2Hke5nNwUKlIyjqhWW6kTklziEKHmwKXt%2F%2FaMoNBOB5ztcHHW40Q7CVqf%2FoEtj17c6wd4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
priority: u=4,i=?0
server: cloudflare
cf-ray: 909e2fc888b056bb-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=5571&min_rtt=5557&rtt_var=1591&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2139&delivery_rate=502647&cwnd=232&unsent_bytes=0&cid=208e5294c8f106be&ts=156&x=0", cfL4;desc="?proto=QUIC&rtt=1383&min_rtt=675&rtt_var=644&sent=405&recv=65&lost=0&retrans=1&sent_bytes=427976&recv_bytes=24397&delivery_rate=5983686&cwnd=192000&unsent_bytes=0&cid=d08ccac0f5af65d0&ts=12331&x=1", cfExtPri, cfHdrFlush;dur=0

objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250130%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250130T025415Z&X-Amz-Expires=300&X-Amz-Signature=65271993f75645a7fa8a2a1a126237da5768a02264a345ca9feebc8d3ccfa556&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream

185.199.109.133

200 OK

10 kB

URL
objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250130%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250130T025415Z&X-Amz-Expires=300&X-Amz-Signature=65271993f75645a7fa8a2a1a126237da5768a02264a345ca9feebc8d3ccfa556&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
IP
185.199.109.133:0
ASN
#54113 FASTLY

File type
JavaScript source, ASCII text, with very long lines (10017)
Size
10 kB (10245 bytes)
Hash
6c20a2be8ba900bc0a7118893a2b1072
ff7766fde1f33882c6e1c481ceed6f6588ea764c
b1c42acd0288c435e95e00332476781532ed002cac6f3dcee9110ced30b31500

HTTP Headers

GET /github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250130%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250130T025415Z&X-Amz-Expires=300&X-Amz-Signature=65271993f75645a7fa8a2a1a126237da5768a02264a345ca9feebc8d3ccfa556&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream HTTP/1.1
Host: objects.githubusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flin.zelidarne.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/octet-stream
last-modified: Tue, 07 Dec 2021 16:38:45 GMT
etag: "0x8D9B9A009499A1E"
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d91f6eaf-e01e-0032-2f18-13e122000000
x-ms-version: 2023-11-03
x-ms-creation-time: Tue, 17 Aug 2021 14:57:31 GMT
x-ms-blob-content-md5: bCCivoupALwKcRiJOisQcg==
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
content-disposition: attachment; filename=randexp.min.js
x-ms-server-encrypted: true
via: 1.1 varnish, 1.1 varnish
fastly-restarts: 1
accept-ranges: bytes
date: Thu, 30 Jan 2025 02:56:04 GMT
age: 5863
x-served-by: cache-iad-kiad7000045-IAD, cache-hel1410034-HEL
x-cache: HIT, HIT
x-cache-hits: 11369, 2
x-timer: S1738205764.147654,VS0,VE0
content-length: 10245
X-Firefox-Spdy: h2

ok4static.oktacdn.com/assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2

143.204.55.81

200 OK

20 kB

URL
ok4static.oktacdn.com/assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2
IP
143.204.55.81:0
ASN
#16509 AMAZON-02

File type
Web Open Font Format (Version 2), TrueType, length 20416, version 2.197
Size
20 kB (20416 bytes)
Hash
d99a7377dabb55772ca9f986b0a04b57
2b5fcd8431953c44e410d0489899e74f6d2cfecc
affdba1620552b12a1a8a04467136aeb408c03fa337d20e9c38374d682d4d149

HTTP Headers

GET /assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2 HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://flin.zelidarne.ru
DNT: 1
Connection: keep-alive
Referer: https://ok4static.oktacdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/font-woff2
content-length: 20416
date: Mon, 27 Jan 2025 07:42:18 GMT
server: nginx
last-modified: Tue, 07 Nov 2023 18:56:28 GMT
etag: "d99a7377dabb55772ca9f986b0a04b57"
x-amz-meta-sha1sum: 2b5fcd8431953c44e410d0489899e74f6d2cfecc
expires: Tue, 27 Jan 2026 07:42:18 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: awecwUVpbJicW-PXwqtvVQrMImhlpfkQESNerdZEAAA1N04cEqtm2g==
age: 242026
X-Firefox-Spdy: h2

flin.zelidarne.ru/klWwX5WCb5oEtx5Yl714ErEeMWxFPv5895v84H3I2BBGaRUPHFNgZgEABLCwDpdIw4ab230

172.67.217.181

200 OK

1.3 kB

URL GET HTTP/3
flin.zelidarne.ru/klWwX5WCb5oEtx5Yl714ErEeMWxFPv5895v84H3I2BBGaRUPHFNgZgEABLCwDpdIw4ab230
IP
172.67.217.181:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flin.zelidarne.ru/s3u3uho/#Mcpaldino@slurpmail.net
Certificate
IssuerGoogle Trust Services
Subjectzelidarne.ru
FingerprintC2:43:DC:39:F6:52:65:01:87:DF:52:F6:59:22:85:A1:F8:34:04:BE
ValiditySat, 18 Jan 2025 16:42:11 GMT - Fri, 18 Apr 2025 17:40:53 GMT

File type
RIFF (little-endian) data, Web/P image
Size
1.3 kB (1298 bytes)
Hash
32ca2081553e969f9fdd4374134521ad
7b09924c4c3d8b6e41fe38363e342da098be4173
216fc342a469aa6a005b2eacc24622095e5282d3e9f1ae99ce54c27b92ec3587

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /klWwX5WCb5oEtx5Yl714ErEeMWxFPv5895v84H3I2BBGaRUPHFNgZgEABLCwDpdIw4ab230 HTTP/1.1
Host: flin.zelidarne.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flin.zelidarne.ru/s3u3uho/
Cookie: XSRF-TOKEN=eyJpdiI6ImJHbldqdkVTMzFYRTlNNERMeDUwR1E9PSIsInZhbHVlIjoiZ09DUWdhZTh6R05kVjFXWEczVU4zQm1RcXNaazdJNU80UDJydjNMVk5WbHkyL2Y1R1NMKzNCZ2hqRDN1OTczcWNJOWp4SHhETjkyZVlMaFhycWRHL1VWTVRIUUNybVhFTjRhd1BmY1NRNW01a3lCMGVXSUNhbjR0aDRSTVVreGUiLCJtYWMiOiI1NzRlMWViOTRkM2VmMjMyOTk1MjFiNzIzOTE1NjAyODM1OTNkOTFkNmNhZDFjZjRjZjU3MzA3ZTg1Zjc0OTJjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlBLaVdwZ1dQUEdXbll6R1VDcU1hUFE9PSIsInZhbHVlIjoiVHZIK0RSUjNyYlNOWWx2MGo0VTVQYWt2a1dJR2Jmb3dZcEwxOEVMdWxySWc3cEwybEJVTnh2MUlwTjU5dHh6VExMQVpWUUZxTERhRU9iK3pFbEN2NXBBSFpMK2puVVRjZVZHSS9iMGZFOW50TlRsWTRETzV4bVQwdFBCaVhnWG4iLCJtYWMiOiJjZjRmMzhiYjNhNDZmNDA3ZmQ0ZTVjOWJhMDFkNWRjNTA5OTU2ZGZjYzRkMzFhNTk2NzQ4YjZhYmQxYmE3NmYzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 30 Jan 2025 02:56:05 GMT
content-type: image/webp
content-length: 1298
content-disposition: inline; filename="klWwX5WCb5oEtx5Yl714ErEeMWxFPv5895v84H3I2BBGaRUPHFNgZgEABLCwDpdIw4ab230"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t7L%2Bg8O73iN6rfxaJrvcbxk2oAB%2FxHLBuizthifsmaPP3ULkBK8efA3v%2BM2P9%2FzklYkJIG%2BURGc1WCB1hz5c4c2dlEA3I0Nads74iG41gDfYeWffvhw8Kra57CCTgA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
priority: u=4,i=?0
server: cloudflare
cf-ray: 909e2fcebd4e56bb-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=4633&min_rtt=4633&rtt_var=1738&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2824&recv_bytes=2160&delivery_rate=614057&cwnd=251&unsent_bytes=0&cid=9e2a3f3254f5a574&ts=95&x=0", cfL4;desc="?proto=QUIC&rtt=1142&min_rtt=675&rtt_var=259&sent=455&recv=76&lost=0&retrans=1&sent_bytes=478130&recv_bytes=27643&delivery_rate=976374&cwnd=192000&unsent_bytes=0&cid=d08ccac0f5af65d0&ts=13213&x=1", cfExtPri, cfHdrFlush;dur=0

flin.zelidarne.ru/tfZQGPUYcr37Ri4S7OJVYGUtX0fTqgFqDwwnQqx1pnodk9QdFrRMaBz8WbeRqp2Lgz

172.67.217.181

200 OK

4.5 kB

URL POST HTTP/3
flin.zelidarne.ru/tfZQGPUYcr37Ri4S7OJVYGUtX0fTqgFqDwwnQqx1pnodk9QdFrRMaBz8WbeRqp2Lgz
IP
172.67.217.181:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flin.zelidarne.ru/s3u3uho/#Mcpaldino@slurpmail.net
Certificate
IssuerGoogle Trust Services
Subjectzelidarne.ru
FingerprintC2:43:DC:39:F6:52:65:01:87:DF:52:F6:59:22:85:A1:F8:34:04:BE
ValiditySat, 18 Jan 2025 16:42:11 GMT - Fri, 18 Apr 2025 17:40:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (4535), with no line terminators
Size
4.5 kB (4520 bytes)
Hash
283f1ad1463f43ca7f5e59720a33a17f
055e75c1d9ba219e51c0fb69b804701d884b3df0
8bbcade546b04172244451bca209bbeea1f189626798bfe9014deaed755b64b7

HTTP Headers

POST /tfZQGPUYcr37Ri4S7OJVYGUtX0fTqgFqDwwnQqx1pnodk9QdFrRMaBz8WbeRqp2Lgz HTTP/1.1
Host: flin.zelidarne.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 53
Origin: https://flin.zelidarne.ru
DNT: 1
Connection: keep-alive
Referer: https://flin.zelidarne.ru/s3u3uho/
Cookie: XSRF-TOKEN=eyJpdiI6ImJHbldqdkVTMzFYRTlNNERMeDUwR1E9PSIsInZhbHVlIjoiZ09DUWdhZTh6R05kVjFXWEczVU4zQm1RcXNaazdJNU80UDJydjNMVk5WbHkyL2Y1R1NMKzNCZ2hqRDN1OTczcWNJOWp4SHhETjkyZVlMaFhycWRHL1VWTVRIUUNybVhFTjRhd1BmY1NRNW01a3lCMGVXSUNhbjR0aDRSTVVreGUiLCJtYWMiOiI1NzRlMWViOTRkM2VmMjMyOTk1MjFiNzIzOTE1NjAyODM1OTNkOTFkNmNhZDFjZjRjZjU3MzA3ZTg1Zjc0OTJjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlBLaVdwZ1dQUEdXbll6R1VDcU1hUFE9PSIsInZhbHVlIjoiVHZIK0RSUjNyYlNOWWx2MGo0VTVQYWt2a1dJR2Jmb3dZcEwxOEVMdWxySWc3cEwybEJVTnh2MUlwTjU5dHh6VExMQVpWUUZxTERhRU9iK3pFbEN2NXBBSFpMK2puVVRjZVZHSS9iMGZFOW50TlRsWTRETzV4bVQwdFBCaVhnWG4iLCJtYWMiOiJjZjRmMzhiYjNhNDZmNDA3ZmQ0ZTVjOWJhMDFkNWRjNTA5OTU2ZGZjYzRkMzFhNTk2NzQ4YjZhYmQxYmE3NmYzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 30 Jan 2025 02:56:05 GMT
content-type: application/json
cache-control: no-cache, private
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ltrrXJCgQm1ioYZQCh5Pr0rab3HWBbpeoZrLA0YAitdBV2XtmJ2qEuPx6aTJXbFMytRAaSlSWVMj73zX0tq62AvqctI38YyHViWNUSz%2FZmiTquNtgo9eYNnpMSCAsg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6Imo5R0xtbDB3b3kyS2dBek1Wb1dDY1E9PSIsInZhbHVlIjoicVNnemtyM0xRaGRwK2FyUU5lRi9DdFE4ektqOVdkQTl3OTBHa0ZYNTV0TnAyWmFxYWpmdjR1NmV0a0xWUzd2bjVmTEFSSUhDUzdSVFlhQVVpb0s4WXRmWDNob2NzeVZIU24zTTMycDgvSW9OZVJEaGpuZDduVnllODFJZjdBVlIiLCJtYWMiOiI0OGVhNmYxNTdlZDZkOWIyMjllNDMxZGRhYTAwYTNlNTFiM2YwZjA3ZmZkMTUwYzM1OTUxMjRlMWJjNGJjYjlkIiwidGFnIjoiIn0%3D; expires=Thu, 30-Jan-2025 04:56:05 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6InBWcnFCMTJoTTJFS3FsejdpK2Z1T0E9PSIsInZhbHVlIjoiQmdYWWdhMlVreVNQcERzSHU4REM0WUJTU3pYZmtWd2VNbkpVRmZIOXNWTFllZFBIejB0T3hreEs3WklvL3A0OVJJN3dIcEYyOTM0N2V0NGYycnVKanl5UFpYbFhONnhhOWxoaVQ1TDJzcFQxWFNiNzkzNkhHcWEvRm9JYVFtbzgiLCJtYWMiOiI2OTA2YmNlMDliMzVlMmU3NDE0MDYxZWI1YzExZGYwY2ZkNjI1NjhmODZkMGJiN2Q4ZGM5ODRkMzUzMGNlZWM2IiwidGFnIjoiIn0%3D; expires=Thu, 30-Jan-2025 04:56:05 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
vary: accept-encoding
priority: u=3,i=?0
server: cloudflare
cf-ray: 909e2fce9d4256bb-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=5556&min_rtt=5546&rtt_var=2087&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2322&delivery_rate=513523&cwnd=234&unsent_bytes=0&cid=e3cf4c5ceb9a0c47&ts=107&x=0", cfL4;desc="?proto=QUIC&rtt=1171&min_rtt=675&rtt_var=359&sent=449&recv=74&lost=0&retrans=1&sent_bytes=472873&recv_bytes=27552&delivery_rate=5903273&cwnd=192000&unsent_bytes=0&cid=d08ccac0f5af65d0&ts=13200&x=1", cfExtPri, cfHdrFlush;dur=0

flin.zelidarne.ru/rsaNaBkhbtQKolWIvSKdkeYPNEMGtzijfTIiuqoseBl2Dj82txcd200

172.67.217.181

200 OK

268 B

URL GET HTTP/3
flin.zelidarne.ru/rsaNaBkhbtQKolWIvSKdkeYPNEMGtzijfTIiuqoseBl2Dj82txcd200
IP
172.67.217.181:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flin.zelidarne.ru/s3u3uho/#Mcpaldino@slurpmail.net
Certificate
IssuerGoogle Trust Services
Subjectzelidarne.ru
FingerprintC2:43:DC:39:F6:52:65:01:87:DF:52:F6:59:22:85:A1:F8:34:04:BE
ValiditySat, 18 Jan 2025 16:42:11 GMT - Fri, 18 Apr 2025 17:40:53 GMT

File type
SVG Scalable Vector Graphics image
Size
268 B (268 bytes)
Hash
1318aafc1fb9ded0c623e5b9a557e6df
0917cdd7633cd1642b02b2b785416ec7e5106dcc
d86660a84daa211b121ec9fe0df83d6b945f61b888384391eabc7d6b4e941dc4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /rsaNaBkhbtQKolWIvSKdkeYPNEMGtzijfTIiuqoseBl2Dj82txcd200 HTTP/1.1
Host: flin.zelidarne.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flin.zelidarne.ru/s3u3uho/
Cookie: XSRF-TOKEN=eyJpdiI6ImJHbldqdkVTMzFYRTlNNERMeDUwR1E9PSIsInZhbHVlIjoiZ09DUWdhZTh6R05kVjFXWEczVU4zQm1RcXNaazdJNU80UDJydjNMVk5WbHkyL2Y1R1NMKzNCZ2hqRDN1OTczcWNJOWp4SHhETjkyZVlMaFhycWRHL1VWTVRIUUNybVhFTjRhd1BmY1NRNW01a3lCMGVXSUNhbjR0aDRSTVVreGUiLCJtYWMiOiI1NzRlMWViOTRkM2VmMjMyOTk1MjFiNzIzOTE1NjAyODM1OTNkOTFkNmNhZDFjZjRjZjU3MzA3ZTg1Zjc0OTJjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlBLaVdwZ1dQUEdXbll6R1VDcU1hUFE9PSIsInZhbHVlIjoiVHZIK0RSUjNyYlNOWWx2MGo0VTVQYWt2a1dJR2Jmb3dZcEwxOEVMdWxySWc3cEwybEJVTnh2MUlwTjU5dHh6VExMQVpWUUZxTERhRU9iK3pFbEN2NXBBSFpMK2puVVRjZVZHSS9iMGZFOW50TlRsWTRETzV4bVQwdFBCaVhnWG4iLCJtYWMiOiJjZjRmMzhiYjNhNDZmNDA3ZmQ0ZTVjOWJhMDFkNWRjNTA5OTU2ZGZjYzRkMzFhNTk2NzQ4YjZhYmQxYmE3NmYzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 30 Jan 2025 02:56:04 GMT
content-type: image/svg+xml
content-disposition: inline; filename="rsaNaBkhbtQKolWIvSKdkeYPNEMGtzijfTIiuqoseBl2Dj82txcd200"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0PK1ZbH4crzj8FVl%2F3R0BJCZNChXNp8787yq8YfDqllZQH2Lfx8ymjdpEp1TS6GK4kOOp4XytIAv772lok0xx%2Fc0u7PqeIOIVsb%2Bh%2BeeXrNBaoPqZ2P2wYgKwgjYQA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
vary: accept-encoding
priority: u=4,i=?0
server: cloudflare
cf-ray: 909e2fc888af56bb-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=4879&min_rtt=4858&rtt_var=1406&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2824&recv_bytes=2144&delivery_rate=570170&cwnd=248&unsent_bytes=0&cid=6c35a6f9e7e060b4&ts=99&x=0", cfL4;desc="?proto=QUIC&rtt=2082&min_rtt=675&rtt_var=1477&sent=368&recv=57&lost=0&retrans=1&sent_bytes=387735&recv_bytes=24034&delivery_rate=47219&cwnd=192000&unsent_bytes=0&cid=d08ccac0f5af65d0&ts=12255&x=1", cfExtPri, cfHdrFlush;dur=0

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (17)

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations