Report - sites.ziftsolutions.com/siemens.ziftsolutions.com/ff8081815ca9992a015cc0e672466cab?cid=8a9982a96d2b95e1016d3b241df85937&url=https://authswedloginpilot.s3.eu-north-1.amazonaws.com/M365auth.html

Report Overview

Visited public
2025-03-27 02:21:28
Tags
phishing suspicious tycoon
Submit Tags
URL
sites.ziftsolutions.com/siemens.ziftsolutions.com/ff8081815ca9992a015cc0e672466cab?cid=8a9982a96d2b95e1016d3b241df85937&url=https://authswedloginpilot.s3.eu-north-1.amazonaws.com/M365auth.html
Finishing URL
4dey.aleonanob.ru/vqnkkbvlxcdqixxsjfwcvgK35LYSJQ4CGGHF6N6VZRUZB9S4QSD?MVXGIAVGCVXYGOOCWVOVGCUXBOWNSX
IP / ASN
108.157.229.9
#16509 AMAZON-02
Title
Phishing - Generic phishing
Suspicious - Anti-debugging code
Phishing - Tycoon Phishing Kit

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
dynamic.ziftsolutions.com	621599	2007-11-20	2016-07-02	2025-03-20	496 B	895 B	54.240.174.8
authswedloginpilot.s3.eu-north-1.amazonaws.com	unknown	2005-08-18	2025-03-27	2025-03-27	1.1 kB	372 kB	16.12.9.46
widgets.ziftsolutions.com	585084	2007-11-20	2016-07-02	2025-03-20	482 B	11 kB	143.204.55.72
analytics.ziftsolutions.com	31687	2007-11-20	2012-08-21	2025-03-26	1.3 kB	0 B	0.0.0.0
www.gstatic.com	unknown	2008-02-11	2012-05-29	2025-03-26	453 B	3.0 kB	142.250.74.99
static.ziftsolutions.com	60211	2007-11-20	2016-08-25	2025-03-20	1.3 kB	55 kB	54.240.174.95
4dey.aleonanob.ru	unknown	2024-12-12	2025-02-18	2025-03-27	8.2 kB	1.3 MB	188.114.97.1
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-03-26	531 B	16 kB	142.250.74.35
sites.ziftsolutions.com	unknown	2007-11-20	2012-12-14	2025-03-14	1.3 kB	1.2 kB	54.240.174.8
siemens.ziftsolutions.com	unknown	2007-11-20	2025-02-07	2025-03-27	535 B	4.9 kB	54.240.174.103
cdnjs.cloudflare.com	235	2009-02-17	2012-05-23	2025-03-26	453 B	49 kB	104.17.24.14
6sul.nmpjkg.ru	unknown	2025-02-26	2025-03-27	2025-03-27	448 B	275 B	104.21.32.1
code.jquery.com	634	2005-12-10	2012-05-21	2025-03-26	1.3 kB	270 kB	151.101.130.137

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-03-27 02:21:05	medium	Client IP	192.169.69.26	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-03-27	medium	aleonanob.ru	Sinkholed
2025-03-27	medium	aleonanob.ru	Sinkholed
2025-03-27	medium	aleonanob.ru	Sinkholed
2025-03-27	medium	aleonanob.ru	Sinkholed
2025-03-27	medium	aleonanob.ru	Sinkholed
2025-03-27	medium	aleonanob.ru	Sinkholed
2025-03-27	medium	aleonanob.ru	Sinkholed

ThreatFox

No alerts detected

JavaScript (25)

	URL	From	Size	First Seen	Last Seen
	4dey.aleonanob.ru/vqnkkbvlxcdqixxsjfwcvgK35LYSJQ4CGGHF6N6VZRUZB9S4QSD?MVXGIAVGCVXYGOOCWVOVGCUXBOWNSX	ScriptElement	2.1 kB	2025-03-27	2025-03-27
Pretty URL 4dey.aleonanob.ru/vqnkkbvlxcdqixxsjfwcvgK35LYSJQ4CGGHF6N6VZRUZB9S4QSD?MVXGIAVGCVXYGOOCWVOVGCUXBOWNSX IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-27 02:21 Last Seen2025-03-27 02:21 Times Seen1 Hash 053bd1c62525f98ed7fe3870e8ee2b28 a825b3e37eab54ff9feca3e4eb38c89083f24ba9 9a110862387998fbeb1e9b09b49a917f7aa8ac6cc2992619b48eb5aeceb99f95 Loading...

	dynamic.ziftsolutions.com/8a104ee650d22d330150d92ab13f7147/Default/ff8081815ca9992a015cc0e672466cab/0	ScriptElement	317 B	2025-02-07	2025-05-21
Pretty URL dynamic.ziftsolutions.com/8a104ee650d22d330150d92ab13f7147/Default/ff8081815ca9992a015cc0e672466cab/0 IP 54.240.174.8 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-07 21:33 Last Seen2025-05-21 16:08 Times Seen6 Hash 15d3382cd65f8af58d719110a0498af9 f465066f2ec3efd5e55f881a77a504394e209a5d 3cbd5370891d1409f965b8b74cea453070b43f8c37170053862b0a7fb59c2502 Loading...

	4dey.aleonanob.ru/CqUns/#Dtest123@gmail.com	ScriptElement	1.1 MB	2025-03-27	2025-03-27
Pretty URL 4dey.aleonanob.ru/CqUns/#Dtest123@gmail.com IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-27 02:21 Last Seen2025-03-27 02:21 Times Seen1 Hash 97c78df189b0678f700954d57b070431 b26839ccafac07c458120c0c07126a21fa4646a2 ddbb44bac3e644ac6afea914c04951e5da98d2f20d83d1925d6e645b7afd00bc Loading...

	4dey.aleonanob.ru/CqUns/#Dtest123@gmail.com	Eval	13 kB	2025-03-27	2025-03-27
Pretty URL 4dey.aleonanob.ru/CqUns/#Dtest123@gmail.com IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-03-27 02:21 Last Seen2025-03-27 02:21 Times Seen1 Hash 4ba53a06cbc7e3bba4b20e5ceaa2cd11 e802bd2e6ee3e5ff70b43eb155c5c5e809bb5ec1 a8e25863271bc95a6e8256d95da7d006c30002434f7f5bf226fc7b035c28236a Loading...

	4dey.aleonanob.ru/CqUns/#Dtest123@gmail.com	ScriptElement	2.5 kB	2025-03-27	2025-03-27
Pretty URL 4dey.aleonanob.ru/CqUns/#Dtest123@gmail.com IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-27 02:21 Last Seen2025-03-27 02:21 Times Seen1 Hash d31f2387232ffd2db8e5e3da33d307c4 df75d651e822bd7680a983941fd9dbf803d1a0f9 c45fd3da8a6e462f418c54d4d629d30610354075bef3e8fb3eed214b921a6d13 Loading...

	sites.ziftsolutions.com/siemens.ziftsolutions.com/ff8081815ca9992a015cc0e672466cab?cid=8a9982a96d2b95e1016d3b241df85937&url=https://authswedloginpilot.s3.eu-north-1.amazonaws.com/M365auth.html	ScriptElement	185 B	2025-03-10	2025-05-21
Pretty URL sites.ziftsolutions.com/siemens.ziftsolutions.com/ff8081815ca9992a015cc0e672466cab?cid=8a9982a96d2b95e1016d3b241df85937&url=https://authswedloginpilot.s3.eu-north-1.amazonaws.com/M365auth.html IP 54.240.174.8 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-10 21:58 Last Seen2025-05-21 16:08 Times Seen4 Hash c861aba1f3853bd4244f5169c89bd03e 694e2d89fa7eeac20b7411223ad5d9a9dbc39ddd 8051d9f43275a1fdc421daff0eb2dabe6d645d96197f91798e529434de171980 Loading...

	static.ziftsolutions.com/widgets/js/ztrack.20170214.js	ScriptElement	9.2 kB	2023-07-20	2025-07-06
Pretty URL static.ziftsolutions.com/widgets/js/ztrack.20170214.js IP 54.240.174.95 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-20 17:21 Last Seen2025-07-06 03:11 Times Seen14 Hash b31a05b47a3838d46f0b68604e10e281 132d4175203108e51b5bc48b10b4092b14befae6 701e16f9669e6ed4c0d367125e69fd7fe69d5ef04711d6d2cac9a29813f5858d Loading...

	authswedloginpilot.s3.eu-north-1.amazonaws.com/M365auth.html	ScriptElement	2.3 kB	2025-03-27	2025-03-27
Pretty URL authswedloginpilot.s3.eu-north-1.amazonaws.com/M365auth.html IP 16.12.9.46 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-27 02:18 Last Seen2025-03-27 02:21 Times Seen2 Hash ff25c771e7c3e49c74209f099953948b 04be6301634f3721e7ba78181bf92005038fc815 20e862c0d6b601d67f0af3cd22ba04ed10fe151f7c42d07f948302d2b4dfe797 Loading...

	sites.ziftsolutions.com/siemens.ziftsolutions.com/ff8081815ca9992a015cc0e672466cab?cid=8a9982a96d2b95e1016d3b241df85937&url=https://authswedloginpilot.s3.eu-north-1.amazonaws.com/M365auth.html	DomTimer	49 B	2025-03-10	2025-05-21
Pretty URL sites.ziftsolutions.com/siemens.ziftsolutions.com/ff8081815ca9992a015cc0e672466cab?cid=8a9982a96d2b95e1016d3b241df85937&url=https://authswedloginpilot.s3.eu-north-1.amazonaws.com/M365auth.html IP 54.240.174.8 ASN #16509 AMAZON-02 Introduced by domTimer Embedded in HTML false Observations First Seen2025-03-10 21:58 Last Seen2025-05-21 16:08 Times Seen4 Hash 0072efaba227361ba9d21e08dc901a2c dc7a55078d3f353f799bce6453570a4baad120ad 078234a1fec6ce08d68474ca3ca01a5dfdb4a9e5dc0282a4961d0e0d7644fc02 Loading...

	code.jquery.com/jquery-3.6.0.min.js	ScriptElement	90 kB	2023-03-07	2025-07-19
Pretty URL code.jquery.com/jquery-3.6.0.min.js IP 151.101.130.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-19 05:57 Times Seen247774 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	4dey.aleonanob.ru/CqUns/#Dtest123@gmail.com	ScriptElement	12 kB	2025-03-27	2025-03-27
Pretty URL 4dey.aleonanob.ru/CqUns/#Dtest123@gmail.com IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-27 02:21 Last Seen2025-03-27 02:21 Times Seen1 Hash ec867bdde33321f7a2cc726420963dd5 cb607cd8c1a44f2ee62b63eaaef1e1ad7105cd73 ff8fccb19bb6c672e5abdb9ab30116911481cfe7e9bfa1cac4051d2cae025d30 Loading...

	4dey.aleonanob.ru/vqnkkbvlxcdqixxsjfwcvgK35LYSJQ4CGGHF6N6VZRUZB9S4QSD?MVXGIAVGCVXYGOOCWVOVGCUXBOWNSX	ScriptElement	140 kB	2025-03-27	2025-03-27
Pretty URL 4dey.aleonanob.ru/vqnkkbvlxcdqixxsjfwcvgK35LYSJQ4CGGHF6N6VZRUZB9S4QSD?MVXGIAVGCVXYGOOCWVOVGCUXBOWNSX IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-27 02:21 Last Seen2025-03-27 02:21 Times Seen1 Hash 2978999aaf33b88512565c3f61316611 679a08f7f6fa7ec93dfa89924dfd71a954e32d14 2b543c9ed4700130b0cbf75acf5d81dedc6ddc06691f051aa7c85064e727da46 Loading...

	static.ziftsolutions.com/widgets/js/zpanel_20170605.js	ScriptElement	18 kB	2023-07-20	2025-07-11
Pretty URL static.ziftsolutions.com/widgets/js/zpanel_20170605.js IP 54.240.174.95 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-20 17:21 Last Seen2025-07-11 22:26 Times Seen25 Hash cf54b477639c4d791e7730ffd744b657 23c11e94407decbe816dac9ac012676a0758c378 9538ba970508dd8684480f4aba6ae1bd64a81fe07a37e69d6bc730d10f820f90 Loading...

	static.ziftsolutions.com/widgets/js/zsizzle.20110528.js	ScriptElement	21 kB	2023-07-20	2025-07-06
Pretty URL static.ziftsolutions.com/widgets/js/zsizzle.20110528.js IP 54.240.174.95 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-20 17:21 Last Seen2025-07-06 03:11 Times Seen13 Hash 467c29db2b0d4c4aeceda23afdbb7c93 c204fe03b3d9f42d07bf1977edc5b1c55bbbd6f6 f29b9469f49eec6610c10039e8a7a82535979f35bef16085894a858e289daefb Loading...

	siemens.ziftsolutions.com/uuid/v?s=https%3A%2F%2Fdynamic.ziftsolutions.com%2Fsiemens.ziftsolutions.com%2Fff8081815c617025015c694654b24470%2F	ScriptElement	0 B	0001-01-01	2025-07-19
Pretty URL siemens.ziftsolutions.com/uuid/v?s=https%3A%2F%2Fdynamic.ziftsolutions.com%2Fsiemens.ziftsolutions.com%2Fff8081815c617025015c694654b24470%2F IP 54.240.174.103 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-07-19 06:01 Times Seen5460907 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	4dey.aleonanob.ru/CqUns/#Dtest123@gmail.com	ScriptElement	302 kB	2025-03-27	2025-03-27
Pretty URL 4dey.aleonanob.ru/CqUns/#Dtest123@gmail.com IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-27 02:21 Last Seen2025-03-27 02:21 Times Seen1 Hash 298bf72e825ee5f85842b9193482411c 5b50c3e146e04fe65d88d601691695d796afd66c 0c0f7481642084d7dbae223b279d3b8f68c1e00920bc0a116fd88fd9e71797b6 Loading...

	code.jquery.com/jquery-3.6.0.min.js	ScriptElement	90 kB	2023-03-07	2025-07-19
Pretty URL code.jquery.com/jquery-3.6.0.min.js IP 151.101.130.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-19 05:57 Times Seen247774 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js	ScriptElement	48 kB	2023-03-07	2025-07-19
Pretty URL cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31 Last Seen2025-07-19 05:57 Times Seen119825 Hash 2ca03ad87885ab983541092b87adb299 1a17f60bf776a8c468a185c1e8e985c41a50dc27 8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762 Loading...

	4dey.aleonanob.ru/CqUns/#Dtest123@gmail.com	Function	1.8 kB	2025-03-27	2025-03-27
Pretty URL 4dey.aleonanob.ru/CqUns/#Dtest123@gmail.com IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by Function Embedded in HTML false Observations First Seen2025-03-27 02:21 Last Seen2025-03-27 02:21 Times Seen1 Hash 01b8d295c716b7e69e72d0087e070547 34b21099e1ff10d5c1b236efa149725ce9c9d55e 3b8eb0e62a35efa068521681f2c5cf48cb3a654e811b1a376b8c23d1acaa57d9 Loading...

	widgets.ziftsolutions.com/siemens.ziftsolutions.com/js/ff8081815ca9992a015cc0e672466cab	ScriptElement	11 kB	2025-03-10	2025-05-21
Pretty URL widgets.ziftsolutions.com/siemens.ziftsolutions.com/js/ff8081815ca9992a015cc0e672466cab IP 143.204.55.72 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-10 21:58 Last Seen2025-05-21 16:08 Times Seen4 Hash 0aebffa6bbb4a8b990c19719e7e8655a ca3917e5696936bb00f3b7874597bc42def433d4 0d8cb25dbd947ea69d579ca0e267209f137f4f63e33ffc88fe383b44431ee0e7 Loading...

	4dey.aleonanob.ru/CqUns/#Dtest123@gmail.com	ScriptElement	39 kB	2025-03-27	2025-03-27
Pretty URL 4dey.aleonanob.ru/CqUns/#Dtest123@gmail.com IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-27 02:21 Last Seen2025-03-27 02:21 Times Seen1 Hash 46ad560498e80141afa25cb8f418eef9 52670215a174ae784fa86b3c3ae9e36a365d6e46 9e363b0acced836c15a7b1b5d6aa3ed29699e71e3300339c80b18588bfa8332e Loading...

	4dey.aleonanob.ru/CqUns/#Dtest123@gmail.com	Eval	1.7 kB	2025-03-27	2025-03-27
Pretty URL 4dey.aleonanob.ru/CqUns/#Dtest123@gmail.com IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-03-27 02:21 Last Seen2025-03-27 02:21 Times Seen1 Hash dad943893311c768ff6de5850ff945b8 907ec2a4402fa0e2202085e1604a7b09aef11d81 0f07aec9c29818a3b149e0b83a8976ccb82a3a557af303db659570fe3412c667 Loading...

		Size	First Seen	Last Seen
	#1 Write - fd2378e19a33c6cd46a2ed35017b4ce3	303 kB	2025-03-27 02:21	2025-03-27 02:21
Pretty Observations First Seen2025-03-27 02:21 Last Seen2025-03-27 02:21 Times Seen1 Hash fd2378e19a33c6cd46a2ed35017b4ce3 e614d500d05c7b10c14347325171f04c6e7de1bd 8fde5cf4732ddd58675c2a15c80a5c2557e401fc1376bf2cd620a09b55e8e833 Loading...

	#2 Write - 8b36641b6ff5c3ef0d4d53c3c320bb15	15 kB	2025-03-27 02:21	2025-03-27 02:21
Pretty Observations First Seen2025-03-27 02:21 Last Seen2025-03-27 02:21 Times Seen1 Hash 8b36641b6ff5c3ef0d4d53c3c320bb15 b158c1978885e96d24439090150142fc2eb5f805 ba0ca031e7c85dac5bebe013d4c9a422ebb19d4d737094da9aa5c543c43e2006 Loading...

	#3 Write - 27b22cf7dc434dc63a353b663b95e96a	103 kB	2025-03-27 02:21	2025-03-27 02:21
Pretty Observations First Seen2025-03-27 02:21 Last Seen2025-03-27 02:21 Times Seen1 Hash 27b22cf7dc434dc63a353b663b95e96a 3f4cf4429c67ea7615d6d897c8522a5f80220dd7 51f427dd936631d4d8f4dba22b1178cbe3c9de1e37238a929a2d429feba0f99c Loading...

HTTP Transactions (26)

URL IP Response Size

GET www.gstatic.com/recaptcha/api2/logo_48.png

142.250.74.99

200 OK

2.2 kB

URL GET
www.gstatic.com/recaptcha/api2/logo_48.png
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://4dey.aleonanob.ru/CqUns/#Dtest123@gmail.com
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint63:D6:50:6F:98:C5:59:D1:5A:FF:9D:8D:C3:C1:04:A1:B9:1A:3E:6B
ValidityMon, 10 Mar 2025 08:37:01 GMT - Mon, 02 Jun 2025 08:37:00 GMT

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Size
2.2 kB (2228 bytes)
Hash
ef9941290c50cd3866e2ba6b793f010d
4736508c795667dcea21f8d864233031223b7832
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

HTTP Headers

GET /recaptcha/api2/logo_48.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4dey.aleonanob.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 2228
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 20 Mar 2025 09:12:16 GMT
expires: Thu, 27 Mar 2025 09:12:16 GMT
cache-control: public, max-age=604800
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
age: 580141
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

104.17.24.14

200 OK

48 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://4dey.aleonanob.ru/CqUns/#Dtest123@gmail.com
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC
ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT

File type
JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Size
48 kB (48316 bytes)
Hash
2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762

HTTP Headers

GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4dey.aleonanob.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 27 Mar 2025 02:21:24 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1124528
expires: Tue, 17 Mar 2026 02:21:24 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DZWLpBIrvPjNNd%2FrgTWLTM%2BxOZINX8XRzWrp8q3lU74Fca78urRvlua%2F0OVK82pbjM8GSepT8Z5Um8w6UTAH%2FXOz1HCFbfZBZjBZfd1ZE8h0c790jDC178FbgTbAUjVxbrLQKLlc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 926b6a0149f9b529-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET static.ziftsolutions.com/widgets/js/zpanel_20170605.js

54.240.174.95

200 OK

18 kB

URL GET
static.ziftsolutions.com/widgets/js/zpanel_20170605.js
IP
54.240.174.95:443
ASN
#16509 AMAZON-02

Requested by
https://sites.ziftsolutions.com/siemens.ziftsolutions.com/ff8081815ca9992a015cc0e672466cab?cid=8a9982a96d2b95e1016d3b241df85937&url=https://authswedloginpilot.s3.eu-north-1.amazonaws.com/M365auth.html
Certificate
IssuerAmazon
Subject*.ziftsolutions.com
Fingerprint54:C1:13:C0:65:AB:9A:EB:D5:80:06:E0:AE:12:09:55:A4:1C:68:0B
ValiditySun, 16 Jun 2024 00:00:00 GMT - Tue, 15 Jul 2025 23:59:59 GMT

File type
ASCII text, with CRLF line terminators
Size
18 kB (17472 bytes)
Hash
cf54b477639c4d791e7730ffd744b657
23c11e94407decbe816dac9ac012676a0758c378
9538ba970508dd8684480f4aba6ae1bd64a81fe07a37e69d6bc730d10f820f90

HTTP Headers

GET /widgets/js/zpanel_20170605.js HTTP/1.1
Host: static.ziftsolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sites.ziftsolutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
content-length: 17472
vary: Accept-Encoding
x-amz-id-2: 1fy0uz4J+9RHvDboSbOruBkguhzZI9gOFugGIkeO+zpewohmyyvWxIqzhn18QvDQ5wRLJBowQwZiX1enF4SSti34E+tQ2Adb6G6s+c+lE8I=
x-amz-request-id: 2258HAKD9TGS3EAQ
date: Thu, 27 Mar 2025 02:21:07 GMT
last-modified: Wed, 15 Sep 2021 14:35:23 GMT
etag: "cf54b477639c4d791e7730ffd744b657"
x-amz-version-id: 5qgL4DuMvc.rFvyGYRuXWLOzDlosK96z
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-security-policy: upgrade-insecure-requests; default-src 'self' ziftsolutions.ccindex.cn *.ziftsolutions.com *.staging.ziftone.com *.ziftone.com *.google-analytics.com blob: ; img-src 'self' http: https: ziftsolutions.ccindex.cn *.ziftsolutions.com s3.amazonaws.com *.google-analytics.com data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: checkout.stripe.com *.ziftsolutions.com *.ziftone.com *.getbee.io *.googleapis.com *.google-analytics.com *.zdassets.com *.googletagmanager.com *.google.com *.pendo.io browser-update.org static.zdassets.com s3.amazonaws.com *.zopim.com *.churnzero.net *.marketo.com data: ; connect-src 'self' https: ziftsolutions.ccindex.cn *.ziftsolutions.com *.ziftone.com *.zift123.com *.zendesk.com *.zdassets.com *.zopim.com wss://widget-mediator.zopim.com *.churnzero.net *.getbee.io *.google-analytics.com data: ; style-src 'self' 'unsafe-inline' https: ; font-src 'self' https: data:; media-src 'self' https: ziftsolutions.ccindex.cn *.ziftsolutions.com *.zift123.com *.ziftone.com *.looker.com *.ziftmarcom.com *.lenovo.com; object-src 'self' https: *.ziftsolutions.com *.ziftsolutions.com *.zift123.com *.ziftone.com *.looker.com *.ziftmarcom.com; frame-src 'self' https: *.onserro.com *.onserrodemo.com ziftsolutions.ccindex.cn *.ziftsolutions.com *.zift123.com *.staging.ziftone.com *.ziftone.com *.looker.com *.ziftmarcom.com *.getbee.io *.getbee.com; frame-ancestors 'self' https: *.onserro.com *.onserrodemo.com ziftsolutions.ccindex.cn *.ziftsolutions.com *.zift123.com *.ziftone.com *.looker.com *.ziftmarcom.com;
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
x-robots-tag: noindex
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: hnYyLkSD6k7vxh69TkboAiaXCWYMR7Hp9XPzzHvaE8lRvHJI8PXkpA==
X-Firefox-Spdy: h2

POST 4dey.aleonanob.ru/hwytfEk0whFsBplDOkSdZg5lpzalVgq1tr

188.114.97.1

200 OK

20 B

URL POST
4dey.aleonanob.ru/hwytfEk0whFsBplDOkSdZg5lpzalVgq1tr
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://4dey.aleonanob.ru/CqUns/#Dtest123@gmail.com
Certificate
IssuerGoogle Trust Services
Subjectaleonanob.ru
Fingerprint0C:7F:10:2B:50:12:01:9E:8B:85:46:BF:AD:CF:E3:46:5B:86:E9:63
ValiditySun, 09 Feb 2025 23:59:18 GMT - Sun, 11 May 2025 00:55:54 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
20 B (20 bytes)
Hash
0b35866f4a3aa4d34ce5dda2d14c2cd8
d2b80911f09c3106fdf0df9920f983945d644083
493851374626d927bfe1c7d084fa977a0e636c03f163fda258ab6b638edc2f0d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Tycoon Phishing Kit
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /hwytfEk0whFsBplDOkSdZg5lpzalVgq1tr HTTP/1.1
Host: 4dey.aleonanob.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://4dey.aleonanob.ru/CqUns/
Content-Type: multipart/form-data; boundary=---------------------------6011633540476130924252694840
Content-Length: 966
Origin: https://4dey.aleonanob.ru
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkVSQ3FWaG4vcThKVXpBemNvUHJxYnc9PSIsInZhbHVlIjoidUdxYVRiL1JrT2VPdE5CbVlZbjlXSU5KVlNHb1VTWEFaSkRyUmNYb2c3d3dHR3JNSWRucmRtL3dUcENZUSs1TThncDhhSHJTTitKV2NWaHk0TWFnZHMyWXNpcUtBTko1dU1kNVU0RkdGbTcxUXZnSEFKQlEreEdVN1I0ZHpwalUiLCJtYWMiOiJlY2IwMzNlZWFhNTZiNWM1ZDhlNTYwOGM2MjdiMmVmODg5MGUzZTU0M2I5NmJiMDRlOTU3NDEyNjg3YWM3ZGVhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjV3N0F5ZkRRbXhHa1hpQnc2YzZ0MVE9PSIsInZhbHVlIjoiKzd6SEMxVHZZSGFuTHNaWjRhaUwxYTNkWENrYjFNZzIyNXJaUmVTcmVGR2hpRldhMTc4bWxXVVg5dzlXRVIyUGkwQXN0Wi9JRTlMQXYxWnBvbnI2U1U2aXlRY0kvM3hlQ2NTNElGOW1CWTh0Uk90Y1ZWK2JHbC9MdFJLOGdSYlIiLCJtYWMiOiIxYWY2ZDIxMmQyNjcyZmRmNzQ4NTUxYTA4NTE4NTc0N2VhOWRhMWFiYTFiNzJmNTc0Y2FmOGFlNDUzOWY3NGZmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 27 Mar 2025 02:21:23 GMT
content-type: application/json
cache-control: no-cache, private
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qNIndqg5l4SxThnr4Yeo06RbtAdSumqinYv7DPugZScKvNceElni7aJ%2BV7pnQC3wtWKp7GwxzzxlvU65EIHohfS61QIhOcg9ZsoBC1vuh729chssbiPc2xkGpnzR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: XSRF-TOKEN=eyJpdiI6InN2OGxyK3o2Z2dmcW53WndremJsOHc9PSIsInZhbHVlIjoiZVpKRDBpWW41YTZoVERkVng3TDFleW83Z2J3emxIWng0SnBLeWFrbno0U3ZBVE1nM0s5M1dWUzBDTTR6ZlU3elVDSDhnNUxMenZvcXBWUlFYV015UGZWKzlkWkQrb202UVo5K0ZmY29UYmluOGZRZ2NPUXhjR2VIbDgvMzFXekoiLCJtYWMiOiJmNTAwODViODVjMDJmNDJkOTQ4ZmFhZmY3NjFiNWFmMTk2NDM2MTJkYWUwNGFjMzczYzAwZTRmN2YzNjhjMWU5IiwidGFnIjoiIn0%3D; expires=Thu, 27-Mar-2025 04:21:23 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6ImJHWmtSYS9JU2FPNStCRXljYURVelE9PSIsInZhbHVlIjoiUWIrRU5XTjNtM2ZUaitRdzNBbkVMNzkycXdvbzhQdEt0ci91QmdVZWFlL2pNekdLNWpkNlJtaHFyL0RrSDJxM0l2WmlWbUh4bjVKN0wzd1BYNFVjSmVuc3dEaGRVOU94ZmNNZTdGQkM0WllFOC9xcDZPTkkxekJ4TDlmN0dURHkiLCJtYWMiOiJmY2NiZjE4MWM2ODExZWQzZjM1OGExN2Y3ZGM1MTc4MmNkODIyMTMyNDE0YzAzOTM5ZWVhZDNhNmRjZTc3YmQ4IiwidGFnIjoiIn0%3D; expires=Thu, 27-Mar-2025 04:21:23 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
vary: accept-encoding
priority: u=4,i=?0
server: cloudflare
cf-ray: 926b69f81bd77130-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=35129&min_rtt=34986&rtt_var=9954&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=3222&delivery_rate=81315&cwnd=86&unsent_bytes=0&cid=6cb43e6b3e03c899&ts=254&x=0", cfL4;desc="?proto=QUIC&rtt=6281&min_rtt=1367&rtt_var=6096&sent=15&recv=11&lost=0&retrans=0&sent_bytes=5047&recv_bytes=3813&delivery_rate=447&cwnd=12000&unsent_bytes=0&cid=43e4345291b0476c&ts=6974&x=1", cfExtPri, cfHdrFlush;dur=0

GET dynamic.ziftsolutions.com/8a104ee650d22d330150d92ab13f7147/Default/ff8081815ca9992a015cc0e672466cab/0

54.240.174.8

200 OK

317 B

URL GET
dynamic.ziftsolutions.com/8a104ee650d22d330150d92ab13f7147/Default/ff8081815ca9992a015cc0e672466cab/0
IP
54.240.174.8:443
ASN
#16509 AMAZON-02

Requested by
https://sites.ziftsolutions.com/siemens.ziftsolutions.com/ff8081815ca9992a015cc0e672466cab?cid=8a9982a96d2b95e1016d3b241df85937&url=https://authswedloginpilot.s3.eu-north-1.amazonaws.com/M365auth.html
Certificate
IssuerAmazon
Subject*.ziftsolutions.com
Fingerprint54:C1:13:C0:65:AB:9A:EB:D5:80:06:E0:AE:12:09:55:A4:1C:68:0B
ValiditySun, 16 Jun 2024 00:00:00 GMT - Tue, 15 Jul 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (320), with no line terminators
Size
317 B (317 bytes)
Hash
43ecba4f77c19ce2123dee60c8c882a3
be2d07a35df0a255f435c112df080bfc9e25ffec
ce82693f7fa444e588274e8949e5ad7ad5d31b3bfc5aca4d794b7d46754abbf2

HTTP Headers

GET /8a104ee650d22d330150d92ab13f7147/Default/ff8081815ca9992a015cc0e672466cab/0 HTTP/1.1
Host: dynamic.ziftsolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sites.ziftsolutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/javascript;charset=UTF-8
content-length: 317
alt-svc: h3=":443"; ma=86400
date: Thu, 27 Mar 2025 02:21:07 GMT
last-modified: Fri, 24 Jan 2020 14:51:24 GMT
etag: "15d3382cd65f8af58d719110a0498af9"
cache-control: no-cache
x-amz-version-id: null
x-amz-meta-channel-marketing-service: Zift Solutions
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: i8gBeYKnBzAK0V7WJnEINRPGK6cRwzzro2Qs-vgXVaIrA0OpCEzD5A==

GET authswedloginpilot.s3.eu-north-1.amazonaws.com/M365auth.html

16.12.9.46

200 OK

371 kB

URL User Request GET
authswedloginpilot.s3.eu-north-1.amazonaws.com/M365auth.html
IP
16.12.9.46:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subject*.s3.eu-north-1.amazonaws.com
Fingerprint6C:8C:0B:8C:94:37:65:0A:68:79:B3:ED:BF:DC:F0:C9:CD:BE:A4:DD
ValidityMon, 10 Mar 2025 00:00:00 GMT - Tue, 17 Feb 2026 23:59:59 GMT

File type

Size
371 kB (370568 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /M365auth.html HTTP/1.1
Host: authswedloginpilot.s3.eu-north-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sites.ziftsolutions.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: 9cQtfJes214ec73g0Che1g7mignlptSX9wM76xgW+W4D7fzEHkMfHr5cROkx62w4Hm23gmfaGmk=
x-amz-request-id: GANEPYJ4C2DNX62W
Date: Thu, 27 Mar 2025 02:21:08 GMT
Last-Modified: Thu, 13 Feb 2025 13:27:10 GMT
ETag: "6355f1c6d2af2f1c50e16e99d6a7f9b4"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 370568
Server: AmazonS3

POST 4dey.aleonanob.ru/rqzL4j6RBcfNTtwCaNwl4SSgtklIKxUfr3gHQxfw

188.114.97.1

200 OK

312 B

URL POST
4dey.aleonanob.ru/rqzL4j6RBcfNTtwCaNwl4SSgtklIKxUfr3gHQxfw
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://4dey.aleonanob.ru/CqUns/#Dtest123@gmail.com
Certificate
IssuerGoogle Trust Services
Subjectaleonanob.ru
Fingerprint0C:7F:10:2B:50:12:01:9E:8B:85:46:BF:AD:CF:E3:46:5B:86:E9:63
ValiditySun, 09 Feb 2025 23:59:18 GMT - Sun, 11 May 2025 00:55:54 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (331), with no line terminators
Size
312 B (312 bytes)
Hash
556756118fda1b977e27c143fec66995
7d3bd90cd18d3142f15c337da33572b7eabbe8f8
0c0bd8e4647ddfee02227a43a5dae9b0213b1a8cc23a8bbffbcf3c7823e020e6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Tycoon Phishing Kit
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /rqzL4j6RBcfNTtwCaNwl4SSgtklIKxUfr3gHQxfw HTTP/1.1
Host: 4dey.aleonanob.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 26
Origin: https://4dey.aleonanob.ru
DNT: 1
Connection: keep-alive
Referer: https://4dey.aleonanob.ru/CqUns/
Cookie: XSRF-TOKEN=eyJpdiI6IjY2TGRrZ2pCMCtFcTZSc1h1RXhUcVE9PSIsInZhbHVlIjoianNnVHN2Q1NSL0pxbmxiNCs3SndybnhyR0pnbVFXbTAxN3FlYmpQQ3ZGM3J1SlhXNjExZ2ROR1lKZnJHUURSZkgvMHZ2eDlzTDVrdWJjcWV1QUlnMkFSbGw4YTI1WE15TGMyTS9Zb010WXFTRlg3OEE2QVFiZXk0THZiZlJiS3giLCJtYWMiOiI2MzFjMjZhOTI4ZWQzOTMzOWRkNTdlYzZhNGQ2Njc2MmNlOTk4MGI2Y2RjOWI0MDZhNWU4Y2Q1ZWE5NTFhY2RlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkFGSjgyZ1pNK21UaUZFM0taYytVaHc9PSIsInZhbHVlIjoiMEV5cUorOEpQY2NoUysyWm11MFJ6L1o3Qlo3anVWOFVDbU41aDgvTUs2Y3dzV2dUMm1uYzNJTmRHS3d6YzhCSWl3TUxzUlRHQ2k1Vm1XUUJTWEJzY0RrNi9IUnI4TUIrRStXR2ZhOVhxcFFVWnFocFBhckRubFowRW96ckhDU2ciLCJtYWMiOiI4NTE0Nzk4MTI1MTUxNjhhZWMxMDJhMWEwYWYxYWYyY2E5OTExZjNlMjc0NDhjNDJmYjNjY2YxZTZhNzMzNDMzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 27 Mar 2025 02:21:24 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s8H2CcwOqQr9WsG2xRvtRAXwyYJAQfolP9qkd2TXOaUbeu2sLVZnmWru4QUXEjFHJzJ99uE1ioJI7ovgPzgtxXurorRC9a9rxsN7ReHyxcL3zglvP04i9%2FIk8Abp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: XSRF-TOKEN=eyJpdiI6IkxnUlV6SVpXaUg5Qyt0Rml1Y1J3N2c9PSIsInZhbHVlIjoiWDcwOUhhYW0zVFl3cG1FWDZ5YTFyTDdTcDhEeG1XajBNeTcvZG91OFh0VE05ZHlpS3NnVTludzc0VUhxbWJEc1JyWWZwQTF4TEZicFVVZnBzZDJZMnhhY2d5QkRMcnFuckk1RkhKWDFYS3pzY2lEQ05QcXk1TFZZODhvUTJrQkciLCJtYWMiOiIyNTFhMmRjYzgxZGUzNGY5ODY3MmRjMTRlYzMyMWJhZjRiYmRiYzA0NGMzNTZhMDBmMDg0NWUxNGQxYTdmMjk5IiwidGFnIjoiIn0%3D; expires=Thu, 27-Mar-2025 04:21:24 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IkROeVk2VWo3NDJ4aktGY2NVL2FFY3c9PSIsInZhbHVlIjoiRi9LbU1MOERoL2NGTGRyc3g1T09UbGR1NmpzekdxN01odW53bi94VGFxd0IrcHIxOWFaZTNlejd0bXBES01PVXJFK2MycHF1ejVuSnFXK0FUK21YQmdSeXBBYVBxTy8rV1Q5ZzlWd3lMRGFDSlhiQjRONGxoT2JiVkJ5YTFCbk0iLCJtYWMiOiI3MzJhZTJlY2M5NGVjYTVmODAwNjYzMjU1NDQwNmM5ZmNmZTgzOGNjNGIxZjVhYmMyNDI4ZTY4OGMxY2NlOTU4IiwidGFnIjoiIn0%3D; expires=Thu, 27-Mar-2025 04:21:24 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
priority: u=3,i=?0
server: cloudflare
cf-ray: 926b6a01ff477130-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=10173&min_rtt=10085&rtt_var=3845&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2269&delivery_rate=282399&cwnd=72&unsent_bytes=0&cid=743b9e2249add4e5&ts=227&x=0", cfL4;desc="?proto=QUIC&rtt=4299&min_rtt=1367&rtt_var=3497&sent=36&recv=19&lost=0&retrans=0&sent_bytes=23090&recv_bytes=6827&delivery_rate=4217&cwnd=24000&unsent_bytes=0&cid=43e4345291b0476c&ts=8323&x=1", cfExtPri, cfHdrFlush;dur=0

GET static.ziftsolutions.com/widgets/js/zsizzle.20110528.js

54.240.174.95

200 OK

21 kB

URL GET
static.ziftsolutions.com/widgets/js/zsizzle.20110528.js
IP
54.240.174.95:443
ASN
#16509 AMAZON-02

Requested by
https://sites.ziftsolutions.com/siemens.ziftsolutions.com/ff8081815ca9992a015cc0e672466cab?cid=8a9982a96d2b95e1016d3b241df85937&url=https://authswedloginpilot.s3.eu-north-1.amazonaws.com/M365auth.html
Certificate
IssuerAmazon
Subject*.ziftsolutions.com
Fingerprint54:C1:13:C0:65:AB:9A:EB:D5:80:06:E0:AE:12:09:55:A4:1C:68:0B
ValiditySun, 16 Jun 2024 00:00:00 GMT - Tue, 15 Jul 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1644)
Size
21 kB (21218 bytes)
Hash
467c29db2b0d4c4aeceda23afdbb7c93
c204fe03b3d9f42d07bf1977edc5b1c55bbbd6f6
f29b9469f49eec6610c10039e8a7a82535979f35bef16085894a858e289daefb

HTTP Headers

GET /widgets/js/zsizzle.20110528.js HTTP/1.1
Host: static.ziftsolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sites.ziftsolutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript
content-length: 21218
vary: Accept-Encoding
x-amz-id-2: elwixLHnk6IZsMVWfv/xUs0jUWI7lYtMeXIpoOzBhYWLnsc5mzCrNwQkkwCUIdRSyuUCBp4Hjcg=
x-amz-request-id: 2253FKRS8H3H2DQT
date: Thu, 27 Mar 2025 02:21:07 GMT
last-modified: Wed, 11 Jul 2012 14:24:12 GMT
etag: "467c29db2b0d4c4aeceda23afdbb7c93"
cache-control: max-age=2592000
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-security-policy: upgrade-insecure-requests; default-src 'self' ziftsolutions.ccindex.cn *.ziftsolutions.com *.staging.ziftone.com *.ziftone.com *.google-analytics.com blob: ; img-src 'self' http: https: ziftsolutions.ccindex.cn *.ziftsolutions.com s3.amazonaws.com *.google-analytics.com data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: checkout.stripe.com *.ziftsolutions.com *.ziftone.com *.getbee.io *.googleapis.com *.google-analytics.com *.zdassets.com *.googletagmanager.com *.google.com *.pendo.io browser-update.org static.zdassets.com s3.amazonaws.com *.zopim.com *.churnzero.net *.marketo.com data: ; connect-src 'self' https: ziftsolutions.ccindex.cn *.ziftsolutions.com *.ziftone.com *.zift123.com *.zendesk.com *.zdassets.com *.zopim.com wss://widget-mediator.zopim.com *.churnzero.net *.getbee.io *.google-analytics.com data: ; style-src 'self' 'unsafe-inline' https: ; font-src 'self' https: data:; media-src 'self' https: ziftsolutions.ccindex.cn *.ziftsolutions.com *.zift123.com *.ziftone.com *.looker.com *.ziftmarcom.com *.lenovo.com; object-src 'self' https: *.ziftsolutions.com *.ziftsolutions.com *.zift123.com *.ziftone.com *.looker.com *.ziftmarcom.com; frame-src 'self' https: *.onserro.com *.onserrodemo.com ziftsolutions.ccindex.cn *.ziftsolutions.com *.zift123.com *.staging.ziftone.com *.ziftone.com *.looker.com *.ziftmarcom.com *.getbee.io *.getbee.com; frame-ancestors 'self' https: *.onserro.com *.onserrodemo.com ziftsolutions.ccindex.cn *.ziftsolutions.com *.zift123.com *.ziftone.com *.looker.com *.ziftmarcom.com;
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
x-robots-tag: noindex
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: p6SWpKk_JYPgA5dEof1sP2U-8pHkwrij_euwIfVzZt67MRxekyiKOA==
X-Firefox-Spdy: h2

GET static.ziftsolutions.com/widgets/js/ztrack.20170214.js

54.240.174.95

200 OK

9.2 kB

URL GET
static.ziftsolutions.com/widgets/js/ztrack.20170214.js
IP
54.240.174.95:443
ASN
#16509 AMAZON-02

Requested by
https://sites.ziftsolutions.com/siemens.ziftsolutions.com/ff8081815ca9992a015cc0e672466cab?cid=8a9982a96d2b95e1016d3b241df85937&url=https://authswedloginpilot.s3.eu-north-1.amazonaws.com/M365auth.html
Certificate
IssuerAmazon
Subject*.ziftsolutions.com
Fingerprint54:C1:13:C0:65:AB:9A:EB:D5:80:06:E0:AE:12:09:55:A4:1C:68:0B
ValiditySun, 16 Jun 2024 00:00:00 GMT - Tue, 15 Jul 2025 23:59:59 GMT

File type
ASCII text, with very long lines (9899), with no line terminators
Size
9.2 kB (9219 bytes)
Hash
8787807a277c48bf9d8e7d7713a3dac1
f1183bf0517864f9c61ddb7623e8d1416bde0d55
8279f0f2984fca9f933e8aaf4dcb477de7d5d218021d60dc1cbea79c7e35ebc9

HTTP Headers

GET /widgets/js/ztrack.20170214.js HTTP/1.1
Host: static.ziftsolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sites.ziftsolutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
content-length: 9219
vary: Accept-Encoding
x-amz-id-2: FnMPBS1pbIBroxBTRBYQ2PYt6KHlzPufa1FReXUb4nEpykPmCz1j8xkZ5fBMGCFs0pW/abC07gQi8PBEFNYcqqYc1gV1FN4c
x-amz-request-id: 2251NV8AAKMYCNZD
date: Thu, 27 Mar 2025 02:21:07 GMT
last-modified: Mon, 15 Jun 2020 15:14:25 GMT
etag: "b31a05b47a3838d46f0b68604e10e281"
x-amz-version-id: pPqmSY1OflGSw9oDacDeyFgh_iq6dfhZ
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-security-policy: upgrade-insecure-requests; default-src 'self' ziftsolutions.ccindex.cn *.ziftsolutions.com *.staging.ziftone.com *.ziftone.com *.google-analytics.com blob: ; img-src 'self' http: https: ziftsolutions.ccindex.cn *.ziftsolutions.com s3.amazonaws.com *.google-analytics.com data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: checkout.stripe.com *.ziftsolutions.com *.ziftone.com *.getbee.io *.googleapis.com *.google-analytics.com *.zdassets.com *.googletagmanager.com *.google.com *.pendo.io browser-update.org static.zdassets.com s3.amazonaws.com *.zopim.com *.churnzero.net *.marketo.com data: ; connect-src 'self' https: ziftsolutions.ccindex.cn *.ziftsolutions.com *.ziftone.com *.zift123.com *.zendesk.com *.zdassets.com *.zopim.com wss://widget-mediator.zopim.com *.churnzero.net *.getbee.io *.google-analytics.com data: ; style-src 'self' 'unsafe-inline' https: ; font-src 'self' https: data:; media-src 'self' https: ziftsolutions.ccindex.cn *.ziftsolutions.com *.zift123.com *.ziftone.com *.looker.com *.ziftmarcom.com *.lenovo.com; object-src 'self' https: *.ziftsolutions.com *.ziftsolutions.com *.zift123.com *.ziftone.com *.looker.com *.ziftmarcom.com; frame-src 'self' https: *.onserro.com *.onserrodemo.com ziftsolutions.ccindex.cn *.ziftsolutions.com *.zift123.com *.staging.ziftone.com *.ziftone.com *.looker.com *.ziftmarcom.com *.getbee.io *.getbee.com; frame-ancestors 'self' https: *.onserro.com *.onserrodemo.com ziftsolutions.ccindex.cn *.ziftsolutions.com *.zift123.com *.ziftone.com *.looker.com *.ziftmarcom.com;
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
x-robots-tag: noindex
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: 46LcuDSybv8LBoy5wniPlH5Um36bFbN37VWTnApVCGE_3IxSjAou8A==
X-Firefox-Spdy: h2

GET 6sul.nmpjkg.ru/chai!uknfe5c

104.21.32.1

200 OK

1 B

URL GET
6sul.nmpjkg.ru/chai!uknfe5c
IP
104.21.32.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://4dey.aleonanob.ru/CqUns/#Dtest123@gmail.com
Certificate
IssuerGoogle Trust Services
Subjectnmpjkg.ru
FingerprintEA:D3:01:1A:7B:5D:BE:C3:AB:8E:25:49:B2:7C:F5:C8:58:C5:59:56
ValidityThu, 27 Feb 2025 12:47:13 GMT - Wed, 28 May 2025 13:40:19 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
cfcd208495d565ef66e7dff9f98764da
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

HTTP Headers

GET /chai!uknfe5c HTTP/1.1
Host: 6sul.nmpjkg.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://4dey.aleonanob.ru/
Origin: https://4dey.aleonanob.ru
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 27 Mar 2025 02:21:22 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
access-control-allow-origin: *
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 926b69e99ce65699-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET 4dey.aleonanob.ru/favicon.ico

188.114.97.1

404 Not Found

0 B

URL GET
4dey.aleonanob.ru/favicon.ico
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://4dey.aleonanob.ru/CqUns/#Dtest123@gmail.com
Certificate
IssuerGoogle Trust Services
Subjectaleonanob.ru
Fingerprint0C:7F:10:2B:50:12:01:9E:8B:85:46:BF:AD:CF:E3:46:5B:86:E9:63
ValiditySun, 09 Feb 2025 23:59:18 GMT - Sun, 11 May 2025 00:55:54 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Tycoon Phishing Kit
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 4dey.aleonanob.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4dey.aleonanob.ru/CqUns/
Cookie: XSRF-TOKEN=eyJpdiI6IjY2TGRrZ2pCMCtFcTZSc1h1RXhUcVE9PSIsInZhbHVlIjoianNnVHN2Q1NSL0pxbmxiNCs3SndybnhyR0pnbVFXbTAxN3FlYmpQQ3ZGM3J1SlhXNjExZ2ROR1lKZnJHUURSZkgvMHZ2eDlzTDVrdWJjcWV1QUlnMkFSbGw4YTI1WE15TGMyTS9Zb010WXFTRlg3OEE2QVFiZXk0THZiZlJiS3giLCJtYWMiOiI2MzFjMjZhOTI4ZWQzOTMzOWRkNTdlYzZhNGQ2Njc2MmNlOTk4MGI2Y2RjOWI0MDZhNWU4Y2Q1ZWE5NTFhY2RlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkFGSjgyZ1pNK21UaUZFM0taYytVaHc9PSIsInZhbHVlIjoiMEV5cUorOEpQY2NoUysyWm11MFJ6L1o3Qlo3anVWOFVDbU41aDgvTUs2Y3dzV2dUMm1uYzNJTmRHS3d6YzhCSWl3TUxzUlRHQ2k1Vm1XUUJTWEJzY0RrNi9IUnI4TUIrRStXR2ZhOVhxcFFVWnFocFBhckRubFowRW96ckhDU2ciLCJtYWMiOiI4NTE0Nzk4MTI1MTUxNjhhZWMxMDJhMWEwYWYxYWYyY2E5OTExZjNlMjc0NDhjNDJmYjNjY2YxZTZhNzMzNDMzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Thu, 27 Mar 2025 02:21:24 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hf7bB%2Fdp%2BxukQ2i8rzyYovKD1Vj4So1Uy3oN8ddRGkJVnmRGC%2B5vtWnSoMoXNqxQBiBWWEu31eZ3pU3Cb66bBivDjPkLSMI4SUHnA5QLN3P5xLedT7jASFCvB1xB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 6
priority: u=6,i=?0
content-encoding: br
cf-ray: 926b6a02cf877130-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=44687&min_rtt=44582&rtt_var=16793&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2099&delivery_rate=63882&cwnd=91&unsent_bytes=0&cid=039a1a41dfc3d54a&ts=399&x=0", cfExtPri

GET 4dey.aleonanob.ru/vqnkkbvlxcdqixxsjfwcvgK35LYSJQ4CGGHF6N6VZRUZB9S4QSD?MVXGIAVGCVXYGOOCWVOVGCUXBOWNSX

188.114.97.1

200 OK

152 kB

URL User Request GET
4dey.aleonanob.ru/vqnkkbvlxcdqixxsjfwcvgK35LYSJQ4CGGHF6N6VZRUZB9S4QSD?MVXGIAVGCVXYGOOCWVOVGCUXBOWNSX
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectaleonanob.ru
Fingerprint0C:7F:10:2B:50:12:01:9E:8B:85:46:BF:AD:CF:E3:46:5B:86:E9:63
ValiditySun, 09 Feb 2025 23:59:18 GMT - Sun, 11 May 2025 00:55:54 GMT

File type
HTML document, ASCII text, with very long lines (52009), with CRLF line terminators
Size
152 kB (151524 bytes)
Hash
9cb972991d183f358c46c81a3fbdff2b
f6de8e668287f8908b8f0dd8213117ac1900567d
f68863dd18a49764d552471ec27115f8c50c7261bca6a8c9d7497ee6b106e91a

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Anti-debugging code
urlquery	phishing	Phishing - Tycoon Phishing Kit
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /vqnkkbvlxcdqixxsjfwcvgK35LYSJQ4CGGHF6N6VZRUZB9S4QSD?MVXGIAVGCVXYGOOCWVOVGCUXBOWNSX HTTP/1.1
Host: 4dey.aleonanob.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4dey.aleonanob.ru/CqUns/
Cookie: XSRF-TOKEN=eyJpdiI6IkxnUlV6SVpXaUg5Qyt0Rml1Y1J3N2c9PSIsInZhbHVlIjoiWDcwOUhhYW0zVFl3cG1FWDZ5YTFyTDdTcDhEeG1XajBNeTcvZG91OFh0VE05ZHlpS3NnVTludzc0VUhxbWJEc1JyWWZwQTF4TEZicFVVZnBzZDJZMnhhY2d5QkRMcnFuckk1RkhKWDFYS3pzY2lEQ05QcXk1TFZZODhvUTJrQkciLCJtYWMiOiIyNTFhMmRjYzgxZGUzNGY5ODY3MmRjMTRlYzMyMWJhZjRiYmRiYzA0NGMzNTZhMDBmMDg0NWUxNGQxYTdmMjk5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkROeVk2VWo3NDJ4aktGY2NVL2FFY3c9PSIsInZhbHVlIjoiRi9LbU1MOERoL2NGTGRyc3g1T09UbGR1NmpzekdxN01odW53bi94VGFxd0IrcHIxOWFaZTNlejd0bXBES01PVXJFK2MycHF1ejVuSnFXK0FUK21YQmdSeXBBYVBxTy8rV1Q5ZzlWd3lMRGFDSlhiQjRONGxoT2JiVkJ5YTFCbk0iLCJtYWMiOiI3MzJhZTJlY2M5NGVjYTVmODAwNjYzMjU1NDQwNmM5ZmNmZTgzOGNjNGIxZjVhYmMyNDI4ZTY4OGMxY2NlOTU4IiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 27 Mar 2025 02:21:25 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qk8xJW9WnIeZnNhS%2B%2Bs%2FqReKE0UzlfkxwvN3fPdcu6SfXE7w87bLBgi2%2Bpb5iEbvxg%2B6tgPmzK1keZSLmbjxpUUV4H2yGSLjrVBVOHSnM%2BVBAXkuadj40OdADxBa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: XSRF-TOKEN=eyJpdiI6Im1yYlRiVmxiUHUxL2s0U1BobWcrZHc9PSIsInZhbHVlIjoiUU1IQy9zS0Z4UHZMSVFra2NRaCt5ZjFuUU9PcEJuUEpnMTc3c25DRUlIdXJobkszSlRaMCtjYTJCWmg3MzNCK1dIVkNTb0c3Mk1mMnV3TFNiM2c2T1lEMklWZjlEdXV6bXdUTEFtUDZzZmM1bmw2dERKVDRjOWVHUjdVUXRDM08iLCJtYWMiOiJiYjhiNmRkNDg0YWU5Nzc3YzkzOTBiOTgyMGY0MDNjYjgxMzVlYzg0OGE2OThjN2NhMmI4ZjY5NTJjNWQ5YzQxIiwidGFnIjoiIn0%3D; expires=Thu, 27-Mar-2025 04:21:25 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IjFiT20yNjRad0REclNNTUxEWDRNN0E9PSIsInZhbHVlIjoiOE8yUTZPNVhkMXBTN1Y3NDJlRksyWWU4R3dqaXl0aGVNV0lsZGwvcFFwSUp1bnV6QTdoVk9JZkZyajRESUU4OGJ6aUpTUmplNEFhU2JSb1hCLzk4bFlRMURBZGkwb0tqR1JMM29FV2hYdEd4NEpMZTdTRldQeHhVVURSYlhtaFMiLCJtYWMiOiI0M2JmYWUyNmRhYTkwYjFjZTk2NzU0MWQyN2EwNDQ4NzVjYzk0ODY2Y2YwZjdjZDA2ZmE2YTE1ODcxYjJmMGEwIiwidGFnIjoiIn0%3D; expires=Thu, 27-Mar-2025 04:21:25 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
priority: u=1,i=?0
server: cloudflare
cf-ray: 926b6a0588767130-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=38680&min_rtt=38572&rtt_var=14542&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2827&recv_bytes=2265&delivery_rate=73835&cwnd=121&unsent_bytes=0&cid=2f4eca686337cb7d&ts=292&x=0", cfL4;desc="?proto=QUIC&rtt=3986&min_rtt=1367&rtt_var=3250&sent=40&recv=21&lost=0&retrans=0&sent_bytes=24954&recv_bytes=7854&delivery_rate=1025860&cwnd=24000&unsent_bytes=0&cid=43e4345291b0476c&ts=9011&x=1", cfExtPri, cfHdrFlush;dur=0

GET 4dey.aleonanob.ru/CqUns/#Dtest123@gmail.com

188.114.97.1

200 OK

25 kB

URL User Request GET
4dey.aleonanob.ru/CqUns/#Dtest123@gmail.com
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectaleonanob.ru
Fingerprint0C:7F:10:2B:50:12:01:9E:8B:85:46:BF:AD:CF:E3:46:5B:86:E9:63
ValiditySun, 09 Feb 2025 23:59:18 GMT - Sun, 11 May 2025 00:55:54 GMT

File type
HTML document, ASCII text, with very long lines (19861), with CRLF line terminators
Size
25 kB (24896 bytes)
Hash
23547532d7878c918602bd8cde5c64fb
5e30372c0bacd5044c8eb2252eab833c71a86abf
05e8f108eb15be9b37b1b59babfbc7d7aa1061b8288cf9091d590ec0cc9db6de

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Anti-debugging code
urlquery	phishing	Phishing - Tycoon Phishing Kit
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /CqUns/ HTTP/1.1
Host: 4dey.aleonanob.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://authswedloginpilot.s3.eu-north-1.amazonaws.com/
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6InN2OGxyK3o2Z2dmcW53WndremJsOHc9PSIsInZhbHVlIjoiZVpKRDBpWW41YTZoVERkVng3TDFleW83Z2J3emxIWng0SnBLeWFrbno0U3ZBVE1nM0s5M1dWUzBDTTR6ZlU3elVDSDhnNUxMenZvcXBWUlFYV015UGZWKzlkWkQrb202UVo5K0ZmY29UYmluOGZRZ2NPUXhjR2VIbDgvMzFXekoiLCJtYWMiOiJmNTAwODViODVjMDJmNDJkOTQ4ZmFhZmY3NjFiNWFmMTk2NDM2MTJkYWUwNGFjMzczYzAwZTRmN2YzNjhjMWU5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImJHWmtSYS9JU2FPNStCRXljYURVelE9PSIsInZhbHVlIjoiUWIrRU5XTjNtM2ZUaitRdzNBbkVMNzkycXdvbzhQdEt0ci91QmdVZWFlL2pNekdLNWpkNlJtaHFyL0RrSDJxM0l2WmlWbUh4bjVKN0wzd1BYNFVjSmVuc3dEaGRVOU94ZmNNZTdGQkM0WllFOC9xcDZPTkkxekJ4TDlmN0dURHkiLCJtYWMiOiJmY2NiZjE4MWM2ODExZWQzZjM1OGExN2Y3ZGM1MTc4MmNkODIyMTMyNDE0YzAzOTM5ZWVhZDNhNmRjZTc3YmQ4IiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 27 Mar 2025 02:21:23 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7QVCQZ8Ygr1YEQ8SW0p2W4tm9V1D%2FFRPePwoZDRBf%2FNPoiQZ9A8btVn71FQApG1GEw7iTSM4GXyozYWsbkNjp1Z%2FjHBc62DPEzJazWGjmMg%2BbtthW7HEEDrHt0jr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority: u=1,i=?0
content-encoding: br
set-cookie: XSRF-TOKEN=eyJpdiI6IjY2TGRrZ2pCMCtFcTZSc1h1RXhUcVE9PSIsInZhbHVlIjoianNnVHN2Q1NSL0pxbmxiNCs3SndybnhyR0pnbVFXbTAxN3FlYmpQQ3ZGM3J1SlhXNjExZ2ROR1lKZnJHUURSZkgvMHZ2eDlzTDVrdWJjcWV1QUlnMkFSbGw4YTI1WE15TGMyTS9Zb010WXFTRlg3OEE2QVFiZXk0THZiZlJiS3giLCJtYWMiOiI2MzFjMjZhOTI4ZWQzOTMzOWRkNTdlYzZhNGQ2Njc2MmNlOTk4MGI2Y2RjOWI0MDZhNWU4Y2Q1ZWE5NTFhY2RlIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 27 Mar 2025 04:21:23 GMT
laravel_session=eyJpdiI6IkFGSjgyZ1pNK21UaUZFM0taYytVaHc9PSIsInZhbHVlIjoiMEV5cUorOEpQY2NoUysyWm11MFJ6L1o3Qlo3anVWOFVDbU41aDgvTUs2Y3dzV2dUMm1uYzNJTmRHS3d6YzhCSWl3TUxzUlRHQ2k1Vm1XUUJTWEJzY0RrNi9IUnI4TUIrRStXR2ZhOVhxcFFVWnFocFBhckRubFowRW96ckhDU2ciLCJtYWMiOiI4NTE0Nzk4MTI1MTUxNjhhZWMxMDJhMWEwYWYxYWYyY2E5OTExZjNlMjc0NDhjNDJmYjNjY2YxZTZhNzMzNDMzIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 27 Mar 2025 04:21:23 GMT
cf-ray: 926b69fc6d6c7130-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=34979&min_rtt=34949&rtt_var=13127&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2825&recv_bytes=2224&delivery_rate=81490&cwnd=71&unsent_bytes=0&cid=3a1e32cbcfa7082b&ts=250&x=0", cfExtPri

GET widgets.ziftsolutions.com/siemens.ziftsolutions.com/js/ff8081815ca9992a015cc0e672466cab

143.204.55.72

200 OK

11 kB

URL GET
widgets.ziftsolutions.com/siemens.ziftsolutions.com/js/ff8081815ca9992a015cc0e672466cab
IP
143.204.55.72:443
ASN
#16509 AMAZON-02

Requested by
https://sites.ziftsolutions.com/siemens.ziftsolutions.com/ff8081815ca9992a015cc0e672466cab?cid=8a9982a96d2b95e1016d3b241df85937&url=https://authswedloginpilot.s3.eu-north-1.amazonaws.com/M365auth.html
Certificate
IssuerAmazon
Subject*.ziftsolutions.com
Fingerprint54:C1:13:C0:65:AB:9A:EB:D5:80:06:E0:AE:12:09:55:A4:1C:68:0B
ValiditySun, 16 Jun 2024 00:00:00 GMT - Tue, 15 Jul 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (736)
Size
11 kB (10626 bytes)
Hash
0aebffa6bbb4a8b990c19719e7e8655a
ca3917e5696936bb00f3b7874597bc42def433d4
0d8cb25dbd947ea69d579ca0e267209f137f4f63e33ffc88fe383b44431ee0e7

HTTP Headers

GET /siemens.ziftsolutions.com/js/ff8081815ca9992a015cc0e672466cab HTTP/1.1
Host: widgets.ziftsolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sites.ziftsolutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript;charset=UTF-8
date: Thu, 27 Mar 2025 02:21:07 GMT
last-modified: Fri, 24 Jan 2020 14:51:24 GMT
content-encoding: gzip
cache-control: no-cache
x-amz-version-id: null
x-amz-meta-channel-marketing-service: Zift Solutions
server: AmazonS3
etag: W/"0aebffa6bbb4a8b990c19719e7e8655a"
vary: accept-encoding
x-cache: Miss from cloudfront
via: 1.1 2afd697fc5d0058ea30d6c4b939e714c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: LNQspowbhGnqP2mIb4aPJxMQCwcVCDRg8tcimUgFTIl8has6V8SJEA==
X-Firefox-Spdy: h2

GET analytics.ziftsolutions.com/trk/v?id=ff8081815ca9992a015cc0e672466cab&clid=8a104ee650d22d330150d92aad9c710e&u=null&ekey=&p=ff8081815c617025015c694654b24470&uuid_holder=zt_W73OFHIE&fr=true&refurl=

0.0.0.0

0 B

URL GET
analytics.ziftsolutions.com/trk/v?id=ff8081815ca9992a015cc0e672466cab&clid=8a104ee650d22d330150d92aad9c710e&u=null&ekey=&p=ff8081815c617025015c694654b24470&uuid_holder=zt_W73OFHIE&fr=true&refurl=
IP
0.0.0.0:0
ASN
#0

Requested by
https://sites.ziftsolutions.com/siemens.ziftsolutions.com/ff8081815ca9992a015cc0e672466cab?cid=8a9982a96d2b95e1016d3b241df85937&url=https://authswedloginpilot.s3.eu-north-1.amazonaws.com/M365auth.html
Certificate
IssuerAmazon
Subject*.ziftsolutions.com
Fingerprint54:C1:13:C0:65:AB:9A:EB:D5:80:06:E0:AE:12:09:55:A4:1C:68:0B
ValiditySun, 16 Jun 2024 00:00:00 GMT - Tue, 15 Jul 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /trk/v?id=ff8081815ca9992a015cc0e672466cab&clid=8a104ee650d22d330150d92aad9c710e&u=null&ekey=&p=ff8081815c617025015c694654b24470&uuid_holder=zt_W73OFHIE&fr=true&refurl= HTTP/1.1
Host: analytics.ziftsolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sites.ziftsolutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

GET authswedloginpilot.s3.eu-north-1.amazonaws.com/favicon.ico

16.12.9.46

403 Forbidden

243 B

URL GET
authswedloginpilot.s3.eu-north-1.amazonaws.com/favicon.ico
IP
16.12.9.46:443
ASN
#16509 AMAZON-02

Requested by
https://authswedloginpilot.s3.eu-north-1.amazonaws.com/M365auth.html
Certificate
IssuerAmazon
Subject*.s3.eu-north-1.amazonaws.com
Fingerprint6C:8C:0B:8C:94:37:65:0A:68:79:B3:ED:BF:DC:F0:C9:CD:BE:A4:DD
ValidityMon, 10 Mar 2025 00:00:00 GMT - Tue, 17 Feb 2026 23:59:59 GMT

File type
XML document, ASCII text, with no line terminators
Size
243 B (243 bytes)
Hash
058fe97c25e1602bd2ddb2f17a8a95a0
cd83e1f5264d468e7a144709fc0e5300fab93673
f6256e5c8ceaa0f15990d181288c9c24a0dd87218975aa5a14786bcfc403a5bb

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: authswedloginpilot.s3.eu-north-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://authswedloginpilot.s3.eu-north-1.amazonaws.com/M365auth.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
x-amz-request-id: GANB6GW9WZ40MX6K
x-amz-id-2: pr9nWmA8YE/IwJUoc0LFCVyc0bFb6iz9pkm3APkQtcVhYPzX/25SmFmqW11J1UNBJQzXmy4bsaY=
Content-Type: application/xml
Transfer-Encoding: chunked
Date: Thu, 27 Mar 2025 02:21:07 GMT
Server: AmazonS3

GET code.jquery.com/jquery-3.6.0.min.js

151.101.130.137

200 OK

90 kB

URL GET
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.130.137:443
ASN
#54113 FASTLY

Requested by
https://4dey.aleonanob.ru/CqUns/#Dtest123@gmail.com
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
90 kB (89501 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4dey.aleonanob.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 27 Mar 2025 02:21:17 GMT
age: 4283734
x-served-by: cache-lga21931-LGA, cache-hel1410020-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 956467
x-timer: S1743042077.059132,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.35

200 OK

15 kB

URL GET
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://4dey.aleonanob.ru/CqUns/#Dtest123@gmail.com
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint63:D6:50:6F:98:C5:59:D1:5A:FF:9D:8D:C3:C1:04:A1:B9:1A:3E:6B
ValidityMon, 10 Mar 2025 08:37:01 GMT - Mon, 02 Jun 2025 08:37:00 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
Size
15 kB (15344 bytes)
Hash
5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

HTTP Headers

GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://4dey.aleonanob.ru
DNT: 1
Connection: keep-alive
Referer: https://4dey.aleonanob.ru/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 20 Mar 2025 09:35:39 GMT
expires: Fri, 20 Mar 2026 09:35:39 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
age: 578738
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET sites.ziftsolutions.com/siemens.ziftsolutions.com/ff8081815ca9992a015cc0e672466cab?cid=8a9982a96d2b95e1016d3b241df85937&url=https://authswedloginpilot.s3.eu-north-1.amazonaws.com/M365auth.html

54.240.174.8

200 OK

544 B

URL User Request GET
sites.ziftsolutions.com/siemens.ziftsolutions.com/ff8081815ca9992a015cc0e672466cab?cid=8a9982a96d2b95e1016d3b241df85937&url=https://authswedloginpilot.s3.eu-north-1.amazonaws.com/M365auth.html
IP
54.240.174.8:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subject*.ziftsolutions.com
Fingerprint54:C1:13:C0:65:AB:9A:EB:D5:80:06:E0:AE:12:09:55:A4:1C:68:0B
ValiditySun, 16 Jun 2024 00:00:00 GMT - Tue, 15 Jul 2025 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (557), with no line terminators
Size
544 B (544 bytes)
Hash
d5b56cbe95d7f6972cd524cf7d167649
9a96633046a969ae77fdaaa10991944659f7e46a
7c4b04a2fbac6e7eca760a113aeed1ffe8a875f0c3eeff3df03150d987d4924a

HTTP Headers

GET /siemens.ziftsolutions.com/ff8081815ca9992a015cc0e672466cab?cid=8a9982a96d2b95e1016d3b241df85937&url=https://authswedloginpilot.s3.eu-north-1.amazonaws.com/M365auth.html HTTP/1.1
Host: sites.ziftsolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html;charset=UTF-8
content-length: 544
last-modified: Fri, 24 Jan 2020 14:51:24 GMT
x-amz-version-id: null
x-amz-meta-channel-marketing-service: Zift Solutions
accept-ranges: bytes
server: AmazonS3
date: Thu, 27 Mar 2025 02:21:06 GMT
cache-control: no-cache
etag: "c0febe82f931d275f40fee9b60ffca7e"
vary: accept-encoding
x-cache: RefreshHit from cloudfront
via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: 7Xu881jDrgZ5rWqYOunstKReYmwuPyO0akasUQhn7-VRnDT21PWc8g==
X-Firefox-Spdy: h2

GET siemens.ziftsolutions.com/uuid/v?s=https%3A%2F%2Fdynamic.ziftsolutions.com%2Fsiemens.ziftsolutions.com%2Fff8081815c617025015c694654b24470%2F

54.240.174.103

200 OK

0 B

URL GET
siemens.ziftsolutions.com/uuid/v?s=https%3A%2F%2Fdynamic.ziftsolutions.com%2Fsiemens.ziftsolutions.com%2Fff8081815c617025015c694654b24470%2F
IP
54.240.174.103:443
ASN
#16509 AMAZON-02

Requested by
https://sites.ziftsolutions.com/siemens.ziftsolutions.com/ff8081815ca9992a015cc0e672466cab?cid=8a9982a96d2b95e1016d3b241df85937&url=https://authswedloginpilot.s3.eu-north-1.amazonaws.com/M365auth.html
Certificate
IssuerAmazon
Subject*.ziftsolutions.com
Fingerprint54:C1:13:C0:65:AB:9A:EB:D5:80:06:E0:AE:12:09:55:A4:1C:68:0B
ValiditySun, 16 Jun 2024 00:00:00 GMT - Tue, 15 Jul 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uuid/v?s=https%3A%2F%2Fdynamic.ziftsolutions.com%2Fsiemens.ziftsolutions.com%2Fff8081815c617025015c694654b24470%2F HTTP/1.1
Host: siemens.ziftsolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sites.ziftsolutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript;charset=ISO-8859-1
date: Thu, 27 Mar 2025 02:21:06 GMT
set-cookie: AWSALB=CKO8S/2BcEsMgZZW3dvHvuOzPcwG+FK9CkdYwX20FWNp6FP+3VSOf5XWOCWFSfkI3/cpXstAalG2RACy4kvcESDDWcokz59n4cJpZpGZB8rvTcfMmH3cj8O5HsaW; Expires=Thu, 03 Apr 2025 02:21:06 GMT; Path=/
AWSALBCORS=CKO8S/2BcEsMgZZW3dvHvuOzPcwG+FK9CkdYwX20FWNp6FP+3VSOf5XWOCWFSfkI3/cpXstAalG2RACy4kvcESDDWcokz59n4cJpZpGZB8rvTcfMmH3cj8O5HsaW; Expires=Thu, 03 Apr 2025 02:21:06 GMT; Path=/; SameSite=None; Secure
JSESSIONID=37CA11900659326165AF0E344D6898ED; Path=/; Secure; HttpOnly; SameSite=none; Secure
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
server: Application Server
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
vary: Origin
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-security-policy: upgrade-insecure-requests; default-src 'self' *.feature-1.ziftsolutions.com *.feature-1.ziftone.com *.feature-1.zift123.com *.feature-1.ziftmarcom.com ziftsolutions.ccindex.cn *.eu.ziftsolutions.com *.eu.ziftone.com *.eu.zift123.com *.eu.ziftmarcom.com *.ziftsolutions.com *.staging.ziftone.com *.ziftone.com *.google-analytics.com *.wistia.com *.wistia.net blob: ; img-src 'self' https: https://*.trychameleon.com https://*.chmln-cdn.com https: ziftsolutions.ccindex.cn *.feature-1.ziftsolutions.com *.feature-1.ziftone.com *.feature-1.zift123.com *.feature-1.ziftmarcom.com *.eu.ziftsolutions.com *.eu.ziftone.com *.eu.zift123.com *.eu.ziftmarcom.com  *.ziftsolutions.com s3.amazonaws.com *.google-analytics.com *.wistia.com *.wistia.net data: blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://*.trychameleon.com checkout.stripe.com *.feature-1.ziftsolutions.com *.feature-1.ziftone.com *.feature-1.zift123.com *.feature-1.ziftmarcom.com *.eu.ziftsolutions.com *.eu.ziftone.com *.eu.zift123.com *.eu.ziftmarcom.com *.ziftsolutions.com *.ziftone.com *.getbee.io *.googleapis.com *.google-analytics.com *.zdassets.com *.googletagmanager.com *.google.com *.pendo.io browser-update.org static.zdassets.com s3.amazonaws.com *.zopim.com *.churnzero.net *.marketo.com *.wistia.com *.wistia.net data: ; connect-src 'self' https: wss://grid.meya.ai wss://partnerapps.eu.qlikcloud.com https://*.trychameleon.com *.feature-1.ziftsolutions.com *.feature-1.ziftone.com *.feature-1.zift123.com *.feature-1.ziftmarcom.com ziftsolutions.ccindex.cn *.eu.ziftsolutions.com *.eu.ziftone.com *.eu.zift123.com *.eu.ziftmarcom.com *.ziftsolutions.com *.ziftone.com *.zift123.com *.zendesk.com *.zdassets.com *.zopim.com wss://widget-mediator.zopim.com *.churnzero.net *.getbee.io *.google-analytics.com *.wistia.com *.wistia.net *.litix.io data: ; style-src 'self' 'unsafe-inline' blob: https: fast.wistia.com https://*.trychameleon.com; font-src 'self' https: https://*.chmln-cdn.com fast.wistia.com fast.wistia.net https://*.chmln-cdn.com data:; media-src 'self' https: ziftsolutions.ccindex.cn *.feature-1.ziftsolutions.com *.feature-1.ziftone.com *.feature-1.zift123.com *.feature-1.ziftmarcom.com *.eu.ziftsolutions.com *.eu.ziftone.com *.eu.zift123.com *.eu.ziftmarcom.com *.ziftsolutions.com *.zift123.com *.ziftone.com *.looker.com *.ziftmarcom.com *.lenovo.com *.wistia.com *.wistia.net blob: data: ; object-src 'self' https: *.feature-1.ziftsolutions.com *.feature-1.ziftone.com *.feature-1.zift123.com *.feature-1.ziftmarcom.com *.eu.ziftsolutions.com *.eu.ziftone.com *.eu.zift123.com *.eu.ziftmarcom.com *.ziftsolutions.com *.zift123.com *.ziftone.com *.looker.com *.ziftmarcom.com; frame-src 'self' https: https://*.trychameleon.com https://*.trychameleon.com https://*.chmln-cdn.com *.onserro.com *.onserrodemo.com ziftsolutions.ccindex.cn *.feature-1.ziftsolutions.com *.feature-1.ziftone.com *.feature-1.zift123.com *.feature-1.ziftmarcom.com *.eu.ziftsolutions.com *.eu.ziftone.com *.eu.zift123.com *.eu.ziftmarcom.com *.ziftsolutions.com *.zift123.com *.staging.ziftone.com *.ziftone.com *.looker.com *.ziftmarcom.com *.getbee.io *.getbee.com; frame-ancestors 'self' https: *.onserro.com *.onserrodemo.com ziftsolutions.ccindex.cn *.feature-1.ziftsolutions.com *.feature-1.ziftone.com *.feature-1.zift123.com *.feature-1.ziftmarcom.com *.eu.ziftsolutions.com *.eu.ziftone.com *.eu.zift123.com *.eu.ziftmarcom.com *.ziftsolutions.com *.zift123.com *.ziftone.com *.looker.com *.ziftmarcom.com www.sandlerportalmarketing.com https://transform.cisco.com https://transform.cisco.com https://*.lookbookhq.com https://*.pathfactory.com https://*.lookbookhq.com https://*.pathfactory.com; worker-src 'self' blob: ;
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: GKklsI5h6pCOSbrNpaF8oOetEAgBxH4aOIaXlIlHt6h_7waKMnOCOQ==
X-Firefox-Spdy: h2

GET code.jquery.com/jquery-3.6.0.min.js

151.101.130.137

200 OK

90 kB

URL GET
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.130.137:443
ASN
#54113 FASTLY

Requested by
https://4dey.aleonanob.ru/vqnkkbvlxcdqixxsjfwcvgK35LYSJQ4CGGHF6N6VZRUZB9S4QSD?MVXGIAVGCVXYGOOCWVOVGCUXBOWNSX
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
90 kB (89501 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4dey.aleonanob.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 27 Mar 2025 02:21:25 GMT
age: 4283743
x-served-by: cache-lga21931-LGA, cache-hel1410020-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 956473
x-timer: S1743042086.625847,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

GET sites.ziftsolutions.com/favicon.ico

0.0.0.0

0 B

URL GET
sites.ziftsolutions.com/favicon.ico
IP
0.0.0.0:0
ASN
#0

Requested by
https://sites.ziftsolutions.com/siemens.ziftsolutions.com/ff8081815ca9992a015cc0e672466cab?cid=8a9982a96d2b95e1016d3b241df85937&url=https://authswedloginpilot.s3.eu-north-1.amazonaws.com/M365auth.html
Certificate
IssuerAmazon
Subject*.ziftsolutions.com
Fingerprint54:C1:13:C0:65:AB:9A:EB:D5:80:06:E0:AE:12:09:55:A4:1C:68:0B
ValiditySun, 16 Jun 2024 00:00:00 GMT - Tue, 15 Jul 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: sites.ziftsolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sites.ziftsolutions.com/siemens.ziftsolutions.com/ff8081815ca9992a015cc0e672466cab?cid=8a9982a96d2b95e1016d3b241df85937&url=https://authswedloginpilot.s3.eu-north-1.amazonaws.com/M365auth.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

GET analytics.ziftsolutions.com/trk/c?id=ff8081815ca9992a015cc0e672466cab&clid=8a104ee650d22d330150d92aad9c710e&u=null&ekey=&p=ff8081815c617025015c694654b24470&uuid_holder=zt_W73OFHIE&url=https%3A//authswedloginpilot.s3.eu-north-1.amazonaws.com/M365auth.html&refurl=&random=0.36477931876078007

0.0.0.0

0 B

URL GET
analytics.ziftsolutions.com/trk/c?id=ff8081815ca9992a015cc0e672466cab&clid=8a104ee650d22d330150d92aad9c710e&u=null&ekey=&p=ff8081815c617025015c694654b24470&uuid_holder=zt_W73OFHIE&url=https%3A//authswedloginpilot.s3.eu-north-1.amazonaws.com/M365auth.html&refurl=&random=0.36477931876078007
IP
0.0.0.0:0
ASN
#0

Requested by
https://sites.ziftsolutions.com/siemens.ziftsolutions.com/ff8081815ca9992a015cc0e672466cab?cid=8a9982a96d2b95e1016d3b241df85937&url=https://authswedloginpilot.s3.eu-north-1.amazonaws.com/M365auth.html
Certificate
IssuerAmazon
Subject*.ziftsolutions.com
Fingerprint54:C1:13:C0:65:AB:9A:EB:D5:80:06:E0:AE:12:09:55:A4:1C:68:0B
ValiditySun, 16 Jun 2024 00:00:00 GMT - Tue, 15 Jul 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /trk/c?id=ff8081815ca9992a015cc0e672466cab&clid=8a104ee650d22d330150d92aad9c710e&u=null&ekey=&p=ff8081815c617025015c694654b24470&uuid_holder=zt_W73OFHIE&url=https%3A//authswedloginpilot.s3.eu-north-1.amazonaws.com/M365auth.html&refurl=&random=0.36477931876078007 HTTP/1.1
Host: analytics.ziftsolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sites.ziftsolutions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

GET 4dey.aleonanob.ru/CqUns/#Dtest123@gmail.com

188.114.97.1

200 OK

1.1 MB

URL User Request GET
4dey.aleonanob.ru/CqUns/#Dtest123@gmail.com
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectaleonanob.ru
Fingerprint0C:7F:10:2B:50:12:01:9E:8B:85:46:BF:AD:CF:E3:46:5B:86:E9:63
ValiditySun, 09 Feb 2025 23:59:18 GMT - Sun, 11 May 2025 00:55:54 GMT

File type
HTML document, ASCII text, with very long lines (65364)
Size
1.1 MB (1087715 bytes)
Hash
f01542393b73282b046414642a4c0270
9163c92c552cef7f5b3dd86f4da92d265dcb1749
3e44fc5746999c5e566d00ffe0bff38c61f9bb10bd81991c9993dd5a0d636e2d

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Anti-debugging code
urlquery	phishing	Phishing - Tycoon Phishing Kit
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /CqUns/ HTTP/1.1
Host: 4dey.aleonanob.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://authswedloginpilot.s3.eu-north-1.amazonaws.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 27 Mar 2025 02:21:16 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=weqJi10pc8TGDTUZ0yZHcGMjekolF1NLXsQ4MVBbNsTtQBI8qSh1GgyG4v%2FIVGsWi9Y5DiYrZgqgduD9DwgqxR5Ih%2BOMo%2Bd3VmjnWeP8Uo5QPEPawKUvk8fuM0cH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: XSRF-TOKEN=eyJpdiI6IkVSQ3FWaG4vcThKVXpBemNvUHJxYnc9PSIsInZhbHVlIjoidUdxYVRiL1JrT2VPdE5CbVlZbjlXSU5KVlNHb1VTWEFaSkRyUmNYb2c3d3dHR3JNSWRucmRtL3dUcENZUSs1TThncDhhSHJTTitKV2NWaHk0TWFnZHMyWXNpcUtBTko1dU1kNVU0RkdGbTcxUXZnSEFKQlEreEdVN1I0ZHpwalUiLCJtYWMiOiJlY2IwMzNlZWFhNTZiNWM1ZDhlNTYwOGM2MjdiMmVmODg5MGUzZTU0M2I5NmJiMDRlOTU3NDEyNjg3YWM3ZGVhIiwidGFnIjoiIn0%3D; expires=Thu, 27-Mar-2025 04:21:15 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IjV3N0F5ZkRRbXhHa1hpQnc2YzZ0MVE9PSIsInZhbHVlIjoiKzd6SEMxVHZZSGFuTHNaWjRhaUwxYTNkWENrYjFNZzIyNXJaUmVTcmVGR2hpRldhMTc4bWxXVVg5dzlXRVIyUGkwQXN0Wi9JRTlMQXYxWnBvbnI2U1U2aXlRY0kvM3hlQ2NTNElGOW1CWTh0Uk90Y1ZWK2JHbC9MdFJLOGdSYlIiLCJtYWMiOiIxYWY2ZDIxMmQyNjcyZmRmNzQ4NTUxYTA4NTE4NTc0N2VhOWRhMWFiYTFiNzJmNTc0Y2FmOGFlNDUzOWY3NGZmIiwidGFnIjoiIn0%3D; expires=Thu, 27-Mar-2025 04:21:15 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
server: cloudflare
cf-ray: 926b69cc1c15b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=10136&min_rtt=10062&rtt_var=3826&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2825&recv_bytes=1486&delivery_rate=283045&cwnd=58&unsent_bytes=0&cid=36d29292dd5c9b4b&ts=371&x=0", cfL4;desc="?proto=TCP&rtt=6363&min_rtt=437&rtt_var=11809&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3202&recv_bytes=1188&delivery_rate=6493273&cwnd=251&unsent_bytes=0&cid=abd6271a601f0948&ts=735&x=0"
X-Firefox-Spdy: h2

GET 4dey.aleonanob.ru/favicon.ico

188.114.97.1

404 Not Found

0 B

URL GET
4dey.aleonanob.ru/favicon.ico
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://4dey.aleonanob.ru/CqUns/#Dtest123@gmail.com
Certificate
IssuerGoogle Trust Services
Subjectaleonanob.ru
Fingerprint0C:7F:10:2B:50:12:01:9E:8B:85:46:BF:AD:CF:E3:46:5B:86:E9:63
ValiditySun, 09 Feb 2025 23:59:18 GMT - Sun, 11 May 2025 00:55:54 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Tycoon Phishing Kit
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 4dey.aleonanob.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4dey.aleonanob.ru/CqUns/
Cookie: XSRF-TOKEN=eyJpdiI6IkVSQ3FWaG4vcThKVXpBemNvUHJxYnc9PSIsInZhbHVlIjoidUdxYVRiL1JrT2VPdE5CbVlZbjlXSU5KVlNHb1VTWEFaSkRyUmNYb2c3d3dHR3JNSWRucmRtL3dUcENZUSs1TThncDhhSHJTTitKV2NWaHk0TWFnZHMyWXNpcUtBTko1dU1kNVU0RkdGbTcxUXZnSEFKQlEreEdVN1I0ZHpwalUiLCJtYWMiOiJlY2IwMzNlZWFhNTZiNWM1ZDhlNTYwOGM2MjdiMmVmODg5MGUzZTU0M2I5NmJiMDRlOTU3NDEyNjg3YWM3ZGVhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjV3N0F5ZkRRbXhHa1hpQnc2YzZ0MVE9PSIsInZhbHVlIjoiKzd6SEMxVHZZSGFuTHNaWjRhaUwxYTNkWENrYjFNZzIyNXJaUmVTcmVGR2hpRldhMTc4bWxXVVg5dzlXRVIyUGkwQXN0Wi9JRTlMQXYxWnBvbnI2U1U2aXlRY0kvM3hlQ2NTNElGOW1CWTh0Uk90Y1ZWK2JHbC9MdFJLOGdSYlIiLCJtYWMiOiIxYWY2ZDIxMmQyNjcyZmRmNzQ4NTUxYTA4NTE4NTc0N2VhOWRhMWFiYTFiNzJmNTc0Y2FmOGFlNDUzOWY3NGZmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Thu, 27 Mar 2025 02:21:18 GMT
content-type: text/html; charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hf7bB%2Fdp%2BxukQ2i8rzyYovKD1Vj4So1Uy3oN8ddRGkJVnmRGC%2B5vtWnSoMoXNqxQBiBWWEu31eZ3pU3Cb66bBivDjPkLSMI4SUHnA5QLN3P5xLedT7jASFCvB1xB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=6,i=?0
server: cloudflare
cf-ray: 926b69d7af1e7130-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=44687&min_rtt=44582&rtt_var=16793&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2099&delivery_rate=63882&cwnd=91&unsent_bytes=0&cid=039a1a41dfc3d54a&ts=399&x=0", cfL4;desc="?proto=QUIC&rtt=4178&min_rtt=1367&rtt_var=2520&sent=13&recv=8&lost=0&retrans=0&sent_bytes=4151&recv_bytes=1798&delivery_rate=434489&cwnd=12000&unsent_bytes=0&cid=43e4345291b0476c&ts=1944&x=1", cfExtPri, cfHdrFlush;dur=0

GET code.jquery.com/jquery-3.6.0.min.js

151.101.130.137

200 OK

90 kB

URL GET
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.130.137:443
ASN
#54113 FASTLY

Requested by
https://4dey.aleonanob.ru/CqUns/#Dtest123@gmail.com
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
90 kB (89501 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4dey.aleonanob.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 27 Mar 2025 02:21:24 GMT
age: 4283741
x-served-by: cache-lga21931-LGA, cache-hel1410020-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 956471
x-timer: S1743042084.017364,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (25)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML